Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 196

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

Options:

A.

flexible.

B.

confidential.

C.

focused.

D.

achievable.

Buy Now
Questions 197

In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Options:

A.

Communication

B.

Planning

C.

Recovery

D.

Escalation

Buy Now
Questions 198

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

Options:

A.

hardened building construction with consideration of seismic factors.

B.

adequate distance from and lack of access to adjacent buildings.

C.

curved roads approaching the data center.

D.

proximity to high crime areas of the city.

Buy Now
Questions 199

Which one of the following is a fundamental objective in handling an incident?

Options:

A.

To restore control of the affected systems

B.

To confiscate the suspect's computers

C.

To prosecute the attacker

D.

To perform full backups of the system

Buy Now
Questions 200

When transmitting information over public networks, the decision to encrypt it should be based on

Options:

A.

the estimated monetary value of the information.

B.

whether there are transient nodes relaying the transmission.

C.

the level of confidentiality of the information.

D.

the volume of the information.

Buy Now
Questions 201

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

Options:

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Point-to-Point Protocol (PPP)

C.

Extensible Authentication Protocol (EAP)

D.

Password Authentication Protocol (PAP)

Buy Now
Questions 202

Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

Options:

A.

Immediately document the finding and report to senior management.

B.

Use system privileges to alter the permissions to secure the server

C.

Continue the testing to its completion and then inform IT management

D.

Terminate the penetration test and pass the finding to the server management team

Buy Now
Questions 203

Which one of the following is a threat related to the use of web-based client side input validation?

Options:

A.

Users would be able to alter the input after validation has occurred

B.

The web server would not be able to validate the input after transmission

C.

The client system could receive invalid input from the web server

D.

The web server would not be able to receive invalid input from the client

Buy Now
Questions 204

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options:

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Buy Now
Questions 205

Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

Options:

A.

Simple Mail Transfer Protocol (SMTP) blacklist

B.

Reverse Domain Name System (DNS) lookup

C.

Hashing algorithm

D.

Header analysis

Buy Now
Questions 206

Which one of the following describes granularity?

Options:

A.

Maximum number of entries available in an Access Control List (ACL)

B.

Fineness to which a trusted system can authenticate users

C.

Number of violations divided by the number of total accesses

D.

Fineness to which an access control system can be adjusted

Buy Now
Questions 207

An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

Options:

A.

The behavior is ethical because the tool will be used to create a better virus scanner.

B.

The behavior is ethical because any experienced programmer could create such a tool.

C.

The behavior is not ethical because creating any kind of virus is bad.

D.

The behavior is not ethical because such a tool could be leaked on the Internet.

Buy Now
Questions 208

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

Options:

A.

monthly.

B.

quarterly.

C.

annually.

D.

bi-annually.

Buy Now
Questions 209

Which security action should be taken FIRST when computer personnel are terminated from their jobs?

Options:

A.

Remove their computer access

B.

Require them to turn in their badge

C.

Conduct an exit interview

D.

Reduce their physical access level to the facility

Buy Now
Questions 210

A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

Options:

A.

Trojan horse

B.

Denial of Service (DoS)

C.

Spoofing

D.

Man-in-the-Middle (MITM)

Buy Now