Certified Information Systems Security Professional v1.0 (CISSP)

Page:    1 / 38   
Total 569 questions

What is a common mistake in records retention?

  • A. Adopting a retention policy with the longest requirement period
  • B. Having the Human Resource (HR) department create a retention policy
  • C. Adopting a retention policy based on applicable organization requirements
  • D. Having the organization legal department create a retention policy


Answer : A

Of the following, which BEST provides non-repudiation with regards to access to a server room?

  • A. Fob and Personal Identification Number (PIN)
  • B. Locked and secured cages
  • C. Biometric readers
  • D. Proximity readers


Answer : B

What should an auditor do when conducting a periodic audit on media retention?

  • A. Check electronic storage media to ensure records are not retained past their destruction date
  • B. Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information (PII)
  • C. Check that hard disks containing backup data that are still within a retention cycle are being destroyed correctly
  • D. Ensure that data shared with outside organizations is no longer on a retention schedule


Answer : A

How should the retention period for an organizationג€™s social media content be defined?

  • A. By the retention policies of each social media service
  • B. By the records retention policy of the organization
  • C. By the Chief Information Officer (CIO)
  • D. By the amount of available storage space


Answer : B

What is the FIRST step required in establishing a records retention program?

  • A. Classify records based on sensitivity
  • B. Identify and inventory all records storage locations
  • C. Identify and inventory all records
  • D. Draft a records retention policy


Answer : D

An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

  • A. The CSP determines data criticality
  • B. The CSP provides end-to-end encryption services
  • C. The CSPג€™s privacy policy may be developed by the organization
  • D. The CSP may not be subject to the organizationג€™s country legislation


Answer : D

Which of the following will help prevent improper session handling?

  • A. Ensure JavaScript and plugin support is disabled
  • B. Ensure that certificates are valid and fail closed
  • C. Ensure that tokens are sufficiently long, complex, and pseudo-random
  • D. Ensure that all UIWebView calls do not execute without proper input validation


Answer : C

Which of the following is the BEST defense against password guessing?

  • A. Limit external connections to the network
  • B. Disable the account after a limited number of unsuccessful attempts
  • C. Force the password to be changed after an invalid password has been entered
  • D. Require a combination of letters, numbers, and special characters in the password


Answer : B

Which of the following is the MOST secure password technique?

  • A. Passphrase
  • B. One-time password
  • C. Cognitive password
  • D. Cipthertext


Answer : B

To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

  • A. Multiple-pass overwriting
  • B. Degaussing
  • C. High-level formatting
  • D. Physical destruction


Answer : C

An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?

  • A. Tape backup rotation
  • B. Pre-existing backup tapes
  • C. Tape backup compression
  • D. Backup tape storage location


Answer : B

Which of the following objects should be removed FIRST prior to uploading code to public code repositories?

  • A. Security credentials
  • B. Inefficient algorithms
  • C. Coding mistakes
  • D. Known vulnerabilities


Answer : A

Which media sanitization methods should be used for data with a high security categorization?

  • A. Clear or destroy
  • B. Clear or purge
  • C. Destroy or delete
  • D. Purge or destroy


Answer : D

How is it possible to extract private keys securely stored on a cryptographic smartcard?

  • A. Bluebugging
  • B. Focused ion-beam
  • C. Bluejacking
  • D. Power analysis


Answer : A

Which inherent password weakness does a One Time Password (OTP) generator overcome?

  • A. Static passwords are too predictable
  • B. Static passwords must be changed frequently
  • C. Static passwords are difficult to generate
  • D. Static passwords are easily disclosed


Answer : D

Page:    1 / 38   
Total 569 questions