Proper study guides for Refresh ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 cissp exam cram preparation products which designed to deliver the Vivid cissp certification questions by making you pass the cissp exam dates test at your first time. Try the free cissp sybex demo right now.

Q161. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)? 

A. Make changes following principle and design guidelines. 

B. Stop the application until the vulnerability is fixed. 

C. Report the vulnerability to product owner. 

D. Monitor the application and review code. 

Answer:


Q162. Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted? 

A. False Acceptance Rate (FAR) 

B. False Rejection Rate (FRR) 

C. Crossover Error Rate (CER) 

D. Rejection Error Rate 

Answer:


Q163. With data labeling, which of the following MUST be the key decision maker? 

A. Information security 

B. Departmental management 

C. Data custodian 

D. Data owner 

Answer:


Q164. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems? 

A. A review of hiring policies and methods of verification of new employees 

B. A review of all departmental procedures 

C. A review of all training procedures to be undertaken 

D. A review of all systems by an experienced administrator 

Answer:


Q165. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network? 

A. Anti-virus software 

B. Intrusion Prevention System (IPS) 

C. Anti-spyware software 

D. Integrity checking software 

Answer:


Q166. When implementing controls in a heterogeneous end-point network for an organization, it is critical that 

A. hosts are able to establish network communications. 

B. users can make modifications to their security software configurations. 

C. common software security components be implemented across all hosts. 

D. firewalls running on each host are fully customizable by the user. 

Answer:


Q167. A security professional has been asked to evaluate the options for the location of a new data center within a multifloor.building. Concerns for the data center include emanations and physical access controls. 

Which of the following is the BEST location? 

A. On the top floor 

B. In the basement 

C. In the core of the building 

D. In an exterior room with windows 

Answer:


Q168. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer? 

A. Run software uninstall 

B. Re-image the computer 

C. Find.and remove all installation files 

D. Delete all cookies stored in the web browser cache 

Answer:


Q169. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

What additional considerations are there if the third party is located in a different country? 

A. The organizational structure of the third party and how it may impact timelines within the organization 

B. The ability of the third party to respond to the organization in a timely manner and with accurate information 

C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data 

D. The quantity of data that must be provided to the third party and how it is to be used 

Answer:


Q170. DRAG DROP 

In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?.

Answer: