• Home
  • Blogs
  • CISSP Premium PDF & Test Engine Files with 1795 Questions & Answers [Q383-Q398]

CISSP Premium PDF & Test Engine Files with 1795 Questions & Answers [Q383-Q398]

Share

CISSP Premium PDF & Test Engine Files with 1795 Questions & Answers

Get 100% Real CISSP Exam Questions, Accurate & Verified Answers As Seen in the Real Exam!


ISC CISSP (Certified Information Systems Security Professional) Certification Exam is a challenging and respected certification that can help professionals to advance their careers in the field of information security. Certified Information Systems Security Professional (CISSP) certification covers a wide range of topics related to information security and requires candidates to have a minimum of five years of professional experience in the field. The benefits of obtaining the certification are numerous, including career advancement opportunities, access to a network of professionals, and recognition by organizations and businesses worldwide.


ISC CISSP Exam is considered one of the most challenging and prestigious information security certifications available today. It is administered by the International Information Systems Security Certification Consortium (ISC) and is recognized in over 160 countries around the world. CISSP exam consists of 250 multiple-choice questions and takes up to six hours to complete. Candidates must score at least 700 out of 1,000 points to pass the exam.

 

NEW QUESTION # 383
In what way could Java applets pose a security threat?

  • A. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system.
  • B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system.
  • C. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.
  • D. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP

Answer: A

Explanation:
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


NEW QUESTION # 384
Which of the following is NOT a part of a risk analysis?

  • A. Quantify the impact of potential threats
  • B. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure
  • C. Identify risks
  • D. Choose the best countermeasure

Answer: D

Explanation:
This step is not a part of RISK ANALYSIS.
A risk analysis has three main goals: identify risks, quantify the impact of potential threats, and
provide an economic balance between the impact of the risk and the cost of the associated
countermeasure. Choosing the best countermeasure is not part of the risk analysis.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002,
chapter 3: Security Management Practices (page 73).
HARRIS, Shon, Mike Meyers' CISSP(R) Certification Passport, 2002, McGraw-Hill, page 12.


NEW QUESTION # 385
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

  • A. preventive/physical.
  • B. detective/administrative.
  • C. detective/physical.
  • D. detective/technical.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
The detective/physical controls helps to identify an incident's activities and potentially an intruder using items put into place to protect facility, personnel, and resources. These items include motion detectors and closed-circuit TVs. Closed-circuit TVs are normally monitored by security guards to detect intruders.
Incorrect Answers:
A: Preventive/physical controls are meant to discourage a potential attacker using items put into place to protect facility, personnel, and resources. Sensors or cameras are not included in these items.
B: The detective/technical controls helps to identify an incident's activities and potentially an intruder using software or hardware components, which include Audit logs and IDS. Sensors or cameras are not included.
D: The detective/administrative controls helps to identify an incident's activities and potentially an intruder using management-oriented controls, which include monitoring and supervising, job rotation, and investigations. Sensors or cameras are not included.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-34


NEW QUESTION # 386
Which of the following logical access exposures involvers changing data before, or as it is entered into the computer?

  • A. Data diddling
  • B. Trojan horses
  • C. Viruses
  • D. Salami techniques

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customer's loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20.
This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed.
Incorrect Answers:
B: Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. This is not what is described in the question.
C: A Trojan Horse is a program that is disguised as another program. This is not what is described in the question.
D: A Virus is a small application or a string of code that infects applications. This is not what is described in the question.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059


NEW QUESTION # 387
Which of the following is an example of two-factor authentication?

  • A. Fingerprint and a smart card
  • B. Password and Completely Automated Public Turing test to tell Computers and Humans
    Apart (CAPTCHA)
  • C. Magnetic stripe card and an ID badge
  • D. Retina scan and a palm print

Answer: A


NEW QUESTION # 388
The principles of Notice, Choice, Access, Security, and Enforcement
refer to which of the following?

  • A. Authorization
  • B. Privacy
  • C. Nonrepudiaton
  • D. Authentication

Answer: B

Explanation:
These items are privacy principles. Notice refers to the collection,
use, and disclosure of personally identifiable information (PII). Choice is the choice to opt out or opt in regarding the disclosure of PII to third parties; Access is access by consumers to their PII to permit review and correction of information. Security is the obligation to protect PII from unauthorized disclosure. Enforcement is the enforcement of applicable privacy policies and obligations. The other answers are
distracters.


NEW QUESTION # 389
Which is a property of a circuit-switched network as opposed to a packetswitched network?

  • A. Packets are reassembled according to their originally assigned
    sequence numbers.
  • B. Physical, permanent connections exist from one point to another in a circuit-switched network.
  • C. The data is broken up into packets.
  • D. The data is sent to the next destination, which is based on the router's understanding of the best available route.

Answer: B

Explanation:
The correct answer is "Physical, permanent connections exist from one point to another in a circuit-switched network". Permanent connections are a feature of circuit-switched networks.


NEW QUESTION # 390
What mechanism does a system use to compare the security labels of a subject and an object?

  • A. Clearance Check.
  • B. Reference Monitor.
  • C. Validation Module.
  • D. Security Module.

Answer: B

Explanation:
Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database. The reference monitor must mediate all access, be protected from modification, be verifiable as correct, and must always be invoked. The reference monitor, in accordance with the security policy, controls the checks that are made in the access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is used to validate data being inputted. Clearance Check. Is a distractor, there is no such thing other than what someone would do when
checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security related
functions.
References:
OIG CBK, Security Architecture and Design (page 324)
AIO, 4th Edition, Security Architecture and Design, pp 328-328.
Wikipedia - http://en.wikipedia.org/wiki/Reference_monitor


NEW QUESTION # 391
Which of the following analyses is performed to protect information assets?

  • A. Feasibility analysis
  • B. Data analysis
  • C. Business impact analysis
  • D. Cost benefit analysis

Answer: C


NEW QUESTION # 392
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?

  • A. Prevention of the modification of information by authorized users.
  • B. Prevention of the modification of information by unauthorized users.
  • C. Preservation of the internal and external consistency.
  • D. Prevention of the unauthorized or unintentional modification of information by authorized users.

Answer: A

Explanation:
There is no need to prevent modification from authorized users. They are authorized and allowed to make the changes. On top of this, it is also NOT one of the goal of Integrity within Clark-Wilson. As it turns out, the Biba model addresses only the first of the three integrity goals which is Prevention of the modification of information by unauthorized users. Clark-Wilson addresses all three goals of integrity.
The Clark-Wilson model improves on Biba by focusing on integrity at the transaction level and addressing three major goals of integrity in a commercial environment. In addition to preventing changes by unauthorized subjects, Clark and Wilson realized that high-integrity systems would also have to prevent undesirable changes by authorized subjects and to ensure that the system continued to behave consistently. It also recognized that it would need to ensure that there is constant mediation between every subject and every object if such integrity was going to be maintained.
Integrity is addressed through the following three goals:
1.Prevention of the modification of information by unauthorized users.
2.Prevention of the unauthorized or unintentional modification of information by authorized users.
3.Preservation of the internal and external consistency.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 17689-17694). Auerbach Publications. Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, 2001, John Wiley & Sons, Page 31.


NEW QUESTION # 393
The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?

  • A. Encrypt disks on personal laptops.
  • B. Create policies addressing critical information on personal laptops.
  • C. Monitor personal laptops for critical information.
  • D. Issue cable locks for use on personal laptops.

Answer: B

Explanation:
The first step to mitigate future occurrences of personal laptops being stolen from the office with critical information is to create policies addressing this issue. Policies are high-level statements that define the goals and objectives of an organization and provide guidance for decision making. Policies can specify the roles and responsibilities of the users, the acceptable use of personal laptops, the security controls and requirements for protecting critical information, the reporting and response procedures in case of theft or loss, and the sanctions for non-compliance. The other options are possible actions to implement the policies, but they are not the first step. Encrypting disks, issuing cable locks, and monitoring personal laptops are examples of technical, physical, and administrative controls, respectively, that can help prevent or detect unauthorized access to critical information on personal laptops. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 1: Security and Risk Management, p. 51-52; CISSP All-in-One Exam Guide, Eighth Edition, Chapter
1: Security and Risk Management, p. 29-30.


NEW QUESTION # 394
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

  • A. Message non-repudiation.
  • B. Message interleave checking.
  • C. Message confidentiality.
  • D. Message integrity.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.
The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.
A message authentication code (MAC) is a short piece of information used to authenticate a message-in other words, to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash function is only one of the possible ways to generate MACs), accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
Incorrect Answers:
A: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message non- repudiation.
B: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message confidentiality; it uses symmetric cryptography for that.
C: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message interleave checking.
References:
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://en.wikipedia.org/wiki/Message_authentication_code


NEW QUESTION # 395
In the process of facial identification, the basic underlying recognition technology of facial identification involves:

  • A. Eigenfeatures of eigenfaces.
  • B. Scanning and recognition.
  • C. None of the choices.
  • D. Detection and scanning.

Answer: A

Explanation:
Recognition is comparing the captured face to other faces that have been saved and stored in a database. The basic underlying recognition technology of facial feature identification involves either eigenfeatures (facial metrics) or eigenfaces. The German word "eigen" refers to recursive mathematics used to analyze unique facial characteristics.


NEW QUESTION # 396
An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

  • A. Useful for future business initiatives
  • B. Pending legal hold
  • C. Long term data mining needs
  • D. Customer makes request to retain

Answer: B


NEW QUESTION # 397
Which of the following backup methods is most appropriate for off-site archiving?

  • A. Off-site backup method
  • B. Full backup method
  • C. Differential backup method
  • D. Incremental backup method

Answer: B

Explanation:
The full backup makes a complete backup of every file on the system every time it is run. Since a single backup set is needed to perform a full restore, it is appropriate for off-site archiving. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 69).


NEW QUESTION # 398
......


ISC2 CISSP Exam Certification Details:

Number of Questions100-150
Exam CodeCISSP
Exam Price$699 (USD)
Passing Score700/1000
Exam NameISC2 Certified Information Systems Security Professional (CISSP)
Sample QuestionsISC2 CISSP Sample Questions

 

CISSP Premium Files Practice Valid Exam Dumps Question: https://actualtests.trainingquiz.com/CISSP-training-materials.html

Related Blogs

more
ISC CISSP Certification Practice Exam

The best studying Actual Test Questions wll help you prepare and study easily & efficiently. Most candidates pass exam casually with the Actual Test Questions of TrainingQuiz.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TRAININGQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy