CISSP Exam Dumps | When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way

<< Prev Question Next Question >>

Question 426/602

When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

A. Regularity change the passwords,

B. implement a password vaulting solution.

C. Lock passwords in tamperproof envelopes in a safe.

D. Implement a strict access control policy.

Question List (602q): Question 1: If an employee transfers from one role to another, which of ...; Question 2: Management has decided that a core application will be used ...; Question 3: Which of the following is the BEST method a security practit...; Question 4: Which of the following is a canon of the (ISC)2 Code of Ethi...; Question 5: A client server infrastructure that provides user-to-server ...; Question 6: A security engineer is required to integrate security into a...; Question 7: What is the MOST effective way to protect privacy?...; Question 8: Which of the following could be considered the MOST signific...; Question 9: What determines the level of security of a combination lock?...; Question 10: What is the PRIMARY goal of fault tolerance?...; Question 11: Which of the following is the MOST secure password technique...; Question 12: A customer continues to experience attacks on their email, w...; Question 13: Which attack defines a piece of code that is inserted into s...; Question 14: Who should formulate conclusions from a particular digital f...; Question 15: Which of the following BEST describes the responsibilities o...; Question 16: Which of the following is included in the Global System for ...; Question 17: Multi-threaded applications are more at risk than single-thr...; Question 18: An organization is designing a large enterprise-wide documen...; Question 19: Order the below steps to create an effective vulnerability m...; Question 20: Which of the fallowing statements is MOST accurate regarding...; Question 21: Which of the following is a security limitation of File Tran...; Question 22: Which of the following measures serves as the BEST means for...; Question 23: A large bank deploys hardware tokens to all customers that u...; Question 24: Which of the following protection is provided when using a V...; Question 25: A security professional has been asked to evaluate the optio...; Question 26: Which of the following actions should be undertaken prior to...; Question 27: Match the access control type to the example of the control ...; Question 28: An attacker is able to remain indefinitely logged into a exp...; Question 29: What is the FINAL step in the waterfall method for contingen...; Question 30: Which of the following is the PRIMARY benefit of a formalize...; Question 31: Which of the following is the MAIN reason for using configur...; Question 32: Which of the following techniques evaluates the secure Bet p...; Question 33: Which of the following is the PRIMARY consideration when det...; Question 34: Which of the following is the MOST significant key managemen...; Question 35: Which of the following is performed to determine a measure o...; Question 36: What would be the BEST action to take in a situation where c...; Question 37: Which of the following addresses requirements of security as...; Question 38: What is the PRIMARY advantage of using automated application...; Question 39: Which security service is served by the process of encryptio...; Question 40: In the common criteria (CC) for information technology (IT) ...; Question 41: When a flaw in Industrial control (ICS) software is discover...; Question 42: A security engineer is designing a Customer Relationship Man...; Question 43: When designing a networked Information System (IS) where the...; Question 44: Which of the following BEST describes the purpose of perform...; Question 45: An organization publishes and periodically updates its emplo...; Question 46: A software development company has a short timeline in which...; Question 47: An organization is selecting a service provider to assist in...; Question 48: A recent security audit is reporting several unsuccessful lo...; Question 49: Which of the following four iterative steps are conducted on...; Question 50: When using Security Assertion markup language (SAML), it is ...; Question 51: During a fingerprint verification process, which of the foll...; Question 52: Which of the following is an advantage of on premise Credent...; Question 53: Which reporting type requires a service organization to desc...; Question 54: The Hardware Abstraction Layer (HAL) is implemented in the...; Question 55: An organization's retail website provides its only source of...; Question 56: The Chief Information Security Officer (CISO) of a small org...; Question 57: Refer to the information below to answer the question. An or...; Question 58: An organization that has achieved a Capability Maturity mode...; Question 59: A hacker can use a lockout capability to start which of the ...; Question 60: Which of the following is an important requirement when desi...; Question 61: What is the MOST important consideration from a data securit...; Question 62: Which of the following protects personally identifiable info...; Question 63: A technician wants to install a WAP in the center of a room ...; Question 64: Which of the following is an open standard for exchanging au...; Question 65: The Industrial Control System (ICS) Computer Emergency Respo...; Question 66: Which of the following is a BEST practice when traveling int...; Question 67: Which of the following statements is TRUE of black box testi...; Question 68: A security engineer is assigned to work with the patch and v...; Question 69: Which of the following is a MAJOR concern when there is a ne...; Question 70: What security management control is MOST often broken by col...; Question 71: A new Chief Information Officer (CIO) created a group to wri...; Question 72: Are companies legally required to report all data breaches?...; Question 73: The security team has been tasked with performing an interfa...; Question 74: An organization has developed a way for customers to share i...; Question 75: Which of the following is a potential risk when a program ru...; Question 76: When configuring Extensible Authentication Protocol (EAP) in...; Question 77: What is the BEST design for securing physical perimeter prot...; Question 78: Which of the following is a term used to describe maintainin...; Question 79: During a recent assessment an organization has discovered th...; Question 80: What is the PRIMARY consideration when testing industrial co...; Question 81: What testing technique enables the designer to develop mitig...; Question 82: A security practitioner needs to implementation solution to ...; Question 83: Which of the following is a PRIMARY advantage of using a thi...; Question 84: Which of the following command line tools can be used in the...; Question 85: Which type of test suite should be run for fast feedback dur...; Question 86: Which of the following goals represents a modern shift in ri...; Question 87: Which of the following statements is TRUE for point-to-point...; Question 88: Which of the following BEST describes an access control meth...; Question 89: Which of the following is the BEST Identity-as-a-Service (ID...; Question 90: What is the correct order of steps in an information securit...; Question 91: Disaster Recovery Plan (DRP) training material should be...; Question 92: Which of the following is the MOST beneficial to review when...; Question 93: Which of the following BEST obtains an objective audit of se...; Question 94: An organization is planning to have an it audit of its as a ...; Question 95: A network scan found 50% of the systems with one or more cri...; Question 96: Which of the following is the MOST important reason for usin...; Question 97: Which of the following would BEST support effective testing ...; Question 98: Which of the following is the primary advantage of segmentin...; Question 99: Which of the following will an organization's network vulner...; Question 100: When developing an organization's information security budge...; Question 101: What documentation is produced FIRST when performing an effe...; Question 102: Which of the following is a direct monetary cost of a securi...; Question 103: Which of the following is the BEST identity-as-a-service (ID...; Question 104: An organization is implementing data encryption using symmet...; Question 105: Which of the following problems is not addressed by using OA...; Question 106: When recovering from an outage, what is the Recovery Point O...; Question 107: In the last 15 years a company has experienced three electri...; Question 108: Which of the following is used to support the concept of def...; Question 109: Network-based logging has which advantage over host-based lo...; Question 110: An external attacker has compromised an organization's netwo...; Question 111: What should be the INITIAL response to Intrusion Detection S...; Question 112: Which of the following is the BEST way to mitigate circumven...; Question 113: When designing a new Voice over Internet Protocol (VoIP) net...; Question 114: The World Trade Organization's (WTO) agreement on Trade-Rela...; Question 115: A disadvantage of an application filtering firewall is that ...; Question 116: Which of the following outsourcing agreement provisions has ...; Question 117: A vulnerability test on an Information System (IS) is conduc...; Question 118: What is considered the BEST explanation when determining whe...; Question 119: Internet Protocol (IP) source address spoofing is used to de...; Question 120: Which of the following entails identification of data end li...; Question 121: A company has decided that they need to begin maintaining as...; Question 122: Which of the following is the PRIMARY reason to perform regu...; Question 123: Refer to the information below to answer the question. An or...; Question 124: Which type of fire alarm system sensor is intended to detect...; Question 125: Which of the following is an effective control in preventing...; Question 126: An organization has determined that its previous waterfall a...; Question 127: Which of the following roles has the obligation to ensure th...; Question 128: Which of the following MOST influences the design of the org...; Question 129: Which of the following BEST describes the objectives of the ...; Question 130: The Structured Query Language (SQL) implements Discretionary...; Question 131: What is the MOST important criterion that needs to be adhere...; Question 132: In a large company, a system administrator needs to assign u...; Question 133: Reciprocal backup site agreements are considered to be...; Question 134: An Internet media company produces and broadcasts highly pop...; Question 135: The existence of physical barriers, card and personal identi...; Question 136: Vulnerability scanners may allow for the administrator to as...; Question 137: Which of the following types of technologies would be the MO...; Question 138: Which area of embedded devices are most commonly attacked?...; Question 139: A digitally-signed e-mail was delivered over a wireless netw...; Question 140: Which of the following provides the BEST method to verify th...; Question 141: When using Generic Routing Encapsulation (GRE) tunneling ove...; Question 142: Which of the following methods can be used to achieve confid...; Question 143: While reviewing the financial reporting risks of a third-par...; Question 144: Between which pair of Open System Interconnection (OSI) Refe...; Question 145: Which of the following mandates the amount and complexity of...; Question 146: Which of the following elements MUST a compliant EU-US Safe ...; Question 147: Which of the following BEST describes botnets?...; Question 148: Which of the following is a method used to prevent Structure...; Question 149: What security risk does the role-based access approach mitig...; Question 150: An organization has a short-term agreement with a public Clo...; Question 151: Which of the following countermeasures is the MOST effective...; Question 152: Which one of the following BEST protects vendor accounts tha...; Question 153: Which of the following is the name of an individual or group...; Question 154: An organization implements a remote access server (RAS), Onc...; Question 155: All hosts on the network are sending logs via syslog-ng to t...; Question 156: Which of the following is used by the Point-to-Point Protoco...; Question 157: Which of the following BEST describes centralized identity m...; Question 158: A security consultant has been asked to research an organiza...; Question 159: What is the MINIMUM standard for testing a disaster recovery...; Question 160: Which of the following is the MOST important consideration t...; Question 161: By allowing storage communications to run on top of Transmis...; Question 162: Which of the following is MOST effective in detecting inform...; Question 163: If an attacker in a SYN flood attack uses someone else's val...; Question 164: Match the objectives to the assessment questions in the gove...; Question 165: Which of the following technologies would provide the BEST a...; Question 166: When assessing the audit capability of an application, which...; Question 167: Which is the second phase of public key Infrastructure (pk1)...; Question 168: Knowing the language in which an encrypted message was origi...; Question 169: Who has the PRIMARY responsibility to ensure that security o...; Question 170: Which of the following should be included in a good defense-...; Question 171: Why is data classification control important to an organizat...; Question 172: A security architect is developing an information system for...; Question 173: Which of the following needs to be tested to achieve a Cat 6...; Question 174: The security organization is loading for a solution that cou...; Question 175: Which of the following are core categories of malicious atta...; Question 176: The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for...; Question 177: Which is MOST important when negotiating an Internet service...; Question 178: When determining who can accept the risk associated with a v...; Question 179: Which of the following is the BEST approach to implement mul...; Question 180: copyright provides protection for which of the following?...; Question 181: Match the functional roles in an external audit to their res...; Question 182: Which of the following could cause a Denial of Service (DoS)...; Question 183: An organization implements Network Access Control (NAC) ay I...; Question 184: What is the overall goal of software security testing?...; Question 185: When defining a set of security controls to mitigate a risk,...; Question 186: Which of the following routing protocols is used to exchange...; Question 187: Which of the following is a characteristic of an internal au...; Question 188: Utilizing a public wireless Local Area network (WLAN) to con...; Question 189: Before allowing a web application into the production enviro...; Question 190: The security accreditation task of the System Development Li...; Question 191: Which of the following entails identification of data and li...; Question 192: Limiting the processor, memory, and Input/output (I/O) capab...; Question 193: Which of the following is TRUE about Disaster Recovery Plan ...; Question 194: Which software defined networking (SDN) architectural compon...; Question 195: A software scanner identifies a region within a binary image...; Question 196: Which of the following is the PRIMARY type of cryptography r...; Question 197: Assessing a third party's risk by counting bugs in the code ...; Question 198: Which of the following is the BEST approach to take in order...; Question 199: Which of the following is the BEST way to determine the succ...; Question 200: Which of the following is a unique feature of attribute-base...; Question 201: Which of the following is required to determine classificati...; Question 202: Which of the following MUST system and database administrato...; Question 203: From a security perspective, which of the following assumpti...; Question 204: Which of the following initiates the systems recovery phase ...; Question 205: Which of the following is needed to securely distribute symm...; Question 206: Additional padding may be added to toe Encapsulating Securit...; Question 207: Which of the following describes the BEST configuration mana...; Question 208: If virus infection is suspected, which of the following is t...; Question 209: Which of the following are important criteria when designing...; Question 210: Which of the following is fundamentally required to address ...; Question 211: When is security personnel involvement in the Systems Develo...; Question 212: Which of the following is the MAIN goal of a data retention ...; Question 213: A small office is running WiFi 4 APs, and neighboring office...; Question 214: Which of the following types of web-based attack is happenin...; Question 215: Upon commencement of an audit within an organization, which ...; Question 216: What is the MOST effective countermeasure to a malicious cod...; Question 217: A Business Continuity Plan (BCP) is based on...; Question 218: Which type of disaster recovery plan (DRP) testing carries t...; Question 219: In a High Availability (HA) environment, what is the PRIMARY...; Question 220: For a federated identity solution, a third-party Identity Pr...; Question 221: Which component of the Security Content Automation Protocol ...; Question 222: As part of the security assessment plan, the security profes...; Question 223: Which of the following initiates the system recovery phase o...; Question 224: International bodies established a regulatory scheme that de...; Question 225: What is the difference between media marking and media label...; Question 226: Information security practitioners are in the midst of imple...; Question 227: When telephones in a city are connected by a single exchange...; Question 228: A software engineer uses automated tools to review applicati...; Question 229: In general, servers that are facing the Internet should be p...; Question 230: Digital certificates used transport Layer security (TLS) sup...; Question 231: A cloud service provider requires its customer organizations...; Question 232: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunn...; Question 233: Which one of these risk factors would be the LEAST important...; Question 234: If the wide area network (WAN) is supporting converged appli...; Question 235: The disaster recovery (DR) process should always include...; Question 236: A security professional has reviewed a recent site assessmen...; Question 237: Which item below is a federated identity standard?...; Question 238: What is the MOST important factor in establishing an effecti...; Question 239: The Chief Information Security Officer (CISO) is concerned a...; Question 240: Which of the following adds end-to-end security inside a Lay...; Question 241: How does identity as a service (IDaaS) provide an easy mecha...; Question 242: Which of the following BEST describes the use of network arc...; Question 243: Which layer of the Open Systems Interconnections (OSI) model...; Question 244: Which of the following in the BEST way to reduce the impact ...; Question 245: Place the following information classification steps in sequ...; Question 246: Which of the following is BEST suited for exchanging authent...; Question 247: An organization recently upgraded to a Voice over Internet P...; Question 248: In order to assure authenticity, which of the following are ...; Question 249: Refer to the information below to answer the question. An or...; Question 250: Which security access policy contains fixed security attribu...; Question 251: According to the (ISC)? ethics canon "act honorably, honestl...; Question 252: Which of the following is the BEST method to validate secure...; Question 253: A company-wide penetration test result shows customers could...; Question 254: Which of the following would be considered an incident if re...; Question 255: A web developer is completing a new web application security...; Question 256: What should be used to determine the risks associated with u...; Question 257: What is the most effective form of media sanitization to ens...; Question 258: Which Radio Frequency Interference (RFI) phenomenon associat...; Question 259: In the area of disaster planning and recovery, what strategy...; Question 260: Which of the following BEST describes the standard used to e...; Question 261: Which of the following provides effective management assuran...; Question 262: Which of the following is the MOST important consideration w...; Question 263: Which of the following is the PRIMARY risk with using open s...; Question 264: Who is responsible for the protection of information when it...; Question 265: Sensitive customer data is going to be added to a database. ...; Question 266: A security architect is responsible for the protection of a ...; Question 267: A corporate security policy specifies that all devices on th...; Question 268: In systems security engineering, what does the security prin...; Question 269: Which of the following analyses is performed to protect info...; Question 270: Clothing retailer employees are provisioned with user accoun...; Question 271: Which of the following is the MAIN benefit of off-site stora...; Question 272: Which of the following is the PRIMARY security consideration...; Question 273: The MAIN task of promoting security for Personal Computers (...; Question 274: The restoration priorities of a Disaster Recovery Plan (DRP)...; Question 275: When network management is outsourced to third parties, whic...; Question 276: Which of the following is the MOST effective preventative me...; Question 277: Which of the following is the MOST important consideration i...; Question 278: Which security approach will BEST minimize Personally Identi...; Question 279: In which order, from MOST to LEAST impacted, does user aware...; Question 280: Multi-Factor Authentication (MFA) is necessary in many syste...; Question 281: Rank the Hypertext Transfer protocol (HTTP) authentication t...; Question 282: The amount of data that will be collected during an audit is...; Question 283: Which of the following virtual network configuration options...; Question 284: Which of the following is the BEST technique to facilitate s...; Question 285: In the "Do" phase of the Plan-Do-Check-Act model, which of t...; Question 286: Which of the following restricts the ability of an individua...; Question 287: Which of the following is a secure design principle for a ne...; Question 288: How is Remote Authentication Dial-In User Service (RADIUS) a...; Question 289: Which of the following provides the MOST protection against ...; Question 290: What is the FIRST step in risk management?...; Question 291: Which of the following job functions MUST be separated to ma...; Question 292: Which of the following is the MOST effective method of detec...; Question 293: An engineer notices some late collisions on a half-duplex li...; Question 294: The European Union (EU) General Data Protection Regulation (...; Question 295: Which of the following are mandatory canons for the (ISC)* C...; Question 296: How can an attacker exploit overflow to execute arbitrary co...; Question 297: Which of the following MUST an organization do to effectivel...; Question 298: Which of the following is critical for establishing an initi...; Question 299: Which of the following trust services principles refers to t...; Question 300: Which of the following is BEST achieved through the use of e...; Question 301: Which of the following phases in the software acquisition pr...; Question 302: With data labeling, which of the following MUST be the key d...; Question 303: Which of the following statements is TRUE regarding value bo...; Question 304: With what frequency should monitoring of a control occur whe...; Question 305: Why is planning the MOST critical phase of a Role Based Acce...; Question 306: The application of which of the following standards would BE...; Question 307: In a basic SYN flood attack, what is the attacker attempting...; Question 308: Which of the following security tools will ensure authorized...; Question 309: If an identification process using a biometric system detect...; Question 310: What type of investigation applies when malicious behavior i...; Question 311: The PRIMARY purpose of accreditation is to:...; Question 312: Who is essential for developing effective test scenarios for...; Question 313: Which of the following is the FIRST step for defining Servic...; Question 314: Which of the following is held accountable for the risk to o...; Question 315: How can a forensic specialist exclude from examination a lar...; Question 316: A security professional can BEST mitigate the risk of using ...; Question 317: Who is accountable for the information within an Information...; Question 318: The acquisition of personal data being obtained by a lawful ...; Question 319: Which of the following is a responsibility of the informatio...; Question 320: In setting expectations when reviewing the results of a secu...; Question 321: Which section of the assessment report addresses separate vu...; Question 322: During a Disaster Recovery (DR) simu-lation, it is discovere...; Question 323: Which of the following features is MOST effective in mitigat...; Question 324: Which of the following is a characteristic of the initializa...; Question 325: How long should the records on a project be retained?...; Question 326: What is the PRIMARY objective of an application security ass...; Question 327: An organization has requested storage area network (SAN) dis...; Question 328: What is the MAIN objective of risk analysis in Disaster Reco...; Question 329: As one component of a physical security system, an Electroni...; Question 330: An organization recently conducted a review of the security ...; Question 331: What should an auditor do when conducting a periodic audit o...; Question 332: Which Web Services Security (WS-Security) specification main...; Question 333: Which of the following is the BEST definition of Cross-Site ...; Question 334: Which of the following is a recommended alternative to an in...; Question 335: Which of the following techniques evaluates the secure desig...; Question 336: Which of the following is the MOST comprehensive Business Co...; Question 337: Which of the following is the MOST important element of chan...; Question 338: What is the FIRST step for an organization to take before al...; Question 339: A company hired an external vendor to perform a penetration ...; Question 340: Given a file containing ordered number, i.e. "123456789," ma...; Question 341: A security practitioner has been tasked with establishing or...; Question 342: What does the term "100-year floodplain" mean to emergency p...; Question 343: What is a characteristic of Secure Socket Layer (SSL) and Tr...; Question 344: Which of the following frameworks provides vulnerability met...; Question 345: What type of access control determines the authorization to ...; Question 346: Activity to baseline, tailor, and scope security controls ti...; Question 347: The MAIN purpose of placing a tamper seal on a computer syst...; Question 348: The PRIMARY outcome of a certification process is that it pr...; Question 349: A security architect is reviewing plans for an application w...; Question 350: Which of the following is the BIGGEST weakness when using na...; Question 351: In which of the following scenarios is locking server cabine...; Question 352: What is the MOST effective response to a hacker who has alre...; Question 353: Who should perform the design review to uncover security des...; Question 354: An organization has discovered that users are visiting unaut...; Question 355: Which of the following is the BEST way to protect against St...; Question 356: Which of the following protocols will allow the encrypted tr...; Question 357: Which of the following is used to ensure that data mining ac...; Question 358: Which combination of cryptographic algorithms are compliant ...; Question 359: In which identity management process is the subject's identi...; Question 360: Which is the RECOMMENDED configuration mode for sensors for ...; Question 361: A software development company found odd behavior in some re...; Question 362: An organization is required to comply with the Payment Card ...; Question 363: When reviewing vendor certifications for handling and proces...; Question 364: Which technology is a prerequisite for populating the cloud-...; Question 365: What type of risk is related to the sequences of value-addin...; Question 366: A client has reviewed a vulnerability assessment report and ...; Question 367: An organization has discovered that organizational data is p...; Question 368: Which of the following features is MOST effective in mitigat...; Question 369: Which of the following is the MOST difficult to enforce when...; Question 370: A network administrator is configuring a database server and...; Question 371: Which one of the following considerations has the LEAST impa...; Question 372: Which of the following are all elements of a disaster recove...; Question 373: Once the types of information have been identified, who shou...; Question 374: Which of the following types of hosts should be operating in...; Question 375: Physical Access Control Systems (PACS) allow authorized secu...; Question 376: Assuming an individual has taken all of the steps to keep th...; Question 377: Which of the following is the MOST effective strategy to pre...; Question 378: Which of the following is the BEST approach for a forensic e...; Question 379: As part of an application penetration testing process, sessi...; Question 380: Which of the following is the BEST method a security practit...; Question 381: When dealing with compliance with the Payment Card Industry-...; Question 382: The use of strong authentication, the encryption of Personal...; Question 383: Asymmetric algorithms are used for which of the following wh...; Question 384: During which of the following processes is least privilege i...; Question 385: What principle requires that changes to the plaintext affect...; Question 386: Which of the following prevents improper aggregation of priv...; Question 387: What component of a web application that stores the session ...; Question 388: During an investigation of database theft from an organizati...; Question 389: At what stage of the Software Development Life Cycle (SDLC) ...; Question 390: An international medical organization with headquarters in t...; Question 391: Digital certificates used in Transport Layer Security (TLS) ...; Question 392: A database administrator is asked by a high-ranking member o...; Question 393: Which of the following is MOST critical in a contract in a c...; Question 394: Which of the following MUST be considered when developing bu...; Question 395: Which evidence collecting technique would be utilized when i...; Question 396: Which would result in the GREATEST import following a breach...; Question 397: When transmitting information over public networks, the deci...; Question 398: An organization has implemented a new backup process which p...; Question 399: When should an application invoke re-authentication in addit...; Question 400: In which process MUST security be considered during the acqu...; Question 401: A company whose Information Technology (IT) services are bei...; Question 402: When developing solutions for mobile devices, in which phase...; Question 403: Which technique can be used to make an encryption scheme mor...; Question 404: What action should be taken by a business line that is unwil...; Question 405: Which of the following provides the minimum set of privilege...; Question 406: What is the FIRST step prior to executing a test of an organ...; Question 407: The Secure Shell (SSH) version 2 protocol supports....; Question 408: What should be the FIRST action for a security administrator...; Question 409: Which of the following examples is BEST to minimize the atta...; Question 410: Additional padding may be added to the Encapsulating securit...; Question 411: Which of the following is a security weakness in the evaluat...; Question 412: Which of the following is an accurate statement when an asse...; Question 413: A database server for a financial application is scheduled f...; Question 414: Which of the following is the BEST way to protect against st...; Question 415: What technique used for spoofing the origin of an email can ...; Question 416: As a security manger which of the following is the MOST effe...; Question 417: Which of the following is a PRIMARY challenge when running a...; Question 418: A security analyst for a large financial institution is revi...; Question 419: A company is attempting to enhance the security of its user ...; Question 420: Which of the following is a remote access protocol that uses...; Question 421: Which of the following is the FIRST step in the incident res...; Question 422: Which of the following is an initial consideration when deve...; Question 423: Refer to the information below to answer the question. An or...; Question 424: What is the MOST appropriate hierarchy of documents when imp...; Question 425: Who in the organization is accountable for classification of...; Question 426: When dealing with shared, privilaged accounts, especially th...; Question 427: During the risk assessment phase of the project the CISO dis...; Question 428: If a content management system (CSM) is implemented, which o...; Question 429: What is the process of removing sensitive data from a system...; Question 430: Access to which of the following is required to validate web...; Question 431: A Chief Information Security Officer (CISO) of a firm which ...; Question 432: Which of the following attacks is dependent upon the comprom...; Question 433: Computer forensics require which of the following are MAIN s...; Question 434: In order for a security policy to be effective within an org...; Question 435: An Information Technology (IT) professional attends a cybers...; Question 436: What is the BEST way to establish identity over the internet...; Question 437: In a data classification scheme, the data is owned by the...; Question 438: Which of the following BEST describes the responsibilities o...; Question 439: Which of the following is a common measure within a Local Ar...; Question 440: Which of the following is the BEST way to protect an organiz...; Question 441: The PRIMARY characteristic of a Distributed Denial of Servic...; Question 442: Which of the following is an indicator that a company's new ...; Question 443: An internal Service Level Agreement (SLA) covering security ...; Question 444: A mobile device application that restricts the storage of us...; Question 445: Refer to the information below to answer the question. Durin...; Question 446: Which of the following BEST represents the concept of least ...; Question 447: What is the PRIMARY purpose for an organization to conduct a...; Question 448: Recovery strategies of a Disaster Recovery planning (DRIP) M...; Question 449: Which of the following would an attacker BEST be able to acc...; Question 450: A cybersecurity engineer has been tasked to research and imp...; Question 451: Who would be the BEST person to approve an organizations inf...; Question 452: Which of the following is a limitation of the Common Vulnera...; Question 453: Which of the following are required components for implement...; Question 454: Which of the following is the top barrier for companies to a...; Question 455: Which of the following is the MOST appropriate action when r...; Question 456: A manager identified two conflicting sensitive user function...; Question 457: When reviewing the security logs, the password shown for an ...; Question 458: "Stateful" differs from "Static" packet filtering firewalls ...; Question 459: Which of the following is the BEST method to reduce the effe...; Question 460: In addition to life, protection of which of the following el...; Question 461: Which of the following is the BEST defense against password ...; Question 462: A user's credential for an application is stored in a relati...; Question 463: Secure coding can be developed by applying which one of the ...; Question 464: Which of the following is established to collect information...; Question 465: An Intrusion Detection System (IDS) is based on the general ...; Question 466: A security manager has noticed an inconsistent application o...; Question 467: An attack utilizing social engineering and a malicious Unifo...; Question 468: Which of the following is a common characteristic of privacy...; Question 469: Which programming methodology allows a programmer to use pre...; Question 470: A security professional has been assigned to assess a web ap...; Question 471: Which of the following is an example of a vulnerability of f...; Question 472: Which of the following MUST a security professional do in or...; Question 473: In which of the following programs is it MOST important to i...; Question 474: Which of the following is used to detect steganography?...; Question 475: Which of the following BEST describes a rogue Access Point (...; Question 476: Which of the following roles is responsible for ensuring tha...; Question 477: Which of the following BEST describes why software assurance...; Question 478: Which of the following is an authentication protocol in whic...; Question 479: An attacker has intruded into the source code management sys...; Question 480: A user sends an e-mail request asking for read-only access t...; Question 481: A user downloads a file from the Internet, then applies the ...; Question 482: What type of database attack would allow a customer service ...; Question 483: Which of the following actions should be taken by a security...; Question 484: Which of the following mechanisms will BEST prevent a Cross-...; Question 485: An information security professional is reviewing user acces...; Question 486: When designing a vulnerability test, which one of the follow...; Question 487: According to the Capability Maturity Model Integration (CMMI...; Question 488: Information Security Continuous Monitoring (1SCM) is defined...; Question 489: The Chief Information Security Officer (CISO) of an organiza...; Question 490: What is the PRIMARY reason for ethics awareness and related ...; Question 491: Which is the BEST control to meet the Statement on Standards...; Question 492: Which change management role is responsible for the overall ...; Question 493: A corporation does not have a formal data destruction policy...; Question 494: Which of the following vulnerability assessment activities B...; Question 495: Which of the following is a common feature of an Identity as...; Question 496: When developing the entitlement review process, which of the...; Question 497: What is the term used to define where data is geographically...; Question 498: A company wants to store data related to users on an offsite...; Question 499: In Identity Management (IdM), when is the verification stage...; Question 500: A vehicle of a private courier company that transports backu...; Question 501: An audit of an application reveals that the current configur...; Question 502: Which of the following practices provides the development te...; Question 503: How should an organization determine the priority of its rem...; Question 504: Which of the following processes has the PRIMARY purpose of ...; Question 505: Which of the following is of GREATEST assistance to auditors...; Question 506: Which of the following is the MOST common use of the Online ...; Question 507: Which of the following contributes MOST to the effectiveness...; Question 508: A Certified Information Systems Security Professional (CISSP...; Question 509: The BEST way to check for good security programming practice...; Question 510: A software developer wishes to write code that will execute ...; Question 511: What is the benefit of an operating system (OS) feature that...; Question 512: Which one of the following would cause an immediate review a...; Question 513: An employee receives a promotion that entities them to acces...; Question 514: While dealing with the consequences of a security incident, ...; Question 515: The implementation of which features of an identity manageme...; Question 516: What is the BEST location in a network to place Virtual Priv...; Question 517: Which of the following open source software issues pose the ...; Question 518: Individuals have been identified and determined as having a ...; Question 519: At which phase of the software assurance life cycle should r...; Question 520: For an organization considering two-factor authentication fo...; Question 521: Refer to the information below to answer the question. In a ...; Question 522: To prevent inadvertent disclosure of restricted information,...; Question 523: Which inherent password weakness does a One Time Password (O...; Question 524: Which of the following is the final phase of the identity an...; Question 525: A post-implementation review has identified that the Voice O...; Question 526: Which of the following could elicit a Denial of Service (DoS...; Question 527: To minimize the vulnerabilities of a web-based application, ...; Question 528: A system has been scanned for vulnerabilities and has been f...; Question 529: Which of the following is a common term for log reviews, syn...; Question 530: What do you think is the best way to secure a camera?...; Question 531: When developing a business case for updating a security prog...; Question 532: Which of the following is the MAIN reason that system re-cer...; Question 533: Which of the following is the BEST statement for a professio...; Question 534: Which of the following actions should be performed when impl...; Question 535: Which of the following uses the destination IP address to fo...; Question 536: For the purpose of classification, which of the following is...; Question 537: What is maintained by using write blocking devices whan fore...; Question 538: What does secure authentication with logging provide?...; Question 539: When conducting a security assessment of access controls , W...; Question 540: Refer to the information below to answer the question. A new...; Question 541: It is MOST important to perform which of the following to mi...; Question 542: Logical access control programs are MOST effective when they...; Question 543: A subscription service which provides power, climate control...; Question 544: A company is planning to implement a private cloud infrastru...; Question 545: Which of the following services can be deployed via a cloud ...; Question 546: The configuration management and control task of the certifi...; Question 547: Directive controls are a form of change management policy an...; Question 548: Which of the following is the MOST critical success factor i...; Question 549: What is the MOST effective method for gaining unauthorized a...; Question 550: Refer to the information below to answer the question. Durin...; Question 551: The application of a security patch to a product previously ...; Question 552: Which one of the following is the MOST important in designin...; Question 553: What is the BEST approach to addressing security issues in l...; 1 commentQuestion 554: Which of the following is part of a Trusted Platform Module ...; Question 555: The Chief Information Officer (CIO) has decided that as part...; Question 556: Which of the following questions can be answered using user ...; Question 557: Refer to the information below to answer the question. A lar...; Question 558: Which of the following is the MAIN difference between a netw...; Question 559: Which of the following findings would MOST likely indicate a...; Question 560: Which of the following media is least problematic with data ...; Question 561: At the destination host, which of the following OSI model la...; Question 562: Refer to the information below to answer the question. An or...; Question 563: Before implementing an internet-facing router, a network adm...; Question 564: Which of the following is the best practice for testing a Bu...; Question 565: What part of an organization's strategic risk assessment MOS...; Question 566: How does a Host Based Intrusion Detection System (HIDS) iden...; Question 567: Which of the following methods MOST efficiently manages user...; Question 568: A security practitioner is tasked with securing the organiza...; Question 569: The security organization is looking for a solution that cou...; Question 570: Which of the following authorization standards is built to h...; 1 commentQuestion 571: Which of the following is an important design feature for th...; Question 572: a large organization uses biometrics to allow access to its ...; Question 573: From an asset security perspective, what is the BEST counter...; Question 574: Which of the following value comparisons MOST accurately ref...; Question 575: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5...; Question 576: Which of the following MUST be in place to recognize a syste...; Question 577: Which of the following phases involves researching a target'...; Question 578: Which of the following is considered a secure coding practic...; Question 579: What is the FIRST step required in establishing a records re...; Question 580: Which of the following is true of Service Organization Contr...; Question 581: Which of the following disaster recovery test plans will be ...; Question 582: What is the MAIN purpose of conducting a business impact ana...; Question 583: Which security action should be taken FIRST when computer pe...; Question 584: A Java program is being developed to read a file from comput...; Question 585: Which of the following attributes could be used to describe ...; Question 586: Which of the following are effective countermeasures against...; Question 587: Which of the following describes the order in which a digita...; Question 588: An organization is trying to secure instant messaging (IM) c...; Question 589: What type of test assesses a Disaster Recovery (DR) plan usi...; Question 590: Which of the following is the MOST effective way to ensure t...; Question 591: Which of the following is the MOST effective method of mitig...; Question 592: In Disaster Recovery (DR) and business continuity training, ...; Question 593: Which of the following is an effective method for avoiding m...; Question 594: The threat modeling identifies a man-in-the-middle (MITM) ex...; Question 595: Which of the following MUST the administrator of a security ...; Question 596: A hospital has allowed virtual private networking (VPN) acce...; Question 597: When determining data and information asset handling, regard...; Question 598: The FIRST step in building a firewall is to...; Question 599: The security team plans on using automated account reconcili...; Question 600: Which of the following types of security testing is the MOST...; Question 601: Within the company, desktop clients receive Internet Protoco...; Question 602: Which of the following assessment metrics is BEST used to un...

Question 426/602

LEAVE A REPLY

Download PDF File