Quality CISSP PDF Dumps - CISSP Exam Questions [Q528-Q543]

Share

Quality CISSP PDF Dumps - CISSP Exam Questions

Most UptoDate ISC CISSP Exam Dumps PDF 2024


ISC CISSP certification is a globally recognized certification in the field of information security. It is designed for professionals who are responsible for the security of their organization's information assets and covers a wide range of topics related to information security. Certified Information Systems Security Professional certification is highly valued in the industry and is recognized by many organizations around the world. Candidates must have a minimum of five years of professional experience in the field of information security and demonstrate a strong understanding of the eight domains of information security to be eligible to take the exam.

 

NEW QUESTION # 528
A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Service (SMS) messaging, and Global Positioning System (GPS) location dat a. What has the game MOST likely introduced to the smartphone?

  • A. Alerting
  • B. Geo-fencing
  • C. Monitoring
  • D. Vulnerability

Answer: D


NEW QUESTION # 529
What assesses potential loss that could be caused by a disaster?

  • A. The Risk Assessment (RA)
  • B. The Business Assessment (BA)
  • C. The Business Continuity Plan (BCP)
  • D. The Business Impact Analysis (BIA)

Answer: D

Explanation:
The Business Assessment is divided into two components. Risk Assessment (RA)
and Business Impact Analysis (BIA). Risk Assessment is designed to evaluate existing exposures
from the organization's environment, whereas the BIA assesses potential loss that could be
caused by a disaster. The Business Continuity Plan's goal is to reduce the risk of financial loss by
improving the ability to recover and restore operations efficiently and effectively.
Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning,
John Wiley & Sons, 2001 (page 57).
And: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains
of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and
Disaster Recovery Planning (page 276).


NEW QUESTION # 530
At which temperature does damage start occurring to magnetic media?

  • A. 150 degrees
  • B. 125 degrees
  • C. 175 degrees
  • D. 100 degrees

Answer: D


NEW QUESTION # 531
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

  • A. Monitors alarms sent to the system administrator
  • B. Examines log messages or other indications on the system.
  • C. Examines the Access Control List (ACL)
  • D. Matches traffic patterns to virus signature files

Answer: D


NEW QUESTION # 532
What is the essential difference between a self-audit and an independent audit?

  • A. Results
  • B. Tools used
  • C. Competence
  • D. Objectivity

Answer: D

Explanation:
Explanation/Reference:
Explanation:
To maintain operational assurance, organizations use two basic methods: system audits and monitoring.
Monitoring refers to an ongoing activity whereas audits are one-time or periodic events and can be either internal or external. The essential difference between a self-audit and an independent audit is objectivity, thus indirectly affecting the results of the audit.
Incorrect Answers:
A: Internal and external auditors can use the same tools.
B: Internal and external auditors should return the same results. However, the objectivity of an independent audit may return more comprehensive results.
D: Internal and external auditors should have the same level of competence.


NEW QUESTION # 533
Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple?

  • A. primary key
  • B. foreign key
  • C. candidate key
  • D. secondary key

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The primary key is the attribute that is used to make each row or tuple in a table unique.
Incorrect Answers:
B: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table.
C: A foreign key is an attribute in one table that matches the primary key of another table and is used to cross-reference tables.
D: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-
1180
Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312
http://databases.about.com/cs/specificproducts/g/candidate.htm
http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html


NEW QUESTION # 534
Which cable technology refers to the CAT 3 and Cat5 Categories?

  • A. Axial cables
  • B. Coaxial cables
  • C. Twisted Pair cables
  • D. Fiber Optic cables

Answer: C


NEW QUESTION # 535
As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

  • A. Establish a secure connection to the web server to validate that only the approved ports are open.
  • B. Use a web scanner to scan for vulnerabilities within the website.
  • C. Perform a code review to ensure that the database references are properly addressed.
  • D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Answer: D

Explanation:
Section: Software Development Security


NEW QUESTION # 536
Tim is a network administrator of Acme Inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue.
This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls.
Which of the following should be used by Tim to ensure that no one can eavesdrop on the communication?

  • A. RSH
  • B. SFTP
  • C. SSH
  • D. SCP

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Network devices are often configured by a command line interface such as Telnet. Telnet, however is insecure in that the data including login credentials is unencrypted as it passes over the network. A secure alternative is to use Secure Shell (SSH).
Secure Shell (SSH) functions as a type of tunneling mechanism that provides terminal-like access to remote computers. SSH is a program and a protocol that can be used to log into another computer over a network.
SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh, which provide the same type of functionality SSH offers but in a much less secure manner. SSH is a program and a set of protocols that work together to provide a secure tunnel between two computers. The two computers go through a handshaking process and exchange (via Diffie-Hellman) a session key that will be used during the session to encrypt and protect the data sent.
Incorrect Answers:
B: SFTP (Secure File Transfer Protocol) is FTP over SSH. SFTP is secure but it is not used to configure network devices.
C: SCP (Secure Copy) is an application used to copy files over a network using an SSH connection. SCP is secure but it is not used to configure network devices.
D: RSH (Remote Shell) offers remote command line functionality. However, like Telnet, RSH is insecure.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 859-860
http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch19s02html
http://en.wikipedia.org/wiki/Remote_Shell
http://en.wikipedia.org/wiki/Secure_copy


NEW QUESTION # 537
Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?

  • A. Strict version control should be maintained.
  • B. The Contingency Planning Coordinator should make sure that every employee gets an up-todate copy of the plan.
  • C. Copies of the plan should be provided to recovery personnel for storage offline at home and office.
  • D. The plan should be reviewed at least once a year for accuracy and completeness.

Answer: B

Explanation:
Because the contingency plan contains potentially sensitive operational and personnel information, its distribution should be marked accordingly and controlled. Not all employees would obtain a copy, but only those involved in the execution of the plan. All other statements are correct.
NOTE FROM CLEMENT: I have received multiple emails stating the explanations contradict the correct answer. It seems many people have a hard time with negative question. In this case the Incorrect choice (the one that is not true) is the correct choice. Be very carefull of such questions, you will get some on the real exam as well.
Reference(s) used for this question: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems


NEW QUESTION # 538
Which of the following is the most reliable authentication device?

  • A. Smart Card system
  • B. Fixed callback system
  • C. Variable callback system
  • D. Combination of variable and fixed callback system.

Answer: A

Explanation:
The smart card, an intelligent token, is a credit card sized plastic card embedded with an integrated circuit chip. It provides not only memory capacity, but computational capability as well. The self-containment of smart card makes it resistant to attack as it does not need to depend upon potentially vulnerable external resources.
Because of this characteristic, smart cards are often used in different applications which require strong security protection and authentication. Option B is the most correct option, this is because Callback systems are not considered very reliable in the CISSP examination, Smart cards can also provide 2 mode authentication.
"Caller ID and callback options are great, but they are usually not practical because they require users to call in from a static phone number each time they access the network.
Most users are accessing the network remotely because they are on the road and moving from place to place." Pg. 428 Shon Harris: All-In-One CISSP Certification Guide.


NEW QUESTION # 539
Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?

  • A. In its procedures and tasks, the plan should refer to functions, not specific individuals.
  • B. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.
  • C. In order to facilitate recovery, a single plan should cover all locations.
  • D. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
A single plan is Always the best idea. Depending on the size of your organization and the number of people involved in the DRP effort, it may be a good idea to maintain multiple types of Recovery Plans documents.
Incorrect Answers:
B: A Business Continuity Plan committee needs to be put together. This committee decides course of actions that are implemented in the Business Continuity Plan.
C: Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes.
D: The Business Continuity Plan risk assessment should include continuity risks due to outsourced vendors and suppliers. Critical vendors should be contacted to ensure that necessary equipment can be obtained.
References:
Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 661


NEW QUESTION # 540
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department.
The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when

  • A. risk is lowered to an acceptable level.
  • B. backups are regularly performed and validated.
  • C. vulnerabilities are proactively identified.
  • D. audits are regularly performed and reviewed.

Answer: A


NEW QUESTION # 541
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

  • A. Identifying what is important and critical based on disruptions that can affect the organization
  • B. Preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP)
  • C. Establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization
  • D. Identifying the events and environmental factors that can adversely affect an organization

Answer: A


NEW QUESTION # 542
Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Answer:

Explanation:

Explanation
WS-Authorization
Reference: Java Web Services: Up and Running" By Martin Kalin page 228


NEW QUESTION # 543
......

100% Free ISC Certification CISSP Dumps PDF Demo Cert Guide Cover: https://www.dumps4pdf.com/CISSP-valid-braindumps.html

PDF Exam Material 2024 Realistic CISSP Dumps Questions: https://drive.google.com/open?id=1dXtpKj-ABdotB141hDen8qA9D3QK0rBy