CISSP V1

A continuous information security monitoring program can BEST reduce risk through which of the following?A . Collecting security events and correlating them to identify anomaliesB . Facilitating system-wide visibility into the activities of critical user accountsC . Encompassing people, process, and technologyD . Logging both scheduled and unscheduled system changesView...

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?A . It has normalized severity ratings.B . It has many worksheets and practices to implement.C . It aims to calculate the risk of published vulnerabilities.D . It requires a...

What is the PRIMARY reason for implementing change management?A . Certify and approve releases to the environmentB . Provide version rollbacks for system changesC . Ensure that all applications are approvedD . Ensure accountability for changes to the environmentView AnswerAnswer: D

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), theA . confidentiality of the traffic is protected.B . opportunity to sniff network traffic exists.C . opportunity for device identity spoofing is eliminated.D . storage devices are protected against availability...

Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?A . Cross Origin Resource Sharing (CORS)B . WebSocketsC . Document Object Model (DOM) treesD . Web Interface Definition Language (IDL)View AnswerAnswer: B

Logical access control programs are MOST effective when they areA . approved by external auditors.B . combined with security token technology.C . maintained by computer security officers.D . made part of the operating system.View AnswerAnswer: D

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer . Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?A . Implement packet filtering on the...

Passive Infrared Sensors (PIR) used in a non-climate controlled environment shouldA . reduce the detected object temperature in relation to the background temperature.B . increase the detected object temperature in relation to the background temperature.C . automatically compensate for variance in background temperature.D . detect objects of a specific temperature...

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?A . After the system preliminary design has been developed and the data security categorization has been performedB . After the vulnerability analysis has been performed and before the system detailed design beginsC . After the...

Which of the following represents the GREATEST risk to data confidentiality?A . Network redundancies are not implementedB . Security awareness training is not completedC . Backup tapes are generated unencryptedD . Users have administrative privilegesView AnswerAnswer: C