ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 43

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 421

Report
Export
Collapse

Backup information that is critical to the organization is identified through a

A.
Vulnerability Assessment (VA).
A.
Vulnerability Assessment (VA).
Answers
B.
Business Continuity Plan (BCP).
B.
Business Continuity Plan (BCP).
Answers
C.
Business Impact Analysis (BIA).
C.
Business Impact Analysis (BIA).
Answers
D.
data recovery analysis.
D.
data recovery analysis.
Answers
Suggested answer: D

Question 422

Report
Export
Collapse

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

A.
Into the options field
A.
Into the options field
Answers
B.
Between the delivery header and payload
B.
Between the delivery header and payload
Answers
C.
Between the source and destination addresses
C.
Between the source and destination addresses
Answers
D.
Into the destination address
D.
Into the destination address
Answers
Suggested answer: B

Question 423

Report
Export
Collapse

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

A.
organization policy.
A.
organization policy.
Answers
B.
industry best practices.
B.
industry best practices.
Answers
C.
industry laws and regulations.
C.
industry laws and regulations.
Answers
D.
management feedback.
D.
management feedback.
Answers
Suggested answer: A

Question 424

Report
Export
Collapse

Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

A.
clear-text attack.
A.
clear-text attack.
Answers
B.
known cipher attack.
B.
known cipher attack.
Answers
C.
frequency analysis.
C.
frequency analysis.
Answers
D.
stochastic assessment.
D.
stochastic assessment.
Answers
Suggested answer: C

Question 425

Report
Export
Collapse

During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

A.
Calculate the value of assets being accredited.
A.
Calculate the value of assets being accredited.
Answers
B.
Create a list to include in the Security Assessment and Authorization package.
B.
Create a list to include in the Security Assessment and Authorization package.
Answers
C.
Identify obsolete hardware and software.
C.
Identify obsolete hardware and software.
Answers
D.
Define the boundaries of the information system.
D.
Define the boundaries of the information system.
Answers
Suggested answer: A

Question 426

Report
Export
Collapse

When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

A.
Accept the risk on behalf of the organization.
A.
Accept the risk on behalf of the organization.
Answers
B.
Report findings to the business to determine security gaps.
B.
Report findings to the business to determine security gaps.
Answers
C.
Quantify the risk to the business for product selection.
C.
Quantify the risk to the business for product selection.
Answers
D.
Approve the application that best meets security requirements.
D.
Approve the application that best meets security requirements.
Answers
Suggested answer: C

Question 427

Report
Export
Collapse

An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team.

Which of the following is the BEST action to take?

A.
Revoke access temporarily.
A.
Revoke access temporarily.
Answers
B.
Block user access and delete user account after six months.
B.
Block user access and delete user account after six months.
Answers
C.
Block access to the offices immediately.
C.
Block access to the offices immediately.
Answers
D.
Monitor account usage temporarily.
D.
Monitor account usage temporarily.
Answers
Suggested answer: D

Question 428

Report
Export
Collapse

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

A.
Cost effectiveness of business recovery
A.
Cost effectiveness of business recovery
Answers
B.
Cost effectiveness of installing software security patches
B.
Cost effectiveness of installing software security patches
Answers
C.
Resource priorities for recovery and Maximum Tolerable Downtime (MTD)
C.
Resource priorities for recovery and Maximum Tolerable Downtime (MTD)
Answers
D.
Which security measures should be implemented
D.
Which security measures should be implemented
Answers
Suggested answer: C

Question 429

Report
Export
Collapse

What does the Maximum Tolerable Downtime (MTD) determine?

A.
The estimated period of time a business critical database can remain down before customers are affected.
A.
The estimated period of time a business critical database can remain down before customers are affected.
Answers
B.
The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning
B.
The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning
Answers
C.
The estimated period of time a business can remain interrupted beyond which it risks never recovering
C.
The estimated period of time a business can remain interrupted beyond which it risks never recovering
Answers
D.
The fixed length of time in a DR process before redundant systems are engaged
D.
The fixed length of time in a DR process before redundant systems are engaged
Answers
Suggested answer: C

Question 430

Report
Export
Collapse

What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)?

A.
SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP).
A.
SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP).
Answers
B.
SSL and TLS provide nonrepudiation by default.
B.
SSL and TLS provide nonrepudiation by default.
Answers
C.
SSL and TLS do not provide security for most routed protocols.
C.
SSL and TLS do not provide security for most routed protocols.
Answers
D.
SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP).
D.
SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP).
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms