Examcollection offers free demo for best cissp book exam. "Certified Information Systems Security Professional (CISSP)", also known as cissp book exam, is a ISC2 Certification. This set of posts, Passing the ISC2 cissp exam fee exam, will help you answer those questions. The cissp certification Questions & Answers covers all the knowledge points of the real exam. 100% real ISC2 cissp vs cisa exams and revised by experts!

Q161. Which of the following is the PRIMARY.security.concern associated with the implementation of smart cards? 

A. The cards have limited memory 

B. Vendor application compatibility 

C. The cards can be misplaced 

D. Mobile code can be embedded in the card 

Answer:


Q162. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? 

A. Configure secondary servers to use the primary server as a zone forwarder. 

B. Block all Transmission Control Protocol (TCP) connections. 

C. Disable all recursive queries on the name servers. 

D. Limit zone transfers to authorized devices. 

Answer:


Q163. For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing? 

A. Hash functions 

B. Data segregation 

C. File system permissions 

D. Non-repudiation controls 

Answer:


Q164. The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it 

A. exploits weak authentication to penetrate networks. 

B. can be detected with signature analysis. 

C. looks like normal network activity. 

D. is commonly confused with viruses or worms. 

Answer:


Q165. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial? 

A. Testing phase 

B. Development phase 

C. Requirements definition phase 

D. Operations and maintenance phase 

Answer:


Q166. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used? 

A. Trusted path 

B. Malicious logic 

C. Social engineering 

D. Passive misuse 

Answer:


Q167. Which of the following is a method used to prevent Structured Query Language (SQL) 

injection attacks? 

A. Data compression 

B. Data classification 

C. Data warehousing 

D. Data validation 

Answer:


Q168. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network? 

A. Anti-virus software 

B. Intrusion Prevention System (IPS) 

C. Anti-spyware software 

D. Integrity checking software 

Answer:


Q169. Data leakage of sensitive information is MOST often.concealed.by which of the following? 

A. Secure Sockets Layer (SSL).

B. Secure Hash Algorithm (SHA) 

C. Wired Equivalent Privacy (WEP) 

D. Secure Post Office Protocol (POP) 

Answer:


Q170. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected? 

A. Trojan horse 

B. Denial of Service (DoS) 

C. Spoofing 

D. Man-in-the-Middle (MITM) 

Answer: