搜索
CISSP错题集第1/40页1.鱼叉式网络钓鱼锁定之对象并非一般个人,而是特定公司、组织之成员,其资讯已非一般网络钓鱼所窃取之个人资料,而是其他高度敏感性资料,如智慧财产权及商业机密。4、CISSP错题集第2/40页CISSP错题集第3/40页CISSP错题集第4/40页CISSP错题集第5/40页CISSP错题集第6/40页CISSP错题集第7/40页CISSP错题集第8/40页CISSP错题集第9/40页CISSP错题集第10/40页CISSP错题集第11/40页CISSP错题集第12/40页CISSP错题集第13/40页Youarecompletingyourbusinesscontinuityplanningeffortandhavedecidedthatyouwishtoacceptoneoftherisks.Whatshouldyoudonext?A.Implementnewsecuritycontrolstoreducetherisklevel.B.Designadisasterrecoveryplan.C.Repeatthebusinessimpactassessment.D.Documentyourdecision-makingprocessTonyisdevelopingabusinesscontinuityplanandishavingdifficultyprioritizingresourcesbecauseofthedifficultyofcombininginformationabouttangibleandintangibleassets.Whatwouldbethemosteffectiveriskassessmentapproachforhimtouse?A.QuantitativeriskassessmentB.QualitativeriskassessmentC.NeitherquantitativenorqualitativeriskassessmentD.CombinationofquantitativeandqualitativeriskassessmentCISSP错题集第14/40页Whatlawprovidesintellectualpropertyprotectiontotheholdersoftradesecrets?A.CopyrightLawB.LanhamActC.Glass-SteagallActD.EconomicEspionageAct经济间谍法保护商业秘密**Whichoneofthefollowingactionsmightbetakenaspartofabusinesscontinuityplan?A.RestoringfrombackuptapesB.ImplementingRAID其他三个是DR的内容,这个才是BCPC.RelocatingtoacoldsiteD.RestartingbusinessoperationsFlorianreceivesaflyerfromafederalagencyannouncingthatanewadministrativelawwillaffecthisbusinessoperations.Whereshouldhegotofindthetextofthelaw?A.UnitedStatesCodeB.SupremeCourtrulingsC.CodeofFederalRegulationsD.CompendiumofLawsTomisinstallinganext-generationfirewall(NGFW)inhisdatacenterthatisdesignedtoblockmanytypesofapplicationattacks.Whenviewedfromariskmanagementperspective,whatmetricisTomattemptingtolower?A.ImpactB.RPOC.MTOD.Likelihood降低攻击的可能性**Whichoneofthefollowingindividualswouldbethemosteffectiveorganizationalownerforaninformationsecurityprogram?A.CISSP-certifiedanalystB.ChiefinformationofficerCIO可以更关注在安全方面,而CEO不行C.ManagerofnetworksecurityD.PresidentandCEO***Whichoneofthefollowingisnotnormallyconsideredabusinesscontinuitytask?A.BusinessimpactassessmentB.EmergencyresponseguidelinesC.ElectronicvaultingCISSP认为电子备份是DR的一种CISSP错题集第15/40页D.Vitalrecordsprogram注意这个重要记录政策也是BCP的一种Whoshouldreceiveinitialbusinesscontinuityplantraininginanorganization?A.SeniorexecutivesB.ThosewithspecificbusinesscontinuityrolesC.EveryoneintheorganizationD.Firstresponders**Whatistheformulausedtodeterminerisk?A.Risk=Threat*Vulnerability正常是资产*威胁*漏洞B.Risk=Threat/VulnerabilityC.Risk=Asset*ThreatD.Risk=Asset/ThreatWhichoneofthefollowingactionsisnotnormallypartoftheprojectscopeandplanningphaseofbusinesscontinuityplanning?A.StructuredanalysisoftheorganizationB.ReviewofthelegalandregulatorylandscapeC.CreationofaBCPteamD.DocumentationoftheplanWhatisthethresholdformaliciousdamagetoafederalcomputersystemthattriggerstheComputerFraudandAbuseAct?A.$500B.$2,500C.$5,000D.$10,000Whichoneofthefollowinglawsrequiresthatcommunicationsserviceproviderscooperatewithlawenforcementrequests?A.ECPAB.CALEAC.PrivacyActD.HITECHActWhichoneofthefollowingstakeholdersisnottypicallyincludedonabusinesscontinuityplanningteam?A.CorebusinessfunctionleadersB.InformationtechnologystaffC.CEO基本上不会出现在BCP团队里D.SupportdepartmentsCISSP错题集第16/40页Helenistheownerofawebsitethatprovidesinformationformiddleandhighschoolstudentspreparingforexams.SheisconcernedthattheactivitiesofhersitemayfallunderthejurisdictionoftheChildren’sOnlinePrivacyProtectionAct(COPPA).WhatisthecutoffagebelowwhichparentsmustgiveconsentinadvanceofthecollectionofpersonalinformationfromtheirchildrenunderCOPPA?A.13B.15C.17D.18Whichoneofthefollowingtoolsismostoftenusedforidentificationpurposesandisnotsuitableforuseasanauthenticator?A.PasswordB.RetinalscanC.UsernameD.TokenRyanisasecurityriskanalystforaninsurancecompany.HeiscurrentlyexaminingascenarioinwhichahackermightuseaSQLinjectionattacktodefaceawebserverduetoamissingpatchinthecompany’swebapplication.Inthisscenario,whatisthethreat?A.UnpatchedwebapplicationB.WebdefacementC.Hacker这按理是威胁主体,真正威胁是SQL注入,但没有更好的答案D.OperatingsystemCOBIT,ControlObjectivesforInformationandRelatedTechnology,isaframeworkforITmanagementandgovernance.WhichdataanagementroleismostlikelytoselectandapplyCOBITtobalancetheneedforsecuritycontrolsagainstbusinessrequirements?A.BusinessownersB.DataprocessorsC.DataownersD.Datastewards***Businessowners业务所有者havetobalancetheneedtoprovidevaluewithregulatory,security,andotherrequirements.Dataowners数据所有者aremorelikelytoaskthatthoseresponsibleforcontrolselectionidentifyastandardtouse.Dataprocessors数据处理者arerequiredtoperformspecificactionsunderregulationsliketheEUDPD.Finally,inmanyorganizations,datastewards数据管家areinternalrolesthatoverseehowdataisused.CISSP错题集第17/40页Howcanadataretentionpolicyhelptoreduceliabilities?A.Byensuringthatunneededdataisn’tretainedB.ByensuringthatincriminatingdataisdestroyedC.ByensuringthatdataissecurelywipedsoitcannotberestoredforlegaldiscoveryD.ByreducingthecostofdatastoragerequiredbylawAdataretentionpolicycanhelptoensurethatoutdateddataispurged,removingpotentialadditionalcostsfordiscovery.Manyorga