CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CISSP

Free CISSP Exam Braindumps (page: 16)

Page 15 of 122
PDF with 484 Questions

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

  1. Security controls driven assessment that focuses on controls management
  2. Business processes based risk assessment with a focus on business goals
  3. Asset driven risk assessment with a focus on the assets
  4. Data driven risk assessment with a focus on data

Answer(s): B



Which technique helps system designers consider potential security concerns of their systems and applications?

  1. Threat modeling
  2. Manual inspections and reviews
  3. Source code review
  4. Penetration testing

Answer(s): A



A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

  1. Network segmentation
  2. Blacklisting application
  3. Whitelisting application
  4. Hardened configuration

Answer(s): D



Which of the following BEST describes centralized identity management?

  1. Service providers perform as both the credential and identity provider (IdP).
  2. Service providers identify an entity by behavior analysis versus an identification factor.
  3. Service providers agree to integrate identity system recognition across organizational boundaries.
  4. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

Answer(s): D






Post your Comments and Discuss ISC CISSP exam with other Community members: