ExamGecko

ISC CISSP Practice Test - Questions Answers, Page 59

Question list
Search
Search

List of questions

Search

Question 581

Report
Export
Collapse

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

A.
To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
A.
To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
Answers
B.
To validate backup sites' effectiveness
B.
To validate backup sites' effectiveness
Answers
C.
To find out what does not work and fix it
C.
To find out what does not work and fix it
Answers
D.
To create a high level DRP awareness among Information Technology (IT) staff
D.
To create a high level DRP awareness among Information Technology (IT) staff
Answers
Suggested answer: B
asked 18/09/2024
LAURA Camacho
40 questions

Question 582

Report
Export
Collapse

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

A.
Standardized configurations for devices
A.
Standardized configurations for devices
Answers
B.
Standardized patch testing equipment
B.
Standardized patch testing equipment
Answers
C.
Automated system patching
C.
Automated system patching
Answers
D.
Management support for patching
D.
Management support for patching
Answers
Suggested answer: C
asked 18/09/2024
Emma Buchanan
40 questions

Question 583

Report
Export
Collapse

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

A.
Aggregate it into one database in the US
A.
Aggregate it into one database in the US
Answers
B.
Process it in the US, but store the information in France
B.
Process it in the US, but store the information in France
Answers
C.
Share it with a third party
C.
Share it with a third party
Answers
D.
Anonymize it and process it in the US
D.
Anonymize it and process it in the US
Answers
Suggested answer: B
asked 18/09/2024
Donna Brown
38 questions

Question 584

Report
Export
Collapse

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

A.
Known-plaintext attack
A.
Known-plaintext attack
Answers
B.
Denial of Service (DoS)
B.
Denial of Service (DoS)
Answers
C.
Cookie manipulation
C.
Cookie manipulation
Answers
D.
Structured Query Language (SQL) injection
D.
Structured Query Language (SQL) injection
Answers
Suggested answer: C
asked 18/09/2024
Maurice Nicholson
33 questions

Question 585

Report
Export
Collapse

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.

Which of the following is LEAST associated with the attack surface?

A.
Input protocols
A.
Input protocols
Answers
B.
Target processes
B.
Target processes
Answers
C.
Error messages
C.
Error messages
Answers
D.
Access rights
D.
Access rights
Answers
Suggested answer: D
asked 18/09/2024
Scott Albee
34 questions

Question 586

Report
Export
Collapse

What are the steps of a risk assessment?

A.
identification, analysis, evaluation
A.
identification, analysis, evaluation
Answers
B.
analysis, evaluation, mitigation
B.
analysis, evaluation, mitigation
Answers
C.
classification, identification, risk management
C.
classification, identification, risk management
Answers
D.
identification, evaluation, mitigation
D.
identification, evaluation, mitigation
Answers
Suggested answer: A
asked 18/09/2024
J.J. van Ingen
41 questions

Question 587

Report
Export
Collapse

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

A.
Conduct an Assessment and Authorization (A&A)
A.
Conduct an Assessment and Authorization (A&A)
Answers
B.
Conduct a security impact analysis
B.
Conduct a security impact analysis
Answers
C.
Review the results of the most recent vulnerability scan
C.
Review the results of the most recent vulnerability scan
Answers
D.
Conduct a gap analysis with the baseline configuration
D.
Conduct a gap analysis with the baseline configuration
Answers
Suggested answer: B
asked 18/09/2024
Patrick Thiel
36 questions

Question 588

Report
Export
Collapse

What MUST each information owner do when a system contains data from multiple information owners?

A.
Provide input to the Information System (IS) owner regarding the security requirements of the data
A.
Provide input to the Information System (IS) owner regarding the security requirements of the data
Answers
B.
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
B.
Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
Answers
C.
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
C.
Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
Answers
D.
Move the data to an Information System (IS) that does not contain data owned by other information owners
D.
Move the data to an Information System (IS) that does not contain data owned by other information owners
Answers
Suggested answer: C
asked 18/09/2024
Duc Hai
45 questions

Question 589

Report
Export
Collapse

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

A.
Enumeration
A.
Enumeration
Answers
B.
Reporting
B.
Reporting
Answers
C.
Detection
C.
Detection
Answers
D.
Discovery
D.
Discovery
Answers
Suggested answer: A
asked 18/09/2024
Jenny Silva
42 questions

Question 590

Report
Export
Collapse

Which of the following is a responsibility of the information owner?

A.
Ensure that users and personnel complete the required security training to access the Information System (IS)
A.
Ensure that users and personnel complete the required security training to access the Information System (IS)
Answers
B.
Defining proper access to the Information System (IS), including privileges or access rights
B.
Defining proper access to the Information System (IS), including privileges or access rights
Answers
C.
Managing identification, implementation, and assessment of common security controls
C.
Managing identification, implementation, and assessment of common security controls
Answers
D.
Ensuring the Information System (IS) is operated according to agreed upon security requirements
D.
Ensuring the Information System (IS) is operated according to agreed upon security requirements
Answers
Suggested answer: C
asked 18/09/2024
aaron black
34 questions
Total 1.482 questions
Go to page: of 149