getcertified4sure.com

CISSP Exam

A Complete Guide to cissp salary



Act now and download your ISC2 isc2 cissp test today! Do not waste time for the worthless ISC2 cissp requirements tutorials. Download Refresh ISC2 Certified Information Systems Security Professional (CISSP) exam with real questions and answers and begin to learn ISC2 cissp salary with a classic professional.

Q131. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester? 

A. Limits and scope of the testing. 

B. Physical location of server room and wiring closet. 

C. Logical location of filters and concentrators. 

D. Employee directory and organizational chart. 

Answer:


Q132. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

The third party needs to have 

A. processes that are identical to that of the organization doing the outsourcing. 

B. access to the original personnel that were on staff at the organization. 

C. the ability to maintain all of the applications in languages they are familiar with. 

D. access to the skill sets consistent with the programming languages used by the organization. 

Answer:


Q133. Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them? 

A. Write a Service Level Agreement (SLA) for the two companies. 

B. Set up a Virtual Private Network (VPN) between the two companies. 

C. Configure a firewall at the perimeter of each of the two companies. 

D. Establish a File Transfer Protocol (FTP) connection between the two companies. 

Answer:


Q134. Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review? 

A. It has normalized severity ratings. 

B. It has many worksheets and practices to implement. 

C. It aims to calculate the risk of published vulnerabilities. 

D. It requires a robust risk management framework to be put in place. 

Answer:


Q135. Refer.to the information below to answer the question. 

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. 

Following best practice, where should the permitted access for each department and job classification combination be specified? 

A. Security procedures 

B. Security standards 

C. Human resource policy 

D. Human resource standards 

Answer:


Q136. The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is 

A. the user's hand geometry. 

B. a credential stored in a token. 

C. a passphrase. 

D. the user's face. 

Answer:


Q137. Which of the following is a detective access control mechanism? 

A. Log review 

B. Least privilege C. Password complexity 

D. Non-disclosure agreement 

Answer:


Q138. Which one of the following describes granularity? 

A. Maximum number of entries available in an Access Control List (ACL) 

B. Fineness to which a trusted system can authenticate users 

C. Number of violations divided by the number of total accesses 

D. Fineness to which an access control system can be adjusted 

Answer:


Q139. The 802.1x standard provides a framework for what? 

A. Network authentication for only wireless networks 

B. Network authentication for wired and wireless networks 

C. Wireless encryption using the Advanced Encryption Standard (AES) 

D. Wireless network encryption using Secure Sockets Layer (SSL) 

Answer:


Q140. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will MOST likely allow the organization to keep risk at an acceptable level? 

A. Increasing the amount of audits performed by third parties 

B. Removing privileged accounts from operational staff 

C. Assigning privileged functions to appropriate staff 

D. Separating the security function into distinct roles 

Answer:


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.