getcertified4sure.com

CISSP Exam

Point Checklist: cissp bootcamp



Exambible cissp salary Questions are updated and all cissp all in one answers are verified by experts. Once you have completely prepared with our cissp exam fee exam prep kits you will be ready for the real cissp bootcamp exam without a problem. We have Improved ISC2 cissp exam fee dumps study guide. PASSED is cissp worth it First attempt! Here What I Did.

Q1. In a financial institution, who has the responsibility for assigning the classification to a piece of information? 

A. Chief Financial Officer (CFO) 

B. Chief Information Security Officer (CISO) 

C. Originator or nominated owner of the information 

D. Department head responsible for ensuring the protection of the information 

Answer:


Q2. Which of the following PRIMARILY contributes to security incidents in web-based applications? 

A. Systems administration and operating systems 

B. System incompatibility and patch management 

C. Third-party applications and change controls 

D. Improper stress testing and application interfaces 

Answer:


Q3. The FIRST step in building a firewall is to 

A. assign the roles and responsibilities of the firewall administrators. 

B. define the intended audience who will read the firewall policy. 

C. identify mechanisms to encourage compliance with the policy. 

D. perform a risk analysis to identify issues to be addressed. 

Answer:


Q4. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step? 

A. Identify and select recovery strategies. 

B. Present the findings to management for funding. 

C. Select members for the organization's recovery teams. 

D. Prepare a plan to test the organization's ability to recover its operations. 

Answer:


Q5. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring? 

A. A dictionary attack 

B. A Denial of Service (DoS) attack 

C. A spoofing attack 

D. A backdoor installation 

Answer:


Q6. Regarding asset security and appropriate retention,.which of the following INITIAL.top three areas are.important.to focus on? 

A. Security control baselines, access controls, employee awareness and training 

B. Human resources, asset management, production management 

C. Supply chain lead time, inventory control, encryption 

D. Polygraphs, crime statistics, forensics 

Answer:


Q7. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer? 

A. Run software uninstall 

B. Re-image the computer 

C. Find.and remove all installation files 

D. Delete all cookies stored in the web browser cache 

Answer:


Q8. By allowing storage communications to run on top of Transmission Control 

Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the 

A. confidentiality of the traffic is protected. 

B. opportunity to sniff network traffic exists. 

C. opportunity for device identity spoofing is eliminated. 

D. storage devices are protected against availability attacks. 

Answer:


Q9. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? 

A. After the system preliminary design has been developed and.the data security categorization has been performed 

B. After the business functional analysis and the data security categorization have been performed 

C. After the vulnerability analysis has been performed and before the system detailed design begins 

D. After the system preliminary design has been developed and before.the.data security categorization begins 

Answer:


Q10. Refer.to the information below to answer the question. 

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. 

Following best practice, where should the permitted access for each department and job classification combination be specified? 

A. Security procedures 

B. Security standards 

C. Human resource policy 

D. Human resource standards 

Answer:


© Copyright Getcertified4sure.com. examcollectionuk.com
All other trademarks and copyrights are the property of their respective owners.
All rights reserved.