ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Data remanence refers to which of the following?

Question 31

Report
Export
Collapse

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

A.
Add a new rule to the application layer firewall
A.
Add a new rule to the application layer firewall
Answers
B.
Block access to the service
B.
Block access to the service
Answers
C.
Install an Intrusion Detection System (IDS)
C.
Install an Intrusion Detection System (IDS)
Answers
D.
Patch the application source code
D.
Patch the application source code
Answers
Suggested answer: A

Question 32

Report
Export
Collapse

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

A.
Intrusion Prevention Systems (IPS)
A.
Intrusion Prevention Systems (IPS)
Answers
B.
Intrusion Detection Systems (IDS)
B.
Intrusion Detection Systems (IDS)
Answers
C.
Stateful firewalls
C.
Stateful firewalls
Answers
D.
Network Behavior Analysis (NBA) tools
D.
Network Behavior Analysis (NBA) tools
Answers
Suggested answer: D

Question 33

Report
Export
Collapse

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

A.
WEP uses a small range Initialization Vector (IV)
A.
WEP uses a small range Initialization Vector (IV)
Answers
B.
WEP uses Message Digest 5 (MD5)
B.
WEP uses Message Digest 5 (MD5)
Answers
C.
WEP uses Diffie-Hellman
C.
WEP uses Diffie-Hellman
Answers
D.
WEP does not use any Initialization Vector (IV)
D.
WEP does not use any Initialization Vector (IV)
Answers
Suggested answer: A

Question 34

Report
Export
Collapse

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

A.
Trusted third-party certification
A.
Trusted third-party certification
Answers
B.
Lightweight Directory Access Protocol (LDAP)
B.
Lightweight Directory Access Protocol (LDAP)
Answers
C.
Security Assertion Markup language (SAML)
C.
Security Assertion Markup language (SAML)
Answers
D.
Cross-certification
D.
Cross-certification
Answers
Suggested answer: C

Question 35

Report
Export
Collapse

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

A.
Derived credential
A.
Derived credential
Answers
B.
Temporary security credential
B.
Temporary security credential
Answers
C.
Mobile device credentialing service
C.
Mobile device credentialing service
Answers
D.
Digest authentication
D.
Digest authentication
Answers
Suggested answer: A

Question 36

Report
Export
Collapse

Users require access rights that allow them to view the average salary of groups of employees.

Which control would prevent the users from obtaining an individual employee's salary?

A.
Limit access to predefined queries
A.
Limit access to predefined queries
Answers
B.
Segregate the database into a small number of partitions each with a separate security level
B.
Segregate the database into a small number of partitions each with a separate security level
Answers
C.
Implement Role Based Access Control (RBAC)
C.
Implement Role Based Access Control (RBAC)
Answers
D.
Reduce the number of people who have access to the system for statistical purposes
D.
Reduce the number of people who have access to the system for statistical purposes
Answers
Suggested answer: C

Question 37

Report
Export
Collapse

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

A.
Audit logs
A.
Audit logs
Answers
B.
Role-Based Access Control (RBAC)
B.
Role-Based Access Control (RBAC)
Answers
C.
Two-factor authentication
C.
Two-factor authentication
Answers
D.
Application of least privilege
D.
Application of least privilege
Answers
Suggested answer: B

Question 38

Report
Export
Collapse

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

A.
Change management processes
A.
Change management processes
Answers
B.
User administration procedures
B.
User administration procedures
Answers
C.
Operating System (OS) baselines
C.
Operating System (OS) baselines
Answers
D.
System backup documentation
D.
System backup documentation
Answers
Suggested answer: A

Question 39

Report
Export
Collapse

In which of the following programs is it MOST important to include the collection of security process data?

A.
Quarterly access reviews
A.
Quarterly access reviews
Answers
B.
Security continuous monitoring
B.
Security continuous monitoring
Answers
C.
Business continuity testing
C.
Business continuity testing
Answers
D.
Annual security training
D.
Annual security training
Answers
Suggested answer: B

Question 40

Report
Export
Collapse

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

A.
Host VM monitor audit logs
A.
Host VM monitor audit logs
Answers
B.
Guest OS access controls
B.
Guest OS access controls
Answers
C.
Host VM access controls
C.
Host VM access controls
Answers
D.
Guest OS audit logs
D.
Guest OS audit logs
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms