Free Access ISC.CISSP.v2021-10-01.q353 Practice Test (Page 50)

Question 241

Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?

A.The quantity of data that must be provided to the third party and how it is to be used

B.The organizational structure of the third party and how it may impact timelines within the organization

C.The effects of transborder data flows and customer expectations regarding the storage or processing of their data

D.The ability of the third party to respond to the organization in a timely manner and with accurate information

Question 242

When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

A.Only when assets are clearly defined

B.Only when standards are defined

C.Only procedures are defined

D.Only when controls are put in place

Question 243

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?

A.Identity as a Service (IDaaS)

B.Software as a Service (SaaS)

C.Platform as a Service (PaaS)

D.Desktop as a Service (DaaS)

Question 244

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

A.Background checks, data encryption, web proxies

B.Least privilege access, Data Loss Protection (DLP), physical access controls

C.Staff vetting, least privilege access, Data Loss Protection (DLP)

D.Data Loss Protection (DIP), firewalls, data classification

Question 245

Which type of test suite should be run for fast feedback during application develoment?

A.Full recession

B.Specific functionality

C.End-to-end

D.Smoke

Other Version: 513ISC.CISSP.v2026-04-20.q414; 8544ISC.CISSP.v2024-12-05.q999; 7184ISC.CISSP.v2024-09-21.q999; 8024ISC.CISSP.v2023-07-03.q999; 2922ISC.CISSP.v2023-04-20.q206; 6883ISC.CISSP.v2022-09-06.q331; 7596ISC.CISSP.v2022-08-27.q376; 12936ISC.CISSP.v2022-04-07.q650; 145ISC.Fast2test.CISSP.v2021-12-03.by.osborn.827q.pdf

Latest Upload: 203PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 302Nokia.4A0-113.v2026-05-01.q69; 261EC-COUNCIL.312-49v11.v2026-04-30.q214; 230Microsoft.MB-820.v2026-04-30.q101; 212Salesforce.MC-202.v2026-04-30.q57; 207BICSI.INSTC_V8.v2026-04-29.q53; 336NMLS.MLO.v2026-04-28.q82; 244NCARB.Project-Management.v2026-04-28.q27; 466EMC.D-AV-DY-23.v2026-04-27.q184; 1124ServiceNow.CSA.v2026-04-27.q483

Question 241

Question 242

Question 243

Question 244

Question 245

Download PDF File