Your success in ISC2 cissp requirements is our sole target and we develop all our cissp forum braindumps in a way that facilitates the attainment of this target. Not only is our cissp forum study material the best you can find, it is also the most detailed and the most updated. cissp passing score Practice Exams for ISC2 cissp training are written to the highest standards of technical accuracy.
Q151. The goal of software assurance in application development is to
A. enable the development of High Availability (HA) systems.
B. facilitate the creation of Trusted Computing Base (TCB) systems.
C. prevent the creation of vulnerable applications.
D. encourage the development of open source applications.
Answer: C
Q152. Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented
Answer: B
Q153. A security professional is asked to provide a solution that restricts a.bank.teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?
A. Access is based on rules.
B. Access is determined by the system.
C. Access is based on user's role.
D. Access is based on data sensitivity.
Answer: C
Q154. Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
A. Use a thumb drive to transfer information from a foreign computer.
B. Do not take.unnecessary.information, including sensitive information.
C. Connect the laptop only to well-known networks like the hotel or public Internet cafes.
D. Request international points of contact help scan the laptop on arrival to ensure it is protected..
Answer: B
Q155. Which of the following is the FIRST step of a penetration test plan?
A. Analyzing a network diagram of the target network
B. Notifying the company's customers
C. Obtaining the approval of the company's management
D. Scheduling the penetration test during a period of least impact
Answer: C
Q156. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and.the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before.the.data security categorization begins
Answer: B
Q157. The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
A. the user's hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user's face.
Answer: B
Q158. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?
A. Masquerading, salami, malware, polymorphism
B. Brute force, dictionary, phishing, keylogger
C. Zeus, netbus, rabbit, turtle
D. Token, biometrics, IDS, DLP
Answer: B
Q159. The 802.1x standard provides a framework for what?
A. Network authentication for only wireless networks
B. Network authentication for wired and wireless networks
C. Wireless encryption using the Advanced Encryption Standard (AES)
D. Wireless network encryption using Secure Sockets Layer (SSL)
Answer: B
Q160. What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
A. Ensure that the Incident Response Plan is available and current.
B. Determine the traffic's initial source and block the appropriate port.
C. Disable or disconnect suspected target and source systems.
D. Verify the threat and determine the scope of the attack.
Answer: D
Q161. Which of the following explains why record destruction requirements are included in a data retention policy?
A. To comply with legal and business requirements
B. To save cost for storage and backup
C. To meet destruction.guidelines
D. To validate data ownership
Answer: A
Q162. Which of the following statements is TRUE of black box testing?
A. Only the functional specifications are known to the test planner.
B. Only the source code and the design documents are known to the test planner.
C. Only the source code and functional specifications are known to the test planner.
D. Only the design documents and the functional specifications are known to the test planner.
Answer: A
Q163. Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
A. Ensure end users are aware of the planning activities
B. Validate all regulatory requirements are known and fully documented
C. Develop training and awareness programs that involve all stakeholders
D. Ensure plans do not violate the organization's cultural objectives and goals
Answer: C
Q164. Which of the following is a recommended alternative to an integrated email encryption system?
A. Sign emails containing sensitive data
B. Send sensitive data in separate emails
C. Encrypt sensitive data separately in attachments
D. Store sensitive information to be sent in encrypted drives
Answer: C
Q165. What is an effective practice when returning electronic storage media to third parties for repair?
A. Ensuring the media is not labeled in any way that indicates the organization's name.
B. Disassembling the media and removing parts that may contain sensitive data.
C. Physically breaking parts of the media that may contain sensitive data.
D. Establishing a contract with the third party regarding the secure handling of the media.
Answer: D