Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

CISSP Questions and Answers

Question # 6

Match the access control type to the example of the control type.

Drag each access control type net to its corresponding example.

Full Access
Question # 7

A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

A.

Transport

B.

Data link

C.

Network

D.

Application

Full Access
Question # 8

Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?

A.

Property book

B.

Chain of custody form

C.

Search warrant return

D.

Evidence tag

Full Access
Question # 9

In configuration management, what baseline configuration information MUST be maintained for each computer system?

A.

Operating system and version, patch level, applications running, and versions.

B.

List of system changes, test reports, and change approvals

C.

Last vulnerability assessment report and initial risk assessment report

D.

Date of last update, test report, and accreditation certificate

Full Access
Question # 10

Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

A.

Notification tool

B.

Message queuing tool

C.

Security token tool

D.

Synchronization tool

Full Access
Question # 11

Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

A.

Tactical, strategic, and financial

B.

Management, operational, and technical

C.

Documentation, observation, and manual

D.

Standards, policies, and procedures

Full Access
Question # 12

Which of the following is a remote access protocol that uses a static authentication?

A.

Point-to-Point Tunneling Protocol (PPTP)

B.

Routing Information Protocol (RIP)

C.

Password Authentication Protocol (PAP)

D.

Challenge Handshake Authentication Protocol (CHAP)

Full Access
Question # 13

During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

A.

Calculate the value of assets being accredited.

B.

Create a list to include in the Security Assessment and Authorization package.

C.

Identify obsolete hardware and software.

D.

Define the boundaries of the information system.

Full Access
Question # 14

The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

A.

Application authentication

B.

Input validation

C.

Digital signing

D.

Device encryption

Full Access
Question # 15

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead

of RS422. The project manager wants to simplify administration and maintenance by utilizing the office

network infrastructure and staff to implement this upgrade.

Which of the following is the GREATEST impact on security for the network?

A.

The network administrators have no knowledge of ICS

B.

The ICS is now accessible from the office network

C.

The ICS does not support the office password policy

D.

RS422 is more reliable than Ethernet

Full Access
Question # 16

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

A.

Password requirements are simplified.

B.

Risk associated with orphan accounts is reduced.

C.

Segregation of duties is automatically enforced.

D.

Data confidentiality is increased.

Full Access
Question # 17

Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

A.

undergo a security assessment as part of authorization process

B.

establish a risk management strategy

C.

harden the hosting server, and perform hosting and application vulnerability scans

D.

establish policies and procedures on system and services acquisition

Full Access
Question # 18

When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

A.

Implementation

B.

Initiation

C.

Review

D.

Development

Full Access
Question # 19

Due to system constraints, a group of system administrators must share a high-level access set of credentials.

Which of the following would be MOST appropriate to implement?

A.

Increased console lockout times for failed logon attempts

B.

Reduce the group in size

C.

A credential check-out process for a per-use basis

D.

Full logging on affected systems

Full Access
Question # 20

Which of the following combinations would MOST negatively affect availability?

A.

Denial of Service (DoS) attacks and outdated hardware

B.

Unauthorized transactions and outdated hardware

C.

Fire and accidental changes to data

D.

Unauthorized transactions and denial of service attacks

Full Access
Question # 21

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

A.

Transport layer handshake compression

B.

Application layer negotiation

C.

Peer identity authentication

D.

Digital certificate revocation

Full Access
Question # 22

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts

that were in scope are missing from the report.

In which phase of the assessment was this error MOST likely made?

A.

Enumeration

B.

Reporting

C.

Detection

D.

Discovery

Full Access
Question # 23

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper

connectivity?

A.

Connect the device to another network jack

B.

Apply remediation’s according to security requirements

C.

Apply Operating System (OS) patches

D.

Change the Message Authentication Code (MAC) address of the network interface

Full Access
Question # 24

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

A.

Erase

B.

Sanitize

C.

Encrypt

D.

Degauss

Full Access
Question # 25

Which of the following is considered a secure coding practice?

A.

Use concurrent access for shared variables and resources

B.

Use checksums to verify the integrity of libraries

C.

Use new code for common tasks

D.

Use dynamic execution functions to pass user supplied data

Full Access
Question # 26

An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

Which of the following is the BEST way to prevent future occurrences?

A.

Remove the anonymity from the proxy

B.

Analyze Internet Protocol (IP) traffic for proxy requests

C.

Disable the proxy server on the firewall

D.

Block the Internet Protocol (IP) address of known anonymous proxies

Full Access
Question # 27

Access to which of the following is required to validate web session management?

A.

Log timestamp

B.

Live session traffic

C.

Session state variables

D.

Test scripts

Full Access
Question # 28

The use of private and public encryption keys is fundamental in the implementation of which of the following?

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Full Access
Question # 29

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Full Access
Question # 30

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Full Access
Question # 31

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Full Access
Question # 32

Which of the following mobile code security models relies only on trust?

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Full Access
Question # 33

What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

A.

It is not necessary to protect PII as long as it is in the hands of the provider.

B.

A security agreement with a Cloud Service Provider (CSP) was required so there is no concern.

C.

The personal information should be maintained separately connected with a one-way reference.

D.

The personal information can be hashed and then the data can be sent to an outside processor.

Full Access
Question # 34

Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?

A.

Data availability

B.

Data sensitivity

C.

Data ownership

D.

Data integrity

Full Access
Question # 35

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

A.

Test

B.

Assessment

C.

Review

D.

Peer review

Full Access
Question # 36

Which of the following is a characteristic of convert security testing?

A.

Induces less risk than over testing

B.

Tests staff knowledge and Implementation of the organization's security policy

C.

Focuses an Identifying vulnerabilities

D.

Tests and validates all security controls in the organization

Full Access
Question # 37

Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

A.

Watering hole

B.

Brute force

C.

Spear phishing

D.

Address Resolution Protocol (ARP) poisoning

Full Access
Question # 38

During which of the following processes is least privilege implemented for a user account?

A.

Provision

B.

Approve

C.

Request

D.

Review

Full Access
Question # 39

What should an auditor do when conducting a periodic audit on media retention?

A.

Check electronic storage media to ensure records are not retained past their destruction date.

B.

Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information….

C.

Check that hard disks containing backup data that are still within a retention cycle are being destroyed….

D.

Ensure that data shared with outside organizations is no longer on a retention schedule.

Full Access
Question # 40

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

A.

User awareness

B.

Two-factor authentication

C.

Anti-phishing software

D.

Periodic vulnerability scan

Full Access
Question # 41

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?

A.

Send the log file co-workers for peer review

B.

Include the full network traffic logs in the incident report

C.

Follow organizational processes to alert the proper teams to address the issue.

D.

Ignore data as it is outside the scope of the investigation and the analyst’s role.

Full Access
Question # 42

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Full Access
Question # 43

Who in the organization is accountable for classification of data information assets?

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Full Access
Question # 44

Which one of the following affects the classification of data?

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Full Access
Question # 45

Which of the following is an initial consideration when developing an information security management system?

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Full Access
Question # 46

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Full Access
Question # 47

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Full Access
Question # 48

Which of the following is MOST important when assigning ownership of an asset to a department?

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Full Access
Question # 49

In a data classification scheme, the data is owned by the

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Full Access
Question # 50

Which of the following BEST describes the responsibilities of a data owner?

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Full Access
Question # 51

When implementing a data classification program, why is it important to avoid too much granularity?

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Full Access
Question # 52

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Point-to-Point Protocol (PPP)

C.

Extensible Authentication Protocol (EAP)

D.

Password Authentication Protocol (PAP)

Full Access
Question # 53

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Full Access
Question # 54

Which of the following is the FIRST step in the incident response process?

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Full Access
Question # 55

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Full Access
Question # 56

When is a Business Continuity Plan (BCP) considered to be valid?

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Full Access
Question # 57

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Full Access
Question # 58

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Full Access
Question # 59

What is the PRIMARY reason for implementing change management?

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Full Access
Question # 60

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Full Access
Question # 61

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Full Access
Question # 62

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Full Access
Question # 63

Which of the following is a PRIMARY advantage of using a third-party identity service?

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Full Access
Question # 64

A continuous information security monitoring program can BEST reduce risk through which of the following?

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Full Access
Question # 65

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Full Access
Question # 66

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Full Access
Question # 67

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Full Access
Question # 68

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Full Access
Question # 69

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Full Access
Question # 70

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Full Access
Question # 71

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Full Access
Question # 72

What is the purpose of an Internet Protocol (IP) spoofing attack?

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Full Access
Question # 73

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Full Access
Question # 74

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Full Access
Question # 75

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Full Access
Question # 76

What is the BEST approach to addressing security issues in legacy web applications?

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Full Access
Question # 77

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Full Access
Question # 78

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Full Access
Question # 79

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Full Access
Question # 80

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Full Access
Question # 81

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Full Access
Question # 82

Which of the following is the PRIMARY issue when analyzing detailed log information?

A.

Logs may be unavailable when required

B.

Timely review of the data is potentially difficult

C.

Most systems and applications do not support logging

D.

Logs do not provide sufficient details of system and individual activities

Full Access
Question # 83

A company hired an external vendor to perform a penetration test ofa new payroll system. The company’s internal test team had already performed an in-depth application

and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive

personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

A.

Failure to perform interface testing

B.

Failure to perform negative testing

C.

Inadequate performance testing

D.

Inadequate application level testing

Full Access
Question # 84

Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

A.

Testing and Evaluation (TE) personnel changes

B.

Changes to core missions or business processes

C.

Increased Cross-Site Request Forgery (CSRF) attacks

D.

Changes in Service Organization Control (SOC) 2 reporting requirements

Full Access
Question # 85

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

A.

Prevent information about browsing activities from being stored in the cloud.

B.

Store browsing activities in the cloud.

C.

Prevent information about browsing activities farm being stored on the personal device.

D.

Store information about browsing activities on the personal device.

Full Access
Question # 86

The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?

A.

Session hijacking

B.

Cross-site request forgery (CSRF)

C.

Cross-Site Scripting (XSS)

D.

Command injection

Full Access
Question # 87

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

A.

A network-based firewall is stateful, while a host-based firewall is stateless.

B.

A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.

C.

A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.

D.

A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.

Full Access
Question # 88

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

A.

Payload encryption

B.

Sender confidentiality

C.

Sender non-repudiation

D.

Multi-factor authentication (MFA)

Full Access
Question # 89

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

A.

Take photos of the damage

B.

Notify all of the Board of Directors

C.

Communicate with the press following the communications plan

D.

Dispatch personnel to the disaster recovery (DR) site

Full Access
Question # 90

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

A.

To provide each manager with precise direction on selecting an appropriate recovery alternative

B.

To demonstrate to the regulatory bodies that the company takes business continuity seriously

C.

To demonstrate to the board of directors that senior management is committed to continuity recovery efforts

D.

To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices

Full Access
Question # 91

Which of the following is the MOST comprehensive Business Continuity (BC) test?

A.

Full functional drill

B.

Full table top

C.

Full simulation

D.

Full interruption

Full Access
Question # 92

Which of the following is a risk matrix?

A.

A database of risks associated with a specific information system.

B.

A table of risk management factors for management to consider.

C.

A two-dimensional picture of risk for organizations, products, projects, or other items of interest.

D.

A tool for determining risk management decisions for an activity or system.

Full Access
Question # 93

Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?

A.

Prevent unauthorized modification of data.

B.

Restore the system after an incident.

C.

Detect security events and incidents.

D.

Protect individual components from exploitation

Full Access
Question # 94

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

A.

Data at rest has been compromised when the user has authenticated to the device.

B.

Data on the device cannot be restored from backup.

C.

Data in transit has been compromised when the user has authenticated to the device.

D.

Data on the device cannot be backed up.

Full Access
Question # 95

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?

A.

Establish an ISCM technical architecture.

B.

Collect the security-related information required for metrics, assessments, and reporting.

C.

Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.

D.

Define an ISCM strategy based on risk tolerance.

Full Access
Question # 96

A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do?

A.

Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it

B.

Review the PCI requirements before performing the vulnerability assessment

C.

Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified

D.

Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner

Full Access
Question # 97

What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

A.

Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities ...

B.

Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many ...

C.

Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware.

D.

Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive.

Full Access
Question # 98

Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

A.

An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated

B.

An attack that injects a script into a web page to execute a privileged command

C.

An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system

D.

An attack that forges a false Structure Query Language (SQL) command across systems

Full Access
Question # 99

A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host’s Operating system (OS) was not properly detected.

Where in the vulnerability assessment process did the error MOST likely occur?

A.

Enumeration

B.

Detection

C.

Reporting

D.

Discovery

Full Access
Question # 100

Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.

Based upon Company B's response, what step should Company A take?

A.

Move ahead with the acpjisition process, and purchase the flagship software

B.

Conduct a security review of the OS

C.

Perform functionality testing

D.

Enter into contract negotiations ensuring Service Level Agreements (SLA) are established to include security patching

Full Access
Question # 101

Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?

A.

Antivirus operations

B.

Reverse engineering

C.

Memory forensics

D.

Logfile analysis

Full Access
Question # 102

Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?

A.

Large Key encryption

B.

Single integrity protection

C.

Embedded sequence numbers

D.

Randomly generated nonces

Full Access
Question # 103

A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?

A.

Media handling procedures

B.

User roles and responsibilities

C.

Acceptable Use Policy (ALP)

D.

Information classification scheme

Full Access
Question # 104

Secure real-time transport protocol (SRTP) provides security for which of the following?

A.

time sensitive e-communication

B.

Voice communication

C.

Satellite communication

D.

Network Communication for real-time operating systems

Full Access
Question # 105

Which of the following would present the higher annualized loss expectancy (ALE)?

A.

Fire

B.

Earthquake

C.

Windstorm

D.

Flood

Full Access
Question # 106

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Full Access
Question # 107

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Full Access
Question # 108

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

A.

Application

B.

Storage

C.

Power

D.

Network

Full Access
Question # 109

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Full Access
Question # 110

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Full Access
Question # 111

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Full Access
Question # 112

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Full Access
Question # 113

Which of the following represents the GREATEST risk to data confidentiality?

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Full Access
Question # 114

Intellectual property rights are PRIMARY concerned with which of the following?

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Full Access
Question # 115

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Full Access
Question # 116

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Full Access
Question # 117

Which of the following could cause a Denial of Service (DoS) against an authentication system?

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Full Access
Question # 118

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Full Access
Question # 119

In which of the following programs is it MOST important to include the collection of security process data?

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Full Access
Question # 120

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Full Access
Question # 121

A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

A.

Access is based on rules.

B.

Access is determined by the system.

C.

Access is based on user's role.

D.

Access is based on data sensitivity.

Full Access
Question # 122

While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?

A.

They should be recycled to save energy.

B.

They should be recycled according to NIST SP 800-88.

C.

They should be inspected and sanitized following the organizational policy.

D.

They should be inspected and categorized properly to sell them for reuse.

Full Access
Question # 123

Which of the following is an advantage of on-premise Credential Management Systems?

A.

Improved credential interoperability

B.

Control over system configuration

C.

Lower infrastructure capital costs

D.

Reduced administrative overhead

Full Access
Question # 124

Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?

A.

Level of assurance of the Target of Evaluation (TOE) in intended operational environment

B.

Selection to meet the security objectives stated in test documents

C.

Security behavior expected of a TOE

D.

Definition of the roles and responsibilities

Full Access
Question # 125

Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

A.

poor governance over security processes and procedures

B.

immature security controls and procedures

C.

variances against regulatory requirements

D.

unanticipated increases in security incidents and threats

Full Access
Question # 126

What is the PRIMARY difference between security policies and security procedures?

A.

Policies are used to enforce violations, and procedures create penalties

B.

Policies point to guidelines, and procedures are more contractual in nature

C.

Policies are included in awareness training, and procedures give guidance

D.

Policies are generic in nature, and procedures contain operational details

Full Access
Question # 127

The goal of a Business Continuity Plan (BCP) training and awareness program is to

A.

enhance the skills required to create, maintain, and execute the plan.

B.

provide for a high level of recovery in case of disaster.

C.

describe the recovery organization to new employees.

D.

provide each recovery team with checklists and procedures.

Full Access
Question # 128

What is the process called when impact values are assigned to the security objectives for information types?

A.

Qualitative analysis

B.

Quantitative analysis

C.

Remediation

D.

System security categorization

Full Access
Question # 129

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

A.

Retention

B.

Reporting

C.

Recovery

D.

Remediation

Full Access
Question # 130

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Full Access
Question # 131

Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

A.

Application interface entry and endpoints

B.

The likelihood and impact of a vulnerability

C.

Countermeasures and mitigations for vulnerabilities

D.

A data flow diagram for the application and attack surface analysis

Full Access
Question # 132

Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

A.

Discretionary Access Control (DAC) procedures

B.

Mandatory Access Control (MAC) procedures

C.

Data link encryption

D.

Segregation of duties

Full Access
Question # 133

Discretionary Access Control (DAC) restricts access according to

A.

data classification labeling.

B.

page views within an application.

C.

authorizations granted to the user.

D.

management accreditation.

Full Access
Question # 134

Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?

A.

Ensure end users are aware of the planning activities

B.

Validate all regulatory requirements are known and fully documented

C.

Develop training and awareness programs that involve all stakeholders

D.

Ensure plans do not violate the organization's cultural objectives and goals

Full Access
Question # 135

Which of the following controls is the FIRST step in protecting privacy in an information system?

A.

Data Redaction

B.

Data Minimization

C.

Data Encryption

D.

Data Storage

Full Access
Question # 136

Without proper signal protection, embedded systems may be prone to which type of attack?

A.

Brute force

B.

Tampering

C.

Information disclosure

D.

Denial of Service (DoS)

Full Access
Question # 137

During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

A.

Encrypt communications between the servers

B.

Encrypt the web server traffic

C.

Implement server-side filtering

D.

Filter outgoing traffic at the perimeter firewall

Full Access
Question # 138

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Which of the following is considered the MOST important priority for the information security officer?

A.

Formal acceptance of the security strategy

B.

Disciplinary actions taken against unethical behavior

C.

Development of an awareness program for new employees

D.

Audit of all organization system configurations for faults

Full Access
Question # 139

For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

A.

Hash functions

B.

Data segregation

C.

File system permissions

D.

Non-repudiation controls

Full Access
Question # 140

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

A.

Automatically create exceptions for specific actions or files

B.

Determine which files are unsafe to access and blacklist them

C.

Automatically whitelist actions or files known to the system

D.

Build a baseline of normal or safe system events for review

Full Access
Question # 141

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The effectiveness of the security program can PRIMARILY be measured through

A.

audit findings.

B.

risk elimination.

C.

audit requirements.

D.

customer satisfaction.

Full Access
Question # 142

Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

A.

Make changes following principle and design guidelines.

B.

Stop the application until the vulnerability is fixed.

C.

Report the vulnerability to product owner.

D.

Monitor the application and review code.

Full Access
Question # 143

What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

A.

Experience in the industry

B.

Definition of security profiles

C.

Human resource planning efforts

D.

Procedures in systems development

Full Access
Question # 144

Which of the following is a critical factor for implementing a successful data classification program?

A.

Executive sponsorship

B.

Information security sponsorship

C.

End-user acceptance

D.

Internal audit acceptance

Full Access
Question # 145

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

A.

Text editors, database, and Internet phone applications

B.

Email, presentation, and database applications

C.

Image libraries, presentation and spreadsheet applications

D.

Email, media players, and instant messaging applications

Full Access
Question # 146

Which of the following is the PRIMARY benefit of a formalized information classification program?

A.

It drives audit processes.

B.

It supports risk assessment.

C.

It reduces asset vulnerabilities.

D.

It minimizes system logging requirements.

Full Access
Question # 147

With data labeling, which of the following MUST be the key decision maker?

A.

Information security

B.

Departmental management

C.

Data custodian

D.

Data owner

Full Access
Question # 148

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

Full Access
Question # 149

What does secure authentication with logging provide?

A.

Data integrity

B.

Access accountability

C.

Encryption logging format

D.

Segregation of duties

Full Access
Question # 150

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will indicate where the IT budget is BEST allocated during this time?

A.

Policies

B.

Frameworks

C.

Metrics

D.

Guidelines

Full Access