CISSP Exam
Super to cissp modules
It is impossible to pass ISC2 cissp certification exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed ISC2 cissp exam practice questions. You will get a surprising result by our Up to the immediate present Certified Information Systems Security Professional (CISSP) practice guides.
Q11. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?
A. International Organization for Standardization (ISO) 27000 family
B. Information Technology Infrastructure Library (ITIL)
C. Payment Card Industry Data Security Standard (PCIDSS)
D. ISO/IEC 20000
Answer: A
Q12. Which of the following methods protects.Personally Identifiable.Information (PII).by use of a full replacement of the data element?
A. Transparent Database Encryption (TDE)
B. Column level database encryption
C. Volume encryption
D. Data tokenization
Answer: D
Q13. Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
A. Use a thumb drive to transfer information from a foreign computer.
B. Do not take.unnecessary.information, including sensitive information.
C. Connect the laptop only to well-known networks like the hotel or public Internet cafes.
D. Request international points of contact help scan the laptop on arrival to ensure it is protected..
Answer: B
Q14. Which of the following is an appropriate source for test data?
A. Production.data that is secured and maintained only in the production environment.
B. Test data that has no similarities to production.data.
C. Test data that is mirrored and kept up-to-date with production data.
D. Production.data that has been.sanitized before loading into a test environment.
Answer: D
Q15. What is one way to mitigate the risk of security flaws in.custom.software?
A. Include security language in the Earned Value Management (EVM) contract
B. Include security assurance clauses in the Service Level Agreement (SLA)
C. Purchase only Commercial Off-The-Shelf (COTS) products
D. Purchase only software with no open source Application Programming Interfaces (APIs)
Answer: B
Q16. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
A. Application monitoring procedures
B. Configuration control procedures
C. Security audit procedures
D. Software patching procedures
Answer: B
Q17. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
A. Create a user profile.
B. Create a user access matrix.
C. Develop an Access Control List (ACL).
D. Develop a Role Based Access Control (RBAC) list.
Answer: B
Q18. Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?
A. Authorizations are not included in the server response
B. Unsalted hashes are passed over the network
C. The authentication session can be replayed
D. Passwords are passed in cleartext
Answer: D
Q19. Why MUST a Kerberos server be well protected from unauthorized access?
A. It contains the keys of all clients.
B. It always operates at root privilege.
C. It contains all the tickets for services.
D. It contains the Internet Protocol (IP) address of all network entities.
Answer: A
Q20. DRAG DROP
Drag the following Security Engineering terms on the left to the BEST definition on the right.
Answer: