ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 70

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 691

Report
Export
Collapse

Which of the following MOST applies to session initiation protocal (SIP) security?

A.
It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS).
A.
It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS).
Answers
B.
It requires a Public Key Infrastructure (PKI).
B.
It requires a Public Key Infrastructure (PKI).
Answers
C.
It reuses security mechanisms derived from existing protocols.
C.
It reuses security mechanisms derived from existing protocols.
Answers
D.
It supports end-to-end security natively.
D.
It supports end-to-end security natively.
Answers
Suggested answer: C

Question 692

Report
Export
Collapse

Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

A.
Session
A.
Session
Answers
B.
Transport
B.
Transport
Answers
C.
Network
C.
Network
Answers
D.
Presentation
D.
Presentation
Answers
Suggested answer: B

Question 693

Report
Export
Collapse

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

A.
Business Impact Analysis (BIA)
A.
Business Impact Analysis (BIA)
Answers
B.
Security Assessment Report (SAR)
B.
Security Assessment Report (SAR)
Answers
C.
Plan of Action and Milestones {POA&M)
C.
Plan of Action and Milestones {POA&M)
Answers
D.
Security Assessment Plan (SAP)
D.
Security Assessment Plan (SAP)
Answers
Suggested answer: C

Question 694

Report
Export
Collapse

When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

A.
Regularity change the passwords,
A.
Regularity change the passwords,
Answers
B.
implement a password vaulting solution.
B.
implement a password vaulting solution.
Answers
C.
Lock passwords in tamperproof envelopes in a safe.
C.
Lock passwords in tamperproof envelopes in a safe.
Answers
D.
Implement a strict access control policy.
D.
Implement a strict access control policy.
Answers
Suggested answer: B

Question 695

Report
Export
Collapse

Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

A.
Digitally sign foe message.
A.
Digitally sign foe message.
Answers
B.
Obtain the recipients private key.
B.
Obtain the recipients private key.
Answers
C.
Obtain the recipient's digital certificate.
C.
Obtain the recipient's digital certificate.
Answers
D.
Encrypt attachments.
D.
Encrypt attachments.
Answers
Suggested answer: A

Question 696

Report
Export
Collapse

Which type of test suite should be run for fast feedback during application develoment?

A.
Full recession
A.
Full recession
Answers
B.
End-to-end
B.
End-to-end
Answers
C.
Smoke
C.
Smoke
Answers
D.
Specific functionality
D.
Specific functionality
Answers
Suggested answer: C

Question 697

Report
Export
Collapse

What are the roles within a scrum methodoligy?

A.
System owner, scrum master, and development team
A.
System owner, scrum master, and development team
Answers
B.
prduct owner, scrum master, and scrum team
B.
prduct owner, scrum master, and scrum team
Answers
C.
Scrum master, requirements manager, and development team
C.
Scrum master, requirements manager, and development team
Answers
D.
Scrum master, quality assurance team, and scrum team
D.
Scrum master, quality assurance team, and scrum team
Answers
Suggested answer: B

Question 698

Report
Export
Collapse

What is the FIRST step required in establishing a records retention program?

A.
Identify and inventory all records.
A.
Identify and inventory all records.
Answers
B.
Identify and inventory all records storage locations
B.
Identify and inventory all records storage locations
Answers
C.
Classify records based on sensitivity.
C.
Classify records based on sensitivity.
Answers
D.
Draft a records retention policy.
D.
Draft a records retention policy.
Answers
Suggested answer: D

Question 699

Report
Export
Collapse

Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

A.
Challenge Handshake Authentication Protocol (CHAP)
A.
Challenge Handshake Authentication Protocol (CHAP)
Answers
B.
Point-to-Point Protocol (PPP)
B.
Point-to-Point Protocol (PPP)
Answers
C.
Password Authentication Protocol (PAP)
C.
Password Authentication Protocol (PAP)
Answers
D.
Post Office Protocol (POP)
D.
Post Office Protocol (POP)
Answers
Suggested answer: A

Question 700

Report
Export
Collapse

An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.

Which of the following is the MOST probable attack vector used in the security breach?

A.
Buffer overflow
A.
Buffer overflow
Answers
B.
Weak password able to lack of complexity rules
B.
Weak password able to lack of complexity rules
Answers
C.
Distributed Denial of Service (DDoS)
C.
Distributed Denial of Service (DDoS)
Answers
D.
Cross-Site Scripting (XSS)
D.
Cross-Site Scripting (XSS)
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms