Proper study guides for Renovate ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 cissp book preparation products which designed to deliver the Validated cissp braindump questions by making you pass the cissp requirements test at your first time. Try the free cissp exam fee demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for ISC2 CISSP Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CISSP-exam-dumps.html
Q211. A security professional has been asked to evaluate the options for the location of a new data center within a multifloor.building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?
A. On the top floor
B. In the basement
C. In the core of the building
D. In an exterior room with windows
Answer: C
Q212. The application of which of the following standards would BEST reduce the potential for data breaches?
A. ISO 9000
B. ISO 20121
C. ISO 26000
D. ISO 27001
Answer: D
Q213. Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented
Answer: B
Q214. Which of the following are required components for implementing software configuration management systems?
A. Audit control and signoff
B. User training and acceptance
C. Rollback and recovery processes
D. Regression testing and evaluation
Answer: C
Q215. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?
A. The inherent risk is greater than the residual risk.
B. The Annualized Loss Expectancy (ALE) approaches zero.
C. The expected loss from the risk exceeds mitigation costs.
D. The infrastructure budget can easily cover the upgrade costs.
Answer: C
Q216. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
A. Trojan horse
B. Denial of Service (DoS)
C. Spoofing
D. Man-in-the-Middle (MITM)
Answer: A
Q217. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Answer: B
Q218. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
A. Maintaining an inventory of authorized Access Points (AP) and connecting devices B. Setting the radio frequency to the minimum range required
C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
D. Verifying that all default passwords have been changed
Answer: A
Q219. Retaining system logs for six months or longer can be valuable for what activities?.
A. Disaster recovery and business continuity
B. Forensics and incident response
C. Identity and authorization management
D. Physical and logical access control
Answer: B
Q220. An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
A. Application Manager
B. Database Administrator
C. Privacy Officer
D. Finance Manager
Answer: C