ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 50

List of questions

Question 491

Report Export Collapse

Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

Logging and audit trail controls to enable forensic analysis
Logging and audit trail controls to enable forensic analysis
Security incident response lessons learned procedures
Security incident response lessons learned procedures
Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
Transactional controls focused on fraud prevention
Transactional controls focused on fraud prevention
Suggested answer: C
asked 18/09/2024
Lance Herbst
51 questions

Question 492

Report Export Collapse

Determining outage costs caused by a disaster can BEST be measured by the

cost of redundant systems and backups.
cost of redundant systems and backups.
cost to recover from an outage.
cost to recover from an outage.
overall long-term impact of the outage.
overall long-term impact of the outage.
revenue lost during the outage.
revenue lost during the outage.
Suggested answer: C
asked 18/09/2024
Prakash Varghese
41 questions

Question 493

Report Export Collapse

Which of the following is considered a secure coding practice?

Use concurrent access for shared variables and resources
Use concurrent access for shared variables and resources
Use checksums to verify the integrity of libraries
Use checksums to verify the integrity of libraries
Use new code for common tasks
Use new code for common tasks
Use dynamic execution functions to pass user supplied data
Use dynamic execution functions to pass user supplied data
Suggested answer: B
asked 18/09/2024
Mitesh Patel
48 questions

Question 494

Report Export Collapse

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

Use a web scanner to scan for vulnerabilities within the website.
Use a web scanner to scan for vulnerabilities within the website.
Perform a code review to ensure that the database references are properly addressed.
Perform a code review to ensure that the database references are properly addressed.
Establish a secure connection to the web server to validate that only the approved ports are open.
Establish a secure connection to the web server to validate that only the approved ports are open.
Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
Suggested answer: D
asked 18/09/2024
Van Raoul Datuin
39 questions

Question 495

Report Export Collapse

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

Senior management
Senior management
Information security department
Information security department
Audit committee
Audit committee
All users
All users
Suggested answer: C
asked 18/09/2024
Kaung Zaw Tun
38 questions

Question 496

Report Export Collapse

Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?

Acoustic sensor
Acoustic sensor
Motion sensor
Motion sensor
Shock sensor
Shock sensor
Photoelectric sensor
Photoelectric sensor
Suggested answer: C
asked 18/09/2024
Issam Boumlic
49 questions

Question 497

Report Export Collapse

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Implement processes for automated removal of access for terminated employees.
Implement processes for automated removal of access for terminated employees.
Delete employee network and system IDs upon termination.
Delete employee network and system IDs upon termination.
Manually remove terminated employee user-access to all systems and applications.
Manually remove terminated employee user-access to all systems and applications.
Disable terminated employee network ID to remove all access.
Disable terminated employee network ID to remove all access.
Suggested answer: B
asked 18/09/2024
Martynas Abrutis
43 questions

Question 498

Report Export Collapse

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Having emergency contacts established for the general employee population to get information
Having emergency contacts established for the general employee population to get information
Conducting business continuity and disaster recovery training for those who have a direct role in the recovery
Conducting business continuity and disaster recovery training for those who have a direct role in the recovery
Designing business continuity and disaster recovery training programs for different audiences
Designing business continuity and disaster recovery training programs for different audiences
Publishing a corporate business continuity and disaster recovery plan on the corporate website
Publishing a corporate business continuity and disaster recovery plan on the corporate website
Suggested answer: C
asked 18/09/2024
Ammar Khan
29 questions

Question 499

Report Export Collapse

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

Purging
Purging
Encryption
Encryption
Destruction
Destruction
Clearing
Clearing
Suggested answer: A
asked 18/09/2024
Arnaud Dutel
35 questions

Question 500

Report Export Collapse

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

System acquisition and development
System acquisition and development
System operations and maintenance
System operations and maintenance
System initiation
System initiation
System implementation
System implementation
Suggested answer: B
asked 18/09/2024
Filippo Bertuzzi
35 questions
Total 1.482 questions
Go to page: of 149
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?