ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 37

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 361

Report
Export
Collapse

Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

A.
Delayed revocation or destruction of credentials
A.
Delayed revocation or destruction of credentials
Answers
B.
Modification of Certificate Revocation List
B.
Modification of Certificate Revocation List
Answers
C.
Unauthorized renewal or re-issuance
C.
Unauthorized renewal or re-issuance
Answers
D.
Token use after decommissioning
D.
Token use after decommissioning
Answers
Suggested answer: B

Question 362

Report
Export
Collapse

What security risk does the role-based access approach mitigate MOST effectively?

A.
Excessive access rights to systems and data
A.
Excessive access rights to systems and data
Answers
B.
Segregation of duties conflicts within business applications
B.
Segregation of duties conflicts within business applications
Answers
C.
Lack of system administrator activity monitoring
C.
Lack of system administrator activity monitoring
Answers
D.
Inappropriate access requests
D.
Inappropriate access requests
Answers
Suggested answer: A

Question 363

Report
Export
Collapse

Which of the following questions can be answered using user and group entitlement reporting?

A.
When a particular file was last accessed by a user
A.
When a particular file was last accessed by a user
Answers
B.
Change control activities for a particular group of users
B.
Change control activities for a particular group of users
Answers
C.
The number of failed login attempts for a particular user
C.
The number of failed login attempts for a particular user
Answers
D.
Where does a particular user have access within the network
D.
Where does a particular user have access within the network
Answers
Suggested answer: D

Question 364

Report
Export
Collapse

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

A.
Assess vulnerability risk and program effectiveness.
A.
Assess vulnerability risk and program effectiveness.
Answers
B.
Assess vulnerability risk and business impact.
B.
Assess vulnerability risk and business impact.
Answers
C.
Disconnect all systems with critical vulnerabilities.
C.
Disconnect all systems with critical vulnerabilities.
Answers
D.
Disconnect systems with the most number of vulnerabilities.
D.
Disconnect systems with the most number of vulnerabilities.
Answers
Suggested answer: B

Question 365

Report
Export
Collapse

Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

A.
dig
A.
dig
Answers
B.
ifconfig
B.
ifconfig
Answers
C.
ipconfig
C.
ipconfig
Answers
D.
nbtstat
D.
nbtstat
Answers
Suggested answer: A

Question 366

Report
Export
Collapse

An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

A.
Limits and scope of the testing.
A.
Limits and scope of the testing.
Answers
B.
Physical location of server room and wiring closet.
B.
Physical location of server room and wiring closet.
Answers
C.
Logical location of filters and concentrators.
C.
Logical location of filters and concentrators.
Answers
D.
Employee directory and organizational chart.
D.
Employee directory and organizational chart.
Answers
Suggested answer: A

Question 367

Report
Export
Collapse

When planning a penetration test, the tester will be MOST interested in which information?

A.
Places to install back doors
A.
Places to install back doors
Answers
B.
The main network access points
B.
The main network access points
Answers
C.
Job application handouts and tours
C.
Job application handouts and tours
Answers
D.
Exploits that can attack weaknesses
D.
Exploits that can attack weaknesses
Answers
Suggested answer: D

Question 368

Report
Export
Collapse

After acquiring the latest security updates, what must be done before deploying to production systems?

A.
Use tools to detect missing system patches
A.
Use tools to detect missing system patches
Answers
B.
Install the patches on a test system
B.
Install the patches on a test system
Answers
C.
Subscribe to notifications for vulnerabilities
C.
Subscribe to notifications for vulnerabilities
Answers
D.
Assess the severity of the situation
D.
Assess the severity of the situation
Answers
Suggested answer: B

Question 369

Report
Export
Collapse

Software Code signing is used as a method of verifying what security concept?

A.
Integrity
A.
Integrity
Answers
B.
Confidentiality
B.
Confidentiality
Answers
C.
Availability
C.
Availability
Answers
D.
Access Control
D.
Access Control
Answers
Suggested answer: A

Question 370

Report
Export
Collapse

Which of the following BEST describes the purpose of performing security certification?

A.
To identify system threats, vulnerabilities, and acceptable level of risk
A.
To identify system threats, vulnerabilities, and acceptable level of risk
Answers
B.
To formalize the confirmation of compliance to security policies and standards
B.
To formalize the confirmation of compliance to security policies and standards
Answers
C.
To formalize the confirmation of completed risk mitigation and risk analysis
C.
To formalize the confirmation of completed risk mitigation and risk analysis
Answers
D.
To verify that system architecture and interconnections with other systems are effectively implemented
D.
To verify that system architecture and interconnections with other systems are effectively implemented
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms