ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 22

List of questions

Question 211

Report Export Collapse

If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

default gateway.
default gateway.
attacker's address.
attacker's address.
local interface being attacked.
local interface being attacked.
specified source address.
specified source address.
Suggested answer: D
asked 18/09/2024
Arnold Bronson TCHOFFO
52 questions

Question 212

Report Export Collapse

According to best practice, which of the following is required when implementing third party software in a production environment?

Scan the application for vulnerabilities
Scan the application for vulnerabilities
Contract the vendor for patching
Contract the vendor for patching
Negotiate end user application training
Negotiate end user application training
Escrow a copy of the software
Escrow a copy of the software
Suggested answer: A
asked 18/09/2024
christopher patrick
33 questions

Question 213

Report Export Collapse

Which of the following is the BEST solution to provide redundancy for telecommunications links?

Provide multiple links from the same telecommunications vendor.
Provide multiple links from the same telecommunications vendor.
Ensure that the telecommunications links connect to the network in one location.
Ensure that the telecommunications links connect to the network in one location.
Ensure that the telecommunications links connect to the network in multiple locations.
Ensure that the telecommunications links connect to the network in multiple locations.
Provide multiple links from multiple telecommunications vendors.
Provide multiple links from multiple telecommunications vendors.
Suggested answer: D
asked 18/09/2024
Ian Lloyd
42 questions

Question 214

Report Export Collapse

The amount of data that will be collected during an audit is PRIMARILY determined by the.

audit scope.
audit scope.
auditor's experience level.
auditor's experience level.
availability of the data.
availability of the data.
integrity of the data.
integrity of the data.
Suggested answer: A
asked 18/09/2024
TienYai Ho
40 questions

Question 215

Report Export Collapse

Which of the following are required components for implementing software configuration management systems?

Audit control and signoff
Audit control and signoff
User training and acceptance
User training and acceptance
Rollback and recovery processes
Rollback and recovery processes
Regression testing and evaluation
Regression testing and evaluation
Suggested answer: C
asked 18/09/2024
Pavol Adamcin
38 questions

Question 216

Report Export Collapse

For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

Hash functions
Hash functions
Data segregation
Data segregation
File system permissions
File system permissions
Non-repudiation controls
Non-repudiation controls
Suggested answer: B
asked 18/09/2024
Ahmad Zaher Al Ojaili
40 questions

Question 217

Report Export Collapse

Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Two-factor authentication
Two-factor authentication
Digital certificates and hardware tokens
Digital certificates and hardware tokens
Timed sessions and Secure Socket Layer (SSL)
Timed sessions and Secure Socket Layer (SSL)
Passwords with alpha-numeric and special characters
Passwords with alpha-numeric and special characters
Suggested answer: C
asked 18/09/2024
Praveen Achankunju
49 questions

Question 218

Report Export Collapse

What is the BEST method to detect the most common improper initialization problems in programming languages?

Use and specify a strong character encoding.
Use and specify a strong character encoding.
Use automated static analysis tools that target this type of weakness.
Use automated static analysis tools that target this type of weakness.
Perform input validation on any numeric inputs by assuring that they are within the expected range.
Perform input validation on any numeric inputs by assuring that they are within the expected range.
Use data flow analysis to minimize the number of false positives.
Use data flow analysis to minimize the number of false positives.
Suggested answer: B
asked 18/09/2024
Gabriel Pereira Dias
41 questions

Question 219

Report Export Collapse

During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

The procurement officer lacks technical knowledge.
The procurement officer lacks technical knowledge.
The security requirements have changed during the procurement process.
The security requirements have changed during the procurement process.
There were no security professionals in the vendor's bidding team.
There were no security professionals in the vendor's bidding team.
The description of the security requirements was insufficient.
The description of the security requirements was insufficient.
Suggested answer: D
asked 18/09/2024
Aldrin Plata
44 questions

Question 220

Report Export Collapse

Which of the following is required to determine classification and ownership?

System and data resources are properly identified
System and data resources are properly identified
Access violations are logged and audited
Access violations are logged and audited
Data file references are identified and linked
Data file references are identified and linked
System security controls are fully integrated
System security controls are fully integrated
Suggested answer: A
asked 18/09/2024
Muhammad Imran Khan
38 questions
Total 1.482 questions
Go to page: of 149
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?