CISSP

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?A . Implement packet filtering on the network...

Topic 3, . Security Architecture and Engineering Who in the organization is accountable for classification of data information assets?A . Data ownerB . Data architectC . Chief Information Security Officer (CISO)D . Chief Information Officer (CIO)View AnswerAnswer: A

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?A . Hardware and software compatibility issuesB . Applications’ critically and downtime toleranceC . Budget constraints and requirementsD . Cost/benefit analysis and business objectivesView AnswerAnswer: D

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?A . Take the computer to a forensic labB . Make a copy of the hard driveC . Start documentingD . Turn off the computerView AnswerAnswer: C

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?A . Examine the device for physical tamperingB . Implement more stringent baseline configurationsC . Purge or re-image the hard disk driveD . Change access codesView AnswerAnswer: D

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions thatA . determine the risk of a business interruption occurringB . determine the technological dependence of the business processesC . Identify the operational impacts of a business interruptionD . Identify the financial impacts...

Which one of the following describes granularity?A . Maximum number of entries available in an Access Control List (ACL)B . Fineness to which a trusted system can authenticate usersC . Number of violations divided by the number of total accessesD . Fineness to which an access control system can be...

What is the ultimate objective of information classification?A . To assign responsibility for mitigating the risk to vulnerable systemsB . To ensure that information assets receive an appropriate level of protectionC . To recognize that the value of any item of information may change over timeD . To recognize the...

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?A . The organization's current security policies concerning privacy issuesB . Privacy-related regulations enforced by governing bodies applicable to the organizationC . Privacy best...

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), theA . confidentiality of the traffic is protected.B . opportunity to sniff network traffic exists.C . opportunity for device identity spoofing is eliminated.D . storage devices are protected against availability...