Exam Code: CISSP (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Information Systems Security Professional (CISSP)
Certification Provider: ISC2
Free Today! Guaranteed Training- Pass CISSP Exam.

2021 Dec CISSP braindumps

Q161. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems? 

A. A review of hiring policies and methods of verification of new employees 

B. A review of all departmental procedures 

C. A review of all training procedures to be undertaken 

D. A review of all systems by an experienced administrator 

Answer:


Q162. What does secure authentication with logging provide? 

A. Data integrity 

B. Access accountability 

C. Encryption logging format 

D. Segregation of duties 

Answer:


Q163. Which of the following is the FIRST step of a penetration test plan? 

A. Analyzing a network diagram of the target network 

B. Notifying the company's customers 

C. Obtaining the approval of the company's management 

D. Scheduling the penetration test during a period of least impact 

Answer:


Q164. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test? 

A. Hot site 

B. Cold site 

C. Warm site 

D. Mobile site 

Answer:


Q165. Which of the following controls is the FIRST step in protecting privacy in an information system? 

A. Data Redaction 

B. Data Minimization 

C. Data Encryption 

D. Data Storage 

Answer:


Abreast of the times CISSP actual test:

Q166. Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation? 

A. Two-factor authentication 

B. Digital certificates and hardware tokens 

C. Timed sessions and Secure Socket Layer (SSL) 

D. Passwords with alpha-numeric and special characters 

Answer:


Q167. What maintenance activity is responsible for defining, implementing, and testing updates to application systems? 

A. Program change control 

B. Regression testing 

C. Export exception control 

D. User acceptance testing 

Answer:


Q168. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? 

A. Availability 

B. Confidentiality 

C. Integrity 

D. Ownership 

Answer:


Q169. When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? 

A. Topology diagrams 

B. Mapping tools 

C. Asset register 

D. Ping testing 

Answer:


Q170. What is the FIRST step in developing a security test and its evaluation? 

A. Determine testing methods 

B. Develop testing procedures 

C. Identify all applicable security requirements 

D. Identify people, processes, and products not in compliance 

Answer: