ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 29

List of questions

Question 281

Report Export Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The third party needs to have

processes that are identical to that of the organization doing the outsourcing.
processes that are identical to that of the organization doing the outsourcing.
access to the original personnel that were on staff at the organization.
access to the original personnel that were on staff at the organization.
the ability to maintain all of the applications in languages they are familiar with.
the ability to maintain all of the applications in languages they are familiar with.
access to the skill sets consistent with the programming languages used by the organization.
access to the skill sets consistent with the programming languages used by the organization.
Suggested answer: D
asked 18/09/2024
Welton Harris
51 questions

Question 282

Report Export Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The organization should ensure that the third party's physical security controls are in place so that they

are more rigorous than the original controls.
are more rigorous than the original controls.
are able to limit access to sensitive information.
are able to limit access to sensitive information.
allow access by the organization staff at any time.
allow access by the organization staff at any time.
cannot be accessed by subcontractors of the third party.
cannot be accessed by subcontractors of the third party.
Suggested answer: B
asked 18/09/2024
Joseph Bauer
43 questions

Question 283

Report Export Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

What additional considerations are there if the third party is located in a different country?

The organizational structure of the third party and how it may impact timelines within the organization
The organizational structure of the third party and how it may impact timelines within the organization
The ability of the third party to respond to the organization in a timely manner and with accurate information
The ability of the third party to respond to the organization in a timely manner and with accurate information
The effects of transborder data flows and customer expectations regarding the storage or processing of their data
The effects of transborder data flows and customer expectations regarding the storage or processing of their data
The quantity of data that must be provided to the third party and how it is to be used
The quantity of data that must be provided to the third party and how it is to be used
Suggested answer: C
asked 18/09/2024
Fiertelmeister Tibor
41 questions

Question 284

Report Export Collapse

What is the MOST critical factor to achieve the goals of a security program?

Capabilities of security resources
Capabilities of security resources
Executive management support
Executive management support
Effectiveness of security management
Effectiveness of security management
Budget approved for security resources
Budget approved for security resources
Suggested answer: B
asked 18/09/2024
Jessica Mahoney
44 questions

Question 285

Report Export Collapse

A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?

The entire enterprise network infrastructure.
The entire enterprise network infrastructure.
The handheld devices, wireless access points and border gateway.
The handheld devices, wireless access points and border gateway.
The end devices, wireless access points, WLAN, switches, management console, and firewall.
The end devices, wireless access points, WLAN, switches, management console, and firewall.
The end devices, wireless access points, WLAN, switches, management console, and Internet
The end devices, wireless access points, WLAN, switches, management console, and Internet
Suggested answer: C
asked 18/09/2024
Shivanth Jha
39 questions

Question 286

Report Export Collapse

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Immediately call the police
Immediately call the police
Work with the client to resolve the issue internally
Work with the client to resolve the issue internally
Advise the person performing the illegal activity to cease and desist
Advise the person performing the illegal activity to cease and desist
Work with the client to report the activity to the appropriate authority
Work with the client to report the activity to the appropriate authority
Suggested answer: D
asked 18/09/2024
Siphiwe Soldat
39 questions

Question 287

Report Export Collapse

Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

Timing
Timing
Cold boot
Cold boot
Side channel
Side channel
Acoustic cryptanalysis
Acoustic cryptanalysis
Suggested answer: B
asked 18/09/2024
Zahidul Haque
49 questions

Question 288

Report Export Collapse

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Identify regulatory requirements
Identify regulatory requirements
Conduct a risk assessment
Conduct a risk assessment
Determine business drivers
Determine business drivers
Review the security baseline configuration
Review the security baseline configuration
Suggested answer: B
asked 18/09/2024
justen layne
43 questions

Question 289

Report Export Collapse

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

Set up a BIOS and operating system password
Set up a BIOS and operating system password
Encrypt the virtual drive where confidential files can be stored
Encrypt the virtual drive where confidential files can be stored
Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
Encrypt the entire disk and delete contents after a set number of failed access attempts
Encrypt the entire disk and delete contents after a set number of failed access attempts
Suggested answer: D
asked 18/09/2024
Albaladejo Joffrey
41 questions

Question 290

Report Export Collapse

Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?

Requirements Analysis
Requirements Analysis
Development and Deployment
Development and Deployment
Production Operations
Production Operations
Utilization Support
Utilization Support
Suggested answer: A
asked 18/09/2024
Katrina Allangba
43 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?