Tag: CHOICES

Certified Information Systems Security Professional – CISSP – Question327

Which of the following would an internal technical security audit BEST validate?

A. Whether managerial controls are in place
B. Support for security programs by executive management
C. Appropriate third-party system hardening
D. Implementation of changes to a system

Correct Answer: D

Certified Information Systems Security Professional – CISSP – Question326

Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

A. Simplicity of network configuration and network monitoring
B. Removes the need for decentralized management solutions
C. Removes the need for dedicated virtual security controls
D. Simplicity of network configuration and network redundancy

Correct Answer: A

Certified Information Systems Security Professional – CISSP – Question325

Which of the following BEST describes how access to a system is granted to federated user accounts?

A. With the federation assurance level
B. Based on defined criteria by the Relying Party (RP)
C. Based on defined criteria by the Identity Provider (IdP)
D. With the identity assurance level

Certified Information Systems Security Professional – CISSP – Question324

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

A. Build and test
B. Implement security controls
C. Categorize Information System (IS)
D. Select security controls

Certified Information Systems Security Professional – CISSP – Question323

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

A. Select and procure supporting technologies.
B. Determine a budget and cost analysis for the program.
C. Measure effectiveness of the program’s stated goals.
D. Educate and train key stakeholders.

Correct Answer: C

Certified Information Systems Security Professional – CISSP – Question322

What principle requires that changes to the plaintext affect many parts of the ciphertext?

A. Encapsulation
B. Permutation
C. Diffusion
D. Obfuscation

Correct Answer: C

Explanation:

Explanation: Diffusion, on the other hand, means that a single plaintext bit has influence over several of the ciphertext bits. Changing a plaintext value should change many ciphertext values, not just one. In fact, in a strong block cipher, if one plaintext bit is changed, it will change every ciphertext bit with the probability of 50 percent. This means that if one plaintext bit changes, then about half of the ciphertext bits will change.

Certified Information Systems Security Professional – CISSP – Question321

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

A. Reduce application development costs.
B. Potential threats are addressed later in the Software Development Life Cycle (SDLC).
C. Improve user acceptance of implemented security controls.
D. Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).

Correct Answer: D

Certified Information Systems Security Professional – CISSP – Question320

A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

A. Intrusion Prevention System (IPS)
B. Denial of Service (DoS) protection solution
C. One-time Password (OTP) token
D. Web Application Firewall (WAF)

Correct Answer: A

Certified Information Systems Security Professional – CISSP – Question319

Which of the following techniques BEST prevents buffer overflows?

A. Boundary and perimeter offset
B. Character set encoding
C. Code auditing
D. Variant type and bit length

Correct Answer: B

Explanation:

Explanation: Some products installed on systems can also watch for input values that might result in buffer overflows, but the best countermeasure is proper programming. This means use bounds checking. If an input value is only sup-posed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to buffer overflows than others, so programmers should understand these issues, use the right languages for the right purposes, and carry out code review to identify buffer overflow vulnerabilities.

Certified Information Systems Security Professional – CISSP – Question318

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

A. Reasonable data testing
B. Input validation testing
C. Web session testing
D. Allowed data bounds and limits testing

Correct Answer: B