ISC-CISSP

The security controls that are implemented to manage physical security are divided in various groups. Which of the following services are offered by the administrative physical security control group? Each correct answer represents a part of the solution. Choose all that apply.

Which of the following life cycle modeling activities establishes service relationships and message exchange paths?

Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.

In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

Which of the following should the administrator ensure during the test of a disaster recovery plan?

Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme? Each correct answer represents a complete solution. Choose all that apply.

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Which of the following is the MOST significant key management problem due to the number of keys created?

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC) Code of Professional Ethics, which of the following should the CISSP do?

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

Which of the following is included in change management?

Which of the following is the BEST approach to implement multiple servers on a virtual system?

Which of the following is the MOST common cause of system or security failures?

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

Building blocks for software-defined networks (SDN) require which of the following?

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

Which security audit standard provides the BEST way for an organization to understand a vendor's Information Systems (IS) in relation to confidentiality, integrity, and availability?