Certified Information Systems Security Professional v1.0

Page:    1 / 38   
Exam contains 561 questions
Expand All

Which of the following BEST describes the responsibilities of a data owner?

  • A. Ensuring quality and validation through periodic audits for ongoing data integrity
  • B. Maintaining fundamental data availability, including data storage and archiving
  • C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
  • D. Determining the impact the information has on the mission of the organization


Answer : C

Reference:
http://resources.infosecinstitute.com/category/certifications-training/cissp/domains/asset-security/data-and-system-ownership/#gref

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth.
The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?

  • A. Platform as a Service (PaaS)
  • B. Identity as a Service (IDaaS)
  • C. Desktop as a Service (DaaS)
  • D. Software as a Service (SaaS)


Answer : B

When implementing a data classification program, why is it important to avoid too much granularity?

  • A. The process will require too many resources
  • B. It will be difficult to apply to both hardware and software
  • C. It will be difficult to assign ownership to the data
  • D. The process will be perceived as having value


Answer : A

Reference:
http://www.ittoday.info/AIMS/DSM/82-02-55.pdf

In a data classification scheme, the data is owned by the

  • A. system security managers
  • B. business managers
  • C. Information Technology (IT) managers
  • D. end users


Answer : B

Which of the following is an initial consideration when developing an information security management system?

  • A. Identify the contractual security obligations that apply to the organizations
  • B. Understand the value of the information assets
  • C. Identify the level of residual risk that is tolerable to management
  • D. Identify relevant legislative and regulatory compliance requirements


Answer : B

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

  • A. Personal Identity Verification (PIV)
  • B. Cardholder Unique Identifier (CHUID) authentication
  • C. Physical Access Control System (PACS) repeated attempt detection
  • D. Asymmetric Card Authentication Key (CAK) challenge-response


Answer : D

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

  • A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
  • B. Data stewardship roles, data handling and storage standards, data lifecycle requirements
  • C. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
  • D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements


Answer : A

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

  • A. Log all activities associated with sensitive systems
  • B. Provide links to security policies
  • C. Confirm that confidentially agreements are signed
  • D. Employ strong access controls


Answer : D

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

  • A. Erase
  • B. Sanitize
  • C. Encrypt
  • D. Degauss


Answer : B

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

  • A. Diffle-Hellman (DH) algorithm
  • B. Elliptic Curve Cryptography (ECC) algorithm
  • C. Digital Signature algorithm (DSA)
  • D. Rivest-Shamir-Adleman (RSA) algorithm


Answer : A

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

  • A. Inert gas fire suppression system
  • B. Halon gas fire suppression system
  • C. Dry-pipe sprinklers
  • D. Wet-pipe sprinklers


Answer : A

Unused space in a disk cluster is important in media analysis because it may contain which of the following?

  • A. Residual data that has not been overwritten
  • B. Hidden viruses and Trojan horses
  • C. Information about the File Allocation table (FAT)
  • D. Information about patches and upgrades to the system


Answer : A

A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?

  • A. Put the device in airplane mode
  • B. Suspend the account with the telecommunication provider
  • C. Remove the SIM card
  • D. Turn the device off


Answer : A

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

  • A. Triple Data Encryption Standard (3DES)
  • B. Advanced Encryption Standard (AES)
  • C. Message Digest 5 (MD5)
  • D. Secure Hash Algorithm 2(SHA-2)


Answer : B

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

  • A. Use Software as a Service (SaaS)
  • B. Whitelist input validation
  • C. Require client certificates
  • D. Validate data output


Answer : B

Page:    1 / 38   
Exam contains 561 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.