How to pass cissp exam easily with less time? We provides the most valid cissp new questions to boost your success rate in ISC Certification cissp Certified Information Systems Security Professional exam. If you are one of the successful candidates with We cissp actual tests, do not hesitate to share your reviews on our ISC Certification materials.
Visit our site to get more cissp Q and As:https://www.leads4pass.com/CISSP.html (1594 QAs Dumps)
Question 1:
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate?
A. Directory traversal
B. Structured Query Language (SQL) injection
C. Cross-Site Scripting (XSS)
D. Shellcode injection
Correct Answer: B
Question 2:
Which type of test would an organization perform in order to locate and target exploitable defects?
A. Penetration
B. System
C. Performance
D. Vulnerability
Correct Answer: A
Question 3:
What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?
A. Purging
B. Encryption
C. Destruction
D. Clearing
Correct Answer: A
Question 4:
Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?
A. Stateful inspection firewall
B. Application-level firewall
C. Content-filtering proxy
D. Packet-filter firewall
Correct Answer: A
Question 5:
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover.
Which access control mechanism would be preferred?
A. Attribute Based Access Control (ABAC)
B. Discretionary Access Control (DAC)
C. Mandatory Access Control (MAC)
D. Role-Based Access Control (RBAC)
Correct Answer: D
Question 6:
Which of the following is the MOST common method of memory protection?
A. Compartmentalization
B. Segmentation
C. Error correction
D. Virtual Local Area Network (VLAN) tagging
Correct Answer: B
Question 7:
An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?
A. The Data Protection Authority (DPA)
B. The Cloud Service Provider (CSP)
C. The application developers
D. The data owner
Correct Answer: B
Question 8:
In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill?
A. a functional evacuation of personnel
B. a specific test by response teams of individual emergency response functions
C. an activation of the backup site
D. a full-scale simulation of an emergency and the subsequent response functions.
Correct Answer: D
Question 9:
Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?
A. undergo a security assessment as part of authorization process
B. establish a risk management strategy
C. harden the hosting server, and perform hosting and application vulnerability scans
D. establish policies and procedures on system and services acquisition
Correct Answer: D
Question 10:
Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?
A. Have the service provider block the soiree address.
B. Have the soiree service provider block the address.
C. Block the soiree address at the firewall.
D. Block all inbound traffic until the flood ends.
Correct Answer: C
Question 11:
Which of the following is a common characteristic of privacy?
A. Provision for maintaining an audit trail of access to the private data
B. Notice to the subject of the existence of a database containing relevant credit card data
C. Process for the subject to inspect and correct personal data on-site
D. Database requirements for integration of privacy data
Correct Answer: A
Question 12:
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
A. Inert gas fire suppression system
B. Halon gas fire suppression system
C. Dry-pipe sprinklers
D. Wet-pipe sprinklers
Correct Answer: A
Question 13:
What is the most effective form of media sanitization to ensure residual data cannot be retrieved?
A. Clearing
B. Destroying
C. Purging
D. Disposal
Correct Answer: B
Question 14:
Which of the following BEST describles a protection profile (PP)?
A. A document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs.
B. A document that expresses an implementation dependent set of security retirements which contains only the security functional requirements.
C. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST).
D. A document that is used to develop an Information Technology (IT) security product from Its security requirements definition.
Correct Answer: A
Question 15:
Company A is evaluating new software to replace an in-house developed application.
During the acquisition process. Company A specified the security retirement, as well as the functional requirements.
Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.
Based upon Company B\’s response, what step should Company A take?
A. Move ahead with the acpjisition process, and purchase the flagship software
B. Conduct a security review of the OS
C. Perform functionality testing
D. Enter into contract negotiations ensuring Service Level Agreements (SLA) are established to include security patching
Correct Answer: B
Visit our site to get more cissp Q and As:https://www.leads4pass.com/CISSP.html (1594 QAs Dumps)