Exam Code: cissp sybex (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Information Systems Security Professional (CISSP)
Certification Provider: ISC2
Free Today! Guaranteed Training- Pass cissp braindump Exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for ISC2 CISSP Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CISSP-exam-dumps.html
Q81. Which of the following is the BEST mitigation from phishing attacks?
A. Network activity monitoring
B. Security awareness training
C. Corporate policy and procedures
D. Strong file and directory permissions
Answer: B
Q82. DRAG DROP
Place the following information classification steps in.sequential order.
Answer:
Q83. For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?
A. Information Systems Security Officer
B. Data Owner
C. System Security Architect
D. Security Requirements Analyst
Answer: B
Q84. An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
A. Acceptance of risk by the authorizing official
B. Remediation of vulnerabilities
C. Adoption of standardized policies and procedures
D. Approval of the System Security Plan (SSP)
Answer: A
Q85. Refer.to the information below to answer the question.
.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
A. The organizational structure of the third party and how it may impact timelines within the organization
B. The ability of the third party to respond to the organization in a timely manner and with accurate information
C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data
D. The quantity of data that must be provided to the third party and how it is to be used
Answer: C
Q86. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
A. Use of a unified messaging.
B. Use of separation for the voice network.
C. Use of Network Access Control (NAC) on switches.
D. Use of Request for Comments (RFC) 1918 addressing.
Answer: B
Q87. Which of the following is a security limitation of File Transfer Protocol (FTP)?
A. Passive FTP is not compatible with web browsers.
B. Anonymous access is allowed.
C. FTP uses Transmission Control Protocol (TCP) ports 20 and 21.
D. Authentication is not encrypted.
Answer: D
Q88. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?
A. Simple Mail Transfer Protocol (SMTP) blacklist
B. Reverse Domain Name System (DNS) lookup
C. Hashing algorithm
D. Header analysis
Answer: D
Q89. Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
A. Concept, Development, Production, Utilization, Support, Retirement
B. Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation
C. Acquisition, Measurement, Configuration Management, Production, Operation, Support
D. Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal
Answer: B
Q90. Which of the following is a function of Security Assertion Markup Language (SAML)?
A. File allocation
B. Redundancy check
C. Extended validation
D. Policy enforcement
Answer: D
