ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 73

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 721

Report
Export
Collapse

Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?

A.
Preventive controls
A.
Preventive controls
Answers
B.
Monitoring control
B.
Monitoring control
Answers
C.
Cost controls
C.
Cost controls
Answers
D.
Compensating controls
D.
Compensating controls
Answers
Suggested answer: B

Question 722

Report
Export
Collapse

An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?

A.
Isolate the full ICS by moving It onto its own network segment
A.
Isolate the full ICS by moving It onto its own network segment
Answers
B.
Air-gap and harden the host used for management purposes
B.
Air-gap and harden the host used for management purposes
Answers
C.
Convince the management to decommission the ICS and mitigate to a modem technology
C.
Convince the management to decommission the ICS and mitigate to a modem technology
Answers
D.
Deploy a restrictive proxy between all clients and the vulnerable management station
D.
Deploy a restrictive proxy between all clients and the vulnerable management station
Answers
Suggested answer: B

Question 723

Report
Export
Collapse

Which of the following steps is performed during the forensic data analysis phase?

A.
Collect known system files
A.
Collect known system files
Answers
B.
search for relevant strings.
B.
search for relevant strings.
Answers
C.
Create file lists
C.
Create file lists
Answers
D.
Recover deleted data.
D.
Recover deleted data.
Answers
Suggested answer: B

Question 724

Report
Export
Collapse

Which of the following practices provides the development of security and identification of threats in designing software?

A.
Stakeholder review
A.
Stakeholder review
Answers
B.
Requirements review
B.
Requirements review
Answers
C.
Penetration testing
C.
Penetration testing
Answers
D.
Threat modeling
D.
Threat modeling
Answers
Suggested answer: D

Question 725

Report
Export
Collapse

Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

A.
Sending assertions to an identity provider
A.
Sending assertions to an identity provider
Answers
B.
Requesting Identity assertions from the partners domain
B.
Requesting Identity assertions from the partners domain
Answers
C.
defining the identity mapping scheme
C.
defining the identity mapping scheme
Answers
D.
Having the resource provider query the Identity provider
D.
Having the resource provider query the Identity provider
Answers
Suggested answer: C

Question 726

Report
Export
Collapse

The adoption of an enterprise-wide business continuity program requires Which of the following?

A.
Good communication throughout the organization
A.
Good communication throughout the organization
Answers
B.
Formation of Disaster Recovery (DP) project team
B.
Formation of Disaster Recovery (DP) project team
Answers
C.
A completed Business Impact Analysis (BIA)
C.
A completed Business Impact Analysis (BIA)
Answers
D.
Well-documented information asset classification
D.
Well-documented information asset classification
Answers
Suggested answer: D

Question 727

Report
Export
Collapse

Which of the following is the MOST important reason for using a chain of custody from?

A.
To document those who were In possession of the evidence at every point In time
A.
To document those who were In possession of the evidence at every point In time
Answers
B.
To collect records of all digital forensic professionals working on a case
B.
To collect records of all digital forensic professionals working on a case
Answers
C.
To document collected digital evidence
C.
To document collected digital evidence
Answers
D.
To ensure that digital evidence is not overlooked during the analysis
D.
To ensure that digital evidence is not overlooked during the analysis
Answers
Suggested answer: A

Question 728

Report
Export
Collapse

When conducting a security assessment of access controls , Which activity is port of the data analysis phase?

A.
Collect logs and reports.
A.
Collect logs and reports.
Answers
B.
Present solutions to address audit exceptions.
B.
Present solutions to address audit exceptions.
Answers
C.
Categorize and Identify evidence gathered during the audit
C.
Categorize and Identify evidence gathered during the audit
Answers
D.
Conduct statiscal sampling of data transactions.
D.
Conduct statiscal sampling of data transactions.
Answers
Suggested answer: C

Question 729

Report
Export
Collapse

The core component of Role Based Access control (RBAC) must be constructed of defined data elements. Which elements are required?

A.
Users, permissions, operators, and protected objects
A.
Users, permissions, operators, and protected objects
Answers
B.
Users, rotes, operations, and protected objects
B.
Users, rotes, operations, and protected objects
Answers
C.
Roles, accounts, permissions, and protected objects
C.
Roles, accounts, permissions, and protected objects
Answers
D.
Roles, operations, accounts, and protected objects
D.
Roles, operations, accounts, and protected objects
Answers
Suggested answer: B

Question 730

Report
Export
Collapse

Which of the following should be included in a hardware retention policy?

Which of the following should be included in a hardware retention policy?

A.
The use of encryption technology to encrypt sensitive data prior to retention
A.
The use of encryption technology to encrypt sensitive data prior to retention
Answers
B.
Retention of data for only one week and outsourcing the retention to a third-party vendor
B.
Retention of data for only one week and outsourcing the retention to a third-party vendor
Answers
C.
Retention of all sensitive data on media and hardware
C.
Retention of all sensitive data on media and hardware
Answers
D.
A plan to retain data required only for business purposes and a retention schedule
D.
A plan to retain data required only for business purposes and a retention schedule
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms