Master ISC2 CISSP Exam with Reliable Practice Questions

Correct : B

Multi-factor authentication (MFA) is a method of authentication that requires two or more independent factors to verify the identity of a user, such as something you know, something you have, or something you are. MFA can help address the risk of weak system access controls on mobile devices, as it provides a higher level of security than a single factor, such as a password. MFA can prevent unauthorized access to company information, even if the mobile device is lost, stolen, or compromised. An intrusion prevention system (IPS) is a device or software that monitors and blocks network traffic based on predefined rules or signatures. An IPS can help protect the network from external attacks, but it does not address the system access controls on mobile devices. Data loss protection (DLP) is a system or tool that prevents the unauthorized disclosure, transfer, or leakage of sensitive data. DLP can help protect the company information from being exposed, but it does not address the system access controls on mobile devices. Data at rest encryption is a technique that encrypts the data that is stored on a device or a media. Data at rest encryption can help protect the company information from being accessed, even if the mobile device is lost, stolen, or compromised, but it does not address the system access controls on mobile devices.

Correct : B

The first requirement a data owner should consider before implementing a data retention policy is the legal requirement. A data retention policy is a document that defines the rules and procedures for retaining, storing, and disposing of data, based on its type, value, and purpose. A data owner is a person or an entity that has the authority and responsibility for the creation, classification, and management of data. A data owner should consider the legal requirement before implementing a data retention policy, as there may be laws, regulations, or contracts that mandate the minimum or maximum retention periods for certain types of data, as well as the methods and standards for data preservation and destruction. A data owner should also consider the business, storage, and training requirements for implementing a data retention policy, but these are not the first or the most important factors to consider.

Correct : C

A Cyber-Physical System (CPS) is a system that integrates physical processes, computational capabilities, and communication networks. A CPS can have various applications, such as smart grids, autonomous vehicles, or industrial control systems. When designing a CPS, the first consideration for a security practitioner should be the risk assessment of the system, which is the process of identifying, analyzing, and evaluating the potential threats, vulnerabilities, and impacts that could affect the system. A risk assessment can help to determine the security requirements, objectives, and controls for the CPS, as well as the priorities and resources for the security implementation and management. Resiliency, detection, and topology are all important aspects of CPS security, but they are not the first consideration, as they depend on the outcome of the risk assessment.

Correct : C

Segmentation and demilitarized zone (DMZ) monitoring are network architecture techniques that can reduce the corporate risks associated with mobile devices. Segmentation is the process of dividing the network into smaller and isolated segments, based on the functions, roles, or security levels of the devices or users. Segmentation can help to limit the access and the impact of mobile devices on the network, as well as to prevent or contain the spread of attacks. DMZ monitoring is the process of observing and analyzing the traffic and activities in the DMZ, which is a network segment that separates the internal network from the external network, and hosts the services that are accessible to both networks, such as web servers or email servers. DMZ monitoring can help to detect and respond to any malicious or unauthorized actions that involve mobile devices that access the network through a VPN, which is a secure and encrypted connection that extends the network over a public network, such as the internet. Maintaining a closed applications model on all mobile devices depends on demilitarized zone (DMZ) servers is not a valid statement, as a closed applications model is a policy that restricts the installation and use of applications on mobile devices to only those that are approved by the organization, and it does not depend on the DMZ servers. Split tunneling enabled for mobile devices improves demilitarized zone (DMZ) security posture is not a valid statement, as split tunneling is a feature that allows a VPN user to access both the internal and the external network simultaneously, and it does not improve the DMZ security posture, but rather increases the risk of exposing the internal network to external threats. Applications that manage mobile devices are located in an Internet demilitarized zone (DMZ) is not a valid statement, as applications that manage mobile devices, such as mobile device management (MDM) or enterprise mobility management (EMM) applications, are usually located in the internal network, and not in the internet DMZ, as they need to have full control and visibility over the mobile devices and their data.

Correct : D

A mantrap is a physical security mechanism that consists of a small space with two interlocking doors, that allows only one person to pass through at a time, and that can be controlled and monitored by security personnel or devices. An important design feature for the outer door of a mantrap is to allow it be opened when the inner door of the mantrap is also open, as this can provide an emergency exit in case of a fire, a power outage, or a medical situation. The outer door should not be opened by an alarmed emergency button, as this can compromise the security of the mantrap and allow unauthorized access. The outer door should not prevent anyone from entering it alone, as this can defeat the purpose of the mantrap and create inconvenience for the users. The outer door should not be hidden from closed-circuit television (CCTV) cameras, as this can reduce the visibility and accountability of the mantrap and allow malicious or illegal activities to occur.