Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

examstrack slider

How to Easily Pass the ISC CISSP Exam: Expert Advice

Questions 1

Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

Options:

A.

Single Sign-On (SSO) authentication support

B.

Privileged user authentication support

C.

Password reset service support

D.

Terminal Access Controller Access Control System (TACACS) authentication support

Buy Now
Questions 2

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.

Which of the following is the GREATEST impact on security for the network?

Options:

A.

The network administrators have no knowledge of ICS

B.

The ICS is now accessible from the office network

C.

The ICS does not support the office password policy

D.

RS422 is more reliable than Ethernet

Buy Now
Questions 3

Which of the following is a responsibility of the information owner?

Options:

A.

Ensure that users and personnel complete the required security training to access the Information System

(IS)

B.

Defining proper access to the Information System (IS), including privileges or access rights

C.

Managing identification, implementation, and assessment of common security controls

D.

Ensuring the Information System (IS) is operated according to agreed upon security requirements

Buy Now
Questions 4

What is the expected outcome of security awareness in support of a security awareness program?

Options:

A.

Awareness activities should be used to focus on security concerns and respond to those concerns

accordingly

B.

Awareness is not an activity or part of the training but rather a state of persistence to support the program

C.

Awareness is training. The purpose of awareness presentations is to broaden attention of security.

D.

Awareness is not training. The purpose of awareness presentation is simply to focus attention on security.

Buy Now
Questions 5

Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Options:

A.

Truncating parts of the data

B.

Applying Access Control Lists (ACL) to the data

C.

Appending non-watermarked data to watermarked data

D.

Storing the data in a database

Buy Now
Questions 6

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Buy Now
Questions 7

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Buy Now
Questions 8

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Buy Now
Questions 9

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Buy Now
Questions 10

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Buy Now
Questions 11

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Buy Now
Questions 12

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Buy Now
Questions 13

Which of the following is a peor entity authentication method for Point-to-Point

Protocol (PPP)?

Options:

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Message Authentication Code (MAC)

C.

Transport Layer Security (TLS) handshake protocol

D.

Challenge-response authentication mechanism

Buy Now
Questions 14

Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?

Options:

A.

The performance and resource utilization of tools

B.

The quality of results and usability of tools

C.

An understanding of the attack surface

D.

Adaptability of testing tools to multiple technologies

Buy Now
Questions 15

Which of the following is a secure design principle for a new product?

Options:

A.

Build in appropriate levels of fault tolerance.

B.

Utilize obfuscation whenever possible.

C.

Do not rely on previously used code.

D.

Restrict the use of modularization.

Buy Now