CISSP3

1

CISSP3

1 / 40

Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

2 / 40

What Is the FIRST step in establishing an information security program?

3 / 40

Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

4 / 40

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

5 / 40

What is the expected outcome of security awareness in support of a security awareness program?

6 / 40

From a security perspective, which of the following assumptions MUST be made about input to an application?

7 / 40

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain.
What could be done on this device in order to obtain proper connectivity?

8 / 40

A minima l implementation of endpoint security includes which of the following?

9 / 40

Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?

10 / 40

Which of the following mandates the amount and complexity of security controls applied to a security risk?

11 / 40

Proven application security principles include which of the following?

12 / 40

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

13 / 40

What is the foundation of cryptographic functions?

14 / 40

Which of the following is the MOST important security goal when performing application interface testing?

15 / 40

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimize s the risk of this happening again?

16 / 40

A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

17 / 40

Attack trees are MOST useful for which of the following?

18 / 40

Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?

19 / 40

The use of private and public encryption keys is fondamental in the implementation of which of the following?

20 / 40

Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

21 / 40

Which of the following is the BEST reason for writing an information security policy?

22 / 40

At a MINIMUM , audits of permissions to individual or group accounts should be scheduled

23 / 40

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

24 / 40

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

25 / 40

A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?

26 / 40

Although code using a specific program language may not be susceptible to a buffer overflow attack,

27 / 40

Which of the following is the MOST important goal of information asset valuation?

28 / 40

Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

29 / 40

Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

30 / 40

From a cryptographic perspective, the service of non-repudiation includes which of the following features?

31 / 40

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

32 / 40

Which of the following information MUST be provided for user account provisioning?

33 / 40

The PRIMARY purpose of accreditation is to:

34 / 40

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

35 / 40

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

36 / 40

What is an advantage of Elliptic Curve Cryptography (ECC)?

37 / 40

What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

38 / 40

A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

39 / 40

What does the Maximum Tolerable Downtime (MTD) determine?

40 / 40

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

We will be happy to hear your thoughts

Leave a reply

tunceli.org
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart