Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CISSP
Free trial
Verified
Question 26
Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?
- A: Centralized network provisioning
- B: Reduced network latency when scaled
- C: Centralized network administrative control
- D: Reduced hardware footprint and cost
Question 27
What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?
- A: Warn users of a breach.
- B: Reset all passwords.
- C: Segment the network.
- D: Shut down the network.
Question 28
Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
- A: Application development
- B: Spiral development functional testing
- C: Security control testing
- D: DevOps Integrated Product Team (IPT) development
Question 29
A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
- A: Data sanitization
- B: Data validation
- C: Service accounts removal
- D: Logging and monitoring
Question 30
The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?
- A: Group policy implementation
- B: SCADA network latency
- C: Physical access to the system
- D: Volatility of data
Question 31
What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?
- A: Configuration item
- B: Configuration element
- C: Ledger item
- D: Asset register
Question 32
A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
- A: Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.
- B: Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
- C: Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
- D: Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
Question 33
Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over
Internet Protocol (VoIP) services?
- A: Mean time to repair (MTTR)
- B: Quality of Service (QoS) between applications
- C: Financial penalties in case of disruption
- D: Availability of network services
Question 34
A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?
- A: Inadequate performance testing
- B: Inadequate application level testing
- C: Failure to perform negative testing
- D: Failure to perform interface testing
Question 35
Which of the following is included in change management?
- A: Technical review by business owner
- B: User Acceptance Testing (UAT) before implementation
- C: Cost-benefit analysis (CBA) after implementation
- D: Business continuity testing
Question 36
An organization wants to define as physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost- efficiently deter casual trespassers?
- A: Fences three to four feet high with a turnstile
- B: Fences six to seven feet high with a painted gate
- C: Fences accompanied by patrolling security guards
- D: Fences eight or more feet high with three strands of barbed wire
Question 37
Which of the following vulnerabilities can be BEST detected using automated analysis?
- A: Multi-step process attack vulnerabilities
- B: Business logic flaw vulnerabilities
- C: Valid cross-site request forgery (CSRF) vulnerabilities
- D: Typical source code vulnerabilities
Question 38
A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?
- A: PM
- B: Information owner
- C: Data Custodian
- D: Mission/Business Owner
Question 39
Which of the following determines how traffic should flow based on the status of the infrastructure layer?
- A: Control plane
- B: Application plane
- C: Traffic plane
- D: Data plane
Question 40
When testing password strength, which of the following is the BEST method for brute forcing passwords?
- A: Conduct an offline attack on the hashed password information.
- B: Use a comprehensive list of words to attempt to guess the password.
- C: Use social engineering methods to attempt to obtain the password.
- D: Conduct an online password attack until the account being used is locked.
Question 41
Which of the following is the name of an individual or group that is impacted by a change?
- A: Change agent
- B: End User
- C: Stakeholder
- D: Sponsor
Question 42
The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
- A: Never to store personal data of EU citizens outside the EU
- B: Data masking and encryption of personal data
- C: Only to use encryption protocols approved by EU
- D: Anonymization of personal data when transmitted to sources outside the EU
Question 43
What is the PRIMARY benefit of incident reporting and computer crime investigations?
- A: Complying with security policy
- B: Repairing the damage and preventing future occurrences
- C: Providing evidence to law enforcement
- D: Appointing a computer emergency response team
Question 44
Which of the following is the MOST common method of memory protection?
- A: Error correction
- B: Virtual local area network (VLAN) tagging
- C: Segmentation
- D: Compartmentalization
Question 45
What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
- A: Source code review
- B: Threat modeling
- C: Penetration testing
- D: Manual inspections and reviews
Question 46
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?
- A: Pinning
- B: Single-pass wipe
- C: Multi-pass wipes
- D: Degaussing
Question 47
Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?
- A: Store information about browsing activities on the personal device.
- B: Prevent information about browsing activities from being stored on the personal device.
- C: Prevent information about browsing activities from being stored in the cloud.
- D: Store browsing activities in the cloud.
Question 48
A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?
- A: Deployment
- B: Development
- C: Test
- D: Design
Question 49
A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?
- A: Administrative privileges on the hypervisor
- B: Administrative privileges on the application folders
- C: Administrative privileges on the web server
- D: Administrative privileges on the OS
Question 50
A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
- A: Remove all non-essential client-side web services from the network.
- B: Harden the client image before deployment.
- C: Screen for harmful exploits of client-side services before implementation.
- D: Block all client-side web exploits at the perimeter.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!