Transform your CISSP exam approach with our free, fresh PDF and Exam Questions
Navigate the intricate labyrinths of certification, with the CISSP dumps lighting your path. Like the twisting corridors of a maze, the CISSP dumps present an enigma of practice questions, each a puzzle waiting to be solved. Whether the PDFs whisper secrets from ancient scrolls or the VCE format immerses you in a game of wits, the CISSP dumps are the key to the treasure within. A map to guide you, the CISSP dumps unveil shortcuts to understanding, ensuring you emerge victorious at every turn. Trusting the wisdom etched in these pages, we proudly herald our 100% Pass Guarantee.
Propel your CISSP exam performance with the unmatched quality of our CISSP VCE and PDF resources
Question 1:
What is the MOST critical factor to achieve the goals of a security program?
A. Capabilities of security resources
B. Executive management support
C. Effectiveness of security management
D. Budget approved for security resources
Correct Answer: B
Question 2:
An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data, The security practitioner has been tasked with recommending a solution to address the CIO\’s concerns, Which of the following is the BEST approach to achieving the objective by encrypting all sensitive data?
A. Use a Secure Hash Algorithm 256 (SHA-256).
B. Use a hierarchy of encryption keys.
C. Use Hash Message Authentication Code (HMAC) keys.
D. Use Rivest-Shamir-Adleman (RSA) keys.
Correct Answer: D
Question 3:
What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?
A. Two-factor authentication
B. Reusable tokens for application level authentication
C. High performance encryption algorithms
D. Secure Sockets Layer (SSL) for all communications
Correct Answer: A
Question 4:
Which of the following is critical if an empolyee is dismissed due to violation of an organization\’s acceptable use policy (Aup) ?
A. Appropriate documentation
B. privilege suspension
C. proxy records
D. Internet access logs
Correct Answer: A
Question 5:
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
A. Discretionary Access Control (DAC) procedures
B. Mandatory Access Control (MAC) procedures
C. Data link encryption
D. Segregation of duties
Correct Answer: B
Question 6:
Which of the following information MUST be provided for user account provisioning?
A. Full name
B. Unique identifier
C. Security question
D. Date of birth
Correct Answer: B
Question 7:
Match the functional roles in an external audit to their responsibilities. Drag each role on the left to its corresponding responsibility on the right.
Select and Place:
Correct Answer:
Question 8:
What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state
B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests
D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
Correct Answer: B
Question 9:
Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented
Correct Answer: B
Question 10:
Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?
A. Mandatory Access Control (MAC)
B. Role Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Attribute Based Access Control (ABAC)
Correct Answer: B
Question 11:
How is it possible to extract private keys securely stored on a cryptographic smartcard?
A. Bluebugging
B. Focused ion-beam
C. Bluejacking
D. Power analysis
Correct Answer: D
Question 12:
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a
A. clear-text attack.
B. known cipher attack.
C. frequency analysis.
D. stochastic assessment.
Correct Answer: C
Question 13:
An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?
A. Implement a data classification policy.
B. Implement a data encryption policy.
C. Implement a user training policy.
D. Implement a user reporting policy.
Correct Answer: C
Question 14:
Given a file containing ordered number, i.e. “123456789,” match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.
Select and Place:
Correct Answer:
Question 15:
What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?
A. Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities to analyze the contents
B. Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many (WORM) device
C. Remove the hard drive from the system and make a copy of the hard drive\’s contents using imaging hardware
D. Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive
Correct Answer: C