• Home
  • Articles
  • [Nov-2024] Get 100% Real CISSP Exam Questions, Accurate & Verified ActualCollection Dumps in the Real Exam! [Q621-Q646]

[Nov-2024] Get 100% Real CISSP Exam Questions, Accurate & Verified ActualCollection Dumps in the Real Exam! [Q621-Q646]

Share

[Nov-2024] Get 100% Real CISSP Exam Questions, Accurate & Verified ActualCollection Dumps in the Real Exam!

Pass Your ISC Certification Exams Fast. All Top CISSP Exam Questions Are Covered.

NEW QUESTION # 621
Which of the following is the key requirement for test results when implementing forensic procedures?

  • A. The test result must be authorized.
  • B. The test results must be cost-effective.
  • C. The test results must be quantifiable.
  • D. The test results must be reproducible.

Answer: D

Explanation:
The key requirement for test results when implementing forensic procedures is that the test results must be reproducible. Forensic procedures are the methods and techniques that are used to collect, preserve, analyze, and present the digital evidence that is related to a security incident or a crime. Forensic procedures aim to establish the facts, the causes, the responsibilities, and the consequences of the incident or the crime, and to support the investigation and the prosecution of the perpetrators. The test results are the outcomes or the findings of the forensic procedures that are performed on the digital evidence, such as the identification, the extraction, the interpretation, or the verification of the data. The test results must be reproducible, which means that they must be consistent and verifiable, and that they can be repeated or replicated by other forensic examiners or analysts using the same methods and techniques. The reproducibility of the test results can enhance the credibility and the reliability of the forensic procedures, and ensure that the test results are valid and accurate. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, page 378. CISSP Practice Exam | Boson, Question 12.


NEW QUESTION # 622
Which of the following is an environmental security control that prevents loss of business resources?

  • A. Intrusion Detection Systems (IDS)
  • B. Disaster Recovery Plan (DRP)
  • C. Heating, Ventilation, and Air Conditioning (HVAC) systems
  • D. Video surveillance cameras

Answer: C


NEW QUESTION # 623
Which of the following statements pertaining to the security kernel is incorrect?

  • A. It must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof
  • B. It must be small enough to be able to be tested and verified in a complete and comprehensive manner
  • C. It is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept.
  • D. Is an access control concept, not an actual physical component

Answer: D


NEW QUESTION # 624
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

  • A. After the business functional analysis and the data security categorization have been performed
  • B. After the system preliminary design has been developed and before the data security categorization begins
  • C. After the vulnerability analysis has been performed and before the system detailed design begins
  • D. After the system preliminary design has been developed and the data security categorization has been performed

Answer: D

Explanation:
Section: Software Development Security


NEW QUESTION # 625
A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?

  • A. Discovery
  • B. Enumeration
  • C. Detection
  • D. Reporting

Answer: A


NEW QUESTION # 626
An Ethernet address is composed of how many bits?

  • A. 32-bit address.
  • B. 64-bit address
  • C. 48-bit address
  • D. 128-bit address

Answer: C

Explanation:
An Ethernet address is a 48-bit address that is hard-wired into the Network Interface Cards
(NIC) of the network node.
A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including
Ethernet. Logically, MAC addresses are used in the Media Access Control protocol sub- layer of the OSI reference model.
MAC addresses are most often assigned by the manufacturer of a network interface card
(NIC) and are stored in its hardware, the card's read-only memory, or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. A network node may have multiple NICs and will then have one unique MAC address per NIC.
MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names EUI-48 and EUI-64, in which EUI is an abbreviation for Extended Unique Identifier.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 87.
and
https://en.wikipedia.org/wiki/MAC_address


NEW QUESTION # 627
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

  • A. Remediate known vulnerabilities.
  • B. Provide vulnerability reports to management.
  • C. Validate vulnerability remediation activities.
  • D. Prevent attackers from discovering vulnerabilities.

Answer: A

Explanation:
According to the CISSP Official (ISC)2 Practice Tests, the primary reason to perform regular vulnerability scanning of an organization network is to remediate known vulnerabilities. A vulnerability scanning is the process of identifying and measuring the weaknesses and exposures in a system, network, or application, that may be exploited by threats and cause harm to the organization or its assets. A vulnerability scanning can be performed by using various tools, techniques, or methods, such as automated scanners, manual tests, or penetration tests. The primary reason to perform regular vulnerability scanning of an organization network is to remediate known vulnerabilities, which means to fix, mitigate, or eliminate the vulnerabilities that are discovered or reported by the vulnerability scanning. Remediation of known vulnerabilities helps to improve the security posture and effectiveness of the system, network, or application, as well as to reduce the overall risk to an acceptable level. Providing vulnerability reports to management is not the primary reason to perform regular vulnerability scanning of an organization network, although it may be a benefit or outcome of it.
Vulnerability reports are the documents that provide the evidence and analysis of the vulnerability scanning, such as the scope, objectives, methods, results, and recommendations of the vulnerability scanning.
Vulnerability reports help to communicate and document the findings and issues of the vulnerability scanning, as well as to support the decision making and planning for the remediation of the vulnerabilities. Validating vulnerability remediation activities is not the primary reason to perform regular vulnerability scanning of an organization network, although it may be a part or step of it. Validating vulnerability remediation activities is the process of verifying and testing the effectiveness and completeness of the remediation actions that are taken to address the vulnerabilities, such as patching, updating, configuring, or replacing the system, network, or application components. Validating vulnerability remediation activities helps to ensure that the vulnerabilities are properly and successfully remediated, and that no new or residual vulnerabilities are introduced or left behind. Preventing attackers from discovering vulnerabilities is not the primary reason to perform regular vulnerability scanning of an organization network, although it may be a benefit or outcome of it. Preventing attackers from discovering vulnerabilities is the process of hiding or obscuring the vulnerabilities from the potential attackers, by using various techniques or methods, such as encryption, obfuscation, or deception. Preventing attackers from discovering vulnerabilities helps to reduce the likelihood and opportunity of the attackers to exploit the vulnerabilities, but it does not address the root cause or the impact of the vulnerabilities.


NEW QUESTION # 628
Which of the following is required to perform brute force password recovery?

  • A. Rainbow tables
  • B. John the Ripper
  • C. Dictionary attack
  • D. Password hashes

Answer: C


NEW QUESTION # 629
When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?

  • A. They both involve rewriting the media.
  • B. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
  • C. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.
  • D. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack).
There are three general methods of purging media: overwriting, degaussing, and destruction.
There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means).
Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS.
Incorrect Answers:
A: It is not true that clearing completely erases the media or that purging only removes file headers, allowing the recovery of files.
C: Clearing does not involve rewriting the media.
D: It is not true that clearing renders information unrecoverable against a laboratory attack or purging renders information unrecoverable to a keyboard attack.


NEW QUESTION # 630
Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type?

  • A. Relational Data Bases
  • B. Object-Oriented Data Bases (OODB)
  • C. Data base management systems (DBMS)
  • D. Object-Relational Data Bases

Answer: B

Explanation:
Complex applications involving multimedia, computer aided design, video, graphics,
and expert systems are more suited to OODB.
The Object-Oriented Data Bases (OODB) database model stores data as objects.
The OODB objects are a collection of public and private data items and the set of operations that
can be executed on the data. Because the data objects contain their own operations, any call to
data potentially has the full range of database functions available.
The object-oriented model does not necessarily require a high-level language like SQL, because
the functions (or methods) are contained within the objects. An advantage of not having a query
language allows the object-oriented DBMS to interact with applications without the language
overhead.
Relational models are starting to add object-oriented functions and interfaces, to create an object-
relational model.
An object-relational database system is a hybrid system: a relational DBMS that has an object-
oriented interface built on top of the original software. This can be accomplished either by a
separate interface or by adding additional commands to the current system. The hybrid model
allows organizations to maintain their current relational database software and, at the same time,
provide an upgrade path for future technologies.
Relational Database Management Model (RDBMS)
The majority of organizations use software based on the relational database management model.
The relational database has become so dominant in database management systems that many
people consider it to be the only form of database. (This may create problems when dealing with
other table-oriented database systems that do not provide the integrity functions required in a true
relational database.) The relational model is based on set theory 8 and predicate logic 9 and
provides a high level of abstraction. The use of set theory allows data to be structured in a series
of tables that have columns representing the variables and rows that contain specific instances of
data. These tables are organized using normal forms. The relational model outlines how
programmers should design the DBMS so that different database systems used by the
organization can communicate with each other.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 12356-12365). Auerbach Publications. Kindle Edition.
and
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1175). McGraw-Hill.
Kindle Edition.


NEW QUESTION # 631
Which of the following MUST be scalable to address security concerns raised by the integration of third- party identity services?

  • A. Enterprise security procedures
  • B. Mandatory Access Controls (MAC)
  • C. Role Based Access Controls (RBAC)
  • D. Enterprise security architecture

Answer: C


NEW QUESTION # 632
Which of the following are the valid categories of hand geometry scanning?

  • A. Mechanical and image-ridge detection.
  • B. Mechanical and image-edge detection.
  • C. Logical and image-edge detection.
  • D. Electrical and image-edge detection.

Answer: B

Explanation:
Hand geometry reading (scanning) devices usually fall into one of two categories: mechanical or image-edge detection. Both methods are used to measure specific characteristics of a person's hand such as length of fingers and thumb, widths, and depth.


NEW QUESTION # 633
Perform automatic deployment of patches.
What is a general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means?

  • A. Encryption
  • B. Secure Overwrite
  • C. Sanitization
  • D. Steganography

Answer: C


NEW QUESTION # 634
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

  • A. Port services filtering
  • B. Application access control
  • C. Packet filtering
  • D. Content filtering

Answer: C

Explanation:
Section: Communication and Network Security
Explanation/Reference: https://www.sans.org/reading-room/whitepapers/protocols/applying-osi-layer-network-model- information-security-1309 (10)


NEW QUESTION # 635
In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated?

  • A. Transference
  • B. Mitigation
  • C. Acceptance
  • D. Avoidance

Answer: D

Explanation:
Explanation/Reference:
Explanation:
If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance.
For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance.
By avoiding the risk, we can eliminate involvement with the risk.
Incorrect Answers:
B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not eliminate involvement with the risk.
C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance.
This would transfer the risk to the insurance company. This does not eliminate involvement with the risk.
D: Risk mitigation is to implement a countermeasure to protect against the risk. This does not eliminate involvement with the risk.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98


NEW QUESTION # 636
Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?

  • A. Feasibility of downloads due to available bandwidth
  • B. Number of mobile users in the organization
  • C. Service provider(s) utilized by the organization
  • D. Whether it will impact personal use

Answer: B


NEW QUESTION # 637
Which of the following activities would not be included in the contingency planning process phase?

  • A. Prioritization of applications
  • B. Development of test procedures
  • C. Development of recovery scenarios
  • D. Assessment of threat impact on the organization

Answer: B

Explanation:
All of the answers except Development of test procedures would all be part of the
contingency planning phase.
Risk management minimizes loss to information assets due to undesirable events through
identification, measurement, and control. It encompasses the overall security review, risk analysis,
selection and evaluation of safeguards, cost-benefit analysis, management decision, and
safeguard identification and implementation, along with ongoing effectiveness review.
In many organizations, contingency planning is a necessity that has turned out to be beneficial in
more ways than ever expected. Contingency planning helps to ensure an organization's viability
during and following a disaster.
Another benefit of contingency planning is significant improvements in the daily operations of
many organizations. Researching and documenting contingency plans can discover numerous
single points of failure (SPOF). A SPOF is any single input to a process that, if missing, would
cause the process or several processes to be unable to function. Once identified, these SPOFs
can often easily be eliminated or have their damaging potential reduced.
Many organizations have also witnessed process improvements as a direct result of their
contingency planning efforts, particularly while exercising their DR and BCPs.
The following answers are incorrect as they are all part of Contengency Planning:
prioritization of apps = asset valuation
assessment of threat impact = threat modeling
development of recovery scenarios = risk mitigation
The following reference(s) were/was used to create this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 8882-8884). Auerbach Publications. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 20749-20756). Auerbach Publications. Kindle Edition.


NEW QUESTION # 638
What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

  • A. Isolate and contain the intrusion.
  • B. Notify system and application owners.
  • C. Document and verify the intrusion.
  • D. Apply patches to the Operating Systems (OS).

Answer: B

Explanation:
Section: Mixed questions


NEW QUESTION # 639
An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

  • A. Unfiltered channel
  • B. Data leakage
  • C. Data emanation
  • D. Covert channel

Answer: D


NEW QUESTION # 640
An organization uses non-repudiation PRIMARILY for what purpose?

  • A. Data confidentiality
  • B. Data integrity
  • C. Business reasons
  • D. Legal reasons

Answer: B


NEW QUESTION # 641
Which of the following departments initiates the request, approval, and provisioning business process?

  • A. Security
  • B. Human resources (HR)
  • C. Operations
  • D. Information technology (IT)

Answer: C

Explanation:
Operation as a process owner should give requirement to IT. HR is responsible for access control provision not business process provision.


NEW QUESTION # 642
Which statement about a VPN tunnel below is incorrect?

  • A. It can be created by implementing node authentication systems.
  • B. It can be created by implementing IPSec devices only.
  • C. It can be created by installing software or hardware agents on the client or network.
  • D. It can be created by implementing key and certificate exchange systems.

Answer: B

Explanation:
The correct answer is "It can be created by implementing IPSec devices only". IPSec-compatible and non-IPSec compatible devices are used to create VPNs. The other three answers are all ways in which VPNs can be created.


NEW QUESTION # 643
Which access control model states that for integrity to be maintained data must not flow from a receptacle of given integrity to a receptacle of higher integrity?

  • A. Lattice Model
  • B. Take-Grant Model
  • C. Bell-LaPadula Model
  • D. Biba Model

Answer: D

Explanation:
If implemented and enforced properly, the Biba model prevents data from any integrity level from flowing to a higher integrity level. - Shon Harris All-in-one CISSP Certification Guide pg 244


NEW QUESTION # 644
If an employee is suspected of computer crime and evidence need to be collected, which of the following departments must be involved with the procedure?

  • A. Public relations
  • B. Law enforcement
  • C. Auditing
  • D. HR
  • E. Computer security

Answer: D

Explanation:
Human Resources always needs to be involved if an employee is suspected of wrongdoing. They know what rules apply to protect and prosecute employees.


NEW QUESTION # 645
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan?

  • A. it is convenient to airports and hotels
  • B. is it close enough to serve it's users
  • C. it is close enough to become operation quickly
  • D. it is unlikely to be affected by the same contingency

Answer: D


NEW QUESTION # 646
......

Penetration testers simulate CISSP exam: https://exams4sure.actualcollection.com/CISSP-exam-questions.html

Related Articles

more
ISC CISSP Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy