New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 3 Question 71 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 71
Topic #: 3
[All ISSMP Questions]

Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

Show Suggested Answer Hide Answer
Suggested Answer: B

Physical Configuration Audit (PCA) is one of the practices used in Software Configuration Management for Software Configuration Auditing. The purpose of the software PCA is to ensure that the design and reference documentation is consistent with the as-built software product. PCA checks and matches the really implemented layout with the documented layout.

Answer option D is incorrect. Functional Configuration Audit or FCA is one of the practices used in Software Configuration Management for Software Configuration Auditing. FCA occurs either at delivery or at the moment of effecting the change. A Functional Configuration Audit ensures that functional and performance attributes of a configuration item are achieved.

Answer option C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.

Answer option A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.


by Adelina at Aug 10, 2023, 11:49 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Marleen
2 months ago
Vulnerability assessments are key too!
upvoted 0 times
...
Irene
2 months ago
Wait, how does data classification help with social engineering?
upvoted 0 times
...
Stephaine
3 months ago
I can't believe people still underestimate social engineering threats!
upvoted 0 times
...
Gennie
3 months ago
I agree, but data encryption seems less relevant here.
upvoted 0 times
...
Timothy
3 months ago
Definitely password policies! Super important.
upvoted 0 times
...
Chun
3 months ago
Okay, let me think this through. Password policies, vulnerability assessments, and data encryption - those seem like the best choices to cover the main bases for defending against social engineering threats.
upvoted 0 times
...
Elenora
4 months ago
Password policies are definitely a must to prevent social engineering attacks. And vulnerability assessments can help identify weaknesses that could be exploited. Data classification is also important to understand what data needs the most protection.
upvoted 0 times
...
Kristofer
4 months ago
Hmm, I'm a bit unsure about this one. Social engineering can be tricky to defend against, but I think password policies, vulnerability assessments, and data encryption could be good options to consider.
upvoted 0 times
...
Shelia
4 months ago
This looks like a straightforward question on social engineering threats. I'll start by thinking about the key methods that can help eliminate these types of threats.
upvoted 0 times
...
Dino
4 months ago
I believe data classification could help in understanding what information is sensitive, which might reduce the risk of social engineering, but I’m not entirely confident.
upvoted 0 times
...
Vicki
4 months ago
Data encryption seems like a good choice, but I feel like it’s more about protecting data rather than preventing social engineering attacks.
upvoted 0 times
...
Reynalda
5 months ago
I remember a practice question that mentioned vulnerability assessments as a way to identify weaknesses, but I'm not certain if they help with social engineering specifically.
upvoted 0 times
...
Skye
5 months ago
I think password policies are definitely important, but I'm not sure if they directly address social engineering.
upvoted 0 times
...
Lorenza
5 months ago
Okay, let me see. I know self-healing technology is supposed to reduce the need for support, so I'm guessing the answer has to do with that. I'll go with C.
upvoted 0 times
...
Horace
5 months ago
Wait, I'm a little confused. Is it just about providing a flat working surface, or is there more to it than that? I'll have to re-read the options closely to make sure I understand the nuance here.
upvoted 0 times
...
Alexis
5 months ago
Hmm, this question seems a bit tricky. I'll need to think it through carefully to make sure I understand the purpose of an admin server and what type of server can be assigned that role.
upvoted 0 times
...
Youlanda
9 months ago
I'm surprised they didn't include 'Tin Foil Hats' as an option. I mean, that's basically the gold standard for social engineering protection, isn't it?
upvoted 0 times
Buddy
8 months ago
C) Data encryption
upvoted 0 times
...
Avery
8 months ago
B) Vulnerability assessments
upvoted 0 times
...
Stanton
8 months ago
A) Password policies
upvoted 0 times
...
...
Elouise
10 months ago
Hmm, I was thinking about setting up a 'Gullibility Test' for all employees. You know, just to weed out the ones who'd fall for a phishing scam. Worth a shot, right?
upvoted 0 times
Lucille
9 months ago
C) Data encryption
upvoted 0 times
...
Jennie
10 months ago
B) Vulnerability assessments
upvoted 0 times
...
Richelle
10 months ago
A) Password policies
upvoted 0 times
...
...
Cheryl
10 months ago
Vulnerability assessments are key to identifying weaknesses that could be exploited. And data classification helps you prioritize your security efforts.
upvoted 0 times
Harris
9 months ago
D) Data classification
upvoted 0 times
...
Mindy
9 months ago
B) Vulnerability assessments
upvoted 0 times
...
Soledad
9 months ago
A) Password policies
upvoted 0 times
...
Hillary
9 months ago
D) Data classification
upvoted 0 times
...
Corinne
10 months ago
B) Vulnerability assessments
upvoted 0 times
...
Bobbie
10 months ago
A) Password policies
upvoted 0 times
...
...
Devora
10 months ago
Definitely password policies, that's a must-have! But I'm not sure about data encryption - isn't that more for protecting data than social engineering?
upvoted 0 times
Stephaine
10 months ago
C) Data encryption can also be helpful in protecting sensitive information from being manipulated through social engineering tactics.
upvoted 0 times
...
In
10 months ago
A) Password policies are definitely important to prevent social engineering attacks.
upvoted 0 times
...
...
Evangelina
10 months ago
I believe vulnerability assessments are important too. They can help identify potential weaknesses that social engineers may exploit.
upvoted 0 times
...
Lynelle
11 months ago
I agree with Rory. Data encryption can also be effective in eliminating social engineering threats.
upvoted 0 times
...
Rory
11 months ago
I think password policies can help prevent social engineering attacks.
upvoted 0 times
...

Save Cancel