ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 261

Report
Export
Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Which of the following BEST describes the access control methodology used?

A.
Least privilege
A.
Least privilege
Answers
B.
Lattice Based Access Control (LBAC)
B.
Lattice Based Access Control (LBAC)
Answers
C.
Role Based Access Control (RBAC)
C.
Role Based Access Control (RBAC)
Answers
D.
Lightweight Directory Access Control (LDAP)
D.
Lightweight Directory Access Control (LDAP)
Answers
Suggested answer: C

Question 262

Report
Export
Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

In addition to authentication at the start of the user session, best practice would require reauthentication

A.
periodically during a session.
A.
periodically during a session.
Answers
B.
for each business process.
B.
for each business process.
Answers
C.
at system sign-off.
C.
at system sign-off.
Answers
D.
after a period of inactivity.
D.
after a period of inactivity.
Answers
Suggested answer: D

Question 263

Report
Export
Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Following best practice, where should the permitted access for each department and job classification combination be specified?

A.
Security procedures
A.
Security procedures
Answers
B.
Security standards
B.
Security standards
Answers
C.
Human resource policy
C.
Human resource policy
Answers
D.
Human resource standards
D.
Human resource standards
Answers
Suggested answer: B

Question 264

Report
Export
Collapse

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session.

Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

What MUST the access control logs contain in addition to the identifier?

A.
Time of the access
A.
Time of the access
Answers
B.
Security classification
B.
Security classification
Answers
C.
Denied access attempts
C.
Denied access attempts
Answers
D.
Associated clearance
D.
Associated clearance
Answers
Suggested answer: A

Question 265

Report
Export
Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Which of the following is considered the MOST important priority for the information security officer?

A.
Formal acceptance of the security strategy
A.
Formal acceptance of the security strategy
Answers
B.
Disciplinary actions taken against unethical behavior
B.
Disciplinary actions taken against unethical behavior
Answers
C.
Development of an awareness program for new employees
C.
Development of an awareness program for new employees
Answers
D.
Audit of all organization system configurations for faults
D.
Audit of all organization system configurations for faults
Answers
Suggested answer: A

Question 266

Report
Export
Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The effectiveness of the security program can PRIMARILY be measured through

A.
audit findings.
A.
audit findings.
Answers
B.
risk elimination.
B.
risk elimination.
Answers
C.
audit requirements.
C.
audit requirements.
Answers
D.
customer satisfaction.
D.
customer satisfaction.
Answers
Suggested answer: A

Question 267

Report
Export
Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

A.
Severity of risk
A.
Severity of risk
Answers
B.
Complexity of strategy
B.
Complexity of strategy
Answers
C.
Frequency of incidents
C.
Frequency of incidents
Answers
D.
Ongoing awareness
D.
Ongoing awareness
Answers
Suggested answer: A

Question 268

Report
Export
Collapse

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The security program can be considered effective when

A.
vulnerabilities are proactively identified.
A.
vulnerabilities are proactively identified.
Answers
B.
audits are regularly performed and reviewed.
B.
audits are regularly performed and reviewed.
Answers
C.
backups are regularly performed and validated.
C.
backups are regularly performed and validated.
Answers
D.
risk is lowered to an acceptable level.
D.
risk is lowered to an acceptable level.
Answers
Suggested answer: D

Question 269

Report
Export
Collapse

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

A.
Unauthorized database changes
A.
Unauthorized database changes
Answers
B.
Integrity of security logs
B.
Integrity of security logs
Answers
C.
Availability of the database
C.
Availability of the database
Answers
D.
Confidentiality of the incident
D.
Confidentiality of the incident
Answers
Suggested answer: A

Question 270

Report
Export
Collapse

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

A.
Availability
A.
Availability
Answers
B.
Integrity
B.
Integrity
Answers
C.
Accountability
C.
Accountability
Answers
D.
Confidentiality
D.
Confidentiality
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms