CISSP Practice Questions 941-960

Q: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network? A. IEEE 802.1F B. IEEE 802.1H C. IEEE 802.1Q D. IEEE 802.1X

Correct answer: D. IEEE 802.1X provides port-based network access control, ensuring only authenticated devices connect to the network.

Q: Software Code signing is used as a method of verifying what security concept? A. Integrity B. Confidentiality C. Availability D. Access Control

Correct answer: A. Code signing ensures integrity and authenticity of software by validating it has not been altered since signing.

Q: What does an organization FIRST review to assure compliance with privacy requirements? A. Best practices B. Business objectives C. Legal and regulatory mandates D. Employee's compliance to policies and standards

Correct answer: C. Privacy programs must begin by reviewing applicable laws and regulations to ensure compliance obligations are met.

Q: Which one of the following is a common risk with network configuration management? A. Patches on the network are difficult to keep current. B. It is the responsibility of the systems administrator. C. User ID and passwords are never set to expire. D. Network diagrams are not up to date.

Correct answer: D. Outdated network diagrams lead to misconfigurations, oversight in security controls, and inaccurate audits.

Q: Which of the following methods can be used to achieve confidentiality and integrity for data in transit? A. Multiprotocol Label Switching (MPLS) B. Internet Protocol Security (IPSec) C. Federated identity management D. Multi-factor authentication

Correct answer: B. IPSec provides both encryption (confidentiality) and hashing (integrity) for data transmitted over networks.

Q: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records? A. Integrity B. Confidentiality C. Accountability D. Availability

Correct answer: A. DNSSEC prevents tampering by digitally signing DNS records to ensure the integrity of name resolution data.

Q: A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action? A. Assess vulnerability risk and program effectiveness. B. Assess vulnerability risk and business impact. C. Disconnect all systems with critical vulnerabilities. D. Disconnect systems with the most number of vulnerabilities.

Correct answer: B. Prioritizing remediation based on both risk and business impact ensures resources target the most significant exposures.

Q: Which of the following BEST avoids data remanence disclosure for cloud hosted resources? A. Strong encryption and deletion of the keys after data is deleted. B. Strong encryption and deletion of the virtual host after data is deleted. C. Software based encryption with two factor authentication. D. Hardware based encryption on dedicated physical servers.

Correct answer: A. Destroying encryption keys renders deleted data unrecoverable, preventing remanence risks in shared environments.

Q: Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them? A. Data Custodian B. Executive Management C. Chief Information Security Officer D. Data/Information/Business Owners

Correct answer: B. Executive management holds ultimate accountability for ensuring the organization’s information assets are properly protected.

Q: Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage? A. Lightweight Directory Access Control (LDAP) B. Security Assertion Markup Language (SAML) C. Hypertext Transfer Protocol (HTTP) D. Kerberos

Correct answer: A. LDAP stores and manages centralized user credentials and access permissions for protected web resources.

Question 941

Question 941

Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?
A. IEEE 802.1F
B. IEEE 802.1H
C. IEEE 802.1Q
D. IEEE 802.1X

Question 942

Question 942

Software Code signing is used as a method of verifying what security concept?
A. Integrity
B. Confidentiality
C. Availability
D. Access Control

Question 943

Question 943

What does an organization FIRST review to assure compliance with privacy requirements?
A. Best practices
B. Business objectives
C. Legal and regulatory mandates
D. Employee's compliance to policies and standards

Question 944

Question 944

Which one of the following is a common risk with network configuration management?
A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.

Question 945

Question 945

Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
A. Multiprotocol Label Switching (MPLS)
B. Internet Protocol Security (IPSec)
C. Federated identity management
D. Multi-factor authentication

Question 946

Question 946

What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?
A. Integrity
B. Confidentiality
C. Accountability
D. Availability

Question 947

Question 947

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
A. Assess vulnerability risk and program effectiveness.
B. Assess vulnerability risk and business impact.
C. Disconnect all systems with critical vulnerabilities.
D. Disconnect systems with the most number of vulnerabilities.

Question 948

Question 948

Which of the following BEST avoids data remanence disclosure for cloud hosted resources?
A. Strong encryption and deletion of the keys after data is deleted.
B. Strong encryption and deletion of the virtual host after data is deleted.
C. Software based encryption with two factor authentication.
D. Hardware based encryption on dedicated physical servers.

Question 949

Question 949

Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners

Question 950

Question 950

Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
A. Lightweight Directory Access Control (LDAP)
B. Security Assertion Markup Language (SAML)
C. Hypertext Transfer Protocol (HTTP)
D. Kerberos

Question 951

Question 951

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism

Question 952

Question 952

Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
A. Policy documentation review
B. Authentication validation
C. Periodic log reviews
D. Interface testing

Question 953

Question 953

While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?
A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88.
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.

Question 954

Question 954

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer

Question 955

Question 955

Which of the following secures web transactions at the Transport Layer?
A. Secure HyperText Transfer Protocol (S-HTTP)
B. Secure Sockets Layer (SSL)
C. Socket Security (SOCKS)
D. Secure Shell (SSH)

Question 956

Question 956

Are companies legally required to report all data breaches?
A. No, different jurisdictions have different rules.
B. No, not if the data is encrypted.
C. No, companies' codes of ethics don't require it.
D. No, only if the breach had a material impact.

Question 957

Question 957

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A. Retention
B. Reporting
C. Recovery
D. Remediation

Question 958

Question 958

Which of the following is the PRIMARY issue when collecting detailed log information?
A. Logs may be unavailable when required
B. Timely review of the data is potentially difficult
C. Most systems and applications do not support logging
D. Logs do not provide sufficient details of system and individual activities

Question 959

Question 959

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
A. Improper deployment of the Service-Oriented Architecture (SOA)
B. Absence of a Business Intelligence (BI) solution
C. Inadequate cost modeling
D. Insufficient Service Level Agreement (SLA)

Question 960

Question 960

Which of the following is the PRIMARY benefit of implementing data-in-use controls?
A. If the data is lost, it must be decrypted to be opened.
B. If the data is lost, it will not be accessible to unauthorized users.
C. When the data is being viewed, it can only be printed by authorized users.
D. When the data is being viewed, it must be accessed using secure protocols.