aiotestking uk

CISSP Exam Questions - Online Test


CISSP Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor? 

A. Provide the encrypted passwords and analysis tools to the auditor for analysis. 

B. Analyze the encrypted passwords for the auditor and show them the results. 

C. Demonstrate that non-compliant passwords cannot be created in the system. 

D. Demonstrate that non-compliant passwords cannot be encrypted in the system. 

Answer:

Q2. Which of the following is an advantage of on-premise Credential Management Systems? 

A. Improved credential interoperability 

B. Control over system configuration 

C. Lower infrastructure capital costs 

D. Reduced administrative overhead 

Answer:

Q3. What is the MOST important reason to configure unique user IDs? 

A. Supporting accountability 

B. Reducing authentication errors 

C. Preventing password compromise 

D. Supporting Single Sign On (SSO) 

Answer:

Q4. Which of the following would be the FIRST step to take when implementing a patch management program? 

A. Perform automatic deployment of patches. 

B. Monitor for vulnerabilities and threats. 

C. Prioritize vulnerability remediation. 

D. Create a system inventory. 

Answer:

Q5. How can lessons learned from business continuity training and actual recovery incidents BEST be used? 

A. As a means for improvement 

B. As alternative options for awareness and training 

C. As indicators of a need for policy 

D. As business function gap indicators 

Answer:

Q6. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of.Synchronize/Acknowledge (SYN/ACK) packets to the 

A. default gateway. 

B. attacker's address. 

C. local interface being attacked. 

D. specified source address. 

Answer:

Q7. The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct 

A. log auditing. 

B. code reviews. 

C. impact assessments. 

D. static analysis. 

Answer:

Q8. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? 

A. Clients can authenticate themselves to the servers. 

B. Mutual authentication is available between the clients and servers. 

C. Servers are able to issue digital certificates to the client. 

D. Servers can authenticate themselves to the client. 

Answer:

Q9. A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action? 

A. Assess vulnerability risk and program effectiveness. 

B. Assess vulnerability risk and business impact. 

C. Disconnect all systems with critical vulnerabilities. 

D. Disconnect systems with the most number of vulnerabilities. 

Answer:

Q10. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

The organization should ensure that the third party's physical security controls are in place so that they 

A. are more rigorous.than the original controls. 

B. are able to limit access to sensitive information. 

C. allow access by the organization staff at any time. 

D. cannot be accessed by subcontractors of the third party. 

Answer: