ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 81

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question 801

Report
Export
Collapse

Which of the following is true of Service Organization Control (SOC) reports?

A.
SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization's controls
A.
SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization's controls
Answers
B.
SOC 2 Type 2 reports include information of interest to the service organization's management
B.
SOC 2 Type 2 reports include information of interest to the service organization's management
Answers
C.
SOC 2 Type 2 reports assess internal controls for financial reporting
C.
SOC 2 Type 2 reports assess internal controls for financial reporting
Answers
D.
SOC 3 Type 2 reports assess internal controls for financial reporting
D.
SOC 3 Type 2 reports assess internal controls for financial reporting
Answers
Suggested answer: B

Explanation:

Reference: http://ssae16.businesscatalyst.com/SSAE16_reports.html

Question 802

Report
Export
Collapse

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

A.
Manual inspections and reviews
A.
Manual inspections and reviews
Answers
B.
Penetration testing
B.
Penetration testing
Answers
C.
Threat modeling
C.
Threat modeling
Answers
D.
Source code review
D.
Source code review
Answers
Suggested answer: C

Question 803

Report
Export
Collapse

Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?

A.
Peer authentication
A.
Peer authentication
Answers
B.
Payload data encryption
B.
Payload data encryption
Answers
C.
Session encryption
C.
Session encryption
Answers
D.
Hashing digest
D.
Hashing digest
Answers
Suggested answer: C

Question 804

Report
Export
Collapse

What is the MOST common component of a vulnerability management framework?

A.
Risk analysis
A.
Risk analysis
Answers
B.
Patch management
B.
Patch management
Answers
C.
Threat analysis
C.
Threat analysis
Answers
D.
Backup management
D.
Backup management
Answers
Suggested answer: B

Explanation:

Reference: https://www.helpnetsecurity.com/2016/10/11/effective-vulnerability-managementprocess/

Question 805

Report
Export
Collapse

A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?

A.
To back up data that is used on a daily basis
A.
To back up data that is used on a daily basis
Answers
B.
To dispose of data in order to limit liability
B.
To dispose of data in order to limit liability
Answers
C.
To reduce costs by reducing the amount of retained data
C.
To reduce costs by reducing the amount of retained data
Answers
D.
To classify data according to what it contains
D.
To classify data according to what it contains
Answers
Suggested answer: B

Question 806

Report
Export
Collapse

What determines the level of security of a combination lock?

A.
Complexity of combination required to open the lock
A.
Complexity of combination required to open the lock
Answers
B.
Amount of time it takes to brute force the combination
B.
Amount of time it takes to brute force the combination
Answers
C.
The number of barrels associated with the internal mechanism
C.
The number of barrels associated with the internal mechanism
Answers
D.
The hardness score of the metal lock material
D.
The hardness score of the metal lock material
Answers
Suggested answer: A

Explanation:

Reference: https://books.google.com.pk/books?id=RbihGYALUkC&pg=PA976&lpg=PA976&dq=CISSP+determines+the+level+of+security+of+a+combination+lock&source=bl&ots=ld6arg_Pl9&sig=ACfU3U0kh_Trrg6mQ65NmAP5PnUCIPmD0Q&hl=en&sa=X&ved=2ahUKEwjg69zN4KnpAhUJmRoKHR01B_MQ6AEwDHoECBUQAQ#v=onepage&q=combination%20lock&f=false

Question 807

Report
Export
Collapse

A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3c?

A.
It verifies the integrity of the file.
A.
It verifies the integrity of the file.
Answers
B.
It checks the file for malware.
B.
It checks the file for malware.
Answers
C.
It ensures the entire file downloaded.
C.
It ensures the entire file downloaded.
Answers
D.
It encrypts the entire file.
D.
It encrypts the entire file.
Answers
Suggested answer: A

Explanation:

Reference: https://blog.logsign.com/how-to-check-the-integrity-of-a-file/

Question 808

Report
Export
Collapse

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

A.
The acquiring organization
A.
The acquiring organization
Answers
B.
The service provider
B.
The service provider
Answers
C.
The risk executive (function)
C.
The risk executive (function)
Answers
D.
The IT manager
D.
The IT manager
Answers
Suggested answer: C

Question 809

Report
Export
Collapse

Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

A.
An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated
A.
An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated
Answers
B.
An attack that injects a script into a web page to execute a privileged command
B.
An attack that injects a script into a web page to execute a privileged command
Answers
C.
An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system
C.
An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system
Answers
D.
An attack that forges a false Structure Query Language (SQL) command across systems
D.
An attack that forges a false Structure Query Language (SQL) command across systems
Answers
Suggested answer: A

Explanation:

Reference: https://portswigger.net/web-security/csrf

Question 810

Report
Export
Collapse

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

A.
Test
A.
Test
Answers
B.
Assessment
B.
Assessment
Answers
C.
Review
C.
Review
Answers
D.
Peer review
D.
Peer review
Answers
Suggested answer: C

Explanation:

Reference:

https://books.google.com.pk/books?id=W2TvAgAAQBAJ&pg=PA256&lpg=PA256&dq=process+in+the+access+provisioning+lifecycle+that+will+MOST+likely+identify+access+aggregation+issues&source=bl&ots=OBJo9fbGP3&sig=ACfU3U1eAWDu3q4EoiusrOi_hvtu6WyaIg&hl=en&sa=X&ved=2ahUKEwiu-Mac0anpAhXIxIUKHQi2BFsQ6AEwAXoECBAQAQ#v=onepage&q=process%20in%20the%20access%20provisioning%20lifecycle%20that%20will%20MOST%20likely%20identify%20access%20aggregation%20issues&f=false

Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms