After you have decided to acquire CISSP documentation and you just are in possession of a thought on what you will end up researching then simply sign up to a boot camps accessible. All these can provide the hands-on practical knowledge and provide one of the most considerable programs about. You have the frequent CISSP bootcamp the place you will get a more expertise in ISC2 Teaching and ISC2 Marketing communications. Youll learn different needs and lastly a terms being used.

2021 Nov CISSP exam question

Q211. What is an effective practice when returning electronic storage media to third parties for repair? 

A. Ensuring the media is not labeled in any way that indicates the organization's name. 

B. Disassembling the media and removing parts that may contain sensitive data. 

C. Physically breaking parts of the media that may contain sensitive data. 

D. Establishing a contract with the third party regarding the secure handling of the media. 

Answer:


Q212. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue? 

A. Implement strong passwords authentication for VPN 

B. Integrate the VPN with centralized credential stores 

C. Implement an Internet Protocol Security (IPSec) client 

D. Use two-factor authentication mechanisms 

Answer:


Q213. Which of the following methods can be used to achieve confidentiality.and integrity.for data in transit? 

A. Multiprotocol Label Switching (MPLS) 

B. Internet Protocol Security (IPSec) 

C. Federated identity management 

D. Multi-factor authentication 

Answer:


Q214. Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived threshold of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

Answer:


Q215. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan? 

A. Communication 

B. Planning 

C. Recovery 

D. Escalation 

Answer:


Up to date CISSP download:

Q216. Which of the following is an essential element of a privileged identity lifecycle management? 

A. Regularly perform account re-validation and approval 

B. Account provisioning based on multi-factor authentication 

C. Frequently review performed activities and request justification 

D. Account information to be provided by supervisor or line manager 

Answer:


Q217. When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)? 

A. Retain intellectual property rights through contractual wording. 

B. Perform overlapping code reviews by both parties. 

C. Verify that the contractors attend development planning meetings. 

D. Create a separate contractor development environment. 

Answer:


Q218. By.carefully.aligning.the.pins.in.the.lock, which of the following defines the opening of a mechanical lock without the proper key? 

A. Lock pinging 

B. Lock picking 

C. Lock bumping 

D. Lock bricking 

Answer:


Q219. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives? 

A. Severity of risk 

B. Complexity of strategy 

C. Frequency of incidents 

D. Ongoing awareness 

Answer:


Q220. Refer.to the information below to answer the question. 

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised? 

A. Availability 

B. Integrity 

C. Accountability 

D. Confidentiality 

Answer: