Want to know Testking cissp vs cisa Exam practice test features? Want to lear more about ISC2 Certified Information Systems Security Professional (CISSP) certification experience? Study Validated ISC2 cissp study guide answers to Renewal cissp salary questions at Testking. Gat a success with an absolute guarantee to pass ISC2 cissp exam cram (Certified Information Systems Security Professional (CISSP)) test on your first attempt.
Q171. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and.the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before.the.data security categorization begins
Answer: B
Q172. Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
A. Implement full-disk encryption
B. Enable multifactor authentication
C. Deploy file integrity checkers
D. Disable use of portable devices
Answer: D
Q173. HOTSPOT
Which.Web Services Security (WS-Security) specification.handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.
Answer:
Q174. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
A. To assist data owners in making future sensitivity and criticality determinations
B. To assure the software development team that all security issues have been addressed
C. To verify that security protection remains acceptable to the organizational security policy
D. To help the security team accept or reject new systems for implementation and production
Answer: C
Q175. Which of the following questions can be answered using user and group entitlement reporting?
A. When a particular file was last accessed by a user
B. Change control activities for a particular group of users
C. The number of failed login attempts for a particular user
D. Where does a particular user have access within the network
Answer: D
Q176. DRAG DROP
In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?.
Answer:
Q177. A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
A. asynchronous token.
B. Single Sign-On (SSO) token.
C. single factor authentication token.
D. synchronous token.
Answer: D
Q178. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
A. Make changes following principle and design guidelines.
B. Stop the application until the vulnerability is fixed.
C. Report the vulnerability to product owner.
D. Monitor the application and review code.
Answer: C
Q179. What is the GREATEST challenge to identifying data leaks?
A. Available technical tools that enable user activity monitoring.
B. Documented asset classification policy and clear labeling of assets.
C. Senior management cooperation in investigating suspicious behavior.
D. Law enforcement participation to apprehend and interrogate suspects.
Answer: B
Q180. Which of the following describes the BEST configuration management practice?
A. After installing a new system, the configuration files are copied to a separate back-up system and hashed to detect tampering.
B. After installing a new system, the configuration files are copied to an air-gapped system and hashed to detect tampering.
C. The firewall rules are backed up to an air-gapped system.
D. A baseline configuration is created and maintained for all relevant systems.
Answer: D