CISSP exam

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?A . ApplicationB . StorageC . PowerD . NetworkView AnswerAnswer: C

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?A . Warm siteB . Hot siteC . Mirror siteD . Cold siteView AnswerAnswer: A

An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?A . The service provider's policies are consistent with ISO/IEC27001 and there is...

In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?A . CommunicationB . PlanningC . RecoveryD . EscalationView AnswerAnswer: A

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?A . Install mantraps at the building entrancesB . Enclose the personnel entry area with polycarbonate plasticC . Supply a duress alarm for personnel exposed to the...

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?A . Implement packet filtering on the network...

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?A . Disable all unnecessary servicesB . Ensure chain of custodyC . Prepare another backup of the systemD . Isolate the system from the networkView AnswerAnswer: D

Which of the following is an initial consideration when developing an information security management system?A . Identify the contractual security obligations that apply to the organizationsB . Understand the value of the information assetsC . Identify the level of residual risk that is tolerable to managementD . Identify relevant legislative...

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?A . Limit access to predefined queriesB . Segregate the database into a small number of partitions each with a separate security levelC...

The goal of software assurance in application development is toA . enable the development of High Availability (HA) systems.B . facilitate the creation of Trusted Computing Base (TCB) systems.C . prevent the creation of vulnerable applications.D . encourage the development of open source applications.View AnswerAnswer: C