ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

Why are mobile devices something difficult to investigate in a forensic examinition?

AThere are no forensics tools available for examination.

BThey may have proprietary software installed to protect them.

CThey may contain cryptographic protection.

DThey have password-based security at logon.

Show Answer

Question: 4

Which of the following would present the highert annualized loss expectancy (ALE)?

q4_CISSP

AFire

BEarthquake

CWindstorm

DFlood

Show Answer

Question: 5

Which of the following BEST describles a protection profile (PP)?

AA document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs.

BA document that expresses an implementation dependent set of security retirements which contains only the security functional requirements.

CA document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST).

DA document that is used to develop an Information Technology (IT) security product from Its security requirements definition.

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55