ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 80

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 791

Report
Export
Collapse

Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

A.
Operations / Maintenance
A.
Operations / Maintenance
Answers
B.
Implementation
B.
Implementation
Answers
C.
Acquisition / Development
C.
Acquisition / Development
Answers
D.
Initiation
D.
Initiation
Answers
Suggested answer: B

Question 792

Report
Export
Collapse

What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

A.
Application decomposition, threat analysis, vulnerability detection, attack enumeration, risk/impact analysis
A.
Application decomposition, threat analysis, vulnerability detection, attack enumeration, risk/impact analysis
Answers
B.
Threat analysis, vulnerability detection, application decomposition, attack enumeration, risk/Impact analysis
B.
Threat analysis, vulnerability detection, application decomposition, attack enumeration, risk/Impact analysis
Answers
C.
Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attack enumeration
C.
Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attack enumeration
Answers
D.
Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attack enumeration
D.
Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attack enumeration
Answers
Suggested answer: A

Question 793

Report
Export
Collapse

Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

A.
Active
A.
Active
Answers
B.
Passive
B.
Passive
Answers
C.
Inline
C.
Inline
Answers
D.
Span
D.
Span
Answers
Suggested answer: C

Question 794

Report
Export
Collapse

An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?

A.
Message Digest 5 (MD5)
A.
Message Digest 5 (MD5)
Answers
B.
Subscriber Identity Module (SIM)
B.
Subscriber Identity Module (SIM)
Answers
C.
Lightweight Extensible Authentication Protocol (EAP)
C.
Lightweight Extensible Authentication Protocol (EAP)
Answers
D.
Transport layer security (TLS)
D.
Transport layer security (TLS)
Answers
Suggested answer: D

Question 795

Report
Export
Collapse

An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensure the proper removal of the system?

A.
Deactivation
A.
Deactivation
Answers
B.
Decommission
B.
Decommission
Answers
C.
Deploy
C.
Deploy
Answers
D.
Procure
D.
Procure
Answers
Suggested answer: B

Question 796

Report
Export
Collapse

As a security manger which of the following is the MOST effective practice for providing value to an organization?

A.
Assess business risk and apply security resources accordingly
A.
Assess business risk and apply security resources accordingly
Answers
B.
Coordinate security implementations with internal audit
B.
Coordinate security implementations with internal audit
Answers
C.
Achieve compliance regardless of related technical issues
C.
Achieve compliance regardless of related technical issues
Answers
D.
Identify confidential information and protect it
D.
Identify confidential information and protect it
Answers
Suggested answer: D

Question 797

Report
Export
Collapse

Which of the following BEST provides for non-repudiation od user account actions?

A.
Centralized authentication system
A.
Centralized authentication system
Answers
B.
File auditing system
B.
File auditing system
Answers
C.
Managed Intrusion Detection System (IDS)
C.
Managed Intrusion Detection System (IDS)
Answers
D.
Centralized logging system
D.
Centralized logging system
Answers
Suggested answer: D

Question 798

Report
Export
Collapse

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

A.
Role-Based Access Control (RBAC)
A.
Role-Based Access Control (RBAC)
Answers
B.
Role-based access control
B.
Role-based access control
Answers
C.
Non-discretionary access control
C.
Non-discretionary access control
Answers
D.
Discretionary Access Control (DAC)
D.
Discretionary Access Control (DAC)
Answers
Suggested answer: A

Question 799

Report
Export
Collapse

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.

Which of the following is the BEST way to prevent access privilege creep?

A.
Implementing Identity and Access Management (IAM) solution
A.
Implementing Identity and Access Management (IAM) solution
Answers
B.
Time-based review and certification
B.
Time-based review and certification
Answers
C.
Internet audit
C.
Internet audit
Answers
D.
Trigger-based review and certification
D.
Trigger-based review and certification
Answers
Suggested answer: A

Question 800

Report
Export
Collapse

Continuity of operations is BEST supported by which of the following?

A.
Confidentiality, availability, and reliability
A.
Confidentiality, availability, and reliability
Answers
B.
Connectivity, reliability, and redundancy
B.
Connectivity, reliability, and redundancy
Answers
C.
Connectivity, reliability, and recovery
C.
Connectivity, reliability, and recovery
Answers
D.
Confidentiality, integrity, and availability
D.
Confidentiality, integrity, and availability
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms