♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for ISC2 CISSP Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CISSP-exam-dumps.html

Q141. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? 

A. Discretionary Access Control (DAC) procedures 

B. Mandatory Access Control (MAC) procedures 

C. Data link encryption 

D. Segregation of duties 


Q142. Which of the following is the PRIMARY.security.concern associated with the implementation of smart cards? 

A. The cards have limited memory 

B. Vendor application compatibility 

C. The cards can be misplaced 

D. Mobile code can be embedded in the card 


Q143. What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password? 

A. Brute force attack 

B. Frequency analysis 

C. Social engineering 

D. Dictionary attack 


Q144. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router? 

A. Network Address Translation (NAT) 

B. Application Proxy 

C. Routing Information Protocol (RIP) Version 2 

D. Address Masking 


Q145. What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)? 

A. Evaluating the efficiency of the plan 

B. Identifying the benchmark required for restoration 

C. Validating the effectiveness of the plan 

D. Determining the Recovery Time Objective (RTO) 


Q146. In a data classification scheme, the data is owned by the 

A. Information Technology (IT) managers. 

B. business managers. 

C. end users. 

D. system security managers. 


Q147. Which of the following does the Encapsulating Security Payload (ESP) provide? 

A. Authorization and integrity 

B. Availability and integrity 

C. Integrity and confidentiality 

D. Authorization and confidentiality 


Q148. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain? 

A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed. 

B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject. 

C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to. 

D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject. 

Answer: B

Q149. Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage? 

A. Lightweight Directory Access Control (LDAP) 

B. Security Assertion Markup Language (SAML) 

C. Hypertext Transfer Protocol (HTTP) 

D. Kerberos 


Q150. Refer.to the information below to answer the question. 

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. 

Following best practice, where should the permitted access for each department and job classification combination be specified? 

A. Security procedures 

B. Security standards 

C. Human resource policy 

D. Human resource standards