Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC CISSP - Certified Information Systems Security Professional (CISSP)

Page: 5 / 12
Total 1486 questions

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

What is the BEST approach to addressing security issues in legacy web applications?

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

An international medical organization with headquarters in the United States (US) and branches in France

wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?

A.

Aggregate it into one database in the US

B.

Process it in the US, but store the information in France

C.

Share it with a third party

D.

Anonymize it and process it in the US

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

A.

Password requirements are simplified.

B.

Risk associated with orphan accounts is reduced.

C.

Segregation of duties is automatically enforced.

D.

Data confidentiality is increased.

Which of the following is a responsibility of the information owner?

A.

Ensure that users and personnel complete the required security training to access the Information System

(IS)

B.

Defining proper access to the Information System (IS), including privileges or access rights

C.

Managing identification, implementation, and assessment of common security controls

D.

Ensuring the Information System (IS) is operated according to agreed upon security requirements

Which Identity and Access Management (IAM) process can be used to maintain the principle of least

privilege?

A.

identity provisioning

B.

access recovery

C.

multi-factor authentication (MFA)

D.

user access review

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?

A.

Strict-Transport-Security

B.

X-XSS-Protection

C.

X-Frame-Options

D.

Content-Security-Policy

The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?

A.

Disposal

B.

Implementation

C.

Development

D.

Operations and maintenance

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

A.

Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.

B.

Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.

C.

Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

D.

Open source libraries contain unknown vulnerabilities, so they should not be used.

Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

A.

Load Testing

B.

White-box testing

C.

Black -box testing

D.

Performance testing

In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

A.

Server cabinets are located in an unshared workspace.

B.

Server cabinets are located in an isolated server farm.

C.

Server hardware is located in a remote area.

D.

Server cabinets share workspace with multiple projects.