CISSP - Chapter 16 Review Questions and Answers 2022

CISSP - Chapter 16 Review Questions and Answers 2022 An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following? A. Principle of least permission B. Separation of duties C. Need-to-know D. Role Based Access Control C An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization? A. Read B. Modify C. Full access D. No access D 00:02 01:09 Which of the following statements best describes why separation of duties is important for security purposes? A. It ensures that multiple people can do the same job. B. It prevents an organization from losing important information when they lose important people. C. It prevents any single IT security person from making major security changes without involving other individuals. D. It helps employees concentrate their talents where they will be most useful. C What is a primary benefit of job rotation and separation of duties policies? A. Preventing collusion B. Preventing fraud C. Encouraging collusion D. Correcting incidents B A financial organization commonly has employees switch duty responsibilities every six months. What security principle are they employing? A. Job rotation B. Separation of duties C. Mandatory vacations D. Least privilege A Which of the following is one of the primary reasons an organization enforces a mandatory vacation policy? A. To rotate job responsibilities B. To detect fraud C. To increase employee productivity D. To reduce employee stress levels B An organization wants to reduce vulnerabilities against fraud from malicious employees. Of the following choices, what would help with this goal? (Choose all that apply.) A. Job rotation B. Separation of duties C. Mandatory vacations D. Baselining A,B,C Of the following choices, what is not a valid security practice related to special privileges? A. Monitor special privilege assignments. B. Grant access equally to administrators and operators. C. Monitor special privilege usage. D. Grant access to only trusted employees. B Which of the following identifies vendor responsibilities and can include monetary penalties if the vendor doesn't meet the stated responsibilities? A. Service-level agreement (SLA) B. Memorandum of understanding (MOU) C. Interconnection security agreement (ISA) D. Software as a service (SaaS) A What should be done with equipment that is at the end of its lifecycle and is being donated to a charity? A. Remove all CDs and DVDs. B. Remove all software licenses. C. Sanitize it. D. Install the original software. C An organization is planning the layout of a new building that will house a datacenter. Where is the most appropriate place to locate the datacenter? A. In the center of the building B. Closest to the outside wall where power enters the building C. Closest to the outside wall where heating, ventilation, and air conditioning systems are located D. At the back of the building A Which of the following is a true statement regarding virtual machines (VMs) running as guest operating systems on physical servers? A. Updating the physical server automatically updates the VMs. B. Updating any VM automatically updates all the VMs. C. VMs do not need to be updated if the physical server is updated. D. VMs must be updated individually. D Some cloud-based service models require an organization to perform some maintenance and take responsibility for some security. Which of the following is a service model that places most of these responsibilities on the organization leasing the cloud-based resources? A. IaaS B. PaaS C. SaaS D. Hybrid A An organization is using a SaaS cloud-based service shared with another organization. What type of cloud-based deployment model does this describe? A. Public B. Private C. Community D. Hybrid C Backup tapes have reached the end of their lifecycle and need to be disposed of. Which of the following is the most appropriate disposal method? A. Throw them away. Because they are at the end of their lifecycle, it is not possible to read data from them. B. Purge the tapes of all data before disposing of them. C. Erase data off the tapes before disposing of them. D. Store the tapes in a storage facility. B Which of the following can be an effective method of configuration management using a baseline? A. Implementing change management B. Using images C. Implementing vulnerability management D. Implementing patch management B Which of the following steps would not be included in a change management process? A. Immediately implement the change if it will improve performance. B. Request the change. C. Create a rollback plan for the change. D. Document the change. A While troubleshooting a network problem, a technician realized the problem could be resolved by opening a port on a firewall. The technician opened the port and verified the system was now working. However, an attacker accessed this port and launched a successful attack. What could have prevented this problem? A. Patch management processes B. Vulnerability management processes C. Configuration management processes D. Change management processes D Which of the following is not a part of a patch management process? A. Evaluate patches. B. Test patches. C. Deploy all patches. D. Audit patches. C Servers within your organization were recently attacked causing an excessive outage. You are asked to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need? A. Versioning tracker B. Vulnerability scanner C. Security audit D. Security review B