Tips for cissp salary
Your success in ISC2 isc2 cissp is our sole target and we develop all our cissp exam braindumps in a way that facilitates the attainment of this target. Not only is our cissp sybex study material the best you can find, it is also the most detailed and the most updated. isc2 cissp Practice Exams for ISC2 cissp certification cost are written to the highest standards of technical accuracy.
Q1. Which one of the following is a common risk with network configuration management?
A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.
Q2. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include
A. hardened building construction with consideration of seismic factors.
B. adequate distance from and lack of access to adjacent buildings.
C. curved roads approaching the data center.
D. proximity to high crime areas of the city.
Q3. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to
A. encrypt the contents of the repository and document any exceptions to that requirement.
B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
C. keep individuals with access to high security areas from saving those documents into lower security areas.
D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
Q4. Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?
A. Automatically create exceptions for specific actions or files
B. Determine which files are unsafe to access and blacklist them
C. Automatically whitelist actions or files known to the system
D. Build a baseline of normal or safe system events for review
Q5. What does an organization FIRST review to assure compliance with privacy requirements?
A. Best practices
B. Business objectives
C. Legal and regulatory mandates
D. Employee's compliance to policies and standards
Q6. Refer.to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
In a Bell-LaPadula system, which user cannot write to File 3?
A. User A
B. User B
C. User C
D. User D
Q7. Secure Sockets Layer (SSL) encryption protects
A. data at rest.
B. the source IP address.
C. data transmitted.
D. data availability.
Q8. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
Q9. Which of the following is the MOST beneficial to review when performing an IT audit?
A. Audit policy
B. Security log
C. Security policies
D. Configuration settings
Q10. The goal of a Business Continuity Plan (BCP) training and awareness program is to
A. enhance the skills required to create, maintain, and execute the plan.
B. provide for a high level of recovery in case of disaster.
C. describe the recovery organization to new employees.
D. provide each recovery team with checklists and procedures.