Cause all that matters here is passing the ISC2 CISSP exam. Cause all that you need is a high score of CISSP Certified Information Systems Security Professional (CISSP) exam. The only one thing you need to do is downloading Ucertify CISSP exam study guides now. We will not let you down with our money-back guarantee.
2021 Mar CISSP free exam
Q41. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
A. Set up a BIOS and operating system password
B. Encrypt the virtual drive where confidential files can be stored
C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
D. Encrypt the entire disk and delete contents after a set number of failed access attempts
Answer: D
Q42. Retaining system logs for six months or longer can be valuable for what activities?.
A. Disaster recovery and business continuity
B. Forensics and incident response
C. Identity and authorization management
D. Physical and logical access control
Answer: B
Q43. An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
A. Application Manager
B. Database Administrator
C. Privacy Officer
D. Finance Manager
Answer: C
Q44. Which of the following violates identity and access management best practices?
A. User accounts
B. System accounts
C. Generic accounts
D. Privileged accounts
Answer: C
Q45. During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
A. Document the system as high risk
B. Perform a vulnerability assessment
C. Perform a quantitative threat assessment
D. Notate the information and move on
Answer: B
Latest CISSP free practice questions:
Q46. Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?
A. Insecure implementation of Application Programming Interfaces (API)
B. Improper use and storage of management keys
C. Misconfiguration of infrastructure allowing for unauthorized access
D. Vulnerabilities within protocols that can expose confidential data
Answer: D
Q47. Which of the following MUST be done when promoting a security awareness program to senior management?
A. Show the need for security; identify the message and the audience
B. Ensure that the security presentation is designed to be all-inclusive
C. Notify them that their compliance is mandatory
D. Explain how hackers have enhanced information security
Answer: A
Q48. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following.is the correct procedure for handling such
equipment?
A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88..
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.
Answer: C
Q49. Refer.to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?
A. Severity of risk
B. Complexity of strategy
C. Frequency of incidents
D. Ongoing awareness
Answer: A
Q50. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
A. Provide the encrypted passwords and analysis tools to the auditor for analysis.
B. Analyze the encrypted passwords for the auditor and show them the results.
C. Demonstrate that non-compliant passwords cannot be created in the system.
D. Demonstrate that non-compliant passwords cannot be encrypted in the system.
Answer: C
see more CISSP dumps
