ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 51

Report
Export
Collapse

When is a Business Continuity Plan (BCP) considered to be valid?

A.
When it has been validated by the Business Continuity (BC) manager
A.
When it has been validated by the Business Continuity (BC) manager
Answers
B.
When it has been validated by the board of directors
B.
When it has been validated by the board of directors
Answers
C.
When it has been validated by all threat scenarios
C.
When it has been validated by all threat scenarios
Answers
D.
When it has been validated by realistic exercises
D.
When it has been validated by realistic exercises
Answers
Suggested answer: D

Question 52

Report
Export
Collapse

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

A.
Hardware and software compatibility issues
A.
Hardware and software compatibility issues
Answers
B.
Applications' critically and downtime tolerance
B.
Applications' critically and downtime tolerance
Answers
C.
Budget constraints and requirements
C.
Budget constraints and requirements
Answers
D.
Cost/benefit analysis and business objectives
D.
Cost/benefit analysis and business objectives
Answers
Suggested answer: D

Question 53

Report
Export
Collapse

Which of the following is the FIRST step in the incident response process?

A.
Determine the cause of the incident
A.
Determine the cause of the incident
Answers
B.
Disconnect the system involved from the network
B.
Disconnect the system involved from the network
Answers
C.
Isolate and contain the system involved
C.
Isolate and contain the system involved
Answers
D.
Investigate all symptoms to confirm the incident
D.
Investigate all symptoms to confirm the incident
Answers
Suggested answer: D

Question 54

Report
Export
Collapse

A continuous information security monitoring program can BEST reduce risk through which of the following?

A.
Collecting security events and correlating them to identify anomalies
A.
Collecting security events and correlating them to identify anomalies
Answers
B.
Facilitating system-wide visibility into the activities of critical user accounts
B.
Facilitating system-wide visibility into the activities of critical user accounts
Answers
C.
Encompassing people, process, and technology
C.
Encompassing people, process, and technology
Answers
D.
Logging both scheduled and unscheduled system changes
D.
Logging both scheduled and unscheduled system changes
Answers
Suggested answer: B

Question 55

Report
Export
Collapse

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?

A.
Warm site
A.
Warm site
Answers
B.
Hot site
B.
Hot site
Answers
C.
Mirror site
C.
Mirror site
Answers
D.
Cold site
D.
Cold site
Answers
Suggested answer: A

Question 56

Report
Export
Collapse

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

A.
Least privilege
A.
Least privilege
Answers
B.
Privilege escalation
B.
Privilege escalation
Answers
C.
Defense in depth
C.
Defense in depth
Answers
D.
Privilege bracketing
D.
Privilege bracketing
Answers
Suggested answer: A

Question 57

Report
Export
Collapse

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

A.
Lack of software documentation
A.
Lack of software documentation
Answers
B.
License agreements requiring release of modified code
B.
License agreements requiring release of modified code
Answers
C.
Expiration of the license agreement
C.
Expiration of the license agreement
Answers
D.
Costs associated with support of the software
D.
Costs associated with support of the software
Answers
Suggested answer: D

Question 58

Report
Export
Collapse

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

A.
After the system preliminary design has been developed and the data security categorization has been performed
A.
After the system preliminary design has been developed and the data security categorization has been performed
Answers
B.
After the vulnerability analysis has been performed and before the system detailed design begins
B.
After the vulnerability analysis has been performed and before the system detailed design begins
Answers
C.
After the system preliminary design has been developed and before the data security categorization begins
C.
After the system preliminary design has been developed and before the data security categorization begins
Answers
D.
After the business functional analysis and the data security categorization have been performed
D.
After the business functional analysis and the data security categorization have been performed
Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

A.
Purchase software from a limited list of retailers
A.
Purchase software from a limited list of retailers
Answers
B.
Verify the hash key or certificate key of all updates
B.
Verify the hash key or certificate key of all updates
Answers
C.
Do not permit programs, patches, or updates from the Internet
C.
Do not permit programs, patches, or updates from the Internet
Answers
D.
Test all new software in a segregated environment
D.
Test all new software in a segregated environment
Answers
Suggested answer: D

Question 60

Report
Export
Collapse

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

A.
System acquisition and development
A.
System acquisition and development
Answers
B.
System operations and maintenance
B.
System operations and maintenance
Answers
C.
System initiation
C.
System initiation
Answers
D.
System implementation
D.
System implementation
Answers
Suggested answer: A

Explanation:

Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/

Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms