• Home
  • Articles
  • [Q121-Q145] CISSP Certification Exam Dumps Questions in here [May-2024]

[Q121-Q145] CISSP Certification Exam Dumps Questions in here [May-2024]

Share

CISSP Certification Exam Dumps Questions in here [May-2024]

Updated CISSP Exam Practice Test Questions


Earning the ISC CISSP certification can lead to a variety of career opportunities in information security, including roles such as security analyst, security consultant, security manager, and chief information security officer. It can also lead to higher salaries and increased job security. Overall, the ISC CISSP certification is an excellent way for information security professionals to advance their careers and demonstrate their expertise in the field.

 

NEW QUESTION # 121
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

  • A. A strong breach notification process
  • B. Continuous monitoring of potential vulnerabilities
  • C. End-to-end data encryption for data in transit
  • D. Limited collection of individuals' confidential data

Answer: D

Explanation:
Section: Security Architecture and Engineering


NEW QUESTION # 122
Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

  • A. The client machine has a personal firewall and utilizes a Virtual Private Network (VPN) to connect to the network.
  • B. The wireless Access Point (AP) is placed in the internal private network.
  • C. The client machine has antivirus software and has been seamed to determine if unauthorized ports are open.
  • D. Extensible Authentication Protocol (EAP) is utilized to authenticate the user.

Answer: D


NEW QUESTION # 123
Frame relay and X.25 networks are part of which of the following?

  • A. Dedicated digital services
  • B. Cell-switched services
  • C. Packet-switched services
  • D. Circuit-switched services

Answer: C

Explanation:
Packet-Switched Technologies:
Link Access Procedure-Balanced (LAPB)
Frame Relay
Switched Multimegabit Data Service (SMDS)
Asynchronous Transfer Mode (ATM)
Voice over IP (VoIP)


NEW QUESTION # 124
The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation f the corresponding vulnerability. Therefore, a legal liability exists when?

  • A. C > L
  • B. C > L - (residual risk)
  • C. C < L
  • D. C < L - (residual risk)

Answer: C


NEW QUESTION # 125
What is a limitation of TCP Wrappers?

  • A. It stops packets before they reach the application layer, thus confusing some proxy servers.
  • B. The hosts.* access control system requires a complicated directory tree.
  • C. They are too expensive.
  • D. It cannot control access to running UDP services.

Answer: D

Explanation:
TCP Wrappers can control when a UDP server starts but has little control afterwards because UDP packets can be sent randomly.
The following answers are incorrect:
It stops packets before they reach the application layer, thus confusing some proxy servers. Is incorrect because the TCP Wrapper acts as an ACL restricting packets so would not confuse a proxy server because the packets would not arrive and would not be a limitation.
The hosts.* access control system requires a complicated directory tree. Is incorrect because a simple directory tree is involved.
They are too expensive. Is incorrect because TCP Wrapper is considered open source with a BSD licensing scheme.


NEW QUESTION # 126
Following the completion of a network security assessment, which of the following can BEST be demonstrated?

  • A. All unpatched vulnerabilities have been identified
  • B. The effectiveness of controls can be accurately measured
  • C. A penetration test of the network will fail
  • D. The network is compliant to industry standards

Answer: B


NEW QUESTION # 127
Which of the following items BEST describes the standards addressed
by Title II, Administrative Simplification, of the Health Insurance
Portability and Accountability Act (US Kennedy-Kassebaum Health
Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)?

  • A. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and Privacy
  • B. Security and Electronic Signatures and Privacy
  • C. Transaction Standards, to include Code Sets; Security and Electronic Signatures and Privacy
  • D. Unique Health Identifiers; Security and Electronic Signatures and Privacy

Answer: A

Explanation:
HIPAA was designed to provide for greater access to personal health care information, enable portability of health care insurance, establish strong penalties for health care fraud, and streamline the health care claims process through administrative simplification. To accomplish the latter, Title II of the HIPAA law, Administrative Simplification, requires standardizing the formats for the electronic transmission of health care information. The transactions and code sets portion includes standards for submitting claims, enrollment information, premium payments, and others as adopted by HHS. The standard for transactions is the ANSI ASC X12N version 4010 EDI Standard. Standard code sets are required for diagnoses and inpatient services, professional services, dental services (replaces D' codes), and drugs (instead of J' codes). Also, local codes are not to be used. Unique health identifiers are required to identify health care providers, health plans, employers, and individuals. Security and electronic signatures are specified to protect health care information. Privacy protections are required to ensure that there is no unauthorized disclosure of individually identifiable health care information. The other answers are incorrect since they do not include all four major standards. Additional information can be found at http:// aspe.hhs.gov/adminsimp.


NEW QUESTION # 128
Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Answer:

Explanation:

Explanation
Backup Media
Reference: Official (ISC)2 Guide to the CISSP CBK, Third Edition page 1029


NEW QUESTION # 129
Which is NOT a backup method type?

  • A. Incremental
  • B. Reactive
  • C. Full
  • D. Differential

Answer: B

Explanation:
The correct answer is Reactive. Reactive is not a backup method.


NEW QUESTION # 130
Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites

  • A. Preventive Access Control
  • B. Directive Access Control
  • C. Deterrent Access Control
  • D. Detective Access Control

Answer: B

Explanation:
There are seven access control categories. Below you have the Access Control Types and Categories.
-Access Control Types:
-Administrative
-Policies, data classification and labeling and security awareness training
-Technical
-Hardare - MAC FIltering or perimeter devices like
-Software controls like account logons and encryption, file perms
-Physical
-Guard, fences and locks
-Access Control Categories:
Directive: specify rules of acceptable behavior
-Policy stating users may not use facebook
Deterrent:
-Designed to discourage people from violating security directives
-Logon banner reminding users about being subject to monitoring Preventive:
-Implemented to prevent a security incident or information breach
-Like a fence or file permissions Detective:
-Used to mitigate the loss.
-Example: Logging, IDS with a Firewall Compensating:
-To subsititute for the loss of a primary control of add additinoal mitigation
-Example: Logging, IDS inline with firewall Corrective:
-To remedy circumstance, mitigate damage or restore control
-Example: Fire extinguisher, firing an employee Recovery:
-To restore conditions to normal after a security incident
-Restore files from backup
All these are designed to shape employee behavior to better maintain an environment that supports the business objectives and protects corporate assets.
The following answers are incorrect:
-Deterrent Access Control: This is not right because a deterrent access control discourages people from violating security directives.
-Preventive Access Control: This is incorrect because a preventive access control category is used to simply stop or block unwanted behavior. Users don't have a choice about whether to violate the behavior rules.
-Detective Access Control: Sorry, this isn't a access control category.
The following reference(s) was used to create this question:
2013 Official Security+ Curriculum.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Location 1162). Auerbach Publications. Kindle Edition.


NEW QUESTION # 131
A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

  • A. Discretionary Access Control (DAC)
  • B. Mandatory Access Control (MAC)
  • C. Role Based Access Control (RBAC)
  • D. Network Access Control (NAC)

Answer: D


NEW QUESTION # 132
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

  • A. Virtual private network (VPN) with traffic encryption
  • B. Mobile Device Management (MDM) with device wipe
  • C. Mobile device tracking with geolocation
  • D. Whole device encryption with key escrow

Answer: B


NEW QUESTION # 133
When submitting a passphrase for authentication, the passphrase is converted into:

  • A. a real password by the system which can be used forever.
  • B. a virtual password by the system.
  • C. a new passphrase by the encryption technology
  • D. a new passphrase by the system.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
A passphrase is a sequence of characters that is longer than a password. The user enters this phrase into an application, and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application. (For example, an application may require your virtual password to be 128 bits to be used as a key with the AES algorithm.) If a user wants to authenticate to an application, such as Pretty Good Privacy (PGP), he types in a passphrase, let's say StickWithMeKidAndYouWillWearDiamonds. The application converts this phrase into a virtual password that is used for the actual authentication.
A passphrase is more secure than a password because it is longer, and thus harder to obtain by an attacker. In many cases, the user is more likely to remember a passphrase than a password.
Incorrect Answers:
B: The passphrase is not converted into a new passphrase by the system.
C: The passphrase is not converted into a new passphrase by the encryption technology.
D: The passphrase is not converted into a real password by the system which can be used forever.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 199
http://www.itl.nist.gov/fipspubs/fip112htm


NEW QUESTION # 134
Which of the following would be used to implement Mandatory Access Control (MAC)?

  • A. Clark-Wilson Access Control
  • B. Role-based access control
  • C. User dictated access control
  • D. Lattice-based access control

Answer: D

Explanation:
Explanation/Reference:
Explanation:
A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the lattice model is "a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set."
Two methods are commonly used for applying mandatory access control:
Rule-based (or label-based) access control: This type of control further defines specific conditions for

access to a requested object. A Mandatory Access Control system implements a simple form of rule- based access control to determine whether access should be granted or denied by matching:
- An object's sensitivity label
- A subject's sensitivity label
Lattice-based access control: These can be used for complex access control decisions involving

multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower- bound and least upper-bound values for a pair of elements, such as a subject and an object.
Incorrect Answers:
A: Clark-Wilson Access Control is not used to implement Mandatory Access Control (MAC).
B: Role-based Access Control is not used to implement Mandatory Access Control (MAC).
D: User dictated Access Control is not used to implement Mandatory Access Control (MAC).
References:
https://en.wikipedia.org/wiki/Computer_access_control


NEW QUESTION # 135
In the U.S. Federal Rules of Evidence, Rule 803 (6) permits an exception to the Hearsay Rule regarding business records and computer records.
Which one of the following is NOT a requirement for business or
computer records exception under Rule 803 (6)?

  • A. Made by a person with information transmitted by a person with
    knowledge
  • B. Relied upon in the regular course of business
  • C. Made only by a person with knowledge of the records
  • D. Made during the regular conduct of business and authenticated by
    witnesses familiar with their use

Answer: C

Explanation:
The business or computer records may be made by a person with
information transmitted by a person with knowledge, also. The
other answers are requirements for exceptions to the Hearsay Rule.


NEW QUESTION # 136
Which choice below would NOT be a common element of a transaction
trail?

  • A. Who processed the transaction
  • B. The date and time of the transaction
  • C. Why the transaction was processed
  • D. At which terminal the transaction was processed

Answer: C

Explanation:
Why the transaction was processed is not initially a concern of the audit log, but we will investigate it later. The other three elements are all important information that the audit log of the transaction should record.


NEW QUESTION # 137
Convert Channel Analysis, Trusted Facility Management, and Trusted
Recovery are parts of which book in the TCSEC Rainbow Series?

  • A. Orange Book
  • B. Dark Green Book
  • C. Green Book
  • D. Red Book

Answer: A

Explanation:
The correct answer is Orange Book.
* Answer the Red Book is the Trusted Network
Interpretation (TNI) summary of network requirements (described
in the Telecommunications and Network Security domain).
* The Green Book, is the Department of Defense (DoD) Password Management Guide-line;
* The Dark Green Book, is The Guide to Understanding Data Rema-nence in Automated
Information Systems.


NEW QUESTION # 138
In the US, HIPAA addresses which of the following?

  • A. Accuracy and Privacy
  • B. Security and Availability
  • C. Security and Privacy
  • D. Availability and Accountability

Answer: C


NEW QUESTION # 139
Which choice below is the BEST description of operational assurance?

  • A. Operational assurance is the process of examining audit logs to reveal usage that identifies misuse.
  • B. Operational assurance is the process of performing pre-employment background screening.
  • C. Operational assurance has the benefit of containing and repairing damage from incidents.
  • D. Operational assurance is the process of reviewing an operational system to see that security controls are functioning correctly.

Answer: D

Explanation:
Operational assurance is the process of reviewing an operational
system to see that security controls, both automated and manual, are
functioning correctly and effectively. Operational assurance
addresses whether the systems technical features are being
bypassed or have vulnerabilities and whether required procedures
are being followed.
To maintain operational assurance, organizations use two basic
methods: system audits and monitoring. Asystem audit is a one-time
or periodic event to evaluate security. Monitoring refers to an ongoing activity that examines either the system or the users.
*Answer "Operational assurance is the process of examining audit logs to reveal usage that identifies misuse" is a description of an audit trail review.
Answer "Operational assurance has the benefit of containing and repairing damage from incidents" is a description of a benefit of incident handling. The main benefits of proper incident handling are containing and repairing damage from incidents, and preventing future damagE.
*Answer "Operational assurance is the process of performing pre-employment background screening" describes a personnel control.
Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12.


NEW QUESTION # 140
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?

  • A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
  • B. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorites
  • C. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorites.
  • D. The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard.

Answer: A

Explanation:
A Certificate Revocation List (CRL) is periodically update by a Certificate Authortity (CA), where there may be a delay from the time a certificate has been revoked versus the time it
propgates into the Certificate Revocation List (CRL).
The CA can revoke certificates and provide an update service to the other members of the PKI via
a certificate revocation list (CRL), which is a list of non-valid certificates that should not be
accepted by any member of the PKI. The use of public key (asymmetric) cryptography has
enabled more effective use of symmetric cryptography as well as several other important features,
such as greater access control, nonrepudiation, and digital signatures.
In transactions where there is a need for real-time checks, the Online Certificate Status Protocol
can be used which can obtain the revocation status in a more timely fashion.
From RFC 2560
In lieu of or as a supplement to checking against a periodic CRL, it may be necessary to obtain
timely information regarding the revocation status of a certificate (cf. [RFC2459], Section 3.3).
Examples include high-value funds transfer or large stock trades.
The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation)
state of an identified certificate. OCSP may be used to satisfy some of the operational
requirements of providing more timely revocation information than is possible with CRLs and may
also be used to obtain additional status information. An OCSP client issues a status request to an
OCSP responder and suspends acceptance of the certificate in question until the responder
provides a response.
This protocol specifies the data that needs to be exchanged between an application checking the
status of a certificate and the server providing that status.
The following answers are incorrect:
-
The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard.
-
The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorites.
-
The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorites.
The following reference(s) were/was used to create this question:
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Cryptography (Kindle Locations 2256-2259). . Kindle Edition.
http://www.ietf.org/rfc/rfc2560.txt
http://technet.microsoft.com/en-us/library/cc731027(v=ws.10)
http://www.networkworld.com/reviews/2004/0809revside.html


NEW QUESTION # 141
A hardware RAID implementation is usually:

  • A. operating system dependant.
  • B. platform-independent.
  • C. platform-dependent.
  • D. software dependant.

Answer: B

Explanation:
A hardware RAID implementation is usually platform-independent.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67.


NEW QUESTION # 142
When using Security Assertion markup language (SAML), it is assumed that the principal subject

  • A. is on a system that supports remote authorization.
  • B. enrolls with at least one identity provider.
  • C. allows Secure Sockets Layer (SSL) for data exchanges.
  • D. accepts persistent cookies from the system.

Answer: B


NEW QUESTION # 143
Which of the following media is MOST resistant to EMI interference?

  • A. microwave
  • B. coaxial cable
  • C. fiber optic
  • D. twisted pair

Answer: C

Explanation:
A fiber optic cable is a physical medium that is capable of conducting modulated light transmission. Fiber optic cable carries signals as light waves, thus creating higher transmission speeds and greater distances due to less attenuation. This type of cabling is more difficult to tap than other cabling and is most resistant to interference, especially EMI.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 103).


NEW QUESTION # 144
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

  • A. Block access to the service
  • B. Install an Intrusion Detection System (IDS)
  • C. Patch the application source code
  • D. Add a new rule to the application layer firewall

Answer: D

Explanation:
Section: Communication and Network Security


NEW QUESTION # 145
......


The CISSP certification is aimed at professionals with at least five years of experience in the field of information security, with a focus on cybersecurity. Certified Information Systems Security Professional certification is highly valued by employers and is often considered a prerequisite for senior-level positions in the industry. CISSP exam is designed to assess a candidate's knowledge and skills in various areas of information security, including access control, cryptography, network security, and more.


How much Score needed for Passing the ISC CISSP exam

The passing Score of the ISC CISSP exam is 700 out of 1000 points.

 

Pass ISC Certification CISSP Exam With 1481 Questions: https://examsites.premiumvcedump.com/ISC/valid-CISSP-premium-vce-exam-dumps.html

Related Articles

more
ISC CISSP Certification Practice Exam