Topic 14: NEW Questions C
Which of the following is the BEST way to protect against structured Query language (SQL)
injection?
A.
Enforce boundary checking.
B.
Restrict use of SELECT command.
C.
Restrict Hyper Text Markup Language (HTNL) source code access.
D.
Use stored procedures.
Use stored procedures.
When conducting a forensic criminal investigation on a computer had drive, what should be
dene PRIOR to analysis?
A.
Create a backup copy of all the important files on the drive.
B.
Power off the computer and wait for assistance.
C.
Create a forensic image of the hard drive.
D.
Install forensic analysis software.
Create a forensic image of the hard drive.
Which of the following is the MOST secure password technique?
A.
Passphrase
B.
One-time password
C.
Cognitive password
D.
dphertext
Passphrase
Data remanence is the biggest threat in which of the following scenarios?
A.
A physical disk drive has been overwritten and reused within a datacenter.
B.
A physical disk drive has been degaussed, verified, and released to a third party for
dest…….
C.
A flash drive has been overwritten, verified, and reused within a datacenter.
D.
A flash drive has been overwritten and released to a third party for destruction
A flash drive has been overwritten and released to a third party for destruction
Which of the following System and Organization Controls (SOC) report types should an
organization request if they require a period of time report covering security and availability
for a particular system?
A.
SOC 1 Type1
B.
SOC 1Type2
C.
SOC 2 Type 1
D.
SOC 2 Type 2
SOC 2 Type 2
Which of the following is critical if an employee is dismissed due to violation of an
organization's Acceptable Use Policy (ALP)?
A.
Privilege suspension
B.
Internet access logs
C.
Proxy records
D.
Appropriate documentation
Internet access logs
Which of the following needs to be taken into account when assessing vulnerability?
A.
Risk identification and validation
B.
Threat mapping
C.
Risk acceptance criteria
D.
Safeguard selection
Risk identification and validation
Reference:
https://books.google.com.pk/books?id=9gCn86CmsNQC&pg=PA478&lpg=PA478&dq=CIS
SP+taken+into+account+when+assessing+vulnerability&source=bl&ots=riGvVpNN7I&sig=
ACfU3U1isazG0OJlZdAAy91LvAW_rbXdAQ&hl=en&sa=X&ved=2ahUKEwj6p9vg4qnpAhU
NxYUKHdODDZ4Q6AEwDHoECBMQAQ#v=onepage&q=CISSP-taken-into-acc
ount-when-assessing-vulnerability&f=false
Which of the following is the FIRST step during digital identity provisioning?
A.
AAuthorizing the entity for resource access
B.
Synchronizing directories
C.
Issuing an initial random password
D.
Creating the entity record with the correct attributes
Creating the entity record with the correct attributes
Which of the following value comparisons MOST accurately reflects the agile development approach?
A.
Processes and toots over individuals and interactions
B.
Contract negotiation over customer collaboration
C.
Following a plan over responding to change
D.
Working software over comprehensive documentation
Working software over comprehensive documentation
For the purpose of classification, which of the following is used to divide trust domain and
trust boundaries?
A.
Network architecture
B.
Integrity
C.
Identity Management (IdM)
D.
Confidentiality management
Network architecture
When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?
A.
Data Custodian
B.
Data Owner
C.
Database Administrator
D.
Information Technology (IT) Director
Data Owner
Secure real-time transport protocol (SRTP) provides security for which of the following?
A.
time sensitive e-communication
B.
Voice communication
C.
Satellite communication
D.
Network Communication for real-time operating systems
Voice communication
| Page 59 out of 124 Pages |
| Previous |