ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 251

Report
Export
Collapse

Which item below is a federated identity standard?

A.
802.11i
A.
802.11i
Answers
B.
Kerberos
B.
Kerberos
Answers
C.
Lightweight Directory Access Protocol (LDAP)
C.
Lightweight Directory Access Protocol (LDAP)
Answers
D.
Security Assertion Markup Language (SAML)
D.
Security Assertion Markup Language (SAML)
Answers
Suggested answer: D

Question 252

Report
Export
Collapse

What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

A.
Some users are not provisioned into the service.
A.
Some users are not provisioned into the service.
Answers
B.
SAML tokens are provided by the on-premise identity provider.
B.
SAML tokens are provided by the on-premise identity provider.
Answers
C.
Single users cannot be revoked from the service.
C.
Single users cannot be revoked from the service.
Answers
D.
SAML tokens contain user information.
D.
SAML tokens contain user information.
Answers
Suggested answer: A

Question 253

Report
Export
Collapse

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

A.
Removing employee's full access to the computer
A.
Removing employee's full access to the computer
Answers
B.
Supervising their child's use of the computer
B.
Supervising their child's use of the computer
Answers
C.
Limiting computer's access to only the employee
C.
Limiting computer's access to only the employee
Answers
D.
Ensuring employee understands their business conduct guidelines
D.
Ensuring employee understands their business conduct guidelines
Answers
Suggested answer: A

Question 254

Report
Export
Collapse

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

A.
Anti-virus software
A.
Anti-virus software
Answers
B.
Intrusion Prevention System (IPS)
B.
Intrusion Prevention System (IPS)
Answers
C.
Anti-spyware software
C.
Anti-spyware software
Answers
D.
Integrity checking software
D.
Integrity checking software
Answers
Suggested answer: B

Question 255

Report
Export
Collapse

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

A.
Run software uninstall
A.
Run software uninstall
Answers
B.
Re-image the computer
B.
Re-image the computer
Answers
C.
Find and remove all installation files
C.
Find and remove all installation files
Answers
D.
Delete all cookies stored in the web browser cache
D.
Delete all cookies stored in the web browser cache
Answers
Suggested answer: B

Question 256

Report
Export
Collapse

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following documents explains the proper use of the organization's assets?

A.
Human resources policy
A.
Human resources policy
Answers
B.
Acceptable use policy
B.
Acceptable use policy
Answers
C.
Code of ethics
C.
Code of ethics
Answers
D.
Access control policy
D.
Access control policy
Answers
Suggested answer: B

Question 257

Report
Export
Collapse

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.

In the plan, what is the BEST approach to mitigate future internal client-based attacks?

A.
Block all client side web exploits at the perimeter.
A.
Block all client side web exploits at the perimeter.
Answers
B.
Remove all non-essential client-side web services from the network.
B.
Remove all non-essential client-side web services from the network.
Answers
C.
Screen for harmful exploits of client-side services before implementation.
C.
Screen for harmful exploits of client-side services before implementation.
Answers
D.
Harden the client image before deployment.
D.
Harden the client image before deployment.
Answers
Suggested answer: D

Question 258

Report
Export
Collapse

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

A.
Text editors, database, and Internet phone applications
A.
Text editors, database, and Internet phone applications
Answers
B.
Email, presentation, and database applications
B.
Email, presentation, and database applications
Answers
C.
Image libraries, presentation and spreadsheet applications
C.
Image libraries, presentation and spreadsheet applications
Answers
D.
Email, media players, and instant messaging applications
D.
Email, media players, and instant messaging applications
Answers
Suggested answer: D

Question 259

Report
Export
Collapse

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.

What MUST the plan include in order to reduce client-side exploitation?

A.
Approved web browsers
A.
Approved web browsers
Answers
B.
Network firewall procedures
B.
Network firewall procedures
Answers
C.
Proxy configuration
C.
Proxy configuration
Answers
D.
Employee education
D.
Employee education
Answers
Suggested answer: D

Question 260

Report
Export
Collapse

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.

What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

A.
Client privilege administration is inherently weaker than server privilege administration.
A.
Client privilege administration is inherently weaker than server privilege administration.
Answers
B.
Client hardening and management is easier on clients than on servers.
B.
Client hardening and management is easier on clients than on servers.
Answers
C.
Client-based attacks are more common and easier to exploit than server and network based attacks.
C.
Client-based attacks are more common and easier to exploit than server and network based attacks.
Answers
D.
Client-based attacks have higher financial impact.
D.
Client-based attacks have higher financial impact.
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms