File Info
| Exam | Certified Information Systems Security Professional |
| Number | CISSP |
| File Name | ISC.CISSP.ActualTests.2021-05-13.386q.vcex |
| Size | 1023 KB |
| Posted | May 13, 2021 |
| Downloads: | 2 |
| Download | ISC.CISSP.ActualTests.2021-05-13.386q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
- determine the risk of a business interruption occurring
- determine the technological dependence of the business processes
- Identify the operational impacts of a business interruption
- Identify the financial impacts of a business interruption
Correct answer: B
Question 2
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
- Examine the device for physical tampering
- Implement more stringent baseline configurations
- Purge or re-image the hard disk drive
- Change access codes
Correct answer: B
Question 3
Which of the following represents the GREATEST risk to data confidentiality?
- Network redundancies are not implemented
- Security awareness training is not completed
- Backup tapes are generated unencrypted
- Users have administrative privileges
Correct answer: C
Question 4
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
- Ensure the fire prevention and detection systems are sufficient to protect personnel
- Review the architectural plans to determine how many emergency exits are present
- Conduct a gap analysis of a new facilities against existing security requirements
- Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Correct answer: C
Question 5
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP).
Which of the following failures should the IT manager be concerned with?
- Application
- Storage
- Power
- Network
Correct answer: C
Question 6
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002,
when can management responsibilities be defined?
- Only when assets are clearly defined
- Only when standards are defined
- Only when controls are put in place
- Only procedures are defined
Correct answer: A
Question 7
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
- Install mantraps at the building entrances
- Enclose the personnel entry area with polycarbonate plastic
- Supply a duress alarm for personnel exposed to the public
- Hire a guard to protect the public area
Correct answer: C
Question 8
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
- Development, testing, and deployment
- Prevention, detection, and remediation
- People, technology, and operations
- Certification, accreditation, and monitoring
Correct answer: C
Question 9
Intellectual property rights are PRIMARY concerned with which of the following?
- Owner’s ability to realize financial gain
- Owner’s ability to maintain copyright
- Right of the owner to enjoy their creation
- Right of the owner to control delivery method
Correct answer: A
Question 10
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%.
What is the residual risk?
- 25%
- 50%
- 75%
- 100%
Correct answer: A
