Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by jaydee9065

CISSP

advertisement 
New VCE and PDF Exam Dumps from PassLeader
➢ Vendor: (ISC)2
➢ Exam Code: CISSP
➢ Exam Name: Certified Information Systems Security Professional
(CISSP)
➢ Version: 20.051
NEW QUESTION 1
Which of the following is the MOST important output from a mobile application threat modeling
exercise according to Open Web Application Security Project (OWASP)?
A.
B.
C.
D.
The likelihood and impact of a vulnerability.
Application interface entry and endpoints.
Countermeasures and mitigations for vulnerabilities.
A data flow diagram for the application and attack surface analysis.
Answer: D
NEW QUESTION 2
Continuity of operations is BEST supported by which of the following?
A.
B.
C.
D.
Confidentiality, availability, and reliability.
Connectivity, reliability, and redundancy.
Connectivity, reliability, and recovery.
Confidentiality, integrity, and availability.
Answer: B
NEW QUESTION 3
What determines the level of security of a combination lock?
A.
B.
C.
D.
Complexity of combination required to open the lock.
Amount of time it takes to brute force the combination.
The number of barrels associated with the internal mechanism.
The hardness score of the metal lock material.
Answer: A
NEW QUESTION 4
Which of the following is a process in the access provisioning lifecycle that will MOST likely identify
access aggregation issues?
A.
B.
C.
Test
Assessment
Review
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
D.
Peer review
Answer: C
NEW QUESTION 5
For the purpose of classification, which of the following is used to divide trust domain and trust
boundaries?
A.
B.
C.
D.
Network Architecture
Integrity
Identity Management (IdM)
Confidentiality Management
Answer: A
NEW QUESTION 6
Which of the following is MOST effective in detecting information hiding in TCP/IP traffic?
A.
B.
C.
D.
Packet-filter firewall
Content-filtering web proxy
Stateful-inspection firewall
Application-level firewall
Answer: C
NEW QUESTION 7
Which of the following techniques BEST prevents buffer overflows?
A.
B.
C.
D.
Boundary and perimeter offset.
Character set encoding.
Code auditing.
Variant type and bit length.
Answer: B
NEW QUESTION 8
What principle requires that changes to the plaintext affect many parts of the ciphertext?
A.
B.
C.
D.
Encapsulation
Permutation
Diffusion
Obfuscation
Answer: C
NEW QUESTION 9
Which of the following processes is used to align security controls with business functions?
A.
B.
C.
D.
Data mapping
Standards selection
Scoping
Tailoring
Answer: B
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
NEW QUESTION 10
What is the best way for mutual authentication of devices belonging to the same organization?
A.
B.
C.
D.
Token
Certificates
User ID and passwords
Biometric
Answer: A
NEW QUESTION 11
Which of the following offers the BEST security functionality for transmitting authentication tokens?
A.
B.
C.
D.
JavaScript Object Notation (JSON)
Terminal Access Controller Access Control System (TACACS)
Security Assertion Markup Language (SAML)
Remote Authentication Dial-In User Service (RADIUS)
Answer: C
NEW QUESTION 12
What is the MAIN purpose for writing planned procedures in the design of Business Continuity
Plans (BCP)?
A.
B.
C.
D.
Establish lines of responsibility.
Minimize the risk of failure.
Accelerate the recovery process.
Eliminate unnecessary decision making.
Answer: B
NEW QUESTION 13
What is the foundation of cryptographic functions?
A.
B.
C.
D.
Cipher
Encryption
Hash
Entropy
Answer: A
NEW QUESTION 14
What information will BEST assist security and financial analysts in determining if a security control
is cost effective to mitigate a vulnerability?
A.
B.
C.
D.
Annualized Loss Expectancy (ALE) and the cost of the control.
Single Loss Expectancy (SLE) and the cost of the control.
Annual Rate of Occurrence (ARO) and the cost of the control.
Exposure Factor (EF) and the cost of the control.
Answer: D
NEW QUESTION 15
Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security
controls?
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
A.
B.
C.
D.
Selection
Monitoring
Implementation
Assessment
Answer: A
NEW QUESTION 16
A security team member was selected as a member of a Change Control Board (CCB) for an
organization. Which of the following is one of their responsibilities?
A.
B.
C.
D.
Approving or disapproving the change.
Determining the impact of the change.
Carrying out the requested change.
Logging the change.
Answer: B
NEW QUESTION 17
Which action is MOST effective for controlling risk and minimizing maintenance costs in the
software supply chain?
A.
B.
C.
D.
Selecting redundant suppliers.
Selecting suppliers based on business requirements.
Selecting fewer, more reliable suppliers.
Selecting software suppliers with the fewest known vulnerabilities.
Answer: D
NEW QUESTION 18
A data owner determines the appropriate job-based access for an employee to perform their duties.
Which type of access control is this?
A.
B.
C.
D.
Discretionary Access Control (DAC)
Non-discretionary access control
Mandatory Access Control (MAC)
Role-based access control (RBAC)
Answer: D
NEW QUESTION 19
The process of "salting" a password is designed to increase the difficulty of cracking which of the
following?
A.
B.
C.
D.
Specific password
Password hash function
Password algorithm
Maximum password length
Answer: B
NEW QUESTION 20
Which of the following does Secure Sockets Layer (SSL) encryption protect?
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
A.
B.
C.
D.
Data availability
Data at rest
Data in transit
Data integrity
Answer: C
NEW QUESTION 21
Which of the following is a credible source to validate that security testing of Commercial Off-TheShelf (COTS) software has been performed with international standards?
A.
B.
C.
D.
Common Criteria (CC)
Evaluation Assurance Level (EAL)
National Information Assurance Partnership (NIAP)
International Standards Organization (ISO)
Answer: A
NEW QUESTION 22
A security engineer is tasked with implementing a new identity solution. The client doesn't want to
install or maintain the infrastructure. Which of the following would qualify as the BEST solution?
A.
B.
C.
D.
Microsoft Identity Manager (MIM)
Azure Active Directory (AD)
Active Directory Federation Services (ADFS)
Active Directory (AD)
Answer: D
NEW QUESTION 23
Which of the following is the FIRST thing to consider when reviewing Information Technology (IT)
internal controls?
A.
B.
C.
D.
The risk culture of the organization.
The impact of the control.
The nature of the risk.
The cost of the control.
Answer: B
NEW QUESTION 24
Which layer of the Open System Interconnection (OSI) model is reliant on other layers and is
concerned with the structure, interpretation and handling of information?
A.
B.
C.
D.
Presentation Layer
Session Layer
Application Layer
Transport Layer
Answer: D
NEW QUESTION 25
When conveying the results of a security assessment, which of the following is the PRIMARY
audience?
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
A.
B.
C.
D.
Information System Security Officer (ISSO)
Authorizing Official (AO)
Information System Security Manager (ISSM)
Security Control Assessor (SCA)
Answer: C
NEW QUESTION 26
Which concept might require users to use a second access token or to re-enter passwords to gain
elevated access rights in the identity and access provisioning life cycle?
A.
B.
C.
D.
Time-based
Enrollment
Least privilege
Access review
Answer: B
NEW QUESTION 27
Why are mobile devices sometimes difficult to investigate in a forensic examination?
A.
B.
C.
D.
There are no forensics tools available for examination.
They may contain cryptographic protection.
They have password-based security at logon.
They may have proprietary software installed to protect them.
Answer: D
NEW QUESTION 28
Which of the following global privacy legislation principles ensures that data handling policies and
the name of the data controller are easily accessible to the public?
A.
B.
C.
D.
Use limitation
Openness
Purpose specification
Individual participation
Answer: B
NEW QUESTION 29
Security categorization of a new system takes place during which phase of the Systems
Development Life Cycle (SDLC)?
A.
B.
C.
D.
System implementation
System initiation
System operations and maintenance
System acquisition and development
Answer: D
NEW QUESTION 30
What is the motivation for use of the Online Certificate Status Protocol (OCSP)?
A.
B.
To return information on multiple certificates.
To control access to Certificate Revocation List (CRL) requests.
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
New VCE and PDF Exam Dumps from PassLeader
C.
D.
To provide timely up-to-date responses to certificate queries.
To issue X.509v3 certificates more quickly.
Answer: D
NEW QUESTION 31
......
Visit PassLeader and Download Full Version CISSP Exam Dumps
CISSP Exam Dumps
CISSP Exam Questions
CISSP PDF Dumps
https://www.passleader.com/cissp.html
CISSP VCE Dumps
Related documents
Oracle APEX Cloud Developer Professional 1Z0-770
Oracle APEX Cloud Developer Professional 1Z0-770
By: Peter Gregory and Bruce Lobree
By: Peter Gregory and Bruce Lobree
Download
advertisement