CISSP : Certified Information Systems Security Professional : Part 06
-
Which of the following is part of a Trusted Platform Module (TPM)?
- A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion
- A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform
- A secure processor targeted at managing digital keys and accelerating digital signing
- A platform-independent software interface for accessing computer functions
-
In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?
- Modifying source code without approval
- Promoting programs to production without approval
- Developers checking out source code without approval
- Developers using Rapid Application Development (RAD) methodologies without approval
-
Which of the following combinations would MOST negatively affect availability?
- Denial of Service (DoS) attacks and outdated hardware
- Unauthorized transactions and outdated hardware
- Fire and accidental changes to data
- Unauthorized transactions and denial of service attacks
-
Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?
- Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found.
- Maintaining segregation of duties.
- Standardized configurations for logging, alerting, and security metrics.
- Availability of security teams at the end of design process to perform last-minute manual audits and reviews.
-
A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?
- Configuration Management Database (CMDB)
- Source code repository
- Configuration Management Plan (CMP)
- System performance monitoring application
-
Which of the following is a characteristic of an internal audit?
- An internal audit is typically shorter in duration than an external audit.
- The internal audit schedule is published to the organization well in advance.
- The internal auditor reports to the Information Technology (IT) department
- Management is responsible for reading and acting upon the internal audit results
-
Which of the following is a responsibility of a data steward?
- Ensure alignment of the data governance effort to the organization.
- Conduct data governance interviews with the organization.
- Document data governance requirements.
- Ensure that data decisions and impacts are communicated to the organization.
-
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
- End-to-end data encryption for data in transit
- Continuous monitoring of potential vulnerabilities
- A strong breach notification process
- Limited collection of individuals’ confidential data
-
What is the MAIN goal of information security awareness and training?
- To inform users of the latest malware threats
- To inform users of information assurance responsibilities
- To comply with the organization information security policy
- To prepare students for certification
-
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
- Mandatory Access Control (MAC) procedures
- Discretionary Access Control (DAC) procedures
- Segregation of duties
- Data link encryption
-
Proven application security principles include which of the following?
- Minimizing attack surface area
- Hardening the network perimeter
- Accepting infrastructure security controls
- Developing independent modules
-
When developing a business case for updating a security program, the security program owner MUST do which of the following?
- Identify relevant metrics
- Prepare performance test reports
- Obtain resources for the security program
- Interview executive management
-
From a security perspective, which of the following assumptions MUST be made about input to an application?
- It is tested
- It is logged
- It is verified
- It is untrusted
-
Which of the following is the BEST reason for writing an information security policy?
- To support information security governance
- To reduce the number of audit findings
- To deter attackers
- To implement effective information security controls
-
What is the PRIMARY goal of fault tolerance?
- Elimination of single point of failure
- Isolation using a sandbox
- Single point of repair
- Containment to prevent propagation
-
Which of the BEST internationally recognized standard for evaluating security products and systems?
- Payment Card Industry Data Security Standards (PCI-DSS)
- Common Criteria (CC)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (SOX)
-
Which one of the following data integrity models assumes a lattice of integrity levels?
- Take-Grant
- Biba
- Harrison-Ruzzo
- Bell-LaPadula
-
Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?
- Truncating parts of the data
- Applying Access Control Lists (ACL) to the data
- Appending non-watermarked data to watermarked data
- Storing the data in a database
-
Which of the following is the BEST way to mitigate circumvention of access controls?
- Multi-layer access controls working in isolation
- Multi-vendor approach to technology implementation
- Multi-layer firewall architecture with Internet Protocol (IP) filtering enabled
- Multi-layer access controls with diversification of technologies
-
When are security requirements the LEAST expensive to implement?
- When identified by external consultants
- During the application rollout phase
- During each phase of the project cycle
- When built into application design
Subscribe
0 Comments
Newest