Month End Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

CISSP Certified Information Systems Security Professional (CISSP) Questions and Answers

Questions 4

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Buy Now
Questions 5

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Buy Now
Questions 6

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

Options:

A.

User awareness

B.

Two-factor authentication

C.

Anti-phishing software

D.

Periodic vulnerability scan

Buy Now
Questions 7

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

Options:

A.

Reduced risk to internal systems.

B.

Prepare the server for potential attacks.

C.

Mitigate the risk associated with the exposed server.

D.

Bypass the need for a firewall.

Buy Now
Questions 8

Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Options:

A.

The cards have limited memory

B.

Vendor application compatibility

C.

The cards can be misplaced

D.

Mobile code can be embedded in the card

Buy Now
Questions 9

Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

CISSP Question 9

Options:

Buy Now
Questions 10

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Buy Now
Questions 11

Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Options:

A.

The dynamic reconfiguration of systems

B.

The cost of downtime

C.

A recovery strategy for all business processes

D.

A containment strategy

Buy Now
Questions 12

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Buy Now
Questions 13

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Options:

A.

Public Key Infrastructure (PKI) and digital signatures

B.

Trusted server certificates and passphrases

C.

User ID and password

D.

Asymmetric encryption and User ID

Buy Now
Questions 14

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

Options:

A.

Security control baselines, access controls, employee awareness and training

B.

Human resources, asset management, production management

C.

Supply chain lead-time, inventory control, and encryption

D.

Polygraphs, crime statistics, forensics

Buy Now
Questions 15

Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Options:

A.

Ineffective data classification

B.

Lack of data access controls

C.

Ineffective identity management controls

D.

Lack of Data Loss Prevention (DLP) tools

Buy Now
Questions 16

Which of the following are effective countermeasures against passive network-layer attacks?

Options:

A.

Federated security and authenticated access controls

B.

Trusted software development and run time integrity controls

C.

Encryption and security enabled applications

D.

Enclave boundary protection and computing environment defense

Buy Now
Questions 17

Single Sign-On (SSO) is PRIMARILY designed to address which of the following?

Options:

A.

Confidentiality and Integrity

B.

Availability and Accountability

C.

Integrity and Availability

D.

Accountability and Assurance

Buy Now
Questions 18

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Buy Now
Questions 19

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Options:

A.

Ignore the request and do not perform the change.

B.

Perform the change as requested, and rely on the next audit to detect and report the situation.

C.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

D.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

Buy Now
Questions 20

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Buy Now
Questions 21

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Options:

A.

Transference

B.

Covert channel

C.

Bleeding

D.

Cross-talk

Buy Now
Questions 22

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Options:

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Buy Now
Questions 23

An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?

Options:

A.

Application Manager

B.

Database Administrator

C.

Privacy Officer

D.

Finance Manager

Buy Now
Questions 24

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

Options:

A.

exploits weak authentication to penetrate networks.

B.

can be detected with signature analysis.

C.

looks like normal network activity.

D.

is commonly confused with viruses or worms.

Buy Now
Questions 25

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Buy Now
Questions 26

An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Options:

A.

Limits and scope of the testing.

B.

Physical location of server room and wiring closet.

C.

Logical location of filters and concentrators.

D.

Employee directory and organizational chart.

Buy Now
Questions 27

If compromised, which of the following would lead to the exploitation of multiple virtual machines?

Options:

A.

Virtual device drivers

B.

Virtual machine monitor

C.

Virtual machine instance

D.

Virtual machine file system

Buy Now
Questions 28

Which of the following is an advantage of on premise Credential Management Systems?

Options:

A.

Improved credential interoperability

B.

Control over system configuration

C.

Lower infrastructure capital costs

D.

Reduced administrative overhead

Buy Now
Questions 29

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

Options:

A.

Reversal

B.

Gray box

C.

Blind

D.

White box

Buy Now
Questions 30

Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

Options:

A.

Access based on rules

B.

Access based on user's role

C.

Access determined by the system

D.

Access based on data sensitivity

Buy Now
Questions 31

Which of the following PRIMARILY contributes to security incidents in web-based applications?

Options:

A.

Systems administration and operating systems

B.

System incompatibility and patch management

C.

Third-party applications and change controls

D.

Improper stress testing and application interfaces

Buy Now
Questions 32

For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Options:

A.

Challenge response and private key

B.

Digital certificates and Single Sign-On (SSO)

C.

Tokens and passphrase

D.

Smart card and biometrics

Buy Now
Questions 33

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

Options:

A.

Cost effectiveness of business recovery

B.

Cost effectiveness of installing software security patches

C.

Resource priorities for recovery and Maximum Tolerable Downtime (MTD)

D.

Which security measures should be implemented

Buy Now
Questions 34

After acquiring the latest security updates, what must be done before deploying to production systems?

Options:

A.

Use tools to detect missing system patches

B.

Install the patches on a test system

C.

Subscribe to notifications for vulnerabilities

D.

Assess the severity of the situation

Buy Now
Questions 35

Which of the following BEST avoids data reminisce disclosure for cloud hosted resources?

Options:

A.

Strong encryption and deletion of the keys after data is deleted.

B.

Strong encryption and deletion of the virtual host after data is deleted.

C.

Software based encryption with two factor authentication.

D.

Hardware based encryption on dedicated physical servers.

Buy Now
Questions 36

Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

Options:

A.

It must be known to both sender and receiver.

B.

It can be transmitted in the clear as a random number.

C.

It must be retained until the last block is transmitted.

D.

It can be used to encrypt and decrypt information.

Buy Now
Questions 37

The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

Options:

A.

data integrity.

B.

defense in depth.

C.

data availability.

D.

non-repudiation.

Buy Now
Questions 38

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Options:

A.

VPN bandwidth

B.

Simultaneous connection to other networks

C.

Users with Internet Protocol (IP) addressing conflicts

D.

Remote users with administrative rights

Buy Now
Questions 39

In order to assure authenticity, which of the following are required?

Options:

A.

Confidentiality and authentication

B.

Confidentiality and integrity

C.

Authentication and non-repudiation

D.

Integrity and non-repudiation

Buy Now
Questions 40

Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

Options:

A.

Read-through

B.

Parallel

C.

Full interruption

D.

Simulation

Buy Now
Questions 41

In which identity management process is the subject’s identity established?

Options:

A.

Trust

B.

Provisioning

C.

Authorization

D.

Enrollment

Buy Now
Questions 42

Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

Options:

A.

Concept, Development, Production, Utilization, Support, Retirement

B.

Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation

C.

Acquisition, Measurement, Configuration Management, Production, Operation, Support

D.

Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal

Buy Now
Questions 43

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Options:

A.

confidentiality of the traffic is protected.

B.

opportunity to sniff network traffic exists.

C.

opportunity for device identity spoofing is eliminated.

D.

storage devices are protected against availability attacks.

Buy Now
Questions 44

Identify the component that MOST likely lacks digital accountability related to information access.

Click on the correct device in the image below.

CISSP Question 44

Options:

Buy Now
Questions 45

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

Options:

A.

Text editors, database, and Internet phone applications

B.

Email, presentation, and database applications

C.

Image libraries, presentation and spreadsheet applications

D.

Email, media players, and instant messaging applications

Buy Now
Questions 46

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

Options:

A.

Testing phase

B.

Development phase

C.

Requirements definition phase

D.

Operations and maintenance phase

Buy Now
Questions 47

The amount of data that will be collected during an audit is PRIMARILY determined by the.

Options:

A.

audit scope.

B.

auditor's experience level.

C.

availability of the data.

D.

integrity of the data.

Buy Now
Questions 48

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Options:

A.

Identify regulatory requirements

B.

Conduct a risk assessment

C.

Determine business drivers

D.

Review the security baseline configuration

Buy Now
Questions 49

A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of

Options:

A.

asynchronous token.

B.

Single Sign-On (SSO) token.

C.

single factor authentication token.

D.

synchronous token.

Buy Now
Questions 50

Refer to the information below to answer the question.

A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.

The organization should ensure that the third party's physical security controls are in place so that they

Options:

A.

are more rigorous than the original controls.

B.

are able to limit access to sensitive information.

C.

allow access by the organization staff at any time.

D.

cannot be accessed by subcontractors of the third party.

Buy Now
Questions 51

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Options:

A.

Retain intellectual property rights through contractual wording.

B.

Perform overlapping code reviews by both parties.

C.

Verify that the contractors attend development planning meetings.

D.

Create a separate contractor development environment.

Buy Now
Questions 52

An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

Options:

A.

Pending legal hold

B.

Long term data mining needs

C.

Customer makes request to retain

D.

Useful for future business initiatives

Buy Now
Questions 53

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Options:

A.

The inherent risk is greater than the residual risk.

B.

The Annualized Loss Expectancy (ALE) approaches zero.

C.

The expected loss from the risk exceeds mitigation costs.

D.

The infrastructure budget can easily cover the upgrade costs.

Buy Now
Questions 54

What is the MAIN feature that onion routing networks offer?

Options:

A.

Non-repudiation

B.

Traceability

C.

Anonymity

D.

Resilience

Buy Now
Questions 55

Which of the following is the MOST difficult to enforce when using cloud computing?

Options:

A.

Data access

B.

Data backup

C.

Data recovery

D.

Data disposal

Buy Now
Questions 56

Which of the following is a potential risk when a program runs in privileged mode?

Options:

A.

It may serve to create unnecessary code complexity

B.

It may not enforce job separation duties

C.

It may create unnecessary application hardening

D.

It may allow malicious code to be inserted

Buy Now
Questions 57

Which of the following is the FIRST step of a penetration test plan?

Options:

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

Buy Now
Questions 58

What is the MOST effective countermeasure to a malicious code attack against a mobile system?

Options:

A.

Sandbox

B.

Change control

C.

Memory management

D.

Public-Key Infrastructure (PKI)

Buy Now
Questions 59

When is a Business Continuity Plan (BCP) considered to be valid?

Options:

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Buy Now
Questions 60

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Buy Now
Questions 61

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Buy Now
Questions 62

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Buy Now
Questions 63

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Options:

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Buy Now
Questions 64

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Options:

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Buy Now
Questions 65

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Buy Now
Questions 66

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Buy Now
Questions 67

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Buy Now
Questions 68

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Options:

A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

Buy Now
Questions 69

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.

In the plan, what is the BEST approach to mitigate future internal client-based attacks?

Options:

A.

Block all client side web exploits at the perimeter.

B.

Remove all non-essential client-side web services from the network.

C.

Screen for harmful exploits of client-side services before implementation.

D.

Harden the client image before deployment.

Buy Now
Questions 70

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

What MUST the access control logs contain in addition to the identifier?

Options:

A.

Time of the access

B.

Security classification

C.

Denied access attempts

D.

Associated clearance

Buy Now
Questions 71

Which of the following violates identity and access management best practices?

Options:

A.

User accounts

B.

System accounts

C.

Generic accounts

D.

Privileged accounts

Buy Now
Questions 72

Which of the following is the BEST reason to review audit logs periodically?

Options:

A.

Verify they are operating properly

B.

Monitor employee productivity

C.

Identify anomalies in use patterns

D.

Meet compliance regulations

Buy Now
Questions 73

When transmitting information over public networks, the decision to encrypt it should be based on

Options:

A.

the estimated monetary value of the information.

B.

whether there are transient nodes relaying the transmission.

C.

the level of confidentiality of the information.

D.

the volume of the information.

Buy Now
Questions 74

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

CISSP Question 74

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?

Options:

A.

User A

B.

User B

C.

User C

D.

User D

Buy Now
Questions 75

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Which of the following is considered the MOST important priority for the information security officer?

Options:

A.

Formal acceptance of the security strategy

B.

Disciplinary actions taken against unethical behavior

C.

Development of an awareness program for new employees

D.

Audit of all organization system configurations for faults

Buy Now
Questions 76

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will be the PRIMARY security concern as staff is released from the organization?

Options:

A.

Inadequate IT support

B.

Loss of data and separation of duties

C.

Undocumented security controls

D.

Additional responsibilities for remaining staff

Buy Now
Questions 77

What is the PRIMARY advantage of using automated application security testing tools?

Options:

A.

The application can be protected in the production environment.

B.

Large amounts of code can be tested using fewer resources.

C.

The application will fail less when tested using these tools.

D.

Detailed testing of code functions can be performed.

Buy Now
Questions 78

Which of the following are required components for implementing software configuration management systems?

Options:

A.

Audit control and signoff

B.

User training and acceptance

C.

Rollback and recovery processes

D.

Regression testing and evaluation

Buy Now
Questions 79

Which of the following MOST influences the design of the organization's electronic monitoring policies?

Options:

A.

Workplace privacy laws

B.

Level of organizational trust

C.

Results of background checks

D.

Business ethical considerations

Buy Now
Questions 80

Which of the following is an example of two-factor authentication?

Options:

A.

Retina scan and a palm print

B.

Fingerprint and a smart card

C.

Magnetic stripe card and an ID badge

D.

Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Buy Now
Questions 81

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Options:

A.

Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.

B.

Use Secure Sockets Layer (SSL) VPN technology.

C.

Use Secure Shell (SSH) with public/private keys.

D.

Require students to purchase home router capable of VPN.

Buy Now
Questions 82

A continuous information security-monitoring program can BEST reduce risk through which of the following?

Options:

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Buy Now
Questions 83

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Buy Now
Questions 84

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Options:

A.

25%

B.

50%

C.

75%

D.

100%

Buy Now
Questions 85

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device.

Which of the following is MOST effective to mitigate future infections?

Options:

A.

Develop a written organizational policy prohibiting unauthorized USB devices

B.

Train users on the dangers of transferring data in USB devices

C.

Implement centralized technical control of USB port connections

D.

Encrypt removable USB devices containing data at rest

Buy Now
Questions 86

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Buy Now
Questions 87

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Buy Now
Questions 88

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Buy Now
Questions 89

In a basic SYN flood attack, what is the attacker attempting to achieve?

Options:

A.

Exceed the threshold limit of the connection queue for a given service

B.

Set the threshold to zero for a given service

C.

Cause the buffer to overflow, allowing root access

D.

Flush the register stack, allowing hijacking of the root account

Buy Now
Questions 90

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Options:

A.

To assist data owners in making future sensitivity and criticality determinations

B.

To assure the software development team that all security issues have been addressed

C.

To verify that security protection remains acceptable to the organizational security policy

D.

To help the security team accept or reject new systems for implementation and production

Buy Now
Questions 91

Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

Options:

A.

Cross Origin Resource Sharing (CORS)

B.

WebSockets

C.

Document Object Model (DOM) trees

D.

Web Interface Definition Language (IDL)

Buy Now
Questions 92

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

Options:

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Buy Now
Questions 93

Which of the following would be the FIRST step to take when implementing a patch management program?

Options:

A.

Perform automatic deployment of patches.

B.

Monitor for vulnerabilities and threats.

C.

Prioritize vulnerability remediation.

D.

Create a system inventory.

Buy Now
Questions 94

The FIRST step in building a firewall is to

Options:

A.

assign the roles and responsibilities of the firewall administrators.

B.

define the intended audience who will read the firewall policy.

C.

identify mechanisms to encourage compliance with the policy.

D.

perform a risk analysis to identify issues to be addressed.

Buy Now
Questions 95

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

Options:

A.

Determining the probability that the system functions safely during any time period

B.

Quantifying the system's available services

C.

Identifying the number of security flaws within the system

D.

Measuring the system's integrity in the presence of failure

Buy Now
Questions 96

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Options:

A.

Contractual requirements for code quality

B.

Licensing, code ownership and intellectual property rights

C.

Certification of the quality and accuracy of the work done

D.

Delivery dates, change management control and budgetary control

Buy Now
Questions 97

Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

Options:

A.

Integration with organizational directory services for authentication

B.

Tokenization of data

C.

Accommodation of hybrid deployment models

D.

Identification of data location

Buy Now
Questions 98

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Options:

A.

Programs that write to system resources

B.

Programs that write to user directories

C.

Log files containing sensitive information

D.

Log files containing system calls

Buy Now
Questions 99

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Options:

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

Buy Now
Questions 100

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Options:

A.

Interface with the Public Key Infrastructure (PKI)

B.

Improve the quality of security software

C.

Prevent Denial of Service (DoS) attacks

D.

Establish a secure initial state

Buy Now
Questions 101

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

Options:

A.

Smurf

B.

Rootkit exploit

C.

Denial of Service (DoS)

D.

Cross site scripting (XSS)

Buy Now
Questions 102

Which of the following is an appropriate source for test data?

Options:

A.

Production data that is secured and maintained only in the production environment.

B.

Test data that has no similarities to production datA.

C.

Test data that is mirrored and kept up-to-date with production datA.

D.

Production data that has been sanitized before loading into a test environment.

Buy Now
Questions 103

A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

Options:

A.

Trojan horse

B.

Denial of Service (DoS)

C.

Spoofing

D.

Man-in-the-Middle (MITM)

Buy Now
Questions 104

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Options:

A.

Trusted path

B.

Malicious logic

C.

Social engineering

D.

Passive misuse

Buy Now
Questions 105

A disadvantage of an application filtering firewall is that it can lead to

Options:

A.

a crash of the network as a result of user activities.

B.

performance degradation due to the rules applied.

C.

loss of packets on the network due to insufficient bandwidth.

D.

Internet Protocol (IP) spoofing by hackers.

Buy Now
Questions 106

Which of the following is an essential element of a privileged identity lifecycle management?

Options:

A.

Regularly perform account re-validation and approval

B.

Account provisioning based on multi-factor authentication

C.

Frequently review performed activities and request justification

D.

Account information to be provided by supervisor or line manager

Buy Now
Questions 107

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

Options:

A.

Program change control

B.

Regression testing

C.

Export exception control

D.

User acceptance testing

Buy Now
Questions 108

A vulnerability test on an Information System (IS) is conducted to

Options:

A.

exploit security weaknesses in the IS.

B.

measure system performance on systems with weak security controls.

C.

evaluate the effectiveness of security controls.

D.

prepare for Disaster Recovery (DR) planning.

Buy Now
Questions 109

Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

Options:

A.

An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.

B.

An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.

C.

An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.

D.

An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.

Buy Now
Questions 110

Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Options:

A.

reduce the detected object temperature in relation to the background temperature.

B.

increase the detected object temperature in relation to the background temperature.

C.

automatically compensate for variance in background temperature.

D.

detect objects of a specific temperature independent of the background temperature.

Buy Now
Questions 111

As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

Options:

A.

overcome the problems of key assignments.

B.

monitor the opening of windows and doors.

C.

trigger alarms when intruders are detected.

D.

lock down a facility during an emergency.

Buy Now
Questions 112

Logical access control programs are MOST effective when they are

Options:

A.

approved by external auditors.

B.

combined with security token technology.

C.

maintained by computer security officers.

D.

made part of the operating system.

Buy Now
Questions 113

Which one of the following considerations has the LEAST impact when considering transmission security?

Options:

A.

Network availability

B.

Data integrity

C.

Network bandwidth

D.

Node locations

Buy Now
Questions 114

An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

Options:

A.

As part of the SLA renewal process

B.

Prior to a planned security audit

C.

Immediately after a security breach

D.

At regularly scheduled meetings

Buy Now
Questions 115

What principle requires that changes to the plaintext affect many parts of the ciphertext?

Options:

A.

Diffusion

B.

Encapsulation

C.

Obfuscation

D.

Permutation

Buy Now
Questions 116

An advantage of link encryption in a communications network is that it

Options:

A.

makes key management and distribution easier.

B.

protects data from start to finish through the entire network.

C.

improves the efficiency of the transmission.

D.

encrypts all information, including headers and routing information.

Buy Now
Questions 117

Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Options:

A.

Detection

B.

Prevention

C.

Investigation

D.

Correction

Buy Now
Questions 118

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?

Options:

A.

Diffie-hellman (DH) key exchange: DH (>=2048 bits)

Symmetric Key: Advanced Encryption Standard (AES) > 128 bits

Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)

B.

Diffie-hellman (DH) key exchange: DH (>=2048 bits)

Symmetric Key: Advanced Encryption Standard (AES) > 128 bits

Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)

C.

Diffie-hellman (DH) key exchange: DH (<= 1024 bits)

Symmetric Key: Blowfish

Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)

D.

Diffie-hellman (DH) key exchange: DH (>=2048 bits)

Symmetric Key: Advanced Encryption Standard (AES) < 128 bits

Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)

Buy Now
Questions 119

Which of the following is the MOST secure password technique?

Options:

A.

Passphrase

B.

One-time password

C.

Cognitive password

D.

dphertext

Buy Now
Questions 120

In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

Options:

A.

Source code review

B.

Acceptance testing

C.

Threat modeling

D.

Automated testing

Buy Now
Questions 121

If traveling abroad and a customs official demands to examine a personal computer, which of the following should be assumed?

Options:

A.

The hard drive has been stolen.

B.

The Internet Protocol (IP) address has been copied.

C.

The hard drive has been copied.

D.

The Media Access Control (MAC) address was stolen

Buy Now
Questions 122

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Options:

A.

Principle of Least Privilege

B.

Principle of Separation of Duty

C.

Principle of Secure Default

D.

principle of Fail Secure

Buy Now
Questions 123

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?

Options:

A.

Establish an ISCM technical architecture.

B.

Collect the security-related information required for metrics, assessments, and reporting.

C.

Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.

D.

Define an ISCM strategy based on risk tolerance.

Buy Now
Questions 124

Which of the following initiates the systems recovery phase of a disaster recovery plan?

Options:

A.

Issuing a formal disaster declaration

B.

Activating the organization's hot site

C.

Evacuating the disaster site

D.

Assessing the extent of damage following the disaster

Buy Now
Questions 125

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?

Options:

A.

Public safety, duties to individuals, duties to the profession, and duties to principals

B.

Public safety, duties to principals, duties to individuals, and duties to the profession

C.

Public safety, duties to the profession, duties to principals, and duties to individuals

D.

Public safety, duties to principals, duties to the profession, and duties to individuals

Buy Now
Questions 126

According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines?

Options:

A.

Level 0: Incomplete

B.

Level 1: Performed

C.

Level 2: Managed

D.

Level 3: Defined

Buy Now
Questions 127

What is the correct order of execution for security architecture?

Options:

A.

Governance, strategy and program management, project delivery, operations

B.

Strategy and program management, governance, project delivery, operations

C.

Governance, strategy and program management, operations, project delivery

D.

Strategy and program management, project delivery, governance, operations

Buy Now
Questions 128

What Is a risk of using commercial off-the-shelf (COTS) products?

Options:

A.

COTS products may not map directly to an organization’s security requirements.

B.

COTS products are typically more expensive than developing software in-house.

C.

Cost to implement COTS products is difficult to predict.

D.

Vendors are often hesitant to share their source code.

Buy Now
Questions 129

Which of the following determines how traffic should flow based on the status of the infrastructure layer?

Options:

A.

Traffic plane

B.

Application plane

C.

Data plane

D.

Control plane

Buy Now
Questions 130

Spyware is BEST described as

Options:

A.

data mining for advertising.

B.

a form of cyber-terrorism,

C.

an information gathering technique,

D.

a web-based attack.

Buy Now
Questions 131

In an IDEAL encryption system, who has sole access to the decryption key?

Options:

A.

System owner

B.

Data owner

C.

Data custodian

D.

System administrator

Buy Now
Questions 132

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.

Which of the following is the BEST way to prevent access privilege creep?

Options:

A.

Implementing Identity and Access Management (IAM) solution

B.

Time-based review and certification

C.

Internet audit

D.

Trigger-based review and certification

Buy Now
Questions 133

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Buy Now
Questions 134

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Buy Now
Questions 135

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Buy Now
Questions 136

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Buy Now
Questions 137

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Buy Now
Questions 138

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Buy Now
Questions 139

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Buy Now
Questions 140

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Buy Now
Questions 141

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Buy Now
Questions 142

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Buy Now
Questions 143

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Buy Now
Questions 144

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Buy Now
Questions 145

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Buy Now
Questions 146

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Buy Now
Questions 147

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Buy Now
Questions 148

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Buy Now
Questions 149

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Buy Now
Questions 150

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Buy Now
Questions 151

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Buy Now
Questions 152

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Buy Now
Questions 153

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Buy Now
Questions 154

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Buy Now
Questions 155

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Buy Now
Questions 156

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Buy Now
Questions 157

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Buy Now
Questions 158

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Buy Now
Questions 159

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Buy Now
Questions 160

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Buy Now
Questions 161

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Buy Now
Questions 162

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Buy Now
Questions 163

Which of the following methods provides the MOST protection for user credentials?

Options:

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

Buy Now
Questions 164

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Buy Now
Questions 165

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Buy Now
Questions 166

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Buy Now
Questions 167

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Buy Now
Questions 168

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Buy Now
Questions 169

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Buy Now
Questions 170

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Buy Now
Questions 171

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Buy Now
Questions 172

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Buy Now
Questions 173

After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?

Options:

A.

Implement strong passwords authentication for VPN

B.

Integrate the VPN with centralized credential stores

C.

Implement an Internet Protocol Security (IPSec) client

D.

Use two-factor authentication mechanisms

Buy Now
Questions 174

As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

Options:

A.

Data classification policy

B.

Software and hardware inventory

C.

Remediation recommendations

D.

Names of participants

Buy Now
Questions 175

What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

Options:

A.

Information security practitioner

B.

Information librarian

C.

Computer operator

D.

Network administrator

Buy Now
Exam Code: CISSP
Exam Name: Certified Information Systems Security Professional (CISSP)
Last Update: Apr 28, 2025
Questions: 1486

PDF + Testing Engine

$179.7  $599

Testing Engine

$134.7  $449
buy now CISSP testing engine

PDF (Q&A)

$119.7  $399
buy now CISSP pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 28 Apr 2025