Pass4itsure has many years of exam experience! A group of professional ISC exam experts! Update ISC CISSP test questions throughout the year! The most complete ISC CISSP dumps https://www.pass4itsure.com/cissp.html test questions and answers! The safest buying experience! The biggest free sharing ISC CISSP exam practice questions and answers! Our goal is to help more people pass the exam!
QUESTION 1 An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization\\’s general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas. Which of the following is the MOST probable attack vector used in the security breach? A. Buffer overflow B. Weak password able to lack of complexity rules C. Distributed Denial of Service (DDoS) D. Cross-Site Scripting (XSS) Correct Answer: A
QUESTION 2 An organization\\’s information security strategic plan MUST be reviewed A. whenever there are significant changes to a major application. B. quarterly, when the organization\\’s strategic plan is updated. C. whenever there are major changes to the business. D. every three years, when the organization\\’s strategic plan is updated. Correct Answer: C
QUESTION 3 Digital certificates used in Transport Layer Security (TLS) support which of the following? A. Information input validation B. Non-repudiation controls and data encryption C. Multi-Factor Authentication (MFA) D. Server identity and data confidentially Correct Answer: D
QUESTION 4 What steps can be taken to prepare personally identifiable information (PII) for processing by a third party? A. It is not necessary to protect PII as long as it is in the hands of the provider. B. A security agreement with a Cloud Service Provider (CSP) was required so there is no concern. C. The personal information should be maintained separately connected with a one-way reference. D. The personal information can be hashed and then the data can be sent to an outside processor. Correct Answer: C
QUESTION 5 Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software? A. Incompatibility with Federated Identity Management (FIM) B. Increased likelihood of confidentiality breach C. Denial of access due to reduced availability D. Security Assertion Markup Language (SAM) integration Correct Answer: B
QUESTION 6 Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage? A. Requirements Analysis B. Development and Deployment C. Production Operations D. Utilization Support Correct Answer: A
QUESTION 7 When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? A. After the system preliminary design has been developed and the data security categorization has been performed B. After the vulnerability analysis has been performed and before the system detailed design begins C. After the system preliminary design has been developed and before the data security categorization begins D. After the business functional analysis and the data security categorization have been performed Correct Answer: D
QUESTION 8 What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted? A. Mandatory Access Control (MAC) B. Discretionary Access Control (DAC) C. Role Based Access Control (RBAC) D. Attribute Based Access Control (ABAC) Correct Answer: D Reference: https://en.wikipedia.org/wiki/Attribute-based_access_control
QUESTION 9 Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization\\’s network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes? A. Text editors, database, and Internet phone applications B. Email, presentation, and database applications C. Image libraries, presentation and spreadsheet applications D. Email, media players, and instant messaging applications Correct Answer: D
QUESTION 10 What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)? A. Management support B. Consideration of organizational need C. Technology used for delivery D. Target audience Correct Answer: B
QUESTION 11 Which of the following statements is TRUE regarding equivalence class testing? A. Test inputs are obtained from the derived boundaries of the given functional specifications. B. It is characterized by the stateless behavior of a process implemented in a function. C. An entire partition can be covered by considering only one representative value from that partition. D. It is useful for testing communications protocols and graphical user interfaces. Correct Answer: C
QUESTION 12 Mandatory Access Controls (MAC) are based on: A. security classification and security clearance B. data segmentation and data classification C. data labels and user access permissions D. user roles and data encryption Correct Answer: A
QUESTION 13 Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack? A. Session B. Transport C. Network D. Presentation Correct Answer: B
ISC CISSP exam questions video
Free real ISC CISSP exam preparation materials, ISC CISSP practice exam + ISC CISSP pdf dumps. Use them correctly and you will not fail. Get the full ISC CISSP dumps https://www.pass4itsure.com/cissp.html ( Q&As: 1092).