Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISC CISSP

ISC CISSP Exam Practice Questions (P. 5)

  • Full Access (484 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
Which of the following is the BEST option to reduce the network attack surface of a system?
  1. A
    Disabling unnecessary ports and services
  2. B
    Ensuring that there are no group accounts on the system
  3. C
    Uninstalling default software on the system
  4. D
    Removing unnecessary system user accounts

Correct Answer:
A

Question #42
The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the
BEST solution to securely store the private keys?
  1. A
    Physically secured storage device
  2. B
    Trusted Platform Module (TPM)
  3. C
    Encrypted flash drive
  4. D
    Public key infrastructure (PKI)

Correct Answer:
B

Question #43
The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?
  1. A
    Access control
  2. B
    Security information and event management (SIEM)
  3. C
    Defense-in-depth
  4. D
    Security perimeter

Correct Answer:
D

Question #44
A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?
  1. A
    Purpose specification
  2. B
    Collection limitation
  3. C
    Use limitation
  4. D
    Individual participation

Correct Answer:
A

Question #45
A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
  1. A
    Access the policy on a company-issued device and let the former colleague view the screen.
  2. B
    E-mail the policy to the colleague as they were already part of the organization and familiar with it.
  3. C
    Do not acknowledge receiving the request from the former colleague and ignore them.
  4. D
    Submit the request using company official channels to ensure the policy is okay to distribute.

Correct Answer:
C

Question #46
Which of the following BEST describes when an organization should conduct a black box security audit on a new software protect?
  1. A
    When the organization wishes to check for non-functional compliance
  2. B
    When the organization wants to enumerate known security vulnerabilities across their infrastructure
  3. C
    When the organization is confident the final source code is complete
  4. D
    When the organization has experienced a security incident

Correct Answer:
C

Question #47
In software development, which of the following entities normally signs the code to protect the code integrity?
  1. A
    The organization developing the code
  2. B
    The quality control group
  3. C
    The developer
  4. D
    The data owner

Correct Answer:
A

Question #48
Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?
  1. A
    Field-level tokenization
  2. B
    Web application vulnerability scanners
  3. C
    Runtime application self-protection (RASP)
  4. D
    Security Assertion Markup Language (SAML)

Correct Answer:
B

Question #49
A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer overflow attacks?
  1. A
    Access control mechanisms
  2. B
    Process isolation
  3. C
    Address Space Layout Randomization (ASLR)
  4. D
    Processor states

Correct Answer:
C

Question #50
In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?
  1. A
    Implement bi-annual reviews.
  2. B
    Create policies for system access.
  3. C
    Implement and review risk-based alerts.
  4. D
    Increase logging levels.

Correct Answer:
B

Previous Questions Next Questions

All Pages