2022年ISC2CISSP英文考试参考题库（含答案）

2022年ISC2CISSP英文考试参考题库（含答案）

一'单选题

1.

TominimizethevuInerabiIitiesofaweb-basedappIication,whichofthefoIlowi

ngFIRSTactionswiIIIockdownthesystemandminimizetheriskofanattack?

AvAppIytheIatestvendorpatchesandupdates.

B、RunavuInerabiIityscanner.

C\ReviewaccesscontroIs.

D、InstaIIanantivirusontheserver.

答案：A

2.

AsecurityprofessionaIhasbeenassignedtoassessawebappIication.Theassess

meritreportremendsswitchingtoSecurityAssertionMarkupLanguage(SAML).Wha

tisthePRIMARYsecuritybenefitinswitchingtoSAML?

AvItenabIessinglesign-on(SSO)forwebappIications.

B、ItusesTransportLayerSecurity(TLS)toaddressconfidentiaIity.

C、ItIimitsunnecessarydataentryonwebforms.

DvTheusers'passwordisnotpassedduringauthentication.

答案：D

3.

WhichofthefoIIowingisincIudedinchangemanagement?

AxTechnicaIreviewbybusinessowner.

B、UserAcceptanceTesting(UAT)beforeimpIementation.

C、Cost-benefitanalysis(CBA)afterimpIementation.

D、Businesscontinuitytesting.

答案：D

4.

WhichofthefoIIowingBESTensurestheintegrityoftransactionstointendedrec

ipients?

AxPubIickeyinfrastructure(PKI).

B、BIockchaintechnoIogy.

C、Pre-sharedkey(PSK).

D、Weboftrust.

答案：A

5.

WhichofthefoIIowingmeasuresservesastheBESTmeansforprotectingdataonput

ers,smartphones,andexternaIstoragedeviceswhentraveIingtohigh-riskcoun

tries?

AxReviewappIicabIedestinationcountryIaws,forensicaIlycIeandevicespri

ortotraveI,andonIydownIoadsensitivedataoveravirtuaIprivatenetwork(VPN)

uponarrivingatthedestination.

B、LeverageaSecureSocketLayer(SSL)connectionoveravirtuaIprivatenetwor

k(VPN)todownIoadsensitivedatauponarrivingatthedestination.

CxKeepIaptops,externaIstoragedevices,andsmartphonesinthehoteIroomwhe

nnotinuse.

D、Usemu11i-factorauthentication(MFA)togainaccesstodatastoredonIaptop

sorexternaIstorage

DevicesandbiometricfingerprintaccesscontroImechanismstounIocksmartpho

nes.

答案：D

6.

AheaIthcareinsuranceorganizationchoseavendortodeveIopasoftwareappIica

tion.Uponreviewofthedraftcontract,theinformationsecurityprofessionaIn

oticesthatsoftwaresecurityisnotaddressed.WhatistheBESTapproachtoaddre

sstheissue?

AxUpdatethecontracttorequirethevendortoperformsecuritycodereviews.

BxUpdatetheserviceIeveIagreement(SLA)toprovidetheorganizationtherigh

ttoauditthevendor.

C、UpdatethecontractsothatthevendorisobIigatedtoprovidesecuritycapabi

Iities.

D、UpdatetheserviceIeveIagreement(SLA)torequirethevendortoprovidesecu

ritycapabiIities.

答案：B

7.

AnorganizationoutgrewitsinternaIdatacenterandisevaIuatingthird-partyh

ostingfaciIities.InthisevaIuation,whichofthefoIlowingisaPRIMARYfactor

forseIection?

A、FaciIityprovidesanacceptabIeIeveIofrisk.

B、FaciIityprovidesdisasterrecovery(DR)services.

C、FaciIityhasphysicaIaccessprotectionmeasures.

DxFaciIityprovidesthemostcost-effectivesoIution.

答案：D

8.

WhatdocumentationisproducedFIRSTwhenperforminganeffectivephysicaIIoss

controIprocess?

A、DeterrentcontroIsIist.

B、SecuritystandardsIist.

C、AssetvaIuationIist.

DxInventoryIist.

答案：D

9.

AChiefInformationOfficer(C10)hasdeIegatedresponsibiIityoftheirsystems

ecuritytotheheadoftheinformationtechnoIogy(IT)department.WhiIecorpora

tepoIicydictatesthatonIytheCIOcanmakedecisionsontheIeveIofdataprotect

ionrequired,technicaIimpIementationdecisionsaredonebytheheadoftheITde

partment.WhichofthefoIlowingBESTdescribesthesecurityrolefiIIedbythehe

adoftheITdepartment?

AxSystemsecurityofficer.

B、Systemprocessor.

C、Systemcustodian.

D、Systemanalyst.

答案：c

10.

WhichofthefoIIowingwouIdbetheBESTmitigationpracticeforman-in-the-midd

Ie(MITM)VoiceoverInternetProtocoI(VoIP)attacks?

AxUseSecureSheII(SSH)protocoI.

B、UseFileTransferProtocol(FTP).

C、UseTransportLayerSecurity(TLS)protocoI.

D、UseMediaGatewayControIProtocoI(MGCP).

答案：c

11.

WhichofthefoIIowingwouIdquaIifyasanexceptiontothe"righttobeforgotten"

oftheGeneraIDataProtectionReguIation(GDPR)?

AxFortheestabIishment,exercise,ordefenseofIegaIcIaims.

B、ThepersonaIdatahasbeenIawfuIIyprocessedandcoIIected.

C、Forthereasonsofprivateinterest.

D、ThepersonaIdataremainsnecessarytothepurposeforwhichitwascoIIected.

答案:A

12.

AdatabaseserverforafinanciaIappIicationisscheduIedforproductiondepIoy

ment.WhichofthefoIlowingcontrolswiIIBESTpreventtampering?

AxDatasanitization.

B、DatavaIidation.

CxServiceaccountsremovaI.

D、Loggingandmonitoring.

答案：B

13.

WhatisthePRIMARYreasonforcriminaIIawbeingdifficuIttoenforcewhendeaIin

gwithcybercrime?

AxJurisdictionishardtodefine.

B、Lawenforcementagenciesareunderstaffed.

CxExtraditiontreatiesarerareIyenforced.

D、NumerousIanguagebarriersexist.

答案：A

14.

Ifthewideareanetwork(WAN)issupportingconvergedappIicationsIikeVoiceov

erInternetProtocoI(VoIP),whichofthefoIlowingbeesevenMOREessentiaItoth

eassuranceofthenetwork?

AxBoundaryrouting.

B、ClassIessInter-DomainRouting(ClDR).

CxInternetProtocol(IP)routinglookups.

DxDeterministicrouting.

答案：c

15.

ThequaIityassurance(QA)departmentisshort-staffedandisunabIetotestaIIm

oduIesbeforetheanticipatedreIeasedateofanappIication.Whatsecuritycont

roIisMOSTIikeIytobevioIated?

A、Changemanagement.

B、Separationofenvironments.

CxProgrammanagement.

D、Mobilecodecontrols.

答案：A

16.

WhichofthefoIIowingshouIdbeincIudedinagooddefense-in-depthstrategypro

videdbyobject-orientedprogrammingforsoftwaredeveIopment?

AxPoIymorphism.

B、Inheritance.

CxPolyinstantiation.

D、EncapsuIation.

答案：C

17.

WhichofthefoIlowingistheBESTapproachtoimpIementmuItipleserversonavirt

uaIsystem?

AxImpIementoneprimaryfunctionpervirtuaIserverandapplyindividuaIsecur

ityconfigurationforeachvirtuaIserver.

B、ImpIementmu11ipIefunctionswithinthesamevirtuaIserverandappIyindivi

duaIsecurityconfigurationstoeachfunction.

C、ImpIementoneprimaryfunctionpervirtuaIserverandappIyhighsecuritycon

figurationonthehostoperatingsystem.

D、ImpIementmuItiplefunctionspervirtuaIserverandappIythesamesecurityc

onfigurationforeachvirtuaIserver.

答案：A

18.

UndertheGeneraIDataProtectionReguIation(GDPR),whatisthemaximumamounto

ftimeaIIowedforreportingapersonaIdatabreach?

Ax24hours.

B、48hours.

Cx72hours.

D、96hours.

答案：C

19.

AsoftwaredeveIoperwishestowritecodethatwiIIexecutesafeIyandonIyasinte

nded.WhichofthefoIlowingprogrammingIanguagetypesisMOSTIikeIytoachieve

thisgoaI?

A、WeakIytyped.

B、DynamicalIytyped.

C、StrongIytyped.

DxStaticalIytyped.

答案：c

20.

AnorganizationwouIdIiketoensurethataIInewusershaveapredefineddepartme

ntaIaccesstempIateappIieduponcreation.TheorganizationwouIdaIsoIikeadd

itionaIaccessforuserstobegrantedonaper-projectbasis.Whattypeofuseracc

essadministrationisBESTsuitedtomeettheorganization'sneeds?

AxDecentraIized.

B、Hybrid.

C、CentraIized.

D、Federated.

答案：B

21.

CIothingretaiIerempIoyeesareprovisionedwithuseraccountsthatprovideacc

esstoresourcesatpartnerbusinesses.AIIpartnerbusinessesusemonidentitya

ndaccessmanagement(IAM)protocoIsanddifferingtechnoIogies.UndertheExte

ndedIdentityprincipIe,whatistheprocessfIowbetweenpartnerbusinessestoa

IIowthisIAMaction?

A、ClothingretaiIeractsasUserSeIfService,confirmsidentityofuserusingi

ndustrystandards,thensendscredentiaIstopartnerbusinessesthatactasaSer

viceProviderandaIIowsaccesstoservices.

BxClothingretaiIeractsasidentityprovider(IdP),confirmsidentityofuser

usingindustrystandards,thensendscredentiaIstopartnerbusinessesthatact

asaServiceProviderandaIIowsaccesstoservices.

CxClothingretaiIeractsasServiceProvider,confirmsidentityofuserusingi

ndustrystandards,thensendscredentiaIstopartnerbusinessesthatactasanid

entityprovider(IdP)andaIIowsaccessto

Resources.

D、ClothingretaiIeractsasAccessControIProvider,confirmsaccessofuserus

ingindustrystandards,thensendscredentiaIstopartnerbusinessesthatactas

aServiceProviderandaIIowsaccesstoresources.

答案：B

22.

ApanyneedstoprovidesharedaccessofsensitivedataonacIoudstoragetoextern

aIbusinesspartners.WhichofthefoIIowingidentitymodeIsistheBESTtobIindi

dentityproviders(IdP)andreIyingparties(RP)sothatsubscriberIistsofothe

rpartiesarenotdiscIosed?

AxProxiedfederation.

B、Dynamicregistration.

CxFederalionauthorities.

D、Staticregistration.

答案：A

23.

WhichtechniqueheIpssystemdesignersconsiderpotentiaIsecurityconcernsof

theirsystemsandappIications?

AxThreatmodeIing.

B、ManuaIinspectionsandreviews.

C、Sourcecodereview.

D、Penetrationtesting.

答案：A

24.

WhichofthefoIIowingdepartmentsinitiatestherequest,approvaI,andprovisi

oningbusinessprocess?

AxOperations.

B、Security.

C、Humanresources(HR).

D、InformationtechnoIogy(IT).

答案：A

25.

Anorganizationisconsideringpartneringwithathird-partysuppIierofcIouds

ervices.TheorganizationwiIIonIybeprovidingthedataandthethird-partysup

pIierwiIIbeprovidingthesecuritycontroIs.WhichofthefoIIowingBESTdescri

besthisserviceoffering?

AxPIatformasaService(PaaS).

B、AnythingasaService(XaaS).

CxInfrastructureasaService(IaaS).

D、SoftwareasaService(SaaS).

答案：D

26.

Whenconductingathird-partyriskassessmentofanewsuppIier,whichofthefoII

owingreportsshouIdbereviewedtoconfirmtheoperatingeffectivenessofthese

curity,availabiIity,confidentiaIity,andprivacytrustprincipIes?

AxServiceOrganizationControI(SOC)1,Type2.

BxServiceOrganizationControI(SOC)2,Type2.

C、InternationaIOrganizationforStandardization(ISO)27001.

D、InternationaIOrganizationforStandardization(ISO)27002.

答案：B

27.

AninformationsecurityprofessionaIisreviewinguseraccesscontroIsonacust

omer-facingappIication.TheappIicationmusthavemu11i-factorauthenticati

on(MFA)inpIace.TheappIicationcurrentIyrequiresausernameandpasswordtoI

ogin.WhichofthefoIIowingoptionswouIdBESTimpIementMFA?

AxGeoIocatetheuserandparetopreviousIogins.

B、Requireapre-seIectednumberaspartofthelogin.

C、Havetheuseranswerasecretquestionthatisknowntothem.

D、EnteranautomaticaIIygeneratednumberfromahardwaretoken.

答案：D

28.

WhichofthefoIIowingissecuritycontroIvolatiIity?

AxAreferencetotheimpactofthesecuritycontroI.

B、AreferencetotheIikeIihoodofchangeinthesecuritycontroI.

CxAreferencetohowunpredictabIethesecuritycontroIis.

D、AreferencetothestabiIityofthesecuritycontroI.

答案：B

29.

WhichofthefoIIowingoutsourcingagreementprovisionshastheHIGHESTpriorit

yfromasecurityoperationsperspective?

AxConditionstopreventtheuseofsubcontractors.

B、Termsforcontractrenegotiationincaseofdisaster.

C、RootcauseanaIysisforappIicationperformanceissue.

D、EscaIationprocessforprobIemresoIutionduringincidents.

答案：D

30.

WhataretheessentiaIeIementsofaRiskAssessmentReport(RAR)?

AxExecutivesummary,bodyofthereport,andappendices.

B、Executivesummary,graphofrisks,andprocess.

C、TabIeofcontents,testingcriteria,andindex.

D、Tableofcontents,chapters,andexecutivesummary.

答案：A

31.

AuserisaIIowedtoaccessthefiIeIabeIed"FinanciaIForecast,"butonIybetwee

n9:00am.and5:OOp.m.,MondaythroughFriday.Whichtypeofaccessmechanismsho

uIdbeusedtoacpIishthis?

A、MinimumaccesscontroI.

B、LimitedroIe-basedaccesscontroI(RBAC).

C、AccesscontroIIist(ACL).

D、RuIe-basedaccesscontroI.

答案：D

32.

WhichofthefoIlowingistheBESTwaytoprotectanorganization'sdataassets?

AxEncryptdataintransitandatrestusingup-to-datecryptographicaIgorithm

s.

B、MonitorandenforceadherencetosecuritypoIicies.

GRequireMuIti-FactorAuthentication(MFA)andSeparationofDuties(SoD).

D、CreatetheDemiIitarizedZone(DMZ)withproxies,firewaIIsandhardenedbas

tionhosts.

答案：B

33.

BuiIdingbIocksforsoftware-definednetworks(SDN)requirewhichofthefoIIow

ing?

AxTheSDNisposedentireIyofcIient-serverpairs.

BxRandom-accessmemory(RAM)isusedinpreferencetovirtuaImemory.

C、TheSDNismostIyposedofvirtuaImachines(VM).

D、VirtuaImemoryisusedinpreferencetorandom-accessmemory(RAM).

答案：c

34.

AsecurityprofessionaIneedstofindasecureandefficientmethodofencrypting

dataonanendpoint.WhichsoIutionincIudesarootkey?

AxBitlocker.

B、TrustedPIatformModuIe(TPM).

C、VirtuaIstoragearraynetwork(VSAN).

D、Hardwaresecuritymodule(HSM).

答案：B

35.

WhichfactorsMUSTbeconsideredwhencIassifyinginformationandsupportingas

setsforriskmanagement,IegaIdiscovery,andpIiance?

AxSystemownerrolesandresponsibiIities,datahandIingstandards,storagea

ndsecuredeveIopmentIifecycIerequirements.

B、pIianceofficeroIesandresponsibiIities,classifiedmateriaIhandIingst

andards,storagesystemlifecycIerequirements.

C、DatastewardshiproIes,datahandIingandstoragestandards,dataIifecycIe

requirements.

D、SystemauthorizationroIesandresponsibiIities,cIoudputingstandards,I

ifecycIerequirements.

答案：A

36.

WhatisthePRIMARYpurposeofcreatingandreportingmetricsforasecurityaware

ness,training,andeducationprogram?

A、Measuretheeffectoftheprogramontheorganization'sworkforce.

B、MakeaIIstakehoIdersawareoftheprogram'sprogress.

C、FaciIitatesupervisionofperiodictrainingevents.

DxpIywithIegaIreguIationsanddocumentduediIigenceinsecuritypractices.

答案：A

37.

AnorganizationhasdeveIopedawayforcustomerstoshareinformationfromtheir

wearabIedeviceswitheachother.UnfortunateIy,theuserswerenotinformedast

owhatinformationcoIIectedwouIdbeshared.WhattechnicaIcontroIsshouIdbep

utinpIacetoremedytheprivacyissuewhiIestiIItryingtoacpIishtheorganizat

ion'sbusinessgoaIs?

AxShareonIywhattheorganizationdecidesisbest.

B、Stopsharingdatawiththeotherusers.

C、DefauIttheusertonotshareanyinformation.

D、InformtheuserofthesharingfeaturechangesafterimpIemented.

答案：C

38.

WhichofthefoIIowingcontributesMOSTtotheeffectivenessofasecurityoffice

r?

AxDeveIopingpreciseandpracticaIsecuritypIans.

B、Integratingsecurityintothebusinessstrategies.

C、UnderstandingthereguIatoryenvironment.

D、AnaIyzingthestrengthsandweaknessoftheorganization.

答案：C

39.

mereiaIoff-the-sheIf(COTS)softwarepresentswhichofthefoIIowingaddition

aIsecurityconcerns?

AxVendorstakeontheIiabiIityforCOTSsoftwarevuInerabiIities.

B、In-housedeveIopedsoftwareisinherentIyIesssecure.

CxCOTSsoftwareisinherentIyIesssecure.

D、ExpIoitsforCOTSsoftwareareweIIdocumentedandpubIiclyavaitable.

答案：D

40.

UsingtheciphertextandresuItantcIeartextmessagetoderivethemonoaIphabet

iccipherkeyisanexampIeofwhichmethodofcryptanaIyticattack?

A、Known-pIaintextattack.

B、Ciphertext-onIyattack.

CxFrequencyanalysis.

D、ProbabIe-pIaintextattack.

答案：A

41.

AcorporationdoesnothaveaformaIdatadestructionpoIicy.Duringwhichphaseo

facriminaIIegaIproceedingwiIIthishavetheMOSTimpact?

AxSentencing.

B、Trial.

CxDiscovery.

D、Arraignment.

答案：C

42.

WhatisthePRIMARYbenefitofincidentreportingandputercrimeinvestigation

s?

AxpIyingwithsecuritypoIicy.

B、Repairingthedamageandpreventingfutureoccurrences.

CxProvidingevidencetoIawenforcement.

D、Appointingaputeremergencyresponseteam.

答案：C

43.

WhenreviewingvendorcertificationsforhandIingandprocessingofpanydata,w

hichofthefoIIowingistheBESTServiceOrganizationControIs(SOC)certificat

ionforthevendortopossess?

A、S0C1Type1

B、S0C2Type1

GS0C2Type2

D、S0C3

答案：C

44.

WhichWideAreaNetwork(WAN)technoIogyrequiresthefirstrouterinthepathtod

eterminethefuIIpaththepacketwiIItravel,removingtheneedforotherrouters

inthepathtomakeindependentdeterminations?

A、SynchronousOpticaINetworking(SONET).

B、MultiprotocoILabeISwitching(MPLS).

GFiberChanneIOverEthernet(FCoE).

D、SessionlnitiationProtocoI(SIP).

答案：B

45.

Asubscriptionservicewhichprovidespower,cIimatecontroI,raisedfIooring,

andteIephonewiringbutNOTtheputerandperipheraIequipmentisBESTdescribed

asa:

A、coldsite.

B、warmsite.

Cxhotsite.

Dxreciprocalsite.

答案：A

46.

AninformationsecurityadministratorwishestobIockpeer-to-peer(P2P)traff

icoverHypertextTransferProtocoI(HTTP)tunneIs.WhichofthefoIIowingIayer

softheOpenSystemsInterconnection(OSI)modeIrequiresinspection?

AxAppIication.

B、Transport.

CxSession.

D、Presentation.

答案：A

47.

WhenconfiguringExtensibIeAuthenticationProtocoI(EAP)inaVoiceoverInter

netProtocoI(VoIP)network,whichofthefoIlowingauthenticationtypesistheM

OSTsecure?

A、EAP-ProtectedExtensibIeAuthenticationProtocoI(PEAP).

BxEAP-TransportLayerSecurity(TLS).

CxEAP-TunneIedTransportLayerSecurity(TLS).

D、EAP-FlexibleAuthenticationviaSecureTunneIing.

答案：B

48.

Asecurityengineerisrequiredtointegratesecurityintoasoftwareprojecttha

tisimpIementedbysmaIIgroupsthatquickly,continuousIy,andindependentIyd

eveIop,test,anddepIoycodetothecIoud.TheengineerwiIIMOSTIikeIyintegrat

ewithwhichsoftwaredeveIopmentprocess?

AxDevopsIntegratedProductTeam(IPT).

B、StructuredWaterfaIIProgrammingDeveIopment.

C、Service-orientedarchitecture(SOA).

D、SpiraIMethodology.

答案：D

49.

AhospitaI'sbuiIdingcontroIssystemmonitorsandoperatestheenvironmentaIe

quipmenttomaintainasafeandfortabIeenvironment.WhichofthefoIIowingcouI

dbeusedtominimizetheriskofutiIitysuppIyinterruption?

AxDigitalprotectionandcontroIdevicescapabIeofminimizingtheadverseimp

acttocriticaIutiIity.

B、StandardizedbuiIdingcontroIssystemsoftwarewithhighconnectivitytoho

spitainetworks.

CxLockoutmaintenancepersonneIfromthebuiIdingcontroIssystemaccessthat

canimpactcriticalutiIitysuppIies.

D、DigitaldevicesthatcanturnequipmentoffandcontinuousIycycIerapidIyin

ordertoincreasesuppIiesandconceaIactivityonthehospitaInetwork.

答案：A

50.

WhichsectionoftheassessmentreportaddressesseparatevuInerabiIities,wea

knesses,andgaps?

AxFindingsdefinitionsection.

BxRiskreviewsection.

C、ExecutivesummarywithfuIIdetaiIs.

D、Keyfindingssection.

答案：B

51.

WhichofthefoIIowingtechniquesevaIuatesthesecuredesignprincipIesofnetw

orkorsoftwarearchilectures?

AxRiskmodeIing.

B、WaterfaIImethod.

C、ThreatmodeIing.

D、Fuzzing.

答案：C

52.

WhichofthefoIlowingBESTdescribesthepurposeofthereferencemonitorwhende

finingaccesscontroItoenforcethesecuritymodeI?

AxStrongoperationaIsecuritytokeepunitmemberssafe.

B、PoliciestovaIidateorganizationruIes.

CxCyberhygienetoensureorganizationscankeepsystemsheaIthy.

D、QuaIitydesignprincipIestoensurequaIitybydesign.

答案：B

53.

InformationsecuritypractitionersareinthemidstofimpIementinganewfirewa

II.WhichofthefoIIowingfaiIuremethodswouIdBESTprioritizesecurityinthee

ventoffaiIure?

AxFailover.

B、FaiI-Closed.

CxFaiI-Safe.

DvFaiI-Open.

答案：B

54.

BeforeaIlowingawebappIicationintotheproductionenvironment,thesecurity

practitionerperformsmuItipletypesofteststoconfirmthatthewebappIicatio

nperformsasexpected.Totesttheusernamefield,thesecuritypractitionercre

atesatestthatentersmorecharactersintothefieIdthanisaIIowed.Whichofthe

foIIowingBESTdescribesthetypeoftestperformed?

A、Misusecasetesting.

B、Interfacetesting.

C、Websessiontesting.

DxPenetrationtesting.

答案：A

55.

WhatprocessfaciIitatesthebaIanceofoperationaIandeconomiccostsofprotec

tivemeasureswithgainsinmissioncapabiIity?

A、Performancetesting.

B、Riskassessment.

C、Securityaudit.

D、Riskmanagement.

答案：D

56.

WhichofthefoIIowingBESTdescribesthepurposeofBorderGatewayProtocoI(BG

P)?

A、ProvideRoutingInformationProtocoI(RIP)versior)2advertisementstoneig

hboringIayer3devices.

B、MaintainaIistofnetworkpathsbetweeninternetrouters.

CxProvidefirewaIIservicestocIoud-enabIedappIications.

D、MaintainaIistofefficientnetworkpathsbetweenautonomoussystems.

答案：D

57.

WhatistheMOSTeffectivemethodtoenhancesecurityofasinglesign-on(SSO)soI

utionthatinterfaceswithcriticalsystems?

AxTwo-factorauthentication.

B、ReusabIetokensforappIicationIeveIauthentication.

C、HighperformanceencryptionaIgorithms.

D、SecureSocketsLayer(SSL)foraIImunications.

答案：A

58.

AdeveIoperiscreatinganappIicationthatrequiressecureIoggingofaIIuserac

tivity.WhatistheBESTpermissionthedeveIopershouIdassigntotheIogfiIetoe

nsurerequirementsaremet?

A、Execute.

B、Read.

GWrite.

DxAppend.

答案：D

59.

WhatHypertextTransferProtocoI(HTTP)responseheadercanbeusedtodisabIeth

eexecutionofinIineJavaScriptandtheexecutionofevaI()-typefunctions?

AxX-XSS-Protection.

BxContent-Security-PoIicy.

CxX-Frame-Options.

D、Strict-Transport-Security.

答案：B

60.

AfirmwithinthedefenseindustryhasbeendirectedtopIywithcontractuaIrequi

rementsforencryptionofagovernmentcIient*sControIIedUncIassifiedInform

ation(CUI).Whatencryptionstrategyrepresentshowtoprotectdataatrestinth

eMOSTefficientandcost-effectivemanner?

A、Performlogicalseparationofprograminformation,usingvirtuaIizedstora

gesoIutionswithencryptionmanagementintheback-enddisksystems.

B、Performlogicalseparationofprograminformation,usingvirtuaIizedstora

gesoIutionswithbuilt-inencryptionatthevirtuaIizationIayer.

C、PerformphysicaIseparationofprograminformationandencryptonIyinforma

tiondeemedcritical

BythedefensecIient.

D、ImpIementdataatrestencryptionacrosstheentirestorageareanetwork(SA

N).

答案：D

61.

WhichofthefoIlowingistheBESToptiontoreducethenetworkattacksurfaceofas

ystem?

AxDisabIingunnecessaryportsandservices.

B、Ensuringthattherearenogroupaccountsonthesystem.

CxUninstaIIingdefauItsoftwareonthesystem.

D、Removingunnecessarysystemuseraccounts.

答案：A

62.

InaquarterIysystemaccessreview,anactivepriviIegedaccountwasdiscovered

thatdidnotexistinthepriorreviewontheproductionsystem.Theaccountwascre

atedonehourafterthepreviousaccessreview.WhichofthefoIlowingistheBESTo

ptiontoreduceoveraIIriskinadditiontoquarterIyaccessreviews?

AxImpIementbi-annuaIreviews.

B、CreatepoIiciesforsystemaccess.

C、ImpIementandreviewrisk-basedaIerts.

D、IncreaseIoggingIeveIs.

答案：B

63.

SecuritySoftwareDeveIopmentLifeCycIe(SDLC)expectsappIicationcodetobew

ritteninaconsistentmannertoaIIoweaseofauditingandwhichofthefoIlowing?

AxProtecting.

B、Copying.

C、Enhancing.

D、Executing.

答案：A

64.

WhichofthefoIIowingdescribestheBESTmethodofmaintainingtheinventoryofs

oftwareandhardwarewithintheorganization?

AxMaintainingtheinventorythroughabinationofassetownerinterviews,open

-sourcesystemmanagement,andopen-sourcemanagementtooIs.

B、Maintainingtheinventorythroughabinationofdesktopconfiguration,admi

nistrationmanagement,andprocurementmanagementtooIs.

C、Maintainingtheinventorythroughabinationofonpremisestorageconfigura

tion,cIoudmanagement,andpartnermanagementtooIs.

D、Maintainingtheinventorythroughabinationofsystemconfiguration,netwo

rkmanagement,andIicensemanagementtooIs.

答案：D

65.

WhichofthefoIlowingistheMOSTsignificantkeymanagementprobIemduetothenu

mberofkeyscreated?

AxExponentiaIgrowthwhenusingsymmetrickeys.

B、ExponentiaIgrowthwhenusingasymmetrickeys.

CxStorageofthekeysrequireincreasedsecurity.

D、Keysaremoredifficulttoprovisionandrevoke.

答案：A

66.

AsecurityprofessionaIhasreviewedarecentsiteassessmentandhasnotedthata

serverroomonthesecondfIoorofabuiIdinghasHeating,VentiIation,andAirCon

ditioning(HVAC)intakesonthegroundIeveIthathaveuItravioIetIightfiIters

installed,Aero-KFiresuppressionintheserverroom,andpre-actionfiresuppr

essiononfIoorsabovetheserverroom.WhichofthefoIIowingchangescanthesecu

rityprofessionaIremendtoreduceriskassociatedwiththeseconditions?

AxRemovetheuItravioIetIightfiItersontheHVACintakeandrepIacethefiresu

ppressionsystemontheupperfIoorswithadrysystem.

B、EIevatetheHVACintakebyconstructingapIenumorexternaIshaftoveritandc

onverttheserverroomfiresuppressiontoapre-actionsystem.

CxAddadditionaIuItravioIetIightfiIterstotheHVACintakesuppIyandreturn

ductsandchangeserverroomfiresuppressiontoFM-200

D、AppIyadditionaIphysicaIsecurityaroundtheHVACintakesandupdateupperf

IoorfiresuppressiontoFM-200

答案：A

67.

WhatistheFIRSTstepinreducingtheexposureofanetworktoInternetControIMes

sageProtocol(ICMP)basedattacks?

AxImplementnetworkaccesscontrolIists(ACL).

B、ImpIementanintrusionpreventionsystem(IPS).

C、ImpIementawebappIicationfirewaII(WAF).

D、ImpIementegressfiIteringattheorganization'snetworkboundary.

答案：A

68.

AcIoudserviceproviderrequiresitscustomerorganizationstoenabIemaximuma

uditIoggingforitsdatastorageserviceandtoretaintheIogsfortheperiodofth

reemonths.Theaudi11ogginggenehasextremeIyhighamountofIogs.WhatistheMO

STappropriatestrategyfortheIogretention?

A、KeepaIIIogsinanonIinestorage.

B、KeepIastweek'sIogsinanonIinestorageandtherestinanoffIinestorage.

C、KeepIastweek'sIogsinanonIinestorageandtherestinanear-1inestorage.

D、KeepaIIIogsinanoffIinestorage.

答案：B

69.

WhichofthefoIIowinggoaIsrepresentsamodernshiftinriskmanagementaccordi

ngtoNationaIInstituteofStandardsandTechnoIogy(NIST)?

AxProvideanimprovedmissionacpIishmentapproach.

B、Focusonoperatingenvironmentsthatarechanging,evoIving,andfullofemer

gingthreats.

C、EnabIemanagementtomakeweIHinformedrisk-baseddecisionsjustifyingse

curityexpenditure.

D、SecureinformationtechnoIogy(IT)systemsthatstore,mass,ortransmitorg

anizationaIinformation.

答案：B

70.

WhyisitimportantthatseniormanagementcIearIymunicatestheformaIMaximumT

oIerabIeDowntime(MTD)decision?

A