Which of the following information MUST be provided for user account provisioning?
Which of the following information MUST be provided for user account provisioning? A. Full name B. Unique identifier C. Security question D. Date of birth
CISSP-2018
Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?
Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection? A. Temporal Key Integrity Protocol (TKIP) B. Secure Hash Algorithm (SHA) C. Secure Shell (SSH) D. Transport Layer Security (TLS)
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test? A. Reversal B. Gray box C. Blind D. White box
Which of the following countermeasures is the MOST effective in defending against a social engineering attack?
Which of the following countermeasures is the MOST effective in defending against a social engineering attack? A. Mandating security policy acceptance B. Changing individual behavior C. Evaluating security awareness training D. Filtering malicious e-mail content
Which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?
Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device? A. Transport and Session B. Data-Link and Transport C. Network and Session D. Physical and Data-Link
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)? A. It must be known to both sender and receiver. B. It can be transmitted in the clear as a random number. C.…
What is MAIN purpose of the DMZ?
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ? A. Reduced risk to internal systems. B. Prepare the server for potential attacks. C. Mitigate the risk…
Which advantage over host-based logging when reviewing malicious activity about a victim machine?
Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine? A. Addresses and protocols of network-based logs are analyzed. B. Host-based system logging has files stored in multiple locations. C. Properly handled network-based logs…
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation? A. To verify that only employees have access to the facility. B. To identify present hazards…
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed? A. Risk versus benefit B. Availability versus auditability C. Confidentiality versus integrity D. Performance versus user satisfaction