ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 351

Report
Export
Collapse

While investigating a malicious event, only six days of audit logs from the last month were available.

What policy should be updated to address this problem?

A.
Retention
A.
Retention
Answers
B.
Reporting
B.
Reporting
Answers
C.
Recovery
C.
Recovery
Answers
D.
Remediation
D.
Remediation
Answers
Suggested answer: A

Question 352

Report
Export
Collapse

Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

A.
Data Custodian
A.
Data Custodian
Answers
B.
Executive Management
B.
Executive Management
Answers
C.
Chief Information Security Officer
C.
Chief Information Security Officer
Answers
D.
Data/Information/Business Owners
D.
Data/Information/Business Owners
Answers
Suggested answer: B

Question 353

Report
Export
Collapse

A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

A.
Onward transfer
A.
Onward transfer
Answers
B.
Collection Limitation
B.
Collection Limitation
Answers
C.
Collector Accountability
C.
Collector Accountability
Answers
D.
Individual Participation
D.
Individual Participation
Answers
Suggested answer: B

Question 354

Report
Export
Collapse

Which of the following is the PRIMARY benefit of implementing data-in-use controls?

A.
If the data is lost, it must be decrypted to be opened.
A.
If the data is lost, it must be decrypted to be opened.
Answers
B.
If the data is lost, it will not be accessible to unauthorized users.
B.
If the data is lost, it will not be accessible to unauthorized users.
Answers
C.
When the data is being viewed, it can only be printed by authorized users.
C.
When the data is being viewed, it can only be printed by authorized users.
Answers
D.
When the data is being viewed, it must be accessed using secure protocols.
D.
When the data is being viewed, it must be accessed using secure protocols.
Answers
Suggested answer: C

Question 355

Report
Export
Collapse

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

A.
Public Key Infrastructure (PKI) and digital signatures
A.
Public Key Infrastructure (PKI) and digital signatures
Answers
B.
Trusted server certificates and passphrases
B.
Trusted server certificates and passphrases
Answers
C.
User ID and password
C.
User ID and password
Answers
D.
Asymmetric encryption and User ID
D.
Asymmetric encryption and User ID
Answers
Suggested answer: A

Question 356

Report
Export
Collapse

Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?

A.
Level of assurance of the Target of Evaluation (TOE) in intended operational environment
A.
Level of assurance of the Target of Evaluation (TOE) in intended operational environment
Answers
B.
Selection to meet the security objectives stated in test documents
B.
Selection to meet the security objectives stated in test documents
Answers
C.
Security behavior expected of a TOE
C.
Security behavior expected of a TOE
Answers
D.
Definition of the roles and responsibilities
D.
Definition of the roles and responsibilities
Answers
Suggested answer: C

Question 357

Report
Export
Collapse

Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

A.
IEEE 802.1F
A.
IEEE 802.1F
Answers
B.
IEEE 802.1H
B.
IEEE 802.1H
Answers
C.
IEEE 802.1Q
C.
IEEE 802.1Q
Answers
D.
IEEE 802.1X
D.
IEEE 802.1X
Answers
Suggested answer: D

Question 358

Report
Export
Collapse

The PRIMARY security concern for handheld devices is the

A.
strength of the encryption algorithm.
A.
strength of the encryption algorithm.
Answers
B.
spread of malware during synchronization.
B.
spread of malware during synchronization.
Answers
C.
ability to bypass the authentication mechanism.
C.
ability to bypass the authentication mechanism.
Answers
D.
strength of the Personal Identification Number (PIN).
D.
strength of the Personal Identification Number (PIN).
Answers
Suggested answer: C

Question 359

Report
Export
Collapse

Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

A.
Authorizations are not included in the server response
A.
Authorizations are not included in the server response
Answers
B.
Unsalted hashes are passed over the network
B.
Unsalted hashes are passed over the network
Answers
C.
The authentication session can be replayed
C.
The authentication session can be replayed
Answers
D.
Passwords are passed in cleartext
D.
Passwords are passed in cleartext
Answers
Suggested answer: D

Question 360

Report
Export
Collapse

A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

A.
the scalability of token enrollment.
A.
the scalability of token enrollment.
Answers
B.
increased accountability of end users.
B.
increased accountability of end users.
Answers
C.
it protects against unauthorized access.
C.
it protects against unauthorized access.
Answers
D.
it simplifies user access administration.
D.
it simplifies user access administration.
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms