CISSP exam

An input validation and exception handling vulnerability has been discovered on a critical web-based system . Which of the following is MOST suited to quickly implement a control?A . Add a new rule to the application layer firewallB . Block access to the serviceC . Install an Intrusion Detection System...

Which of the following is the FIRST step in the incident response process?A . Determine the cause of the incidentB . Disconnect the system involved from the networkC . Isolate and contain the system involvedD . Investigate all symptoms to confirm the incidentView AnswerAnswer: D

Users require access rights that allow them to view the average salary of groups of employees . Which control would prevent the users from obtaining an individual employee’s salary?A . Limit access to predefined queriesB . Segregate the database into a small number of partitions each with a separate security...

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?A . Role Based Access Control (RBAC)B . Biometric access controlC . Federated Identity Management (IdM)D . Application hardeningView AnswerAnswer: A

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?A . Install mantraps at the building entrancesB . Enclose the personnel entry area with polycarbonate plasticC . Supply a duress alarm for personnel exposed to the...

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?A . Layer 2 Tunneling Protocol (L2TP)B . Link Control Protocol (LCP)C . Challenge Handshake Authentication Protocol (CHAP)D . Packet Transfer Protocol (PTP)View AnswerAnswer: B

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?A . Hardware and software compatibility issuesB . Applications’ critically and downtime toleranceC . Budget constraints and requirementsD . Cost/benefit analysis and business objectivesView AnswerAnswer: D

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer . Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?A . Implement packet filtering on the...

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?A . Challenge Handshake Authentication Protocol (CHAP)B . Point-to-Point Protocol (PPP)C . Extensible Authentication Protocol (EAP)D . Password Authentication Protocol (PAP)View AnswerAnswer: A

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be takenB . Technical teams will understand the testing objectives, testing strategies applied, and...