CISSP exam

Penetration testing will typically includeA . Generally accepted auditing practices.B . Review of Public Key Infrastructure (PKI) digital certificate, and encryption.C . Social engineering, configuration review, and vulnerability assessment.D . Computer Emergency Response Team (CERT) procedures.View AnswerAnswer: C

Which of the following are valid controls against program threats?A . Code reuse, modularization, and linkingB . Appropriate hiring practice, periodic inspections, and layered structuringC . Peer reviews, testing, and configuration managementD . Group code review, hazard analysis, and acceptance testingView AnswerAnswer: C

Which type of password provides maximum security because a new password is required for each new log-on?A .  One-time or dynamic passwordB .  Congnitive passwordC .  Static passwordD .  PassphraseView AnswerAnswer: A Explanation: "One-time password" provides maximum security because a new password is required for each new log-on. Source: KRUTZ,...

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?A . Packet filteringB . Port services filteringC . Content filteringD . Application access controlView AnswerAnswer: A Explanation: Reference: https://www.sans.org/reading-room/whitepapers/protocols/applying-osi-layer-network-model­information-security-1309 (10)

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?A .  Bell-LaPadula modelB .  Biba modelC .  Access Matrix modelD .  Take-Grant modelView AnswerAnswer: A Explanation: Details: The Answer Bell-LaPadula...

What is the BEST approach to addressing security issues in legacy web applications?A . Debug the security issuesB . Migrate to newer, supported applications where possibleC . Conduct a security assessmentD . Protect the legacy application with a web application firewallView AnswerAnswer: D

The absence or weakness in a system that may possibly be exploited is called a(n)?A . ThreatB . ExposureC . VulnerabilityD . RiskView AnswerAnswer: C

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations...

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?A . Audit logsB . Role-Based Access Control (RBAC)C . Two-factor authenticationD . Application of least privilegeView AnswerAnswer: B

After learning that the security budget will decrease in the next fiscal year, the security manager reprioritizes the upcoming budget. In conducting this analysis, which of the following MOST influences the security manager's decision process?A . Trend analysisB . Business risk acceptanceC . Security best practicesD . Vulnerability analysisView AnswerAnswer:...