It is more faster and easier to pass the ISC2 cissp sybex exam by using Exact ISC2 Certified Information Systems Security Professional (CISSP) questuins and answers. Immediate access to the Avant-garde cissp exam cram Exam and find the same core area cissp exam dates questions with professionally verified answers, then PASS your exam with a high score now.
Q193. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?
A. Masquerading, salami, malware, polymorphism
B. Brute force, dictionary, phishing, keylogger
C. Zeus, netbus, rabbit, turtle
D. Token, biometrics, IDS, DLP
Answer: B
Q194. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following.is the correct procedure for handling such
equipment?
A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88..
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.
Answer: C
Q195. During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
A. Document the system as high risk
B. Perform a vulnerability assessment
C. Perform a quantitative threat assessment
D. Notate the information and move on
Answer: B
Q196. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
A. In-house security administrators
B. In-house Network Team
C. Disaster Recovery (DR) Team
D. External consultants
Answer: D
Q197. In Business Continuity Planning (BCP), what is the importance of documenting business processes?
A. Provides senior management with decision-making tools
B. Establishes and adopts ongoing testing and maintenance strategies
C. Defines who will perform which functions during a disaster or emergency
D. Provides an understanding of the organization's interdependencies
Answer: D
Q198. For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
A. Challenge response and private key
B. Digital certificates and Single Sign-On (SSO)
C. Tokens and passphrase
D. Smart card and biometrics
Answer: D
Q199. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
A. The organization's current security policies concerning privacy issues
B. Privacy-related regulations enforced by governing bodies applicable to the organization
C. Privacy best practices published by recognized security standards organizations
D. Organizational procedures designed to protect privacy information
Answer: B
Q200. Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
A. Ensure end users are aware of the planning activities
B. Validate all regulatory requirements are known and fully documented
C. Develop training and awareness programs that involve all stakeholders
D. Ensure plans do not violate the organization's cultural objectives and goals
Answer: C