CISSP Exam
Beginners Guide: cissp training
Exam Code: cissp bootcamp (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Information Systems Security Professional (CISSP)
Certification Provider: ISC2
Free Today! Guaranteed Training- Pass cissp passing score Exam.
Q81. What does secure authentication with logging provide?
A. Data integrity
B. Access accountability
C. Encryption logging format
D. Segregation of duties
Answer: B
Q82. Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
A. Implement full-disk encryption
B. Enable multifactor authentication
C. Deploy file integrity checkers
D. Disable use of portable devices
Answer: D
Q83. For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?
A. Hash functions
B. Data segregation
C. File system permissions
D. Non-repudiation controls
Answer: B
Q84. Refer.to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when
A. vulnerabilities are proactively identified.
B. audits are regularly performed and reviewed.
C. backups are regularly performed and validated.
D. risk is lowered to an acceptable level.
Answer: D
Q85. Which of the following is the MOST difficult to enforce when using cloud computing?
A. Data access
B. Data backup
C. Data recovery
D. Data disposal
Answer: D
Q86. What is the MOST effective method of testing custom application code?
A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing
Answer: B
Q87. Refer.to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?
A. Block all client side web exploits at the perimeter.
B. Remove all non-essential client-side web services from the network.
C. Screen for harmful exploits of client-side services before implementation.
D. Harden the client image before deployment.
Answer: D
Q88. Refer.to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?
A. User D can write to.File 1
B. User.B can write to File 1
C. User A can write to File 1
D. User C can.write to.File 1
Answer: C
Q89. What is an important characteristic of Role Based Access Control (RBAC)?
A. Supports Mandatory Access Control (MAC)
B. Simplifies the management of access rights
C. Relies on rotation of duties
D. Requires.two factor authentication
Answer: B
Q90. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
A. Perform a service provider PCI-DSS assessment on a yearly basis.
B. Validate.the service provider's PCI-DSS compliance status on a regular basis.
C. Validate.that the service providers security policies are in alignment with those.of the organization.
D. Ensure that the service provider.updates and tests its Disaster Recovery Plan (DRP).on a yearly basis.
Answer: B