Examples of cissp study guide

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CISSP-dumps.html


Proper study guides for Regenerate ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 CISSP preparation products which designed to deliver the Real CISSP questions by making you pass the CISSP test at your first time. Try the free CISSP demo right now.

2016 Jun cissp book:

Q286. Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization? 

A. Ensure end users are aware of the planning activities 

B. Validate all regulatory requirements are known and fully documented 

C. Develop training and awareness programs that involve all stakeholders 

D. Ensure plans do not violate the organization's cultural objectives and goals 

Answer: C 


Q287. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

What MUST the plan include in order to reduce client-side exploitation? 

A. Approved web browsers 

B. Network firewall procedures 

C. Proxy configuration 

D. Employee education 

Answer: D 


Q288. Which one of the following is a fundamental objective in handling an incident? 

A. To restore control of the affected systems 

B. To confiscate the suspect's computers 

C. To prosecute the attacker 

D. To perform full backups of the system 

Answer: A 


Q289. Which one of the following transmission media is MOST effective in preventing data interception? 

A. Microwave 

B. Twisted-pair 

C. Fiber optic 

D. Coaxial cable 

Answer: C 


Q290. What is the.BEST.first step.for determining if the appropriate security controls are in place for protecting data at rest? 

A. Identify regulatory requirements 

B. Conduct a risk assessment 

C. Determine.business drivers 

D. Review the.security baseline configuration 

Answer: B 


Q291. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes? 

A. Text editors, database, and Internet phone applications 

B. Email, presentation, and database applications 

C. Image libraries, presentation and spreadsheet applications 

D. Email, media players, and instant messaging applications 

Answer: D 


CISSP  study guide

Replace casp vs cissp:

Q292. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined? 

A. International Organization for Standardization (ISO) 27000 family 

B. Information Technology Infrastructure Library (ITIL) 

C. Payment Card Industry Data Security Standard (PCIDSS) 

D. ISO/IEC 20000 

Answer: A 


Q293. Which of the following can BEST prevent security flaws occurring in outsourced software development? 

A. Contractual requirements for code quality 

B. Licensing, code ownership and intellectual property rights 

C. Certification.of the quality and accuracy of the work done 

D. Delivery dates, change management control and budgetary control 

Answer: C 


Q294. Which of the following statements is TRUE for point-to-point microwave transmissions? 

A. They are not subject to interception due to encryption. 

B. Interception only depends on signal strength. 

C. They are too highly multiplexed for meaningful interception. 

D. They are subject to interception by an antenna within proximity. 

Answer: D 


Q295. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to 

A. encrypt the contents of the repository and document any exceptions to that requirement. 

B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. 

C. keep individuals with access to high security areas from saving those documents into lower security areas. 

D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). 

Answer: C 


Q296. Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication? 

A. Authorizations are not included in the server response 

B. Unsalted hashes are passed over the network 

C. The authentication session can be replayed 

D. Passwords are passed in cleartext 

Answer: D 


Q297. Which of the following is ensured when hashing files during chain of custody handling? 

A. Availability 

B. Accountability 

C. Integrity 

D. Non-repudiation 

Answer: C 



see more Certified Information Systems Security Professional (CISSP)