ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 83

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 821

Report
Export
Collapse

Which of the following is the key requirement for test results when implementing forensic procedures?

A.
The test results must be cost-effective.
A.
The test results must be cost-effective.
Answers
B.
The test result must be authorized.
B.
The test result must be authorized.
Answers
C.
The test results must be quantifiable.
C.
The test results must be quantifiable.
Answers
D.
The test results must be reproducible.
D.
The test results must be reproducible.
Answers
Suggested answer: B

Question 822

Report
Export
Collapse

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

A.
Reasonable data
A.
Reasonable data
Answers
B.
Population of required fields
B.
Population of required fields
Answers
C.
Allowed number of characters
C.
Allowed number of characters
Answers
D.
Session testing
D.
Session testing
Answers
Suggested answer: C

Explanation:

Reference: https://www.softwaretestinghelp.com/what-is-negative-testing/

Question 823

Report
Export
Collapse

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

A.
Reasonable data testing
A.
Reasonable data testing
Answers
B.
Input validation testing
B.
Input validation testing
Answers
C.
Web session testing
C.
Web session testing
Answers
D.
Allowed data bounds and limits testing
D.
Allowed data bounds and limits testing
Answers
Suggested answer: B

Question 824

Report
Export
Collapse

Which of the following techniques BEST prevents buffer overflows?

A.
Boundary and perimeter offset
A.
Boundary and perimeter offset
Answers
B.
Character set encoding
B.
Character set encoding
Answers
C.
Code auditing
C.
Code auditing
Answers
D.
Variant type and bit length
D.
Variant type and bit length
Answers
Suggested answer: B

Explanation:

Some products installed on systems can also watch for input values that might result in buffer overflows, but the best countermeasure is proper programming. This means use bounds checking. If an input value is only sup-posed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to buffer overflows than others, so programmers should understand these issues, use the right languages for the right purposes, and carry out code review to identify buffer overflow vulnerabilities.

Question 825

Report
Export
Collapse

A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

A.
Intrusion Prevention System (IPS)
A.
Intrusion Prevention System (IPS)
Answers
B.
Denial of Service (DoS) protection solution
B.
Denial of Service (DoS) protection solution
Answers
C.
One-time Password (OTP) token
C.
One-time Password (OTP) token
Answers
D.
Web Application Firewall (WAF)
D.
Web Application Firewall (WAF)
Answers
Suggested answer: A

Question 826

Report
Export
Collapse

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

A.
Reduce application development costs.
A.
Reduce application development costs.
Answers
B.
Potential threats are addressed later in the Software Development Life Cycle (SDLC).
B.
Potential threats are addressed later in the Software Development Life Cycle (SDLC).
Answers
C.
Improve user acceptance of implemented security controls.
C.
Improve user acceptance of implemented security controls.
Answers
D.
Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).
D.
Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).
Answers
Suggested answer: D

Question 827

Report
Export
Collapse

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

A.
Select and procure supporting technologies.
A.
Select and procure supporting technologies.
Answers
B.
Determine a budget and cost analysis for the program.
B.
Determine a budget and cost analysis for the program.
Answers
C.
Measure effectiveness of the program's stated goals.
C.
Measure effectiveness of the program's stated goals.
Answers
D.
Educate and train key stakeholders.
D.
Educate and train key stakeholders.
Answers
Suggested answer: C

Question 828

Report
Export
Collapse

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

A.
Build and test
A.
Build and test
Answers
B.
Implement security controls
B.
Implement security controls
Answers
C.
Categorize Information System (IS)
C.
Categorize Information System (IS)
Answers
D.
Select security controls
D.
Select security controls
Answers
Suggested answer: A

Explanation:

Reference:

https://books.google.com.pk/books?id=9gCn86CmsNQC&pg=PA570&lpg=PA570&dq=CISSP+Directive+controls+are+a+form+of+change+management+policy+and+procedures.+Which+of+the+following+subsections+are+recommended+as+part+of+the+change+management +process&source=bl&ots=riGvVpSS3E&sig=ACfU3U3dLYheW_GfTZcAYfN97fnDFlMmZg&hl=en&sa=X&ved=2ahUKEwjukoqK96npAhULtRoKHZEpBmcQ6AEwAHoECBQQAQ#v=onepage&q=CISSP%20Directive%20controls%20are%20a%20form%20of%20change%20management%20policy%20and%20procedures.%20Which%20of%20the%20following%20subsections%20are%20recommended%20as%20part%20of%20the%20change%20management%20process&f=false

Question 829

Report
Export
Collapse

Which of the following BEST describes how access to a system is granted to federated user accounts?

A.
With the federation assurance level
A.
With the federation assurance level
Answers
B.
Based on defined criteria by the Relying Party (RP)
B.
Based on defined criteria by the Relying Party (RP)
Answers
C.
Based on defined criteria by the Identity Provider (IdP)
C.
Based on defined criteria by the Identity Provider (IdP)
Answers
D.
With the identity assurance level
D.
With the identity assurance level
Answers
Suggested answer: C

Explanation:

Reference: https://resources.infosecinstitute.com/cissp-domain-5-refresh-identity-and-accessmanagement/

Question 830

Report
Export
Collapse

Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

A.
Simplicity of network configuration and network monitoring
A.
Simplicity of network configuration and network monitoring
Answers
B.
Removes the need for decentralized management solutions
B.
Removes the need for decentralized management solutions
Answers
C.
Removes the need for dedicated virtual security controls
C.
Removes the need for dedicated virtual security controls
Answers
D.
Simplicity of network configuration and network redundancy
D.
Simplicity of network configuration and network redundancy
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms