★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/CISSP-dumps.html
Top Quality of CISSP practice exam materials and guidance for ISC2 certification for IT candidates, Real Success Guaranteed with Updated CISSP pdf dumps vce Materials. 100% PASS Certified Information Systems Security Professional (CISSP) exam Today!
2021 Mar CISSP vce
Q211. Which of the following methods protects.Personally Identifiable.Information (PII).by use of a full replacement of the data element?
A. Transparent Database Encryption (TDE)
B. Column level database encryption
C. Volume encryption
D. Data tokenization
Answer: D
Q212. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?
A. Testing phase
B. Development phase
C. Requirements definition phase
D. Operations and maintenance phase
Answer: C
Q213. Which of the following is the FIRST step of a penetration test plan?
A. Analyzing a network diagram of the target network
B. Notifying the company's customers
C. Obtaining the approval of the company's management
D. Scheduling the penetration test during a period of least impact
Answer: C
Q214. What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
A. Parallel
B. Walkthrough
C. Simulation
D. Tabletop
Answer: C
Q215. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
A. Role Based Access Control (RBAC)
B. Biometric access control
C. Federated Identity Management (IdM)
D. Application hardening
Answer: A
Most recent CISSP exam question:
Q216. Which of the following is a recommended alternative to an integrated email encryption system?
A. Sign emails containing sensitive data
B. Send sensitive data in separate emails
C. Encrypt sensitive data separately in attachments
D. Store sensitive information to be sent in encrypted drives
Answer: C
Q217. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
A. Make changes following principle and design guidelines.
B. Stop the application until the vulnerability is fixed.
C. Report the vulnerability to product owner.
D. Monitor the application and review code.
Answer: C
Q218. Refer.to the information below to answer the question.
Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
A. Knurling
B. Grinding
C. Shredding.
D. Degaussing
Answer: C
Q219. The FIRST step in building a firewall is to
A. assign the roles and responsibilities of the firewall administrators.
B. define the intended audience who will read the firewall policy.
C. identify mechanisms to encourage compliance with the policy.
D. perform a risk analysis to identify issues to be addressed.
Answer: D
Q220. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Answer: B