Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 46

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Buy Now
Questions 47

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Buy Now
Questions 48

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

Options:

A.

Purging

B.

Encryption

C.

Destruction

D.

Clearing

Buy Now
Questions 49

Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

Options:

A.

Ensures that a trace for all deliverables is maintained and auditable

B.

Enforces backward compatibility between releases

C.

Ensures that there is no loss of functionality between releases

D.

Allows for future enhancements to existing features

Buy Now
Questions 50

Which Identity and Access Management (IAM) process can be used to maintain the principle of least

privilege?

Options:

A.

identity provisioning

B.

access recovery

C.

multi-factor authentication (MFA)

D.

user access review

Buy Now
Questions 51

Which of the following is the MOST common method of memory protection?

Options:

A.

Compartmentalization

B.

Segmentation

C.

Error correction

D.

Virtual Local Area Network (VLAN) tagging

Buy Now
Questions 52

Match the functional roles in an external audit to their responsibilities.

Drag each role on the left to its corresponding responsibility on the right.

Select and Place:

CISSP Question 52

Options:

Buy Now
Questions 53

What capability would typically be included in a commercially available software package designed for access control?

Options:

A.

Password encryption

B.

File encryption

C.

Source library control

D.

File authentication

Buy Now
Questions 54

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Options:

A.

Systems owner

B.

Authorizing Official (AO)

C.

Information owner

D.

Security officer

Buy Now
Questions 55

Proven application security principles include which of the following?

Options:

A.

Minimizing attack surface area

B.

Hardening the network perimeter

C.

Accepting infrastructure security controls

D.

Developing independent modules

Buy Now
Questions 56

When developing a business case for updating a security program, the security program owner MUST do

which of the following?

Options:

A.

Identify relevant metrics

B.

Prepare performance test reports

C.

Obtain resources for the security program

D.

Interview executive management

Buy Now
Questions 57

What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

Options:

A.

In a dedicated Demilitarized Zone (DMZ)

B.

In its own separate Virtual Local Area Network (VLAN)

C.

At the Internet Service Provider (ISP)

D.

Outside the external firewall

Buy Now
Questions 58

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed

to have gratuitous Address Resolution Protocol (ARP) disabled.

Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Options:

A.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

B.

Gratuitous ARP requires the use of insecure layer 3 protocols.

C.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

D.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Buy Now
Questions 59

Which of the following is the MOST challenging issue in apprehending cyber criminals?

Options:

A.

They often use sophisticated method to commit a crime.

B.

It is often hard to collect and maintain integrity of digital evidence.

C.

The crime is often committed from a different jurisdiction.

D.

There is often no physical evidence involved.

Buy Now
Questions 60

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts

that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

Options:

A.

Enumeration

B.

Reporting

C.

Detection

D.

Discovery

Buy Now