Free Access ISC.CISSP.v2021-10-01.q353 Practice Test (Page 16)

Question 71

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

A.Evaluating the efficiency of the plan

B.Identifying the benchmark required for restoration

C.Validating the effectiveness of the plan

D.Determining the Recovery Time Objective (RTO)

Question 72

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.Management teams will understand the testing objectives and reputational risk to the organization

B.Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

C.Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

D.Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

Question 73

Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?

A.Formal acceptance of the security strategy

B.Disciplinary actions taken against unethical behavior

C.Audit of all organization system configurations for faults

D.Development of an awareness program for new employees

Question 74

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

A.Two-factor authentication

B.Application of least privilege

C.Audit logs

D.Role-Based Access Control (RBAC)

Question 75

What is the MAIN purpose of a change management policy?

A.To assure management that changes to the Information Technology (IT) infrastructure are necessary

B.To identify the changes that may be made to the Information Technology (IT) infrastructure

C.To verify that changes to the Information Technology (IT) infrastructure are approved

D.To determine the necessary for implementing modifications to the Information Technology (IT) infrastructure

Other Version: 506ISC.CISSP.v2026-04-20.q414; 8495ISC.CISSP.v2024-12-05.q999; 7104ISC.CISSP.v2024-09-21.q999; 8003ISC.CISSP.v2023-07-03.q999; 2910ISC.CISSP.v2023-04-20.q206; 6873ISC.CISSP.v2022-09-06.q331; 7548ISC.CISSP.v2022-08-27.q376; 12915ISC.CISSP.v2022-04-07.q650; 145ISC.Fast2test.CISSP.v2021-12-03.by.osborn.827q.pdf

Latest Upload: 200PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 292Nokia.4A0-113.v2026-05-01.q69; 250EC-COUNCIL.312-49v11.v2026-04-30.q214; 227Microsoft.MB-820.v2026-04-30.q101; 205Salesforce.MC-202.v2026-04-30.q57; 203BICSI.INSTC_V8.v2026-04-29.q53; 332NMLS.MLO.v2026-04-28.q82; 241NCARB.Project-Management.v2026-04-28.q27; 454EMC.D-AV-DY-23.v2026-04-27.q184; 1107ServiceNow.CSA.v2026-04-27.q483

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File