File Info
| Exam | Certified Information Systems Security Professional |
| Number | CISSP |
| File Name | ISC.CISSP.ActualTests.2018-09-07.37q.vcex |
| Size | 22 KB |
| Posted | Sep 07, 2018 |
| Download | ISC.CISSP.ActualTests.2018-09-07.37q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Which of the following represents the GREATEST risk to data confidentiality?
- Network redundancies are not implemented
- Security awareness training is not completed
- Backup tapes are generated unencrypted
- Users have administrative privileges
Correct answer: C
Question 2
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
- Ensure the fire prevention and detection systems are sufficient to protect personnel
- Review the architectural plans to determine how many emergency exits are present
- Conduct a gap analysis of a new facilities against existing security requirements
- Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Correct answer: C
Question 3
Which of the following is an initial consideration when developing an information security management system?
- Identify the contractual security obligations that apply to the organizations
- Understand the value of the information assets
- Identify the level of residual risk that is tolerable to management
- Identify relevant legislative and regulatory compliance requirements
Correct answer: B
Question 4
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
- Personal Identity Verification (PIV)
- Cardholder Unique Identifier (CHUID) authentication
- Physical Access Control System (PACS) repeated attempt detection
- Asymmetric Card Authentication Key (CAK) challenge-response
Correct answer: C
Question 5
Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?
- Confidentiality
- Integrity
- Identification
- Availability
Correct answer: A
Question 6
Which of the following mobile code security models relies only on trust?
- Code signing
- Class authentication
- Sandboxing
- Type safety
Correct answer: A
Explanation:
Reference: https://csrc.nist.gov/csrc/media/publications/conference-paper/1999/10/21/proceedings-of-the-22nd-nissc-1999/documents/papers/t09.pdf (11) Reference: https://csrc.nist.gov/csrc/media/publications/conference-paper/1999/10/21/proceedings-of-the-22nd-nissc-1999/documents/papers/t09.pdf (11)
Question 7
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
- Hashing the data before encryption
- Hashing the data after encryption
- Compressing the data after encryption
- Compressing the data before encryption
Correct answer: A
Question 8
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
- Implementation Phase
- Initialization Phase
- Cancellation Phase
- Issued Phase
Correct answer: D
Question 9
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
- Common Vulnerabilities and Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Asset Reporting Format (ARF)
- Open Vulnerability and Assessment Language (OVAL)
Correct answer: B
Question 10
Who in the organization is accountable for classification of data information assets?
- Data owner
- Data architect
- Chief Information Security Officer (CISO)
- Chief Information Officer (CIO)
Correct answer: A
