CISSP5


0

CISSP5

1 / 40

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?

2 / 40

Which Orange book security rating introduces security labels?

3 / 40

Which of the following best describes the purpose of debugging programs?

4 / 40

The act of requiring two of the three factors to be used in the authentication process refers to?

5 / 40

Intellectual property rights are PRIMARY concerned with which of the following?

6 / 40

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

7 / 40

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

8 / 40

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

9 / 40

In a data classification scheme, the data is owned by the

10 / 40

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

11 / 40

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

12 / 40

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

13 / 40

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

14 / 40

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

15 / 40

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

16 / 40

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

17 / 40

Which of the following is the FIRST step in the incident response process?

18 / 40

To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

19 / 40

An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

20 / 40

What is the ultimate objective of information classification?

21 / 40

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

22 / 40

Which of the following BEST represents the principle of open design?

23 / 40

Which of the following would be the FIRST step to take when implementing a patch management program?

24 / 40

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

25 / 40

Which one of the following considerations has the LEAST impact when considering transmission security?

26 / 40

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

27 / 40

When implementing controls in a heterogeneous end-point network for an organization, it is critical that

28 / 40

Which one of the following is a fundamental objective in handling an incident?

29 / 40

A security professional has just completed their organization’s Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional’s NEXT step?

30 / 40

What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

31 / 40

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

32 / 40

What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

33 / 40

Which of the following does Temporal Key Integrity Protocol (TKIP) support?

34 / 40

The BEST method of demonstrating a company’s security level to potential customers is

35 / 40

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

36 / 40

Which one of the following affects the classification of data?

37 / 40

In a basic SYN flood attack, what is the attacker attempting to achieve?

38 / 40

Which of the following is the BEST solution to provide redundancy for telecommunications links?

39 / 40

Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?

40 / 40

Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?


Leave a Reply

Your email address will not be published. Required fields are marked *