CISSP ISC2 Exam Questions and Free Practice Test

Question 109

- (Exam Topic 9)
The three PRIMARY requirements for a penetration test are

A. A defined goal, limited time period, and approval of management

B. A general objective, unlimited time, and approval of the network administrator

C. An objective statement, disclosed methodology, and fixed cost

D. A stated objective, liability waiver, and disclosed methodology

Correct Answer:A

Question 110

- (Exam Topic 10)
A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

A. The inherent risk is greater than the residual risk.

B. The Annualized Loss Expectancy (ALE) approaches zero.

C. The expected loss from the risk exceeds mitigation costs.

D. The infrastructure budget can easily cover the upgrade costs.

Correct Answer:C

Question 111

- (Exam Topic 13)
A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

A. The network administrators have no knowledge of ICS

B. The ICS is now accessible from the office network

C. The ICS does not support the office password policy

D. RS422 is more reliable than Ethernet

Correct Answer:B

Question 112

- (Exam Topic 12)
Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

A. User awareness

B. Two-factor authentication

C. Anti-phishing software

D. Periodic vulnerability scan

Correct Answer:A

Question 113

- (Exam Topic 13)
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123
or 1=1
What type of attack does this indicate?

A. Directory traversal

B. Structured Query Language (SQL) injection

C. Cross-Site Scripting (XSS)

D. Shellcode injection

Correct Answer:C

Question 114

- (Exam Topic 10)
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication

A. periodically during a session.

B. for each business process.

C. at system sign-off.

D. after a period of inactivity.

Correct Answer:D

START CISSP EXAM