aiotestking uk

CISSP Exam Questions - Online Test


CISSP Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

Answer:

Q2. Discretionary Access Control (DAC) restricts access according to 

A. data classification labeling. 

B. page views within an application. 

C. authorizations granted to the user. 

D. management accreditation. 

Answer:

Q3. What component of a web application that stores the session state in a cookie can be bypassed by an attacker? 

A. An initialization check 

B. An identification check 

C. An authentication check 

D. An authorization check 

Answer:

Q4. Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0.to integrate a third-party identity provider for a service? 

A. Resource Servers are required to use passwords to authenticate end users. 

B. Revocation of access of some users of the third party instead of all the users from the third party. 

C. Compromise of the third party means compromise of all the users in the service. 

D. Guest users need to authenticate with the third party identity provider. 

Answer:

Q5. Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits? 

A. Determining the probability that the system functions safely during any time period 

B. Quantifying the system's available services 

C. Identifying the number of security flaws within the system 

D. Measuring the system's integrity in the presence of failure 

Answer:

Q6. Which of the following is an effective method for avoiding magnetic media data 

remanence? 

A. Degaussing 

B. Encryption 

C. Data Loss Prevention (DLP) 

D. Authentication 

Answer:

Q7. Which of the following is a network intrusion detection technique? 

A. Statistical anomaly 

B. Perimeter intrusion 

C. Port scanning 

D. Network spoofing 

Answer:

Q8. Which one of the following is a fundamental objective in handling an incident? 

A. To restore control of the affected systems 

B. To confiscate the suspect's computers 

C. To prosecute the attacker 

D. To perform full backups of the system 

Answer:

Q9. HOTSPOT 

Identify the component that MOST likely lacks digital accountability related to.information access. 

Click on the correct device in the image below. 

Answer:  

Q10. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following documents explains the proper use of the organization's assets? 

A. Human resources policy 

B. Acceptable use policy 

C. Code of ethics 

D. Access control policy 

Answer: