File Info
| Exam | Certified Information Systems Security Professional |
| Number | CISSP |
| File Name | ISC.CISSP.Train4Sure.2019-01-20.130q.vcex |
| Size | 86 KB |
| Posted | Jan 20, 2019 |
| Downloads: | 1 |
| Download | ISC.CISSP.Train4Sure.2019-01-20.130q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
- Only when assets are clearly defined
- Only when standards are defined
- Only when controls are put in place
- Only procedures are defined
Correct answer: A
Question 2
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
- Install mantraps at the building entrances
- Enclose the personnel entry area with polycarbonate plastic
- Supply a duress alarm for personnel exposed to the public
- Hire a guard to protect the public area
Correct answer: D
Question 3
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
- Development, testing, and deployment
- Prevention, detection, and remediation
- People, technology, and operations
- Certification, accreditation, and monitoring
Correct answer: C
Explanation:
Reference: https://www.giac.org/paper/gsec/3873/information-warfare-cyber-warfare-future-warfare/106165 (14) Reference: https://www.giac.org/paper/gsec/3873/information-warfare-cyber-warfare-future-warfare/106165 (14)
Question 4
Intellectual property rights are PRIMARY concerned with which of the following?
- Owner’s ability to realize financial gain
- Owner’s ability to maintain copyright
- Right of the owner to enjoy their creation
- Right of the owner to control delivery method
Correct answer: D
Question 5
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?
- 25%
- 50%
- 75%
- 100%
Correct answer: A
Question 6
In The Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
- Physical Layer
- Application Layer
- Data-Link Layer
- Network Layer
Correct answer: A
Question 7
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?
- Smurfing
- Man-in-the-Middle (MITM) attack
- Session redirect
- Spoofing
Correct answer: D
Question 8
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
- Security governance
- Risk management
- Security portfolio management
- Risk assessment
Correct answer: B
Question 9
Which of the following mandates the amount and complexity of security controls applied to a security risk?
- Security vulnerabilities
- Risk tolerance
- Risk mitigation
- Security staff
Correct answer: C
Question 10
In a data classification scheme, the data is owned by the
- system security managers
- business managers
- Information Technology (IT) managers
- end users
Correct answer: B
