CISSP2

1

CISSP3

1 / 40

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes
to production programs?

2 / 40

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear
text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS).
Which of the following is the analyst's next step?

3 / 40

What is the MAIN goal of information security awareness and training?

4 / 40

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the
end of which phase?

5 / 40

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?

6 / 40

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

7 / 40

Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?

8 / 40

Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

9 / 40

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

10 / 40

Which of the following access management procedures would minimize the possibility of an organization's employees retaining access to secure werk areas after they change roles?

11 / 40

Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system?

12 / 40

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimize s the risk of this happening again?

13 / 40

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

14 / 40

Attack trees are MOST useful for which of the following?

15 / 40

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

16 / 40

What does a Synchronous (SYN) flood attack do?

17 / 40

The use of private and public encryption keys is fondamental in the implementation of which of the following?

18 / 40

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

19 / 40

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.
Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

20 / 40

Intellectual property right are PRIMARILY concerned with which of the following?

21 / 40

Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?

22 / 40

What is the PRIMARY goal of fault tolerance?

23 / 40

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?

24 / 40

Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

25 / 40

Which of the following is the BEST reason for writing an information security policy?

26 / 40

What is the MAIN purpose of a change management policy?

27 / 40

Which of the following is needed to securely distribute symmetric cryptographic keys?

28 / 40

Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

29 / 40

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

30 / 40

In which identity management process is the subject's identity established?

31 / 40

What is the BEST way to encrypt web application communications?

32 / 40

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

33 / 40

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

34 / 40

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

35 / 40

What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

36 / 40

For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?

37 / 40

A vulnerability in which of the following components would be MOST difficult to detect?

38 / 40

Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

39 / 40

Backup information that is critical to the organization is identified through a

40 / 40

Which of the following is an advantage of on-premise Credential Management Systems?

We will be happy to hear your thoughts

Leave a reply

tunceli.org
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart