VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free Dumps, Free ISACA Dump

Free CISSP Dump

Question #100

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

  • A. Measure the effect of the program on the organization’s workforce.
  • B. Make all stakeholders aware of the program’s progress.
  • C. Facilitate supervision of periodic training events.
  • D. Comply with legal regulations and document due diligence in security practices.

Correct Answer: A

Community vote distribution

A (71%)

D (29%)

Question #101

In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?

  • A. Prepare to take corrective actions quickly.
  • B. Automate functionality testing.
  • C. Review logs for any anomalies.
  • D. Receive approval from the change review board.

Correct Answer: D

Community vote distribution

D (50%)

B (45%)

Question #102

What is the MAIN purpose of a security assessment plan?

  • A. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures.
  • B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
  • C. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation.
  • D. Provide technical information to executives to help them understand information security postures and secure funding.

Correct Answer: B

Community vote distribution

B (88%)

Question #103

What documentation is produced FIRST when performing an effective physical loss control process?

  • A. Deterrent controls list
  • B. Security standards list
  • C. Asset valuation list
  • D. Inventory list

Correct Answer: C

Community vote distribution

D (76%)

C (24%)

Question #104

Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?

  • A. Legal
  • B. Audit
  • C. Compliance
  • D. Security

Correct Answer: A

Community vote distribution

A (60%)

C (40%)

Question #105

A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log retention?

  • A. Keep all logs in an online storage.
  • B. Keep last week’s logs in an online storage and the rest in an offline storage.
  • C. Keep last week’s logs in an online storage and the rest in a near-line storage.
  • D. Keep all logs in an offline storage.

Correct Answer: B

Community vote distribution

C (67%)

B (33%)

Question #106

In Federated Identity Management (FIM), which of the following represents the concept of federation?

  • A. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications
  • B. Collection of information logically grouped into a single entity
  • C. Collection of information for common identities in a system
  • D. Collection of domains that have established trust among themselves

Correct Answer: A

Community vote distribution

D (81%)

A (19%)

Question #107

Which of the following is an indicator that a company’s new user security awareness training module has been effective?

  • A. There are more secure connections to internal e-mail servers.
  • B. More incidents of phishing attempts are being reported.
  • C. Fewer incidents of phishing attempts are being reported.
  • D. There are more secure connections to the internal database servers.

Correct Answer: C

Community vote distribution

B (65%)

C (35%)

Question #108

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

  • A. IM clients can interoperate between multiple vendors.
  • B. IM clients can run as executables that do not require installation.
  • C. IM clients can utilize random port numbers.
  • D. IM clients can run without administrator privileges.

Correct Answer: A

Community vote distribution

C (93%)

Question #109

Using the cipher text and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?

  • A. Known-plaintext attack
  • B. Ciphertext-only attack
  • C. Frequency analysis
  • D. Probable-plaintext attack

Correct Answer: A

Community vote distribution

A (78%)

C (22%)

Question #110

When developing an organization’s information security budget, it is important that the:

  • A. requested funds are at an equal amount to the expected cost of breaches.
  • B. expected risk can be managed appropriately with the funds allocated.
  • C. requested funds are part of a shared funding pool with other areas.
  • D. expected risk to the organization does not exceed the funds allocated.

Correct Answer: B

Community vote distribution

B (100%)

Question #111

A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:

  • A. cold site.
  • B. warm site.
  • C. hot site.
  • D. reciprocal site.

Correct Answer: B

Community vote distribution

A (94%)

Question #112

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP). The trading organization’s security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?

  • A. A detailed overview of all equipment involved in the outsourcing contract
  • B. The right to perform security compliance tests on the MSSP’s equipment
  • C. The MSSP having an executive manager responsible for information security
  • D. The right to audit the MSSP’s security process

Correct Answer: A

Community vote distribution

D (100%)

Question #113

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?

  • A. Hashing
  • B. Message digest (MD)
  • C. Symmetric
  • D. Asymmetric

Correct Answer: A

Community vote distribution

D (69%)

A (31%)

Question #114

What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?

  • A. Two-factor authentication
  • B. Reusable tokens for application level authentication
  • C. High performance encryption algorithms
  • D. Secure Sockets Layer (SSL) for all communications

Correct Answer: A

Community vote distribution

A (100%)

Question #115

Which of the following is MOST appropriate to collect evidence of a zero-day attack?

  • A. Honeypot
  • B. Antispam
  • C. Antivirus
  • D. Firewall

Correct Answer: A

Community vote distribution

A (100%)

Question #116

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

  • A. Information may be found on hidden vendor patches.
  • B. The actual origin and tools used for the test can be hidden.
  • C. Information may be found on related breaches and hacking.
  • D. Vulnerabilities can be tested without impact on the tested environment.

Correct Answer: C

Community vote distribution

C (100%)

Question #117

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?

  • A. Change management
  • B. Separation of environments
  • C. Program management
  • D. Mobile code controls

Correct Answer: A

Community vote distribution

A (72%)

C (28%)

Question #118

Which of the following criteria ensures information is protected relative to its importance to the organization?

  • A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
  • B. The value of the data to the organization’s senior management
  • C. Organizational stakeholders, with classification approved by the management board
  • D. Legal requirements determined by the organization headquarters’ location

Correct Answer: A

Community vote distribution

A (90%)

10%

Question #119

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?

  • A. Collect the security-related information required for metrics, assessments, and reporting.
  • B. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
  • C. Define an ISCM strategy based on risk tolerance.
  • D. Establish an ISCM technical architecture.

Correct Answer: C

Community vote distribution

C (100%)

Question #120

An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?

  • A. RAID level 1
  • B. RAID level 3
  • C. RAID level 4
  • D. RAID level 5

Correct Answer: D

Community vote distribution

D (66%)

A (34%)

Question #121

Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?

  • A. Centralized network provisioning
  • B. Reduced network latency when scaled
  • C. Centralized network administrative control
  • D. Reduced hardware footprint and cost

Correct Answer: C

Community vote distribution

C (100%)

Question #122

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

  • A. Warn users of a breach.
  • B. Reset all passwords.
  • C. Segment the network.
  • D. Shut down the network.

Correct Answer: C

Community vote distribution

C (67%)

D (22%)

Question #123

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

  • A. Application development
  • B. Spiral development functional testing
  • C. Security control testing
  • D. DevOps Integrated Product Team (IPT) development

Correct Answer: C

Community vote distribution

C (100%)

Question #124

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?

  • A. Data sanitization
  • B. Data validation
  • C. Service accounts removal
  • D. Logging and monitoring

Correct Answer: B

Community vote distribution

B (100%)

Question #125

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory

Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.

Which of the following is the MOST challenging aspect of this investigation?

  • A. Group policy implementation
  • B. SCADA network latency
  • C. Physical access to the system
  • D. Volatility of data

Correct Answer: C

Community vote distribution

D (59%)

C (41%)

Question #126

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

  • A. Configuration item
  • B. Configuration element
  • C. Ledger item
  • D. Asset register

Correct Answer: A

Community vote distribution

A (100%)

Question #127

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?

  • A. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.
  • B. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
  • C. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
  • D. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.

Correct Answer: A

Community vote distribution

A (83%)

B (17%)

Question #128

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over

Internet Protocol (VoIP) services?

  • A. Mean time to repair (MTTR)
  • B. Quality of Service (QoS) between applications
  • C. Financial penalties in case of disruption
  • D. Availability of network services

Correct Answer: B

Community vote distribution

D (57%)

B (43%)

Question #129

A company hired an external vendor to perform a penetration test of a new payroll system. The company’s internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

  • A. Inadequate performance testing
  • B. Inadequate application level testing
  • C. Failure to perform negative testing
  • D. Failure to perform interface testing

Correct Answer: B

Community vote distribution

D (78%)

B (22%)

Question #130

An organization wants to define as physical perimeter. What primary device should be used to accomplish this objective if the organization’s perimeter MUST cost- efficiently deter casual trespassers?

  • A. Fences three to four feet high with a turnstile
  • B. Fences six to seven feet high with a painted gate
  • C. Fences accompanied by patrolling security guards
  • D. Fences eight or more feet high with three strands of barbed wire

Correct Answer: D

Community vote distribution

A (72%)

D (28%)

Question #131

Which of the following vulnerabilities can be BEST detected using automated analysis?

  • A. Multi-step process attack vulnerabilities
  • B. Business logic flaw vulnerabilities
  • C. Valid cross-site request forgery (CSRF) vulnerabilities
  • D. Typical source code vulnerabilities

Correct Answer: D

Community vote distribution

D (100%)

Question #132

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization’s information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

  • A. PM
  • B. Information owner
  • C. Data Custodian
  • D. Mission/Business Owner

Correct Answer: C

Community vote distribution

B (60%)

C (32%)

Question #133

Which of the following determines how traffic should flow based on the status of the infrastructure layer?

  • A. Control plane
  • B. Application plane
  • C. Traffic plane
  • D. Data plane

Correct Answer: D

Community vote distribution

A (91%)

Question #134

When testing password strength, which of the following is the BEST method for brute forcing passwords?

  • A. Conduct an offline attack on the hashed password information.
  • B. Use a comprehensive list of words to attempt to guess the password.
  • C. Use social engineering methods to attempt to obtain the password.
  • D. Conduct an online password attack until the account being used is locked.

Correct Answer: A

Community vote distribution

A (72%)

B (24%)

Question #135

Which of the following is the name of an individual or group that is impacted by a change?

  • A. Change agent
  • B. End User
  • C. Stakeholder
  • D. Sponsor

Correct Answer: B

Community vote distribution

C (51%)

B (49%)

Question #136

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

  • A. Never to store personal data of EU citizens outside the EU
  • B. Data masking and encryption of personal data
  • C. Only to use encryption protocols approved by EU
  • D. Anonymization of personal data when transmitted to sources outside the EU

Correct Answer: B

Community vote distribution

B (77%)

A (23%)

Question #137

What is the PRIMARY benefit of incident reporting and computer crime investigations?

  • A. Complying with security policy
  • B. Repairing the damage and preventing future occurrences
  • C. Providing evidence to law enforcement
  • D. Appointing a computer emergency response team

Correct Answer: C

Community vote distribution

B (57%)

C (36%)

Question #138

Which of the following is the MOST common method of memory protection?

  • A. Error correction
  • B. Virtual local area network (VLAN) tagging
  • C. Segmentation
  • D. Compartmentalization

Correct Answer: C

Community vote distribution

C (100%)

Question #139

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

  • A. Source code review
  • B. Threat modeling
  • C. Penetration testing
  • D. Manual inspections and reviews

Correct Answer: B

Community vote distribution

B (94%)

Question #140

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

  • A. Store information about browsing activities on the personal device.
  • B. Prevent information about browsing activities from being stored on the personal device.
  • C. Prevent information about browsing activities from being stored in the cloud.
  • D. Store browsing activities in the cloud.

Correct Answer: C

Community vote distribution

C (57%)

B (43%)

Question #141

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

  • A. Deployment
  • B. Development
  • C. Test
  • D. Design

Correct Answer: B

Community vote distribution

B (82%)

Question #142

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

  • A. Administrative privileges on the hypervisor
  • B. Administrative privileges on the application folders
  • C. Administrative privileges on the web server
  • D. Administrative privileges on the OS

Correct Answer: B

Community vote distribution

B (70%)

C (30%)

Question #143

A security practitioner detects an Endpoint attack on the organization’s network. What is the MOST reasonable approach to mitigate future Endpoint attacks?

  • A. Remove all non-essential client-side web services from the network.
  • B. Harden the client image before deployment.
  • C. Screen for harmful exploits of client-side services before implementation.
  • D. Block all client-side web exploits at the perimeter.

Correct Answer: C

Community vote distribution

B (88%)

Question #144

What are the essential elements of a Risk Assessment Report (RAR)?

  • A. Executive summary, body of the report, and appendices
  • B. Executive summary, graph of risks, and process
  • C. Table of contents, testing criteria, and index
  • D. Table of contents, chapters, and executive summary

Correct Answer: A

Community vote distribution

A (100%)

Question #145

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus’ variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?

  • A. Address Space Layout Randomization (ASLR)
  • B. Trusted Platform Module (TPM)
  • C. Virtualization
  • D. Process isolation

Correct Answer: A

Community vote distribution

A (100%)

Question #146

The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?

  • A. Information Security Management System (ISMS)
  • B. Configuration Management Database (CMDB)
  • C. Security Information and Event Management (SIEM)
  • D. Information Technology Asset Management (ITAM)

Correct Answer: B

Community vote distribution

B (100%)

Question #147

What type of investigation applies when malicious behavior is suspected between two organizations?

  • A. Regulatory
  • B. Operational
  • C. Civil
  • D. Criminal

Correct Answer: C

Community vote distribution

C (100%)

Question #148

Which of the following techniques evaluates the secure design principles of network or software architectures?

  • A. Risk modeling
  • B. Waterfall method
  • C. Threat modeling
  • D. Fuzzing

Correct Answer: C

Community vote distribution

C (100%)

Question #149

Which element of software supply chain management has the GREATEST security risk to organizations?

  • A. Unsupported libraries are often used.
  • B. Applications with multiple contributors are difficult to evaluate.
  • C. Vulnerabilities are difficult to detect.
  • D. New software development skills are hard to acquire.

Correct Answer: A

Community vote distribution

A (69%)

B (25%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT