CISSP ISC2 Exam Questions and Free Practice Test

Question 55

- (Exam Topic 10)
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

A. Removing employee's full access to the computer

B. Supervising their child's use of the computer

C. Limiting computer's access to only the employee

D. Ensuring employee understands their business conduct guidelines

Correct Answer:A

Question 56

- (Exam Topic 9)
How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

A. Take another backup of the media in question then delete all irrelevant operating system files.

B. Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level.

C. Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined.

D. Discard harmless files for the operating system, and known installed programs.

Correct Answer:B

Question 57

- (Exam Topic 10)
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

A. Availability

B. Confidentiality

C. Integrity

D. Ownership

Correct Answer:C

Question 58

- (Exam Topic 12)
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

A. Tactical, strategic, and financial

B. Management, operational, and technical

C. Documentation, observation, and manual

D. Standards, policies, and procedures

Correct Answer:B

Question 59

- (Exam Topic 10)
What is the PRIMARY advantage of using automated application security testing tools?

A. The application can be protected in the production environment.

B. Large amounts of code can be tested using fewer resources.

C. The application will fail less when tested using these tools.

D. Detailed testing of code functions can be performed.

Correct Answer:B

Question 60

- (Exam Topic 11)
Disaster Recovery Plan (DRP) training material should be

A. consistent so that all audiences receive the same training.

B. stored in a fire proof safe to ensure availability when needed.

C. only delivered in paper format.

D. presented in a professional looking manner.

Correct Answer:A

START CISSP EXAM