VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free Dumps, Free ISACA Dump

Free CISSP Dump

Question #150

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

  • A. Communicate with the press following the communications plan
  • B. Dispatch personnel to the disaster recovery (DR) site
  • C. Take photos of the damage
  • D. Notify all of the Board of Directors

Correct Answer: D

Community vote distribution

C (51%)

D (30%)

B (19%)

Question #151

When designing a new Voice over Internet Protocol (VoIP) network, an organization’s top concern is preventing unauthorized users accessing the VoIP network.

Which of the following will BEST help secure the VoIP network?

  • A. 802.11g
  • B. Web application firewall (WAF)
  • C. Transport Layer Security (TLS)
  • D. 802.1x

Correct Answer: C

Community vote distribution

D (56%)

C (44%)

Question #152

A user’s credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

  • A. Use a salted cryptographic hash of the password.
  • B. Validate passwords using a stored procedure.
  • C. Allow only the application to have access to the password field in order to verify user authentication.
  • D. Encrypt the entire database and embed an encryption key in the application.

Correct Answer: D

Community vote distribution

A (54%)

D (38%)

Question #153

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

  • A. Common Vulnerabilities and Exposures (CVE)
  • B. Center for Internet Security (CIS)
  • C. Common Vulnerability Scoring System (CVSS)
  • D. Open Web Application Security Project (OWASP)

Correct Answer: C

Community vote distribution

C (87%)

13%

Question #154

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?

  • A. Disaster recovery (DR)
  • B. Availability
  • C. Redundancy
  • D. Business continuity (BC)

Correct Answer: B

Community vote distribution

B (86%)

14%

Question #155

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

  • A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
  • B. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
  • C. Data stewardship roles, data handling and storage standards, data lifecycle requirements
  • D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Correct Answer: A

Community vote distribution

C (79%)

A (21%)

Question #156

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

  • A. Headcount and capacity
  • B. Scope and service catalog
  • C. Skill set and training
  • D. Tools and technologies

Correct Answer: B

Community vote distribution

B (60%)

C (40%)

Question #157

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization’s needs?

  • A. Decentralized
  • B. Hybrid
  • C. Centralized
  • D. Federated

Correct Answer: D

Community vote distribution

B (79%)

D (21%)

Question #158

Which of the following is a secure design principle for a new product?

  • A. Restrict the use of modularization.
  • B. Do not rely on previously used code.
  • C. Build in appropriate levels of fault tolerance.
  • D. Utilize obfuscation whenever possible.

Correct Answer: C

Community vote distribution

C (50%)

D (30%)

B (20%)

Question #159

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

  • A. Standardize specifications between software security products.
  • B. Achieve organizational compliance with international standards.
  • C. Improve vulnerability assessment capabilities.
  • D. Save security costs for the organization.

Correct Answer: A

Community vote distribution

A (50%)

C (46%)

Question #160

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

  • A. Network syntax, abstraction of network flow, and abstraction of network protocols
  • B. Network syntax, abstraction of network commands, and abstraction of network protocols
  • C. Familiar syntax, abstraction of network topology, and definition of network protocols
  • D. Familiar syntax, abstraction of network topology, and abstraction of network protocols

Correct Answer: A

Community vote distribution

D (64%)

A (18%)

C (18%)

Question #161

Which of the following is a unique feature of attribute-based access control (ABAC)?

  • A. A user is granted access to a system at a particular time of day.
  • B. A user is granted access to a system based on username and password.
  • C. A user is granted access to a system based on group affinity.
  • D. A user is granted access to a system with biometric authentication.

Correct Answer: A

Community vote distribution

A (92%)

Question #162

Which of the following is the BEST approach to implement multiple servers on a virtual system?

  • A. Implement one primary function per virtual server and apply individual security configuration for each virtual server.
  • B. Implement multiple functions within the same virtual server and apply individual security configurations to each function.
  • C. Implement one primary function per virtual server and apply high security configuration on the host operating system.
  • D. Implement multiple functions per virtual server and apply the same security configuration for each virtual server.

Correct Answer: D

Community vote distribution

A (79%)

D (21%)

Question #163

Which of the following is the MOST common cause of system or security failures?

  • A. Lack of physical security controls
  • B. Lack of change control
  • C. Lack of logging and monitoring
  • D. Lack of system documentation

Correct Answer: B

Community vote distribution

B (100%)

Question #164

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

  • A. Chief Security Officer (CSO)
  • B. Information owner
  • C. Chief Information Security Officer (CISO)
  • D. General Counsel

Correct Answer: C

Community vote distribution

C (100%)

Question #165

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

  • A. Execute
  • B. Read
  • C. Write
  • D. Append

Correct Answer: C

Community vote distribution

D (88%)

13%

Question #166

When performing an investigation with the potential for legal action, what should be the analyst’s FIRST consideration?

  • A. Data decryption
  • B. Chain-of-custody
  • C. Authorization to collect
  • D. Court admissibility

Correct Answer: B

Community vote distribution

B (70%)

C (27%)

Question #167

Building blocks for software-defined networks (SDN) require which of the following?

  • A. The SDN is composed entirely of client-server pairs.
  • B. Random-access memory (RAM) is used in preference to virtual memory.
  • C. The SDN is mostly composed of virtual machines (VM).
  • D. Virtual memory is used in preference to random-access memory (RAM).

Correct Answer: C

Community vote distribution

C (55%)

D (36%)

9%

Question #168

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

  • A. Quarterly or more frequently depending upon the advice of the information security manager
  • B. As often as necessary depending upon the stability of the environment and business requirements
  • C. Annually or less frequently depending upon audit department requirements
  • D. Semi-annually and in alignment with a fiscal half-year business cycle

Correct Answer: D

Community vote distribution

D (37%)

B (35%)

C (26%)

Question #169

Which security audit standard provides the BEST way for an organization to understand a vendor’s Information Systems (IS) in relation to confidentiality, integrity, and availability?

  • A. Service Organization Control (SOC) 2
  • B. Statement on Standards for Attestation Engagements (SSAE) 18
  • C. Statement on Auditing Standards (SAS) 70
  • D. Service Organization Control (SOC) 1

Correct Answer: D

Community vote distribution

A (82%)

B (18%)

Question #170

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

  • A. Allowed number of characters
  • B. Population of required fields
  • C. Reasonable data
  • D. Session testing

Correct Answer: B

Community vote distribution

A (45%)

C (38%)

B (17%)

Question #171

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

  • A. Platform as a Service (PaaS)
  • B. Anything as a Service (XaaS)
  • C. Infrastructure as a Service (IaaS)
  • D. Software as a Service (SaaS)

Correct Answer: A

Community vote distribution

D (58%)

A (42%)

Question #172

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

  • A. Mandatory Access Control (MAC) and Discretionary Access Control (DAC)
  • B. Discretionary Access Control (DAC) and Access Control List (ACL)
  • C. Role Based Access Control (RBAC) and Mandatory Access Control (MAC)
  • D. Role Based Access Control (RBAC) and Access Control List (ACL)

Correct Answer: D

Community vote distribution

D (90%)

10%

Question #173

Which of the following is the MOST significant key management problem due to the number of keys created?

  • A. Exponential growth when using symmetric keys
  • B. Exponential growth when using asymmetric keys
  • C. Storage of the keys require increased security
  • D. Keys are more difficult to provision and revoke

Correct Answer: C

Community vote distribution

A (61%)

B (24%)

C (15%)

Question #174

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)

Code of Professional Ethics, which of the following should the CISSP do?

  • A. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified
  • B. Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner
  • C. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it
  • D. Review the PCI requirements before performing the vulnerability assessment

Correct Answer: A

Community vote distribution

A (79%)

D (21%)

Question #175

While performing a security review for a new product, an information security professional discovers that the organization’s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

  • A. Customer identifiers should be a variant of the user’s government-issued ID number.
  • B. Customer identifiers should be a cryptographic hash of the user’s government-issued ID number.
  • C. Customer identifiers that do not resemble the user’s government-issued ID number should be used.
  • D. Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe.”

Correct Answer: B

Community vote distribution

C (82%)

D (18%)

Question #176

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

  • A. Biometric data cannot be changed.
  • B. The biometric devices are unknown.
  • C. Biometric data must be protected from disclosure.
  • D. Separate biometric data streams require increased security.

Correct Answer: A

Community vote distribution

C (88%)

13%

Question #177

Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?

  • A. Failover
  • B. Fail-Closed
  • C. Fail-Safe
  • D. Fail-Open

Correct Answer: B

Community vote distribution

B (79%)

C (21%)

Question #178

Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?

  • A. Multi-factor authentication (MFA)
  • B. Directory
  • C. User database
  • D. Single sign-on (SSO)

Correct Answer: B

Community vote distribution

B (75%)

D (25%)

Question #179

Which of the following statements is TRUE about Secure Shell (SSH)?

  • A. SSH supports port forwarding, which can be used to protect less secured protocols.
  • B. SSH does not protect against man-in-the-middle (MITM) attacks.
  • C. SSH is easy to deploy because it requires a Web browser only.
  • D. SSH can be used with almost any application because it is concerned with maintaining a circuit.

Correct Answer: A

Community vote distribution

A (100%)

Question #180

What is considered a compensating control for not having electrical surge protectors installed?

  • A. Having dual lines to network service providers built to the site
  • B. Having a hot disaster recovery (DR) environment for the site
  • C. Having network equipment in active-active clusters at the site
  • D. Having backup diesel generators installed to the site

Correct Answer: B

Community vote distribution

B (73%)

D (27%)

Question #181

What is the FIRST step in risk management?

  • A. Identify the factors that have potential to impact business.
  • B. Establish the scope and actions required.
  • C. Identify existing controls in the environment.
  • D. Establish the expectations of stakeholder involvement.

Correct Answer: C

Community vote distribution

A (92%)

8%

Question #182

Which of the following is the PRIMARY goal of logical access controls?

  • A. Restrict access to an information asset.
  • B. Ensure availability of an information asset.
  • C. Restrict physical access to an information asset.
  • D. Ensure integrity of an information asset.

Correct Answer: A

Community vote distribution

A (73%)

D (27%)

Question #183

Which of the following is a covert channel type?

  • A. Pipe
  • B. Memory
  • C. Storage
  • D. Monitoring

Correct Answer: D

Community vote distribution

C (89%)

11%

Question #184

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

  • A. Weakly typed
  • B. Dynamically typed
  • C. Strongly typed
  • D. Statically typed

Correct Answer: B

Community vote distribution

C (100%)

Question #185

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?

  • A. Data Custodian
  • B. Data Reviewer
  • C. Data User
  • D. Data Owner

Correct Answer: D

Community vote distribution

A (83%)

D (17%)

Question #186

What is static analysis intended to do when analyzing an executable file?

  • A. Search the documents and files associated with the executable file.
  • B. Analyze the position of the file in the file system and the executable file’s libraries.
  • C. Collect evidence of the executable file’s usage, including dates of creation and last use.
  • D. Disassemble the file to gather information about the executable file’s function.

Correct Answer: B

Community vote distribution

D (69%)

B (31%)

Question #187

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all

Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

  • A. Application-Level Proxy
  • B. Intrusion detection system (IDS)
  • C. Host-based Firewall
  • D. Circuit-Level Proxy

Correct Answer: A

Community vote distribution

A (78%)

C (22%)

Question #188

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

  • A. ICS often run on UNIX operating systems.
  • B. ICS often do not have availability requirements.
  • C. ICS are often sensitive to unexpected traffic.
  • D. ICS are often isolated and difficult to access.

Correct Answer: C

Community vote distribution

C (79%)

D (21%)

Question #189

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

  • A. Frequent audits
  • B. Segregation of Duties (SoD)
  • C. Removal of service accounts from review
  • D. Clear provisioning policies

Correct Answer: D

Community vote distribution

D (100%)

Question #190

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

  • A. Organizational Security Policy
  • B. Security Target (ST)
  • C. Protection Profile (PP)
  • D. Target of Evaluation (TOE)

Correct Answer: C

Community vote distribution

C (88%)

12%

Question #191

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

  • A. Data on the device cannot be restored from backup.
  • B. Data on the device cannot be backed up.
  • C. Data in transit has been compromised when the user has authenticated to the device.
  • D. Data at rest has been compromised when the user has authenticated to the device.

Correct Answer: D

Community vote distribution

D (69%)

C (31%)

Question #192

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

  • A. Implement network access control lists (ACL).
  • B. Implement an intrusion prevention system (IPS).
  • C. Implement a web application firewall (WAF).
  • D. Implement egress filtering at the organization’s network boundary.

Correct Answer: D

Community vote distribution

A (73%)

D (19%)

Question #193

A large organization’s human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

  • A. Implement a Privileged Access Management (PAM) system.
  • B. Implement a role-based access control (RBAC) system.
  • C. Implement identity and access management (IAM) platform.
  • D. Implement a single sign-on (SSO) platform.

Correct Answer: C

Community vote distribution

C (100%)

Question #194

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to exchange authentication and authorization data between security domains. However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leveraged against this flaw?

  • A. Attacker leverages SAML assertion to register an account on the security domain.
  • B. Attacker forges requests to authenticate as a different user.
  • C. Attacker exchanges authentication and authorization data between security domains.
  • D. Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.

Correct Answer: B

Community vote distribution

B (100%)

Question #195

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

  • A. Perform incremental assessments.
  • B. Engage a third-party auditing firm.
  • C. Review security architecture.
  • D. Conduct penetration testing.

Correct Answer: A

Community vote distribution

A (48%)

C (29%)

B (24%)

Question #196

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?

  • A. X-XSS-Protection
  • B. Content-Security-Policy
  • C. X-Frame-Options
  • D. Strict-Transport-Security

Correct Answer: C

Community vote distribution

B (100%)

Question #197

A security professional was tasked with rebuilding a company’s wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

  • A. Facility size, intermodulation, and direct satellite service
  • B. Performance, geographic location, and radio signal interference
  • C. Existing client devices, manufacturer reputation, and electrical interference
  • D. Hybrid frequency band, service set identifier (SSID), and interpolation

Correct Answer: B

Community vote distribution

B (63%)

C (37%)

Question #198

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

  • A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
  • B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
  • C. Open source libraries contain unknown vulnerabilities, so they should not be used.
  • D. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

Correct Answer: A

Community vote distribution

A (88%)

13%

Question #199

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

  • A. Lower environment
  • B. Desktop environment
  • C. Server environment
  • D. Production environment

Correct Answer: A

Community vote distribution

A (80%)

D (20%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT