Certified Information Systems Security Professional – CISSP – Question387

DRAG DROP Match the following generic software testing methods with their major focus and objective.
Drag each testing method next to its corresponding set of testing objectives.
Select and Place:

Certified Information Systems Security Professional – CISSP – Question386

What is the motivation for use of the Online Certificate Status Protocol (OCSP)?

A.
To return information on multiple certificates
B. To control access to Certificate Revocation List (CRL) requests
C. To provide timely up-to-date responses to certificate queries
D. To issue X.509v3 certificates more quickly

Correct Answer: D

Explanation:

Certified Information Systems Security Professional – CISSP – Question382

Why are mobile devices sometimes difficult to investigate in a forensic examination?

A.
There are no forensics tools available for examination.
B. They may contain cryptographic protection.
C. They have password-based security at logon.
D. They may have proprietary software installed to protect them.

Correct Answer: D

Certified Information Systems Security Professional – CISSP – Question378

What is the FIRST action a security professional needs to take while assessing an organization’s asset security in order to properly classify and protect access to data?

A.
Verify the various data classification models implemented for different environments.
B. Determine the level of access for the data and systems.
C. Verify if confidential data is protected with cryptography.
D. Determine how data is accessed in the organization.

Correct Answer: D