CISSP

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?A . Only when assets are clearly definedB . Only when standards are definedC . Only when controls are put in placeD . Only procedures...

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?A . Continuously without exception for all security controlsB . Before and after each change of the controlC . At a rate concurrent with the volatility of the security controlD . Only during system...

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?A . Limit access to predefined queriesB . Segregate the database into a small number of partitions each with a separate security levelC...

Which of the following is the FIRST step in the incident response process?A . Determine the cause of the incidentB . Disconnect the system involved from the networkC . Isolate and contain the system involvedD . Investigate all symptoms to confirm the incidentView AnswerAnswer: D

Which of the following statements is TRUE for point-to-point microwave transmissions?A . They are not subject to interception due to encryption.B . Interception only depends on signal strength.C . They are too highly multiplexed for meaningful interception.D . They are subject to interception by an antenna within proximity.View AnswerAnswer: D

Which of the following is a network intrusion detection technique?A . Statistical anomalyB . Perimeter intrusionC . Port scanningD . Network spoofingView AnswerAnswer: A

Topic 9, Exam Set A Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?A . Anti-tamperingB . Secure card readerC . Radio Frequency (RF) scannerD . Intrusion Prevention System (IPS)View AnswerAnswer: A

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementationView AnswerAnswer: A Explanation: Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?A . Layer 2 Tunneling Protocol (L2TP)B . Link Control Protocol (LCP)C . Challenge Handshake Authentication Protocol (CHAP)D . Packet Transfer Protocol (PTP)View AnswerAnswer: B

What is the PRIMARY reason for implementing change management?A . Certify and approve releases to the environmentB . Provide version rollbacks for system changesC . Ensure that all applications are approvedD . Ensure accountability for changes to the environmentView AnswerAnswer: D