CISSP ISC2 Exam Questions and Free Practice Test

Question 91

- (Exam Topic 12)
Which of the following is the MAIN reason for using configuration management?

A. To provide centralized administration

B. To reduce the number of changes

C. To reduce errors during upgrades

D. To provide consistency in security controls

Correct Answer:D

Question 92

- (Exam Topic 13)
Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

A. identity provisioning

B. access recovery

C. multi-factor authentication (MFA)

D. user access review

Correct Answer:A

Question 93

- (Exam Topic 10)
When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

A. Perform a service provider PCI-DSS assessment on a yearly basis.

B. Validate the service provider's PCI-DSS compliance status on a regular basis.

C. Validate that the service providers security policies are in alignment with those of the organization.

D. Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Correct Answer:B

Question 94

- (Exam Topic 11)
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

A. Retention

B. Reporting

C. Recovery

D. Remediation

Correct Answer:A

Question 95

- (Exam Topic 10)
From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

A. Configure secondary servers to use the primary server as a zone forwarder.

B. Block all Transmission Control Protocol (TCP) connections.

C. Disable all recursive queries on the name servers.

D. Limit zone transfers to authorized devices.

Correct Answer:D

Question 96

- (Exam Topic 9)
An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?

A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.

B. The service provider will segregate the data within its systems and ensure that each region's policies are met.

C. The service provider will impose controls and protections that meet or exceed the current systemscontrols and produce audit logs as verification.

D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.

Correct Answer:D

START CISSP EXAM