CISSP Exam Dumps | In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation

<< Prev Question Next Question >>

Question 142/312

In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?

A. Increase in evaluated systems

B. Increased interoperability

C. Increased functionality

D. Increase in resource requirement

Question List (312q): Question 1: The birthday attack is MOST effective against which one of t...; Question 2: When implementing a data classification program, why is it i...; Question 3: The BEST way to check for good security programming practice...; Question 4: A security consultant has been asked to research an organiza...; Question 5: The core component of Role Based Access control (RBAC) must ...; Question 6: A vulnerability in which of the following components would b...; Question 7: An engineer in a software company has created a virus creati...; Question 8: According to best practice, which of the following groups is...; Question 9: Which of the following is the MAIN reason that system re-cer...; Question 10: Which of the following statements is TRUE regarding state-ba...; Question 11: When implementing controls in a heterogeneous end-point netw...; Question 12: Change management policies and procedures belong to which of...; Question 13: Which of the following is a method of attacking internet pro...; Question 14: A company receives an email threat informing of an Imminent ...; 2 commentQuestion 15: Which of the following would present the highert annualized ...; Question 16: An organization has hired a security services firm to conduc...; Question 17: Which of the following is the PRIMARY security consideration...; Question 18: Which of the following explains why record destruction requi...; Question 19: Which of the following would BEST support effective testing ...; Question 20: Which of the following elements MUST a compliant EU-US Safe ...; Question 21: Which of the following can be used to calculate the loss eve...; Question 22: While investigating a malicious event, only six days of audi...; Question 23: Which one of the following is a fundamental objective in han...; Question 24: Who in the organization is accountable for classification of...; Question 25: Which of the following BEST describes Recovery Time Objectiv...; Question 26: Which of the following is the BEST approach for a forensic e...; Question 27: Which of the following is the PRIMARY issue when collecting ...; Question 28: Which of the following Disaster Recovery (DR) sites is the M...; Question 29: Which of the following PRIMARILY contributes to security inc...; Question 30: Which of the following is the GREATEST security risk associa...; Question 31: During the Security Assessment and Authorization process, wh...; Question 32: Which of the following is the MOST important element of chan...; Question 33: Which of the following is a MAJOR consideration in implement...; Question 34: Which of the following is the BEST example of weak managemen...; Question 35: All of the following items should be included in a Business ...; Question 36: What is the FIRST step required in establishing a records re...; Question 37: What should be the INITIAL response to Intrusion Detection S...; Question 38: Which of the following is a common feature of an Identity as...; Question 39: Which Web Services Security (WS-Security) specification nego...; Question 40: In the area of disaster planning and recovery, what strategy...; Question 41: Which of the following methods provides the MOST protection ...; Question 42: Which of the following command line tools can be used in the...; Question 43: If a content management system (CMC) is implemented, which o...; Question 44: An important principle of defense in depth is that achieving...; Question 45: A security practitioner has been tasked with establishing or...; Question 46: What is the MOST important purpose of testing the Disaster R...; Question 47: Which of the following can BEST prevent security flaws occur...; 1 commentQuestion 48: A system has been scanned for vulnerabilities and has been f...; Question 49: The type of authorized interactions a subject can have with ...; Question 50: What is the term commonly used to refer to a technique of au...; Question 51: In a change-controlled environment, which of the following i...; Question 52: A software security engineer is developing a black box-based...; Question 53: Which of the following wraps the decryption key of a full di...; Question 54: Which of the following is the MOST difficult to enforce when...; Question 55: When transmitting information over public networks, the deci...; Question 56: Which of the following will have the MOST influence on the d...; Question 57: A large university needs to enable student access to univers...; Question 58: What is a warn site when conducting Business continuity plan...; Question 59: A user downloads a file from the Internet, then applies the ...; Question 60: Software Code signing is used as a method of verifying what ...; Question 61: Which of the following is needed to securely distribute symm...; Question 62: A Denial of Service (DoS) attack on a syslog server exploits...; Question 63: Which of the following MUST an organization do to effectivel...; Question 64: Which of the following initiates the system recovery phase o...; Question 65: Which of the following is a reason to use manual patch insta...; Question 66: Which of the following is held accountable for the risk to o...; Question 67: Which of the following is critical for establishing an initi...; Question 68: Which of the following MUST system and database administrato...; Question 69: Why must all users be positively identified prior to using m...; Question 70: Which of the following is the BEST reason for writing an inf...; Question 71: Which of the following is an essential step before performin...; Question 72: Which of the following MOST influences the design of the org...; Question 73: Which of the following factors contributes to the weakness o...; Question 74: Which of the following is the BEST reason for the use of sec...; Question 75: Which of the following was developed to support multiple pro...; Question 76: An organization is outsourcing its payroll system and is req...; Question 77: A software scanner identifies a region within a binary image...; Question 78: Refer to the information below to answer the question. Durin...; Question 79: Place in order, from BEST (1) to WORST (4), the following me...; Question 80: Which of the following is a responsibility of a data steward...; Question 81: Which of the following statements is TRUE for point-to-point...; Question 82: An organization recently conducted a review of the security ...; Question 83: What security risk does the role-based access approach mitig...; Question 84: Which of the following is the MOST appropriate action when r...; Question 85: Why is a system's criticality classification important in la...; Question 86: Physical assets defined in an organization's Business Impact...; Question 87: In general, servers that are facing the Internet should be p...; Question 88: Which of the following controls is the FIRST step in protect...; Question 89: What is the PRIMARY role of a scrum master in agile developm...; Question 90: By carefully aligning the pins in the lock, which of the fol...; Question 91: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) ...; Question 92: Which layer of the Open system Interconnect (OSI) model is r...; Question 93: Which of the following steps should be performed FIRST when ...; Question 94: Copyright provides protection for which of the following?...; Question 95: A criminal organization is planning an attack on a governmen...; Question 96: Which of the following is the BEST statement for a professio...; Question 97: Which of the following is ensured when hashing files during ...; Question 98: Which of the following is applicable to a publicly held comp...; Question 99: Which of the following is the BEST countermeasure to brute f...; Question 100: What is the PRIMARY difference between security policies and...; Question 101: Which of the following roles has the obligation to ensure th...; Question 102: In the network design below, where is the MOST secure Local ...; Question 103: Network-based logging has which advantage over host-based lo...; Question 104: When evaluating third-party applications, which of the follo...; Question 105: Which of the following is the MOST crucial for a successful ...; Question 106: What is the MOST efficient way to secure a production progra...; Question 107: Which of the following is a strategy of grouping requirement...; Question 108: Which of the following is the MOST important action regardin...; 1 commentQuestion 109: An organization that has achieved a Capability Maturity mode...; Question 110: Which of the following MOST applies to session initiation pr...; Question 111: In the Software Development Life Cycle (SDLC), maintaining a...; Question 112: The use of private and public encryption keys is fundamental...; Question 113: Which of the following are effective countermeasures against...; Question 114: An organization wants to enable uses to authenticate across ...; Question 115: Which of the following BEST describes a Protection Profile (...; Question 116: By allowing storage communications to run on top of Transmis...; Question 117: Which one of the following transmission media is MOST effect...; Question 118: Which of the following methods can be used to achieve confid...; Question 119: An organization implements a remote access server (RAS), Onc...; Question 120: Which of the following approaches is the MOST effective way ...; Question 121: Who must approve modifications to an organization's producti...; Question 122: Which of the following presents the PRIMARY concern to an or...; Question 123: Which of the following methods MOST efficiently manages user...; Question 124: Which item below is a federated identity standard?...; Question 125: What is the BEST first step for determining if the appropria...; Question 126: When assessing an organization's security policy according t...; Question 127: What is the second step in the identity and access provision...; Question 128: Which area of embedded devices are most commonly attacked?...; Question 129: What physical characteristic does a retinal scan biometric d...; Question 130: What is the MAIN feature that onion routing networks offer?...; Question 131: What should be the FIRST action for a security administrator...; Question 132: A security consultant has been hired by a company to establi...; Question 133: Which of the following authorization standards is built to h...; 1 commentQuestion 134: The implementation of which features of an identity manageme...; Question 135: Including a Trusted Platform Module (TPM) in the design of a...; Question 136: Which of the following sets of controls should allow an inve...; Question 137: Which of the following is a security feature of Global Syste...; Question 138: Although code using a specific program language may not be s...; Question 139: Why are mobile devices sometimes difficult to investigate in...; Question 140: Users require access rights that allow them to view the aver...; Question 141: Which of the following is the MOST...; Question 142: In the common criteria (CC) for information technology (IT) ...; Question 143: In a data classification scheme, the data is owned by the...; Question 144: Which security access policy contains fixed security attribu...; Question 145: What is the MAIN reason for testing a Disaster Recovery Plan...; Question 146: What access control scheme uses fine-grained rules to specif...; Question 147: From a security perspective, which of the following assumpti...; Question 148: A vulnerability test on an Information System (IS) is conduc...; Question 149: Who is ultimately responsible to ensure that information ass...; Question 150: In Disaster Recovery (DR) and business continuity training, ...; Question 151: Which of the following combinations would MOST negatively af...; Question 152: For privacy protected data, which of the following roles has...; Question 153: Which security architecture strategy could be applied to sec...; Question 154: In a financial institution, who has the responsibility for a...; Question 155: What is the MOST critical factor to achieve the goals of a s...; Question 156: While inventorying storage equipment, it is found that there...; Question 157: The BEST method to mitigate the risk of a dictionary attack ...; Question 158: An organization has developed a major application that has u...; Question 159: Data leakage of sensitive information is MOST often conceale...; Question 160: Why is planning in Disaster Recovery (DR) an interactive pro...; Question 161: Which is the MOST critical aspect of computer-generated evid...; Question 162: Which of the following activities BEST identifies operationa...; Question 163: What is the BEST approach for controlling access to highly s...; Question 164: For network based evidence, which of the following contains ...; Question 165: What steps can be taken to prepare personally identifiable i...; Question 166: A security professional has been asked to evaluate the optio...; Question 167: An application developer is deciding on the amount of idle s...; Question 168: Which Identity and Access Management (IAM) process can be us...; Question 169: Which of the following would be the FIRST step to take when ...; Question 170: A database administrator is asked by a high-ranking member o...; Question 171: What are the steps of a risk assessment?...; Question 172: Match the access control type to the example of the control ...; Question 173: In Business Continuity Planning (BCP), what is the importanc...; Question 174: The application of a security patch to a product previously ...; Question 175: Access to which of the following is required to validate web...; Question 176: Which of the following is considered a secure coding practic...; Question 177: The 802.1x standard provides a framework for what?...; Question 178: Which one of the following operates at the session, transpor...; Question 179: A project requires the use of en authentication mechanism wh...; Question 180: Which of the following is the GREATEST security risk associa...; Question 181: Which layer handle packet fragmentation and reassembly in th...; Question 182: Rank the Hypertext Transfer protocol (HTTP) authentication t...; Question 183: Which of the below strategies would MOST comprehensively add...; Question 184: Which of the following is the BIGGEST weakness when using na...; Question 185: Why are mobile devices something difficult to investigate in...; Question 186: Which of the following features is MOST effective in mitigat...; Question 187: Which of the following represents the GREATEST risk to data ...; Question 188: Which of the following is the MOST important activity an org...; Question 189: A control to protect from a Denial-of-Service (DoS) attach h...; Question 190: What does the Maximum Tolerable Downtime (MTD) determine?...; Question 191: Which of the following is the FIRST step in the incident res...; Question 192: Which of the following should be included a hardware retenti...; Question 193: A company was ranked as high in the following National Insti...; Question 194: An employee of a retail company has been granted an extended...; Question 195: Which of the following is MOST important when deploying digi...; Question 196: Which of the following assures that rules are followed in an...; Question 197: Sensitive customer data is going to be added to a database. ...; Question 198: The goal of a Business Impact Analysis (BIA) is to determine...; Question 199: Which of the following is true of Service Organization Contr...; Question 200: Which Hyper Text Markup Language 5 (HTML5) option presents a...; Question 201: Which of the following is BEST suited for exchanging authent...; Question 202: Which of the following initiates the systems recovery phase ...; Question 203: Refer to the information below to answer the question. An or...; Question 204: Which of the following is MOST appropriate for protecting co...; Question 205: Which of the following is the primary advantage of segmentin...; Question 206: Which of the following is PRIMARILY adopted for ensuring the...; Question 207: Which of the following standards/guidelines requires an Info...; Question 208: At what level of the Open System Interconnection (OSI) model...; Question 209: What is the BEST way to establish identity over the internet...; Question 210: Mandatory Access Controls (MAC) are based on:...; Question 211: Which of the following is considered the last line defense i...; Question 212: Which of the following is a process within a Systems Enginee...; Question 213: Which of the following is the best practice for testing a Bu...; Question 214: In a basic SYN flood attack, what is the attacker attempting...; Question 215: Recovery strategies of a Disaster Recovery planning (DRIP) M...; Question 216: What is the PRIMARY advantage of using automated application...; Question 217: Who is accountable for the information within an Information...; Question 218: Which of the following could elicit a Denial of Service (DoS...; Question 219: Which of the following BEST describes the responsibilities o...; Question 220: What balance MUST be considered when web application develop...; Question 221: An analysis finds unusual activity coming from a computer th...; Question 222: Match the functional roles in an external audit to their res...; Question 223: Which one of the following is an advantage of an effective r...; Question 224: An organization is found lacking the ability to properly est...; Question 225: Which of the following is the MOST likely cause of a non-mal...; Question 226: Which of the following is a characteristic of a challenge/re...; Question 227: An organization plan on purchasing a custom software product...; Question 228: During the risk assessment phase of the project the CISO dis...; Question 229: Which of the following are Systems Engineering Life Cycle (S...; Question 230: Which of the following is the PRIMARY reason a sniffer opera...; Question 231: When determining who can accept the risk associated with a v...; Question 232: Which of the following will help identify the source interne...; Question 233: What is the PRIMARY goal for using Domain Name System Securi...; Question 234: A large corporation is looking for a solution to automate ac...; Question 235: Which one of the following considerations has the LEAST impa...; Question 236: The adoption of an enterprise-wide business continuilty prog...; Question 237: At which layer of the Open Systems Interconnect (OSI) model ...; Question 238: Which technique can be used to make an encryption scheme mor...; Question 239: Refer to the information below to answer the question. A lar...; Question 240: Which of the following is a characteristic of an internal au...; Question 241: Which of the following command line tools can be used in the...; Question 242: Which of the following is a common characteristic of privacy...; Question 243: Which of the following is mobile device remote fingerprintin...; Question 244: The design review for an application has been completed and ...; Question 245: Which programming methodology allows a programmer to use pre...; Question 246: Which of the following is a benefit in implementing an enter...; Question 247: Which of the following BEST mitigates a replay attack agains...; Question 248: What technique BEST describes antivirus software that detect...; Question 249: A security compliance manager of a large enterprise wants to...; Question 250: Which of the following would MINIMIZE the ability of an atta...; Question 251: When using Security Assertion markup language (SAML), it is ...; Question 252: What is the foundation of cryptographic functions?...; Question 253: Which one of the following activities would present a signif...; Question 254: When building a data classification scheme, which of the fol...; Question 255: What is the purpose of an Internet Protocol (IP) spoofing at...; Question 256: Which of the following is the MOST important activity an org...; Question 257: Which of the following is a network intrusion detection tech...; Question 258: Place the following information classification steps in sequ...; Question 259: Which of the following media is least problematic with data ...; Question 260: Additional padding may be added to the Encapsulating securit...; Question 261: Which of the following is the MOST important security goal w...; Question 262: What Is the FIRST step for a digital investigator to perform...; Question 263: During an audit, the auditor finds evidence of potentially i...; Question 264: Which of the following provides the MOST protection against ...; Question 265: Which of the following is an effective control in preventing...; Question 266: Which of the following is MOST effective in detecting inform...; Question 267: Asymmetric algorithms are used for which of the following wh...; Question 268: A risk assessment report recommends upgrading all perimeter ...; Question 269: When is a Business Continuity Plan (BCP) considered to be va...; Question 270: Passive Infrared Sensors (PIR) used in a non-climate control...; Question 271: Which security approach will BEST minimize Personally Identi...; Question 272: When designing a vulnerability test, which one of the follow...; Question 273: A Security Operations Center (SOC) receives an incident resp...; Question 274: Which of the following is a physical security control that p...; Question 275: Which of the following BEST describes the purpose of perform...; Question 276: Drag the following Security Engineering terms on the left to...; Question 277: Which of the following is an initial consideration when deve...; Question 278: Why should Open Wab Application Secuirty Project (OWASP) App...; Question 279: What is the GREATEST challenge of an agent-based patch manag...; Question 280: If an identification process using a biometric system detect...; Question 281: In order for application developers to detect potential vuln...; Question 282: An application team is running tests to ensure that user ent...; Question 283: Which of the following entails identification of data end li...; Question 284: What should be used immediately after a Business Continuity ...; Question 285: Which of the following would an attacker be able to accompli...; Question 286: Which of the following is TRUE about Disaster Recovery Plan ...; Question 287: With what frequency should monitoring of a control occur whe...; Question 288: Which of the following is the MOST effective method of mitig...; Question 289: Which Web Services Security (WS-Security) specification hand...; Question 290: Refer to the information below to answer the question. In a ...; Question 291: A development operations team would like to start building n...; Question 292: Which of the following is a recommended alternative to an in...; Question 293: What is the document that describes the measures that have b...; Question 294: The core component of Role Based Access Control (RBAC) must ...; Question 295: Changes to a Trusted Computing Base (TCB) system that could ...; Question 296: Discretionary Access Control (DAC) restricts access accordin...; Question 297: Which of the following MUST be done when promoting a securit...; Question 298: When should an application invoke re-authentication in addit...; Question 299: Due to system constraints, a group of system administrators ...; Question 300: Single Sign-On (SSO) is PRIMARILY designed to address which ...; Question 301: When adopting software as a service (Saas), which security r...; Question 302: Refer to the information below to answer the question. An or...; Question 303: The use of proximity card to gain access to a building is an...; Question 304: A security professional is asked to provide a solution that ...; Question 305: Additional padding may be added to toe Encapsulating Securit...; Question 306: How does identity as a service (IDaaS) provide an easy mecha...; Question 307: The World Trade Organization's (WTO) agreement on Trade-Rela...; Question 308: Which of the following does Temporal Key Integrity Protocol ...; Question 309: Why do certificate Authorities (CA) add value to the securit...; Question 310: Refer to the information below to answer the question. A sec...; Question 311: When building a data center, site location and construction ...; Question 312: Which of the following mandates the amount and complexity of...

Question 142/312

LEAVE A REPLY

Download PDF File