Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 61

What is the MAIN goal of information security awareness and training?

Options:

A.

To inform users of the latest malware threats

B.

To inform users of information assurance responsibilities

C.

To comply with the organization information security policy

D.

To prepare students for certification

Buy Now
Questions 62

Which of the following management process allows ONLY those services required for users to accomplish

their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Options:

A.

Configuration

B.

Identity

C.

Compliance

D.

Patch

Buy Now
Questions 63

When conducting a security assessment of access controls, which activity is part of the data analysis phase?

Options:

A.

Present solutions to address audit exceptions.

B.

Conduct statistical sampling of data transactions.

C.

Categorize and identify evidence gathered during the audit.

D.

Collect logs and reports.

Buy Now
Questions 64

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Options:

A.

Transport layer handshake compression

B.

Application layer negotiation

C.

Peer identity authentication

D.

Digital certificate revocation

Buy Now
Questions 65

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access

Management (IAM) solution?

Options:

A.

Application connection successes resulting in data leakage

B.

Administrative costs for restoring systems after connection failure

C.

Employee system timeouts from implementing wrong limits

D.

Help desk costs required to support password reset requests

Buy Now
Questions 66

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Options:

A.

Code quality, security, and origin

B.

Architecture, hardware, and firmware

C.

Data quality, provenance, and scaling

D.

Distributed, agile, and bench testing

Buy Now
Questions 67

Which of the following is a characteristic of an internal audit?

Options:

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Buy Now
Questions 68

Mandatory Access Controls (MAC) are based on:

Options:

A.

security classification and security clearance

B.

data segmentation and data classification

C.

data labels and user access permissions

D.

user roles and data encryption

Buy Now
Questions 69

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this

happening again?

Options:

A.

Define additional security controls directly after the merger

B.

Include a procurement officer in the merger team

C.

Verify all contracts before a merger occurs

D.

Assign a compliancy officer to review the merger conditions

Buy Now
Questions 70

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization’s systems?

Options:

A.

Standardized configurations for devices

B.

Standardized patch testing equipment

C.

Automated system patching

D.

Management support for patching

Buy Now
Questions 71

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Buy Now
Questions 72

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Buy Now
Questions 73

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Buy Now
Questions 74

When is a Business Continuity Plan (BCP) considered to be valid?

Options:

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Buy Now
Questions 75

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Buy Now