FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 3: Certified Information Systems Security Professional

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 51

Multiple Choice

Review LaterAdd Note

Review Later

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS) , an organization that shares card holder information with a service provider MUST do which of the following?

A) Perform a service provider PCI-DSS assessment on a yearly basis
B) Validate the service provider's PCI-DSS compliance status on a regular basis
C) Validate that the service providers security policies are in alignment with those of the organization
D) Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis

Correct Answer

verified

Show Answer

Question 52

Multiple Choice

Review LaterAdd Note

Review Later

Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

A) Configuration
B) Identity
C) Compliance
D) Patch

Correct Answer

verified

Show Answer

Question 53

Multiple Choice

Review LaterAdd Note

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

Which of the following techniques is effective to detect taps in fiber optic cables?

The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?

What is the FIRST step in establishing an information security program?

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Which of the following is the MOST effective preventative method to identify security flaws in software?

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Which of the following MOST applies to Session Initiation Protocol (SIP) security?

What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems?

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

Which of the following is a remote access protocol that uses a static authentication?

Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

Which of the following value comparisons MOST accurately reflects the agile development approach?

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4) , where is the GRE header inserted?

Which type of test would an organization perform in order to locate and target exploitable defects?

Which of the following is the MOST common method of memory protection?

Which of the following is a common feature of an Identity as a Service (IDaaS) solution?