ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

Which of the following is a method of attacking internet protocol (IP) v6 Layer 3 and Layer 4?

AInternet Control Message Protocol (ICMP) flooding

BMedia Access Control (MAC) flooding

CDomain Name Server (DNS) cache poisoning

DSynchronize sequence numbers (SYN) flooding

Show Answer

Question: 4

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

ABuild and test

BImplement security controls

CCategorize Information System (IS)

DSelect security controls

Show Answer

Question: 5

Which of the following is the PRIMARY issue when collecting detailed log information?

ALogs may be unavailable when required

BTimely review of the data is potentially difficult

CMost systems and applications do not support logging

DLogs do not provide sufficient details of system and individual activities

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55