Actual of isc2 cissp practice exam materials and braindumps for ISC2 certification for candidates, Real Success Guaranteed with Updated cissp sybex pdf dumps vce Materials. 100% PASS Certified Information Systems Security Professional (CISSP) exam Today!
Q136. Which of the following is the MOST effective attack against cryptographic hardware modules?
A. Plaintext.
B. Brute force
C. Power analysis
D. Man-in-the-middle (MITM)
Answer: C
Q137. An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?
A. The behavior is ethical because the tool will be used to create a better virus scanner.
B. The behavior is ethical because any experienced programmer could create such a tool.
C. The behavior is not ethical because creating any kind of virus is bad.
D. The behavior is not ethical because such.a tool could be leaked on the Internet.
Answer: A
Q138. A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as
A. least privilege.
B. rule based access controls.
C. Mandatory Access Control (MAC).
D. separation of duties.
Answer: D
Q139. The PRIMARY purpose of a security awareness program is to
A. ensure that everyone understands the organization's policies and procedures.
B. communicate that access to information will be granted on a need-to-know basis.
C. warn all users that access to all systems will be monitored on a daily basis.
D. comply with regulations related to data and information protection.
Answer: A
Q140. HOTSPOT
In the network design below, where.is.the.MOST secure.Local Area Network (LAN).segment to deploy a.Wireless.Access.Point (WAP) that provides.contractors.access to the Internet and authorized enterprise services?
Answer:
Q141. Refer.to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
What MUST the access control logs contain in addition to the identifier?
A. Time of the access
B. Security classification
C. Denied access attempts
D. Associated clearance
Answer: A
Q142. A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism
Answer: B
Q143. Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?
A. It is useful for testing communications protocols and graphical user interfaces.
B. It is characterized by the stateless behavior of a process implemented in a function.
C. Test inputs are obtained from the derived boundaries of the given functional specifications.
D. An entire partition can be covered by considering only one representative value from that partition.
Answer: A
Q144. Refer.to the information below to answer the question.
.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
A. The organizational structure of the third party and how it may impact timelines within the organization
B. The ability of the third party to respond to the organization in a timely manner and with accurate information
C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data
D. The quantity of data that must be provided to the third party and how it is to be used
Answer: C
Q145. Which of the following is an essential element of a privileged identity lifecycle management?
A. Regularly perform account re-validation and approval
B. Account provisioning based on multi-factor authentication
C. Frequently review performed activities and request justification
D. Account information to be provided by supervisor or line manager
Answer: A
Q146. Which of the following BEST describes a rogue Access Point (AP)?
A. An AP that is not protected by a firewall
B. An.AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)
C. An.AP connected to the wired infrastructure but not under the management of authorized network administrators
D. An.AP infected by any kind of Trojan or Malware
Answer: C
Q147. HOTSPOT
Identify the component that MOST likely lacks digital accountability related to.information access.
Click on the correct device in the image below.
Answer:
Q148. Which of the following is the PRIMARY benefit of implementing.data-in-use controls?
A. If the data is lost, it must be decrypted to be opened.
B. If the data is lost, it will not be accessible to unauthorized users.
C. When the data is being viewed, it can only be printed by.authorized users.
D. When the data is being viewed, it must be accessed using secure protocols.
Answer: C
Q149. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
A. In-house security administrators
B. In-house Network Team
C. Disaster Recovery (DR) Team
D. External consultants
Answer: D
Q150. DRAG DROP
Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.
Answer: