CISSP : Certified Information Systems Security Professional : Part 17

CISSP : Certified Information Systems Security Professional : Part 17

CISSP : Certified Information Systems Security Professional : Part 17

  1. When would an organization review a Business Continuity Management (BCM) system?

    • When major changes occur on systems
    • When personnel changes occur
    • Before and after Disaster Recovery (DR) tests
    • At planned intervals

  2. The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

    • Good communication throughout the organization
    • A completed Business Impact Analysis (BIA)
    • Formation of Disaster Recovery (DR) project team
    • Well-documented information asset classification

  3. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

    • Perform a service provider PCI-DSS assessment on a yearly basis
    • Validate the service provider’s PCI-DSS compliance status on a regular basis
    • Validate that the service providers security policies are in alignment with those of the organization
    • Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis

  4. During a Disaster Recovery (DR) assessment, additional coverage for assurance is required. What should an assessor do?

    • Increase the level of detail of the interview questions
    • Conduct a comprehensive examination of the Disaster Recovery Plan (DRP)
    • Increase the number and type of relevant staff to interview
    • Conduct a detailed review of the organization’s DR policy

  5. Which of the following is the MOST important reason for timely installation of software patches?

    • Patches are only available for a specific time
    • Attackers reverse engineer the exploit from the patch
    • Patches may not be compatible with proprietary software
    • Attackers may be conducting network analysis

  6. Which of the following initiates the systems recovery phase of a Disaster Recovery Plan (DRP)?

    • Evacuating the disaster site
    • Activating the organization’s hot site
    • Issuing a formal disaster declaration
    • Assessing the extent of damage following the disaster

  7. In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

    • Developers checking out source code without approval
    • Developers using rapid application development (RAD) methodologies without approval
    • Promoting programs to production without approval
    • Modifying source code without approval

  8. What is the GREATEST challenge of an agent-based patch management solution?

    • Time to gather vulnerability information about the computers in the program
    • Requires that software be installed, running, and managed on all participating computers
    • The significant amount of network bandwidth while scanning computers
    • The consistency of distributing patches to each participating computer

  9. What should be used immediately after a Business Continuity Plan (BCP) has been invoked?

    • Emergency procedures describing the necessary actions to be taken following an incident which jeopardizes business operations
    • Fallback procedures describing what actions are to be taken to move essential business activities to alternative temporary locations
    • Maintenance schedule specifying how and when the plan will be tested and the process for maintaining the plan
    • Resumption procedures describing the actions to be taken to return to normal business operations

  10. Which of the following actions MUST be performed when using Secure/Multipurpose Internet Mail Extensions (S/MIME) before sending an encrypted message to a recipient?

    • Obtain the recipient’s private key
    • Obtain the recipient’s digital certificate
    • Digitally sign the message
    • Encrypt attachments

  11. In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to that resource’s access to the production Operating System (OS) directory structure?

    • From Read Only privileges to No Access privileges
    • From Author privileges to Administrative privileges
    • From Administrative privileges to No Access privileges
    • From No Access privileges to Author privileges

  12. According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization’s set of standard processes according to the organization’s tailoring guidelines?

    • Level 0: Incomplete
    • Level 1: Performed
    • Level 2: Managed
    • Level 3: Defined

  13. What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

    • Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities to analyze the contents
    • Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many (WORM) device
    • Remove the hard drive from the system and make a copy of the hard drive’s contents using imaging hardware
    • Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive

  14. Which of the following types of data would be MOST difficult to detect by a forensic examiner?

    • Slack space data
    • Steganographic data
    • File system deleted data
    • Data stored with a different file type extension

  15. Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information from malicious software?

    • Analyze the behavior of the program
    • Analyze the logs generated by the software
    • Review the code to identify its origin
    • Examine the file properties and permissions

  16. A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

    • Least privilege
    • Privilege escalation
    • Defense in depth
    • Privilege bracketing

  17. Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

    • Lack of software documentation
    • License agreements requiring release of modified code
    • Expiration of the license agreement
    • Costs associated with support of the software

  18. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

    • After the system preliminary design has been developed and the data security categorization has been performed
    • After the vulnerability analysis has been performed and before the system detailed design begins
    • After the system preliminary design has been developed and before the data security categorization begins
    • After the business functional analysis and the data security categorization have been performed

  19. Which of the following is the BEST method to prevent malware from being introduced into a production environment?

    • Purchase software from a limited list of retailers
    • Verify the hash key or certificate key of all updates
    • Do not permit programs, patches, or updates from the Internet
    • Test all new software in a segregated environment

  20. The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

    • System acquisition and development
    • System operations and maintenance
    • System initiation
    • System implementation