ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 42

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 411

Report
Export
Collapse

Which one of the following is a common risk with network configuration management?

A.
Patches on the network are difficult to keep current.
A.
Patches on the network are difficult to keep current.
Answers
B.
It is the responsibility of the systems administrator.
B.
It is the responsibility of the systems administrator.
Answers
C.
User ID and passwords are never set to expire.
C.
User ID and passwords are never set to expire.
Answers
D.
Network diagrams are not up to date.
D.
Network diagrams are not up to date.
Answers
Suggested answer: D

Question 412

Report
Export
Collapse

What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?

A.
Parallel
A.
Parallel
Answers
B.
Walkthrough
B.
Walkthrough
Answers
C.
Simulation
C.
Simulation
Answers
D.
Tabletop
D.
Tabletop
Answers
Suggested answer: C

Question 413

Report
Export
Collapse

How can lessons learned from business continuity training and actual recovery incidents BEST be used?

A.
As a means for improvement
A.
As a means for improvement
Answers
B.
As alternative options for awareness and training
B.
As alternative options for awareness and training
Answers
C.
As indicators of a need for policy
C.
As indicators of a need for policy
Answers
D.
As business function gap indicators
D.
As business function gap indicators
Answers
Suggested answer: A

Question 414

Report
Export
Collapse

An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?

A.
Denial of Service (DoS) attack
A.
Denial of Service (DoS) attack
Answers
B.
Address Resolution Protocol (ARP) spoof
B.
Address Resolution Protocol (ARP) spoof
Answers
C.
Buffer overflow
C.
Buffer overflow
Answers
D.
Ping flood attack
D.
Ping flood attack
Answers
Suggested answer: A

Question 415

Report
Export
Collapse

In configuration management, what baseline configuration information MUST be maintained for each computer system?

A.
Operating system and version, patch level, applications running, and versions.
A.
Operating system and version, patch level, applications running, and versions.
Answers
B.
List of system changes, test reports, and change approvals
B.
List of system changes, test reports, and change approvals
Answers
C.
Last vulnerability assessment report and initial risk assessment report
C.
Last vulnerability assessment report and initial risk assessment report
Answers
D.
Date of last update, test report, and accreditation certificate
D.
Date of last update, test report, and accreditation certificate
Answers
Suggested answer: A

Question 416

Report
Export
Collapse

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

A.
Transference
A.
Transference
Answers
B.
Covert channel
B.
Covert channel
Answers
C.
Bleeding
C.
Bleeding
Answers
D.
Cross-talk
D.
Cross-talk
Answers
Suggested answer: D

Question 417

Report
Export
Collapse

An organization's information security strategic plan MUST be reviewed

A.
whenever there are significant changes to a major application.
A.
whenever there are significant changes to a major application.
Answers
B.
quarterly, when the organization's strategic plan is updated.
B.
quarterly, when the organization's strategic plan is updated.
Answers
C.
whenever there are major changes to the business.
C.
whenever there are major changes to the business.
Answers
D.
every three years, when the organization's strategic plan is updated.
D.
every three years, when the organization's strategic plan is updated.
Answers
Suggested answer: C

Question 418

Report
Export
Collapse

When building a data classification scheme, which of the following is the PRIMARY concern?

A.
Purpose
A.
Purpose
Answers
B.
Cost effectiveness
B.
Cost effectiveness
Answers
C.
Availability
C.
Availability
Answers
D.
Authenticity
D.
Authenticity
Answers
Suggested answer: D

Question 419

Report
Export
Collapse

Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

A.
Notification tool
A.
Notification tool
Answers
B.
Message queuing tool
B.
Message queuing tool
Answers
C.
Security token tool
C.
Security token tool
Answers
D.
Synchronization tool
D.
Synchronization tool
Answers
Suggested answer: C

Question 420

Report
Export
Collapse

What is an advantage of Elliptic Curve Cryptography (ECC)?

A.
Cryptographic approach that does not require a fixed-length key
A.
Cryptographic approach that does not require a fixed-length key
Answers
B.
Military-strength security that does not depend upon secrecy of the algorithm
B.
Military-strength security that does not depend upon secrecy of the algorithm
Answers
C.
Opportunity to use shorter keys for the same level of security
C.
Opportunity to use shorter keys for the same level of security
Answers
D.
Ability to use much longer keys for greater security
D.
Ability to use much longer keys for greater security
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms