Vivid of cissp salary actual exam materials and practice exam for ISC2 certification for client, Real Success Guaranteed with Updated cissp exam dates pdf dumps vce Materials. 100% PASS Certified Information Systems Security Professional (CISSP) exam Today!
Q51. What is one way to mitigate the risk of security flaws in.custom.software?
A. Include security language in the Earned Value Management (EVM) contract
B. Include security assurance clauses in the Service Level Agreement (SLA)
C. Purchase only Commercial Off-The-Shelf (COTS) products
D. Purchase only software with no open source Application Programming Interfaces (APIs)
Answer: B
Q52. In a basic SYN flood attack, what is the attacker attempting to achieve?
A. Exceed the threshold limit of the connection queue for a given service
B. Set the threshold to zero for a given service
C. Cause the buffer to overflow, allowing root access
D. Flush the register stack, allowing hijacking of the root account
Answer: A
Q53. The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
A. the user's hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user's face.
Answer: B
Q54. An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use.Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
.As part of the authentication process, which of the following.must.the end user provide?
A. An access token
B. A username and password
C. A username
D. A password
Answer: A
Q55. Which of the following is the MOST crucial for a successful audit plan?
A. Defining the scope of the audit to be performed
B. Identifying the security controls to be implemented
C. Working with the system owner on new controls
D. Acquiring evidence of systems that are not compliant
Answer: A
Q56. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?
A. Detection
B. Prevention
C. Investigation
D. Correction
Answer: A
Q57. Why must all users be positively identified.prior.to using multi-user computers?
A. To provide access to system privileges
B. To provide access to the operating system
C. To ensure that unauthorized persons cannot access the computers
D. To ensure that management knows what users are currently logged on
Answer: C
Q58. Refer.to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A. Human resources policy
B. Acceptable use policy
C. Code of ethics
D. Access control policy
Answer: B
Q59. What is an effective practice when returning electronic storage media to third parties for repair?
A. Ensuring the media is not labeled in any way that indicates the organization's name.
B. Disassembling the media and removing parts that may contain sensitive data.
C. Physically breaking parts of the media that may contain sensitive data.
D. Establishing a contract with the third party regarding the secure handling of the media.
Answer: D
Q60. What component of a web application that stores the session state in a cookie can be bypassed by an attacker?
A. An initialization check
B. An identification check
C. An authentication check
D. An authorization check
Answer: C