CISSP Exam
Top 10 testing software CISSP for IT examinee (41 to 50)
2021 Apr CISSP exam cram
Q41. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
A. Immediately document the.finding and.report to senior management.
B. Use system privileges to alter the permissions to secure the server
C. Continue the testing to its completion and then inform IT management
D. Terminate the penetration test and pass the finding to the server management team
Answer: A
Q42. Which of the following is the BEST solution to provide redundancy for telecommunications links?
A. Provide multiple links from the same telecommunications vendor.
B. Ensure that the telecommunications links connect to the network in one location.
C. Ensure.that the telecommunications links connect to the network in multiple locations.
D. Provide multiple links from multiple telecommunications vendors.
Answer: D
Q43. What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
A. Evaluating the efficiency of the plan
B. Identifying the benchmark required for restoration
C. Validating the effectiveness of the plan
D. Determining the Recovery Time Objective (RTO)
Answer: C
Q44. Refer.to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
A. audit findings.
B. risk elimination.
C. audit requirements.
D. customer satisfaction.
Answer: A
Q45. Refer.to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A. Human resources policy
B. Acceptable use policy
C. Code of ethics
D. Access control policy
Answer: B
Q46. DRAG DROP
Place the following information classification steps in.sequential order.
Answer:
Q47. A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is
A. the scalability of token enrollment.
B. increased accountability of end users.
C. it protects against unauthorized access.
D. it simplifies user access administration.
Answer: C
Q48. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain?
A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.
B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.
C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.
D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.
Answer: B
Q49. Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
A. Confidentiality and Integrity
B. Availability and Accountability
C. Integrity and Availability
D. Accountability and Assurance
Answer: D
Q50. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to
A. encrypt the contents of the repository and document any exceptions to that requirement.
B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
C. keep individuals with access to high security areas from saving those documents into lower security areas.
D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
Answer: C