CISSP Official ISC2 practice tests - Domain 2
1. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it? A. Man-in-the-middle, VPN B. Packet injection, encryption C. Sniffing, encryption D. Sniffing, TEMPEST - Answer- C. Encryption is often used to protect traffic like bank transactions from sniffing. While packet injection and man-in-the-middle attacks are possible, they are far less likely to occur, and if a VPN were used, it would be used to provide encryption. TEMPEST is a specification for techniques used to prevent spying using electromagnetic emissions and wouldn't be used to stop attacks at any normal bank. 2. COBIT, Control Objectives for Information and Related Technology, is a framework for IT management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements? A. Business owners B. Data processors C. Data owners D. Data stewards - Answer- A. Business owners have to balance the need to provide value with regulatory, security, and other requirements. This makes the adoption of a common framework like COBIT attractive. Data owners are more likely to ask that those responsible for control selection identify a standard to use. Data processors are required to perform specific actions under regulations like the EU DPD. Finally, in many organizations, data stewards are internal roles that oversee how data is used. 3. What term is used to describe a starting point for a minimum security standard? A. Outline B. Baseline C. Policy D. Configuration guide - Answer- B. A baseline is used to ensure a minimum security standard. A policy is the foundation that a standard may point to for authority, and a configuration guide may be built from a baseline to help staff who need to implement it to accomplish their task. An outline is helpful, but outline isn't the term you're looking for here. 4. When media is labeled based on the classification of the data it contains, what rule is typica
Written for
- Institution
- CISSP
- Course
- CISSP
Document information
- Uploaded on
- September 16, 2023
- Number of pages
- 31
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
cissp official isc2 practice tests domain 2
-
1 angela is an information security architect at
-
2 cobit control objectives for information and r
-
3 what term is used to describe a starting point
Also available in package deal
