CISSP8

CISSP8

1 / 40

What Is a risk of using commercial off-the-shelf (COTS) products?

COTS products may not map directly to an organization’s security requirements.

COTS products are typically more expensive than developing software in-house.

Cost to implement COTS products is difficult to predict.

Vendors are often hesitant to share their source code.

2 / 40

The Open Web Application Security Project’s (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?

Risk tolerance

Risk exception

Risk treatment

Risk response

3 / 40

What is the MOST significant benefit of role-based access control (RBAC)?

Reduction in authorization administration overhead

Reduces inappropriate access

Management of least privilege

Most granular form of access control

4 / 40

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

Wide focus

Strategic

Anticipate

Process

5 / 40

Which of the following is a correct feature of a virtual local area network (VLAN)?

A VLAN segregates network traffic therefore information security is enhanced significantly.

Layer 3 routing is required to allow traffic from one VLAN to another.

VLAN has certain security features such as where the devices are physically connected.

There is no broadcast allowed within a single VLAN due to network segregation.

6 / 40

An information technology (IT) employee who travels frequently to various ies remotely to an organization the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements.
Which of the following solutions BEST serves as a secure control mechanisn to meet the organization’s requirements?

Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Install a third-party screen sharing solution that provides remote connection from a public website.

Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.

Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.

7 / 40

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

SQL injection (SQLi)

Man-in-the-middle (MITM)

Cross-Site Scripting (XSS)

Heap overflow

8 / 40

In a multi-tenant cloud environment, what approach will secure logical access to assets?

Hybrid cloud

Transparency/Auditability of administrative access

Controlled configuration management (CM)

Virtual private cloud (VPC)

9 / 40

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?

It uses Transport Layer Security (TLS) to address confidentiality.

It enables single sign-on (SSO) for web applications.

The users’ password Is not passed during authentication.

It limits unnecessary data entry on web forms.

10 / 40

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

Vendors take on the liability for COTS software vulnerabilities.

In-house developed software is inherently less secure.

Exploits for COTS software are well documented and publicly available.

COTS software is inherently less secure.

11 / 40

Which of the following describes the order in which a digital forensic process is usually conducted?

Ascertain legal authority, agree upon examination strategy, conduct examination, and report results

Ascertain legal authority, conduct investigation, report results, and agree upon examination strategy

Agree upon examination strategy, ascertain legal authority, conduct examination, and report results

Agree upon examination strategy, ascertain legal authority, report results, and conduct examination

12 / 40

Which of the following is an indicator that a company’s new user security awareness training module has been effective?

There are more secure connections to the internal database servers.

More incidents of phishing attempts are being reported.

There are more secure connections to internal e-mail servers.

Fewer incidents of phishing attempts are being reported.

13 / 40

A security practitioner needs to implementation solution to verify endpoint security protections and operating system (0S) versions. Which of the following is the BEST solution to implement?

An intrusion prevention system (IPS)

Network Access Control (NAC)

A firewall

14 / 40

What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

Implement a generic response for a failed login attempt.

Implement a strong password during account registration.

Implement numbers and special characters in the user name.

Implement two-factor authentication (2FA) to login process.

15 / 40

Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software?

Organizations can only reach a maturity level 3 when using CMMs

CMMs do not explicitly address safety and security

CMMs can only be used for software developed in-house

CMMs are vendor specific and may be biased

16 / 40

Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

Frequency analysis

Ciphertext-only attack

Probable-plaintext attack

Known-plaintext attack

17 / 40

When testing password strength, which of the following is the BEST method for brute forcing passwords?

Conduct an offline attack on the hashed password information.

Conduct an online password attack until the account being used is locked.

Use a comprehensive list of words to attempt to guess the password.

Use social engineering methods to attempt to obtain the password.

18 / 40

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.
Which of the following would be a reasonable annual loss expectation?

140,000

3,500

350,000

14,000

19 / 40

What is the BEST way to restrict access to a file system on computing systems?

Allow a user group to restrict access.

Use a third-party tool to restrict access.

Use least privilege at each level to restrict access.

Restrict access to all users.

20 / 40

Which of the following is an open standard for exchanging authentication and authorization data between parties?

Wired markup language

Hypertext Markup Language (HTML)

Extensible Markup Language (XML)

Security Assertion Markup Language (SAML)

21 / 40

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

Deduplication

Compression

Replication

Caching

22 / 40

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

Functional test

Unit test

Grey box

White box

23 / 40

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

Proper security controls, security goals, and fault mitigation are properly conducted.

Proper security controls, security objectives, and security goals are properly initiated.

Security goals, proper security controls, and validation are properly initiated.

Security objectives, security goals, and system test are properly conducted.

24 / 40

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?

Group Policy Object (GPO)

Network Access Control (NAC)

Mobile Device Management (MDM)

Privileged Access Management (PAM)

25 / 40

Wireless users are reporting intermittent Internet connectivity. Connectivity is restored when the users disconnect and reconnect, utilizing the web authentication process each time.
The network administrator can see the devices connected to the APs at all times. Which of the following steps will MOST likely determine the cause of the issue?

Verify the session time-out configuration on the captive portal settings

Check for encryption protocol mismatch on the client’s wireless settings.

Confirm that a valid passphrase is being used during the web authentication.

Investigate for a client’s disassociation caused by an evil twin AP

26 / 40

he security organization is loading for a solution that could help them determine with a strong level of confident that attackers have breached their network. Which solution is MOST effective at discovering successful network breach?

Installing an intrusion prevention system (IPS)

Deploying a honeypot

Installing an intrusion detection system (IDS)

Developing a sandbox

27 / 40

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?

Availability

Integrity

Confidentiality

Authentication

28 / 40

In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?

Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.

Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.

Ensure the business continuity policy, controls, processes, and procedures have been implemented.

Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

29 / 40

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub- system gracefully handle invalid input?

Negative testing

Integration testing

Unit testing

Acceptance testing

30 / 40

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?

Install an antivirus on the server

Run a vulnerability scanner

Review access controls

Apply the latest vendor patches and updates

31 / 40

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

ICS often do not have availability requirements.

ICS are often isolated and difficult to access.

ICS often run on UNIX operating systems.

ICS are often sensitive to unexpected traffic.

32 / 40

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

All developers receive a mandatory targeted information security training.

The non-financial information security requirements remain mandatory for the new model.

The information security department performs an information security assessment after each sprint.

Information security requirements are captured in mandatory user stories.

33 / 40

What is the MAIN purpose of conducting a business impact analysis (BIA)?

To determine the critical resources required to recover from an incident within a specified time period

To determine the effect of mission-critical information system failures on core business processes

To determine the cost for restoration of damaged information system

To determine the controls required to return to business critical operations

34 / 40

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

Publish a social media guidelines document.

Publish an acceptable usage policy.

Document a procedure for accessing social media sites.

Deliver security awareness training.

35 / 40

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

Misconfigured routing protocol

Smurf attack

Broadcast domain too large

Address spoofing

36 / 40

What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?

Extradition treaties are rarely enforced.

Numerous language barriers exist.

Law enforcement agencies are understaffed.

Jurisdiction is hard to define.

37 / 40

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.

The SPI inspects the traffic in the context of a session.

The SPI is capable of dropping packets based on a pre-defined rule set.

The SPI inspects traffic on a packet-by-packet basis.

38 / 40

Why is data classification control important to an organization?

To ensure its integrity, confidentiality and availability

To enable data discovery

To control data retention in alignment with organizational policies and regulation

To ensure security controls align with organizational risk appetite

39 / 40

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high- performance data reads and writes?

RAID-0

RAID-1

RAID-5

RAID-6

40 / 40

Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?

Proxy firewalls

Host-based firewalls

Circuit-level firewalls

Network Address Translation (NAT) firewalls

Your score is

0%

Leave a Reply Cancel reply