CISSP9


0

CISSP9

1 / 40

What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?

2 / 40

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

3 / 40

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per- project basis. What type of user access administration is BEST suited to meet the organization’s needs?

4 / 40

While performing a security review for a new product, an information security professional discovers that the organization’s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

5 / 40

What is the BEST reason to include supply chain risks in a corporate risk register?

6 / 40

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

7 / 40

Which of the following are all elements of a disaster recovery plan (DRP)?

8 / 40

What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?

9 / 40

What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive’s contents for an e-discovery investigation?

10 / 40

What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

11 / 40

The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do?

12 / 40

A company needs to provide employee access to travel services, which are hosted by a third-party service provider, Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?

13 / 40

Which of the following is the MOST secure protocol for zremote command access to the firewall?

14 / 40

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

15 / 40

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?

16 / 40

During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?

17 / 40

In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

18 / 40

What is the MOST important factor in establishing an effective Information Security Awareness Program?

19 / 40

Which of the following is TRUE for an organization that is using a third-party federated identity service?

20 / 40

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

21 / 40

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

22 / 40

Which of the following is the MOST appropriate technique for destroying magnetic platter style hard disk drives (HDD) containing data with a “HIGH” security categorization?

23 / 40

What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

24 / 40

Which of the following is a limitation of the Bell-LaPadula model?

25 / 40

A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically,
What strategy will work BEST for the organization’s situation?

26 / 40

Which of the following is the BEST option to reduce the network attack surface of a system?

27 / 40

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?

28 / 40

When performing an investigation with the potential for legal action, what should be the analyst’s FIRST consideration?

29 / 40

A large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for incorrectly granting or denying access so that the two numbers are the same.
What is this value called?

30 / 40

Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?

31 / 40

Which software defined networking (SDN) architectural component is responsible for translating network requirements?

32 / 40

What is the BEST method to use for assessing the security impact of acquired software?

33 / 40

Secure coding can be developed by applying which one of the following?

34 / 40

Which of the following vulnerabilities can be BEST detected using automated analysis?

35 / 40

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

36 / 40

When developing an organization’s information security budget, it is important that the

37 / 40

Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?

38 / 40

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

39 / 40

Which of the following is the PRIMARY goal of logical access controls?

40 / 40

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?


Leave a Reply

Your email address will not be published. Required fields are marked *