Proper study guides for Renovate ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 CISSP preparation products which designed to deliver the High quality CISSP questions by making you pass the CISSP test at your first time. Try the free CISSP demo right now.
2021 Mar CISSP free draindumps
Q181. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
A. Role Based Access Control (RBAC)
B. Biometric access control
C. Federated Identity Management (IdM)
D. Application hardening
Answer: A
Q182. Which of the following actions should be performed when implementing a change to a database schema in a production system?
A. Test in development, determine dates, notify users, and implement in production
B. Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy
C. Perform user acceptance testing in production, have users sign off, and finalize change
D. Change in development, perform user acceptance testing, develop a back-out strategy, and implement change
Answer: D
Q183. An organization's data policy MUST include a data retention period which is based on
A. application dismissal.
B. business procedures.
C. digital certificates expiration.
D. regulatory compliance.
Answer: D
Q184. Copyright provides protection for which of the following?
A. Ideas expressed in literary works
B. A particular expression of an idea
C. New and non-obvious inventions
D. Discoveries of natural phenomena
Answer: B
Q185. What type of encryption is used to protect sensitive data in transit over a network?
A. Payload encryption and transport encryption
B. Authentication Headers (AH)
C. Keyed-Hashing for Message Authentication
D. Point-to-Point Encryption (P2PE)
Answer: A
Leading CISSP free download:
Q186. Who must approve modifications to an organization's production infrastructure configuration?
A. Technical management
B. Change control board
C. System operations
D. System users
Answer: B
Q187. Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
A. Level of assurance of the Target of Evaluation (TOE) in intended operational environment
B. Selection to meet the security objectives stated in test documents
C. Security behavior expected of a TOE
D. Definition of the roles and responsibilities
Answer: C
Q188. Retaining system logs for six months or longer can be valuable for what activities?.
A. Disaster recovery and business continuity
B. Forensics and incident response
C. Identity and authorization management
D. Physical and logical access control
Answer: B
Q189. What is the BEST method to detect the most common improper initialization problems in programming languages?
A. Use and specify a strong character encoding.
B. Use automated static analysis tools that target this type of weakness.
C. Perform input validation on any numeric inputs by assuring that they are within the expected range.
D. Use data flow analysis to minimize the number of false positives.
Answer: B
Q190. In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.
B. business managers.
C. end users.
D. system security managers.
Answer: B