CISSP Exam Dumps | Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?

<< Prev Question Next Question >>

Question 49/602

Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?

A. Investigate, Evaluate, Respond, Monitor

B. Frame, Assess, Respond, Monitor

C. Frame, Assess, Remediate, Monitor

D. Investigate, Assess, Remediate, Monitor

Correct Answer: B

Third-party vendors are external entities that provide products or services to an organization, such as suppliers, contractors, consultants, or partners. Third-party vendors can pose various risks to the organization, such as security breaches, compliance violations, service disruptions, or reputational damage. Therefore, the organization should conduct a third-party risk management (TPRM) process to identify, assess, mitigate, and monitor the risks associated with third-party vendors. The TPRM process consists of four iterative steps that are conducted on third-party vendors in an on-going basis. The steps are:
Frame: This step involves defining the scope, objectives, and governance of the TPRM process, as well as establishing the criteria and thresholds for risk assessment and acceptance.
Assess: This step involves collecting and analyzing information about the third-party vendors, such as their security policies, controls, practices, certifications, and performance, to evaluate their risk profile and compliance status.
Respond: This step involves developing and implementing strategies and actions to address the risks identified in the assessment step, such as negotiating contracts, enforcing service level agreements, applying controls, conducting audits, or terminating relationships.
Monitor: This step involves tracking and reviewing the performance and risk posture of the third-party vendors on a regular basis, as well as updating the TPRM process as needed to reflect changes in the business environment, regulatory requirements, or risk appetite.
Therefore, the correct answer is B. The other options are incorrect because they do not include all the steps of the TPRM process or use different terms that are not consistent with the TPRM framework. References:
Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1: Security and Risk Management, Section:
Third-Party Risk Management; CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security Governance Through Principles and Policies, Section: Third-Party Governance.

Question List (602q): Question 1: If an employee transfers from one role to another, which of ...; Question 2: Management has decided that a core application will be used ...; Question 3: Which of the following is the BEST method a security practit...; Question 4: Which of the following is a canon of the (ISC)2 Code of Ethi...; Question 5: A client server infrastructure that provides user-to-server ...; Question 6: A security engineer is required to integrate security into a...; Question 7: What is the MOST effective way to protect privacy?...; Question 8: Which of the following could be considered the MOST signific...; Question 9: What determines the level of security of a combination lock?...; Question 10: What is the PRIMARY goal of fault tolerance?...; Question 11: Which of the following is the MOST secure password technique...; Question 12: A customer continues to experience attacks on their email, w...; Question 13: Which attack defines a piece of code that is inserted into s...; Question 14: Who should formulate conclusions from a particular digital f...; Question 15: Which of the following BEST describes the responsibilities o...; Question 16: Which of the following is included in the Global System for ...; Question 17: Multi-threaded applications are more at risk than single-thr...; Question 18: An organization is designing a large enterprise-wide documen...; Question 19: Order the below steps to create an effective vulnerability m...; Question 20: Which of the fallowing statements is MOST accurate regarding...; Question 21: Which of the following is a security limitation of File Tran...; Question 22: Which of the following measures serves as the BEST means for...; Question 23: A large bank deploys hardware tokens to all customers that u...; Question 24: Which of the following protection is provided when using a V...; Question 25: A security professional has been asked to evaluate the optio...; Question 26: Which of the following actions should be undertaken prior to...; Question 27: Match the access control type to the example of the control ...; Question 28: An attacker is able to remain indefinitely logged into a exp...; Question 29: What is the FINAL step in the waterfall method for contingen...; Question 30: Which of the following is the PRIMARY benefit of a formalize...; Question 31: Which of the following is the MAIN reason for using configur...; Question 32: Which of the following techniques evaluates the secure Bet p...; Question 33: Which of the following is the PRIMARY consideration when det...; Question 34: Which of the following is the MOST significant key managemen...; Question 35: Which of the following is performed to determine a measure o...; Question 36: What would be the BEST action to take in a situation where c...; Question 37: Which of the following addresses requirements of security as...; Question 38: What is the PRIMARY advantage of using automated application...; Question 39: Which security service is served by the process of encryptio...; Question 40: In the common criteria (CC) for information technology (IT) ...; Question 41: When a flaw in Industrial control (ICS) software is discover...; Question 42: A security engineer is designing a Customer Relationship Man...; Question 43: When designing a networked Information System (IS) where the...; Question 44: Which of the following BEST describes the purpose of perform...; Question 45: An organization publishes and periodically updates its emplo...; Question 46: A software development company has a short timeline in which...; Question 47: An organization is selecting a service provider to assist in...; Question 48: A recent security audit is reporting several unsuccessful lo...; Question 49: Which of the following four iterative steps are conducted on...; Question 50: When using Security Assertion markup language (SAML), it is ...; Question 51: During a fingerprint verification process, which of the foll...; Question 52: Which of the following is an advantage of on premise Credent...; Question 53: Which reporting type requires a service organization to desc...; Question 54: The Hardware Abstraction Layer (HAL) is implemented in the...; Question 55: An organization's retail website provides its only source of...; Question 56: The Chief Information Security Officer (CISO) of a small org...; Question 57: Refer to the information below to answer the question. An or...; Question 58: An organization that has achieved a Capability Maturity mode...; Question 59: A hacker can use a lockout capability to start which of the ...; Question 60: Which of the following is an important requirement when desi...; Question 61: What is the MOST important consideration from a data securit...; Question 62: Which of the following protects personally identifiable info...; Question 63: A technician wants to install a WAP in the center of a room ...; Question 64: Which of the following is an open standard for exchanging au...; Question 65: The Industrial Control System (ICS) Computer Emergency Respo...; Question 66: Which of the following is a BEST practice when traveling int...; Question 67: Which of the following statements is TRUE of black box testi...; Question 68: A security engineer is assigned to work with the patch and v...; Question 69: Which of the following is a MAJOR concern when there is a ne...; Question 70: What security management control is MOST often broken by col...; Question 71: A new Chief Information Officer (CIO) created a group to wri...; Question 72: Are companies legally required to report all data breaches?...; Question 73: The security team has been tasked with performing an interfa...; Question 74: An organization has developed a way for customers to share i...; Question 75: Which of the following is a potential risk when a program ru...; Question 76: When configuring Extensible Authentication Protocol (EAP) in...; Question 77: What is the BEST design for securing physical perimeter prot...; Question 78: Which of the following is a term used to describe maintainin...; Question 79: During a recent assessment an organization has discovered th...; Question 80: What is the PRIMARY consideration when testing industrial co...; Question 81: What testing technique enables the designer to develop mitig...; Question 82: A security practitioner needs to implementation solution to ...; Question 83: Which of the following is a PRIMARY advantage of using a thi...; Question 84: Which of the following command line tools can be used in the...; Question 85: Which type of test suite should be run for fast feedback dur...; Question 86: Which of the following goals represents a modern shift in ri...; Question 87: Which of the following statements is TRUE for point-to-point...; Question 88: Which of the following BEST describes an access control meth...; Question 89: Which of the following is the BEST Identity-as-a-Service (ID...; Question 90: What is the correct order of steps in an information securit...; Question 91: Disaster Recovery Plan (DRP) training material should be...; Question 92: Which of the following is the MOST beneficial to review when...; Question 93: Which of the following BEST obtains an objective audit of se...; Question 94: An organization is planning to have an it audit of its as a ...; Question 95: A network scan found 50% of the systems with one or more cri...; Question 96: Which of the following is the MOST important reason for usin...; Question 97: Which of the following would BEST support effective testing ...; Question 98: Which of the following is the primary advantage of segmentin...; Question 99: Which of the following will an organization's network vulner...; Question 100: When developing an organization's information security budge...; Question 101: What documentation is produced FIRST when performing an effe...; Question 102: Which of the following is a direct monetary cost of a securi...; Question 103: Which of the following is the BEST identity-as-a-service (ID...; Question 104: An organization is implementing data encryption using symmet...; Question 105: Which of the following problems is not addressed by using OA...; Question 106: When recovering from an outage, what is the Recovery Point O...; Question 107: In the last 15 years a company has experienced three electri...; Question 108: Which of the following is used to support the concept of def...; Question 109: Network-based logging has which advantage over host-based lo...; Question 110: An external attacker has compromised an organization's netwo...; Question 111: What should be the INITIAL response to Intrusion Detection S...; Question 112: Which of the following is the BEST way to mitigate circumven...; Question 113: When designing a new Voice over Internet Protocol (VoIP) net...; Question 114: The World Trade Organization's (WTO) agreement on Trade-Rela...; Question 115: A disadvantage of an application filtering firewall is that ...; Question 116: Which of the following outsourcing agreement provisions has ...; Question 117: A vulnerability test on an Information System (IS) is conduc...; Question 118: What is considered the BEST explanation when determining whe...; Question 119: Internet Protocol (IP) source address spoofing is used to de...; Question 120: Which of the following entails identification of data end li...; Question 121: A company has decided that they need to begin maintaining as...; Question 122: Which of the following is the PRIMARY reason to perform regu...; Question 123: Refer to the information below to answer the question. An or...; Question 124: Which type of fire alarm system sensor is intended to detect...; Question 125: Which of the following is an effective control in preventing...; Question 126: An organization has determined that its previous waterfall a...; Question 127: Which of the following roles has the obligation to ensure th...; Question 128: Which of the following MOST influences the design of the org...; Question 129: Which of the following BEST describes the objectives of the ...; Question 130: The Structured Query Language (SQL) implements Discretionary...; Question 131: What is the MOST important criterion that needs to be adhere...; Question 132: In a large company, a system administrator needs to assign u...; Question 133: Reciprocal backup site agreements are considered to be...; Question 134: An Internet media company produces and broadcasts highly pop...; Question 135: The existence of physical barriers, card and personal identi...; Question 136: Vulnerability scanners may allow for the administrator to as...; Question 137: Which of the following types of technologies would be the MO...; Question 138: Which area of embedded devices are most commonly attacked?...; Question 139: A digitally-signed e-mail was delivered over a wireless netw...; Question 140: Which of the following provides the BEST method to verify th...; Question 141: When using Generic Routing Encapsulation (GRE) tunneling ove...; Question 142: Which of the following methods can be used to achieve confid...; Question 143: While reviewing the financial reporting risks of a third-par...; Question 144: Between which pair of Open System Interconnection (OSI) Refe...; Question 145: Which of the following mandates the amount and complexity of...; Question 146: Which of the following elements MUST a compliant EU-US Safe ...; Question 147: Which of the following BEST describes botnets?...; Question 148: Which of the following is a method used to prevent Structure...; Question 149: What security risk does the role-based access approach mitig...; Question 150: An organization has a short-term agreement with a public Clo...; Question 151: Which of the following countermeasures is the MOST effective...; Question 152: Which one of the following BEST protects vendor accounts tha...; Question 153: Which of the following is the name of an individual or group...; Question 154: An organization implements a remote access server (RAS), Onc...; Question 155: All hosts on the network are sending logs via syslog-ng to t...; Question 156: Which of the following is used by the Point-to-Point Protoco...; Question 157: Which of the following BEST describes centralized identity m...; Question 158: A security consultant has been asked to research an organiza...; Question 159: What is the MINIMUM standard for testing a disaster recovery...; Question 160: Which of the following is the MOST important consideration t...; Question 161: By allowing storage communications to run on top of Transmis...; Question 162: Which of the following is MOST effective in detecting inform...; Question 163: If an attacker in a SYN flood attack uses someone else's val...; Question 164: Match the objectives to the assessment questions in the gove...; Question 165: Which of the following technologies would provide the BEST a...; Question 166: When assessing the audit capability of an application, which...; Question 167: Which is the second phase of public key Infrastructure (pk1)...; Question 168: Knowing the language in which an encrypted message was origi...; Question 169: Who has the PRIMARY responsibility to ensure that security o...; Question 170: Which of the following should be included in a good defense-...; Question 171: Why is data classification control important to an organizat...; Question 172: A security architect is developing an information system for...; Question 173: Which of the following needs to be tested to achieve a Cat 6...; Question 174: The security organization is loading for a solution that cou...; Question 175: Which of the following are core categories of malicious atta...; Question 176: The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for...; Question 177: Which is MOST important when negotiating an Internet service...; Question 178: When determining who can accept the risk associated with a v...; Question 179: Which of the following is the BEST approach to implement mul...; Question 180: copyright provides protection for which of the following?...; Question 181: Match the functional roles in an external audit to their res...; Question 182: Which of the following could cause a Denial of Service (DoS)...; Question 183: An organization implements Network Access Control (NAC) ay I...; Question 184: What is the overall goal of software security testing?...; Question 185: When defining a set of security controls to mitigate a risk,...; Question 186: Which of the following routing protocols is used to exchange...; Question 187: Which of the following is a characteristic of an internal au...; Question 188: Utilizing a public wireless Local Area network (WLAN) to con...; Question 189: Before allowing a web application into the production enviro...; Question 190: The security accreditation task of the System Development Li...; Question 191: Which of the following entails identification of data and li...; Question 192: Limiting the processor, memory, and Input/output (I/O) capab...; Question 193: Which of the following is TRUE about Disaster Recovery Plan ...; Question 194: Which software defined networking (SDN) architectural compon...; Question 195: A software scanner identifies a region within a binary image...; Question 196: Which of the following is the PRIMARY type of cryptography r...; Question 197: Assessing a third party's risk by counting bugs in the code ...; Question 198: Which of the following is the BEST approach to take in order...; Question 199: Which of the following is the BEST way to determine the succ...; Question 200: Which of the following is a unique feature of attribute-base...; Question 201: Which of the following is required to determine classificati...; Question 202: Which of the following MUST system and database administrato...; Question 203: From a security perspective, which of the following assumpti...; Question 204: Which of the following initiates the systems recovery phase ...; Question 205: Which of the following is needed to securely distribute symm...; Question 206: Additional padding may be added to toe Encapsulating Securit...; Question 207: Which of the following describes the BEST configuration mana...; Question 208: If virus infection is suspected, which of the following is t...; Question 209: Which of the following are important criteria when designing...; Question 210: Which of the following is fundamentally required to address ...; Question 211: When is security personnel involvement in the Systems Develo...; Question 212: Which of the following is the MAIN goal of a data retention ...; Question 213: A small office is running WiFi 4 APs, and neighboring office...; Question 214: Which of the following types of web-based attack is happenin...; Question 215: Upon commencement of an audit within an organization, which ...; Question 216: What is the MOST effective countermeasure to a malicious cod...; Question 217: A Business Continuity Plan (BCP) is based on...; Question 218: Which type of disaster recovery plan (DRP) testing carries t...; Question 219: In a High Availability (HA) environment, what is the PRIMARY...; Question 220: For a federated identity solution, a third-party Identity Pr...; Question 221: Which component of the Security Content Automation Protocol ...; Question 222: As part of the security assessment plan, the security profes...; Question 223: Which of the following initiates the system recovery phase o...; Question 224: International bodies established a regulatory scheme that de...; Question 225: What is the difference between media marking and media label...; Question 226: Information security practitioners are in the midst of imple...; Question 227: When telephones in a city are connected by a single exchange...; Question 228: A software engineer uses automated tools to review applicati...; Question 229: In general, servers that are facing the Internet should be p...; Question 230: Digital certificates used transport Layer security (TLS) sup...; Question 231: A cloud service provider requires its customer organizations...; Question 232: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunn...; Question 233: Which one of these risk factors would be the LEAST important...; Question 234: If the wide area network (WAN) is supporting converged appli...; Question 235: The disaster recovery (DR) process should always include...; Question 236: A security professional has reviewed a recent site assessmen...; Question 237: Which item below is a federated identity standard?...; Question 238: What is the MOST important factor in establishing an effecti...; Question 239: The Chief Information Security Officer (CISO) is concerned a...; Question 240: Which of the following adds end-to-end security inside a Lay...; Question 241: How does identity as a service (IDaaS) provide an easy mecha...; Question 242: Which of the following BEST describes the use of network arc...; Question 243: Which layer of the Open Systems Interconnections (OSI) model...; Question 244: Which of the following in the BEST way to reduce the impact ...; Question 245: Place the following information classification steps in sequ...; Question 246: Which of the following is BEST suited for exchanging authent...; Question 247: An organization recently upgraded to a Voice over Internet P...; Question 248: In order to assure authenticity, which of the following are ...; Question 249: Refer to the information below to answer the question. An or...; Question 250: Which security access policy contains fixed security attribu...; Question 251: According to the (ISC)? ethics canon "act honorably, honestl...; Question 252: Which of the following is the BEST method to validate secure...; Question 253: A company-wide penetration test result shows customers could...; Question 254: Which of the following would be considered an incident if re...; Question 255: A web developer is completing a new web application security...; Question 256: What should be used to determine the risks associated with u...; Question 257: What is the most effective form of media sanitization to ens...; Question 258: Which Radio Frequency Interference (RFI) phenomenon associat...; Question 259: In the area of disaster planning and recovery, what strategy...; Question 260: Which of the following BEST describes the standard used to e...; Question 261: Which of the following provides effective management assuran...; Question 262: Which of the following is the MOST important consideration w...; Question 263: Which of the following is the PRIMARY risk with using open s...; Question 264: Who is responsible for the protection of information when it...; Question 265: Sensitive customer data is going to be added to a database. ...; Question 266: A security architect is responsible for the protection of a ...; Question 267: A corporate security policy specifies that all devices on th...; Question 268: In systems security engineering, what does the security prin...; Question 269: Which of the following analyses is performed to protect info...; Question 270: Clothing retailer employees are provisioned with user accoun...; Question 271: Which of the following is the MAIN benefit of off-site stora...; Question 272: Which of the following is the PRIMARY security consideration...; Question 273: The MAIN task of promoting security for Personal Computers (...; Question 274: The restoration priorities of a Disaster Recovery Plan (DRP)...; Question 275: When network management is outsourced to third parties, whic...; Question 276: Which of the following is the MOST effective preventative me...; Question 277: Which of the following is the MOST important consideration i...; Question 278: Which security approach will BEST minimize Personally Identi...; Question 279: In which order, from MOST to LEAST impacted, does user aware...; Question 280: Multi-Factor Authentication (MFA) is necessary in many syste...; Question 281: Rank the Hypertext Transfer protocol (HTTP) authentication t...; Question 282: The amount of data that will be collected during an audit is...; Question 283: Which of the following virtual network configuration options...; Question 284: Which of the following is the BEST technique to facilitate s...; Question 285: In the "Do" phase of the Plan-Do-Check-Act model, which of t...; Question 286: Which of the following restricts the ability of an individua...; Question 287: Which of the following is a secure design principle for a ne...; Question 288: How is Remote Authentication Dial-In User Service (RADIUS) a...; Question 289: Which of the following provides the MOST protection against ...; Question 290: What is the FIRST step in risk management?...; Question 291: Which of the following job functions MUST be separated to ma...; Question 292: Which of the following is the MOST effective method of detec...; Question 293: An engineer notices some late collisions on a half-duplex li...; Question 294: The European Union (EU) General Data Protection Regulation (...; Question 295: Which of the following are mandatory canons for the (ISC)* C...; Question 296: How can an attacker exploit overflow to execute arbitrary co...; Question 297: Which of the following MUST an organization do to effectivel...; Question 298: Which of the following is critical for establishing an initi...; Question 299: Which of the following trust services principles refers to t...; Question 300: Which of the following is BEST achieved through the use of e...; Question 301: Which of the following phases in the software acquisition pr...; Question 302: With data labeling, which of the following MUST be the key d...; Question 303: Which of the following statements is TRUE regarding value bo...; Question 304: With what frequency should monitoring of a control occur whe...; Question 305: Why is planning the MOST critical phase of a Role Based Acce...; Question 306: The application of which of the following standards would BE...; Question 307: In a basic SYN flood attack, what is the attacker attempting...; Question 308: Which of the following security tools will ensure authorized...; Question 309: If an identification process using a biometric system detect...; Question 310: What type of investigation applies when malicious behavior i...; Question 311: The PRIMARY purpose of accreditation is to:...; Question 312: Who is essential for developing effective test scenarios for...; Question 313: Which of the following is the FIRST step for defining Servic...; Question 314: Which of the following is held accountable for the risk to o...; Question 315: How can a forensic specialist exclude from examination a lar...; Question 316: A security professional can BEST mitigate the risk of using ...; Question 317: Who is accountable for the information within an Information...; Question 318: The acquisition of personal data being obtained by a lawful ...; Question 319: Which of the following is a responsibility of the informatio...; Question 320: In setting expectations when reviewing the results of a secu...; Question 321: Which section of the assessment report addresses separate vu...; Question 322: During a Disaster Recovery (DR) simu-lation, it is discovere...; Question 323: Which of the following features is MOST effective in mitigat...; Question 324: Which of the following is a characteristic of the initializa...; Question 325: How long should the records on a project be retained?...; Question 326: What is the PRIMARY objective of an application security ass...; Question 327: An organization has requested storage area network (SAN) dis...; Question 328: What is the MAIN objective of risk analysis in Disaster Reco...; Question 329: As one component of a physical security system, an Electroni...; Question 330: An organization recently conducted a review of the security ...; Question 331: What should an auditor do when conducting a periodic audit o...; Question 332: Which Web Services Security (WS-Security) specification main...; Question 333: Which of the following is the BEST definition of Cross-Site ...; Question 334: Which of the following is a recommended alternative to an in...; Question 335: Which of the following techniques evaluates the secure desig...; Question 336: Which of the following is the MOST comprehensive Business Co...; Question 337: Which of the following is the MOST important element of chan...; Question 338: What is the FIRST step for an organization to take before al...; Question 339: A company hired an external vendor to perform a penetration ...; Question 340: Given a file containing ordered number, i.e. "123456789," ma...; Question 341: A security practitioner has been tasked with establishing or...; Question 342: What does the term "100-year floodplain" mean to emergency p...; Question 343: What is a characteristic of Secure Socket Layer (SSL) and Tr...; Question 344: Which of the following frameworks provides vulnerability met...; Question 345: What type of access control determines the authorization to ...; Question 346: Activity to baseline, tailor, and scope security controls ti...; Question 347: The MAIN purpose of placing a tamper seal on a computer syst...; Question 348: The PRIMARY outcome of a certification process is that it pr...; Question 349: A security architect is reviewing plans for an application w...; Question 350: Which of the following is the BIGGEST weakness when using na...; Question 351: In which of the following scenarios is locking server cabine...; Question 352: What is the MOST effective response to a hacker who has alre...; Question 353: Who should perform the design review to uncover security des...; Question 354: An organization has discovered that users are visiting unaut...; Question 355: Which of the following is the BEST way to protect against St...; Question 356: Which of the following protocols will allow the encrypted tr...; Question 357: Which of the following is used to ensure that data mining ac...; Question 358: Which combination of cryptographic algorithms are compliant ...; Question 359: In which identity management process is the subject's identi...; Question 360: Which is the RECOMMENDED configuration mode for sensors for ...; Question 361: A software development company found odd behavior in some re...; Question 362: An organization is required to comply with the Payment Card ...; Question 363: When reviewing vendor certifications for handling and proces...; Question 364: Which technology is a prerequisite for populating the cloud-...; Question 365: What type of risk is related to the sequences of value-addin...; Question 366: A client has reviewed a vulnerability assessment report and ...; Question 367: An organization has discovered that organizational data is p...; Question 368: Which of the following features is MOST effective in mitigat...; Question 369: Which of the following is the MOST difficult to enforce when...; Question 370: A network administrator is configuring a database server and...; Question 371: Which one of the following considerations has the LEAST impa...; Question 372: Which of the following are all elements of a disaster recove...; Question 373: Once the types of information have been identified, who shou...; Question 374: Which of the following types of hosts should be operating in...; Question 375: Physical Access Control Systems (PACS) allow authorized secu...; Question 376: Assuming an individual has taken all of the steps to keep th...; Question 377: Which of the following is the MOST effective strategy to pre...; Question 378: Which of the following is the BEST approach for a forensic e...; Question 379: As part of an application penetration testing process, sessi...; Question 380: Which of the following is the BEST method a security practit...; Question 381: When dealing with compliance with the Payment Card Industry-...; Question 382: The use of strong authentication, the encryption of Personal...; Question 383: Asymmetric algorithms are used for which of the following wh...; Question 384: During which of the following processes is least privilege i...; Question 385: What principle requires that changes to the plaintext affect...; Question 386: Which of the following prevents improper aggregation of priv...; Question 387: What component of a web application that stores the session ...; Question 388: During an investigation of database theft from an organizati...; Question 389: At what stage of the Software Development Life Cycle (SDLC) ...; Question 390: An international medical organization with headquarters in t...; Question 391: Digital certificates used in Transport Layer Security (TLS) ...; Question 392: A database administrator is asked by a high-ranking member o...; Question 393: Which of the following is MOST critical in a contract in a c...; Question 394: Which of the following MUST be considered when developing bu...; Question 395: Which evidence collecting technique would be utilized when i...; Question 396: Which would result in the GREATEST import following a breach...; Question 397: When transmitting information over public networks, the deci...; Question 398: An organization has implemented a new backup process which p...; Question 399: When should an application invoke re-authentication in addit...; Question 400: In which process MUST security be considered during the acqu...; Question 401: A company whose Information Technology (IT) services are bei...; Question 402: When developing solutions for mobile devices, in which phase...; Question 403: Which technique can be used to make an encryption scheme mor...; Question 404: What action should be taken by a business line that is unwil...; Question 405: Which of the following provides the minimum set of privilege...; Question 406: What is the FIRST step prior to executing a test of an organ...; Question 407: The Secure Shell (SSH) version 2 protocol supports....; Question 408: What should be the FIRST action for a security administrator...; Question 409: Which of the following examples is BEST to minimize the atta...; Question 410: Additional padding may be added to the Encapsulating securit...; Question 411: Which of the following is a security weakness in the evaluat...; Question 412: Which of the following is an accurate statement when an asse...; Question 413: A database server for a financial application is scheduled f...; Question 414: Which of the following is the BEST way to protect against st...; Question 415: What technique used for spoofing the origin of an email can ...; Question 416: As a security manger which of the following is the MOST effe...; Question 417: Which of the following is a PRIMARY challenge when running a...; Question 418: A security analyst for a large financial institution is revi...; Question 419: A company is attempting to enhance the security of its user ...; Question 420: Which of the following is a remote access protocol that uses...; Question 421: Which of the following is the FIRST step in the incident res...; Question 422: Which of the following is an initial consideration when deve...; Question 423: Refer to the information below to answer the question. An or...; Question 424: What is the MOST appropriate hierarchy of documents when imp...; Question 425: Who in the organization is accountable for classification of...; Question 426: When dealing with shared, privilaged accounts, especially th...; Question 427: During the risk assessment phase of the project the CISO dis...; Question 428: If a content management system (CSM) is implemented, which o...; Question 429: What is the process of removing sensitive data from a system...; Question 430: Access to which of the following is required to validate web...; Question 431: A Chief Information Security Officer (CISO) of a firm which ...; Question 432: Which of the following attacks is dependent upon the comprom...; Question 433: Computer forensics require which of the following are MAIN s...; Question 434: In order for a security policy to be effective within an org...; Question 435: An Information Technology (IT) professional attends a cybers...; Question 436: What is the BEST way to establish identity over the internet...; Question 437: In a data classification scheme, the data is owned by the...; Question 438: Which of the following BEST describes the responsibilities o...; Question 439: Which of the following is a common measure within a Local Ar...; Question 440: Which of the following is the BEST way to protect an organiz...; Question 441: The PRIMARY characteristic of a Distributed Denial of Servic...; Question 442: Which of the following is an indicator that a company's new ...; Question 443: An internal Service Level Agreement (SLA) covering security ...; Question 444: A mobile device application that restricts the storage of us...; Question 445: Refer to the information below to answer the question. Durin...; Question 446: Which of the following BEST represents the concept of least ...; Question 447: What is the PRIMARY purpose for an organization to conduct a...; Question 448: Recovery strategies of a Disaster Recovery planning (DRIP) M...; Question 449: Which of the following would an attacker BEST be able to acc...; Question 450: A cybersecurity engineer has been tasked to research and imp...; Question 451: Who would be the BEST person to approve an organizations inf...; Question 452: Which of the following is a limitation of the Common Vulnera...; Question 453: Which of the following are required components for implement...; Question 454: Which of the following is the top barrier for companies to a...; Question 455: Which of the following is the MOST appropriate action when r...; Question 456: A manager identified two conflicting sensitive user function...; Question 457: When reviewing the security logs, the password shown for an ...; Question 458: "Stateful" differs from "Static" packet filtering firewalls ...; Question 459: Which of the following is the BEST method to reduce the effe...; Question 460: In addition to life, protection of which of the following el...; Question 461: Which of the following is the BEST defense against password ...; Question 462: A user's credential for an application is stored in a relati...; Question 463: Secure coding can be developed by applying which one of the ...; Question 464: Which of the following is established to collect information...; Question 465: An Intrusion Detection System (IDS) is based on the general ...; Question 466: A security manager has noticed an inconsistent application o...; Question 467: An attack utilizing social engineering and a malicious Unifo...; Question 468: Which of the following is a common characteristic of privacy...; Question 469: Which programming methodology allows a programmer to use pre...; Question 470: A security professional has been assigned to assess a web ap...; Question 471: Which of the following is an example of a vulnerability of f...; Question 472: Which of the following MUST a security professional do in or...; Question 473: In which of the following programs is it MOST important to i...; Question 474: Which of the following is used to detect steganography?...; Question 475: Which of the following BEST describes a rogue Access Point (...; Question 476: Which of the following roles is responsible for ensuring tha...; Question 477: Which of the following BEST describes why software assurance...; Question 478: Which of the following is an authentication protocol in whic...; Question 479: An attacker has intruded into the source code management sys...; Question 480: A user sends an e-mail request asking for read-only access t...; Question 481: A user downloads a file from the Internet, then applies the ...; Question 482: What type of database attack would allow a customer service ...; Question 483: Which of the following actions should be taken by a security...; Question 484: Which of the following mechanisms will BEST prevent a Cross-...; Question 485: An information security professional is reviewing user acces...; Question 486: When designing a vulnerability test, which one of the follow...; Question 487: According to the Capability Maturity Model Integration (CMMI...; Question 488: Information Security Continuous Monitoring (1SCM) is defined...; Question 489: The Chief Information Security Officer (CISO) of an organiza...; Question 490: What is the PRIMARY reason for ethics awareness and related ...; Question 491: Which is the BEST control to meet the Statement on Standards...; Question 492: Which change management role is responsible for the overall ...; Question 493: A corporation does not have a formal data destruction policy...; Question 494: Which of the following vulnerability assessment activities B...; Question 495: Which of the following is a common feature of an Identity as...; Question 496: When developing the entitlement review process, which of the...; Question 497: What is the term used to define where data is geographically...; Question 498: A company wants to store data related to users on an offsite...; Question 499: In Identity Management (IdM), when is the verification stage...; Question 500: A vehicle of a private courier company that transports backu...; Question 501: An audit of an application reveals that the current configur...; Question 502: Which of the following practices provides the development te...; Question 503: How should an organization determine the priority of its rem...; Question 504: Which of the following processes has the PRIMARY purpose of ...; Question 505: Which of the following is of GREATEST assistance to auditors...; Question 506: Which of the following is the MOST common use of the Online ...; Question 507: Which of the following contributes MOST to the effectiveness...; Question 508: A Certified Information Systems Security Professional (CISSP...; Question 509: The BEST way to check for good security programming practice...; Question 510: A software developer wishes to write code that will execute ...; Question 511: What is the benefit of an operating system (OS) feature that...; Question 512: Which one of the following would cause an immediate review a...; Question 513: An employee receives a promotion that entities them to acces...; Question 514: While dealing with the consequences of a security incident, ...; Question 515: The implementation of which features of an identity manageme...; Question 516: What is the BEST location in a network to place Virtual Priv...; Question 517: Which of the following open source software issues pose the ...; Question 518: Individuals have been identified and determined as having a ...; Question 519: At which phase of the software assurance life cycle should r...; Question 520: For an organization considering two-factor authentication fo...; Question 521: Refer to the information below to answer the question. In a ...; Question 522: To prevent inadvertent disclosure of restricted information,...; Question 523: Which inherent password weakness does a One Time Password (O...; Question 524: Which of the following is the final phase of the identity an...; Question 525: A post-implementation review has identified that the Voice O...; Question 526: Which of the following could elicit a Denial of Service (DoS...; Question 527: To minimize the vulnerabilities of a web-based application, ...; Question 528: A system has been scanned for vulnerabilities and has been f...; Question 529: Which of the following is a common term for log reviews, syn...; Question 530: What do you think is the best way to secure a camera?...; Question 531: When developing a business case for updating a security prog...; Question 532: Which of the following is the MAIN reason that system re-cer...; Question 533: Which of the following is the BEST statement for a professio...; Question 534: Which of the following actions should be performed when impl...; Question 535: Which of the following uses the destination IP address to fo...; Question 536: For the purpose of classification, which of the following is...; Question 537: What is maintained by using write blocking devices whan fore...; Question 538: What does secure authentication with logging provide?...; Question 539: When conducting a security assessment of access controls , W...; Question 540: Refer to the information below to answer the question. A new...; Question 541: It is MOST important to perform which of the following to mi...; Question 542: Logical access control programs are MOST effective when they...; Question 543: A subscription service which provides power, climate control...; Question 544: A company is planning to implement a private cloud infrastru...; Question 545: Which of the following services can be deployed via a cloud ...; Question 546: The configuration management and control task of the certifi...; Question 547: Directive controls are a form of change management policy an...; Question 548: Which of the following is the MOST critical success factor i...; Question 549: What is the MOST effective method for gaining unauthorized a...; Question 550: Refer to the information below to answer the question. Durin...; Question 551: The application of a security patch to a product previously ...; Question 552: Which one of the following is the MOST important in designin...; Question 553: What is the BEST approach to addressing security issues in l...; 1 commentQuestion 554: Which of the following is part of a Trusted Platform Module ...; Question 555: The Chief Information Officer (CIO) has decided that as part...; Question 556: Which of the following questions can be answered using user ...; Question 557: Refer to the information below to answer the question. A lar...; Question 558: Which of the following is the MAIN difference between a netw...; Question 559: Which of the following findings would MOST likely indicate a...; Question 560: Which of the following media is least problematic with data ...; Question 561: At the destination host, which of the following OSI model la...; Question 562: Refer to the information below to answer the question. An or...; Question 563: Before implementing an internet-facing router, a network adm...; Question 564: Which of the following is the best practice for testing a Bu...; Question 565: What part of an organization's strategic risk assessment MOS...; Question 566: How does a Host Based Intrusion Detection System (HIDS) iden...; Question 567: Which of the following methods MOST efficiently manages user...; Question 568: A security practitioner is tasked with securing the organiza...; Question 569: The security organization is looking for a solution that cou...; Question 570: Which of the following authorization standards is built to h...; 1 commentQuestion 571: Which of the following is an important design feature for th...; Question 572: a large organization uses biometrics to allow access to its ...; Question 573: From an asset security perspective, what is the BEST counter...; Question 574: Which of the following value comparisons MOST accurately ref...; Question 575: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5...; Question 576: Which of the following MUST be in place to recognize a syste...; Question 577: Which of the following phases involves researching a target'...; Question 578: Which of the following is considered a secure coding practic...; Question 579: What is the FIRST step required in establishing a records re...; Question 580: Which of the following is true of Service Organization Contr...; Question 581: Which of the following disaster recovery test plans will be ...; Question 582: What is the MAIN purpose of conducting a business impact ana...; Question 583: Which security action should be taken FIRST when computer pe...; Question 584: A Java program is being developed to read a file from comput...; Question 585: Which of the following attributes could be used to describe ...; Question 586: Which of the following are effective countermeasures against...; Question 587: Which of the following describes the order in which a digita...; Question 588: An organization is trying to secure instant messaging (IM) c...; Question 589: What type of test assesses a Disaster Recovery (DR) plan usi...; Question 590: Which of the following is the MOST effective way to ensure t...; Question 591: Which of the following is the MOST effective method of mitig...; Question 592: In Disaster Recovery (DR) and business continuity training, ...; Question 593: Which of the following is an effective method for avoiding m...; Question 594: The threat modeling identifies a man-in-the-middle (MITM) ex...; Question 595: Which of the following MUST the administrator of a security ...; Question 596: A hospital has allowed virtual private networking (VPN) acce...; Question 597: When determining data and information asset handling, regard...; Question 598: The FIRST step in building a firewall is to...; Question 599: The security team plans on using automated account reconcili...; Question 600: Which of the following types of security testing is the MOST...; Question 601: Within the company, desktop clients receive Internet Protoco...; Question 602: Which of the following assessment metrics is BEST used to un...

Question 49/602

LEAVE A REPLY

Download PDF File