CISSP exam

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?A . Trusted third-party certificationB . Lightweight Directory Access Protocol (LDAP)C . Security Assertion Markup language (SAML)D . Cross-certificationView AnswerAnswer: C

Which of the following is the BEST method to prevent malware from being introduced into a production environment?A . Purchase software from a limited list of retailersB . Verify the hash key or certificate key of all updatesC . Do not permit programs, patches, or updates from the InternetD ....

Which of the following represents the GREATEST risk to data confidentiality?A . Network redundancies are not implementedB . Security awareness training is not completedC . Backup tapes are generated unencryptedD . Users have administrative privilegesView AnswerAnswer: C

Which one of the following is a fundamental objective in handling an incident?A . To restore control of the affected systemsB . To confiscate the suspect's computersC . To prosecute the attackerD . To perform full backups of the systemView AnswerAnswer: A

The BEST method of demonstrating a company's security level to potential customers isA . a report from an external auditor.B . responding to a customer's security questionnaire.C . a formal report from an internal auditor.D . a site visit by a customer's security team.View AnswerAnswer: A

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be takenB . Technical teams will understand the testing objectives, testing strategies applied, and...

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?A . Common Vulnerabilities and Exposures (CVE)B . Common Vulnerability Scoring System (CVSS)C . Asset Reporting Format (ARF)D . Open Vulnerability and Assessment Language (OVAL)View AnswerAnswer: B

When implementing a data classification program, why is it important to avoid too much granularity?A . The process will require too many resourcesB . It will be difficult to apply to both hardware and softwareC . It will be difficult to assign ownership to the dataD . The process will...

What is the PRIMARY reason for implementing change management?A . Certify and approve releases to the environmentB . Provide version rollbacks for system changesC . Ensure that all applications are approvedD . Ensure accountability for changes to the environmentView AnswerAnswer: D

Why must all users be positively identified prior to using multi-user computers?A . To provide access to system privilegesB . To provide access to the operating systemC . To ensure that unauthorized persons cannot access the computersD . To ensure that management knows what users are currently logged onView AnswerAnswer:...