★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/CISSP-dumps.html
Actual of CISSP exam answers materials and lab for ISC2 certification for customers, Real Success Guaranteed with Updated CISSP pdf dumps vce Materials. 100% PASS Certified Information Systems Security Professional (CISSP) exam Today!
2021 Aug cissp study guide:
Q11. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
A. Spoofing
B. Eavesdropping
C. Man-in-the-middle
D. Denial of service
Answer: C
Q12. Which of the following is a critical factor for implementing a successful data classification program?
A. Executive sponsorship
B. Information security sponsorship
C. End-user acceptance
D. Internal audit acceptance
Answer: A
Q13. Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?
A. dig
B. ifconfig
C. ipconfig
D. nbtstat
Answer: A
Q14. The birthday attack is MOST effective against which one of the following cipher technologies?
A. Chaining block encryption
B. Asymmetric cryptography
C. Cryptographic hash
D. Streaming cryptography
Answer: C
Q15. When transmitting information over public networks, the decision to encrypt it should be based on
A. the estimated monetary value of the information.
B. whether there are transient nodes relaying the transmission.
C. the level of confidentiality of the information.
D. the volume of the information.
Answer: C
Avant-garde cissp:
Q16. An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.
B. The service provider will segregate the data within its systems and ensure that each region's policies are met.
C. The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.
D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.
Answer: D
Q17. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
A. Smurf
B. Rootkit exploit
C. Denial of Service (DoS)
D. Cross site scripting (XSS)
Answer: D
Q18. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
A. Use of a unified messaging.
B. Use of separation for the voice network.
C. Use of Network Access Control (NAC) on switches.
D. Use of Request for Comments (RFC) 1918 addressing.
Answer: B
Q19. The.Hardware Abstraction Layer (HAL).is implemented in the
A. system software.
B. system hardware.
C. application software.
D. network hardware.
Answer: A
Q20. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?
A. Secondary use of the data by business users
B. The organization's security policies and standards
C. The business purpose for which the data is to be used
D. The overall protection of corporate resources and data
Answer: B