ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 8

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 71

Report
Export
Collapse

Which of the following statements is TRUE of black box testing?

A.
Only the functional specifications are known to the test planner.
A.
Only the functional specifications are known to the test planner.
Answers
B.
Only the source code and the design documents are known to the test planner.
B.
Only the source code and the design documents are known to the test planner.
Answers
C.
Only the source code and functional specifications are known to the test planner.
C.
Only the source code and functional specifications are known to the test planner.
Answers
D.
Only the design documents and the functional specifications are known to the test planner.
D.
Only the design documents and the functional specifications are known to the test planner.
Answers
Suggested answer: A

Question 72

Report
Export
Collapse

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

A.
Encryption routines
A.
Encryption routines
Answers
B.
Random number generator
B.
Random number generator
Answers
C.
Obfuscated code
C.
Obfuscated code
Answers
D.
Botnet command and control
D.
Botnet command and control
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?

A.
It has normalized severity ratings.
A.
It has normalized severity ratings.
Answers
B.
It has many worksheets and practices to implement.
B.
It has many worksheets and practices to implement.
Answers
C.
It aims to calculate the risk of published vulnerabilities.
C.
It aims to calculate the risk of published vulnerabilities.
Answers
D.
It requires a robust risk management framework to be put in place.
D.
It requires a robust risk management framework to be put in place.
Answers
Suggested answer: C

Question 74

Report
Export
Collapse

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

A.
Encrypt and hash all PII to avoid disclosure and tampering.
A.
Encrypt and hash all PII to avoid disclosure and tampering.
Answers
B.
Store PII for no more than one year.
B.
Store PII for no more than one year.
Answers
C.
Avoid storing PII in a Cloud Service Provider.
C.
Avoid storing PII in a Cloud Service Provider.
Answers
D.
Adherence to collection limitation laws and regulations.
D.
Adherence to collection limitation laws and regulations.
Answers
Suggested answer: D

Question 75

Report
Export
Collapse

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

A.
Determining the probability that the system functions safely during any time period
A.
Determining the probability that the system functions safely during any time period
Answers
B.
Quantifying the system's available services
B.
Quantifying the system's available services
Answers
C.
Identifying the number of security flaws within the system
C.
Identifying the number of security flaws within the system
Answers
D.
Measuring the system's integrity in the presence of failure
D.
Measuring the system's integrity in the presence of failure
Answers
Suggested answer: C

Question 76

Report
Export
Collapse

Which of the following is an effective method for avoiding magnetic media data remanence?

A.
Degaussing
A.
Degaussing
Answers
B.
Encryption
B.
Encryption
Answers
C.
Data Loss Prevention (DLP)
C.
Data Loss Prevention (DLP)
Answers
D.
Authentication
D.
Authentication
Answers
Suggested answer: A

Question 77

Report
Export
Collapse

Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

A.
Integration with organizational directory services for authentication
A.
Integration with organizational directory services for authentication
Answers
B.
Tokenization of data
B.
Tokenization of data
Answers
C.
Accommodation of hybrid deployment models
C.
Accommodation of hybrid deployment models
Answers
D.
Identification of data location
D.
Identification of data location
Answers
Suggested answer: D

Question 78

Report
Export
Collapse

When transmitting information over public networks, the decision to encrypt it should be based on

A.
the estimated monetary value of the information.
A.
the estimated monetary value of the information.
Answers
B.
whether there are transient nodes relaying the transmission.
B.
whether there are transient nodes relaying the transmission.
Answers
C.
the level of confidentiality of the information.
C.
the level of confidentiality of the information.
Answers
D.
the volume of the information.
D.
the volume of the information.
Answers
Suggested answer: C

Question 79

Report
Export
Collapse

Logical access control programs are MOST effective when they are

A.
approved by external auditors.
A.
approved by external auditors.
Answers
B.
combined with security token technology.
B.
combined with security token technology.
Answers
C.
maintained by computer security officers.
C.
maintained by computer security officers.
Answers
D.
made part of the operating system.
D.
made part of the operating system.
Answers
Suggested answer: D

Question 80

Report
Export
Collapse

Which one of the following considerations has the LEAST impact when considering transmission security?

A.
Network availability
A.
Network availability
Answers
B.
Data integrity
B.
Data integrity
Answers
C.
Network bandwidth
C.
Network bandwidth
Answers
D.
Node locations
D.
Node locations
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms