CISSP5

0

CISSP5

1 / 40

Which of the following statements pertaining to VPN protocol standards is false?

2 / 40

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

3 / 40

In a data classification scheme, the data is owned by the

4 / 40

Which of the following is MOST important when assigning ownership of an asset to a department?

5 / 40

Which one of the following affects the classification of data?

6 / 40

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?

7 / 40

When implementing a data classification program, why is it important to avoid too much granularity?

8 / 40

Who in the organization is accountable for classification of data information assets?

9 / 40

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

10 / 40

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

11 / 40

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

12 / 40

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

13 / 40

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?

14 / 40

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

15 / 40

Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship.
What is the BEST security solution for them?

16 / 40

When transmitting information over public networks, the decision to encrypt it should be based on

17 / 40

Which of the following statements is TRUE of black box testing?

18 / 40

Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

19 / 40

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

20 / 40

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

21 / 40

When implementing controls in a heterogeneous end-point network for an organization, it is critical that

22 / 40

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?

23 / 40

Which of the following is an appropriate source for test data?

24 / 40

Which of the following does the Encapsulating Security Payload (ESP) provide?

25 / 40

Which one of the following describes granularity?

26 / 40

Which of the following MUST be done when promoting a security awareness program to senior management?

27 / 40

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

28 / 40

In Business Continuity Planning (BCP), what is the importance of documenting business processes?

29 / 40

What security management control is MOST often broken by collusion?

30 / 40

Internet Protocol (IP) source address spoofing is used to defeat

31 / 40

When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

32 / 40

Logical access control programs are MOST effective when they are

33 / 40

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

34 / 40

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

35 / 40

An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?

36 / 40

Which of the following is a network intrusion detection technique?

37 / 40

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

38 / 40

Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?

39 / 40

What is the MOST critical factor to achieve the goals of a security program?

40 / 40

Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?

We will be happy to hear your thoughts

Leave a reply

tunceli.org
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart