How Many Questions Of CISSP Samples

NEW QUESTION 1

Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

• A. Unauthorized database changes
• B. Integrity of security logs
• C. Availability of the database
• D. Confidentiality of the incident

Answer: A

NEW QUESTION 2

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?

• A. Platform as a Service (PaaS)
• B. Identity as a Service (IDaaS)
• C. Desktop as a Service (DaaS)
• D. Software as a Service (SaaS)

Answer: B

NEW QUESTION 3

An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (F1M). Which of the following is used behind the scenes in a FIM deployment?

• A. Standard Generalized Markup Language (SGML)
• B. Extensible Markup Language (XML)
• C. Security Assertion Markup Language (SAML)
• D. Transaction Authority Markup Language (XAML)

Answer: C

NEW QUESTION 4

If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

• A. User error
• B. Suspected tampering
• C. Accurate identification
• D. Unsuccessful identification

Answer: B

NEW QUESTION 5

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

• A. Develop a written organizational policy prohibiting unauthorized USB devices
• B. Train users on the dangers of transferring data in USB devices
• C. Implement centralized technical control of USB port connections
• D. Encrypt removable USB devices containing data at rest

Answer: C

NEW QUESTION 6

A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

• A. Transport
• B. Data link
• C. Network
• D. Application

Answer: D

NEW QUESTION 7

What BEST describes the confidentiality, integrity, availability triad?

• A. A tool used to assist in understanding how to protect the organization's data
• B. The three-step approach to determine the risk level of an organization
• C. The implementation of security systems to protect the organization's data
• D. A vulnerability assessment to see how well the organization's data is protected

Answer: C

NEW QUESTION 8

A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?

• A. On the top floor
• B. In the basement
• C. In the core of the building
• D. In an exterior room with windows

Answer: C

NEW QUESTION 9

Which of the following is ensured when hashing files during chain of custody handling?

• A. Availability
• B. Accountability
• C. Integrity
• D. Non-repudiation

Answer: C

NEW QUESTION 10

What is the MOST effective way to determine a mission critical asset in an organization?

• A. Vulnerability analysis
• B. business process analysis
• C. Threat analysis
• D. Business risk analysis

Answer: B

NEW QUESTION 11

An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?

• A. The attacker could publicly share confidential comments found in the stolen code.
• B. Competitors might be able to steal the organization's ideas by looking at the stolen code.
• C. A competitor could run their own copy of the organization's website using the stolen code.
• D. Administrative credentials or keys hard-coded within the stolen code could be used to access sensitive data.

Answer: A

NEW QUESTION 12

All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put extra load on the firewall due to the amount of traffic that is passing through it. Which of the following types of filtering would MOST likely be used?

• A. Uniform Resource Locator (URL) Filtering
• B. Web Traffic Filtering
• C. Dynamic Packet Filtering
• D. Static Packet Filtering

Answer: C

NEW QUESTION 13

An organization's data policy MUST include a data retention period which is based on

• A. application dismissal.
• B. business procedures.
• C. digital certificates expiration.
• D. regulatory compliance.

Answer: D

NEW QUESTION 14

Contingency plan exercises are intended to do which of the following?

• A. Train personnel in roles and responsibilities
• B. Validate service level agreements
• C. Train maintenance personnel
• D. Validate operation metrics

Answer: A

NEW QUESTION 15

When conducting a security assessment of access controls, which activity is part of the data analysis phase?

• A. Present solutions to address audit exceptions.
• B. Conduct statistical sampling of data transactions.
• C. Categorize and identify evidence gathered during the audit.
• D. Collect logs and reports.

Answer: C

NEW QUESTION 16
......