ISC CISSP Certified Information Systems Security Professional Online Training
ISC CISSP Online Training
The questions for CISSP were last updated at Apr 08,2025.
- Exam Code: CISSP
- Exam Name: Certified Information Systems Security Professional
- Certification Provider: ISC
- Latest update: Apr 08,2025
Which of the following is an initial consideration when developing an information security management system?
- A . Identify the contractual security obligations that apply to the organizations
- B . Understand the value of the information assets
- C . Identify the level of residual risk that is tolerable to management
- D . Identify relevant legislative and regulatory compliance requirements
Which of the following BEST describes the responsibilities of a data owner?
- A . Ensuring quality and validation through periodic audits for ongoing data integrity
- B . Maintaining fundamental data availability, including data storage and archiving
- C . Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
- D . Determining the impact the information has on the mission of the organization
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
- A . Personal Identity Verification (PIV)
- B . Cardholder Unique Identifier (CHUID) authentication
- C . Physical Access Control System (PACS) repeated attempt detection
- D . Asymmetric Card Authentication Key (CAK) challenge-response
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?
- A . Platform as a Service (PaaS)
- B . Identity as a Service (IDaaS)
- C . Desktop as a Service (DaaS)
- D . Software as a Service (SaaS)
When implementing a data classification program, why is it important to avoid too much granularity?
- A . The process will require too many resources
- B . It will be difficult to apply to both hardware and software
- C . It will be difficult to assign ownership to the data
- D . The process will be perceived as having value
Which one of the following affects the classification of data?
- A . Assigned security label
- B . Multilevel Security (MLS) architecture
- C . Minimum query size
- D . Passage of time
Which of the following is MOST important when assigning ownership of an asset to a department?
- A . The department should report to the business owner
- B . Ownership of the asset should be periodically reviewed
- C . Individual accountability should be ensured
- D . All members should be trained on their responsibilities
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
- A . Common Vulnerabilities and Exposures (CVE)
- B . Common Vulnerability Scoring System (CVSS)
- C . Asset Reporting Format (ARF)
- D . Open Vulnerability and Assessment Language (OVAL)
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
- A . Implementation Phase
- B . Initialization Phase
- C . Cancellation Phase
- D . Issued Phase
Who in the organization is accountable for classification of data information assets?
- A . Data owner
- B . Data architect
- C . Chief Information Security Officer (CISO)
- D . Chief Information Officer (CIO)
Latest CISSP Dumps Valid Version with 981 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
