ISC CISSP Exam Practice Questions (P. 4)
- Full Access (484 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #31
Which of the following encryption technologies has the ability to function as a stream cipher?
- ACipher Block Chaining (CBC) with error propagation
- BElectronic Code Book (ECB)
- CCipher Feedback (CFB)Most Voted
- DFeistel cipher
Correct Answer:
C
C
send
light_mode
delete
Question #32
In a disaster recovery (DR) test, which of the following would be a trait of crisis management?
send
light_mode
delete
Question #33
Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?
- AStrong operational security to keep unit members safe
- BPolicies to validate organization rulesMost Voted
- CCyber hygiene to ensure organizations can keep systems healthy
- DQuality design principles to ensure quality by design
Correct Answer:
B
B
send
light_mode
delete
Question #34
Which of the following is security control volatility?
- AA reference to the impact of the security control.
- BA reference to the likelihood of change in the security control.Most Voted
- CA reference to how unpredictable the security control is.
- DA reference to the stability of the security control.
Correct Answer:
C
C
send
light_mode
delete
Question #35
When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?
send
light_mode
delete
Question #36
What is the term used to define where data is geographically stored in the cloud?
- AData privacy rights
- BData sovereigntyMost Voted
- CData warehouse
- DData subject rights
Correct Answer:
B
B
send
light_mode
delete
Question #37
Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
- AProper security controls, security objectives, and security goals are properly initiated.Most Voted
- BSecurity objectives, security goals, and system test are properly conducted.
- CProper security controls, security goals, and fault mitigation are properly conducted.
- DSecurity goals, proper security controls, and validation are properly initiated.
Correct Answer:
D
D
send
light_mode
delete
Question #38
Which of the following is MOST important to follow when developing information security controls for an organization?
- AUse industry standard best practices for security controls in the organization.
- BExercise due diligence with regard to all risk management information to tailor appropriate controls.Most Voted
- CReview all local and international standards and choose the most stringent based on location.
- DPerform a risk assessment and choose a standard that addresses existing gaps.
Correct Answer:
C
C
send
light_mode
delete
Question #39
When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?
- AThe RPO is the minimum amount of data that needs to be recovered.
- BThe RPO is the amount of time it takes to recover an acceptable percentage of data lost.
- CThe RPO is a goal to recover a targeted percentage of data lost.
- DThe RPO is the maximum amount of time for which loss of data is acceptable.Most Voted
Correct Answer:
D
D
send
light_mode
delete
Question #40
Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?
- AA brute force password attack on the Secure Shell (SSH) port of the controllerMost Voted
- BSending control messages to open a flow that does not pass a firewall from a compromised host within the network
- CRemote Authentication Dial-In User Service (RADIUS) token replay attack
- DSniffing the traffic of a compromised host inside the network
Correct Answer:
B
B
send
light_mode
delete
All Pages