CISSP

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?A . After the system preliminary design has been developed and the data security categorization has been performedB . After the vulnerability analysis has been performed and before the system detailed design beginsC . After the...

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?A . Change management processesB . User administration proceduresC . Operating System (OS) baselinesD . System backup documentationView AnswerAnswer: A

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?A . To assist data owners in making future sensitivity and criticality determinationsB . To assure the software development team that all security issues have been addressedC . To verify that security protection remains acceptable to...

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?A . Install mantraps at the building entrancesB . Enclose the personnel entry area with polycarbonate plasticC . Supply a duress alarm for personnel exposed to the...

Topic 2,. Asset Security Which of the following BEST describes the responsibilities of a data owner?A . Ensuring quality and validation through periodic audits for ongoing data integrityB . Maintaining fundamental data availability, including data storage and archivingC . Ensuring accessibility to appropriate users, maintaining appropriate levels of data securityD...

In Business Continuity Planning (BCP), what is the importance of documenting business processes?A . Provides senior management with decision-making toolsB . Establishes and adopts ongoing testing and maintenance strategiesC . Defines who will perform which functions during a disaster or emergencyD . Provides an understanding of the organization's interdependenciesView AnswerAnswer:...

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?A . Disable all unnecessary servicesB . Ensure chain of custodyC . Prepare another backup of the systemD . Isolate the system from the networkView AnswerAnswer: D

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?A . Provide the encrypted passwords and analysis tools to the auditor for analysis.B . Analyze...

When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?A . Create a user profile.B . Create a user access matrix.C . Develop an Access Control...

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?A . Check arguments in function callsB . Test for the security patch level of the environmentC . Include logging functionsD . Digitally sign each application moduleView AnswerAnswer:...