ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 38

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 371

Report
Export
Collapse

Are companies legally required to report all data breaches?

A.
No, different jurisdictions have different rules.
A.
No, different jurisdictions have different rules.
Answers
B.
No, not if the data is encrypted.
B.
No, not if the data is encrypted.
Answers
C.
No, companies' codes of ethics don't require it.
C.
No, companies' codes of ethics don't require it.
Answers
D.
No, only if the breach had a material impact.
D.
No, only if the breach had a material impact.
Answers
Suggested answer: A

Question 372

Report
Export
Collapse

What is the PRIMARY difference between security policies and security procedures?

A.
Policies are used to enforce violations, and procedures create penalties
A.
Policies are used to enforce violations, and procedures create penalties
Answers
B.
Policies point to guidelines, and procedures are more contractual in nature
B.
Policies point to guidelines, and procedures are more contractual in nature
Answers
C.
Policies are included in awareness training, and procedures give guidance
C.
Policies are included in awareness training, and procedures give guidance
Answers
D.
Policies are generic in nature, and procedures contain operational details
D.
Policies are generic in nature, and procedures contain operational details
Answers
Suggested answer: D

Question 373

Report
Export
Collapse

For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

A.
Information Systems Security Officer
A.
Information Systems Security Officer
Answers
B.
Data Owner
B.
Data Owner
Answers
C.
System Security Architect
C.
System Security Architect
Answers
D.
Security Requirements Analyst
D.
Security Requirements Analyst
Answers
Suggested answer: B

Question 374

Report
Export
Collapse

Which of the following controls is the FIRST step in protecting privacy in an information system?

A.
Data Redaction
A.
Data Redaction
Answers
B.
Data Minimization
B.
Data Minimization
Answers
C.
Data Encryption
C.
Data Encryption
Answers
D.
Data Storage
D.
Data Storage
Answers
Suggested answer: B

Question 375

Report
Export
Collapse

Which of the following BEST avoids data remanence disclosure for cloud hosted resources?

A.
Strong encryption and deletion of the keys after data is deleted.
A.
Strong encryption and deletion of the keys after data is deleted.
Answers
B.
Strong encryption and deletion of the virtual host after data is deleted.
B.
Strong encryption and deletion of the virtual host after data is deleted.
Answers
C.
Software based encryption with two factor authentication.
C.
Software based encryption with two factor authentication.
Answers
D.
Hardware based encryption on dedicated physical servers.
D.
Hardware based encryption on dedicated physical servers.
Answers
Suggested answer: A

Question 376

Report
Export
Collapse

What is the MOST efficient way to secure a production program and its data?

A.
Disable default accounts and implement access control lists (ACL)
A.
Disable default accounts and implement access control lists (ACL)
Answers
B.
Harden the application and encrypt the data
B.
Harden the application and encrypt the data
Answers
C.
Disable unused services and implement tunneling
C.
Disable unused services and implement tunneling
Answers
D.
Harden the servers and backup the data
D.
Harden the servers and backup the data
Answers
Suggested answer: B

Question 377

Report
Export
Collapse

If compromised, which of the following would lead to the exploitation of multiple virtual machines?

A.
Virtual device drivers
A.
Virtual device drivers
Answers
B.
Virtual machine monitor
B.
Virtual machine monitor
Answers
C.
Virtual machine instance
C.
Virtual machine instance
Answers
D.
Virtual machine file system
D.
Virtual machine file system
Answers
Suggested answer: B

Question 378

Report
Export
Collapse

Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

A.
Application interface entry and endpoints
A.
Application interface entry and endpoints
Answers
B.
The likelihood and impact of a vulnerability
B.
The likelihood and impact of a vulnerability
Answers
C.
Countermeasures and mitigations for vulnerabilities
C.
Countermeasures and mitigations for vulnerabilities
Answers
D.
A data flow diagram for the application and attack surface analysis
D.
A data flow diagram for the application and attack surface analysis
Answers
Suggested answer: D

Question 379

Report
Export
Collapse

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

A.
Data at rest encryption
A.
Data at rest encryption
Answers
B.
Configuration Management
B.
Configuration Management
Answers
C.
Integrity checking software
C.
Integrity checking software
Answers
D.
Cyclic redundancy check (CRC)
D.
Cyclic redundancy check (CRC)
Answers
Suggested answer: D

Question 380

Report
Export
Collapse

Which of the following secures web transactions at the Transport Layer?

A.
Secure HyperText Transfer Protocol (S-HTTP)
A.
Secure HyperText Transfer Protocol (S-HTTP)
Answers
B.
Secure Sockets Layer (SSL)
B.
Secure Sockets Layer (SSL)
Answers
C.
Socket Security (SOCKS)
C.
Socket Security (SOCKS)
Answers
D.
Secure Shell (SSH)
D.
Secure Shell (SSH)
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms