ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 22

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 211

Report
Export
Collapse

If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

A.
default gateway.
A.
default gateway.
Answers
B.
attacker's address.
B.
attacker's address.
Answers
C.
local interface being attacked.
C.
local interface being attacked.
Answers
D.
specified source address.
D.
specified source address.
Answers
Suggested answer: D

Question 212

Report
Export
Collapse

According to best practice, which of the following is required when implementing third party software in a production environment?

A.
Scan the application for vulnerabilities
A.
Scan the application for vulnerabilities
Answers
B.
Contract the vendor for patching
B.
Contract the vendor for patching
Answers
C.
Negotiate end user application training
C.
Negotiate end user application training
Answers
D.
Escrow a copy of the software
D.
Escrow a copy of the software
Answers
Suggested answer: A

Question 213

Report
Export
Collapse

Which of the following is the BEST solution to provide redundancy for telecommunications links?

A.
Provide multiple links from the same telecommunications vendor.
A.
Provide multiple links from the same telecommunications vendor.
Answers
B.
Ensure that the telecommunications links connect to the network in one location.
B.
Ensure that the telecommunications links connect to the network in one location.
Answers
C.
Ensure that the telecommunications links connect to the network in multiple locations.
C.
Ensure that the telecommunications links connect to the network in multiple locations.
Answers
D.
Provide multiple links from multiple telecommunications vendors.
D.
Provide multiple links from multiple telecommunications vendors.
Answers
Suggested answer: D

Question 214

Report
Export
Collapse

The amount of data that will be collected during an audit is PRIMARILY determined by the.

A.
audit scope.
A.
audit scope.
Answers
B.
auditor's experience level.
B.
auditor's experience level.
Answers
C.
availability of the data.
C.
availability of the data.
Answers
D.
integrity of the data.
D.
integrity of the data.
Answers
Suggested answer: A

Question 215

Report
Export
Collapse

Which of the following are required components for implementing software configuration management systems?

A.
Audit control and signoff
A.
Audit control and signoff
Answers
B.
User training and acceptance
B.
User training and acceptance
Answers
C.
Rollback and recovery processes
C.
Rollback and recovery processes
Answers
D.
Regression testing and evaluation
D.
Regression testing and evaluation
Answers
Suggested answer: C

Question 216

Report
Export
Collapse

For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

A.
Hash functions
A.
Hash functions
Answers
B.
Data segregation
B.
Data segregation
Answers
C.
File system permissions
C.
File system permissions
Answers
D.
Non-repudiation controls
D.
Non-repudiation controls
Answers
Suggested answer: B

Question 217

Report
Export
Collapse

Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

A.
Two-factor authentication
A.
Two-factor authentication
Answers
B.
Digital certificates and hardware tokens
B.
Digital certificates and hardware tokens
Answers
C.
Timed sessions and Secure Socket Layer (SSL)
C.
Timed sessions and Secure Socket Layer (SSL)
Answers
D.
Passwords with alpha-numeric and special characters
D.
Passwords with alpha-numeric and special characters
Answers
Suggested answer: C

Question 218

Report
Export
Collapse

What is the BEST method to detect the most common improper initialization problems in programming languages?

A.
Use and specify a strong character encoding.
A.
Use and specify a strong character encoding.
Answers
B.
Use automated static analysis tools that target this type of weakness.
B.
Use automated static analysis tools that target this type of weakness.
Answers
C.
Perform input validation on any numeric inputs by assuring that they are within the expected range.
C.
Perform input validation on any numeric inputs by assuring that they are within the expected range.
Answers
D.
Use data flow analysis to minimize the number of false positives.
D.
Use data flow analysis to minimize the number of false positives.
Answers
Suggested answer: B

Question 219

Report
Export
Collapse

During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

A.
The procurement officer lacks technical knowledge.
A.
The procurement officer lacks technical knowledge.
Answers
B.
The security requirements have changed during the procurement process.
B.
The security requirements have changed during the procurement process.
Answers
C.
There were no security professionals in the vendor's bidding team.
C.
There were no security professionals in the vendor's bidding team.
Answers
D.
The description of the security requirements was insufficient.
D.
The description of the security requirements was insufficient.
Answers
Suggested answer: D

Question 220

Report
Export
Collapse

Which of the following is required to determine classification and ownership?

A.
System and data resources are properly identified
A.
System and data resources are properly identified
Answers
B.
Access violations are logged and audited
B.
Access violations are logged and audited
Answers
C.
Data file references are identified and linked
C.
Data file references are identified and linked
Answers
D.
System security controls are fully integrated
D.
System security controls are fully integrated
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms