Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISC Questions > CISSP - 3 > Flashcards

CISSP - 3 Flashcards

1
Q

The help desk is receiving many calls regarding slow web application response times today. This is impairing business. The Systems Administrator notices an increased level of connection attempt failures. This scenario could be a failure of which penetration testing stage? A. Analysis and reporting B. Vulnerability detection C. Planning and preparation D. Information Gathering

A

C. Planning and preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the primary reason a company would choose to perform a vulnerability assessment compared to a penetration test? A. Vulnerability assessments reveal a higher number of vulnerabilities B. Vulnerability assessments are less likely to disrupt production systems C. Vulnerability assessments are less time consuming and cost effective D. Vulnerability assessments help meet industry regulatory requirements

A

B. Vulnerability assessments are less likely to disrupt production systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security practioner has a report that details the access list for a fileshare. This list is quite long. What next steps should the Security Practioner take with this list? A. review this list with the Human Resources Manager B. review this list with the Systems Administrator C. review this list with the Data Owner D. review this list with the Network Manager

A

C. review this list with the Data Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When investigating a potential data breach by unauthorized access, the best source of information related to the activity can be found in A. Audit logs B. Performance logs C. traffic logs D. utilization logs

A

A. Audit logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which one of the following introduces a weakness with end-to-end encryption? A. Non-printable characters B. ASCII codes C. Private Keys D. Application Gateways

A

D. Application Gateways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Major security concern for SCADA systems using DLP3 protocols should be A. Spoofing B. Eavesdropping C. Denial of Service D. Man-in-the-middle

A

A. Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information security is the responsibility of A. everyone in the organization B. corporate management C. the corporate security office D. everyone with computer access

A

A. everyone in the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following should an organization have in place to prevent employees from stealing intellectual property? A. Employee insurance plan and policies B. Employee training program and policies C. Employment agreement and policies D. Employee development plan and policies

A

C. Employment agreement and policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

External technical attacks against systems often begin with A. Vulnerability Scans B. Social Engineering C. Monitoring of SSL traffic D. Analysis of degaussed media

A

B. Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is the most appropriate to conduct the testing stage of a Software Development Life Cycle? A. Quality Assurance Staff B. Implementation Staff C. Security Staff D. Technical Support Staff

A

B. Implementation Staff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following logs can track all applications on a system? A. Accounting log B. Kernel log C. System log D. Error log

A

C. System log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The technical Service required for assuring the most important detail of this transaction is A. Diffie-Hellman Key exchange B. Kerberos authentication C. non-repudiation D. one-time pad

A

C. non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is certificate path validation? A. Verification of the integrity of the associated root certificate B. verification of the validity of all certificates of the certificate chain to the root certificate C. verification of the integrity of the concerned private key D. verification of the revocation status of the concerned certificate

A

B. verification of the validity of all certificates of the certificate chain to the root certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security model provides the information security professional with a A. set of policies and procedures for the operations of a security program B. framework of security objectives and goals C. group of informal access controls to protect network resources D. list of recurring activities that test security preparedness

A

B. framework of security objectives and goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where would be the most effective place to implement a host-based intrusion detection system? A. Firewall B. World Wide Web Server C. Edge router D. External Network Intrusion Detection SYstem

A

C. Edge router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security incident is an organization should be treated as A. an information technology issue B. a business issue C. a legal issue D. a computer security issure

A

B. a business issue

17
Q

Part of the patch deployement strategy includes A. Vendor responsiveness B. installing multiple patches to reduce outages C. proposing changes through change control D. exploit testing

A

C. proposing changes through change control

18
Q

When conducting a buisness impact analysis, who must be consulted when determining Maximum tolerable downtime for any particular organization’s system? A. Information Systems Security Officer B. Backup operations manager C. Business Contuity manager D. Manager of the affected business unit

A

D. Manager of the affected business unit

19
Q

An organization’s Business Continuity Plan team determines that an earthquake should cause 25 percent of its data center to be destroyed. The BCP team has just calculated the A. Exposure factor B. Single loss expectancy C. Annual loss expectancy D. Annual rate of occurrence

A

A. Exposure factor

20
Q

Identity Theft is primarily used to A. perform industrial espionage B. spook Internet Protocol addresses C. compromise security associations D. make unauthorized charges to accounts

A

D. make unauthorized charges to accounts

21
Q

The export of cryptographic technologies must comply with the A. international economic treaties B. entities of import and exports C. entity and country of export D. local laws of the country of export

A

C. entity and country of export

22
Q

When addressing built-in redundancy with the skyscraper, which of the following must be addressed? A. integrity of the building materials used B. energy efficiency of the building materials used C. load balancing with structural supports D. redundancy in structural components

A

D. redundancy in structural components

23
Q

The use of automated environment systems can help A. control overheating electronics B. control heat loss of sensitive equipment C. increase power fluctuations D. decrease reliance on closed circuit television

A

A. control overheating electronics

24
Q

Which type of fire extinguisher is best suited for use in a data center and computer room environments where the primary fire risk is from electrical fires? A. Type A B. Type B C. Type C D. Type D

A

C. Type C

25
Q

What is the most effective way to prevent theft of a laptop A. install a radio frequency indentification tracking B. encrypt teh hard drive C. attach a lock cable D. do not leave unattended

A

D. do not leave unattended

ISC Questions (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions