ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 281

Report
Export
Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The third party needs to have

A.
processes that are identical to that of the organization doing the outsourcing.
A.
processes that are identical to that of the organization doing the outsourcing.
Answers
B.
access to the original personnel that were on staff at the organization.
B.
access to the original personnel that were on staff at the organization.
Answers
C.
the ability to maintain all of the applications in languages they are familiar with.
C.
the ability to maintain all of the applications in languages they are familiar with.
Answers
D.
access to the skill sets consistent with the programming languages used by the organization.
D.
access to the skill sets consistent with the programming languages used by the organization.
Answers
Suggested answer: D

Question 282

Report
Export
Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The organization should ensure that the third party's physical security controls are in place so that they

A.
are more rigorous than the original controls.
A.
are more rigorous than the original controls.
Answers
B.
are able to limit access to sensitive information.
B.
are able to limit access to sensitive information.
Answers
C.
allow access by the organization staff at any time.
C.
allow access by the organization staff at any time.
Answers
D.
cannot be accessed by subcontractors of the third party.
D.
cannot be accessed by subcontractors of the third party.
Answers
Suggested answer: B

Question 283

Report
Export
Collapse

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

What additional considerations are there if the third party is located in a different country?

A.
The organizational structure of the third party and how it may impact timelines within the organization
A.
The organizational structure of the third party and how it may impact timelines within the organization
Answers
B.
The ability of the third party to respond to the organization in a timely manner and with accurate information
B.
The ability of the third party to respond to the organization in a timely manner and with accurate information
Answers
C.
The effects of transborder data flows and customer expectations regarding the storage or processing of their data
C.
The effects of transborder data flows and customer expectations regarding the storage or processing of their data
Answers
D.
The quantity of data that must be provided to the third party and how it is to be used
D.
The quantity of data that must be provided to the third party and how it is to be used
Answers
Suggested answer: C

Question 284

Report
Export
Collapse

What is the MOST critical factor to achieve the goals of a security program?

A.
Capabilities of security resources
A.
Capabilities of security resources
Answers
B.
Executive management support
B.
Executive management support
Answers
C.
Effectiveness of security management
C.
Effectiveness of security management
Answers
D.
Budget approved for security resources
D.
Budget approved for security resources
Answers
Suggested answer: B

Question 285

Report
Export
Collapse

A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?

A.
The entire enterprise network infrastructure.
A.
The entire enterprise network infrastructure.
Answers
B.
The handheld devices, wireless access points and border gateway.
B.
The handheld devices, wireless access points and border gateway.
Answers
C.
The end devices, wireless access points, WLAN, switches, management console, and firewall.
C.
The end devices, wireless access points, WLAN, switches, management console, and firewall.
Answers
D.
The end devices, wireless access points, WLAN, switches, management console, and Internet
D.
The end devices, wireless access points, WLAN, switches, management console, and Internet
Answers
Suggested answer: C

Question 286

Report
Export
Collapse

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

A.
Immediately call the police
A.
Immediately call the police
Answers
B.
Work with the client to resolve the issue internally
B.
Work with the client to resolve the issue internally
Answers
C.
Advise the person performing the illegal activity to cease and desist
C.
Advise the person performing the illegal activity to cease and desist
Answers
D.
Work with the client to report the activity to the appropriate authority
D.
Work with the client to report the activity to the appropriate authority
Answers
Suggested answer: D

Question 287

Report
Export
Collapse

Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

A.
Timing
A.
Timing
Answers
B.
Cold boot
B.
Cold boot
Answers
C.
Side channel
C.
Side channel
Answers
D.
Acoustic cryptanalysis
D.
Acoustic cryptanalysis
Answers
Suggested answer: B

Question 288

Report
Export
Collapse

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

A.
Identify regulatory requirements
A.
Identify regulatory requirements
Answers
B.
Conduct a risk assessment
B.
Conduct a risk assessment
Answers
C.
Determine business drivers
C.
Determine business drivers
Answers
D.
Review the security baseline configuration
D.
Review the security baseline configuration
Answers
Suggested answer: B

Question 289

Report
Export
Collapse

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

A.
Set up a BIOS and operating system password
A.
Set up a BIOS and operating system password
Answers
B.
Encrypt the virtual drive where confidential files can be stored
B.
Encrypt the virtual drive where confidential files can be stored
Answers
C.
Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
C.
Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
Answers
D.
Encrypt the entire disk and delete contents after a set number of failed access attempts
D.
Encrypt the entire disk and delete contents after a set number of failed access attempts
Answers
Suggested answer: D

Question 290

Report
Export
Collapse

Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?

A.
Requirements Analysis
A.
Requirements Analysis
Answers
B.
Development and Deployment
B.
Development and Deployment
Answers
C.
Production Operations
C.
Production Operations
Answers
D.
Utilization Support
D.
Utilization Support
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms