Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC CISSP - Certified Information Systems Security Professional (CISSP)

Page: 6 / 12
Total 1486 questions

A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

A.

Cloud Virtual Machines (VM)

B.

Cloud application container within a Virtual Machine (VM)

C.

On premises Virtual Machine (VM)

D.

Self-hosted Virtual Machine (VM)

Which of the following ensures old log data is not overwritten?

A.

Increase log file size

B.

Implement Syslog

C.

Log preservation

D.

Log retention

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

A.

ross-Site Scripting (XSS)

B.

Cross-Site request forgery (CSRF)

C.

Cross injection

D.

Broken Authentication And Session Management

What is the PRIMARY purpose for an organization to conduct a security audit?

A.

To ensure the organization is adhering to a well-defined standard

B.

To ensure the organization is applying security controls to mitigate identified risks

C.

To ensure the organization is configuring information systems efficiently

D.

To ensure the organization is documenting findings

What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?

A.

Encryption in transit

B.

Configure a virtual private network (VPN)

C.

Configure a dedicated connection

D.

Encryption at rest

Secure coding can be developed by applying which one of the following?

A.

Applying the organization's acceptable use guidance

B.

Applying the industry best practice coding guidelines

C.

Applying rapid application development (RAD) coding

D.

Applying the organization's web application firewall (WAF) policy

Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages?

A.

Key distribution

B.

Storing attachments in centralized repositories

C.

Scanning for viruses and other malware

D.

Greater costs associated for backups and restores

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

A.

Save security costs for the organization.

B.

Improve vulnerability assessment capabilities.

C.

Standardize specifications between software security products.

D.

Achieve organizational compliance with international standards.

Which of the following BEST describes centralized identity management?

A.

Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

B.

Service providers agree to integrate identity system recognition across organizational boundaries.

C.

Service providers identify an entity by behavior analysis versus an identification factor.

D.

Service providers perform as both the credential and identity provider (IdP).

Of the following, which BEST provides non- repudiation with regards to access to a server room?

A.

Fob and Personal Identification Number (PIN)

B.

Locked and secured cages

C.

Biometric readers

D.

Proximity readers

When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?

A.

Consolidated data collection

B.

Distributed storage locations

C.

Distributed data collection

D.

Centralized processing location

Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?

A.

Ensures that there is no loss of functionality between releases

B.

Allows for future enhancements to existing features

C.

Enforces backward compatibility between releases

D.

Ensures that a trace for all deliverables is maintained and auditable

When can a security program be considered effective?

A.

Audits are rec/party performed and reviewed.

B.

Vulnerabilities are proactively identified.

C.

Risk is lowered to an acceptable level.

D.

Badges are regulatory performed and validated

Which of the following is considered the FIRST step when designing an internal security control assessment?

A.

Create a plan based on recent vulnerability scans of the systems in question.

B.

Create a plan based on comprehensive knowledge of known breaches.

C.

Create a plan based on a recognized framework of known controls.

D.

Create a plan based on reconnaissance of the organization's infrastructure.

Which of the following should exist in order to perform a security audit?

A.

Industry framework to audit against

B.

External (third-party) auditor

C.

Internal certified auditor

D.

Neutrality of the auditor