ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 51

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 501

Report
Export
Collapse

Which of the following is the BEST reason for the use of security metrics?

A.
They ensure that the organization meets its security objectives.
A.
They ensure that the organization meets its security objectives.
Answers
B.
They provide an appropriate framework for Information Technology (IT) governance.
B.
They provide an appropriate framework for Information Technology (IT) governance.
Answers
C.
They speed up the process of quantitative risk assessment.
C.
They speed up the process of quantitative risk assessment.
Answers
D.
They quantify the effectiveness of security processes.
D.
They quantify the effectiveness of security processes.
Answers
Suggested answer: B

Question 502

Report
Export
Collapse

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

A.
Password requirements are simplified.
A.
Password requirements are simplified.
Answers
B.
Risk associated with orphan accounts is reduced.
B.
Risk associated with orphan accounts is reduced.
Answers
C.
Segregation of duties is automatically enforced.
C.
Segregation of duties is automatically enforced.
Answers
D.
Data confidentiality is increased.
D.
Data confidentiality is increased.
Answers
Suggested answer: A

Question 503

Report
Export
Collapse

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

A.
25%
A.
25%
Answers
B.
50%
B.
50%
Answers
C.
75%
C.
75%
Answers
D.
100%
D.
100%
Answers
Suggested answer: B

Question 504

Report
Export
Collapse

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

A.
Security governance
A.
Security governance
Answers
B.
Risk management
B.
Risk management
Answers
C.
Security portfolio management
C.
Security portfolio management
Answers
D.
Risk assessment
D.
Risk assessment
Answers
Suggested answer: B

Question 505

Report
Export
Collapse

Which of the following mandates the amount and complexity of security controls applied to a security risk?

A.
Security vulnerabilities
A.
Security vulnerabilities
Answers
B.
Risk tolerance
B.
Risk tolerance
Answers
C.
Risk mitigation
C.
Risk mitigation
Answers
D.
Security staff
D.
Security staff
Answers
Suggested answer: C

Question 506

Report
Export
Collapse

When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

A.
Countermeasure effectiveness
A.
Countermeasure effectiveness
Answers
B.
Type of potential loss
B.
Type of potential loss
Answers
C.
Incident likelihood
C.
Incident likelihood
Answers
D.
Information ownership
D.
Information ownership
Answers
Suggested answer: C

Question 507

Report
Export
Collapse

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

A.
Define additional security controls directly after the merger
A.
Define additional security controls directly after the merger
Answers
B.
Include a procurement officer in the merger team
B.
Include a procurement officer in the merger team
Answers
C.
Verify all contracts before a merger occurs
C.
Verify all contracts before a merger occurs
Answers
D.
Assign a compliancy officer to review the merger conditions
D.
Assign a compliancy officer to review the merger conditions
Answers
Suggested answer: D

Question 508

Report
Export
Collapse

Which of the following is a direct monetary cost of a security incident?

A.
Morale
A.
Morale
Answers
B.
Reputation
B.
Reputation
Answers
C.
Equipment
C.
Equipment
Answers
D.
Information
D.
Information
Answers
Suggested answer: C

Question 509

Report
Export
Collapse

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

A.
Memory review
A.
Memory review
Answers
B.
Code review
B.
Code review
Answers
C.
Message division
C.
Message division
Answers
D.
Buffer division
D.
Buffer division
Answers
Suggested answer: B

Question 510

Report
Export
Collapse

Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

A.
parameterized database queries
A.
parameterized database queries
Answers
B.
whitelist input values
B.
whitelist input values
Answers
C.
synchronized session tokens
C.
synchronized session tokens
Answers
D.
use strong ciphers
D.
use strong ciphers
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms