Venture forth in your academic quest, buoyed by the scholarly prowess of the CISSP dumps. Ingeniously aligned to the multifarious demands of the curriculum, the CISSP dumps project a rich tapestry of practice questions, fostering profound insights. Whether the eloquent prose of PDFs captivates or the vibrant vignettes of the VCE format engage, the CISSP dumps deliver unparalleled excellence. A strategic study guide, the cornerstone of the CISSP dumps, hones focus on pivotal themes, ensuring academic finesse. With an unwavering trust in the merits of our arsenal, we unequivocally reiterate our 100% Pass Guarantee.
Embark on your CISSP exam journey with our complimentary resources and authentic questions
Question 1:
Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?
A. Transport and Session
B. Data-Link and Transport
C. Network and Session
D. Physical and Data-Link
Correct Answer: B
Question 2:
What are facets of trustworthy software in supply chain operations?
A. Functionality, safety, reliability, integrity, and accuracy
B. Confidentiality, integrity, availability, authenticity, and possession
C. Safety, reliability, availability, resilience, and security
D. Reparability, security, upgradability, functionality, and accuracy
Correct Answer: D
Question 3:
Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
A. Cross Origin Resource Sharing (CORS)
B. WebSockets
C. Document Object Model (DOM) trees
D. Web Interface Definition Language (IDL)
Correct Answer: B
Question 4:
A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?
A. Federated identity
B. Cloud Active Directory (AD)
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)
Correct Answer: A
Question 5:
What is the MOST effective countermeasure to a malicious code attack against a mobile system?
A. Sandbox
B. Change control
C. Memory management
D. Public-Key Infrastructure (PKI)
Correct Answer: A
Question 6:
Who is responsible for the protection of information when it is shared with or provided to other organizations?
A. Systems owner
B. Authorizing Official (AO)
C. Information owner
D. Security officer
Correct Answer: C
Question 7:
Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?
A. Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.
B. Conduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.
C. Respond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.
D. Analyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.
Correct Answer: A
Question 8:
Concerning appropriate data retention policies, which of the following is the MAIN risk factor for the availability of archived information?
A. Data stored in third-party environments.
B. Data maintained offline requires a higher time to access.
C. Data recorded in obsolete media cannot be read.
D. Retention of data involves a cost.
Correct Answer: C
Reference: https://www.techtarget.com/searchdatabackup/definition/data-retention-policy
Question 9:
An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?
A. Presentation
B. Transport
C. Session
D. Application
Correct Answer: D
Question 10:
An organization wants a service provider to authenticate users via the users\’ organization domain credentials. Which markup language should the organization\’s security personnel use to support the integration?
A. Security Assertion Markup Language (SAML)
B. YAML Ain\’t Markup Language (YAML)
C. Hypertext Markup Language (HTML)
D. Extensible Markup Language (XML)
Correct Answer: A
Question 11:
Which of the following System and Organization Controls (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?
A. SOC 1 Type1
B. SOC 1Type2
C. SOC 2 Type 1
D. SOC 2 Type 2
Correct Answer: D
Question 12:
Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
A. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)
B. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)
C. Diffie-hellman (DH) key exchange: DH (=2048 bits)
D. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) < 128 bits
Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)
Correct Answer: C
Question 13:
An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization\’s general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?
A. Buffer overflow
B. Weak password able to lack of complexity rules
C. Distributed Denial of Service (DDoS)
D. Cross-Site Scripting (XSS)
Correct Answer: A
Question 14:
Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
A. Use a thumb drive to transfer information from a foreign computer.
B. Do not take unnecessary information, including sensitive information.
C. Connect the laptop only to well-known networks like the hotel or public Internet cafes.
D. Request international points of contact help scan the laptop on arrival to ensure it is protected.
Correct Answer: B
Question 15:
Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?
A. Focus on operating environments that are changing, evolving, and full of emerging threats.
B. Secure information technology (IT) systems that store, process, or transmit organizational information.
C. Enable management to make well-informed risk-based decisions justifying security expenditure.
D. Provide an improved mission accomplishment approach.
Correct Answer: C