CISSP Exam
Amazing cissp certification cost secrets
We provide real cissp salary exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass ISC2 cissp exam cram Exam quickly & easily. The cissp domains PDF type is available for reading and printing. You can print more and practice many times. With the help of our ISC2 cissp domains dumps pdf and vce product and material, you can easily pass the isc2 cissp exam.
Q1. After acquiring the latest security updates, what must be done before deploying to production systems?
A. Use tools to detect missing system patches
B. Install the patches on a test system
C. Subscribe to notifications for vulnerabilities
D. Assess the severity of the situation
Answer: B
Q2. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
A. Configure secondary servers to use the primary server as a zone forwarder.
B. Block all Transmission Control Protocol (TCP) connections.
C. Disable all recursive queries on the name servers.
D. Limit zone transfers to authorized devices.
Answer: D
Q3. The BEST method of demonstrating a company's security level to potential customers is
A. a report from an external auditor.
B. responding to a customer's security questionnaire.
C. a formal report from an internal auditor.
D. a site visit by a customer's security team.
Answer: A
Q4. A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as
A. least privilege.
B. rule based access controls.
C. Mandatory Access Control (MAC).
D. separation of duties.
Answer: D
Q5. An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
A. Acceptance of risk by the authorizing official
B. Remediation of vulnerabilities
C. Adoption of standardized policies and procedures
D. Approval of the System Security Plan (SSP)
Answer: A
Q6. Refer.to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
A. Number of system compromises
B. Number of audit findings
C. Number of staff reductions
D. Number of additional assets
Answer: B
Q7. Which of the following is an example of two-factor authentication?
A. Retina scan.and a palm print
B. Fingerprint and a smart card
C. Magnetic stripe card and an ID badge
D. Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
Answer: B
Q8. Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?
A. Anti-tampering
B. Secure card reader
C. Radio Frequency (RF) scanner
D. Intrusion Prevention System (IPS)
Answer: A
Q9. Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
A. Lightweight Directory Access Control (LDAP)
B. Security Assertion Markup Language (SAML)
C. Hypertext Transfer Protocol (HTTP)
D. Kerberos
Answer: A
Q10. Which of the following is a reason to use manual patch installation instead of automated patch management?
A. The cost required to install patches will be reduced.
B. The time during which systems will remain vulnerable to an exploit will be decreased.
C. The likelihood of system or application incompatibilities will be decreased.
D. The ability to cover large geographic areas is increased.
Answer: C