LibCat » Книги » Приключения » unrecognised » Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Здесь есть возможность читать онлайн «Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests
Автор:
Mike Chapple
Жанр:
unrecognised / на английском языке
Год:
неизвестен
ISBN:
нет данных
Рейтинг книги:
3 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 60
- 1
- 2
- 3
- 4
- 5

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Full-length practice tests covering all CISSP domains for the ultimate exam prep The
is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
Test your knowledge of the 2021 exam domains Identify areas in need of further study Gauge your progress throughout your exam preparation Practice test taking with Sybex’s online test environment containing the questions from the book The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

57 James is conducting a risk assessment for his organization and is attempting to assign an asset value to the servers in his data center. The organization's primary concern is ensuring that it has sufficient funds available to rebuild the data center in the event it is damaged or destroyed. Which one of the following asset valuation methods would be most appropriate in this situation?Purchase costDepreciated costReplacement costOpportunity cost

58 Roger's organization suffered a breach of customer credit card records. Under the terms of PCI DSS, what organization may choose to pursue an investigation of this matter?FBILocal law enforcementBankPCI SSC

59 Rick recently engaged critical employees in each of his organization's business units to ask for their assistance with his security awareness program. They will be responsible for sharing security messages with their peers and answering questions about cybersecurity matters. What term best describes this relationship?Security championSecurity expert GamificationPeer review

60 Frank discovers a keylogger hidden on the laptop of his company's chief executive officer. What information security principle is the keylogger most likely designed to disrupt?ConfidentialityIntegrityAvailabilityDenial

61 Elise is helping her organization prepare to evaluate and adopt a new cloud-based human resource management (HRM) system vendor. What would be the most appropriate minimum security standard for her to require of possible vendors?Compliance with all laws and regulationsHandling information in the same manner the organization wouldElimination of all identified security risksCompliance with the vendor's own policies

62 The following graphic shows the NIST risk management framework with step 4 missing. What is the missing step?Assess security controls.Determine control gaps. Remediate control gaps.Evaluate user activity.

63 HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP services?Risk mitigationRisk acceptanceRisk transferenceRisk avoidance

64 Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce?AvailabilityDenialConfidentialityIntegrity

65 Which one of the following components should be included in an organization's emergency response guidelines?List of individuals who should be notified of an emergency incidentLong-term business continuity protocolsActivation procedures for the organization's cold sitesContact information for ordering equipment

66 Chas recently completed the development of his organization's business continuity plan. Who is the ideal person to approve an organization's business continuity plan?Chief information officerChief executive officerChief information security officerChief operating officer

67 Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?Structured analysis of the organizationReview of the legal and regulatory landscapeCreation of a BCP teamDocumentation of the plan

68 Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?DenialConfidentialityIntegrityAvailability

69 Becka recently signed a contract with an alternate data processing facility that will provide her company with space in the event of a disaster. The facility includes HVAC, power, and communications circuits but no hardware. What type of facility is Becka using?Cold siteWarm siteHot siteMobile site

70 Greg's company recently experienced a significant data breach involving the personal data of many of their customers. Which breach laws should they review to ensure that they are taking appropriate action?The breach laws in the state where they are headquartered.The breach laws of states they do business in.Only federal breach laws.Breach laws only cover government agencies, not private businesses.

71 Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs?ITILISO 27002CMMPMBOK Guide

72 Matt works for a telecommunications firm and was approached by a federal agent seeking assistance with wiretapping one of Matt's clients pursuant to a search warrant. Which one of the following laws requires that communications service providers cooperate with law enforcement requests?ECPACALEAPrivacy ActHITECH Act

73 Every year, Gary receives privacy notices in the mail from financial institutions where he has accounts. What law requires the institutions to send Gary these notices?FERPAGLBA HIPAAHITECH

74 Which one of the following agreements typically requires that a vendor not disclose confidential information learned during the scope of an engagement?NCASLANDARTO

75 The (ISC)2 Code of Ethics applies to all CISSP holders. Which of the following is not one of the four mandatory canons of the code?Protect society, the common good, the necessary public trust and confidence, and the infrastructure.Disclose breaches of privacy, trust, and ethics.Provide diligent and competent service to the principles.Advance and protect the profession.

76 Which one of the following stakeholders is not typically included on a business continuity planning team?Core business function leadersInformation technology staffCEOSupport departments

77 Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve?AuthenticationAuthorizationIntegrityNonrepudiation

78 What principle of information security states that an organization should implement overlapping security controls whenever possible?Least privilegeSeparation of dutiesDefense in depthSecurity through obscurity

79 Ryan is a CISSP-certified cybersecurity professional working in a nonprofit organization. Which of the following ethical obligations apply to his work? (Select all that apply.)(ISC)2 Code of EthicsOrganizational code of ethics Federal code of ethicsRFC 1087

80 Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option?Purchasing insuranceEncrypting the database contentsRemoving the dataObjecting to the exception

81 The Domer Industries risk assessment team recently conducted a qualitative risk assessment and developed a matrix similar to the one shown here. Which quadrant contains the risks that require the most immediate attention?IIIIIIIV

82 Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with human resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting?Informing other employees of the terminationRetrieving the employee's photo IDCalculating the final paycheckRevoking electronic access rights

83 Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando's organization pursue?Risk avoidanceRisk mitigationRisk transferenceRisk acceptance