ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
You always abide by the HIPAA privacy rule.
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.

Question 51

Report
Export
Collapse

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

A.
Walkthrough
A.
Walkthrough
Answers
B.
Simulation
B.
Simulation
Answers
C.
Parallel
C.
Parallel
Answers
D.
White box
D.
White box
Answers
Suggested answer: C

Question 52

Report
Export
Collapse

A continuous information security monitoring program can BEST reduce risk through which of the following?

A.
Collecting security events and correlating them to identify anomalies
A.
Collecting security events and correlating them to identify anomalies
Answers
B.
Facilitating system-wide visibility into the activities of critical user accounts
B.
Facilitating system-wide visibility into the activities of critical user accounts
Answers
C.
Encompassing people, process, and technology
C.
Encompassing people, process, and technology
Answers
D.
Logging both scheduled and unscheduled system changes
D.
Logging both scheduled and unscheduled system changes
Answers
Suggested answer: B

Question 53

Report
Export
Collapse

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

A.
Lack of software documentation
A.
Lack of software documentation
Answers
B.
License agreements requiring release of modified code
B.
License agreements requiring release of modified code
Answers
C.
Expiration of the license agreement
C.
Expiration of the license agreement
Answers
D.
Costs associated with support of the software
D.
Costs associated with support of the software
Answers
Suggested answer: D

Question 54

Report
Export
Collapse

Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

A.
Vulnerability to crime
A.
Vulnerability to crime
Answers
B.
Adjacent buildings and businesses
B.
Adjacent buildings and businesses
Answers
C.
Proximity to an airline flight path
C.
Proximity to an airline flight path
Answers
D.
Vulnerability to natural disasters
D.
Vulnerability to natural disasters
Answers
Suggested answer: C

Question 55

Report
Export
Collapse

Multi-threaded applications are more at risk than single-threaded applications to

A.
race conditions.
A.
race conditions.
Answers
B.
virus infection.
B.
virus infection.
Answers
C.
packet sniffing.
C.
packet sniffing.
Answers
D.
database injection.
D.
database injection.
Answers
Suggested answer: A

Question 56

Report
Export
Collapse

Which of the following is a potential risk when a program runs in privileged mode?

A.
It may serve to create unnecessary code complexity
A.
It may serve to create unnecessary code complexity
Answers
B.
It may not enforce job separation duties
B.
It may not enforce job separation duties
Answers
C.
It may create unnecessary application hardening
C.
It may create unnecessary application hardening
Answers
D.
It may allow malicious code to be inserted
D.
It may allow malicious code to be inserted
Answers
Suggested answer: D

Question 57

Report
Export
Collapse

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

A.
The inherent risk is greater than the residual risk.
A.
The inherent risk is greater than the residual risk.
Answers
B.
The Annualized Loss Expectancy (ALE) approaches zero.
B.
The Annualized Loss Expectancy (ALE) approaches zero.
Answers
C.
The expected loss from the risk exceeds mitigation costs.
C.
The expected loss from the risk exceeds mitigation costs.
Answers
D.
The infrastructure budget can easily cover the upgrade costs.
D.
The infrastructure budget can easily cover the upgrade costs.
Answers
Suggested answer: C

Question 58

Report
Export
Collapse

Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

A.
Read-through
A.
Read-through
Answers
B.
Parallel
B.
Parallel
Answers
C.
Full interruption
C.
Full interruption
Answers
D.
Simulation
D.
Simulation
Answers
Suggested answer: D

Question 59

Report
Export
Collapse

Which of the following BEST describes the purpose of performing security certification?

A.
To identify system threats, vulnerabilities, and acceptable level of risk
A.
To identify system threats, vulnerabilities, and acceptable level of risk
Answers
B.
To formalize the confirmation of compliance to security policies and standards
B.
To formalize the confirmation of compliance to security policies and standards
Answers
C.
To formalize the confirmation of completed risk mitigation and risk analysis
C.
To formalize the confirmation of completed risk mitigation and risk analysis
Answers
D.
To verify that system architecture and interconnections with other systems are effectively implemented
D.
To verify that system architecture and interconnections with other systems are effectively implemented
Answers
Suggested answer: B

Question 60

Report
Export
Collapse

The BEST method to mitigate the risk of a dictionary attack on a system is to

A.
use a hardware token.
A.
use a hardware token.
Answers
B.
use complex passphrases.
B.
use complex passphrases.
Answers
C.
implement password history.
C.
implement password history.
Answers
D.
encrypt the access control list (ACL).
D.
encrypt the access control list (ACL).
Answers
Suggested answer: A
Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms