CISSP 2018 WITH COMPLETE SOLUTIONS 100%

CISSP 2018 WITH COMPLETE SOLUTIONS 100% The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: A. Honesty B. Ethical Behavior C. Legality D. Control - ANSWER D Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? a. Preventive / Technical Pairing b. Preventive / Administrative Pairing c. Preventive / Physical Pairing d. Detective / Administrative Pairing - ANSWER a. Preventive / Physical b. Detective / Technical c. Detective /Physical d. Detective / Administrative - ANSWER The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: a. Logon Banners b. Wall Posters c. Employee Handbook d. Written Agreement - ANSWER Which of the following is most appropriate to notify an external user that session monitoring is being conducted? The detective/technical control - ANSWER What measures are intended to reveal the violations of security policy using technical means? a. to detect improper or illegal acts by employees b. to lead to greater productivity through a better quality of life for the employee c. to provide proper cross training for another employee d. to allow more employees to have a better understanding of the overall system - ANSWER Why do many organizations require every employee to take a mandatory vacation of a week or more? a. Establish procedures for periodically reviewing the classification and ownership b. Specify the security controls required for each classification level c. Identify the data custodian and define their responsibilities d. Specify the criteria that will determine how data is classified - ANSWER You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? a. System programmer b. Legal staff c. Business unit manager d. Programmer - ANSWER The IS review is focused on the controls in place related to the process of defining IT service levels. Which of the following staff member would be best suited to provide information during a review? Security Officer - ANSWER Who directs, coordinates, plans, and organizes information security activities throughout the organization? Who works with many different individuals, such as executive management, management of the business units, technical staff, business partners, auditors, and third parties such as vendors. who and his or her team are responsible for the design, implementation, management, and review of the organization's security policies, standards, procedures, baselines, and guidelines? Executive Management/Senior Management - ANSWER Who maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know. A data custodian - ANSWER is an individual or function that takes care of the information on behalf of the owner. These individuals ensure that the information is available to the end users and is backed up to enable recovery in the event of data loss or corruption. Information may be stored in files, databases, or systems whose technical infrastructure must be managed, by systems administrators. This group administers access rights to the information assets. Data/Information/Business/System Owners - ANSWER These peoples are generally managers and directors responsible for using information for running and controlling the business. Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rule for the data for which they are responsible. a. Hot site b. Warm site c. Redundant or Alternate site d. Reciprocal Agreement - ANSWER Which of the following alternative business recovery strategies would be LEAST reliable in a large database and on-line communications network environment where the critical business continuity period is 7 days ? Hot Site - ANSWER A facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources are usually the data, which will be retrieved from a backup site, and the people who will be processing the data.