Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 181

During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

Options:
A.

A review of hiring policies and methods of verification of new employees

B.

A review of all departmental procedures

C.

A review of all training procedures to be undertaken

D.

A review of all systems by an experienced administrator

ISC CISSP Premium Access
Questions 182

How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

Options:
A.

Take another backup of the media in question then delete all irrelevant operating system files.

B.

Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level.

C.

Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined.

D.

Discard harmless files for the operating system, and known installed programs.

Questions 183

What is the ultimate objective of information classification?

Options:
A.

To assign responsibility for mitigating the risk to vulnerable systems

B.

To ensure that information assets receive an appropriate level of protection

C.

To recognize that the value of any item of information may change over time

D.

To recognize the optimal number of classification categories and the benefits to be gained from their use

Questions 184

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Options:
A.

Evaluating the efficiency of the plan

B.

Identifying the benchmark required for restoration

C.

Validating the effectiveness of the plan

D.

Determining the Recovery Time Objective (RTO)

Questions 185

Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

Options:
A.

Cross Origin Resource Sharing (CORS)

B.

WebSockets

C.

Document Object Model (DOM) trees

D.

Web Interface Definition Language (IDL)

Questions 186

Which of the following actions should be performed when implementing a change to a database schema in a production system?

Options:
A.

Test in development, determine dates, notify users, and implement in production

B.

Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy

C.

Perform user acceptance testing in production, have users sign off, and finalize change

D.

Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

Questions 187

In a financial institution, who has the responsibility for assigning the classification to a piece of information?

Options:
A.

Chief Financial Officer (CFO)

B.

Chief Information Security Officer (CISO)

C.

Originator or nominated owner of the information

D.

Department head responsible for ensuring the protection of the information

Questions 188

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

Options:
A.

Smurf

B.

Rootkit exploit

C.

Denial of Service (DoS)

D.

Cross site scripting (XSS)

Questions 189

The goal of software assurance in application development is to

Options:
A.

enable the development of High Availability (HA) systems.

B.

facilitate the creation of Trusted Computing Base (TCB) systems.

C.

prevent the creation of vulnerable applications.

D.

encourage the development of open source applications.

Questions 190

A vulnerability test on an Information System (IS) is conducted to

Options:
A.

exploit security weaknesses in the IS.

B.

measure system performance on systems with weak security controls.

C.

evaluate the effectiveness of security controls.

D.

prepare for Disaster Recovery (DR) planning.

Questions 191

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Options:
A.

The organization's current security policies concerning privacy issues

B.

Privacy-related regulations enforced by governing bodies applicable to the organization

C.

Privacy best practices published by recognized security standards organizations

D.

Organizational procedures designed to protect privacy information

Questions 192

Which of the following is a network intrusion detection technique?

Options:
A.

Statistical anomaly

B.

Perimeter intrusion

C.

Port scanning

D.

Network spoofing

Questions 193

Which of the following is an effective method for avoiding magnetic media data remanence?

Options:
A.

Degaussing

B.

Encryption

C.

Data Loss Prevention (DLP)

D.

Authentication

Questions 194

An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

Options:
A.

As part of the SLA renewal process

B.

Prior to a planned security audit

C.

Immediately after a security breach

D.

At regularly scheduled meetings

Questions 195

What is the MOST effective countermeasure to a malicious code attack against a mobile system?

Options:
A.

Sandbox

B.

Change control

C.

Memory management

D.

Public-Key Infrastructure (PKI)