New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ISC CISSP Practice Exam with Questions & Answers | Set: 12

Questions 166

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

Options:
A.

Increasing the amount of audits performed by third parties

B.

Removing privileged accounts from operational staff

C.

Assigning privileged functions to appropriate staff

D.

Separating the security function into distinct roles

ISC CISSP Premium Access
Questions 167

Which of the following violates identity and access management best practices?

Options:
A.

User accounts

B.

System accounts

C.

Generic accounts

D.

Privileged accounts

Questions 168

The amount of data that will be collected during an audit is PRIMARILY determined by the.

Options:
A.

audit scope.

B.

auditor's experience level.

C.

availability of the data.

D.

integrity of the data.

Questions 169

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Options:
A.

Immediately call the police

B.

Work with the client to resolve the issue internally

C.

Advise the person performing the illegal activity to cease and desist

D.

Work with the client to report the activity to the appropriate authority

Questions 170

What component of a web application that stores the session state in a cookie an attacker can bypass?

Options:
A.

An initialization check

B.

An identification check

C.

An authentication check

D.

An authorization check

Questions 171

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Options:
A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

Questions 172

Which of the following is a detective access control mechanism?

Options:
A.

Log review

B.

Least privilege

C.

Password complexity

D.

Non-disclosure agreement

Questions 173

If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

Options:
A.

default gateway.

B.

attacker's address.

C.

local interface being attacked.

D.

specified source address.

Questions 174

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Options:
A.

A lack of baseline standards

B.

Improper documentation of security guidelines

C.

A poorly designed security policy communication program

D.

Host-based Intrusion Prevention System (HIPS) policies are ineffective

Questions 175

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Options:
A.

The inherent risk is greater than the residual risk.

B.

The Annualized Loss Expectancy (ALE) approaches zero.

C.

The expected loss from the risk exceeds mitigation costs.

D.

The infrastructure budget can easily cover the upgrade costs.

Questions 176

Which one of the following transmission media is MOST effective in preventing data interception?

Options:
A.

Microwave

B.

Twisted-pair

C.

Fiber optic

D.

Coaxial cable

Questions 177

Which of the following would be the FIRST step to take when implementing a patch management program?

Options:
A.

Perform automatic deployment of patches.

B.

Monitor for vulnerabilities and threats.

C.

Prioritize vulnerability remediation.

D.

Create a system inventory.

Questions 178

The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

Options:
A.

INSERT and DELETE.

B.

GRANT and REVOKE.

C.

PUBLIC and PRIVATE.

D.

ROLLBACK and TERMINATE.

Questions 179

Which of the following is considered best practice for preventing e-mail spoofing?

Options:
A.

Spam filtering

B.

Cryptographic signature

C.

Uniform Resource Locator (URL) filtering

D.

Reverse Domain Name Service (DNS) lookup

Questions 180

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

Options:
A.

log auditing.

B.

code reviews.

C.

impact assessments.

D.

static analysis.