Certified Information Systems Security Professional – CISSP – Question376

A security engineer is tasked with implementing a new identity solution. The client doesn’t want to install or maintain the infrastructure. Which of the following would qualify as the BEST solution?

A.
Microsoft Identity Manager (MIM)
B. Azure Active Directory (AD)
C. Active Directory Federation Services (ADFS)
D. Active Directory (AD)

Correct Answer: D

Certified Information Systems Security Professional – CISSP – Question375

An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization’s general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

A.
Buffer overflow
B. Distributed Denial of Service (DDoS)
C. Cross-Site Scripting (XSS)
D. Weak password due to lack of complexity rules

Correct Answer: A

Certified Information Systems Security Professional – CISSP – Question374

Which of the following questions will be addressed through the use of a Privacy Impact Assessment (PIA)?

A.
How the information is to be maintained
B. Why the information is to be collected
C. What information is to be destroyed
D. Where the information is to be stored

Correct Answer: B

Certified Information Systems Security Professional – CISSP – Question373

What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization’s systems?

A.
SOC 1 Type 1
B. SOC 1 Type 2
C. SOC 2
D. SOC 3

Certified Information Systems Security Professional – CISSP – Question372

Which of the following is a credible source to validate that security testing of Commercial Off-The-Shelf (COTS) software has been performed with international standards?

A.
Common Criteria (CC)
B. Evaluation Assurance Level (EAL)
C. National Information Assurance Partnership (NIAP)
D. International Standards Organization (ISO)

Correct Answer: A

Certified Information Systems Security Professional – CISSP – Question371

What is the BEST approach to annual safety training?

A.
Base safety training requirements on staff member job descriptions.
B. Safety training should address any gaps in a staff member’s skill set.
C. Ensure that staff members in positions with known safety risks are given proper training.
D. Ensure that all staff members are provided with identical safety training.

Correct Answer: C

Certified Information Systems Security Professional – CISSP – Question370

Lack of which of the following options could cause a negative effect on an organization’s reputation, revenue, and result in legal action, if the organization fails to perform due diligence?

A.
Threat modeling methodologies
B. Service Level Requirement (SLR)
C. Service Level Agreement (SLA)
D. Third-party risk management

Correct Answer: C

Certified Information Systems Security Professional – CISSP – Question368

Which of the following is the BEST type of authentication and encryption for a Secure Shell (SSH) implementation when network traffic traverses between a host and an infrastructure device?

A.
Lightweight Directory Access Protocol (LDAP)
B. Public-key cryptography
C. Remote Authentication Dial-In User Service (RADIUS)
D. Private-key cryptography

Correct Answer: B

Explanation:

Reference: https://books.google.com.pk/books?id=4K7LCgAAQBAJ&pg=PA284&lpg=PA28… +encryption+for+a+Secure+Shell+(SSH)+implementation+when+network+traffic+traverses+between+a+host+and+an +infrastructure+device&source=bl&ots=YEMNN8nfuN&sig=ACfU3U2QMbLySWQ_0VsGjsSJmaHZ_O9Iw&hl=en&sa=X&ved=2ahUKEwjDobCajqrpAhWMHRQKHW2FC4gQ6AEwAHoECBQQAQ#v=onepage&q=ty pe%20of%20authentication%20and%20encryption%20for%20a%20Secure%20Shell%20(SSH)%20implementation%20when %20network%20traffic%20traverses%20between%20a%20host%20and%20an%20infrastructure%20device&f=false