CISSP9

0

CISSP9

1 / 40

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

2 / 40

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per- project basis. What type of user access administration is BEST suited to meet the organization's needs?

3 / 40

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

4 / 40

What is the BEST reason to include supply chain risks in a corporate risk register?

5 / 40

How does Radio-Frequency Identification (RFID) assist with asset management?

6 / 40

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

7 / 40

How should the retention period for an organization's social media content be defined?

8 / 40

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

9 / 40

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?

10 / 40

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

11 / 40

The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12- month period. Which type of SOC report should be utilized?

12 / 40

Which algorithm gets its security from the difficulty of calculating discrete logarithms in a finite field and is used to distribute keys, but cannot be used to encrypt or decrypt messages?

13 / 40

What is a security concern when considering implementing software-defined networking (SDN)?

14 / 40

What is the BEST design for securing physical perimeter protection?

15 / 40

An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?

16 / 40

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?

17 / 40

What is the MOST important factor in establishing an effective Information Security Awareness Program?

18 / 40

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

19 / 40

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

20 / 40

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

21 / 40

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).
Which of the following factors leads the company to choose an IDaaS as their solution?

22 / 40

Which technique helps system designers consider potential security concerns of their systems and applications?

23 / 40

A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically,
What strategy will work BEST for the organization's situation?

24 / 40

A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?

25 / 40

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

26 / 40

Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent?

27 / 40

What are the first two components of logical access control?

28 / 40

Which software defined networking (SDN) architectural component is responsible for translating network requirements?

29 / 40

What is the MOST common security risk of a mobile device?

30 / 40

What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?

31 / 40

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

32 / 40

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

33 / 40

What is considered a compensating control for not having electrical surge protectors installed?

34 / 40

Which of the following is the BEST method to gather evidence from a computer's hard drive?

35 / 40

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

36 / 40

Which of the following is the BEST way to protect privileged accounts?

37 / 40

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

38 / 40

What are the essential elements of a Risk Assessment Report (RAR)?

39 / 40

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

40 / 40

When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

We will be happy to hear your thoughts

Leave a reply

tunceli.org
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart