CISSP4


0

CISSP4

1 / 40

Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

2 / 40

Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

3 / 40

A thorough review of an organization’s audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

4 / 40

Which item below is a federated identity standard?

5 / 40

Which of the following is the MAIN goal of a data retention policy?

6 / 40

Which of the following is the MOST effective attack against cryptographic hardware modules?

7 / 40

Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee’s access.
Which of the following documents explains the proper use of the organization’s assets?

8 / 40

Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote
access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication

9 / 40

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

10 / 40

Which of the following are required components for implementing software configuration management systems?

11 / 40

With data labeling, which of the following MUST be the key decision maker?

12 / 40

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

13 / 40

Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

14 / 40

Which of the following is the BEST countermeasure to brute force login attacks?

15 / 40

Which of the following is a detective access control mechanism?

16 / 40

What is the MOST important reason to configure unique user IDs?

17 / 40

Which of the following is the PRIMARY benefit of a formalized information classification program?

18 / 40

For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

19 / 40

Which of the following is the MOST important element of change management documentation?

20 / 40

What is one way to mitigate the risk of security flaws in custom software?

21 / 40

What is the process called when impact values are assigned to the security objectives for information types?

22 / 40

How does an organization verify that an information system’s current hardware and software match the standard system configuration?

23 / 40

Which of the following describes the BEST configuration management practice?

24 / 40

A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

25 / 40

Software Code signing is used as a method of verifying what security concept?

26 / 40

Data remanence refers to which of the following?

27 / 40

Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?

28 / 40

Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

29 / 40

What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

30 / 40

Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

31 / 40

Discretionary Access Control (DAC) is based on which of the following?

32 / 40

Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

33 / 40

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

34 / 40

The 802.1x standard provides a framework for what?

35 / 40

What does an organization FIRST review to assure compliance with privacy requirements?

36 / 40

Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

37 / 40

How can lessons learned from business continuity training and actual recovery incidents BEST be used?

38 / 40

By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

39 / 40

Which of the following is a reason to use manual patch installation instead of automated patch management?

40 / 40

The BEST method to mitigate the risk of a dictionary attack on a system is to


Leave a Reply

Your email address will not be published. Required fields are marked *