ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 38

List of questions

Question 371

Report Export Collapse

Are companies legally required to report all data breaches?

No, different jurisdictions have different rules.
No, different jurisdictions have different rules.
No, not if the data is encrypted.
No, not if the data is encrypted.
No, companies' codes of ethics don't require it.
No, companies' codes of ethics don't require it.
No, only if the breach had a material impact.
No, only if the breach had a material impact.
Suggested answer: A
asked 18/09/2024
Vojtech Danek
42 questions

Question 372

Report Export Collapse

What is the PRIMARY difference between security policies and security procedures?

Policies are used to enforce violations, and procedures create penalties
Policies are used to enforce violations, and procedures create penalties
Policies point to guidelines, and procedures are more contractual in nature
Policies point to guidelines, and procedures are more contractual in nature
Policies are included in awareness training, and procedures give guidance
Policies are included in awareness training, and procedures give guidance
Policies are generic in nature, and procedures contain operational details
Policies are generic in nature, and procedures contain operational details
Suggested answer: D
asked 18/09/2024
JAOID EL OUALITI
31 questions

Question 373

Report Export Collapse

For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

Information Systems Security Officer
Information Systems Security Officer
Data Owner
Data Owner
System Security Architect
System Security Architect
Security Requirements Analyst
Security Requirements Analyst
Suggested answer: B
asked 18/09/2024
Jackes Matos
46 questions

Question 374

Report Export Collapse

Which of the following controls is the FIRST step in protecting privacy in an information system?

Data Redaction
Data Redaction
Data Minimization
Data Minimization
Data Encryption
Data Encryption
Data Storage
Data Storage
Suggested answer: B
asked 18/09/2024
Gilbert Mendoza
43 questions

Question 375

Report Export Collapse

Which of the following BEST avoids data remanence disclosure for cloud hosted resources?

Strong encryption and deletion of the keys after data is deleted.
Strong encryption and deletion of the keys after data is deleted.
Strong encryption and deletion of the virtual host after data is deleted.
Strong encryption and deletion of the virtual host after data is deleted.
Software based encryption with two factor authentication.
Software based encryption with two factor authentication.
Hardware based encryption on dedicated physical servers.
Hardware based encryption on dedicated physical servers.
Suggested answer: A
asked 18/09/2024
Akash Makkar
42 questions

Question 376

Report Export Collapse

What is the MOST efficient way to secure a production program and its data?

Disable default accounts and implement access control lists (ACL)
Disable default accounts and implement access control lists (ACL)
Harden the application and encrypt the data
Harden the application and encrypt the data
Disable unused services and implement tunneling
Disable unused services and implement tunneling
Harden the servers and backup the data
Harden the servers and backup the data
Suggested answer: B
asked 18/09/2024
khalid Hassan
38 questions

Question 377

Report Export Collapse

If compromised, which of the following would lead to the exploitation of multiple virtual machines?

Virtual device drivers
Virtual device drivers
Virtual machine monitor
Virtual machine monitor
Virtual machine instance
Virtual machine instance
Virtual machine file system
Virtual machine file system
Suggested answer: B
asked 18/09/2024
George Morales
54 questions

Question 378

Report Export Collapse

Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

Application interface entry and endpoints
Application interface entry and endpoints
The likelihood and impact of a vulnerability
The likelihood and impact of a vulnerability
Countermeasures and mitigations for vulnerabilities
Countermeasures and mitigations for vulnerabilities
A data flow diagram for the application and attack surface analysis
A data flow diagram for the application and attack surface analysis
Suggested answer: D
asked 18/09/2024
Mithun E
54 questions

Question 379

Report Export Collapse

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Data at rest encryption
Data at rest encryption
Configuration Management
Configuration Management
Integrity checking software
Integrity checking software
Cyclic redundancy check (CRC)
Cyclic redundancy check (CRC)
Suggested answer: D
asked 18/09/2024
Chuck Crouse
54 questions

Question 380

Report Export Collapse

Which of the following secures web transactions at the Transport Layer?

Secure HyperText Transfer Protocol (S-HTTP)
Secure HyperText Transfer Protocol (S-HTTP)
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
Socket Security (SOCKS)
Socket Security (SOCKS)
Secure Shell (SSH)
Secure Shell (SSH)
Suggested answer: B
asked 18/09/2024
Venkataramanan R
42 questions
Total 1.482 questions
Go to page: of 149
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?