Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

Login / Register  Shopping Cart (0)
  • Home
  • Articles
  • 2022 100% Free CISSP Daily Practice Exam With 990 Questions [Q446-Q462]

2022 100% Free CISSP Daily Practice Exam With 990 Questions [Q446-Q462]

Share

2022 100% Free CISSP Daily Practice Exam With 990 Questions

CISSP exam torrent ISC study guide

NEW QUESTION 446
What is the most effective form of media sanitization to ensure residual data cannot be retrieved?

  • A. Destroying
  • B. Clearing
  • C. Disposal
  • D. Purging

Answer: A

 

NEW QUESTION 447
When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

  • A. Type of potential loss
  • B. Information ownership
  • C. Countermeasure effectiveness
  • D. Incident likelihood

Answer: D

 

NEW QUESTION 448
Which of the following statements pertaining to software testing approaches is correct?

  • A. A top-down approach allows errors in critical modules to be detected earlier
  • B. A bottom-up approach allows interface errors to be detected earlier
  • C. Black box testing is predicated on a close examination of procedural detail
  • D. The test plan and results should be retained as part of the system's permanent documentation

Answer: D

 

NEW QUESTION 449
Which of the following statements pertaining to the trusted computing base (TCB) is false?

  • A. It includes hardware, firmware and software.
  • B. Its enforcement of security policy is independent of parameters supplied by system administrators.
  • C. It is defined in the Orange Book.
  • D. A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity.

Answer: B

Explanation:
The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within it and the correct input by system administrative personnel of parameters related to security policy. For example, if Jane only has a "CONFIDENTIAL" clearence, a system administrator could foil the correct operation of a TCB by providing input to the system that gave her a "SECRET" clearence.
"It is defined in the Orange Book" is an incorrect choice. The TCB is defined in the Orange
Book (TCSEC or Trusted Computer System Evaluation Criteria).
"It includes hardware, firmware and software" is incorrect. The TCB does includes the combination of all hardware, firmware and software responsible for enforcing the security policy.
"A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity" is incorrect. As the level of trust increases (D through
A), the level of scrutiny required during evaluation increases as well.
References:
CBK, pp. 323 - 324, 329 - 330
AIO3, pp. 269 - 272,

 

NEW QUESTION 450
Which port does the Post Office Protocol Version 3 (POP3) make use of?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
Explanation/Reference:
Explanation:
POP3 uses port 110.
Incorrect Answers:
B: Port 109 is used by POP2.
C: Port 139 is used by the NetBIOS Session Service.
D: Port 119 is used by NNTP.
References:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

 

NEW QUESTION 451
What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

  • A. Document and verify the intrusion.
  • B. Isolate and contain the intrusion.
  • C. Apply patches to the Operating Systems (OS).
  • D. Notify system and application owners.

Answer: C

 

NEW QUESTION 452
Given the various means to protect physical and logical assets, match the access management area to the technology.

Answer:

Explanation:

Explanation

 

NEW QUESTION 453
Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

  • A. the continuation of critical business functions
  • B. the reduction of the impact of a disaster
  • C. the monitoring of threat activity for adjustment of technical controls
  • D. the rapid recovery of mission-critical business operations

Answer: C

 

NEW QUESTION 454
Which of the following is NOT a factor related to Access Control?

  • A. authenticity
  • B. integrity
  • C. availability
  • D. confidentiality

Answer: A

Explanation:
These factors cover the integrity, confidentiality, and availability components of information system security.
Integrity is important in access control as it relates to ensuring only authorized subjects can make changes to objects.
Authenticity is different from authentication. Authenticity pertains to something being authentic, not necessarily having a direct correlation to access control.
Confidentiality is pertinent to access control in that the access to sensitive information is controlled to protect confidentiality.
vailability is protected by access controls in that if an attacket attempts to disrupt availability they would first need access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49

 

NEW QUESTION 455
Which of the following access control models introduces user security clearance and data classification?

  • A. Discretionary access control
  • B. Non-discretionary access control
  • C. Mandatory access control
  • D. Role-based access control

Answer: C

Explanation:
The mandatory access control model is based on a security label system.
Users are given a security clearance and data is classified. The classification is stored in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).

 

NEW QUESTION 456
With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance?

  • A. Data base management systems (DBMS)
  • B. Object-Relational Data Bases (ORDB)
  • C. Object-Oriented Data Bases (OODB)
  • D. Relational Data Bases

Answer: C

Explanation:
OODB has the characteristics of ease of reusing code and analysis, reduced maintenance, and an easier transition from analysis of the problem to design and implementation.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47.

 

NEW QUESTION 457
Which choice MOST closely depicts the difference between qualitative
and quantitative risk analysis?

  • A. Aquantitative RAuses less guesswork than a qualitative RA.
  • B. Aqualitative RAuses many complex calculations.
  • C. Aquantitative RAdoes not use the hard costs of losses, and a qualitative RAdoes.
  • D. Aquantitative RAcannot be automated.

Answer: A

Explanation:
The correct answer is "Aquantitative RAuses less guesswork than a qualitative RA". The other answers are incorrect.

 

NEW QUESTION 458
Which of the following best defines a Computer Security Incident Response Team (CSIRT)?

  • A. An organization that coordinates and supports the response to security incidents.
  • B. An organization that disseminates incident-related information to its constituency and other involved parties.
  • C. An organization that provides a secure channel for receiving reports about suspected security incidents.
  • D. An organization that ensures that security incidents are reported to the authorities.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Many organizations now have a dedicated team responsible for investigating any computer security incidents that take place. These teams are commonly known as computer incident response teams (CIRTs) or computer security incident response teams (CSIRTs).
Note: When an incident occurs, the response team has four primary responsibilities:
Determine the amount and scope of damage caused by the incident.

Determine whether any confidential information was compromised during the incident.

Implement any necessary recovery procedures to restore security and recover from incident - related

damages.
Supervise the implementation of any additional security measures necessary to improve security and

prevent recurrence of the incident.
Incorrect Answers:
A: The CSIRT is not set up to receive reports on security incidents. The CSIRT handles the security incidents when they occur.
B: The CSIRT is not set up to alert authorities of security incidents. The CSIRT handles the security incidents when they occur.
D: The CSIRT is not set up to inform on security incidents. The CSIRT handles the security incidents when they occur.
References:
Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 726

 

NEW QUESTION 459
What is the PRIMARY difference between security policies and security procedures?

  • A. Policies point to guidelines, and procedures are more contractual in nature
  • B. Policies are used to enforce violations, and procedures create penalties
  • C. Policies are included in awareness training, and procedures give guidance
  • D. Policies are generic in nature, and procedures contain operational details

Answer: D

 

NEW QUESTION 460
A password that is the same for each log-on session is called a?

  • A. "two-time password"
  • B. "one-time password"
  • C. dynamic password
  • D. static password

Answer: D

Explanation:
A Static password is one that remains the same until its changed. Its like the password that we use in the operating systems, you set it, and then you always use the same password to logon to the system for the time of the session. This password will give us access to the system and will be the vehicle to create our access token in a successful way to get our privileges. A one-time password is only valid for one use, dynamic ones change every certain condition is met, and two-time passwords can only be used two times. We can provide certain times of access with this kind of passwords.

 

NEW QUESTION 461
An effective information security policy should not have which of the following characteristics?

  • A. Include separation of duties.
  • B. Specify areas of responsibility and authority.
  • C. Be designed with a short-to mid-term focus.
  • D. Be understandable and supported by all stakeholders.

Answer: C

Explanation:
Explanation: This is not a very good practice, specially for the CISSP examination, when you plan and develop the security policy for your enterprise you should always plan it with a long term focus. The policy should be created to be there for a long time, and you should only make revisions of it every certain time to comply with changes or things that could have changed.
In a security policy the duties should be well specified, be understandable by the people involved in it, and specify areas of responsibility.

 

NEW QUESTION 462
......

Use Valid New CISSP Test Notes & CISSP Valid Exam Guide: https://simplilearn.actual4labs.com/ISC/CISSP-actual-exam-dumps.html

Related Articles

more
ISC CISSP Certification Practice Exam

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

Useful Links

Latest Updated