ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 50

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 491

Report
Export
Collapse

Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

A.
Logging and audit trail controls to enable forensic analysis
A.
Logging and audit trail controls to enable forensic analysis
Answers
B.
Security incident response lessons learned procedures
B.
Security incident response lessons learned procedures
Answers
C.
Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
C.
Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
Answers
D.
Transactional controls focused on fraud prevention
D.
Transactional controls focused on fraud prevention
Answers
Suggested answer: C

Question 492

Report
Export
Collapse

Determining outage costs caused by a disaster can BEST be measured by the

A.
cost of redundant systems and backups.
A.
cost of redundant systems and backups.
Answers
B.
cost to recover from an outage.
B.
cost to recover from an outage.
Answers
C.
overall long-term impact of the outage.
C.
overall long-term impact of the outage.
Answers
D.
revenue lost during the outage.
D.
revenue lost during the outage.
Answers
Suggested answer: C

Question 493

Report
Export
Collapse

Which of the following is considered a secure coding practice?

A.
Use concurrent access for shared variables and resources
A.
Use concurrent access for shared variables and resources
Answers
B.
Use checksums to verify the integrity of libraries
B.
Use checksums to verify the integrity of libraries
Answers
C.
Use new code for common tasks
C.
Use new code for common tasks
Answers
D.
Use dynamic execution functions to pass user supplied data
D.
Use dynamic execution functions to pass user supplied data
Answers
Suggested answer: B

Question 494

Report
Export
Collapse

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

A.
Use a web scanner to scan for vulnerabilities within the website.
A.
Use a web scanner to scan for vulnerabilities within the website.
Answers
B.
Perform a code review to ensure that the database references are properly addressed.
B.
Perform a code review to ensure that the database references are properly addressed.
Answers
C.
Establish a secure connection to the web server to validate that only the approved ports are open.
C.
Establish a secure connection to the web server to validate that only the approved ports are open.
Answers
D.
Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
D.
Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
Answers
Suggested answer: D

Question 495

Report
Export
Collapse

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

A.
Senior management
A.
Senior management
Answers
B.
Information security department
B.
Information security department
Answers
C.
Audit committee
C.
Audit committee
Answers
D.
All users
D.
All users
Answers
Suggested answer: C

Question 496

Report
Export
Collapse

Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?

A.
Acoustic sensor
A.
Acoustic sensor
Answers
B.
Motion sensor
B.
Motion sensor
Answers
C.
Shock sensor
C.
Shock sensor
Answers
D.
Photoelectric sensor
D.
Photoelectric sensor
Answers
Suggested answer: C

Question 497

Report
Export
Collapse

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

A.
Implement processes for automated removal of access for terminated employees.
A.
Implement processes for automated removal of access for terminated employees.
Answers
B.
Delete employee network and system IDs upon termination.
B.
Delete employee network and system IDs upon termination.
Answers
C.
Manually remove terminated employee user-access to all systems and applications.
C.
Manually remove terminated employee user-access to all systems and applications.
Answers
D.
Disable terminated employee network ID to remove all access.
D.
Disable terminated employee network ID to remove all access.
Answers
Suggested answer: B

Question 498

Report
Export
Collapse

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

A.
Having emergency contacts established for the general employee population to get information
A.
Having emergency contacts established for the general employee population to get information
Answers
B.
Conducting business continuity and disaster recovery training for those who have a direct role in the recovery
B.
Conducting business continuity and disaster recovery training for those who have a direct role in the recovery
Answers
C.
Designing business continuity and disaster recovery training programs for different audiences
C.
Designing business continuity and disaster recovery training programs for different audiences
Answers
D.
Publishing a corporate business continuity and disaster recovery plan on the corporate website
D.
Publishing a corporate business continuity and disaster recovery plan on the corporate website
Answers
Suggested answer: C

Question 499

Report
Export
Collapse

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

A.
Purging
A.
Purging
Answers
B.
Encryption
B.
Encryption
Answers
C.
Destruction
C.
Destruction
Answers
D.
Clearing
D.
Clearing
Answers
Suggested answer: A

Question 500

Report
Export
Collapse

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

A.
System acquisition and development
A.
System acquisition and development
Answers
B.
System operations and maintenance
B.
System operations and maintenance
Answers
C.
System initiation
C.
System initiation
Answers
D.
System implementation
D.
System implementation
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms