ISC Certified Information Systems Security Professional (CISSP)

QUESTION NO: 1
Why is a system's criticality classification important in large organizations?

A. It reduces critical system support workload and reduces the time required to apply patches. B. It allows for clear systems status communications to executive management. C. It provides for proper prioritization and scheduling of security and maintenance tasks. D. It provides for easier determination of ownership, reducing confusion as to the status of the asset.

Correct Answer: C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 2
Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

A. automatically compensate for variance in background temperature. B. detect objects of a specific temperature independent of the background temperature. C. reduce the detected object temperature in relation to the background temperature. D. increase the detected object temperature in relation to the background temperature.

Correct Answer: A

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 3
Drag and Drop Question
Match the level of evaluation to the correct common criteria (CC) assurance level. Drag each level of evaluation on the left to is corresponding CC assurance level on the right.

Correct Answer:

QUESTION NO: 4
When reviewing the security logs, the password shown for an administrative login event was ' OR
' '1'='1' --. This is an example of which of the following kinds of attack?

A. Rainbow Table Attack B. Brute Force Attack C. Cross-Site Scripting (XSS) D. Structured Query Language (SQL) Injection

Correct Answer: D

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 5
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

A. Application-layer attack B. Radio Frequency (RF) attack C. Data modification attack D. Denial of Service (DoS) attack

Correct Answer: D

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 6
Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

A. Executing a binary shellcode B. Testing with an EICAR file C. Run multiple antivirus programs D. Testing with a Botnet

Correct Answer: B

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 7
Which of the following is a potential risk when a program runs in privileged mode?

A. It may allow malicious code to be inserted B. It may not enforce job separation duties C. It may serve to create unnecessary code complexity D. It may create unnecessary application hardening

Correct Answer: A

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 8
Which of the following should be included in a good defense-in-depth strategy provided by object- oriented programming for software deployment?

A. Encapsulation B. Polyinstantiation C. Polymorphism D. Inheritance

Correct Answer: A

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 9
During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

A. The description of the security requirements was insufficient. B. The procurement officer lacks technical knowledge. C. The security requirements have changed during the procurement process. D. There were no security professionals in the vendor's bidding team.

Correct Answer: A

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 10
An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

A. The CSP determines data criticality. B. The CSP's privacy policy may be developer by the organization. C. The CSP may not be subject to the organization's country legation. D. The CSP provides end-to-end encryption services.

Correct Answer: C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

QUESTION NO: 11
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

A. Magnetism B. Generation C. Consumption D. Static discharge

Correct Answer: C

Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).

ISC Certified Information Systems Security Professional (CISSP) - CISSP Exam Questions