ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 72

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 711

Report
Export
Collapse

Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup) ?

A.
Appropriate documentation
A.
Appropriate documentation
Answers
B.
privilege suspension
B.
privilege suspension
Answers
C.
proxy records
C.
proxy records
Answers
D.
Internet access logs
D.
Internet access logs
Answers
Suggested answer: A

Question 712

Report
Export
Collapse

Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?

A.
Transmission control protocol (TCP) port 443 open
A.
Transmission control protocol (TCP) port 443 open
Answers
B.
Non-standard system naming convention used
B.
Non-standard system naming convention used
Answers
C.
Unlicensed software installed
C.
Unlicensed software installed
Answers
D.
End of life system detected
D.
End of life system detected
Answers
Suggested answer: A

Question 713

Report
Export
Collapse

Digital certificates used transport Layer security (TLS) support which of the following?

A.
Server identify and data confidentially
A.
Server identify and data confidentially
Answers
B.
Information input validation
B.
Information input validation
Answers
C.
Multi-Factor Authentication (MFA)
C.
Multi-Factor Authentication (MFA)
Answers
D.
Non-reputation controls and data encryption
D.
Non-reputation controls and data encryption
Answers
Suggested answer: A

Question 714

Report
Export
Collapse

Which would result in the GREATEST import following a breach to a cloud environment?

A.
The hypervisor host Is poorly seared
A.
The hypervisor host Is poorly seared
Answers
B.
The same Logical Unit Number (LLN) is used for ail VMs
B.
The same Logical Unit Number (LLN) is used for ail VMs
Answers
C.
Insufficient network segregation
C.
Insufficient network segregation
Answers
D.
Insufficient hardening of Virtual Machines (VM)
D.
Insufficient hardening of Virtual Machines (VM)
Answers
Suggested answer: C

Question 715

Report
Export
Collapse

Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

A.
Stock the source address at the firewall.
A.
Stock the source address at the firewall.
Answers
B.
Have this service provide block the source address.
B.
Have this service provide block the source address.
Answers
C.
Block all inbound traffic until the flood ends.
C.
Block all inbound traffic until the flood ends.
Answers
D.
Have the source service provider block the address
D.
Have the source service provider block the address
Answers
Suggested answer: A

Question 716

Report
Export
Collapse

Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

A.
Cloud directory
A.
Cloud directory
Answers
B.
Directory synchronization
B.
Directory synchronization
Answers
C.
Assurance framework
C.
Assurance framework
Answers
D.
Lightweight Directory Access Protocol (LDAP)
D.
Lightweight Directory Access Protocol (LDAP)
Answers
Suggested answer: B

Question 717

Report
Export
Collapse

Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?

A.
Data access control policies
A.
Data access control policies
Answers
B.
Threat modeling
B.
Threat modeling
Answers
C.
Common Criteria (CC)
C.
Common Criteria (CC)
Answers
D.
Business Impact Analysis (BIA)
D.
Business Impact Analysis (BIA)
Answers
Suggested answer: A

Question 718

Report
Export
Collapse

A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy?

A.
Network Address Translation (NAT)
A.
Network Address Translation (NAT)
Answers
B.
Stateful Inspection
B.
Stateful Inspection
Answers
C.
Packet filtering
C.
Packet filtering
Answers
D.
Network Access Control (NAC)
D.
Network Access Control (NAC)
Answers
Suggested answer: D

Question 719

Report
Export
Collapse

When designing on Occupent Emergency plan (OEP) for United states (US) Federal government facilities, what factor must be considered?

A.
location of emergency exits in building
A.
location of emergency exits in building
Answers
B.
Average age of the agency employees
B.
Average age of the agency employees
Answers
C.
Geographical location and structural design of building
C.
Geographical location and structural design of building
Answers
D.
Federal agency for which plan is being drafted
D.
Federal agency for which plan is being drafted
Answers
Suggested answer: A

Question 720

Report
Export
Collapse

Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

A.
ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.
A.
ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.
Answers
B.
Opportunistic attackers will look for any easily exploitable vulnerable applications.
B.
Opportunistic attackers will look for any easily exploitable vulnerable applications.
Answers
C.
Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.
C.
Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.
Answers
D.
Securing applications at ASVS Level 1 provides adequate protection for sensitive data.
D.
Securing applications at ASVS Level 1 provides adequate protection for sensitive data.
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms