CISSP4


0

CISSP4

1 / 40

An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

2 / 40

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

3 / 40

Which of the following is a critical factor for implementing a successful data classification program?

4 / 40

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

5 / 40

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

6 / 40

With data labeling, which of the following MUST be the key decision maker?

7 / 40

Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?

8 / 40

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

9 / 40

Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee’s access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

10 / 40

Which of the following is an example of two-factor authentication?

11 / 40

What is the MOST important reason to configure unique user IDs?

12 / 40

Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?

13 / 40

Which of the following is the PRIMARY benefit of a formalized information classification program?

14 / 40

According to best practice, which of the following is required when implementing third party software in a production environment?

15 / 40

Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?

16 / 40

Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

17 / 40

Which of the following assures that rules are followed in an identity management architecture?

18 / 40

Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee’s access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

19 / 40

Which of the following BEST describes a Protection Profile (PP)?

20 / 40

Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

21 / 40

While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?

22 / 40

What is the PRIMARY difference between security policies and security procedures?

23 / 40

Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?

24 / 40

What is the process called when impact values are assigned to the security objectives for information types?

25 / 40

An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization’s services.
As part of the authentication process, which of the following must the end user provide?

26 / 40

If compromised, which of the following would lead to the exploitation of multiple virtual machines?

27 / 40

What is the MOST efficient way to secure a production program and its data?

28 / 40

Which of the following is a recommended alternative to an integrated email encryption system?

29 / 40

Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

30 / 40

If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

31 / 40

Retaining system logs for six months or longer can be valuable for what activities?

32 / 40

Which of the following BEST describes a rogue Access Point (AP)?

33 / 40

Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

34 / 40

Which of the following is the BEST method to assess the effectiveness of an organization’s vulnerability management program?

35 / 40

Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

36 / 40

Which of the following explains why record destruction requirements are included in a data retention policy?

37 / 40

Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

38 / 40

An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?

39 / 40

What should happen when an emergency change to a system must be performed?

40 / 40

Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?


Leave a Reply

Your email address will not be published. Required fields are marked *