CISSP Dumps CISSP Braindumps

CISSP Real Questions CISSP Practice Test CISSP Actual Questions

ISC2

CISSP

Certified Information Systems Security Professional

- 2023

https://killexams.com/pass4sure/exam-detail/CISSP

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

1. Use a web scanner to scan for vulnerabilities within the website.

2. Perform a code review to ensure that the database references are properly addressed.

3. Establish a secure connection to the web server to validate that only the approved ports are open.

4. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Answer: D

QUESTION: 226

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

1. Senior management

2. Information security department

3. Audit committee

4. All users

Answer: C

QUESTION: 227

Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?

1. Acoustic sensor

2. Motion sensor

3. Shock sensor

4. Photoelectric sensor

Answer: C

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

1. Implement processes for automated removal of access for terminated employees.

2. Delete employee network and system IDs upon termination.

3. Manually remove terminated employee user-access to all systems and applications.

4. Disable terminated employee network ID to remove all access.

Answer: B

QUESTION: 229

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

1. Having emergency contacts established for the general employee population to get information

2. Conducting business continuity and disaster recovery training for those who have a direct role in the recovery

3. Designing business continuity and disaster recovery training programs for different audiences

4. Publishing a corporate business continuity and disaster recovery plan on the corporate website

Answer: C

QUESTION: 230

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

1. Purging

2. Encryption

3. Destruction

4. Clearing

Answer: A

Which one of the following considerations has the LEAST impact when considering transmission security?

1. Network availability

2. Node locations

3. Network bandwidth

4. Data integrity

Answer: C

QUESTION: 232

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

1. System acquisition and development

2. System operations and maintenance

3. System initiation

4. System implementation

Answer: B

QUESTION: 233 DRAG DROP

Drag the following Security Engineering terms on the left to the BEST definition on the right.

Answer:

Risk - A measure of the extent to which an entity is threatened by a potential circumstance of event, the adverse impacts that would arise if the circumstance or event occurs, and the likelihood of occurrence. Protection Needs Assessment - The method used to identify the confidentiality, integrity, and availability requirements for organizational and system assets and to characterize the adverse impact or consequences should be asset be lost, modified, degraded, disrupted, compromised, or become unavailable. Threat assessment - The method used to identify and characterize the dangers anticipated throughout the life cycle of the system. Security Risk Treatment - The method used to identify feasible security risk mitigation options and plans.

QUESTION: 234

Which of the following is the BEST reason for the use of security metrics?

1. They ensure that the organization meets its security objectives.

2. They provide an appropriate framework for Information Technology (IT) governance.

3. They speed up the process of quantitative risk assessment.

4. They quantify the effectiveness of security processes.

Answer: B

QUESTION: 235

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

1. Password requirements are simplified.

2. Risk associated with orphan accounts is reduced.

3. Segregation of duties is automatically enforced.

4. Data confidentiality is increased.

Answer: A

6$03/( 48(67,216

7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV

.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP

$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP

([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP

3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV

*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV

8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV

7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\

'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG