ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 32

List of questions

Question 311

Report Export Collapse

Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Ineffective data classification
Ineffective data classification
Lack of data access controls
Lack of data access controls
Ineffective identity management controls
Ineffective identity management controls
Lack of Data Loss Prevention (DLP) tools
Lack of Data Loss Prevention (DLP) tools
Suggested answer: A
asked 18/09/2024
EDDIE LIN
49 questions

Question 312

Report Export Collapse

A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.

Which of the following is the BEST location?

On the top floor
On the top floor
In the basement
In the basement
In the core of the building
In the core of the building
In an exterior room with windows
In an exterior room with windows
Suggested answer: C
asked 18/09/2024
Mark Anthony Acorda
40 questions

Question 313

Report Export Collapse

Which of the following is the PRIMARY concern when using an Internet browser to access a cloudbased service?

Insecure implementation of Application Programming Interfaces (API)
Insecure implementation of Application Programming Interfaces (API)
Improper use and storage of management keys
Improper use and storage of management keys
Misconfiguration of infrastructure allowing for unauthorized access
Misconfiguration of infrastructure allowing for unauthorized access
Vulnerabilities within protocols that can expose confidential data
Vulnerabilities within protocols that can expose confidential data
Suggested answer: D
asked 18/09/2024
Gabriel Pereira Dias
41 questions

Question 314

Report Export Collapse

After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway.

The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?

Implement strong passwords authentication for VPN
Implement strong passwords authentication for VPN
Integrate the VPN with centralized credential stores
Integrate the VPN with centralized credential stores
Implement an Internet Protocol Security (IPSec) client
Implement an Internet Protocol Security (IPSec) client
Use two-factor authentication mechanisms
Use two-factor authentication mechanisms
Suggested answer: D
asked 18/09/2024
Baljit Bhadare
44 questions

Question 315

Report Export Collapse

For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Challenge response and private key
Challenge response and private key
Digital certificates and Single Sign-On (SSO)
Digital certificates and Single Sign-On (SSO)
Tokens and passphrase
Tokens and passphrase
Smart card and biometrics
Smart card and biometrics
Suggested answer: D
asked 18/09/2024
Piyush Zope
43 questions

Question 316

Report Export Collapse

If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

User error
User error
Suspected tampering
Suspected tampering
Accurate identification
Accurate identification
Unsuccessful identification
Unsuccessful identification
Suggested answer: B
asked 18/09/2024
Bipindra Shrestha
45 questions

Question 317

Report Export Collapse

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

Security control baselines, access controls, employee awareness and training
Security control baselines, access controls, employee awareness and training
Human resources, asset management, production management
Human resources, asset management, production management
Supply chain lead time, inventory control, encryption
Supply chain lead time, inventory control, encryption
Polygraphs, crime statistics, forensics
Polygraphs, crime statistics, forensics
Suggested answer: A
asked 18/09/2024
Mark Theeuwes
46 questions

Question 318

Report Export Collapse

Discretionary Access Control (DAC) is based on which of the following?

Information source and destination
Information source and destination
Identification of subjects and objects
Identification of subjects and objects
Security labels and privileges
Security labels and privileges
Standards and guidelines
Standards and guidelines
Suggested answer: B
asked 18/09/2024
Dominique Reemer
43 questions

Question 319

Report Export Collapse

By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

Lock pinging
Lock pinging
Lock picking
Lock picking
Lock bumping
Lock bumping
Lock bricking
Lock bricking
Suggested answer: B
asked 18/09/2024
FUKUMOTO AYUMI
32 questions

Question 320

Report Export Collapse

An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.

As part of the authentication process, which of the following must the end user provide?

An access token
An access token
A username and password
A username and password
A username
A username
A password
A password
Suggested answer: A
asked 18/09/2024
Bartłomiej Praniuk
27 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?