ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 59

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 581

Report
Export
Collapse

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

A.
To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
A.
To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
Answers
B.
To validate backup sites' effectiveness
B.
To validate backup sites' effectiveness
Answers
C.
To find out what does not work and fix it
C.
To find out what does not work and fix it
Answers
D.
To create a high level DRP awareness among Information Technology (IT) staff
D.
To create a high level DRP awareness among Information Technology (IT) staff
Answers
Suggested answer: B

Question 582

Report
Export
Collapse

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

A.
Standardized configurations for devices
A.
Standardized configurations for devices
Answers
B.
Standardized patch testing equipment
B.
Standardized patch testing equipment
Answers
C.
Automated system patching
C.
Automated system patching
Answers
D.
Management support for patching
D.
Management support for patching
Answers
Suggested answer: C

Question 583

Report
Export
Collapse

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

A.
Aggregate it into one database in the US
A.
Aggregate it into one database in the US
Answers
B.
Process it in the US, but store the information in France
B.
Process it in the US, but store the information in France
Answers
C.
Share it with a third party
C.
Share it with a third party
Answers
D.
Anonymize it and process it in the US
D.
Anonymize it and process it in the US
Answers
Suggested answer: B

Question 584

Report
Export
Collapse

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

A.
Known-plaintext attack
A.
Known-plaintext attack
Answers
B.
Denial of Service (DoS)
B.
Denial of Service (DoS)
Answers
C.
Cookie manipulation
C.
Cookie manipulation
Answers
D.
Structured Query Language (SQL) injection
D.
Structured Query Language (SQL) injection
Answers
Suggested answer: C

Question 585

Report
Export
Collapse

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.

Which of the following is LEAST associated with the attack surface?

A.
Input protocols
A.
Input protocols
Answers
B.
Target processes
B.
Target processes
Answers
C.
Error messages
C.
Error messages
Answers
D.
Access rights
D.
Access rights
Answers
Suggested answer: D

Question 586

Report
Export
Collapse

What are the steps of a risk assessment?

A.
identification, analysis, evaluation
A.
identification, analysis, evaluation
Answers
B.
analysis, evaluation, mitigation
B.
analysis, evaluation, mitigation
Answers
C.
classification, identification, risk management
C.
classification, identification, risk management
Answers
D.
identification, evaluation, mitigation
D.
identification, evaluation, mitigation
Answers
Suggested answer: A

Question 587

Report
Export
Collapse

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

A.
Conduct an Assessment and Authorization (A&A)
A.
Conduct an Assessment and Authorization (A&A)
Answers
B.
Conduct a security impact analysis
B.
Conduct a security impact analysis
Answers
C.
Review the results of the most recent vulnerability scan
C.
Review the results of the most recent vulnerability scan
Answers
D.
Conduct a gap analysis with the baseline configuration
D.
Conduct a gap analysis with the baseline configuration
Answers
Suggested answer: B

Question 588

Report
Export
Collapse

What MUST each information owner do when a system contains data from multiple information owners?

A.
Provide input to the Information System (IS) owner regarding the security requirements of the data
A.
Provide input to the Information System (IS) owner regarding the security requirements of the data
Answers
B.
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
B.
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
Answers
C.
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
C.
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
Answers
D.
Move the data to an Information System (IS) that does not contain data owned by other information owners
D.
Move the data to an Information System (IS) that does not contain data owned by other information owners
Answers
Suggested answer: C

Question 589

Report
Export
Collapse

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

A.
Enumeration
A.
Enumeration
Answers
B.
Reporting
B.
Reporting
Answers
C.
Detection
C.
Detection
Answers
D.
Discovery
D.
Discovery
Answers
Suggested answer: A

Question 590

Report
Export
Collapse

Which of the following is a responsibility of the information owner?

A.
Ensure that users and personnel complete the required security training to access the Information System (IS)
A.
Ensure that users and personnel complete the required security training to access the Information System (IS)
Answers
B.
Defining proper access to the Information System (IS), including privileges or access rights
B.
Defining proper access to the Information System (IS), including privileges or access rights
Answers
C.
Managing identification, implementation, and assessment of common security controls
C.
Managing identification, implementation, and assessment of common security controls
Answers
D.
Ensuring the Information System (IS) is operated according to agreed upon security requirements
D.
Ensuring the Information System (IS) is operated according to agreed upon security requirements
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms