Certbus > ISC > ISC Certification > CISSP > CISSP Online Practice Questions and Answers

CISSP Online Practice Questions and Answers

Questions 4

What is the GREATEST challenge of an agent-based patch management solution?

A. Time to gather vulnerability information about the computers in the program

B. Requires that software be installed, running, and managed on all participating computers

C. The significant amount of network bandwidth while scanning computers

D. The consistency of distributing patches to each participating computer

Browse 1703 Q&As
Questions 5

Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?

A. Resource Servers are required to use passwords to authenticate end users.

B. Revocation of access of some users of the third party instead of all the users from the third party.

C. Compromise of the third party means compromise of all the users in the service.

D. Guest users need to authenticate with the third party identity provider.

Browse 1703 Q&As
Questions 6

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

A. confidentiality of the traffic is protected.

B. opportunity to sniff network traffic exists.

C. opportunity for device identity spoofing is eliminated.

D. storage devices are protected against availability attacks.

Browse 1703 Q&As
Questions 7

Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.

B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.

C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.

D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.

Browse 1703 Q&As
Questions 8

What is the purpose of an Internet Protocol (IP) spoofing attack?

A. To send excessive amounts of data to a process, making it unpredictable

B. To intercept network traffic without authorization

C. To disguise the destination address from a target's IP filtering devices

D. To convince a system that it is communicating with a known entity

Browse 1703 Q&As
Questions 9

Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

A. Information Owner (IO)

B. System Administrator

C. Business Continuity (BC) Manager

D. Chief Information Officer (CIO)

Browse 1703 Q&As
Questions 10

The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?

A. Encrypt disks on personal laptops

B. Issue cable locks for use on personal laptops

C. Create policies addressing critical information on personal laptops

D. Monitor personal laptops for critical information

Browse 1703 Q&As
Questions 11

Which of the following is the BEST way to protect an organization's data assets?

A. Monitor and enforce adherence to security policies.

B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.

C. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

D. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

Browse 1703 Q&As
Questions 12

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

A. Information Security Management System (ISMS)

B. Information Sharing and Analysis Centers (ISAC)

C. Risk Management Framework (RMF)

D. Information Security Continuous Monitoring (ISCM)

Browse 1703 Q&As
Questions 13

According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order should be used when resolving conflicts?

A. Public safety and duties to principals, individuals, and the profession

B. Individuals, the profession, and public safety and duties to principals

C. Individuals, public safety and duties to principals, and the profession

D. The profession, public safety and duties to principals, and individuals

Browse 1703 Q&As
Questions 14

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?

A. Hardware encryption

B. Certificate revocation list (CRL) policy

C. Trusted Platform Module (TPM)

D. Key exchange

Browse 1703 Q&As
Questions 15

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

A. General Data Protection Regulation (GDPR)

B. Palermo convention

C. Wassenaar arrangement

D. International Traffic in Arms Regulations (ITAR)

Browse 1703 Q&As
Questions 16

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

A. Demand risk

B. Process risk

C. Control risk

D. Supply risk

Browse 1703 Q&As
Questions 17

A large international organization that collects information from its consumers has contracted with a Software as a Service (SaaS) cloud provider to process this data. The SaaS cloud provider uses additional data processing to demonstrate other capabilities it wishes to offer to the data owner. This vendor believes additional data processing activity is allowed since they are not disclosing to other organizations. Which of the following BEST supports this rationale?

A. The data was encrypted at all times and only a few cloud provider employees had access.

B. As the data owner, the cloud provider has the authority to direct how the data will be processed.

C. As the data processor, the cloud provider has the authority to direct how the data will be processed.

D. The agreement between the two parties is vague and does not detail how the data can be used.

Browse 1703 Q&As
Questions 18

Which function does 802.1X provide?

A. Network intrusion detection system (NIDS)

B. Wireless access point (WAP)

C. Wi-Fi Protected Access (WPA)

D. Network Access Control (NAC)

Browse 1703 Q&As
Exam Code: CISSP
Exam Name: Certified Information Systems Security Professional
Last Update: Mar 19, 2024
Questions: 1703 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99