Certified Information Systems Security Professional v1.0

Page:    1 / 33   
Exam contains 490 questions
Expand All

Which of the following encryption technologies has the ability to function as a stream cipher?

  • A. Cipher Block Chaining (CBC) with error propagation
  • B. Electronic Code Book (ECB)
  • C. Cipher Feedback (CFB)
  • D. Feistel cipher


Answer : C

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

  • A. Process
  • B. Anticipate
  • C. Strategic
  • D. Wide focus


Answer : B

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

  • A. Strong operational security to keep unit members safe
  • B. Policies to validate organization rules
  • C. Cyber hygiene to ensure organizations can keep systems healthy
  • D. Quality design principles to ensure quality by design


Answer : B

Which of the following is security control volatility?

  • A. A reference to the impact of the security control.
  • B. A reference to the likelihood of change in the security control.
  • C. A reference to how unpredictable the security control is.
  • D. A reference to the stability of the security control.


Answer : C

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

  • A. Planning
  • B. Risk assessment
  • C. Due diligence
  • D. Requirements


Answer : C

What is the term used to define where data is geographically stored in the cloud?

  • A. Data privacy rights
  • B. Data sovereignty
  • C. Data warehouse
  • D. Data subject rights


Answer : B

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

  • A. Proper security controls, security objectives, and security goals are properly initiated.
  • B. Security objectives, security goals, and system test are properly conducted.
  • C. Proper security controls, security goals, and fault mitigation are properly conducted.
  • D. Security goals, proper security controls, and validation are properly initiated.


Answer : D

Which of the following is MOST important to follow when developing information security controls for an organization?

  • A. Use industry standard best practices for security controls in the organization.
  • B. Exercise due diligence with regard to all risk management information to tailor appropriate controls.
  • C. Review all local and international standards and choose the most stringent based on location.
  • D. Perform a risk assessment and choose a standard that addresses existing gaps.


Answer : C

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

  • A. The RPO is the minimum amount of data that needs to be recovered.
  • B. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
  • C. The RPO is a goal to recover a targeted percentage of data lost.
  • D. The RPO is the maximum amount of time for which loss of data is acceptable.


Answer : D

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

  • A. A brute force password attack on the Secure Shell (SSH) port of the controller
  • B. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network
  • C. Remote Authentication Dial-In User Service (RADIUS) token replay attack
  • D. Sniffing the traffic of a compromised host inside the network


Answer : B

Which of the following is the BEST option to reduce the network attack surface of a system?

  • A. Disabling unnecessary ports and services
  • B. Ensuring that there are no group accounts on the system
  • C. Uninstalling default software on the system
  • D. Removing unnecessary system user accounts


Answer : A

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the
BEST solution to securely store the private keys?

  • A. Physically secured storage device
  • B. Trusted Platform Module (TPM)
  • C. Encrypted flash drive
  • D. Public key infrastructure (PKI)


Answer : B

The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?

  • A. Access control
  • B. Security information and event management (SIEM)
  • C. Defense-in-depth
  • D. Security perimeter


Answer : D

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

  • A. Purpose specification
  • B. Collection limitation
  • C. Use limitation
  • D. Individual participation


Answer : A

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?

  • A. Access the policy on a company-issued device and let the former colleague view the screen.
  • B. E-mail the policy to the colleague as they were already part of the organization and familiar with it.
  • C. Do not acknowledge receiving the request from the former colleague and ignore them.
  • D. Submit the request using company official channels to ensure the policy is okay to distribute.


Answer : C

Page:    1 / 33   
Exam contains 490 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy