ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 58

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

Question 571

Report
Export
Collapse

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): http://www.companysite.com/products/products.asp?productid=123 or 1=1 What type of attack does this indicate?

A.
Directory traversal
A.
Directory traversal
Answers
B.
Structured Query Language (SQL) injection
B.
Structured Query Language (SQL) injection
Answers
C.
Cross-Site Scripting (XSS)
C.
Cross-Site Scripting (XSS)
Answers
D.
Shellcode injection
D.
Shellcode injection
Answers
Suggested answer: C

Question 572

Report
Export
Collapse

The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.

Which elements are required?

A.
Users, permissions, operations, and protected objects
A.
Users, permissions, operations, and protected objects
Answers
B.
Roles, accounts, permissions, and protected objects
B.
Roles, accounts, permissions, and protected objects
Answers
C.
Users, roles, operations, and protected objects
C.
Users, roles, operations, and protected objects
Answers
D.
Roles, operations, accounts, and protected objects
D.
Roles, operations, accounts, and protected objects
Answers
Suggested answer: C

Question 573

Report
Export
Collapse

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

A.
Application connection successes resulting in data leakage
A.
Application connection successes resulting in data leakage
Answers
B.
Administrative costs for restoring systems after connection failure
B.
Administrative costs for restoring systems after connection failure
Answers
C.
Employee system timeouts from implementing wrong limits
C.
Employee system timeouts from implementing wrong limits
Answers
D.
Help desk costs required to support password reset requests
D.
Help desk costs required to support password reset requests
Answers
Suggested answer: D

Question 574

Report
Export
Collapse

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

A.
Connect the device to another network jack
A.
Connect the device to another network jack
Answers
B.
Apply remediation's according to security requirements
B.
Apply remediation's according to security requirements
Answers
C.
Apply Operating System (OS) patches
C.
Apply Operating System (OS) patches
Answers
D.
Change the Message Authentication Code (MAC) address of the network interface
D.
Change the Message Authentication Code (MAC) address of the network interface
Answers
Suggested answer: B

Question 575

Report
Export
Collapse

What is the second step in the identity and access provisioning lifecycle?

A.
Provisioning
A.
Provisioning
Answers
B.
Review
B.
Review
Answers
C.
Approval
C.
Approval
Answers
D.
Revocation
D.
Revocation
Answers
Suggested answer: B

Question 576

Report
Export
Collapse

Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

A.
Mandatory Access Controls (MAC)
A.
Mandatory Access Controls (MAC)
Answers
B.
Enterprise security architecture
B.
Enterprise security architecture
Answers
C.
Enterprise security procedures
C.
Enterprise security procedures
Answers
D.
Role Based Access Controls (RBAC)
D.
Role Based Access Controls (RBAC)
Answers
Suggested answer: C

Question 577

Report
Export
Collapse

Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

A.
Single Sign-On (SSO) authentication support
A.
Single Sign-On (SSO) authentication support
Answers
B.
Privileged user authentication support
B.
Privileged user authentication support
Answers
C.
Password reset service support
C.
Password reset service support
Answers
D.
Terminal Access Controller Access Control System (TACACS) authentication support
D.
Terminal Access Controller Access Control System (TACACS) authentication support
Answers
Suggested answer: A

Question 578

Report
Export
Collapse

An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

A.
Discretionary Access Control (DAC)
A.
Discretionary Access Control (DAC)
Answers
B.
Role Based Access Control (RBAC)
B.
Role Based Access Control (RBAC)
Answers
C.
Media Access Control (MAC)
C.
Media Access Control (MAC)
Answers
D.
Mandatory Access Control (MAC)
D.
Mandatory Access Control (MAC)
Answers
Suggested answer: A

Question 579

Report
Export
Collapse

Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

A.
Mutual authentication
A.
Mutual authentication
Answers
B.
Server authentication
B.
Server authentication
Answers
C.
User authentication
C.
User authentication
Answers
D.
Streaming ciphertext data
D.
Streaming ciphertext data
Answers
Suggested answer: C

Question 580

Report
Export
Collapse

Which type of test would an organization perform in order to locate and target exploitable defects?

A.
Penetration
A.
Penetration
Answers
B.
System
B.
System
Answers
C.
Performance
C.
Performance
Answers
D.
Vulnerability
D.
Vulnerability
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms