ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 59

List of questions

Question 581

Report Export Collapse

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
To validate backup sites' effectiveness
To validate backup sites' effectiveness
To find out what does not work and fix it
To find out what does not work and fix it
To create a high level DRP awareness among Information Technology (IT) staff
To create a high level DRP awareness among Information Technology (IT) staff
Suggested answer: B
asked 18/09/2024
LAURA Camacho
44 questions

Question 582

Report Export Collapse

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Standardized configurations for devices
Standardized configurations for devices
Standardized patch testing equipment
Standardized patch testing equipment
Automated system patching
Automated system patching
Management support for patching
Management support for patching
Suggested answer: C
asked 18/09/2024
Emma Buchanan
48 questions

Question 583

Report Export Collapse

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Aggregate it into one database in the US
Aggregate it into one database in the US
Process it in the US, but store the information in France
Process it in the US, but store the information in France
Share it with a third party
Share it with a third party
Anonymize it and process it in the US
Anonymize it and process it in the US
Suggested answer: B
asked 18/09/2024
Donna Brown
44 questions

Question 584

Report Export Collapse

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Known-plaintext attack
Known-plaintext attack
Denial of Service (DoS)
Denial of Service (DoS)
Cookie manipulation
Cookie manipulation
Structured Query Language (SQL) injection
Structured Query Language (SQL) injection
Suggested answer: C
asked 18/09/2024
Maurice Nicholson
35 questions

Question 585

Report Export Collapse

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.

Which of the following is LEAST associated with the attack surface?

Input protocols
Input protocols
Target processes
Target processes
Error messages
Error messages
Access rights
Access rights
Suggested answer: D
asked 18/09/2024
Scott Albee
36 questions

Question 586

Report Export Collapse

What are the steps of a risk assessment?

identification, analysis, evaluation
identification, analysis, evaluation
analysis, evaluation, mitigation
analysis, evaluation, mitigation
classification, identification, risk management
classification, identification, risk management
identification, evaluation, mitigation
identification, evaluation, mitigation
Suggested answer: A
asked 18/09/2024
J.J. van Ingen
43 questions

Question 587

Report Export Collapse

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Conduct an Assessment and Authorization (A&A)
Conduct an Assessment and Authorization (A&A)
Conduct a security impact analysis
Conduct a security impact analysis
Review the results of the most recent vulnerability scan
Review the results of the most recent vulnerability scan
Conduct a gap analysis with the baseline configuration
Conduct a gap analysis with the baseline configuration
Suggested answer: B
asked 18/09/2024
Patrick Thiel
40 questions

Question 588

Report Export Collapse

What MUST each information owner do when a system contains data from multiple information owners?

Provide input to the Information System (IS) owner regarding the security requirements of the data
Provide input to the Information System (IS) owner regarding the security requirements of the data
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
Move the data to an Information System (IS) that does not contain data owned by other information owners
Move the data to an Information System (IS) that does not contain data owned by other information owners
Suggested answer: C
asked 18/09/2024
Duc Hai
46 questions

Question 589

Report Export Collapse

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

Enumeration
Enumeration
Reporting
Reporting
Detection
Detection
Discovery
Discovery
Suggested answer: A
asked 18/09/2024
Jenny Silva
45 questions

Question 590

Report Export Collapse

Which of the following is a responsibility of the information owner?

Ensure that users and personnel complete the required security training to access the Information System (IS)
Ensure that users and personnel complete the required security training to access the Information System (IS)
Defining proper access to the Information System (IS), including privileges or access rights
Defining proper access to the Information System (IS), including privileges or access rights
Managing identification, implementation, and assessment of common security controls
Managing identification, implementation, and assessment of common security controls
Ensuring the Information System (IS) is operated according to agreed upon security requirements
Ensuring the Information System (IS) is operated according to agreed upon security requirements
Suggested answer: C
asked 18/09/2024
aaron black
40 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?