★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CISSP Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CISSP-dumps.html


Q81. Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0.to integrate a third-party identity provider for a service? 

A. Resource Servers are required to use passwords to authenticate end users. 

B. Revocation of access of some users of the third party instead of all the users from the third party. 

C. Compromise of the third party means compromise of all the users in the service. 

D. Guest users need to authenticate with the third party identity provider. 

Answer:


Q82. What is an important characteristic of Role Based Access Control (RBAC)? 

A. Supports Mandatory Access Control (MAC) 

B. Simplifies the management of access rights 

C. Relies on rotation of duties 

D. Requires.two factor authentication 

Answer:


Q83. Which of the following.is.required to determine classification and ownership? 

A. System and data resources are properly identified 

B. Access violations are logged and audited 

C. Data file references are identified and linked 

D. System security controls are fully integrated 

Answer:


Q84. Which of the following is an effective method for avoiding magnetic media data 

remanence? 

A. Degaussing 

B. Encryption 

C. Data Loss Prevention (DLP) 

D. Authentication 

Answer:


Q85. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? 

A. Spoofing 

B. Eavesdropping 

C. Man-in-the-middle 

D. Denial of service 

Answer:


Q86. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? 

A. Simple Mail Transfer Protocol (SMTP) blacklist 

B. Reverse Domain Name System (DNS) lookup 

C. Hashing algorithm 

D. Header analysis 

Answer:


Q87. An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why? 

A. The behavior is ethical because the tool will be used to create a better virus scanner. 

B. The behavior is ethical because any experienced programmer could create such a tool. 

C. The behavior is not ethical because creating any kind of virus is bad. 

D. The behavior is not ethical because such.a tool could be leaked on the Internet. 

Answer:


Q88. Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication? 

A. Authorizations are not included in the server response 

B. Unsalted hashes are passed over the network 

C. The authentication session can be replayed 

D. Passwords are passed in cleartext 

Answer:


Q89. Which item below is a federated identity standard? 

A. 802.11i 

B. Kerberos 

C. Lightweight Directory Access Protocol (LDAP) 

D. Security Assertion Markup Language (SAML) 

Answer:


Q90. Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization? 

A. Ensure end users are aware of the planning activities 

B. Validate all regulatory requirements are known and fully documented 

C. Develop training and awareness programs that involve all stakeholders 

D. Ensure plans do not violate the organization's cultural objectives and goals 

Answer: