Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

Free ISC2 CISSP Exam Braindumps (page: 16)

Page 16 of 122
PDF with 484 Questions

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

  1. Security controls driven assessment that focuses on controls management
  2. Business processes based risk assessment with a focus on business goals
  3. Asset driven risk assessment with a focus on the assets
  4. Data driven risk assessment with a focus on data

Answer(s): B



Which technique helps system designers consider potential security concerns of their systems and applications?

  1. Threat modeling
  2. Manual inspections and reviews
  3. Source code review
  4. Penetration testing

Answer(s): A



A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

  1. Network segmentation
  2. Blacklisting application
  3. Whitelisting application
  4. Hardened configuration

Answer(s): D



Which of the following BEST describes centralized identity management?

  1. Service providers perform as both the credential and identity provider (IdP).
  2. Service providers identify an entity by behavior analysis versus an identification factor.
  3. Service providers agree to integrate identity system recognition across organizational boundaries.
  4. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

Answer(s): D






Post your Comments and Discuss ISC2 CISSP exam prep with other Community members:

CISSP Exam Discussions & Posts