CISSP6


0

CISSP6

1 / 40

Why are mobile devices sometimes difficult to investigate in a forensic examination?

2 / 40

Which concept might require users to use a second access token or to re-enter passwords to gain elevated access rights in the identity and access provisioning life cycle?

3 / 40

A security engineer is tasked with implementing a new identity solution. The client doesn’t want to install or
maintain the infrastructure. Which of the following would qualify as the BEST solution?

4 / 40

An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization’s general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

5 / 40

What is the BEST approach to annual safety training?

6 / 40

Which of the following does Secure Sockets Layer (SSL) encryption protect?

7 / 40

Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process?

8 / 40

Which of the following is the MOST relevant risk indicator after a penetration test?

9 / 40

A data owner determines the appropriate job-based access for an employee to perform their duties. Which type of access control is this?

10 / 40

A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of?

11 / 40

What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)?

12 / 40

Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment?

13 / 40

What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability?

14 / 40

A system administration office desires to implement the following rules:
1. An administrator that is designated as a skill level 3, with 5 years of experience, is allowed to perform system backups, upgrades, and local administration.
2. An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration.
Which of the following access control methods MUST be implemented to achieve this goal?

15 / 40

When should the software Quality Assurance (QA) team feel confident that testing is complete?

16 / 40

Which of the following offers the BEST security functionality for transmitting authentication tokens?

17 / 40

Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

18 / 40

An employee receives a promotion that entities them to access higher-level functions on the company’s accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?

19 / 40

A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own
encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

20 / 40

What is the best way for mutual authentication of devices belonging to the same organization?

21 / 40

Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?

22 / 40

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

23 / 40

Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?

24 / 40

Change management policies and procedures belong to which of the following types of controls?

25 / 40

Which of the following processes is used to align security controls with business functions?

26 / 40

A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

27 / 40

Which of the following would an internal technical security audit BEST validate?

28 / 40

Which of the following BEST describes how access to a system is granted to federated user accounts?

29 / 40

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

30 / 40

Which of the following techniques BEST prevents buffer overflows?

31 / 40

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

32 / 40

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

33 / 40

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

34 / 40

Which of the following open source software issues pose the MOST risk to an application?

35 / 40

Which of the following is mobile device remote fingerprinting?

36 / 40

Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

37 / 40

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

38 / 40

A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it. Which of the following is the MOST likely reason for doing so?

39 / 40

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

40 / 40

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.
Which of the following is the BEST way to prevent access privilege creep?


Leave a Reply

Your email address will not be published. Required fields are marked *