Cissp 3

100% Valid and Newest Version CISSP Questions & Answers shared by Certleader
https://www.certleader.com/CISSP-dumps.html (653 Q&As)
CISSP Dumps
Certified Information Systems Security Professional (CISSP)
https://www.certleader.com/CISSP-dumps.html
The Leader of IT Certification visit - https://www.certleader.com

NEW QUESTION 1
- (Exam Topic 1)
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning
(BCP). Which of the following failures should the IT manager be concerned with?
A. Application
B. Storage
C. Power
D. Network
Answer: C
NEW QUESTION 2
- (Exam Topic 1)
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect personnel
B. Review the architectural plans to determine how many emergency exits are present
C. Conduct a gap analysis of a new facilities against existing security requirements
D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Answer: C
NEW QUESTION 3
- (Exam Topic 2)
Which of the following is an initial consideration when developing an information security management system?
A. Identify the contractual security obligations that apply to the organizations

B. Understand the value of the information assets
C. Identify the level of residual risk that is tolerable to management
D. Identify relevant legislative and regulatory compliance requirements
Answer: B
NEW QUESTION 4
- (Exam Topic 2)
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
A. Personal Identity Verification (PIV)

B. Cardholder Unique Identifier (CHUID) authentication
C. Physical Access Control System (PACS) repeated attempt detection
D. Asymmetric Card Authentication Key (CAK) challenge-response
Answer: C
NEW QUESTION 5
- (Exam Topic 2)
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth.
The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and
has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?
A. Platform as a Service (PaaS)

B. Identity as a Service (IDaaS)
C. Desktop as a Service (DaaS)
D. Software as a Service (SaaS)
Answer: B
NEW QUESTION 6
- (Exam Topic 3)
Who in the organization is accountable for classification of data information assets?
A. Data owner
B. Data architect
C. Chief Information Security Officer (CISO)
D. Chief Information Officer (CIO)
Answer: A
NEW QUESTION 7
- (Exam Topic 3)
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
A. Implementation Phase

B. Initialization Phase
C. Cancellation Phase
D. Issued Phase
Answer: D
NEW QUESTION 8
- (Exam Topic 4)
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
A. Packet filtering
B. Port services filtering
C. Content filtering
D. Application access control
Answer: A
NEW QUESTION 9
- (Exam Topic 4)
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
A. Layer 2 Tunneling Protocol (L2TP)

B. Link Control Protocol (LCP)
C. Challenge Handshake Authentication Protocol (CHAP)
D. Packet Transfer Protocol (PTP)
Answer: B
NEW QUESTION 10
- (Exam Topic 4)
Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?
A. Intrusion Prevention Systems (IPS)

B. Intrusion Detection Systems (IDS)
C. Stateful firewalls
D. Network Behavior Analysis (NBA) tools
Answer: D
NEW QUESTION 10
- (Exam Topic 4)
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
A. Link layer
B. Physical layer
C. Session layer
D. Application layer
Answer: D
NEW QUESTION 15
- (Exam Topic 5)
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is
the BEST solution for the manufacturing organization?
A. Trusted third-party certification

B. Lightweight Directory Access Protocol (LDAP)
C. Security Assertion Markup language (SAML)
D. Cross-certification
Answer: C
NEW QUESTION 16
- (Exam Topic 5)
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
A. Audit logs
B. Role-Based Access Control (RBAC)
C. Two-factor authentication
D. Application of least privilege
Answer: B
NEW QUESTION 20
- (Exam Topic 6)

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
A. Change management processes

B. User administration procedures
C. Operating System (OS) baselines
D. System backup documentation
Answer: A
NEW QUESTION 21
- (Exam Topic 7)
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
A. Disable all unnecessary services

B. Ensure chain of custody
C. Prepare another backup of the system
D. Isolate the system from the network
Answer: D
NEW QUESTION 23
- (Exam Topic 7)
A continuous information security monitoring program can BEST reduce risk through which of the following?
A. Collecting security events and correlating them to identify anomalies

B. Facilitating system-wide visibility into the activities of critical user accounts
C. Encompassing people, process, and technology
D. Logging both scheduled and unscheduled system changes
Answer: B
NEW QUESTION 28
- (Exam Topic 7)
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
A. Walkthrough
B. Simulation
C. Parallel
D. White box
Answer: B
NEW QUESTION 31
- (Exam Topic 7)
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?
A. Take the computer to a forensic lab

B. Make a copy of the hard drive
C. Start documenting
D. Turn off the computer
Answer: C
NEW QUESTION 32
- (Exam Topic 8)
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
A. Check arguments in function calls

B. Test for the security patch level of the environment
C. Include logging functions
D. Digitally sign each application module
Answer: B
NEW QUESTION 33
- (Exam Topic 8)
What is the BEST approach to addressing security issues in legacy web applications?
A. Debug the security issues

B. Migrate to newer, supported applications where possible
C. Conduct a security assessment
D. Protect the legacy application with a web application firewall
Answer: D
NEW QUESTION 34

- (Exam Topic 8)
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected.
What is the MOST probable security feature of Java preventing the program from operating as intended?
A. Least privilege
B. Privilege escalation
C. Defense in depth
D. Privilege bracketing
Answer: A
NEW QUESTION 36
- (Exam Topic 8)
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle
(SDLC)?
A. System acquisition and development

B. System operations and maintenance
C. System initiation
D. System implementation
Answer: A
Explanation:
Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/
NEW QUESTION 41
- (Exam Topic 9)
What is the FIRST step in developing a security test and its evaluation?
A. Determine testing methods

B. Develop testing procedures
C. Identify all applicable security requirements
D. Identify people, processes, and products not in compliance
Answer: C
NEW QUESTION 46
- (Exam Topic 9)
Internet Protocol (IP) source address spoofing is used to defeat
A. address-based authentication.
B. Address Resolution Protocol (ARP).
C. Reverse Address Resolution Protocol (RARP).
D. Transmission Control Protocol (TCP) hijacking.
Answer: A
NEW QUESTION 47
- (Exam Topic 9)
Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization
has unauthorized access to a server holding sensitive data?
A. Immediately document the finding and report to senior management.

B. Use system privileges to alter the permissions to secure the server
C. Continue the testing to its completion and then inform IT management
D. Terminate the penetration test and pass the finding to the server management team
Answer: A
NEW QUESTION 52
- (Exam Topic 9)
Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
A. It has normalized severity ratings.

B. It has many worksheets and practices to implement.
C. It aims to calculate the risk of published vulnerabilities.
D. It requires a robust risk management framework to be put in place.
Answer: C
NEW QUESTION 54
- (Exam Topic 9)
Which one of the following is a threat related to the use of web-based client side input validation?
A. Users would be able to alter the input after validation has occurred
B. The web server would not be able to validate the input after transmission

C. The client system could receive invalid input from the web server
D. The web server would not be able to receive invalid input from the client
Answer: A
NEW QUESTION 59
- (Exam Topic 9)
An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet
to move data into and out of the network. What type of attack has the organization experienced?
A. Data leakage
B. Unfiltered channel
C. Data emanation
D. Covert channel
Answer: D
NEW QUESTION 63
- (Exam Topic 9)
Contingency plan exercises are intended to do which of the following?
A. Train personnel in roles and responsibilities

B. Validate service level agreements
C. Train maintenance personnel
D. Validate operation metrics
Answer: A
NEW QUESTION 66
- (Exam Topic 9)
In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?
A. Communication
B. Planning
C. Recovery
D. Escalation
Answer: A
NEW QUESTION 70
- (Exam Topic 9)
Which one of the following transmission media is MOST effective in preventing data interception?
A. Microwave
B. Twisted-pair
C. Fiber optic
D. Coaxial cable
Answer: C
NEW QUESTION 74
- (Exam Topic 9)
What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
A. Man-in-the-Middle (MITM) attack

B. Smurfing
C. Session redirect
D. Spoofing
Answer: D
NEW QUESTION 76
- (Exam Topic 9)
Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam
approaches?
A. Simple Mail Transfer Protocol (SMTP) blacklist

B. Reverse Domain Name System (DNS) lookup
C. Hashing algorithm
D. Header analysis
Answer: D
NEW QUESTION 77
- (Exam Topic 9)

The overall goal of a penetration test is to determine a system's
A. ability to withstand an attack.

B. capacity management.
C. error recovery capabilities.
D. reliability under stress.
Answer: A
NEW QUESTION 81
- (Exam Topic 9)
Which of the following is considered best practice for preventing e-mail spoofing?
A. Spam filtering
B. Cryptographic signature
C. Uniform Resource Locator (URL) filtering
D. Reverse Domain Name Service (DNS) lookup
Answer: B
NEW QUESTION 83
- (Exam Topic 9)
Multi-threaded applications are more at risk than single-threaded applications to
A. race conditions.
B. virus infection.
C. packet sniffing.
D. database injection.
Answer: A
NEW QUESTION 87
- (Exam Topic 9)
The BEST method of demonstrating a company's security level to potential customers is
A. a report from an external auditor.

B. responding to a customer's security questionnaire.
C. a formal report from an internal auditor.
D. a site visit by a customer's security team.
Answer: A
NEW QUESTION 92
- (Exam Topic 9)
Which of the following does the Encapsulating Security Payload (ESP) provide?
A. Authorization and integrity

B. Availability and integrity
C. Integrity and confidentiality
D. Authorization and confidentiality
Answer: C
NEW QUESTION 93
- (Exam Topic 9)
Which of the following is an essential element of a privileged identity lifecycle management?
A. Regularly perform account re-validation and approval

B. Account provisioning based on multi-factor authentication
C. Frequently review performed activities and request justification
D. Account information to be provided by supervisor or line manager
Answer: A
NEW QUESTION 95
- (Exam Topic 9)
Which of the following statements is TRUE for point-to-point microwave transmissions?
A. They are not subject to interception due to encryption.

B. Interception only depends on signal strength.
C. They are too highly multiplexed for meaningful interception.
D. They are subject to interception by an antenna within proximity.
Answer: D
NEW QUESTION 100

- (Exam Topic 9)
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
A. To assist data owners in making future sensitivity and criticality determinations

B. To assure the software development team that all security issues have been addressed
C. To verify that security protection remains acceptable to the organizational security policy
D. To help the security team accept or reject new systems for implementation and production
Answer: C
NEW QUESTION 101

- (Exam Topic 9)
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
A. log auditing.
B. code reviews.
C. impact assessments.
D. static analysis.
Answer: B
NEW QUESTION 106

- (Exam Topic 9)
Which of the following can BEST prevent security flaws occurring in outsourced software development?
A. Contractual requirements for code quality

B. Licensing, code ownership and intellectual property rights
C. Certification of the quality and accuracy of the work done
D. Delivery dates, change management control and budgetary control
Answer: C
NEW QUESTION 107

- (Exam Topic 9)
The Hardware Abstraction Layer (HAL) is implemented in the
A. system software.
B. system hardware.
C. application software.
D. network hardware.
Answer: A
NEW QUESTION 110

- (Exam Topic 9)
When transmitting information over public networks, the decision to encrypt it should be based on
A. the estimated monetary value of the information.

B. whether there are transient nodes relaying the transmission.
C. the level of confidentiality of the information.
D. the volume of the information.
Answer: C
NEW QUESTION 115

- (Exam Topic 9)
In a basic SYN flood attack, what is the attacker attempting to achieve?
A. Exceed the threshold limit of the connection queue for a given service
B. Set the threshold to zero for a given service
C. Cause the buffer to overflow, allowing root access
D. Flush the register stack, allowing hijacking of the root account
Answer: A
NEW QUESTION 116

- (Exam Topic 9)
What is the ultimate objective of information classification?
A. To assign responsibility for mitigating the risk to vulnerable systems

B. To ensure that information assets receive an appropriate level of protection
C. To recognize that the value of any item of information may change over time
D. To recognize the optimal number of classification categories and the benefits to be gained from their use
Answer: B

NEW QUESTION 121

- (Exam Topic 9)
In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.

B. business managers.
C. end users.
D. system security managers.
Answer: B
NEW QUESTION 124

- (Exam Topic 9)
When implementing controls in a heterogeneous end-point network for an organization, it is critical that
A. hosts are able to establish network communications.

B. users can make modifications to their security software configurations.
C. common software security components be implemented across all hosts.
D. firewalls running on each host are fully customizable by the user.
Answer: C
NEW QUESTION 125

- (Exam Topic 9)
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
A. Secure Sockets Layer (SSL) key exchange

B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Control Message Protocol (ICMP)
Answer: B
NEW QUESTION 126

- (Exam Topic 9)
A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?
A. Encryption routines
B. Random number generator
C. Obfuscated code
D. Botnet command and control
Answer: C
NEW QUESTION 129

- (Exam Topic 9)
Which of the following actions should be performed when implementing a change to a database schema in a production system?
A. Test in development, determine dates, notify users, and implement in production

B. Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy
C. Perform user acceptance testing in production, have users sign off, and finalize change
D. Change in development, perform user acceptance testing, develop a back-out strategy, and implement change
Answer: D
NEW QUESTION 131

- (Exam Topic 9)
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
A. Evaluating the efficiency of the plan

B. Identifying the benchmark required for restoration
C. Validating the effectiveness of the plan
D. Determining the Recovery Time Objective (RTO)
Answer: C
NEW QUESTION 133

- (Exam Topic 9)
Which of the following is a potential risk when a program runs in privileged mode?
A. It may serve to create unnecessary code complexity

B. It may not enforce job separation duties
C. It may create unnecessary application hardening
D. It may allow malicious code to be inserted
Answer: D

NEW QUESTION 136

- (Exam Topic 9)
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
A. Topology diagrams
B. Mapping tools
C. Asset register
D. Ping testing
Answer: B
NEW QUESTION 140

- (Exam Topic 9)
When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and
A. flexible.
B. confidential.
C. focused.
D. achievable.
Answer: D
NEW QUESTION 143

- (Exam Topic 9)
Which of the following MUST be done when promoting a security awareness program to senior management?
A. Show the need for security; identify the message and the audience
B. Ensure that the security presentation is designed to be all-inclusive
C. Notify them that their compliance is mandatory
D. Explain how hackers have enhanced information security
Answer: A
NEW QUESTION 145

- (Exam Topic 9)
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing
levels of controls. The BEST way to ensure document confidentiality in the repository is to
A. encrypt the contents of the repository and document any exceptions to that requirement.
B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
C. keep individuals with access to high security areas from saving those documents into lower security areas.
D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
Answer: C
NEW QUESTION 149

- (Exam Topic 9)
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
A. Multicast and broadcast messages

B. Coordination of IEEE 802.11 protocols
C. Wired Equivalent Privacy (WEP) systems
D. Synchronization of multiple devices
Answer: C
NEW QUESTION 152

- (Exam Topic 9)
The goal of software assurance in application development is to
A. enable the development of High Availability (HA) systems.

B. facilitate the creation of Trusted Computing Base (TCB) systems.
C. prevent the creation of vulnerable applications.
D. encourage the development of open source applications.
Answer: C
NEW QUESTION 156

- (Exam Topic 9)
Which of the following BEST represents the principle of open design?
A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
B. Algorithms must be protected to ensure the security and interoperability of the designed system.
C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
D. The security of a mechanism should not depend on the secrecy of its design or implementation.

Answer: D
NEW QUESTION 157

- (Exam Topic 9)
Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
A. Trusted Platform Module (TPM)

B. Preboot eXecution Environment (PXE)
C. Key Distribution Center (KDC)
D. Simple Key-Management for Internet Protocol (SKIP)
Answer: A
NEW QUESTION 162

- (Exam Topic 9)
Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?
A. Hot site
B. Cold site
C. Warm site
D. Mobile site
Answer: B
NEW QUESTION 163

- (Exam Topic 9)
Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
A. Write a Service Level Agreement (SLA) for the two companies.

B. Set up a Virtual Private Network (VPN) between the two companies.
C. Configure a firewall at the perimeter of each of the two companies.
D. Establish a File Transfer Protocol (FTP) connection between the two companies.
Answer: B
NEW QUESTION 167

- (Exam Topic 9)
In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
A. A full-scale simulation of an emergency and the subsequent response functions

B. A specific test by response teams of individual emergency response functions
C. A functional evacuation of personnel
D. An activation of the backup site
Answer: B
NEW QUESTION 169

- (Exam Topic 10)
What is the MAIN feature that onion routing networks offer?
A. Non-repudiation
B. Traceability
C. Anonymity
D. Resilience
Answer: C
NEW QUESTION 170

- (Exam Topic 10)
Which of the following violates identity and access management best practices?
A. User accounts
B. System accounts
C. Generic accounts
D. Privileged accounts
Answer: C
NEW QUESTION 174

- (Exam Topic 10)
Which of the following describes the concept of a Single Sign-On (SSO) system?
A. Users are authenticated to one system at a time.

B. Users are identified to multiple systems with several credentials.
C. Users are authenticated to multiple systems with one login.

D. Only one user is using the system at a time.
Answer: C
NEW QUESTION 175

- (Exam Topic 10)
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A
lists the clearance levels for four users, while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?
A. User D can write to File 1

B. User B can write to File 1
C. User A can write to File 1
D. User C can write to File 1
Answer: C
NEW QUESTION 176

- (Exam Topic 10)
Which of the following MOST influences the design of the organization's electronic monitoring policies?
A. Workplace privacy laws

B. Level of organizational trust
C. Results of background checks
D. Business ethical considerations
Answer: A
NEW QUESTION 178

- (Exam Topic 10)
According to best practice, which of the following groups is the MOST effective in performing an information
security compliance audit?
A. In-house security administrators

B. In-house Network Team
C. Disaster Recovery (DR) Team
D. External consultants
Answer: D
NEW QUESTION 179

- (Exam Topic 10)
Which item below is a federated identity standard?
A. 802.11i
B. Kerberos
C. Lightweight Directory Access Protocol (LDAP)
D. Security Assertion Markup Language (SAML)
Answer: D
NEW QUESTION 181

- (Exam Topic 10)
What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
A. Brute force attack

B. Frequency analysis
C. Social engineering
D. Dictionary attack
Answer: C
NEW QUESTION 186

- (Exam Topic 10)
Which of the following is required to determine classification and ownership?

A. System and data resources are properly identified

B. Access violations are logged and audited
C. Data file references are identified and linked
D. System security controls are fully integrated
Answer: A
NEW QUESTION 188

- (Exam Topic 10)
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This
provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have
A. processes that are identical to that of the organization doing the outsourcing.
B. access to the original personnel that were on staff at the organization.
C. the ability to maintain all of the applications in languages they are familiar with.
D. access to the skill sets consistent with the programming languages used by the organization.
Answer: D
NEW QUESTION 189

- (Exam Topic 10)
Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
A. Use of a unified messaging.

B. Use of separation for the voice network.
C. Use of Network Access Control (NAC) on switches.
D. Use of Request for Comments (RFC) 1918 addressing.
Answer: B
NEW QUESTION 190

- (Exam Topic 10)
Which of the following is a critical factor for implementing a successful data classification program?
A. Executive sponsorship
B. Information security sponsorship
C. End-user acceptance
D. Internal audit acceptance
Answer: A
NEW QUESTION 192

- (Exam Topic 10)
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?
A. Block all client side web exploits at the perimeter.

B. Remove all non-essential client-side web services from the network.
C. Screen for harmful exploits of client-side services before implementation.
D. Harden the client image before deployment.
Answer: D
NEW QUESTION 193

- (Exam Topic 10)
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other
necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
A. Formal acceptance of the security strategy

B. Disciplinary actions taken against unethical behavior
C. Development of an awareness program for new employees
D. Audit of all organization system configurations for faults
Answer: A
NEW QUESTION 195

- (Exam Topic 10)
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The
organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access.
The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?

A. Least privilege
B. Lattice Based Access Control (LBAC)
C. Role Based Access Control (RBAC)
D. Lightweight Directory Access Control (LDAP)
Answer: C
NEW QUESTION 198

- (Exam Topic 10)
Place the following information classification steps in sequential order.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 201

- (Exam Topic 10)
A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance
and ease of deployment?
A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
B. Use Secure Sockets Layer (SSL) VPN technology.
C. Use Secure Shell (SSH) with public/private keys.
D. Require students to purchase home router capable of VPN.
Answer: B
NEW QUESTION 206

- (Exam Topic 10)
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational
policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
B. Degausser products may not be properly maintained and operated.
C. The inability to turn the drive around in the chamber for the second pass due to human error.
D. Inadequate record keeping when sanitizing mediA.
Answer: B
NEW QUESTION 210

- (Exam Topic 10)
For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?
A. Hash functions
B. Data segregation
C. File system permissions
D. Non-repudiation controls
Answer: B
NEW QUESTION 211

- (Exam Topic 10)
An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this
implementation?
A. Clients can authenticate themselves to the servers.

B. Mutual authentication is available between the clients and servers.
C. Servers are able to issue digital certificates to the client.
D. Servers can authenticate themselves to the client.
Answer: D
NEW QUESTION 214

- (Exam Topic 10)
An organization's data policy MUST include a data retention period which is based on
A. application dismissal.
B. business procedures.
C. digital certificates expiration.
D. regulatory compliance.
Answer: D
NEW QUESTION 215

- (Exam Topic 10)
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This
provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
A. The organizational structure of the third party and how it may impact timelines within the organization
B. The ability of the third party to respond to the organization in a timely manner and with accurate information
C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data
D. The quantity of data that must be provided to the third party and how it is to be used
Answer: C
NEW QUESTION 218

- (Exam Topic 10)
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
A. Retain intellectual property rights through contractual wording.

B. Perform overlapping code reviews by both parties.
C. Verify that the contractors attend development planning meetings.
D. Create a separate contractor development environment.
Answer: B
NEW QUESTION 220

- (Exam Topic 10)
Which of the following is the BEST countermeasure to brute force login attacks?
A. Changing all canonical passwords

B. Decreasing the number of concurrent user sessions
C. Restricting initial password delivery only in person
D. Introducing a delay after failed system access attempts

Answer: D
NEW QUESTION 225

- (Exam Topic 11)
Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
A. Hierarchical inheritance
B. Dynamic separation of duties
C. The Clark-Wilson security model
D. The Bell-LaPadula security model
Answer: B
NEW QUESTION 228

- (Exam Topic 11)
What is the MOST effective method of testing custom application code?
A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing
Answer: B
NEW QUESTION 231

- (Exam Topic 11)
Data remanence refers to which of the following?
A. The remaining photons left in a fiber optic cable after a secure transmission.
B. The retention period required by law or regulation.
C. The magnetic flux created when removing the network connection from a server or personal computer.
D. The residual information left on magnetic storage media after a deletion or erasure.
Answer: D
NEW QUESTION 233

- (Exam Topic 11)
Which of the following has the GREATEST impact on an organization's security posture?
A. International and country-specific compliance requirements

B. Security violations by employees and contractors
C. Resource constraints due to increasing costs of supporting security
D. Audit findings related to employee access and permissions process
Answer: A
NEW QUESTION 236

- (Exam Topic 11)
A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy
principle?
A. Onward transfer
B. Collection Limitation
C. Collector Accountability
D. Individual Participation
Answer: B
NEW QUESTION 241

- (Exam Topic 11)
Disaster Recovery Plan (DRP) training material should be
A. consistent so that all audiences receive the same training.

B. stored in a fire proof safe to ensure availability when needed.
C. only delivered in paper format.
D. presented in a professional looking manner.
Answer: A
NEW QUESTION 245

- (Exam Topic 11)
What is an important characteristic of Role Based Access Control (RBAC)?
A. Supports Mandatory Access Control (MAC)

B. Simplifies the management of access rights

C. Relies on rotation of duties

D. Requires two factor authentication
Answer: B
NEW QUESTION 247

- (Exam Topic 11)
Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
A. Read-through
B. Parallel
C. Full interruption
D. Simulation
Answer: B
NEW QUESTION 248

- (Exam Topic 11)
Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
A. Confidentiality and Integrity

B. Availability and Accountability
C. Integrity and Availability
D. Accountability and Assurance
Answer: D
NEW QUESTION 251

- (Exam Topic 11)
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
A. A strong breach notification process

B. Limited collection of individuals' confidential data
C. End-to-end data encryption for data in transit
D. Continuous monitoring of potential vulnerabilities
Answer: B
NEW QUESTION 255

- (Exam Topic 11)
Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
A. Concept, Development, Production, Utilization, Support, Retirement

B. Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation
C. Acquisition, Measurement, Configuration Management, Production, Operation, Support
D. Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal
Answer: B
NEW QUESTION 256

- (Exam Topic 11)
The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be
given the
A. right to refuse or permit commercial rentals.

B. right to disguise the software's geographic origin.
C. ability to tailor security parameters based on location.
D. ability to confirm license authenticity of their works.
Answer: A
NEW QUESTION 260

- (Exam Topic 11)
Which of the following BEST describes a rogue Access Point (AP)?
A. An AP that is not protected by a firewall

B. An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)
C. An AP connected to the wired infrastructure but not under the management of authorized network administrators
D. An AP infected by any kind of Trojan or Malware
Answer: C
NEW QUESTION 261

- (Exam Topic 11)
Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

A. The cards have limited memory

B. Vendor application compatibility
C. The cards can be misplaced
D. Mobile code can be embedded in the card
Answer: C
NEW QUESTION 266

- (Exam Topic 11)
To protect auditable information, which of the following MUST be configured to only allow read access?
A. Logging configurations
B. Transaction log files
C. User account configurations
D. Access control lists (ACL)
Answer: B
NEW QUESTION 270

- (Exam Topic 11)
Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?
A. Insecure implementation of Application Programming Interfaces (API)

B. Improper use and storage of management keys
C. Misconfiguration of infrastructure allowing for unauthorized access
D. Vulnerabilities within protocols that can expose confidential data
Answer: D
NEW QUESTION 274

- (Exam Topic 11)
Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct
specification in the image below.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
WS-Federation
Reference: Java Web Services: Up and Running” By Martin Kalin page 228
NEW QUESTION 275

- (Exam Topic 11)
Drag the following Security Engineering terms on the left to the BEST definition on the right.

A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 280

- (Exam Topic 11)
The PRIMARY security concern for handheld devices is the
A. strength of the encryption algorithm.

B. spread of malware during synchronization.
C. ability to bypass the authentication mechanism.
D. strength of the Personal Identification Number (PIN).
Answer: C
NEW QUESTION 282

- (Exam Topic 11)
Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued,
renewed and validated? Click on the correct specification in the image below.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
WS-Trust
The protocol used for issuing security tokens is based on WS-Trust. WS-Trust is a Web service specification that builds on WS-Security. It describes a protocol
used for issuance, exchange, and validation of security tokens. WS-Trust provides a solution for interoperability by defining a protocol for issuing and exchanging
security tokens, based on token format, namespace, or trust boundaries.
Reference: https://msdn.microsoft.com/en-us/library/ff650503.aspx
NEW QUESTION 283

- (Exam Topic 11)
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
A. Discretionary Access Control (DAC) procedures

B. Mandatory Access Control (MAC) procedures
C. Data link encryption
D. Segregation of duties
Answer: B
NEW QUESTION 288

- (Exam Topic 11)
What does an organization FIRST review to assure compliance with privacy requirements?
A. Best practices
B. Business objectives
C. Legal and regulatory mandates
D. Employee's compliance to policies and standards
Answer: C
NEW QUESTION 289

- (Exam Topic 11)
An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication
(OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?
A. An access token
B. A username and password
C. A username
D. A password
Answer: A

NEW QUESTION 293

- (Exam Topic 11)
The goal of a Business Continuity Plan (BCP) training and awareness program is to
A. enhance the skills required to create, maintain, and execute the plan.
B. provide for a high level of recovery in case of disaster.
C. describe the recovery organization to new employees.
D. provide each recovery team with checklists and procedures.
Answer: A
NEW QUESTION 297

- (Exam Topic 11)
Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic mediA.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 298

- (Exam Topic 11)
The PRIMARY outcome of a certification process is that it provides documented
A. system weaknesses for remediation.

B. standards for security assessment, testing, and process evaluation.
C. interconnected systems and their implemented security controls.
D. security analyses needed to make a risk-based decision.
Answer: D
NEW QUESTION 302

- (Exam Topic 11)
Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
A. Multiprotocol Label Switching (MPLS)

B. Internet Protocol Security (IPSec)
C. Federated identity management
D. Multi-factor authentication
Answer: B
NEW QUESTION 303

- (Exam Topic 11)
For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
A. Challenge response and private key

B. Digital certificates and Single Sign-On (SSO)
C. Tokens and passphrase
D. Smart card and biometrics
Answer: D

NEW QUESTION 307

- (Exam Topic 11)
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before the data security categorization begins
Answer: B
NEW QUESTION 309

- (Exam Topic 11)
What is the GREATEST challenge of an agent-based patch management solution?
A. Time to gather vulnerability information about the computers in the program

B. Requires that software be installed, running, and managed on all participating computers
C. The significant amount of network bandwidth while scanning computers
D. The consistency of distributing patches to each participating computer
Answer: B
NEW QUESTION 314

- (Exam Topic 11)
Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Answer: B
NEW QUESTION 319

- (Exam Topic 11)
Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
A. Level of assurance of the Target of Evaluation (TOE) in intended operational environment

B. Selection to meet the security objectives stated in test documents
C. Security behavior expected of a TOE
D. Definition of the roles and responsibilities
Answer: C
NEW QUESTION 320

- (Exam Topic 11)
Are companies legally required to report all data breaches?
A. No, different jurisdictions have different rules.

B. No, not if the data is encrypted.
C. No, companies' codes of ethics don't require it.
D. No, only if the breach had a material impact.
Answer: A
NEW QUESTION 325

- (Exam Topic 11)
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST
probable cause?
A. Improper deployment of the Service-Oriented Architecture (SOA)

B. Absence of a Business Intelligence (BI) solution
C. Inadequate cost modeling
D. Insufficient Service Level Agreement (SLA)
Answer: D
NEW QUESTION 328

- (Exam Topic 11)
In order for a security policy to be effective within an organization, it MUST include
A. strong statements that clearly define the problem.

B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.

Answer: D
NEW QUESTION 329

- (Exam Topic 11)
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
A. Access based on rules

B. Access based on user's role
C. Access determined by the system
D. Access based on data sensitivity
Answer: B
NEW QUESTION 332

- (Exam Topic 12)
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?
A. Transport
B. Data link
C. Network
D. Application
Answer: D
NEW QUESTION 337

- (Exam Topic 12)
As a best practice, the Security Assessment Report (SAR) should include which of the following sections?
A. Data classification policy

B. Software and hardware inventory
C. Remediation recommendations
D. Names of participants
Answer: B
NEW QUESTION 340

- (Exam Topic 12)
Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Mandatory Access Control – End user cannot set controls
Discretionary Access Control (DAC) – Subject has total control over objects
Role Based Access Control (RBAC) – Dynamically assigns roles permissions to particular duties based on job function
Rule Based access control – Dynamically assigns roles to subjects based on criteria assigned by a custodian.
NEW QUESTION 342

- (Exam Topic 12)
Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
A. User awareness
B. Two-factor authentication
C. Anti-phishing software
D. Periodic vulnerability scan

Answer: A
NEW QUESTION 344

- (Exam Topic 12)
How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?
A. Use an impact-based approach.

B. Use a risk-based approach.
C. Use a criticality-based approach.
D. Use a threat-based approach.
Answer: B
NEW QUESTION 345

- (Exam Topic 12)
Which of the following is the MOST important goal of information asset valuation?
A. Developing a consistent and uniform method of controlling access on information assets

B. Developing appropriate access control policies and guidelines
C. Assigning a financial value to an organization’s information assets
D. Determining the appropriate level of protection
Answer: D
NEW QUESTION 346

- (Exam Topic 12)
Which of the following is the MAIN reason for using configuration management?
A. To provide centralized administration

B. To reduce the number of changes
C. To reduce errors during upgrades
D. To provide consistency in security controls
Answer: D
NEW QUESTION 348

- (Exam Topic 12)
Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?
A. Logging and audit trail controls to enable forensic analysis

B. Security incident response lessons learned procedures
C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
D. Transactional controls focused on fraud prevention
Answer: C
NEW QUESTION 349

- (Exam Topic 12)
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session
timeout requirement is
A. organization policy.
B. industry best practices.
C. industry laws and regulations.
D. management feedback.
Answer: A
NEW QUESTION 353

- (Exam Topic 12)
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?
A. Radio Frequency (RF) attack

B. Denial of Service (DoS) attack
C. Data modification attack
D. Application-layer attack
Answer: B
NEW QUESTION 358

- (Exam Topic 12)
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the
test?
A. Reversal

B. Gray box
C. Blind
D. White box
Answer: B
NEW QUESTION 362

- (Exam Topic 12)
Which of the following is an advantage of on-premise Credential Management Systems?
A. Lower infrastructure capital costs

B. Control over system configuration
C. Reduced administrative overhead
D. Improved credential interoperability
Answer: B
NEW QUESTION 363

- (Exam Topic 12)
What does the Maximum Tolerable Downtime (MTD) determine?
A. The estimated period of time a business critical database can remain down before customers are affected.
B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning
C. The estimated period of time a business can remain interrupted beyond which it risks never recovering
D. The fixed length of time in a DR process before redundant systems are engaged
Answer: C
NEW QUESTION 366

- (Exam Topic 12)
Match the access control type to the example of the control type. Drag each access control type net to its corresponding example.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Administrative – labeling of sensitive data Technical – Constrained user interface Logical – Biometrics for authentication
Physical – Radio Frequency Identification 9RFID) badge
NEW QUESTION 370

- (Exam Topic 12)
Which of the following BEST describes a chosen plaintext attack?
A. The cryptanalyst can generate ciphertext from arbitrary text.

B. The cryptanalyst examines the communication being sent back and forth.
C. The cryptanalyst can choose the key and algorithm to mount the attack.
D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
Answer: A
NEW QUESTION 375

- (Exam Topic 12)
Which of the following BEST describes Recovery Time Objective (RTO)?

A. Time of application resumption after disaster

B. Time of application verification after disaster.
C. Time of data validation after disaster.
D. Time of data restoration from backup after disaster.
Answer: A
NEW QUESTION 380

- (Exam Topic 12)
At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?
A. Transport Layer
B. Data-Link Layer
C. Network Layer
D. Application Layer
Answer: C
NEW QUESTION 384

- (Exam Topic 12)
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?
A. Examines log messages or other indications on the system.

B. Monitors alarms sent to the system administrator
C. Matches traffic patterns to virus signature files
D. Examines the Access Control List (ACL)
Answer: C
NEW QUESTION 388

- (Exam Topic 12)
What is an advantage of Elliptic Curve Cryptography (ECC)?
A. Cryptographic approach that does not require a fixed-length key

B. Military-strength security that does not depend upon secrecy of the algorithm
C. Opportunity to use shorter keys for the same level of security
D. Ability to use much longer keys for greater security
Answer: C
NEW QUESTION 392

- (Exam Topic 12)
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)

B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys
Answer: A
NEW QUESTION 395

- (Exam Topic 12)
Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?
A. The dynamic reconfiguration of systems

B. The cost of downtime
C. A recovery strategy for all business processes
D. A containment strategy
Answer: C
NEW QUESTION 400

- (Exam Topic 12)
A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being
prioritized?
A. Confidentiality
B. Integrity
C. Availability
D. Accessibility
Answer: C
NEW QUESTION 402

- (Exam Topic 12)

In order to assure authenticity, which of the following are required?
A. Confidentiality and authentication

B. Confidentiality and integrity
C. Authentication and non-repudiation
D. Integrity and non-repudiation
Answer: D
NEW QUESTION 407

- (Exam Topic 12)
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
A. It must be known to both sender and receiver.

B. It can be transmitted in the clear as a random number.
C. It must be retained until the last block is transmitted.
D. It can be used to encrypt and decrypt information.
Answer: B
NEW QUESTION 409

- (Exam Topic 12)
Which of the following are effective countermeasures against passive network-layer attacks?
A. Federated security and authenticated access controls

B. Trusted software development and run time integrity controls
C. Encryption and security enabled applications
D. Enclave boundary protection and computing environment defense
Answer: C
NEW QUESTION 414

- (Exam Topic 12)
A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in
place. Which is the MOST suitable approach that the administrator should take?
A. Administrator should request data owner approval to the user access

B. Administrator should request manager approval for the user access
C. Administrator should directly grant the access to the non-sensitive files
D. Administrator should assess the user access need and either grant or deny the access
Answer: A
NEW QUESTION 415

- (Exam Topic 12)
For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?
A. Alert data
B. User data
C. Content data
D. Statistical data
Answer: D
NEW QUESTION 420

- (Exam Topic 12)
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a
A. clear-text attack.
B. known cipher attack.
C. frequency analysis.
D. stochastic assessment.
Answer: C
NEW QUESTION 425

- (Exam Topic 12)
What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?
A. Management support
B. Consideration of organizational need
C. Technology used for delivery
D. Target audience
Answer: B

NEW QUESTION 426

- (Exam Topic 12)
When building a data classification scheme, which of the following is the PRIMARY concern?
A. Purpose
B. Cost effectiveness
C. Availability
D. Authenticity
Answer: D
NEW QUESTION 429

- (Exam Topic 12)
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?
A. Notification tool
B. Message queuing tool
C. Security token tool
D. Synchronization tool
Answer: C
NEW QUESTION 434

- (Exam Topic 12)
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
A. Risk versus benefit

B. Availability versus auditability
C. Confidentiality versus integrity
D. Performance versus user satisfaction
Answer: A
NEW QUESTION 437

- (Exam Topic 12)
Which of the following countermeasures is the MOST effective in defending against a social engineering attack?
A. Mandating security policy acceptance

B. Changing individual behavior
C. Evaluating security awareness training
D. Filtering malicious e-mail content
Answer: C
NEW QUESTION 439

- (Exam Topic 13)
Which of the following is the BEST reason for writing an information security policy?
A. To support information security governance

B. To reduce the number of audit findings
C. To deter attackers
D. To implement effective information security controls
Answer: A
NEW QUESTION 444

- (Exam Topic 13)
Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?
A. undergo a security assessment as part of authorization process

B. establish a risk management strategy
C. harden the hosting server, and perform hosting and application vulnerability scans
D. establish policies and procedures on system and services acquisition
Answer: D
NEW QUESTION 445

- (Exam Topic 13)
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%.
What is the residual risk?
A. 25%
B. 50%
C. 75%
D. 100%
Answer:

NEW QUESTION 449

- (Exam Topic 13)
Which of the following is the MOST important security goal when performing application interface testing?
A. Confirm that all platforms are supported and function properly

B. Evaluate whether systems or components pass data and control correctly to one another
C. Verify compatibility of software, hardware, and network connections
D. Examine error conditions related to external interfaces to prevent application details leakage
Answer: B
NEW QUESTION 451

- (Exam Topic 13)
Why is planning in Disaster Recovery (DR) an interactive process?
A. It details off-site storage plans

B. It identifies omissions in the plan
C. It defines the objectives of the plan
D. It forms part of the awareness process
Answer: B
NEW QUESTION 456

- (Exam Topic 13)
An organization’s security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization
mechanism is being used?
A. Discretionary Access Control (DAC)

B. Role Based Access Control (RBAC)
C. Media Access Control (MAC)
D. Mandatory Access Control (MAC)
Answer: A
NEW QUESTION 458

- (Exam Topic 13)
Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate
to implement?
A. Increased console lockout times for failed logon attempts

B. Reduce the group in size
C. A credential check-out process for a per-use basis
D. Full logging on affected systems
Answer: C
Explanation:
Section: Security Operations
NEW QUESTION 462

- (Exam Topic 13)
From a security perspective, which of the following assumptions MUST be made about input to an
application?
A. It is tested
B. It is logged
C. It is verified
D. It is untrusted
Answer: D
NEW QUESTION 464

- (Exam Topic 13)
In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain.
What could be done on this device in order to obtain proper connectivity?
A. Connect the device to another network jack

B. Apply remediation’s according to security requirements
C. Apply Operating System (OS) patches
D. Change the Message Authentication Code (MAC) address of the network interface
Answer: B
NEW QUESTION 466

- (Exam Topic 13)

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following
actions would be performed?
A. Use a web scanner to scan for vulnerabilities within the website.

B. Perform a code review to ensure that the database references are properly addressed.
C. Establish a secure connection to the web server to validate that only the approved ports are open.
D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
Answer: D
NEW QUESTION 470

- (Exam Topic 13)
A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the
powered-on device from the network and preserve the evidence?
A. Put the device in airplane mode

B. Suspend the account with the telecommunication provider
C. Remove the SIM card
D. Turn the device off
Answer: A
NEW QUESTION 471

- (Exam Topic 13)
What capability would typically be included in a commercially available software package designed for access control?
A. Password encryption
B. File encryption
C. Source library control
D. File authentication
Answer: A
NEW QUESTION 475

- (Exam Topic 13)
What is the PRIMARY role of a scrum master in agile development?
A. To choose the primary development language

B. To choose the integrated development environment
C. To match the software requirements to the delivery plan
D. To project manage the software delivery
Answer: D
NEW QUESTION 476

- (Exam Topic 13)
Which of the following is the MOST common method of memory protection?
A. Compartmentalization
B. Segmentation
C. Error correction
D. Virtual Local Area Network (VLAN) tagging
Answer: B
NEW QUESTION 477

- (Exam Topic 13)
Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control
framework?
A. Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found.
B. Maintaining segregation of duties.
C. Standardized configurations for logging, alerting, and security metrics.
D. Availability of security teams at the end of design process to perform last-minute manual audits and reviews.
Answer: B
NEW QUESTION 479

- (Exam Topic 13)
Which of the following combinations would MOST negatively affect availability?
A. Denial of Service (DoS) attacks and outdated hardware

B. Unauthorized transactions and outdated hardware
C. Fire and accidental changes to data
D. Unauthorized transactions and denial of service attacks

Answer: A
NEW QUESTION 480

- (Exam Topic 13)
The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?
A. Application authentication
B. Input validation
C. Digital signing
D. Device encryption
Answer: C
NEW QUESTION 481

- (Exam Topic 13)
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?
A. parameterized database queries

B. whitelist input values
C. synchronized session tokens
D. use strong ciphers
Answer: C
NEW QUESTION 485

- (Exam Topic 13)
Which of the following is the MOST efficient mechanism to account for all staff during a speedy nonemergency evacuation from a large security facility?
A. Large mantrap where groups of individuals leaving are identified using facial recognition technology
B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exitdoor
C. Emergency exits with push bars with coordinates at each exit checking off the individual against a predefined list
D. Card-activated turnstile where individuals are validated upon exit
Answer: B
Explanation:
NEW QUESTION 489

- (Exam Topic 13)
What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?
A. Purging
B. Encryption
C. Destruction
D. Clearing
Answer: A
NEW QUESTION 493

- (Exam Topic 13)
Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?
A. Password requirements are simplified.

B. Risk associated with orphan accounts is reduced.
C. Segregation of duties is automatically enforced.
D. Data confidentiality is increased.
Answer: A
NEW QUESTION 497

- (Exam Topic 13)
When determining who can accept the risk associated with a vulnerability, which of the following is MOST
important?
A. Countermeasure effectiveness
B. Type of potential loss
C. Incident likelihood
D. Information ownership
Answer: C
NEW QUESTION 499

- (Exam Topic 13)
Which of the following is a characteristic of an internal audit?

A. An internal audit is typically shorter in duration than an external audit.

B. The internal audit schedule is published to the organization well in advance.
C. The internal auditor reports to the Information Technology (IT) department
D. Management is responsible for reading and acting upon the internal audit results
Answer: D
NEW QUESTION 503

- (Exam Topic 13)
An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If
there was a data breach who is responsible for monetary losses?
A. The Data Protection Authority (DPA)

B. The Cloud Service Provider (CSP)
C. The application developers
D. The data owner
Answer: B
NEW QUESTION 505

- (Exam Topic 13)
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover.
Which access control mechanism would be preferred?
A. Attribute Based Access Control (ABAC)

B. Discretionary Access Control (DAC)
C. Mandatory Access Control (MAC)
D. Role-Based Access Control (RBAC)
Answer: D
NEW QUESTION 509

- (Exam Topic 13)
What are the steps of a risk assessment?
A. identification, analysis, evaluation

B. analysis, evaluation, mitigation
C. classification, identification, risk management
D. identification, evaluation, mitigation
Answer: A
Explanation:
Section: Security Assessment and Testing
NEW QUESTION 513

- (Exam Topic 13)
What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for
communications with backend servers?
A. Non-repudiation
B. Efficiency
C. Confidentially
D. Privacy
Answer: A
NEW QUESTION 515

- (Exam Topic 13)
What does electronic vaulting accomplish?
A. It protects critical files.

B. It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems
C. It stripes all database records
D. It automates the Disaster Recovery Process (DRP)
Answer: A
Explanation:
NEW QUESTION 516

- (Exam Topic 13)
Which of the following is considered a secure coding practice?
A. Use concurrent access for shared variables and resources

B. Use checksums to verify the integrity of libraries

C. Use new code for common tasks
D. Use dynamic execution functions to pass user supplied data
Answer: B
NEW QUESTION 518

- (Exam Topic 13)
Which of the following would an attacker BEST be able to accomplish through the use of Remote Access
Tools (RAT)?
A. Reduce the probability of identification

B. Detect further compromise of the target
C. Destabilize the operation of the host
D. Maintain and expand control
Answer: D
NEW QUESTION 522

- (Exam Topic 13)
What is the PRIMARY goal of fault tolerance?
A. Elimination of single point of failure

B. Isolation using a sandbox
C. Single point of repair
D. Containment to prevent propagation
Answer: A
NEW QUESTION 527

- (Exam Topic 13)
Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.
Which of the following is LEAST associated with the attack surface?
A. Input protocols
B. Target processes
C. Error messages
D. Access rights
Answer: C
Explanation:
Section: Security Assessment and Testing
NEW QUESTION 530

- (Exam Topic 13)
Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?
A. Triple Data Encryption Standard (3DES)

B. Advanced Encryption Standard (AES)
C. Message Digest 5 (MD5)
D. Secure Hash Algorithm 2(SHA-2)
Answer: B
NEW QUESTION 533

- (Exam Topic 13)
Which of the following is the MOST challenging issue in apprehending cyber criminals?
A. They often use sophisticated method to commit a crime.

B. It is often hard to collect and maintain integrity of digital evidence.
C. The crime is often committed from a different jurisdiction.
D. There is often no physical evidence involved.
Answer: C
NEW QUESTION 537

- (Exam Topic 13)
What is the expected outcome of security awareness in support of a security awareness program?
A. Awareness activities should be used to focus on security concerns and respond to those concerns accordingly
B. Awareness is not an activity or part of the training but rather a state of persistence to support the program
C. Awareness is trainin
D. The purpose of awareness presentations is to broaden attention of security.
E. Awareness is not trainin
F. The purpose of awareness presentation is simply to focus attention on security.

Answer: C
NEW QUESTION 541

- (Exam Topic 13)
Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?
A. Transport layer handshake compression

B. Application layer negotiation
C. Peer identity authentication
D. Digital certificate revocation
Answer: C
NEW QUESTION 546

- (Exam Topic 13)
Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?
A. Mandatory Access Controls (MAC)

B. Enterprise security architecture
C. Enterprise security procedures
D. Role Based Access Controls (RBAC)
Answer: D
NEW QUESTION 547

- (Exam Topic 13)
What is the foundation of cryptographic functions?
A. Encryption
B. Cipher
C. Hash
D. Entropy
Answer: A
NEW QUESTION 549

- (Exam Topic 13)
Which of the following mandates the amount and complexity of security controls applied to a security risk?
A. Security vulnerabilities
B. Risk tolerance
C. Risk mitigation
D. Security staff
Answer: C
NEW QUESTION 551

- (Exam Topic 13)
At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
A. annually
B. to correspond with staff promotions
C. to correspond with terminations
D. continually
Answer: A
NEW QUESTION 554

- (Exam Topic 13)
Digital certificates used in Transport Layer Security (TLS) support which of the following?
A. Information input validation

B. Non-repudiation controls and data encryption
C. Multi-Factor Authentication (MFA)
D. Server identity and data confidentially
Answer: D
NEW QUESTION 559

- (Exam Topic 13)
What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state
B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests

D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
Answer: B
NEW QUESTION 560

- (Exam Topic 13)
A minimal implementation of endpoint security includes which of the following?
A. Trusted platforms
B. Host-based firewalls
C. Token-based authentication
D. Wireless Access Points (AP)
Answer: A
NEW QUESTION 563

- (Exam Topic 13)
An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future
occurrences?
A. Remove the anonymity from the proxy

B. Analyze Internet Protocol (IP) traffic for proxy requests
C. Disable the proxy server on the firewall
D. Block the Internet Protocol (IP) address of known anonymous proxies
Answer: C
NEW QUESTION 568

- (Exam Topic 13)
Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
A. Erase
B. Sanitize
C. Encrypt
D. Degauss
Answer: B
NEW QUESTION 569

- (Exam Topic 13)
A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate
future infections?
A. Develop a written organizational policy prohibiting unauthorized USB devices

B. Train users on the dangers of transferring data in USB devices
C. Implement centralized technical control of USB port connections
D. Encrypt removable USB devices containing data at rest
Answer: C
NEW QUESTION 570

- (Exam Topic 13)
Which of the BEST internationally recognized standard for evaluating security products and systems?
A. Payment Card Industry Data Security Standards (PCI-DSS)

B. Common Criteria (CC)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Sarbanes-Oxley (SOX)
Answer: B
NEW QUESTION 572

- (Exam Topic 13)
Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?
A. Acoustic sensor
B. Motion sensor
C. Shock sensor
D. Photoelectric sensor
Answer: C
NEW QUESTION 573

- (Exam Topic 13)
Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

A. Having emergency contacts established for the general employee population to get information
B. Conducting business continuity and disaster recovery training for those who have a direct role in the recovery
C. Designing business continuity and disaster recovery training programs for different audiences
D. Publishing a corporate business continuity and disaster recovery plan on the corporate website
Answer: C
NEW QUESTION 574

- (Exam Topic 13)
What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 576

- (Exam Topic 13)
A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack
targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?
A. Deploying load balancers to distribute inbound traffic across multiple data centers
B. Set Up Web Application Firewalls (WAFs) to filter out malicious traffic
C. Implementing reverse web-proxies to validate each new inbound connection
D. Coordinate with and utilize capabilities within Internet Service Provider (ISP)
Answer: D
NEW QUESTION 577

- (Exam Topic 13)
A Security Operations Center (SOC) receives an incident response notification on a server with an active
intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing
the next step?
A. Notifying law enforcement is crucial before hashing the contents of the server hard drive
B. Identifying who executed the incident is more important than how the incident happened
C. Removing the server from the network may prevent catching the intruder
D. Copying the contents of the hard drive to another storage device may damage the evidence
Answer: C
Explanation:
NEW QUESTION 580

- (Exam Topic 13)
Which of the following is the BEST metric to obtain when gaining support for an Identify and Access
Management (IAM) solution?
A. Application connection successes resulting in data leakage

B. Administrative costs for restoring systems after connection failure
C. Employee system timeouts from implementing wrong limits
D. Help desk costs required to support password reset requests
Answer: D
NEW QUESTION 582

- (Exam Topic 13)

In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill?
A. a functional evacuation of personnel

B. a specific test by response teams of individual emergency response functions
C. an activation of the backup site
D. a full-scale simulation of an emergency and the subsequent response functions.
Answer: D
NEW QUESTION 583

- (Exam Topic 13)
Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?
A. Minimize malicious attacks from third parties

B. Manage resource privileges
C. Share digital identities in hybrid cloud
D. Defined a standard protocol
Answer: D
NEW QUESTION 588

- (Exam Topic 13)
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?
A. Application proxy
B. Port filter
C. Network boundary router
D. Access layer switch
Answer: A
NEW QUESTION 592

- (Exam Topic 13)
Access to which of the following is required to validate web session management?
A. Log timestamp
B. Live session traffic
C. Session state variables
D. Test scripts
Answer: C
NEW QUESTION 595

......

Thank You for Trying Our Product
* 100% Pass or Money Back

All our products come with a 90-day Money Back Guarantee.
* One year free update
You can enjoy free update one year. 24x7 online support.
* Trusted by Millions
We currently serve more than 30,000,000 customers.
* Shop Securely
All transactions are protected by VeriSign!
100% Pass Your CISSP Exam with Our Prep Materials Via below:
https://www.certleader.com/CISSP-dumps.html

Powered by TCPDF (www.tcpdf.org)

Cissp 3

Uploaded by

Copyright:

Available Formats

Cissp 3

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cissp 3

Uploaded by

Copyright:

Available Formats

100% Valid and Newest Version CISSP Questions & Answers shared by Certleader

https://www.certleader.com/CISSP-dumps.html (653 Q&As)

Certified Information Systems Security Professional (CISSP)

The Leader of IT Certification visit - https://www.certleader.com

A. Identify the contractual security obligations that apply to the organizations

A. Personal Identity Verification (PIV)

A. Platform as a Service (PaaS)

The Leader of IT Certification visit - https://www.certleader.com

A. Layer 2 Tunneling Protocol (L2TP)

A. Intrusion Prevention Systems (IPS)

A. Trusted third-party certification

The Leader of IT Certification visit - https://www.certleader.com

A. Change management processes

A. Disable all unnecessary services

A. Collecting security events and correlating them to identify anomalies

A. Take the computer to a forensic lab

A. Check arguments in function calls

A. Debug the security issues

The Leader of IT Certification visit - https://www.certleader.com

A. System acquisition and development

A. Determine testing methods

A. Immediately document the finding and report to senior management.

A. It has normalized severity ratings.

The Leader of IT Certification visit - https://www.certleader.com

A. Train personnel in roles and responsibilities

A. Man-in-the-Middle (MITM) attack

A. Simple Mail Transfer Protocol (SMTP) blacklist

The Leader of IT Certification visit - https://www.certleader.com

The overall goal of a penetration test is to determine a system's

A. ability to withstand an attack.

A. a report from an external auditor.

A. Authorization and integrity

A. Regularly perform account re-validation and approval

A. They are not subject to interception due to encryption.

NEW QUESTION 100

The Leader of IT Certification visit - https://www.certleader.com

A. To assist data owners in making future sensitivity and criticality determinations

NEW QUESTION 101

NEW QUESTION 106

A. Contractual requirements for code quality

NEW QUESTION 107

NEW QUESTION 110

A. the estimated monetary value of the information.

NEW QUESTION 115

NEW QUESTION 116

A. To assign responsibility for mitigating the risk to vulnerable systems

The Leader of IT Certification visit - https://www.certleader.com

NEW QUESTION 121

A. Information Technology (IT) managers.

NEW QUESTION 124

A. hosts are able to establish network communications.

NEW QUESTION 125

A. Secure Sockets Layer (SSL) key exchange

NEW QUESTION 126

NEW QUESTION 129

A. Test in development, determine dates, notify users, and implement in production

NEW QUESTION 131

A. Evaluating the efficiency of the plan

NEW QUESTION 133