Free ISC2 CISSP Exam Dumps and CISSP Exam Questions

Question No: 21

MultipleChoice

Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture? A. Ensue security policies are issued to all employees

Options

BPerform formal reviews of security Incidents.

CManage a program of security audits.

DWork with senior management to meet business goals.

Question No: 22

MultipleChoice

Which of the following BEST describles a protection profile (PP)?

Options

AA document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs.

BA document that expresses an implementation dependent set of security retirements which contains only the security functional requirements.

CA document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST).

DA document that is used to develop an Information Technology (IT) security product from Its security requirements definition.

Question No: 23

MultipleChoice

Which of the following is the BEST statement for a professional to include as port of businees continuity (BC) procedure?

Options

AA full data backup must be done upon management request.

BAn incremental data backup must be done upon management request.

CA full data backup must be done based on the needs of the business.

DIn incremental data backup must be done after each system change.

Question No: 24

MultipleChoice

Which of the following would present the highert annualized loss expectancy (ALE)?

Options

AFire

BEarthquake

CWindstorm

DFlood

Question No: 25

MultipleChoice

What balance MUST be considered when web application developers determine how information application error message should be constructed?

Options

ARisk versus benefit

BAvailability versus auditability

CPerformance versus user satisfaction

DConfidentially versus integrity

Question No: 26

MultipleChoice

Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Options

AChallenge Handshake Authentication Protocol (CHAP)

BMessage Authentication Code (MAC)

CTransport Layer Security (TLS) handshake protocol

DChallenge-response authentication mechanism

Question No: 27

MultipleChoice

Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Options

APenetration testing

BStakeholder review

CThreat modeling

DRequirements review

Question No: 28

MultipleChoice

An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

Options

AThe CSP determines data criticality.

BThe CSP provides end-to-end encryption services.

CThe CSP's privacy policy may be developer by the organization.

DThe CSP may not be subject to the organization's country legation.

Question No: 29

MultipleChoice

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?

Options

ATurn the computer on and collect volatile data.

BTurn the computer on and collect network information.

CLeave the computer off and prepare the computer for transportation to the laboratory

DRemove the hard drive, prepare it for transportation, and leave the hardware ta the scene.

Question No: 30

MultipleChoice

An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?

Options

ATape backup rotation

BPre-existing backup tapes

CTape backup compression

DBackup tape storage location

Free ISC2 CISSP Exam Dumps - Page 3