Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

examstrack slider

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 16

Which of the following value comparisons MOST accurately reflects the agile development approach?

Options:

A.

Processes and toots over individuals and interactions

B.

Contract negotiation over customer collaboration

C.

Following a plan over responding to change

D.

Working software over comprehensive documentation

Buy Now
Questions 17

What Is a risk of using commercial off-the-shelf (COTS) products?

Options:

A.

COTS products may not map directly to an organization’s security requirements.

B.

COTS products are typically more expensive than developing software in-house.

C.

Cost to implement COTS products is difficult to predict.

D.

Vendors are often hesitant to share their source code.

Buy Now
Questions 18

Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?

Options:

A.

Proxy firewalls

B.

Host-based firewalls

C.

Circuit-level firewalls

D.

Network Address Translation (NAT) firewalls

Buy Now
Questions 19

Which of the following is the BEST approach to implement multiple servers on a virtual system?

Options:

A.

Implement multiple functions per virtual server and apply the same security configuration for each virtual server.

B.

Implement one primary function per virtual server and apply high security configuration on the host operating system.

C.

Implement one primary function per virtual server and apply individual security configuration for each virtual server.

D.

Implement multiple functions within the same virtual server and apply individual security configurations to each function.

Buy Now
Questions 20

What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

Options:

A.

Service Organization Control (SOC) 1 Type 2

B.

Service Organization Control (SOC) 2 Type 1

C.

Service Organization Control (SOC) 1 Type 1

D.

Service Organization Control (SOC) 2 Type 2

Buy Now
Questions 21

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Options:

A.

Mowing users access to files based on their group membership

B.

Allowing users access to files based on username

C.

Allowing users access to files based on the users location at time of access

D.

Allowing users access to files based on the file type

Buy Now
Questions 22

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?

Options:

A.

0

B.

1

C.

2

D.

3

Buy Now
Questions 23

Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?

Options:

A.

Packet capture and false data injection

B.

Packet capture and brute force attack

C.

Node capture 3nd Structured Query Langue (SQL) injection

D.

Node capture and false data injection

Buy Now
Questions 24

Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

Options:

A.

List of open network connections

B.

Display Transmission Control Protocol/Internet Protocol (TCP/IP) network configuration information.

C.

List of running processes

D.

Display the Address Resolution Protocol (APP) table.

Buy Now
Questions 25

Which of the following is included in change management?

Options:

A.

Business continuity testing

B.

User Acceptance Testing (UAT) before implementation

C.

Technical review by business owner

D.

Cost-benefit analysis (CBA) after implementation

Buy Now
Questions 26

Which of the following BEST describes centralized identity management?

Options:

A.

Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

B.

Service providers agree to integrate identity system recognition across organizational boundaries.

C.

Service providers identify an entity by behavior analysis versus an identification factor.

D.

Service providers perform as both the credential and identity provider (IdP).

Buy Now
Questions 27

Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

Options:

A.

Penetration testing

B.

Vulnerability management

C.

Software Development Life Cycle (SDLC)

D.

Life cycle management

Buy Now
Questions 28

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Options:

A.

Business Impact Analysis (BIA)

B.

Security Assessment Report (SAR)

C.

Plan of Action and Milestones {POA&M)

D.

Security Assessment Plan (SAP)

Buy Now
Questions 29

What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?

Options:

A.

Sectors which are not assigned to a perform may contain data that was purposely hidden.

B.

Volume address information for he hard disk may have been modified.

C.

partition tables which are not completely utilized may contain data that was purposely hidden

D.

Physical address information for the hard disk may have been modified.

Buy Now
Questions 30

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the

MOST challenging aspect of this investigation?

Options:

A.

SCADA network latency

B.

Group policy implementation

C.

Volatility of data

D.

Physical access to the system

Buy Now