Pass4sure offers free demo for free cissp training exam. "Certified Information Systems Security Professional (CISSP)", also known as cissp book exam, is a ISC2 Certification. This set of posts, Passing the ISC2 cissp domains exam, will help you answer those questions. The cissp exam cost Questions & Answers covers all the knowledge points of the real exam. 100% real ISC2 cissp salary exams and revised by experts!

Q41. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks? 

A. Timing 

B. Cold boot 

C. Side channel 

D. Acoustic cryptanalysis 

Answer:


Q42. What principle requires that changes to the plaintext affect many parts of the ciphertext? 

A. Diffusion 

B. Encapsulation 

C. Obfuscation 

D. Permutation 

Answer:


Q43. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? 

A. Configure secondary servers to use the primary server as a zone forwarder. 

B. Block all Transmission Control Protocol (TCP) connections. 

C. Disable all recursive queries on the name servers. 

D. Limit zone transfers to authorized devices. 

Answer:


Q44. HOTSPOT 

Identify the component that MOST likely lacks digital accountability related to.information access. 

Click on the correct device in the image below. 

Answer: 


Q45. An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why? 

A. The behavior is ethical because the tool will be used to create a better virus scanner. 

B. The behavior is ethical because any experienced programmer could create such a tool. 

C. The behavior is not ethical because creating any kind of virus is bad. 

D. The behavior is not ethical because such.a tool could be leaked on the Internet. 

Answer:


Q46. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? 

A. Perform a service provider PCI-DSS assessment on a yearly basis. 

B. Validate.the service provider's PCI-DSS compliance status on a regular basis. 

C. Validate.that the service providers security policies are in alignment with those.of the organization. 

D. Ensure that the service provider.updates and tests its Disaster Recovery Plan (DRP).on a yearly basis. 

Answer:


Q47. Which of the following entities is ultimately.accountable.for data remanence vulnerabilities with data replicated by a cloud service provider? 

A. Data owner 

B. Data steward 

C. Data custodian 

D. Data processor 

Answer:


Q48. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

The organization should ensure that the third party's physical security controls are in place so that they 

A. are more rigorous.than the original controls. 

B. are able to limit access to sensitive information. 

C. allow access by the organization staff at any time. 

D. cannot be accessed by subcontractors of the third party. 

Answer:


Q49. How can lessons learned from business continuity training and actual recovery incidents BEST be used? 

A. As a means for improvement 

B. As alternative options for awareness and training 

C. As indicators of a need for policy 

D. As business function gap indicators 

Answer:


Q50. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In the plan, what is the BEST approach to mitigate future internal client-based attacks? 

A. Block all client side web exploits at the perimeter. 

B. Remove all non-essential client-side web services from the network. 

C. Screen for harmful exploits of client-side services before implementation. 

D. Harden the client image before deployment. 

Answer: