aiotestking uk

CISSP Exam Questions - Online Test


CISSP Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. The application of which of the following standards would BEST reduce the potential for data breaches? 

A. ISO 9000 

B. ISO 20121 

C. ISO 26000 

D. ISO 27001 

Answer:

Q2. How does an organization verify that.an.information system's.current hardware and software match the standard system configuration? 

A. By reviewing the configuration after the system goes into production 

B. By running vulnerability scanning tools on all devices in the environment 

C. By comparing the actual configuration of the system against the baseline 

D. By verifying all the approved security patches are implemented 

Answer:

Q3. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen? 

A. Set up a BIOS and operating system password 

B. Encrypt the virtual drive where confidential files can be stored 

C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network 

D. Encrypt the entire disk and delete contents after a set number of failed access attempts 

Answer:

Q4. How can lessons learned from business continuity training and actual recovery incidents BEST be used? 

A. As a means for improvement 

B. As alternative options for awareness and training 

C. As indicators of a need for policy 

D. As business function gap indicators 

Answer:

Q5. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined? 

A. International Organization for Standardization (ISO) 27000 family 

B. Information Technology Infrastructure Library (ITIL) 

C. Payment Card Industry Data Security Standard (PCIDSS) 

D. ISO/IEC 20000 

Answer:

Q6. What type of encryption is used to protect sensitive data in transit over a network? 

A. Payload encryption and transport encryption 

B. Authentication Headers (AH) 

C. Keyed-Hashing for Message Authentication 

D. Point-to-Point Encryption (P2PE) 

Answer:

Q7. Which of the following BEST describes Recovery Time Objective (RTO)? 

A. Time of data validation after disaster 

B. Time of data restoration from backup after disaster 

C. Time of application resumption after disaster 

D. Time of application verification after disaster 

Answer:

Q8. The stringency of an Information Technology (IT) security assessment will be determined by the 

A. system's past security record. 

B. size of the system's database. 

C. sensitivity of the system's data. 

D. age of the system. 

Answer:

Q9. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? 

A. Discretionary Access Control (DAC) procedures 

B. Mandatory Access Control (MAC) procedures 

C. Data link encryption 

D. Segregation of duties 

Answer:

Q10. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to 

A. encrypt the contents of the repository and document any exceptions to that requirement. 

B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. 

C. keep individuals with access to high security areas from saving those documents into lower security areas. 

D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). 

Answer: