ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 77

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 761

Report
Export
Collapse

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

A.
Auditing
A.
Auditing
Answers
B.
Anonymization
B.
Anonymization
Answers
C.
Privacy monitoring
C.
Privacy monitoring
Answers
D.
Data retention
D.
Data retention
Answers
Suggested answer: B

Question 762

Report
Export
Collapse

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

A.
Principle of Least Privilege
A.
Principle of Least Privilege
Answers
B.
Principle of Separation of Duty
B.
Principle of Separation of Duty
Answers
C.
Principle of Secure Default
C.
Principle of Secure Default
Answers
D.
principle of Fail Secure
D.
principle of Fail Secure
Answers
Suggested answer: D

Question 763

Report
Export
Collapse

What does the term "100-year floodplain" mean to emergency preparedness officials?

A.
The area is expected to be safe from flooding for at least 100 years.
A.
The area is expected to be safe from flooding for at least 100 years.
Answers
B.
The odds of a flood at this level are 1 in 100 in any given year.
B.
The odds of a flood at this level are 1 in 100 in any given year.
Answers
C.
The odds are that the next significant flood will hit within the next 100 years.
C.
The odds are that the next significant flood will hit within the next 100 years.
Answers
D.
The last flood of any kind to hit the area was more than 100 years ago.
D.
The last flood of any kind to hit the area was more than 100 years ago.
Answers
Suggested answer: B

Question 764

Report
Export
Collapse

Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

A.
Layer 2
A.
Layer 2
Answers
B.
Layer 4
B.
Layer 4
Answers
C.
Layer 5
C.
Layer 5
Answers
D.
Layer 6
D.
Layer 6
Answers
Suggested answer: B

Question 765

Report
Export
Collapse

Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

A.
The complexity of the automated control
A.
The complexity of the automated control
Answers
B.
The level of automation of the control
B.
The level of automation of the control
Answers
C.
The range of values of the automated control
C.
The range of values of the automated control
Answers
D.
The volatility of the automated control
D.
The volatility of the automated control
Answers
Suggested answer: B

Question 766

Report
Export
Collapse

An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

A.
Addressed continuous innovative process improvement
A.
Addressed continuous innovative process improvement
Answers
B.
Addressed the causes of common process variance
B.
Addressed the causes of common process variance
Answers
C.
Achieved optimized process performance
C.
Achieved optimized process performance
Answers
D.
Achieved predictable process performance
D.
Achieved predictable process performance
Answers
Suggested answer: C

Question 767

Report
Export
Collapse

What is the MOST effective way to protect privacy?

A.
Eliminate or reduce collection of personal information.
A.
Eliminate or reduce collection of personal information.
Answers
B.
Encrypt all collected personal information.
B.
Encrypt all collected personal information.
Answers
C.
Classify all personal information at the highest information classification level.
C.
Classify all personal information at the highest information classification level.
Answers
D.
Apply tokenization to all personal information records.
D.
Apply tokenization to all personal information records.
Answers
Suggested answer: D

Question 768

Report
Export
Collapse

Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?

A.
Large Key encryption
A.
Large Key encryption
Answers
B.
Single integrity protection
B.
Single integrity protection
Answers
C.
Embedded sequence numbers
C.
Embedded sequence numbers
Answers
D.
Randomly generated nonces
D.
Randomly generated nonces
Answers
Suggested answer: C

Question 769

Report
Export
Collapse

Which of the following job functions MUST be separated to maintain data and application integrity?

A.
Applications development and systems analysis
A.
Applications development and systems analysis
Answers
B.
Production control and data control functions
B.
Production control and data control functions
Answers
C.
Scheduling and computer operations
C.
Scheduling and computer operations
Answers
D.
Systems development and systems maintenance
D.
Systems development and systems maintenance
Answers
Suggested answer: D

Question 770

Report
Export
Collapse

Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

A.
Remote Authentication Dial-In User Service (RADIUS)
A.
Remote Authentication Dial-In User Service (RADIUS)
Answers
B.
Terminal Access Controller Access Control System Plus (TACACS+)
B.
Terminal Access Controller Access Control System Plus (TACACS+)
Answers
C.
Open Authentication (OAuth)
C.
Open Authentication (OAuth)
Answers
D.
Security Assertion Markup Language (SAML)
D.
Security Assertion Markup Language (SAML)
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms