Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 31

Which of the following is TRUE regarding equivalence class testing?

Options:

A.

It is characterized by the stateless behavior of a process implemented In a function.

B.

An entire partition can be covered by considering only one representative value from that partition.

C.

Test inputs are obtained from the derived boundaries of the given functional specifications.

D.

It is useful for testing communications protocols and graphical user interfaces.

Buy Now
Questions 32

Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?

Options:

A.

Assess the business risks.

B.

Formulate alternative strategies.

C.

Determine that all parties are equally protected.

D.

Provide adequate capability for all parties.

E.

Strategy and program management, project delivery, governance, operations

Buy Now
Questions 33

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Options:

A.

Network architecture

B.

Integrity

C.

Identity Management (IdM)

D.

Confidentiality management

Buy Now
Questions 34

What are the three key benefits that application developers should derive from the northbound application-programming interface (API) of software-defined networking (SDN)?

Options:

A.

Familiar syntax, abstraction of network topology, and definition of network protocols

B.

Network syntax, abstraction of network flow, and abstraction of network protocols

C.

Network syntax, abstraction of network commands, and abstraction of network protocols

D.

Familiar syntax, abstraction of network topology, and abstraction of network protocols

Buy Now
Questions 35

Which of the following vulnerabilities can be BEST detected using automated analysis?

Options:

A.

Valid cross-site request forgery (CSRF) vulnerabilities

B.

Multi-step process attack vulnerabilities

C.

Business logic flaw vulnerabilities

D.

Typical source code vulnerabilities

Buy Now
Questions 36

Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?

Options:

A.

Establishing and consenting to the contract work schedule

B.

Issuing a Request for proposal (RFP) with a work statement

C.

Developing software requirements to be included in work statement

D.

Reviewing and accepting software deliverables

Buy Now
Questions 37

What is the BEST design for securing physical perimeter protection?

Options:

A.

Crime Prevention through Environmental Design (CPTED)

B.

Barriers, fences, gates, and walls

C.

Business continuity planning (BCP)

D.

Closed-circuit television (CCTV)

Buy Now
Questions 38

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?

Options:

A.

Public safety, duties to individuals, duties to the profession, and duties to principals

B.

Public safety, duties to principals, duties to individuals, and duties to the profession

C.

Public safety, duties to the profession, duties to principals, and duties to individuals

D.

Public safety, duties to principals, duties to the profession, and duties to individuals

Buy Now
Questions 39

Options:

A.

Require the cloud 1AM provider to use declarative security instead of programmatic authentication checks.

B.

Integrate a Web-Application Firewall (WAF) In reverie-proxy mode in front of the service provider.

C.

Apply Transport layer Security (TLS) to the cloud-based authentication checks.

D.

Install an on-premise Authentication Gateway Service (AGS) In front of the service provider.

Buy Now
Questions 40

What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?

Options:

A.

Key Risk Indicator (KRI)

B.

Threat analysis

C.

Vulnerability analysis

D.

Key Performance Indicator (KPI)

Buy Now
Questions 41

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Buy Now
Questions 42

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Buy Now
Questions 43

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Buy Now
Questions 44

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Buy Now
Questions 45

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Buy Now