ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 311

Report
Export
Collapse

Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

A.
Ineffective data classification
A.
Ineffective data classification
Answers
B.
Lack of data access controls
B.
Lack of data access controls
Answers
C.
Ineffective identity management controls
C.
Ineffective identity management controls
Answers
D.
Lack of Data Loss Prevention (DLP) tools
D.
Lack of Data Loss Prevention (DLP) tools
Answers
Suggested answer: A

Question 312

Report
Export
Collapse

A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.

Which of the following is the BEST location?

A.
On the top floor
A.
On the top floor
Answers
B.
In the basement
B.
In the basement
Answers
C.
In the core of the building
C.
In the core of the building
Answers
D.
In an exterior room with windows
D.
In an exterior room with windows
Answers
Suggested answer: C

Question 313

Report
Export
Collapse

Which of the following is the PRIMARY concern when using an Internet browser to access a cloudbased service?

A.
Insecure implementation of Application Programming Interfaces (API)
A.
Insecure implementation of Application Programming Interfaces (API)
Answers
B.
Improper use and storage of management keys
B.
Improper use and storage of management keys
Answers
C.
Misconfiguration of infrastructure allowing for unauthorized access
C.
Misconfiguration of infrastructure allowing for unauthorized access
Answers
D.
Vulnerabilities within protocols that can expose confidential data
D.
Vulnerabilities within protocols that can expose confidential data
Answers
Suggested answer: D

Question 314

Report
Export
Collapse

After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway.

The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?

A.
Implement strong passwords authentication for VPN
A.
Implement strong passwords authentication for VPN
Answers
B.
Integrate the VPN with centralized credential stores
B.
Integrate the VPN with centralized credential stores
Answers
C.
Implement an Internet Protocol Security (IPSec) client
C.
Implement an Internet Protocol Security (IPSec) client
Answers
D.
Use two-factor authentication mechanisms
D.
Use two-factor authentication mechanisms
Answers
Suggested answer: D

Question 315

Report
Export
Collapse

For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

A.
Challenge response and private key
A.
Challenge response and private key
Answers
B.
Digital certificates and Single Sign-On (SSO)
B.
Digital certificates and Single Sign-On (SSO)
Answers
C.
Tokens and passphrase
C.
Tokens and passphrase
Answers
D.
Smart card and biometrics
D.
Smart card and biometrics
Answers
Suggested answer: D

Question 316

Report
Export
Collapse

If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

A.
User error
A.
User error
Answers
B.
Suspected tampering
B.
Suspected tampering
Answers
C.
Accurate identification
C.
Accurate identification
Answers
D.
Unsuccessful identification
D.
Unsuccessful identification
Answers
Suggested answer: B

Question 317

Report
Export
Collapse

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

A.
Security control baselines, access controls, employee awareness and training
A.
Security control baselines, access controls, employee awareness and training
Answers
B.
Human resources, asset management, production management
B.
Human resources, asset management, production management
Answers
C.
Supply chain lead time, inventory control, encryption
C.
Supply chain lead time, inventory control, encryption
Answers
D.
Polygraphs, crime statistics, forensics
D.
Polygraphs, crime statistics, forensics
Answers
Suggested answer: A

Question 318

Report
Export
Collapse

Discretionary Access Control (DAC) is based on which of the following?

A.
Information source and destination
A.
Information source and destination
Answers
B.
Identification of subjects and objects
B.
Identification of subjects and objects
Answers
C.
Security labels and privileges
C.
Security labels and privileges
Answers
D.
Standards and guidelines
D.
Standards and guidelines
Answers
Suggested answer: B

Question 319

Report
Export
Collapse

By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

A.
Lock pinging
A.
Lock pinging
Answers
B.
Lock picking
B.
Lock picking
Answers
C.
Lock bumping
C.
Lock bumping
Answers
D.
Lock bricking
D.
Lock bricking
Answers
Suggested answer: B

Question 320

Report
Export
Collapse

An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.

As part of the authentication process, which of the following must the end user provide?

A.
An access token
A.
An access token
Answers
B.
A username and password
B.
A username and password
Answers
C.
A username
C.
A username
Answers
D.
A password
D.
A password
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms