Free ISC2 CISSP Exam Dumps and CISSP Exam Questions

Question No: 11

MultipleChoice

Which would result in the GREATEST import following a breach to a cloud environmet?

Options

AThe hypervisor host Is poorly seared

BThe same Logical Unit Number (LLN) is used for ail VMs

CInsufficient network segregation

DInsufficient hardening of Virtual Machines (VM)

Question No: 12

MultipleChoice

Which of the following in the BEST way to reduce the impect of an externlly sourced flood attack?

Options

AStock the source address at the firewall.

BHave this service provide block the source address.

CBlock all inbound traffic until the flood ends.

DHave the source service provider block the address

Question No: 13

MultipleChoice

Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

Options

AASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.

BOpportunistic attackers will look for any easily exploitable vulnerable applications.

CMost regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.

DSecuring applications at ASVS Level 1 provides adequate protection for sensitive data.

Question No: 14

MultipleChoice

Which of the following is a strategy of grouping requirements in developing a security test and Evolution (ST&E)?

Options

AStandards, policies, and procedures

BManagement, operational, and technical

CDocumentation, observation, and manual

DTactical, strategic, and financial

Question No: 15

MultipleChoice

The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Options

AGood communication throughout the organization

BFormation of Disaster Recovery (DP) project team

CA completed Business Impact Analysis (BIA)

DWell-documented information asset classification

Question No: 16

MultipleChoice

When conduting a security assessment of access controls , Which activity is port of the data analysis phase?

Options

ACollect logs and reports.

BPresent solutions to address audit exceptions.

CCategorize and Identify evidence gathered during the audit

DConduct statiscal sampling of data transactions.

Question No: 17

MultipleChoice

The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are requried?

Options

AUsers, permissions, operators, and protected objects

BUsers, rotes, operations, and protected objects

CRoles, accounts, permissions, and protected objects

DRoles, operations, accounts, and protected objects

Question No: 18

MultipleChoice

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):

What type of attack does this indicate?

Options

ADirectory traversal

BStructured Query Language (SQL) injection

CCross-Site Scripting (XSS)

DShellcode injection

Question No: 19

MultipleChoice

Individuls have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?

Options

AAttribute Based Access Control (ABAC)

BRole-Based Access Control (RBAC)

CDiscretionary Access Control (DAC)

DMandatory Access Control (MAC)

Question No: 20

MultipleChoice

Functional security testing is MOST critical during which phese of the system development Life Cycle (SDLC)?

Options

AAcquisition / Development

BOperations / Maintenance

CImplementation

DInitiation

Free ISC2 CISSP Exam Dumps - Page 2