VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free Dumps, Free ISACA Dump

Free CISSP Dump

Question #250

In an IDEAL encryption system, who has sole access to the decryption key?

  • A. Data custodian
  • B. System owner
  • C. System administrator
  • D. Data owner

Correct Answer: D

Community vote distribution

D (83%)

A (17%)

Question #251

Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?

  • A. Cutover
  • B. Parallel
  • C. Walkthrough
  • D. Tabletop

Correct Answer: D

Community vote distribution

A (93%)

7%

Question #252

Which of the following methods provides the MOST protection for user credentials?

  • A. Forms-based authentication
  • B. Self-registration
  • C. Basic authentication
  • D. Digest authentication

Correct Answer: A

Community vote distribution

D (100%)

Question #253

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

  • A. Functional test
  • B. Unit test
  • C. Grey box
  • D. White box

Correct Answer: D

Community vote distribution

C (62%)

D (38%)

Question #254

How does Radio-Frequency Identification (RFID) assist with asset management?

  • A. It uses biometric information for system identification.
  • B. It uses two-factor authentication (2FA) for system identification.
  • C. It transmits unique serial numbers wirelessly.
  • D. It transmits unique Media Access Control (MAC) addresses wirelessly.

Correct Answer: C

Community vote distribution

C (100%)

Question #255

Which of the following is the FIRST step an organization’s professional performs when defining a cyber-security program based upon industry standards?

  • A. Review the past security assessments
  • B. Define the organization’s objectives regarding security and risk mitigation
  • C. Map the organization’s current security practices to industry standards and frameworks
  • D. Select from a choice of security best practices

Correct Answer: C

Community vote distribution

B (100%)

Question #256

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

  • A. Maintaining the chain of custody
  • B. Capturing an image of the system
  • C. Outlining all actions taken during the investigation
  • D. Complying with the organization’s security policy

Correct Answer: A

Community vote distribution

A (100%)

Question #257

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address

192.168.1.6/30. Which of the following is correct?

  • A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate
  • B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate
  • C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate
  • D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate

Correct Answer: B

Community vote distribution

D (100%)

Question #258

Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and which of the following?

  • A. Protecting
  • B. Copying
  • C. Enhancing
  • D. Executing

Correct Answer: A

Community vote distribution

C (50%)

A (50%)

Question #259

Which of the following is a risk matrix?

  • A. A tool for determining risk management decisions for an activity or system.
  • B. A database of risks associated with a specific information system.
  • C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.
  • D. A table of risk management factors for management to consider.

Correct Answer: A

Community vote distribution

C (62%)

A (38%)

Question #260

What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?

  • A. Threat analysis
  • B. Vulnerability analysis
  • C. Key Performance Indicator (KPI)
  • D. Key Risk Indiaitor (KRI)

Correct Answer: A

Community vote distribution

D (65%)

C (20%)

A (15%)

Question #261

A company needs to provide employee access to travel services, which are hosted by a third-party service provider. Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?

  • A. Single sign-on (SSO) access
  • B. Security Assertion Markup Language (SAML) access
  • C. Open Authorization (OAuth) access
  • D. Federated access

Correct Answer: D

Community vote distribution

D (77%)

A (18%)

5%

Question #262

The Chief Executive Officer (CEO) wants to implement an internal audit of the company’s information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company’s policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization’s robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?

  • A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.
  • B. The scope of the penetration test exercise and the internal audit were significantly different.
  • C. The external penetration testing company used custom zero-day attacks that could not have been predicted.
  • D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.

Correct Answer: A

Community vote distribution

A (78%)

11%

11%

Question #263

An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

  • A. Application
  • B. Transport
  • C. Session
  • D. Presentation

Correct Answer: A

Community vote distribution

A (100%)

Question #264

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?

  • A. System security officer
  • B. System processor
  • C. System custodian
  • D. System analyst

Correct Answer: C

Community vote distribution

C (63%)

A (38%)

Question #265

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?

  • A. Conduct a site survey.
  • B. Choose a suitable location.
  • C. Check the technical design.
  • D. Categorize assets.

Correct Answer: A

Community vote distribution

A (63%)

D (37%)

Question #266

Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management’s directive?

  • A. Routine reports generated by the user’s cellular phone provider that detail security events
  • B. Strict integration of application management, configuration management (CM), and phone management
  • C. Management application installed on user phones that tracks all application events and cellular traffic
  • D. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity

Correct Answer: C

Community vote distribution

B (71%)

C (18%)

12%

Question #267

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes.

What is the BEST design approach to securing this environment?

  • A. Use reverse proxies to create a secondary “shadow” environment for critical systems.
  • B. Place firewalls around critical devices, isolating them from the rest of the environment.
  • C. Layer multiple detective and preventative technologies at the environment perimeter.
  • D. Align risk across all interconnected elements to ensure critical threats are detected and handled.

Correct Answer: B

Community vote distribution

B (35%)

D (35%)

C (30%)

Question #268

Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?

  • A. Memory forensics
  • B. Logfile analysis
  • C. Reverse engineering
  • D. Antivirus operations

Correct Answer: C

Community vote distribution

A (92%)

8%

Question #269

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user realizing it?

  • A. Process injection
  • B. Cross-Site request forgery (CSRF)
  • C. Cross-Site Scripting (XSS)
  • D. Broken Authentication And Session Management

Correct Answer: B

Community vote distribution

B (100%)

Question #270

A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?

  • A. Mitigate the risks with compensating controls.
  • B. Upgrade the software affected by the vulnerability.
  • C. Remove the affected software from the servers.
  • D. Inform management of possible risks.

Correct Answer: A

Community vote distribution

A (50%)

D (50%)

Question #271

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air

Conditioning (HVAC) intakes on the ground level that have ultraviolet light fi lters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?

  • A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system
  • B. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system
  • C. Add additional ultraviolet light fi lters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200
  • D. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200

Correct Answer: A

Community vote distribution

D (67%)

A (33%)

Question #272

Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?

  • A. To verify the validity of an X.509 digital certificate
  • B. To obtain the expiration date of an X.509 digital certificate
  • C. To obtain the revocation status of an X.509 digital certificate
  • D. To obtain the author name of an X.509 digital certificate

Correct Answer: C

Community vote distribution

C (63%)

A (38%)

Question #273

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language

(SAML). What is the PRIMARY security benefit in switching to SAML?

  • A. It enables single sign-on (SSO) for web applications.
  • B. It uses Transport Layer Security (TLS) to address confidentiality.
  • C. It limits unnecessary data entry on web forms.
  • D. The users’ password is not passed during authentication.

Correct Answer: A

Community vote distribution

D (50%)

A (50%)

Question #274

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization’s dedicated environment with a cloud service provider.

What is the BEST way to prevent and correct the software’s security weaknesses?

  • A. Follow the software end-of-life schedule
  • B. Implement a dedicated COTS sandbox environment
  • C. Transfer the risk to the cloud service provider
  • D. Examine the software updating and patching process

Correct Answer: B

Community vote distribution

D (86%)

14%

Question #275

What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?

  • A. Inference
  • B. Aggregation
  • C. Polyinstantiation
  • D. Data mining

Correct Answer: A

Community vote distribution

A (70%)

D (15%)

B (15%)

Question #276

In a multi-tenant cloud environment, what approach will secure logical access to assets?

  • A. Controlled configuration management (CM)
  • B. Transparency/Auditability of administrative access
  • C. Virtual private cloud (VPC)
  • D. Hybrid cloud

Correct Answer: C

Community vote distribution

C (100%)

Question #277

An information technology (IT) employee who travels frequently to various countries remotely connects to an organization’s resources to troubleshoot problems.

Which of the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements?

  • A. Install a third-party screen sharing solution that provides remote connection from a public website.
  • B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
  • C. Implement a Dynamic Domain Name Services (DONS) account to initiate a virtual private network (VPN) using the DONS record.
  • D. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Correct Answer: B

Community vote distribution

B (100%)

Question #278

Which of the following is the BEST way to determine the success of a patch management process?

  • A. Change management
  • B. Configuration management (CM)
  • C. Analysis and impact assessment
  • D. Auditing and assessment

Correct Answer: C

Community vote distribution

D (77%)

A (23%)

Question #279

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?

  • A. Implement a user reporting policy.
  • B. Implement a data encryption policy.
  • C. Implement a user training policy.
  • D. Implement a data classification policy.

Correct Answer: C

Community vote distribution

D (75%)

C (25%)

Question #280

A security engineer is required to integrate security into a software project that is implemented by small groups that quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?

  • A. Devops Integrated Product Team (IPT)
  • B. Structured Waterfall Programming Development
  • C. Service-oriented architecture (SOA)
  • D. Spiral Methodology

Correct Answer: D

Community vote distribution

A (62%)

D (38%)

Question #281

Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?

  • A. Agile software development
  • B. Secure software development
  • C. Application threat modeling
  • D. Penetration testing

Correct Answer: C

Community vote distribution

C (100%)

Question #282

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/

IP) model?

  • A. Data Link and Physical Layers
  • B. Session and Network Layers
  • C. Transport Layer
  • D. Application, Presentation, and Session Layers

Correct Answer: B

Community vote distribution

A (100%)

Question #283

An organization’s retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

  • A. Update the Network Address Translation (NAT) table.
  • B. Update Domain Name System (DNS) server addresses with domain registrar.
  • C. Update the Border Gateway Protocol (BGP) autonomous system number.
  • D. Update the web server network adapter configuration.

Correct Answer: B

Community vote distribution

C (60%)

B (40%)

Question #284

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

  • A. Disallow untested code in the execution space of the SCADA device.
  • B. Disable all command line interfaces.
  • C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.
  • D. Prohibit the use of unsecure scripting languages.

Correct Answer: D

Community vote distribution

A (88%)

13%

Question #285

Which of the following secure transport protocols is often used to secure Voice over Internet Protocol (VoIP) communications on a network from end to end?

  • A. Secure File Transfer Protocol (SFTP)
  • B. Secure Real-time Transport Protocol (SRTP)
  • C. Generic Routing Encapsulation (GRE)
  • D. Internet Protocol Security (IPSec)

Correct Answer: D

Community vote distribution

B (100%)

Question #286

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?

  • A. Update the contract to require the vendor to perform security code reviews.
  • B. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
  • C. Update the contract so that the vendor is obligated to provide security capabilities.
  • D. Update the service level agreement (SLA) to require the vendor to provide security capabilities.

Correct Answer: B

Community vote distribution

C (86%)

14%

Question #287

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application?

  • A. Host-based intrusion prevention system (HIPS)
  • B. Access control list (ACL)
  • C. Data loss prevention (DLP)
  • D. File integrity monitoring (FIM)

Correct Answer: A

Community vote distribution

C (65%)

B (35%)

Question #288

A client server infrastructure that provides user-to-server authentication describes which one of the following?

  • A. Secure Sockets Layer (SSL)
  • B. User-based authorization
  • C. Kerberos
  • D. X.509

Correct Answer: B

Community vote distribution

C (100%)

Question #289

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user’s laptop. Which security mechanism addresses this requirement?

  • A. Trusted Platform Module (TPM)
  • B. Certificate revocation list (CRL) policy
  • C. Key exchange
  • D. Hardware encryption

Correct Answer: A

Community vote distribution

A (60%)

B (40%)

Question #290

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

  • A. Information Security Continuous Monitoring (ISCM)
  • B. Risk Management Framework (RMF)
  • C. Information Sharing & Analysis Centers (ISAC)
  • D. Information Security Management System (ISMS)

Correct Answer: A

Community vote distribution

A (100%)

Question #291

Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?

  • A. Proxy firewalls
  • B. Circuit-level firewalls
  • C. Network Address Translation (NAT) firewalls
  • D. Host-based firewalls

Correct Answer: C

Community vote distribution

B (100%)

Question #292

What is a use for mandatory access control (MAC)?

  • A. Allows for mandatory user identity and passwords based on sensitivity
  • B. Allows for mandatory system administrator access control over objects
  • C. Allows for labeling of sensitive user accounts for access control
  • D. Allows for object security based on sensitivity represented by a label

Correct Answer: D

Community vote distribution

D (100%)

Question #293

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization’s business goals?

  • A. Share only what the organization decides is best.
  • B. Stop sharing data with the other users.
  • C. Default the user to not share any information.
  • D. Inform the user of the sharing feature changes after implemented.

Correct Answer: C

Community vote distribution

C (50%)

D (50%)

Question #294

Which of the following system components enforces access controls on an object?

  • A. Security perimeter
  • B. Access control matrix
  • C. Trusted domain
  • D. Reference monitor

Correct Answer: D

Community vote distribution

D (100%)

Question #295

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?

  • A. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.
  • B. The results of the tests represent a point-in-time assessment of the target(s).
  • C. The deficiencies identified can be corrected immediately.
  • D. The target’s security posture cannot be further compromised.

Correct Answer: C

Community vote distribution

B (100%)

Question #296

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

  • A. Identifies which security patches still need to be installed on the system
  • B. Reduces the risk of polymorphic viruses from encrypting their payload
  • C. Stops memory resident viruses from propagating their payload
  • D. Helps prevent certain exploits that store code in buffers

Correct Answer: B

Community vote distribution

D (100%)

Question #297

What is the overall goal of software security testing?

  • A. Identifying the key security features of the software
  • B. Ensuring all software functions perform as specified
  • C. Reducing vulnerabilities within a software system
  • D. Making software development more agile

Correct Answer: B

Community vote distribution

C (88%)

12%

Question #298

Which of the following implementations will achieve high availability in a website?

  • A. Disk mirroring of the web server with redundant disk drives in a hardened data center
  • B. Disk striping of the web server hard drives and large amounts of bandwidth
  • C. Multiple geographically dispersed web servers that are configured for failover
  • D. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of bandwidth

Correct Answer: C

Community vote distribution

C (100%)

Question #299

Which of the following is an important design feature for the outer door of a mantrap?

  • A. Allow it to be opened by an alarmed emergency button.
  • B. Do not allow anyone to enter it alone.
  • C. Do not allow it to be observed by closed-circuit television (CCTV) cameras.
  • D. Allow it be opened when the inner door of the mantrap is also open.

Correct Answer: D

Community vote distribution

A (94%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT