Free ISC2 CISSP Exam Dumps and CISSP Exam Questions

Question No: 21

MultipleChoice

An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

Options

AThe CSP determines data criticality.

BThe CSP provides end-to-end encryption services.

CThe CSP's privacy policy may be developer by the organization.

DThe CSP may not be subject to the organization's country legation.

Question No: 22

MultipleChoice

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?

Options

ATurn the computer on and collect volatile data.

BTurn the computer on and collect network information.

CLeave the computer off and prepare the computer for transportation to the laboratory

DRemove the hard drive, prepare it for transportation, and leave the hardware ta the scene.

Question No: 23

MultipleChoice

An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?

Options

ATape backup rotation

BPre-existing backup tapes

CTape backup compression

DBackup tape storage location

Question No: 24

MultipleChoice

Match the types of e-authentication tokens to their description.

Options

ADrag each e-authentication token on the left to its corresponding description on the right.

BLook-up secret token - A physical or electronic token that stores a set of secrets between the claimant and the credential service provider

COut-of-Band Token - A physical token that is uniquely addressable and can receive a verifier-selected secret for one-time use

DPre-registered Knowledge Token - A series of responses to a set of prompts or challenges established by the subscriber and credential service provider during the registration process
Memorized Secret Token - A secret shared between the subscriber and credential service provider that is typically character strings

Question No: 25

MultipleChoice

Which of the following would be the FIRST step to take when implementing a patch management program?

Options

APerform automatic deployment of patches.

BMonitor for vulnerabilities and threats.

CPrioritize vulnerability remediation.

DCreate a system inventory.

Question No: 26

MultipleChoice

Which of the following is strategy of grouping requirements in developing a security Test and Evaluation (ST&E)?

Options

AStandards, policies, and procedures

BDocumentation, observation, and manual

CTactical, strategic, and financial

DManagement, operational, and technical

Question No: 27

MultipleChoice

Which of the following should be included a hardware retention policy?

Options

AA plan to retain date required only for business purposes and a retention schedule

BRetention of all sensitive data on media and hardware

CThe use of encryption technology to encrypt sensitive data prior to retention

DRetention of data for only one week and outsourcing the retention to a third-party vendor

Question No: 28

MultipleChoice

Which of the following is a method of attacking internet protocol (IP) v6 Layer 3 and Layer 4?

Options

AInternet Control Message Protocol (ICMP) flooding

BMedia Access Control (MAC) flooding

CDomain Name Server (DNS) cache poisoning

DSynchronize sequence numbers (SYN) flooding

Question No: 29

MultipleChoice

Which of the following is the GREATEST security risk associated with the use of identity as a service (IDaaS) when an organization is developing its own software?

Options

AIncreased likelihood of confidentiality breach

BDenial of access due to reduced availability

CSecurity Assertion Markup Language (SAML) integration

DIncompatibility with Federated Identity Management (FIM)

Question No: 30

MultipleChoice

Why are mobile devices sometimes difficult to investigate in a forensic examination?

Options

AThere are no forensic tools available for examination.

BThey may have proprietary software installed to protect them.

CThey have password-based security at logon.

DThey may contain cryptographic protection.