CISSP

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:A .  Mandatory Access ControlB .  Discretionary Access ControlC .  Non-Discretionary Access ControlD .  Rule-based Access controlView AnswerAnswer: C Explanation: A central authority determines what subjects can have access to certain...

What should you do to the user accounts as soon as employment is terminated?A . Disable the user accounts and erase immediately the data kept.B . Disable the user accounts and have the data kept for a specific period of time.C . None of the choices.D . Maintain the user...

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?A . Only when assets are clearly definedB . Only when standards are definedC . Only when controls are put in placeD . Only procedures...

What set of principles is the basis for information systems controls?A . Authentication, audit trails, and awareness briefingsB . Individual accountability, auditing, and separation of dutiesC . Need to know, identification, and authenticityD . Audit trails, limited tenure, and awareness briefingsView AnswerAnswer: C

When selecting site facilities, which terrain characteristics are preferable for physical security?A . Hilly with thick vegetation and other natural obstacles to protect entrance pointsB . Downhill slope to facilitate accessibility and visibility of the siteC . Flat with no thick vegetation and easy to access from various entrance pointsD...

What is called a password that is the same for each log-on session?A .  "one-time password"B .  "two-time password"C .  static passwordD .  dynamic passwordView AnswerAnswer: C Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley...

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?A . Program change controlB . Regression testingC . Export exception controlD . User acceptance testingView AnswerAnswer: A

Who in the organization is accountable for classification of data information assets?A . Data ownerB . Data architectC . Chief Information Security Officer (CISO)D . Chief Information Officer (CIO)View AnswerAnswer: A

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?A . ApplicationB . StorageC . PowerD . NetworkView AnswerAnswer: C Explanation: Reference: https://www.colocationamerica.com/data-center/tier-standards-overview.htm

The company has written a policy banning wireless networks. During a quarterly audit a wireless network has been located in the organization. What is the next step for the organization?A . Report details of the finding to law enforcementB . Remove the wireless networkC . Reprimand users for the wireless...