The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?
Correct Answer: D
By utilizing data from an old production database in a secure testing environment, the team is likely taking steps to protect biometric data from unauthorized access or exposure during the testing phase. Testing with this kind of data in a secure environment ensures that sensitive biometric data remains protected and is not disclosed to anyone who shouldn't have access to it, while still allowing the development and testing process to proceed effectively.
CISSP Exam Question 657
Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
Correct Answer: B
The security design process ensures that proper security controls, security objectives, and security goals are properly initiated within the System Development Life Cycle (SDLC). The security design process is a set of activities that define and implement the security requirements and architecture for a system or a network. The security design process is integrated into the SDLC, which is a framework that guides the development, testing, deployment, and maintenance of a system or a network. The security design process ensures that the security aspects are considered and addressed from the beginning of the SDLC, and that the security controls, objectives, and goals are aligned with the business needs and the risk appetite of the organization.
CISSP Exam Question 658
Which application type is considered high risk and provides a common way for malware and viruses to enter a network?
Correct Answer: C
The application type that is considered high risk and that provides a common way for malware and viruses to enter a network is peer-to-peer (P2P) file sharing applications. An application is a type of software or program that can be installed or run on a system or a network, and that can provide various functions or features for the user or the customer, such as communication, entertainment, or productivity. An application can also pose a security risk, as it can introduce or expose various threats or attacks to the system or the network, such as malware or viruses. Malware is a type of malicious or harmful software or code that can be installed or executed on a system or a network, and that can perform various actions or tasks that can cause harm or damage to the system or the network, or to the user or the customer, such as stealing, deleting, or encrypting the data or the information. A virus is a type of malware that can replicate or copy itself, and that can infect or spread to other systems or networks, or to other files or programs, using various methods, such as e-mail, USB, or network.
CISSP Exam Question 659
In order to meet the project delivery deadline, a web application developer used readily available software components. Which is the BEST method for reducing the risk associated with this practice?
Correct Answer: D
CISSP Exam Question 660
Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?
Correct Answer: D
Appropriate documentation is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (AUP). An AUP is a policy that defines the acceptable and unacceptable use of the organization's information systems and resources by the employees. A violation of the AUP can result in disciplinary actions, such as warnings, suspension, or termination. Appropriate documentation can provide evidence of the violation, the investigation process, the communication with the employee, and the decision of the dismissal. Appropriate documentation can also protect the organization from legal challenges or disputes from the dismissed employee.