New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium ISC CISSP Dumps Questions Answers

Page: 1 / 45
Total 1486 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Options:

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

Buy Now
Question 2

Who must approve modifications to an organization's production infrastructure configuration?

Options:

A.

Technical management

B.

Change control board

C.

System operations

D.

System users

Question 3

Why is a system's criticality classification important in large organizations?

Options:

A.

It provides for proper prioritization and scheduling of security and maintenance tasks.

B.

It reduces critical system support workload and reduces the time required to apply patches.

C.

It allows for clear systems status communications to executive management.

D.

It provides for easier determination of ownership, reducing confusion as to the status of the asset.

Question 4

Which of the following is considered best practice for preventing e-mail spoofing?

Options:

A.

Spam filtering

B.

Cryptographic signature

C.

Uniform Resource Locator (URL) filtering

D.

Reverse Domain Name Service (DNS) lookup

Question 5

Copyright provides protection for which of the following?

Options:

A.

Ideas expressed in literary works

B.

A particular expression of an idea

C.

New and non-obvious inventions

D.

Discoveries of natural phenomena

Question 6

The FIRST step in building a firewall is to

Options:

A.

assign the roles and responsibilities of the firewall administrators.

B.

define the intended audience who will read the firewall policy.

C.

identify mechanisms to encourage compliance with the policy.

D.

perform a risk analysis to identify issues to be addressed.

Question 7

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Options:

A.

Encrypt and hash all PII to avoid disclosure and tampering.

B.

Store PII for no more than one year.

C.

Avoid storing PII in a Cloud Service Provider.

D.

Adherence to collection limitation laws and regulations.

Question 8

Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Options:

A.

reduce the detected object temperature in relation to the background temperature.

B.

increase the detected object temperature in relation to the background temperature.

C.

automatically compensate for variance in background temperature.

D.

detect objects of a specific temperature independent of the background temperature.

Question 9

The goal of software assurance in application development is to

Options:

A.

enable the development of High Availability (HA) systems.

B.

facilitate the creation of Trusted Computing Base (TCB) systems.

C.

prevent the creation of vulnerable applications.

D.

encourage the development of open source applications.

Question 10

Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

Options:

A.

Test before the IT Audit

B.

Test when environment changes

C.

Test after installation of security patches

D.

Test after implementation of system patches

Question 11

Which of the following does Temporal Key Integrity Protocol (TKIP) support?

Options:

A.

Multicast and broadcast messages

B.

Coordination of IEEE 802.11 protocols

C.

Wired Equivalent Privacy (WEP) systems

D.

Synchronization of multiple devices

Question 12

Which of the following MUST be done when promoting a security awareness program to senior management?

Options:

A.

Show the need for security; identify the message and the audience

B.

Ensure that the security presentation is designed to be all-inclusive

C.

Notify them that their compliance is mandatory

D.

Explain how hackers have enhanced information security

Question 13

Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

Options:

A.

Physical

B.

Session

C.

Transport

D.

Data-Link

Question 14

Which of the following is a network intrusion detection technique?

Options:

A.

Statistical anomaly

B.

Perimeter intrusion

C.

Port scanning

D.

Network spoofing

Question 15

In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Options:

A.

Communication

B.

Planning

C.

Recovery

D.

Escalation

Question 16

Which one of the following transmission media is MOST effective in preventing data interception?

Options:

A.

Microwave

B.

Twisted-pair

C.

Fiber optic

D.

Coaxial cable

Question 17

An advantage of link encryption in a communications network is that it

Options:

A.

makes key management and distribution easier.

B.

protects data from start to finish through the entire network.

C.

improves the efficiency of the transmission.

D.

encrypts all information, including headers and routing information.

Question 18

The PRIMARY purpose of a security awareness program is to

Options:

A.

ensure that everyone understands the organization's policies and procedures.

B.

communicate that access to information will be granted on a need-to-know basis.

C.

warn all users that access to all systems will be monitored on a daily basis.

D.

comply with regulations related to data and information protection.

Question 19

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options:

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Question 20

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Options:

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption.

Question 21

The key benefits of a signed and encrypted e-mail include

Options:

A.

confidentiality, authentication, and authorization.

B.

confidentiality, non-repudiation, and authentication.

C.

non-repudiation, authorization, and authentication.

D.

non-repudiation, confidentiality, and authorization.

Question 22

Which of the following is ensured when hashing files during chain of custody handling?

Options:

A.

Availability

B.

Accountability

C.

Integrity

D.

Non-repudiation

Question 23

Which one of the following is a threat related to the use of web-based client side input validation?

Options:

A.

Users would be able to alter the input after validation has occurred

B.

The web server would not be able to validate the input after transmission

C.

The client system could receive invalid input from the web server

D.

The web server would not be able to receive invalid input from the client

Question 24

As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

Options:

A.

overcome the problems of key assignments.

B.

monitor the opening of windows and doors.

C.

trigger alarms when intruders are detected.

D.

lock down a facility during an emergency.

Question 25

Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

Options:

A.

Vulnerability to crime

B.

Adjacent buildings and businesses

C.

Proximity to an airline flight path

D.

Vulnerability to natural disasters

Question 26

What is an effective practice when returning electronic storage media to third parties for repair?

Options:

A.

Ensuring the media is not labeled in any way that indicates the organization's name.

B.

Disassembling the media and removing parts that may contain sensitive datA.

C.

Physically breaking parts of the media that may contain sensitive datA.

D.

Establishing a contract with the third party regarding the secure handling of the mediA.

Question 27

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Options:

A.

Transparent Database Encryption (TDE)

B.

Column level database encryption

C.

Volume encryption

D.

Data tokenization

Question 28

Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Options:

A.

Detection

B.

Prevention

C.

Investigation

D.

Correction

Question 29

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Options:

A.

Programs that write to system resources

B.

Programs that write to user directories

C.

Log files containing sensitive information

D.

Log files containing system calls

Question 30

A practice that permits the owner of a data object to grant other users access to that object would usually provide

Options:

A.

Mandatory Access Control (MAC).

B.

owner-administered control.

C.

owner-dependent access control.

D.

Discretionary Access Control (DAC).

Question 31

The Hardware Abstraction Layer (HAL) is implemented in the

Options:

A.

system software.

B.

system hardware.

C.

application software.

D.

network hardware.

Question 32

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Options:

A.

To assist data owners in making future sensitivity and criticality determinations

B.

To assure the software development team that all security issues have been addressed

C.

To verify that security protection remains acceptable to the organizational security policy

D.

To help the security team accept or reject new systems for implementation and production

Question 33

In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Options:

A.

A full-scale simulation of an emergency and the subsequent response functions

B.

A specific test by response teams of individual emergency response functions

C.

A functional evacuation of personnel

D.

An activation of the backup site

Question 34

Which of the following is the FIRST step of a penetration test plan?

Options:

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

Question 35

Internet Protocol (IP) source address spoofing is used to defeat

Options:

A.

address-based authentication.

B.

Address Resolution Protocol (ARP).

C.

Reverse Address Resolution Protocol (RARP).

D.

Transmission Control Protocol (TCP) hijacking.

Question 36

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 37

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 38

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 39

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 40

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 41

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Question 42

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 43

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 44

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 45

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 46

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 47

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 48

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 49

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 50

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 51

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 52

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 53

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 54

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 55

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 56

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 57

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 58

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 59

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 60

According to best practice, which of the following is required when implementing third party software in a production environment?

Options:

A.

Scan the application for vulnerabilities

B.

Contract the vendor for patching

C.

Negotiate end user application training

D.

Escrow a copy of the software

Question 61

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

Options:

A.

Increasing the amount of audits performed by third parties

B.

Removing privileged accounts from operational staff

C.

Assigning privileged functions to appropriate staff

D.

Separating the security function into distinct roles

Question 62

What is the MAIN feature that onion routing networks offer?

Options:

A.

Non-repudiation

B.

Traceability

C.

Anonymity

D.

Resilience

Question 63

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

When determining appropriate resource allocation, which of the following is MOST important to monitor?

Options:

A.

Number of system compromises

B.

Number of audit findings

C.

Number of staff reductions

D.

Number of additional assets

Question 64

Which of the following is an example of two-factor authentication?

Options:

A.

Retina scan and a palm print

B.

Fingerprint and a smart card

C.

Magnetic stripe card and an ID badge

D.

Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Question 65

Which of the following are required components for implementing software configuration management systems?

Options:

A.

Audit control and signoff

B.

User training and acceptance

C.

Rollback and recovery processes

D.

Regression testing and evaluation

Question 66

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Options:

A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

Question 67

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Options:

A.

Immediately call the police

B.

Work with the client to resolve the issue internally

C.

Advise the person performing the illegal activity to cease and desist

D.

Work with the client to report the activity to the appropriate authority

Question 68

What is the PRIMARY reason for ethics awareness and related policy implementation?

Options:

A.

It affects the workflow of an organization.

B.

It affects the reputation of an organization.

C.

It affects the retention rate of employees.

D.

It affects the morale of the employees.

Question 69

Which of the following methods provides the MOST protection for user credentials?

Options:

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

Question 70

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following documents explains the proper use of the organization's assets?

Options:

A.

Human resources policy

B.

Acceptable use policy

C.

Code of ethics

D.

Access control policy

Question 71

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

Options:

A.

Inert gas fire suppression system

B.

Halon gas fire suppression system

C.

Dry-pipe sprinklers

D.

Wet-pipe sprinklers

Question 72

An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

Options:

A.

Perform a compliance review

B.

Perform a penetration test

C.

Train the technical staff

D.

Survey the technical staff

Question 73

What does electronic vaulting accomplish?

Options:

A.

It protects critical files.

B.

It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems

C.

It stripes all database records

D.

It automates the Disaster Recovery Process (DRP)

Question 74

Which of the following is a responsibility of a data steward?

Options:

A.

Ensure alignment of the data governance effort to the organization.

B.

Conduct data governance interviews with the organization.

C.

Document data governance requirements.

D.

Ensure that data decisions and impacts are communicated to the organization.

Question 75

After following the processes defined within the change management plan, a super user has upgraded a

device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Options:

A.

Conduct an Assessment and Authorization (A&A)

B.

Conduct a security impact analysis

C.

Review the results of the most recent vulnerability scan

D.

Conduct a gap analysis with the baseline configuration

Question 76

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network,

system, and application security compliance audits while increasing quality and effectiveness of the results.

What should be implemented to BEST achieve the desired results?

Options:

A.

Configuration Management Database (CMDB)

B.

Source code repository

C.

Configuration Management Plan (CMP)

D.

System performance monitoring application

Question 77

Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

Options:

A.

parameterized database queries

B.

whitelist input values

C.

synchronized session tokens

D.

use strong ciphers

Question 78

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts

that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

Options:

A.

Enumeration

B.

Reporting

C.

Detection

D.

Discovery

Question 79

Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?

Options:

A.

Have the service provider block the soiree address.

B.

Have the soiree service provider block the address.

C.

Block the source address at the firewall.

D.

Block all inbound traffic until the flood ends.

Question 80

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

Options:

A.

Stateful inspection firewall

B.

Application-level firewall

C.

Content-filtering proxy

D.

Packet-filter firewall

Question 81

What Is the FIRST step in establishing an information security program?

Options:

A.

Establish an information security policy.

B.

Identify factors affecting information security.

C.

Establish baseline security controls.

D.

Identify critical security infrastructure.

Question 82

Match the name of access control model with its associated restriction.

Drag each access control model to its appropriate restriction access on the right.

Options:

Question 83

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Options:

A.

Transport layer handshake compression

B.

Application layer negotiation

C.

Peer identity authentication

D.

Digital certificate revocation

Question 84

What is the PRIMARY role of a scrum master in agile development?

Options:

A.

To choose the primary development language

B.

To choose the integrated development environment

C.

To match the software requirements to the delivery plan

D.

To project manage the software delivery

Question 85

What is the second step in the identity and access provisioning lifecycle?

Options:

A.

Provisioning

B.

Review

C.

Approval

D.

Revocation

Question 86

What does a Synchronous (SYN) flood attack do?

Options:

A.

Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state

B.

Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections

C.

Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests

D.

Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

Question 87

What are the steps of a risk assessment?

Options:

A.

identification, analysis, evaluation

B.

analysis, evaluation, mitigation

C.

classification, identification, risk management

D.

identification, evaluation, mitigation

Question 88

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

Options:

A.

Use Software as a Service (SaaS)

B.

Whitelist input validation

C.

Require client certificates

D.

Validate data output

Question 89

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this

happening again?

Options:

A.

Define additional security controls directly after the merger

B.

Include a procurement officer in the merger team

C.

Verify all contracts before a merger occurs

D.

Assign a compliancy officer to review the merger conditions

Question 90

“Stateful” differs from “Static” packet filtering firewalls by being aware of which of the following?

Options:

A.

Difference between a new and an established connection

B.

Originating network location

C.

Difference between a malicious and a benign packet payload

D.

Originating application session

Question 91

Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?

Options:

A.

Reduce the probability of identification

B.

Detect further compromise of the target

C.

Destabilize the operation of the host

D.

Maintain and expand control

Question 92

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Options:

A.

Having emergency contacts established for the general employee population to get information

B.

Conducting business continuity and disaster recovery training for those who have a direct role in the recovery

C.

Designing business continuity and disaster recovery training programs for different audiences

D.

Publishing a corporate business continuity and disaster recovery plan on the corporate website

Question 93

What can happen when an Intrusion Detection System (IDS) is installed inside a firewall-protected internal network?

Options:

A.

The IDS can detect failed administrator logon attempts from servers.

B.

The IDS can increase the number of packets to analyze.

C.

The firewall can increase the number of packets to analyze.

D.

The firewall can detect failed administrator login attempts from servers

Question 94

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.

What code of ethics canon is being observed?

Options:

A.

Provide diligent and competent service to principals

B.

Protect society, the commonwealth, and the infrastructure

C.

Advance and protect the profession

D.

Act honorable, honesty, justly, responsibly, and legally

Question 95

Which of the following is a characteristic of an internal audit?

Options:

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Question 96

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

Options:

A.

through a firewall at the Session layer

B.

through a firewall at the Transport layer

C.

in the Point-to-Point Protocol (PPP)

D.

in the Payload Compression Protocol (PCP)

Question 97

Digital certificates used in Transport Layer Security (TLS) support which of the following?

Options:

A.

Information input validation

B.

Non-repudiation controls and data encryption

C.

Multi-Factor Authentication (MFA)

D.

Server identity and data confidentially

Question 98

Which of the following is the MOST common method of memory protection?

Options:

A.

Compartmentalization

B.

Segmentation

C.

Error correction

D.

Virtual Local Area Network (VLAN) tagging

Question 99

Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?

Options:

A.

Single Sign-On (SSO)

B.

Security Assertion Markup Language (SAML)

C.

Lightweight Directory Access Protocol (LDAP)

D.

Open Authentication (OAuth)

Question 100

Why is planning in Disaster Recovery (DR) an interactive process?

Options:

A.

It details off-site storage plans

B.

It identifies omissions in the plan

C.

It defines the objectives of the plan

D.

It forms part of the awareness process

Question 101

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Options:

A.

Systems owner

B.

Authorizing Official (AO)

C.

Information owner

D.

Security officer

Question 102

What is the PRIMARY goal of fault tolerance?

Options:

A.

Elimination of single point of failure

B.

Isolation using a sandbox

C.

Single point of repair

D.

Containment to prevent propagation

Question 103

Attack trees are MOST useful for which of the following?

Options:

A.

Determining system security scopes

B.

Generating attack libraries

C.

Enumerating threats

D.

Evaluating Denial of Service (DoS) attacks

Question 104

A Security Operations Center (SOC) receives an incident response notification on a server with an active

intruder who has planted a backdoor. Initial notifications are sent and communications are established.

What MUST be considered or evaluated before performing the next step?

Options:

A.

Notifying law enforcement is crucial before hashing the contents of the server hard drive

B.

Identifying who executed the incident is more important than how the incident happened

C.

Removing the server from the network may prevent catching the intruder

D.

Copying the contents of the hard drive to another storage device may damage the evidence

Question 105

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to

production programs?

Options:

A.

Modifying source code without approval

B.

Promoting programs to production without approval

C.

Developers checking out source code without approval

D.

Developers using Rapid Application Development (RAD) methodologies without approval

Question 106

Who is essential for developing effective test scenarios for disaster recovery (DR) test plans?

Options:

A.

Business line management and IT staff members

B.

Chief Information Officer (CIO) and DR manager

C.

DR manager end IT staff members

D.

IT staff members and project managers

Question 107

Which of the following is the PRIMARY goal of logical access controls?

Options:

A.

Restrict access to an information asset.

B.

Ensure integrity of an information asset.

C.

Restrict physical access to an information asset.

D.

Ensure availability of an information asset.

Question 108

Which of the following objects should be removed FIRST prior to uploading code to public code repositories?

Options:

A.

Security credentials

B.

Known vulnerabilities

C.

Inefficient algorithms

D.

Coding mistakes

Question 109

A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Options:

A.

Enforce the chmod of files to 755.

B.

Enforce the control of file directory listings.

C.

Implement access control on the web server.

D.

Implement Secure Sockets Layer (SSL) certificates throughout the web server.

Question 110

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

Options:

A.

Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.

B.

Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.

C.

Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

D.

Open source libraries contain unknown vulnerabilities, so they should not be used.

Question 111

Which of the following is the MOST comprehensive Business Continuity (BC) test?

Options:

A.

Full functional drill

B.

Full table top

C.

Full simulation

D.

Full interruption

Question 112

Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Options:

A.

Compliance

B.

Configuration

C.

Identity

D.

Patch

Question 113

Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data?

Options:

A.

Implement two-factor authentication on the underlying infrastructure.

B.

Encrypt data at the field level and tightly control encryption keys.

C.

Preprocess the databases to see if inn …… can be disclosed from the learned patterns.

D.

Implement the principle of least privilege on data elements so a reduced number of users can access the database.

Question 114

What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

Options:

A.

Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities ...

B.

Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many ...

C.

Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware.

D.

Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive.

Question 115

Which of the following is the PRIMARY issue when analyzing detailed log information?

Options:

A.

Logs may be unavailable when required

B.

Timely review of the data is potentially difficult

C.

Most systems and applications do not support logging

D.

Logs do not provide sufficient details of system and individual activities

Question 116

Which of the following minimizes damage to information technology (IT) equipment stored in a data center when a false fire alarm event occurs?

Options:

A.

A pre-action system is installed.

B.

An open system is installed.

C.

A dry system is installed.

D.

A wet system is installed.

Question 117

Which of the following examples is BEST to minimize the attack surface for a customer's private information?

Options:

A.

Obfuscation

B.

Collection limitation

C.

Authentication

D.

Data masking

Question 118

Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?

Options:

A.

Client-to-site VPN

B.

Third-party VPN service

C.

Site-to-site VPN

D.

Split-tunnel VPN

Question 119

What is maintained by using write blocking devices whan forensic evidence is examined?

Options:

A.

Inventory

B.

lntegrity

C.

Confidentiality

D.

Availability

Question 120

Which of the following provides the MOST secure method for Network Access Control (NAC)?

Options:

A.

Media Access Control (MAC) filtering

B.

802.IX authentication

C.

Application layer filtering

D.

Network Address Translation (NAT)

Question 121

Which of the following is a secure design principle for a new product?

Options:

A.

Build in appropriate levels of fault tolerance.

B.

Utilize obfuscation whenever possible.

C.

Do not rely on previously used code.

D.

Restrict the use of modularization.

Question 122

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

Options:

A.

A network-based firewall is stateful, while a host-based firewall is stateless.

B.

A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.

C.

A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.

D.

A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.

Question 123

What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

Options:

A.

Implement a generic response for a failed login attempt.

B.

Implement a strong password during account registration.

C.

Implement numbers and special characters in the user name.

D.

Implement two-factor authentication (2FA) to login process.

Question 124

Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?

Options:

A.

Personal belongings of organizational staff members

B.

Supplies kept off-site at a remote facility

C.

Cloud-based applications

D.

Disaster Recovery (DR) line-item revenues

Question 125

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?

Options:

A.

Automatic videotaping of a possible intrusion

B.

Rapid response by guards or police to apprehend a possible intruder

C.

Activating bright lighting to frighten away a possible intruder

D.

Sounding a loud alarm to frighten away a possible intruder

Question 126

In systems security engineering, what does the security principle of modularity provide?

Options:

A.

Documentation of functions

B.

Isolated functions and data

C.

Secure distribution of programs and data

D.

Minimal access to perform a function

Question 127

What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?

Options:

A.

Sectors which are not assigned to a perform may contain data that was purposely hidden.

B.

Volume address information for he hard disk may have been modified.

C.

partition tables which are not completely utilized may contain data that was purposely hidden

D.

Physical address information for the hard disk may have been modified.

Question 128

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

Options:

A.

Information owner

B.

General Counsel

C.

Chief Information Security Officer (CISO)

D.

Chief Security Officer (CSO)

Question 129

When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

Options:

A.

Service Organization Control (SOC) 1, Type 2

B.

Service Organization Control (SOC) 2, Type 2

C.

International Organization for Standardization (ISO) 27001

D.

International Organization for Standardization (ISO) 27002

Question 130

What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?

Options:

A.

Establish Maximum Tolerable Downtime (MTD) Information Systems (IS).

B.

Define the variable cost for extended downtime scenarios.

C.

Identify potential threats to business availability.

D.

Establish personnel requirements for various downtime scenarios.

Question 131

Which of the following are mandatory canons for the (ISC)* Code of Ethics?

Options:

A.

Develop comprehensive security strategies for the organization.

B.

Perform is, honestly, fairly, responsibly, and lawfully for the organization.

C.

Create secure data protection policies to principals.

D.

Provide diligent and competent service to principals.

Question 132

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

Options:

A.

Security control testing

B.

Application development

C.

Spiral development functional testing

D.

DevOps Integrated Product Team (IPT) development

Question 133

Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Options:

A.

Enforce boundary checking.

B.

Restrict use of SELECT command.

C.

Restrict Hyper Text Markup Language (HTNL) source code access.

D.

Use stored procedures.

Question 134

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

Options:

A.

Increase logging levels.

B.

Implement bi-annual reviews.

C.

Create policies for system access.

D.

Implement and review risk-based alerts.

Question 135

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

Options:

A.

Development

B.

Testing

C.

Deployme

D.

Design

Question 136

When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

Options:

A.

SOC 1 Type 1

B.

SOC 2 Type 1

C.

SOC 2 Type 2

D.

SOC 3

Question 137

A user is allowed to access the file labeled “Financial Forecast,” but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

Options:

A.

Minimum access control

B.

Rule-based access control

C.

Limited role-based access control (RBAC)

D.

Access control list (ACL)

Question 138

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

Options:

A.

Default the user to not share any information.

B.

Inform the user of the sharing feature changes after implemented.

C.

Share only what the organization decides is best.

D.

Stop sharing data with the other users.

Question 139

An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

Options:

A.

Alert management

B.

Password management

C.

Session management

D.

Identity management (IM)

Question 140

A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access. What type of solution would suit their needs?

Options:

A.

Discretionary Access Control (DAC)

B.

Role Based Access Control (RBAC)

C.

Mandater Access Control (MAC)

D.

Network Access Control (NAC)

Question 141

A continuous information security-monitoring program can BEST reduce risk through which of the following?

Options:

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Question 142

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Question 143

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 144

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Options:

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Question 145

When is a Business Continuity Plan (BCP) considered to be valid?

Options:

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Question 146

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 147

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Question 148

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Question 149

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Question 150

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Question 151

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Question 152

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Options:

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Question 153

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Options:

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Question 154

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 155

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 156

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 157

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 158

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 159

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 160

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 161

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 162

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 163

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 164

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 165

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 166

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 167

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Question 168

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 169

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 170

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 171

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Question 172

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 173

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 174

Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Options:

A.

The cards have limited memory

B.

Vendor application compatibility

C.

The cards can be misplaced

D.

Mobile code can be embedded in the card

Question 175

Which of the following BEST describes a rogue Access Point (AP)?

Options:

A.

An AP that is not protected by a firewall

B.

An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)

C.

An AP connected to the wired infrastructure but not under the management of authorized network administrators

D.

An AP infected by any kind of Trojan or Malware

Question 176

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 177

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 178

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 179

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 180

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Exam Detail
Vendor: ISC
Certification: ISC 2 Credentials
Exam Code: CISSP
Last Update: Dec 26, 2024
CISSP Question Answers
Page: 1 / 45
Total 1486 questions