Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISC CISSP

ISC CISSP Exam Practice Questions (P. 3)

  • Full Access (484 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?
  1. A
    Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.
  2. B
    Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.
  3. C
    Ensure the business continuity policy, controls, processes, and procedures have been implemented.
  4. D
    Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

Correct Answer:
C

Question #22
What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?
  1. A
    Service Organization Control (SOC) 1 Type 2
  2. B
    Service Organization Control (SOC) 1 Type 1
  3. C
    Service Organization Control (SOC) 2 Type 2
  4. D
    Service Organization Control (SOC) 2 Type 1

Correct Answer:
D

Question #23
A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?
  1. A
    Organization loses control of their network devices.
  2. B
    Network is flooded with communication traffic by the attacker.
  3. C
    Network management communications is disrupted.
  4. D
    Attacker accesses sensitive information regarding the network topology.

Correct Answer:
A

Question #24
Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?
  1. A
    Statement on Auditing Standards (SAS) 70
  2. B
    Service Organization Control 1 (SOC1)
  3. C
    Service Organization Control 2 (SOC2)
  4. D
    Service Organization Control 3 (SOC3)

Correct Answer:
B

Question #25
Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?
  1. A
    Scheduled team review of coding style and techniques for vulnerability patterns
  2. B
    The regular use of production code routines from similar applications already in use
  3. C
    Using automated programs to test for the latest known vulnerability patterns
  4. D
    Ensure code editing tools are updated against known vulnerability patterns

Correct Answer:
C

Question #26
When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?
  1. A
    Public safety, duties to individuals, duties to the profession, and duties to principals
  2. B
    Public safety, duties to principals, duties to the profession, and duties to individuals
  3. C
    Public safety, duties to principals, duties to individuals, and duties to the profession
  4. D
    Public safety, duties to the profession, duties to principals, and duties to individuals

Correct Answer:
B

Question #27
Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?
  1. A
    Kanban
  2. B
    Lean Six Sigma
  3. C
    Information Technology Service Management (ITSM)
  4. D
    Information Technology Infrastructure Library (ITIL)

Correct Answer:
D

Question #28
A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?
  1. A
    In-house team lacks resources to support an on-premise solution.
  2. B
    Third-party solutions are inherently more secure.
  3. C
    Third-party solutions are known for transferring the risk to the vendor.
  4. D
    In-house development provides more control.

Correct Answer:
A

Question #29
An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?
  1. A
    SQL injection (SQLi)
  2. B
    Extensible Markup Language (XML) external entities
  3. C
    Cross-Site Scripting (XSS)
  4. D
    Cross-Site Request Forgery (CSRF)

Correct Answer:
C

Question #30
An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?
  1. A
    Clickjacking
  2. B
    Cross-site request forgery (CSRF)
  3. C
    Cross-Site Scripting (XSS)
  4. D
    Injection

Correct Answer:
C

Previous Questions Next Questions

All Pages