CISSP5
1 / 40
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?
Bi daha dene!
Iste bu bebek!
2 / 40
Which Orange book security rating introduces security labels?
3 / 40
Which of the following best describes the purpose of debugging programs?
4 / 40
The act of requiring two of the three factors to be used in the authentication process refers to?
5 / 40
Intellectual property rights are PRIMARY concerned with which of the following?
6 / 40
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
7 / 40
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
8 / 40
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
9 / 40
In a data classification scheme, the data is owned by the
10 / 40
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
11 / 40
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
12 / 40
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
13 / 40
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?
14 / 40
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
15 / 40
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
16 / 40
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
17 / 40
Which of the following is the FIRST step in the incident response process?
18 / 40
To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
19 / 40
An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?
20 / 40
What is the ultimate objective of information classification?
21 / 40
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
22 / 40
Which of the following BEST represents the principle of open design?
23 / 40
Which of the following would be the FIRST step to take when implementing a patch management program?
24 / 40
Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?
25 / 40
Which one of the following considerations has the LEAST impact when considering transmission security?
26 / 40
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
27 / 40
When implementing controls in a heterogeneous end-point network for an organization, it is critical that
28 / 40
Which one of the following is a fundamental objective in handling an incident?
29 / 40
A security professional has just completed their organization’s Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional’s NEXT step?
30 / 40
What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
31 / 40
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
32 / 40
What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
33 / 40
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
34 / 40
The BEST method of demonstrating a company’s security level to potential customers is
35 / 40
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
36 / 40
Which one of the following affects the classification of data?
37 / 40
In a basic SYN flood attack, what is the attacker attempting to achieve?
38 / 40
Which of the following is the BEST solution to provide redundancy for telecommunications links?
39 / 40
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. Which of the following is true according to the star property (*property)?
40 / 40
Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?
Your score is
admin
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Δ