Gear towards CISSP exam brilliance with our up-to-date VCE and PDF materials
Forge ahead in your academic sojourn, anchored by the robust foundation provided by the CISSP dumps. Meticulously crafted to echo the vast expanse of the curriculum, the CISSP dumps radiate a plethora of practice questions, nurturing an in-depth understanding. Whether the clear directives of PDFs allure or the rich tapestry of the VCE format mesmerizes, the CISSP dumps promise a stellar experience. An elaborate study guide, emblematic of the CISSP dumps, delineates core themes, ensuring unwavering clarity. With profound conviction in the prowess of our offerings, we unwaveringly champion our 100% Pass Guarantee.
[Now In Stock] Unlock exam success with the free CISSP PDF and Exam Questions, vowing for 100% achievement
Question 1:
What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
A. Capturing an image of the system
B. Maintaining the chain of custody
C. Complying with the organization\’s security policy
D. Outlining all actions taken during the investigation
Correct Answer: B
Question 2:
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
A. Policy documentation review
B. Authentication validation
C. Periodic log reviews
D. Interface testing
Correct Answer: C
Question 3:
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?
A. Whole device encryption with key escrow
B. Mobile Device Management (MDMJ with device wipe
C. Mobile device tracking with geolocation
D. Virtual Private Network (VPN) with traffic encryption
Correct Answer: B
Question 4:
The Secure Shell (SSH) version 2 protocol supports
A. availability, accountability, compression, and integrity
B. authentication, availability, confidentiality, and integrity
C. accountability, compression, confidentiality, and integrity
D. authentication, compression, confidentiality, and integrity
Correct Answer: D
Question 5:
Match the types of e-authentication tokens to their description.
Drag each e-authentication token on the left to its corresponding description on the right.
Select and Place:
Correct Answer:
Question 6:
Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?
A. Laws and regulations may change in the interim, making it unnecessary to retain the information
B. The expense of retaining the information could become untenable for the organization
C. The organization may lose track of the information and not dispose of it securely
D. The technology needed to retrieve the information may not be available in the future
Correct Answer: C
Question 7:
Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?
A. Security Assertion Markup Language (SAML)
B. Open Authentication (OAUTH)
C. Remote Authentication Dial-in User service (RADIUS)
D. Terminal Access Control Access Control System Plus (TACACS+)
Correct Answer: B
Question 8:
An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?
A. Limits and scope of the testing.
B. Physical location of server room and wiring closet.
C. Logical location of filters and concentrators.
D. Employee directory and organizational chart.
Correct Answer: A
Question 9:
A security architect is reviewing an implemented security framework. After the review, the security architect wants to enhance the security by implementing segregation of duties (SoD) to address protection against fraud. Which security model BEST protects the integrity of data?
A. The Brewer-Nash model
B. The Biba Integrity model
C. The Bell-LaPadula model
D. The Clark-Wilson model
Correct Answer: D
Question 10:
Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
Correct Answer: D
Question 11:
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
A. Availability
B. Confidentiality
C. Integrity
D. Ownership
Correct Answer: A
Question 12:
While performing a security review for a new product, an information security professional discovers that the organization\’s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?
A. Customer identifiers should be a variant of the user\’s government-issued ID number.
B. Customer identifiers that do not resemble the user\’s government-issued ID number should be used.
C. Customer identifiers should be a cryptographic hash of the user\’s government-issued ID number.
D. Customer identifiers should be a variant of the user\’s name, for example, “jdoe” or “john.doe.”
Correct Answer: C
Question 13:
An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization\’s services.
As part of the authentication process, which of the following must the end user provide?
A. An access token
B. A username and password
C. A username
D. A password
Correct Answer: A
Question 14:
To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?
A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
B. Ground sensors installed and reporting to a security event management (SEM) system
C. Steel casing around the facility ingress points
D. Regular sweeps of the perimeter, including manual inspection of the cable ingress points
Correct Answer: D
Question 15:
How should the retention period for an organization\’s social media content be defined?
A. Wireless Access Points (AP)
B. Token-based authentication
C. Host-based firewalls
D. Trusted platforms
Correct Answer: C