ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 27

List of questions

Question 261

Report Export Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Which of the following BEST describes the access control methodology used?

Least privilege
Least privilege
Lattice Based Access Control (LBAC)
Lattice Based Access Control (LBAC)
Role Based Access Control (RBAC)
Role Based Access Control (RBAC)
Lightweight Directory Access Control (LDAP)
Lightweight Directory Access Control (LDAP)
Suggested answer: C
asked 18/09/2024
Stelios Mantas
31 questions

Question 262

Report Export Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

In addition to authentication at the start of the user session, best practice would require reauthentication

periodically during a session.
periodically during a session.
for each business process.
for each business process.
at system sign-off.
at system sign-off.
after a period of inactivity.
after a period of inactivity.
Suggested answer: D
asked 18/09/2024
Daniel Vong
46 questions

Question 263

Report Export Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Following best practice, where should the permitted access for each department and job classification combination be specified?

Security procedures
Security procedures
Security standards
Security standards
Human resource policy
Human resource policy
Human resource standards
Human resource standards
Suggested answer: B
asked 18/09/2024
Nelson Alvaro
56 questions

Question 264

Report Export Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

What MUST the access control logs contain in addition to the identifier?

Time of the access
Time of the access
Security classification
Security classification
Denied access attempts
Denied access attempts
Associated clearance
Associated clearance
Suggested answer: A
asked 18/09/2024
Dewi Fitriyani
58 questions

Question 265

Report Export Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Which of the following is considered the MOST important priority for the information security officer?

Formal acceptance of the security strategy
Formal acceptance of the security strategy
Disciplinary actions taken against unethical behavior
Disciplinary actions taken against unethical behavior
Development of an awareness program for new employees
Development of an awareness program for new employees
Audit of all organization system configurations for faults
Audit of all organization system configurations for faults
Suggested answer: A
asked 18/09/2024
Michael Wheeler
35 questions

Question 266

Report Export Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The effectiveness of the security program can PRIMARILY be measured through

audit findings.
audit findings.
risk elimination.
risk elimination.
audit requirements.
audit requirements.
customer satisfaction.
customer satisfaction.
Suggested answer: A
asked 18/09/2024
Harieswaran Ramesh
40 questions

Question 267

Report Export Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

Severity of risk
Severity of risk
Complexity of strategy
Complexity of strategy
Frequency of incidents
Frequency of incidents
Ongoing awareness
Ongoing awareness
Suggested answer: A
asked 18/09/2024
Scott Lerch
34 questions

Question 268

Report Export Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The security program can be considered effective when

vulnerabilities are proactively identified.
vulnerabilities are proactively identified.
audits are regularly performed and reviewed.
audits are regularly performed and reviewed.
backups are regularly performed and validated.
backups are regularly performed and validated.
risk is lowered to an acceptable level.
risk is lowered to an acceptable level.
Suggested answer: D
asked 18/09/2024
Trevor O'Brien
40 questions

Question 269

Report Export Collapse

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

Unauthorized database changes
Unauthorized database changes
Integrity of security logs
Integrity of security logs
Availability of the database
Availability of the database
Confidentiality of the incident
Confidentiality of the incident
Suggested answer: A
asked 18/09/2024
Martin Ng
45 questions

Question 270

Report Export Collapse

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Availability
Availability
Integrity
Integrity
Accountability
Accountability
Confidentiality
Confidentiality
Suggested answer: D
asked 18/09/2024
Thomas Lichtenberger
38 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?