Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 106

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Buy Now
Questions 107

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Buy Now
Questions 108

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Buy Now
Questions 109

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Buy Now
Questions 110

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Buy Now
Questions 111

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Buy Now
Questions 112

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Buy Now
Questions 113

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Buy Now
Questions 114

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Buy Now
Questions 115

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Buy Now
Questions 116

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Buy Now
Questions 117

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Buy Now
Questions 118

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Buy Now
Questions 119

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

Options:

A.

Risk versus benefit

B.

Availability versus auditability

C.

Confidentiality versus integrity

D.

Performance versus user satisfaction

Buy Now
Questions 120

What type of encryption is used to protect sensitive data in transit over a network?

Options:

A.

Payload encryption and transport encryption

B.

Authentication Headers (AH)

C.

Keyed-Hashing for Message Authentication

D.

Point-to-Point Encryption (P2PE)

Buy Now