VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free Dumps, Free ISACA Dump

Free CISSP Dump

Question #450

What security technique in the Software Development Life Cycle (SDLC) should be leveraged to BEST ensure secure development throughout a project?

  • A. Dynamic application security testing (DAST)
  • B. Waterfall
  • C. Simple Object Access Protocol
  • D. Static application security testing (SAST)

Correct Answer: D

Community vote distribution

D (70%)

B (20%)

10%

Question #451

In designing the architecture of an access control system, it was determined that confidentiality and controlled access to information were the primary focus. Which of the following security models is the BEST choice for the organization?

  • A. Biba integrity model
  • B. Clark-Wilson model
  • C. Bell-LaPadula model
  • D. Brewer-Nash model

Correct Answer: C

Community vote distribution

C (100%)

Question #452

An organization is developing employee training content to increase awareness of Payment Card Industry (PCI) standards. What are the three types of awareness roles applicable to the organization?

  • A. All personnel, specialized, management
  • B. Standard, privileged, administrator
  • C. Basic, intermediate, advanced
  • D. Technical, operational, administrative

Correct Answer: D

Community vote distribution

A (100%)

Question #453

Which of the following is the BEST method to perform an end-to-end testing on production for both operational and security requirements?

  • A. Synthetic transaction analysis.
  • B. Dynamic code analysis
  • C. Static code analysis
  • D. Vulnerability analysis

Correct Answer: A

Community vote distribution

B (70%)

A (30%)

Question #454

A security architect is reviewing an implemented security framework. After the review, the security architect wants to enhance the security by implementing segregation of duties (SoD) to address protection against fraud. Which security model BEST protects the integrity of data?

  • A. The Brewer-Nash model
  • B. The Biba Integrity model
  • C. The Bell-LaPadula model
  • D. The Clark-Wilson model

Correct Answer: D

Community vote distribution

D (100%)

Question #455

An organization is building an enterprise system using attribute-based access control (ABAC). To avoid inadvertent exposure, what should organizations do to ensure the proper handling of personally identifiable information (PII) and enforcement of PII regulations across the enterprise?

  • A. Employ trust agent.
  • B. Employ trust agreements.
  • C. Employ training program.
  • D. Employ regulations from leadership.

Correct Answer: B

Community vote distribution

C (71%)

D (21%)

7%

Question #456

Which of the following is a strong security protection provided by Trusted Platform Module (TPM)?

  • A. Providing data integrity through digital signatures
  • B. Creation of a secure kernel
  • C. Separation of encryption keys from storage devices
  • D. Reporting of system integrity

Correct Answer: C

Community vote distribution

C (100%)

Question #457

An application developer is developing a web application that will store and process personal information of European Union (EU) residents. Which of the following security principles explicitly specified in General Data Protection Regulation (GDPR), should the developer apply to safeguard the personal information in the application?

  • A. Authorization
  • B. Tokenization
  • C. Pseudonymization
  • D. Authentication

Correct Answer: C

Community vote distribution

C (100%)

Question #458

A security architect is implementing an authentication system for a distributed network of servers. This network will be accessed by users on workstations that cannot trust the identity of the user. Which solution should the security architect use to have the users trust one another?

  • A. One-way authentication
  • B. Kerberos
  • C. Mutual authentication
  • D. Single session software tokens

Correct Answer: C

Community vote distribution

C (100%)

Question #459

Which process compares its results against a standard to determine whether the results meet the standard?

  • A. Penetration test
  • B. Security audit
  • C. Security assessment
  • D. Functional review

Correct Answer: B

Community vote distribution

B (100%)

Question #460

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

  • A. Educate and train key stakeholders.
  • B. Measure effectiveness of the program’s stated goals.
  • C. Determine a budget and cost analysis for the program.
  • D. Select and procure supporting technologies.

Correct Answer: D

Community vote distribution

B (50%)

D (50%)

Question #461

An organization is formulating a strategy to provide access to third-party partners. The information technology (IT) department has been tasked with providing access by utilizing cloud services. Which of the following technologies is MOST commonly employed for completing the task?

  • A. Identity as a Service (IDaaS)
  • B. Firewall as a service
  • C. Infrastructure as a Service (IaaS)
  • D. Software as a Service (SaaS)

Correct Answer: D

Community vote distribution

A (100%)

Question #462

Which of the following are key activities when conducting a security assessment?

  • A. Schedule, collect, examine
  • B. Interview, examine, simulate
  • C. Collect, interview, test
  • D. Examine, interview, test

Correct Answer: B

Community vote distribution

D (100%)

Question #463

An organization wants to ensure that employees that move to a different department within the organization do not retain access privileges from their former department. To this end, the organization has implemented role-based access control (RBAC). Which additional measure is MOST important to successfully limit excess access privileges?

  • A. Business role review
  • B. Line manager review of assigned roles
  • C. Segregation of duties (SoD) review
  • D. Access control matrix

Correct Answer: C

Community vote distribution

A (50%)

C (25%)

B (25%)

Question #464

An organization has experienced multiple distributed denial-of-service (DDoS) attacks in recent months that have impact of their public-facing web and e-commerce sites that were previously all on-premises. After an analysis of the problems, the network engineers have recommended that the organization implement additional name service providers and redundant network paths. What is another recommendation that helps ensure the future availability of their web and e-commerce sites?

  • A. Move all cloud-based operations back to on-premises to mitigate attacks.
  • B. Move all websites to a new location.
  • C. Review current detection strategies and employ signature-based techniques.
  • D. Review the service-level agreements (SLA) with their cloud service providers.

Correct Answer: D

Community vote distribution

C (100%)

Question #465

While reviewing a web application-to-application connection, a security professional finds the use of Representational State Transfer (REST) application programming interfaces (API) and identifies it as secure. Which one of the following connection Uniform Resource Locators (URL) applies to this scenario?

  • A. https://url.com/Resources//action?apiKey=a399ikjiuynj
  • B. http://url.com/SecureTLS//action
  • C. http://url.com/Resources//action?apiKey=a399ikjiuynj
  • D. https://url.com/Resources//action

Correct Answer: D

Community vote distribution

D (67%)

A (33%)

Question #466

Which of the following principles is intended to produce information security professionals that are capable of vision and proactive response?

  • A. Information security awareness
  • B. Information security program
  • C. Information security education
  • D. Information security certification

Correct Answer: C

Community vote distribution

C (100%)

Question #467

An organization is the victim of a major data breach just one month after passing an external cyber security audit. Which of the following is the likely reason for this situation?

  • A. Both the auditor and the organization validated the controls to be accurate.
  • B. The organization had the minimum level of controls in place to pass the audit.
  • C. The auditor performed an in-depth analysis of the required controls.
  • D. The audit was initiated by appropriate levels of management in the organization.

Correct Answer: B

Question #468

Which of the following is MOST effective method of defending against zero-day malware threats?

  • A. Client firewalls
  • B. Client event logging
  • C. Client application whitelisting
  • D. Client antivirus

Correct Answer: C

Community vote distribution

C (71%)

 

Question #469

Which dynamic routing protocol is BEST suited for a dispersed campus network utilizing Internet Protocol version 6 (IPv6) addresses?

  • A. Open Shortest Path First (OPSF) version 3
  • B. Enhanced Interior Gateway Routing Protocol (EIGRP)
  • C. Border Gateway Protocol (BGP) version 4
  • D. Routing Information Protocol (RIP) version 2

Correct Answer: B

Community vote distribution

A (100%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT