ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 23

List of questions

Question 221

Report Export Collapse

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
Use Secure Sockets Layer (SSL) VPN technology.
Use Secure Sockets Layer (SSL) VPN technology.
Use Secure Shell (SSH) with public/private keys.
Use Secure Shell (SSH) with public/private keys.
Require students to purchase home router capable of VPN.
Require students to purchase home router capable of VPN.
Suggested answer: B
asked 18/09/2024
Ridwan Sulaiman
40 questions

Question 222

Report Export Collapse

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

The inherent risk is greater than the residual risk.
The inherent risk is greater than the residual risk.
The Annualized Loss Expectancy (ALE) approaches zero.
The Annualized Loss Expectancy (ALE) approaches zero.
The expected loss from the risk exceeds mitigation costs.
The expected loss from the risk exceeds mitigation costs.
The infrastructure budget can easily cover the upgrade costs.
The infrastructure budget can easily cover the upgrade costs.
Suggested answer: C
asked 18/09/2024
Rodrigo Serrano dos Santos
39 questions

Question 223

Report Export Collapse

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are

BEST described as

least privilege.
least privilege.
rule based access controls.
rule based access controls.
Mandatory Access Control (MAC).
Mandatory Access Control (MAC).
separation of duties.
separation of duties.
Suggested answer: D
asked 18/09/2024
Istvan Molnar
35 questions

Question 224

Report Export Collapse

What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Brute force attack
Brute force attack
Frequency analysis
Frequency analysis
Social engineering
Social engineering
Dictionary attack
Dictionary attack
Suggested answer: C
asked 18/09/2024
Marcel Engelbrecht
48 questions

Question 225

Report Export Collapse

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

A lack of baseline standards
A lack of baseline standards
Improper documentation of security guidelines
Improper documentation of security guidelines
A poorly designed security policy communication program
A poorly designed security policy communication program
Host-based Intrusion Prevention System (HIPS) policies are ineffective
Host-based Intrusion Prevention System (HIPS) policies are ineffective
Suggested answer: A
asked 18/09/2024
Biji Abraham
43 questions

Question 226

Report Export Collapse

Which of the following is the BEST countermeasure to brute force login attacks?

Changing all canonical passwords
Changing all canonical passwords
Decreasing the number of concurrent user sessions
Decreasing the number of concurrent user sessions
Restricting initial password delivery only in person
Restricting initial password delivery only in person
Introducing a delay after failed system access attempts
Introducing a delay after failed system access attempts
Suggested answer: D
asked 18/09/2024
Dusan Munjiza
52 questions

Question 227

Report Export Collapse

A Business Continuity Plan (BCP) is based on

the policy and procedures manual.
the policy and procedures manual.
an existing BCP from a similar organization.
an existing BCP from a similar organization.
a review of the business processes and procedures.
a review of the business processes and procedures.
a standard checklist of required items and objectives.
a standard checklist of required items and objectives.
Suggested answer: D
asked 18/09/2024
Kaung Zaw Tun
38 questions

Question 228

Report Export Collapse

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Temporal Key Integrity Protocol (TKIP)
Temporal Key Integrity Protocol (TKIP)
Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)
Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)
Wi-Fi Protected Access 2 (WPA2) Enterprise
Wi-Fi Protected Access 2 (WPA2) Enterprise
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Suggested answer: C
asked 18/09/2024
Tolga Kesici
50 questions

Question 229

Report Export Collapse

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Spoofing
Spoofing
Eavesdropping
Eavesdropping
Man-in-the-middle
Man-in-the-middle
Denial of service
Denial of service
Suggested answer: C
asked 18/09/2024
David Hill
36 questions

Question 230

Report Export Collapse

Which of the following is the MOST effective attack against cryptographic hardware modules?

Plaintext
Plaintext
Brute force
Brute force
Power analysis
Power analysis
Man-in-the-middle (MITM)
Man-in-the-middle (MITM)
Suggested answer: C
asked 18/09/2024
Craig Reid
38 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?