Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 121

What is the MOST effective method of testing custom application code?

Options:

A.

Negative testing

B.

White box testing

C.

Penetration testing

D.

Black box testing

Buy Now
Questions 122

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Options:

A.

Delete every file on each drive.

B.

Destroy the partition table for each drive using the command line.

C.

Degauss each drive individually.

D.

Perform multiple passes on each drive using approved formatting methods.

Buy Now
Questions 123

Which of the following has the GREATEST impact on an organization's security posture?

Options:

A.

International and country-specific compliance requirements

B.

Security violations by employees and contractors

C.

Resource constraints due to increasing costs of supporting security

D.

Audit findings related to employee access and permissions process

Buy Now
Questions 124

Which of the following is the PRIMARY benefit of implementing data-in-use controls?

Options:

A.

If the data is lost, it must be decrypted to be opened.

B.

If the data is lost, it will not be accessible to unauthorized users.

C.

When the data is being viewed, it can only be printed by authorized users.

D.

When the data is being viewed, it must be accessed using secure protocols.

Buy Now
Questions 125

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Options:

A.

Into the options field

B.

Between the delivery header and payload

C.

Between the source and destination addresses

D.

Into the destination address

Buy Now
Questions 126

Which of the following BEST describes a rogue Access Point (AP)?

Options:

A.

An AP that is not protected by a firewall

B.

An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)

C.

An AP connected to the wired infrastructure but not under the management of authorized network administrators

D.

An AP infected by any kind of Trojan or Malware

Buy Now
Questions 127

What is the BEST way to encrypt web application communications?

Options:

A.

Secure Hash Algorithm 1 (SHA-1)

B.

Secure Sockets Layer (SSL)

C.

Cipher Block Chaining Message Authentication Code (CBC-MAC)

D.

Transport Layer Security (TLS)

Buy Now
Questions 128

Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

Options:

A.

Delayed revocation or destruction of credentials

B.

Modification of Certificate Revocation List

C.

Unauthorized renewal or re-issuance

D.

Token use after decommissioning

Buy Now
Questions 129

Secure Sockets Layer (SSL) encryption protects

Options:

A.

data at rest.

B.

the source IP address.

C.

data transmitted.

D.

data availability.

Buy Now
Questions 130

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

Options:

A.

Transport Layer

B.

Data-Link Layer

C.

Network Layer

D.

Application Layer

Buy Now
Questions 131

How does an organization verify that an information system's current hardware and software match the standard system configuration?

Options:

A.

By reviewing the configuration after the system goes into production

B.

By running vulnerability scanning tools on all devices in the environment

C.

By comparing the actual configuration of the system against the baseline

D.

By verifying all the approved security patches are implemented

Buy Now
Questions 132

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Options:

A.

Data at rest encryption

B.

Configuration Management

C.

Integrity checking software

D.

Cyclic redundancy check (CRC)

Buy Now
Questions 133

Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?

Options:

A.

It is useful for testing communications protocols and graphical user interfaces.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

Test inputs are obtained from the derived threshold of the given functional specifications.

D.

An entire partition can be covered by considering only one representative value from that partition.

Buy Now
Questions 134

An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Options:

A.

Limits and scope of the testing.

B.

Physical location of server room and wiring closet.

C.

Logical location of filters and concentrators.

D.

Employee directory and organizational chart.

Buy Now
Questions 135

In order to assure authenticity, which of the following are required?

Options:

A.

Confidentiality and authentication

B.

Confidentiality and integrity

C.

Authentication and non-repudiation

D.

Integrity and non-repudiation

Buy Now