Want to know Pass4sure cissp forum Exam practice test features? Want to lear more about ISC2 Certified Information Systems Security Professional (CISSP) certification experience? Study Practical ISC2 cissp vs cisa answers to Renew cissp study plan questions at Pass4sure. Gat a success with an absolute guarantee to pass ISC2 free cissp training (Certified Information Systems Security Professional (CISSP)) test on your first attempt.
Q121. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
A. Spoofing
B. Eavesdropping
C. Man-in-the-middle
D. Denial of service
Answer: C
Q122. Following the completion of a network security assessment, which of the following can BEST be demonstrated?
A. The effectiveness of controls can be accurately measured
B. A penetration test of the network will fail
C. The network is compliant to industry standards
D. All unpatched vulnerabilities have been identified
Answer: A
Q123. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid.reason a customer transaction is kept beyond the retention schedule?
A. Pending legal hold
B. Long term data mining needs
C. Customer makes request to retain
D. Useful for future business initiatives
Answer: A
Q124. Which of the following analyses is performed to protect information assets?
A. Business impact analysis
B. Feasibility analysis
C. Cost benefit analysis
D. Data analysis
Answer: A
Q125. Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
A. Level of assurance of the Target of Evaluation (TOE) in intended operational environment
B. Selection to meet the security objectives stated in test documents
C. Security behavior expected of a TOE
D. Definition of the roles and responsibilities
Answer: C
Q126. Which one of the following considerations has the LEAST impact when considering transmission security?
A. Network availability
B. Data integrity
C. Network bandwidth
D. Node locations
Answer: C
Q127. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of.Synchronize/Acknowledge (SYN/ACK) packets to the
A. default gateway.
B. attacker's address.
C. local interface being attacked.
D. specified source address.
Answer: D
Q128. Who must approve modifications to an organization's production infrastructure configuration?
A. Technical management
B. Change control board
C. System operations
D. System users
Answer: B
Q129. When constructing.an.Information Protection.Policy.(IPP), it is important that the stated rules are necessary, adequate, and
A. flexible.
B. confidential.
C. focused.
D. achievable.
Answer: D
Q130. An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.
B. The service provider will segregate the data within its systems and ensure that each region's policies are met.
C. The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.
D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.
Answer: D
Q131. What is the FIRST step in developing a security test and its evaluation?
A. Determine testing methods
B. Develop testing procedures
C. Identify all applicable security requirements
D. Identify people, processes, and products not in compliance
Answer: C
Q132. The PRIMARY security concern for handheld devices is the
A. strength of the encryption algorithm.
B. spread of malware during synchronization.
C. ability to bypass the authentication mechanism.
D. strength of the Personal Identification Number (PIN).
Answer: C
Q133. DRAG DROP
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
Answer:
Q134. Which one of the following is a common risk with network configuration management?
A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.
Answer: D
Q135. Software Code signing is used as a method of verifying what security concept?.
A. Integrity
B. Confidentiality.
C. Availability.
D. Access Control
Answer: A