Certified Information Systems Security Professional Exam
Last exam update: Dec 14 ,2024
Page 1 out of 100. Viewing questions 1-15 out of 1487
Question 1
An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?
A.
Geolocate the user and compare to previous logins
B.
Require a pre-selected number as part of the login
C.
Have the user answer a secret question that is known to them
D.
Enter an automatically generated number from a hardware token
Answer:
C
Explanation:
User Votes:
A
50%
B
50%
C
50%
D 3 votes
50%
Discussions
0/ 1000
Question 2
Which of the fallowing statements is MOST accurate regarding information assets?
A.
International Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.
B.
S3 Information assets include any information that is valuable to the organization,
C.
Building an information assets register is a resource-intensive job.
D.
Information assets inventory is not required for risk assessment.
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 3
What is the overall goal of software security testing?
A.
Identifying the key security features of the software
B.
Ensuring all software functions perform as specified
C.
Reducing vulnerabilities within a software system
D.
Making software development more agile
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D
50%
Discussions
0/ 1000
Question 4
In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?
A.
The target’s security posture cannot be further compromised.
B.
The results of the tests represent a point-in-time assessment of the target(s).
C.
The accuracy of testing results can be greatly improved if the target(s) are properly hardened.
D.
The deficiencies identified can be corrected immediately
Answer:
C
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which of the following is an important design feature for the outer door o f a mantrap?
A.
Allow it to be opened by an alarmed emergency button.
B.
Do not allow anyone to enter it alone.
C.
Do not allow it to be observed by dosed-circuit television (CCTV) cameras.
D.
Allow it be opened when the inner door of the mantrap is also open
Answer:
D
User Votes:
A 2 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 6
Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
A.
Maintaining a "closed applications model on all mobile devices depends on demilitarized 2one (DM2) servers
B.
Split tunneling enabled for mobile devices improves demilitarized zone (DMZ) security posture
C.
Segmentation and demilitarized zone (DMZ) monitoring are implemented to secure a virtual private network (VPN) access for mobile devices
D.
Applications that manage mobile devices are located in an Internet demilitarized zone (DMZ)
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 7
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioners first consideration?
A.
Resiliency of the system
B.
Detection of sophisticated attackers
C.
Risk assessment of the system
D.
Topology of the network used for the system
Answer:
A
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?
A.
Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.
B.
Conduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.
C.
Respond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.
D.
Analyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?
A.
Training
B.
Legal
C.
Business
D.
Storage
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
What is the MAIN purpose of conducting a business impact analysis (BIA)?
A.
To determine the critical resources required to recover from an incident within a specified time period
B.
To determine the effect of mission-critical information system failures on core business processes
C.
To determine the cost for restoration of damaged information system
D.
To determine the controls required to return to business critical operations
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
What is the MAIN purpose of a security assessment plan?
A.
Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation
B.
Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
C.
Provide technical information to executives to help them understand information security postures and secure funding.
D.
Provide education to employees on security and privacy, to ensure their awareness on policies and procedures
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
What are the first two components of logical access control?
A.
Confidentiality and authentication
B.
Authentication and identification
C.
Identification and confidentiality
D.
Authentication and availability
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
If traveling abroad and a customs official demands to examine a personal computer, which of the following should be assumed?
A.
The hard drive has been stolen.
B.
The Internet Protocol (IP) address has been copied.
C.
The hard drive has been copied.
D.
The Media Access Control (MAC) address was stolen
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Spyware is BEST described as
A.
data mining for advertising.
B.
a form of cyber-terrorism,
C.
an information gathering technique,
D.
a web-based attack.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
a large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for incorrectly granting or denying access so that the two numbers are the same. What is this value called?