ISC2 CISSP Quiz 3 Topic 2 Questions 11-15

Question: 1

Which of the following is strategy of grouping requirements in developing a security Test and Evaluation (ST&E)?

AStandards, policies, and procedures

BDocumentation, observation, and manual

CTactical, strategic, and financial

DManagement, operational, and technical

Show Answer

Question: 2

Which of the following should be included a hardware retention policy?

AA plan to retain date required only for business purposes and a retention schedule

BRetention of all sensitive data on media and hardware

CThe use of encryption technology to encrypt sensitive data prior to retention

DRetention of data for only one week and outsourcing the retention to a third-party vendor

Show Answer

Question: 3

Which of the following is a method of attacking internet protocol (IP) v6 Layer 3 and Layer 4?

AInternet Control Message Protocol (ICMP) flooding

BMedia Access Control (MAC) flooding

CDomain Name Server (DNS) cache poisoning

DSynchronize sequence numbers (SYN) flooding

Show Answer

Question: 4

Which of the following is the GREATEST security risk associated with the use of identity as a service (IDaaS) when an organization is developing its own software?

AIncreased likelihood of confidentiality breach

BDenial of access due to reduced availability

CSecurity Assertion Markup Language (SAML) integration

DIncompatibility with Federated Identity Management (FIM)

Show Answer

Question: 5

Why are mobile devices sometimes difficult to investigate in a forensic examination?

AThere are no forensic tools available for examination.

BThey may have proprietary software installed to protect them.

CThey have password-based security at logon.

DThey may contain cryptographic protection.

Show Answer

ISC2 CISSP Quiz:3 Topic:2 Questions:11-15