ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report Export Collapse

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Add a new rule to the application layer firewall
Add a new rule to the application layer firewall
Block access to the service
Block access to the service
Install an Intrusion Detection System (IDS)
Install an Intrusion Detection System (IDS)
Patch the application source code
Patch the application source code
Suggested answer: A
asked 18/09/2024
Arvind Prasad S
47 questions

Question 32

Report Export Collapse

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Intrusion Prevention Systems (IPS)
Intrusion Prevention Systems (IPS)
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS)
Stateful firewalls
Stateful firewalls
Network Behavior Analysis (NBA) tools
Network Behavior Analysis (NBA) tools
Suggested answer: D
asked 18/09/2024
Dilip Kumar
39 questions

Question 33

Report Export Collapse

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

WEP uses a small range Initialization Vector (IV)
WEP uses a small range Initialization Vector (IV)
WEP uses Message Digest 5 (MD5)
WEP uses Message Digest 5 (MD5)
WEP uses Diffie-Hellman
WEP uses Diffie-Hellman
WEP does not use any Initialization Vector (IV)
WEP does not use any Initialization Vector (IV)
Suggested answer: A
asked 18/09/2024
Vladimir Kosintsov
41 questions

Question 34

Report Export Collapse

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Trusted third-party certification
Trusted third-party certification
Lightweight Directory Access Protocol (LDAP)
Lightweight Directory Access Protocol (LDAP)
Security Assertion Markup language (SAML)
Security Assertion Markup language (SAML)
Cross-certification
Cross-certification
Suggested answer: C
asked 18/09/2024
Christina Lanaski
42 questions

Question 35

Report Export Collapse

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Derived credential
Derived credential
Temporary security credential
Temporary security credential
Mobile device credentialing service
Mobile device credentialing service
Digest authentication
Digest authentication
Suggested answer: A
asked 18/09/2024
christopher tenney
35 questions

Question 36

Report Export Collapse

Users require access rights that allow them to view the average salary of groups of employees.

Which control would prevent the users from obtaining an individual employee's salary?

Limit access to predefined queries
Limit access to predefined queries
Segregate the database into a small number of partitions each with a separate security level
Segregate the database into a small number of partitions each with a separate security level
Implement Role Based Access Control (RBAC)
Implement Role Based Access Control (RBAC)
Reduce the number of people who have access to the system for statistical purposes
Reduce the number of people who have access to the system for statistical purposes
Suggested answer: C
asked 18/09/2024
Teste Teste
42 questions

Question 37

Report Export Collapse

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Audit logs
Audit logs
Role-Based Access Control (RBAC)
Role-Based Access Control (RBAC)
Two-factor authentication
Two-factor authentication
Application of least privilege
Application of least privilege
Suggested answer: B
asked 18/09/2024
Michael Ulrich
44 questions

Question 38

Report Export Collapse

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Change management processes
Change management processes
User administration procedures
User administration procedures
Operating System (OS) baselines
Operating System (OS) baselines
System backup documentation
System backup documentation
Suggested answer: A
asked 18/09/2024
Francisco Jesús Cano Hinarejos
59 questions

Question 39

Report Export Collapse

In which of the following programs is it MOST important to include the collection of security process data?

Quarterly access reviews
Quarterly access reviews
Security continuous monitoring
Security continuous monitoring
Business continuity testing
Business continuity testing
Annual security training
Annual security training
Suggested answer: B
asked 18/09/2024
David Looby
39 questions

Question 40

Report Export Collapse

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Host VM monitor audit logs
Host VM monitor audit logs
Guest OS access controls
Guest OS access controls
Host VM access controls
Host VM access controls
Guest OS audit logs
Guest OS audit logs
Suggested answer: A
asked 18/09/2024
Vetti Paiyan
31 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?