VOUCHER GIẢM LỆ PHÍ THI GIÁ TỐT NSE FORTINET VOUCHERS 100% LỆ PHÍ THI
Liên hệ
Free Dumps, Free ISACA Dump

Free CISSP Dump

Question #400

Which of the following is a weakness of the Data Encryption Standard (DES)?

  • A. Block encryption scheme
  • B. Use of same key for encryption and decryption
  • C. Publicly disclosed algorithm
  • D. Inadequate key length

Correct Answer: D

Community vote distribution

D (100%)

Question #401

What are facets of trustworthy software in supply chain operations?

  • A. Functionality, safety, reliability, integrity, and accuracy
  • B. Confidentiality, integrity, availability, authenticity, and possession
  • C. Safety, reliability, availability, resilience, and security
  • D. Reparability, security, upgradability, functionality, and accuracy

Correct Answer: D

Community vote distribution

C (100%)

Question #402

In order to meet the project delivery deadline, a web application developer used readily available software components. Which is the BEST method for reducing the risk associated with this practice?

  • A. Ensure developers are using approved software development frameworks.
  • B. Obtain components from official sources over secured link.
  • C. Ensure encryption of all sensitive data in a manner that protects and defends against threats.
  • D. Implement a process to verify the effectiveness of the software components and settings.

Correct Answer: D

Community vote distribution

B (50%)

D (33%)

A (17%)

Question #403

To ensure proper governance of information throughout the lifecycle, which of the following should be assigned FIRST?

  • A. Owner
  • B. Classification
  • C. Custodian
  • D. Retention

Correct Answer: A

Community vote distribution

B (75%)

A (25%)

Question #404

An effective information security strategy is PRIMARILY based upon which of the following?

  • A. Risk management practices
  • B. Security budget constraints
  • C. Security control implementation
  • D. Industry and regulatory standards

Correct Answer: A

Community vote distribution

A (75%)

C (25%)

Question #405

One of Canada’s leading pharmaceutical firms recently hired a Chief Data Officer (CDO) to oversee its data privacy program. The CDO has discovered the firm’s marketing department has been collecting information from individuals without their knowledge and consent via the company website. Which of the following privacy regulations should concern the CDO regarding this practice?

  • A. The Health Insurance Portability and Accountability Act (HIPAA)
  • B. The Privacy Act of 1974
  • C. The Fair Information Practice Principles (FIPPs)
  • D. The Personal Information Protection and Electronic Documents Act (PIPEDA)

Correct Answer: D

Community vote distribution

D (100%)

Question #406

An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?

  • A. Implementation of frequent audits of access and activity in the ERP by a separate team with no operational duties
  • B. Implementation of strengthened authentication measures including mandatory second-factor authentication
  • C. Review of ERP access profiles to enforce the least-privilege principle based on existing employee responsibilities
  • D. Review of employee responsibilities and ERP access profiles to differentiate mission activities from system support activities

Correct Answer: C

Community vote distribution

D (100%)

Question #407

Which type of log collection is focused on detecting and responding to attacks, malware infection, and data theft?

  • A. Intrusion detection
  • B. Operational
  • C. Security
  • D. Compliance

Correct Answer: C

Community vote distribution

C (67%)

A (33%)

Question #408

If a medical analyst independently provides protected health information (PHI) to an external marketing organization, which ethical principal is this a violation of?

  • A. Higher ethic in the worst case
  • B. Informed consent
  • C. Change of scale test
  • D. Privacy regulations

Correct Answer: D

Community vote distribution

B (56%)

D (44%)

Question #409

Which of the following measures is the MOST critical in order to safeguard from a malware attack on a smartphone?

  • A. Enable strong password.
  • B. Install anti-virus for mobile.
  • C. Enable biometric authentication.
  • D. Prevent jailbreaking or rooting.

Correct Answer: B

Community vote distribution

D (90%)

10%

Question #410

Which of the following Secure Shell (SSH) remote access practices is MOST suited for scripted functions?

  • A. Restricting authentication by Internet Protocol (IP) address
  • B. Requiring multi-factor authentication (MFA)
  • C. Implementing access credentials management tools
  • D. Using public key-based authentication method

Correct Answer: D

Question #411

Which stage in the identity management (IdM) lifecycle constitutes the GREATEST risk for an enterprise if performed incorrectly?

  • A. Propagating
  • B. Deprovisioning
  • C. Provisioning
  • D. Maintaining

Correct Answer: B

Community vote distribution

B (57%)

C (43%)

Question #412

Which of the following reports provides the BEST attestation of detailed controls when evaluating an Identity as a Service (IDaaS) solution?

  • A. Service Organization Control (SOC) 1
  • B. Service Organization Control (SOC) 2
  • C. Service Organization Control (SOC) 3
  • D. Statement on Auditing Standards (SAS) 70

Correct Answer: B

Community vote distribution

B (100%)

Question #413

Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST method to use to protect them?

  • A. Pass data in a bearer assertion, only signed by the identity provider.
  • B. Tokens and assertion should use base64 encoding to assure confidentiality.
  • C. Use a challenge and response mechanism such as Challenge Handshake Authentication Protocol (CHAP).
  • D. The access token or assertion should be encrypted to ensure privacy.

Correct Answer: D

Question #414

The client of a security firm reviewed a vulnerability assessment report and claims the report is inaccurate. The client states that the vulnerabilities listed are not valid because the host’s operating system (OS) was not properly detected. Where in the vulnerability assessment process did the error MOST likely occur?

  • A. Report writing
  • B. Detection
  • C. Enumeration
  • D. Scanning

Correct Answer: B

Community vote distribution

D (86%)

14%

Question #415

For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?

  • A. Concern
  • B. Breach of contract
  • C. Proximate cause
  • D. Hardship

Correct Answer: C

Question #416

A large international organization that collects information from its consumers has contracted with a Software as a Service (SaaS) cloud provider to process this data. The SaaS cloud provider uses additional data processing to demonstrate other capabilities it wishes to offer to the data owner. This vendor believes additional data processing activity is allowed since they are not disclosing to other organizations. Which of the following BEST supports this rationale?

  • A. The data was encrypted at all times and only a few cloud provider employees had access.
  • B. As the data owner, the cloud provider has the authority to direct how the data will be processed.
  • C. As the data processor, the cloud provider has the authority to direct how the data will be processed.
  • D. The agreement between the two parties is vague and does not detail how the data can be used.

Correct Answer: C

Community vote distribution

D (100%)

Question #417

A security engineer is conducting an audit of an organization’s Voice over Internet Protocol (VoIP) phone network due to a large increase in charges from their phone provider. The engineer discovers unauthorized endpoints have connected to the phone server from the public internet and placed hundreds of unauthorized calls to parties around the globe. Which type of attack occurred?

  • A. Control eavesdropping
  • B. Toll fraud
  • C. Call hijacking
  • D. Address spoofing

Correct Answer: B

Question #418

An organization is looking to improve threat detection on their wireless network. The company goal is to automate alerts to improve response efforts. Which of the following best practices should be implemented FIRST?

  • A. Deploy a standalone guest Wi-Fi network.
  • B. Implement multi-factor authentication (MFA) on all domain accounts.
  • C. Deploy a wireless intrusion detection system (IDS).
  • D. Implement 802.1x authentication.

Correct Answer: D

Community vote distribution

C (92%)

8%

Question #419

Security personnel should be trained by emergency management personnel in what to do before and during a disaster, as well as their role in recovery efforts. Personnel should take required training for emergency response procedures and protocols. Which part of physical security design does this fall under?

  • A. Legal concerns
  • B. Loss prevention
  • C. Emergency preparedness
  • D. Liability for employee conduct

Correct Answer: C

Question #420

How is protection for hypervisor host and software administration functions BEST achieved?

  • A. Enforce network controls using a host-based firewall.
  • B. Deploy the management interface in a dedicated virtual network segment.
  • C. The management traffic pathway should have separate physical network interface cards (NIC) and network.
  • D. Deny permissions to specific virtual machines (VM) groups and objects.

Correct Answer: B

Community vote distribution

C (80%)

B (20%)

Question #421

To ensure compliance with the General Data Protection Regulation (GDPR), who in the organization should the help desk manager confer with before selecting a Software as a Service (SaaS) solution?

  • A. Data owner
  • B. Database administrator (DBA)
  • C. Data center manager
  • D. Data Protection Officer (DPO)

Correct Answer: D

Community vote distribution

D (100%)

Question #422

An Information System Security Officer (ISSO) employed by a large corporation, while also freelancing in a similar role for a competitor, violates what canon of the (ISC)2 Code of Professional Ethics?

  • A. Advance and protect the profession
  • B. Provide diligent and competent service to principals
  • C. Act honorably, honestly, justly, responsibly, and legally
  • D. Protect society, the commonwealth, and the infrastructure

Correct Answer: C

Community vote distribution

B (90%)

10%

Question #423

Which is the FIRST action the Incident Response team should take when an incident is suspected?

  • A. Choose a containment strategy.
  • B. Record all facts regarding the incident.
  • C. Attempt to identify the attacker.
  • D. Notify management of the incident.

Correct Answer: B

Community vote distribution

B (60%)

A (40%)

Question #424

A hospital has three data classification levels: shareable without restrictions, shareable with restrictions, and internal use only. Which of the following BEST demonstrates adhering to principles of good enterprise data classification?

  • A. A printout of the employee code of conduct marked “shareable with restrictions” is posted in the hallway where patients have access.
  • B. A printout of the employee code of conduct marked “internal use only” is posted in the waiting room.
  • C. A memo regarding a newly discovered data breach marked as “internal use only” is posted on the wall in the employee lunchroom.
  • D. An electronic health record (EHR) with personally identifiable information (PII) marked as “sharable with restrictions” is found in the employee lunchroom.

Correct Answer: C

Question #425

A web application requires users to register before they can use its services. Users must choose a unique username and a password that contains a minimum of eight characters. Which method MUST be used to store these passwords to ensure offline attacks are difficult?

  • A. Use an encryption algorithm that is fast with a random per-user encryption key.
  • B. Use a hash function that is fast with a per-user random salt.
  • C. Use a hash function with a cost factor and a per-user random salt.
  • D. Use an encryption algorithm with a random master key.

Correct Answer: C

Question #426

Which of the following is the PRIMARY objective of performing scans with an active discovery tool?

  • A. Discovering virus and malware activity
  • B. Discovering changes for security configuration management (CM)
  • C. Asset identification (ID) and inventory management
  • D. Vulnerability management and remediation

Correct Answer: C

Community vote distribution

C (100%)

Question #427

A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

  • A. Endpoint Detection and Response
  • B. Next-Generation Firewall
  • C. Intrusion detection and prevention system (IDPS)
  • D. Network Access Control (NAC)

Correct Answer: D

Community vote distribution

D (100%)

Question #428

A security operations center (SOC) discovers a recently deployed router beaconing to a malicious website. Replacing the router fixes the issue. What is the MOST likely cause of the router’s behavior?

  • A. The network administrator failed to reconfigure the router’s access control list (ACL).
  • B. The router was damaged during shipping or installed incorrectly.
  • C. The router was counterfeit and acquired through unauthorized channels.
  • D. The network administrator failed to update the router’s firmware.

Correct Answer: D

Community vote distribution

C (100%)

Question #429

The principle that personally identifiable information (PII) should be kept up-to-date and relevant to the purposes for which they are to be used is attributed to which fair information practice per the United States (US) Organization for Economic Cooperation and Development (OECD)?

  • A. Purpose Specification
  • B. Security Safeguards
  • C. Collection Limitation
  • D. Data Quality

Correct Answer: D

Community vote distribution

D (100%)

Question #430

Which of the following are common components of a Security Assertion Markup Language (SAML) based federation system?

  • A. Client, Service Provider, identity provider (IdP), Token
  • B. Client, Service Provider, Resource Server, Grant
  • C. Client, Authorization Server, identity provider (IdP), Claim
  • D. Client, Authorization Server, Resource Server, Assertion

Correct Answer: A

Community vote distribution

A (75%)

D (25%)

Question #431

Which of the following is the MOST effective way to ensure hardware and software remain updated throughout an organization?

  • A. Performance of frequent security configuration audits
  • B. Performance of regular vulnerability scans
  • C. Use an inventory management tool
  • D. Use an automated configuration monitoring system

Correct Answer: D

Community vote distribution

D (75%)

C (25%)

Question #432

When developing an electronic health record (EHR) in the United States (US), which of the following would be the BEST source of information for any compliance requirements?

  • A. World Health Organization (WHO)
  • B. International Organization for Standardization (ISO)
  • C. Health and Human Services (HHS)
  • D. American Public Health Association (APHA)

Correct Answer: C

Question #433

An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?

  • A. E-mail logs from foreign-hosted web server
  • B. Message header of received e-mails
  • C. Traffic logs from the corporate firewall
  • D. Log files of the corporate Simple Mail Transfer Protocol (SMTP) server

Correct Answer: B

Question #434

A new internal auditor is tasked with auditing the supply chain. The system owner stated that the last internal auditor was terminated because the auditor discovered too many deficient controls. The auditor reports this conversation to their manager. Which of the following audit integrity principles BEST applies to this situation?

  • A. Demonstrate competence while performing professional duties.
  • B. Perform professional duties with honesty, diligence, and responsibility.
  • C. Perform professional duties in accordance with company policy.
  • D. Be aware of any influences that may be exerted on professional judgement.

Correct Answer: D

Community vote distribution

D (100%)

Question #435

An organization implements supply chain risk management (SCRM) into all phases of the Systems Development Life Cycle (SDLC). What methodology is MOST important to ensure that SCRM requirements are met?

  • A. Supplier self-assessment
  • B. Procurement assessment
  • C. Vulnerability assessment
  • D. Third-party assessment

Correct Answer: D

Community vote distribution

D (100%)

Question #436

An organization needs to evaluate the effectiveness of security controls implemented on a new system. Which of the following roles should the organization entrust to conduct the evaluation?

  • A. Authorizing Official (AO)
  • B. System owner
  • C. Control assessor
  • D. Information System Security Officer (ISSO)

Correct Answer: C

Community vote distribution

C (100%)

Question #437

During a disruptive event, which security continuity objectives will maintain an organization’s information security to a predetermined level?

  • A. Disaster recovery plan (DRP)
  • B. Impact assessment report
  • C. Information security continuity plan
  • D. Business continuity plan (BCP)

Correct Answer: C

Community vote distribution

C (100%)

Question #438

An organization is implementing a bring your own device (BYOD) policy. What would be BEST for mitigating the risk of users managing their own devices and potentially bringing in malware?

  • A. Setting up access control lists (ACL) for these devices.
  • B. Installing a firewall on the organization’s primary network.
  • C. Setting up a separate network within the organization’s demilitarized zone (DMZ).
  • D. Setting up a separate, external wired or wireless network dedicated to these devices.

Correct Answer: D

Community vote distribution

D (75%)

C (25%)

Question #439

An organization acquired used technological equipment. This equipment will be integrated with new and existing business processes. What is the MOST appropriate consideration to identify the equipment that requires protection?

  • A. Total monetary value of the acquisition
  • B. The age of the computing hardware
  • C. Stakeholder concerns of how the assets are used
  • D. Length and extent of support by the vendor

Correct Answer: C

Community vote distribution

D (73%)

C (20%)

7%

Question #440

Which of the following is one of the key objectives regarding data management roles and responsibilities?

  • A. Determine data quality metrics.
  • B. Define important data ownership regardless of functions.
  • C. Establish data ownership during the final phase of a project.
  • D. Install data accountability.

Correct Answer: D

Community vote distribution

D (56%)

B (44%)

Question #441

What BEST describes data ownership?

  • A. Geographic sovereignty
  • B. Confidentiality and integrity
  • C. Accuracy and precision
  • D. Legal responsibilities

Correct Answer: D

Community vote distribution

D (100%)

Question #442

A senior security engineer has been tasked with ensuring the confidentiality and integrity of the organization’s most valuable personally identifiable information (PII). This data is stored on local file and database servers within the organization’s data center. The following security measures have been implemented to ensure that unauthorized access is detected and logged.

• Network segmentation and enhanced access logging of the database and file servers

• Implemented encryption of data at rest

• Implemented full packet capture of the network traffic in and out of the sensitive network segment

• Ensured all transaction log data and packet captures are backed up to corporate backup appliance within the corporate backup network segment

Which of the following is the MOST likely way to exfiltrate PII while avoiding detection?

  • A. Unauthorized access to the file server via Secure Shell (SSH)
  • B. Unauthorized access to the database server via a compromised web application
  • C. Unauthorized access to the database server via a compromised user account
  • D. Unauthorized access to the backup server via a compromised service account

Correct Answer: D

Community vote distribution

B (53%)

D (35%)

6%

Question #443

During the change management process, which of the following is used to identify and record new risks?

  • A. Risk assessment
  • B. Lessons learned register
  • C. Risk register
  • D. Risk report

Correct Answer: C

Community vote distribution

C (67%)

A (33%)

Question #444

The defense strategy “never trust any input” is MOST effective against which of the following web-based system vulnerabilities?

  • A. Injection vulnerabilities
  • B. Sensitive data exposure
  • C. Man-in-the-browser attack
  • D. Broken authentication

Correct Answer: A

Community vote distribution

A (100%)

Question #445

What is the MOST effective way to mitigate distributed denial of service (DDoS) attacks?

  • A. Deploy a web application firewall (WAF).
  • B. Block access to Transmission Control Protocol (TCP) ports under attack.
  • C. Detect and block bad Internet Protocol (IP) subnets on the corporate firewall.
  • D. Engage an upstream Internet service provider (ISP).

Correct Answer: D

Community vote distribution

D (75%)

13%

13%

Question #446

Which function does 802.1X provide?

  • A. Network intrusion detection system (NIDS)
  • B. Wireless access point (WAP)
  • C. Wi-Fi Protected Access (WPA)
  • D. Network Access Control (NAC)

Correct Answer: D

Community vote distribution

D (100%)

Question #447

Which of the following is the PRIMARY benefit of implementing an Information Security Management System (ISMS)?

  • A. Correlates system events to monitor and demonstrate system health
  • B. Improves customer confidence by demonstrating adherence to best practices
  • C. Increases employee education and awareness of security policies
  • D. Ensures user compliance with computing standards

Correct Answer: B

Community vote distribution

B (100%)

Question #448

Concerning appropriate data retention policies, which of the following is the MAIN risk factor for the availability of archived information?

  • A. Data stored in third-party environments.
  • B. Data maintained offline requires a higher time to access.
  • C. Data recorded in obsolete media cannot be read.
  • D. Retention of data involves a cost.

Correct Answer: C

Community vote distribution

C (50%)

A (50%)

Question #449

Wi-Fi Protected Access 2 (WPA2) is a security protocol designed with which of the following security feature?

  • A. Encryption control
  • B. Malware attack protection
  • C. Data availability
  • D. Replay attack protection

Correct Answer: D

Community vote distribution

A (78%)

D (22%)

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

you are using free dumps!!!

Please help to click ads to support the website

Buy Premium Dumps For Ads-free
Buy Vouchers

DỊCH VỤ iT

Thiết kế Website

Biên tập Video theo yêu cầu

THÔNG TIN CHI TIẾT