★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/CISSP-dumps.html
Proper study guides for Update ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 cissp requirements preparation products which designed to deliver the Actual best cissp book questions by making you pass the cissp exam cram test at your first time. Try the free cissp bootcamp demo right now.
Q41. Data leakage of sensitive information is MOST often.concealed.by which of the following?
A. Secure Sockets Layer (SSL).
B. Secure Hash Algorithm (SHA)
C. Wired Equivalent Privacy (WEP)
D. Secure Post Office Protocol (POP)
Answer: A
Q42. Which of the following is generally indicative of a replay attack when dealing with biometric authentication?
A. False Acceptance Rate (FAR) is greater than 1 in 100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match
Answer: D
Q43. Logical access control programs are MOST effective when they are
A. approved by external auditors.
B. combined with security token technology.
C. maintained by computer security officers.
D. made part of the operating system.
Answer: D
Q44. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
A. Application monitoring procedures
B. Configuration control procedures
C. Security audit procedures
D. Software patching procedures
Answer: B
Q45. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of.Synchronize/Acknowledge (SYN/ACK) packets to the
A. default gateway.
B. attacker's address.
C. local interface being attacked.
D. specified source address.
Answer: D
Q46. Which of the following MUST be done when promoting a security awareness program to senior management?
A. Show the need for security; identify the message and the audience
B. Ensure that the security presentation is designed to be all-inclusive
C. Notify them that their compliance is mandatory
D. Explain how hackers have enhanced information security
Answer: A
Q47. Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A. Remove their computer access
B. Require them to turn in their badge
C. Conduct an exit interview
D. Reduce their physical access level to the facility
Answer: A
Q48. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?
A. International Organization for Standardization (ISO) 27000 family
B. Information Technology Infrastructure Library (ITIL)
C. Payment Card Industry Data Security Standard (PCIDSS)
D. ISO/IEC 20000
Answer: A
Q49. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and.the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before.the.data security categorization begins
Answer: B
Q50. Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Answer: B