(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ of a code testing suite?Input, statement, branch, and condition coverageFunction, statement, branch, and condition coverageAPI, branch, bounds, and condition coverageBounds, branch, loop, and condition coverage

      44 As part of his role as a security manager, Jacob provides the following chart to his organization's management team. What type of measurement is he providing for them?A coverage rate measureA key performance indicatorA time to live metricA business criticality indicator

      45 What does using unique user IDs for all users provide when reviewing logs?ConfidentialityIntegrityAvailabilityAccountability

      46 Which of the following is not an interface that is typically tested during the software testing process?APIsNetwork interfaces UIsPhysical interfaces

      47 Alan's organization uses the Security Content Automation Protocol (SCAP) to standardize its vulnerability management program. Which component of SCAP can Alan use to reconcile the identity of vulnerabilities generated by different security assessment tools?OVALXCCDFCVESCE

      48 Susan is reviewing software testing coverage data and sees the information shown in the following figure. What can she determine about this testing process? (Select all answers that apply.)The testing does not have full coverage.Test 4 completed with no failures.Test 2 failed to run successfully.The testing needs to be run a fifth time.

      49 Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?Install a patch.Use a workaround fix.Update the banner or version number.Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.

      50 During a penetration test, Selah calls her target's help desk claiming to be the senior assistant to an officer of the company. She requests that the help desk reset the officer's password because of an issue with his laptop while traveling and persuades them to do so. What type of attack has she successfully completed?Zero knowledgeHelp desk spoofingSocial engineeringBlack box

      51 In this image, what issue may occur due to the log handling settings?Log data may be lost when the log is archived.Log data may be overwritten.Log data may not include needed information.Log data may fill the system disk.

      52 Which of the following is not a hazard associated with penetration testing?Application crashesDenial of service BlackoutsData corruption

      53 Which NIST special publication covers the assessment of security and privacy controls?800-12800-53A800-34800-86

      54 Michelle is conducting a quantitative business impact assessment and wants to collect data to determine the dollar cost of downtime. What information would she need from outages during the previous year to calculate the cost of those outages to the business? (Select all that apply.)The total amount of time the business was downThe number of personnel hours worked to recover from the outageThe business lost during the outage per hour in dollarsThe average employee wage per hour

      55 If Kara's primary concern is preventing eavesdropping attacks, which port should she block?22804431433

      56 If Kara's primary concern is preventing administrative connections to the server, which port should she block?22804431433

      57 During a third-party audit, Jim's company receives a finding that states, “The administrator should review backup success and failure logs on a daily basis and take action in a timely manner to resolve reported exceptions.” What potential problem does this finding indicate?Administrators will not know if the backups succeeded or failed.The backups may not be properly logged.The backups may not be usable.The backup logs may not be properly reviewed.

      58 Jim is helping his organization decide on audit standards for use throughout their international organization. Which of the following is not an IT standard that Jim's organization is likely to use as part of its audits?COBITSSAE-18ITILISO 27001

      59 Nicole wants to conduct a standards-based audit of her organization. Which of the following is commonly used to describe common requirements for information systems?IECCOBITFISADMCA

      60 Kelly's team conducts regression testing on each patch that they release. What key performance measure should they maintain to measure the effectiveness of their testing?Time to remediate vulnerabilitiesA measure of the rate of defect recurrenceA weighted risk trendA measure of the specific coverage of their testing

      61 Which of the following types of code review is not typically performed by a human?Software inspectionsPair programmingStatic program analysisSoftware walk-throughsFor questions 62–64, please refer to the following scenario:Susan is the lead of a quality assurance team at her company. The team has been tasked with the testing for a major release of their company's core software product.

      62 Susan's team of software testers are required to test every code path, including those that will only be used when an error condition occurs. What type of testing environment does her team need to ensure complete code coverage?White boxGray boxBlack boxDynamic

      63 As part of the continued testing of their new application, Susan's quality assurance team has designed a set of test cases for a series of black-box tests. These functional tests are then run, and a report is prepared explaining what has occurred. What type of report is typically generated during this testing to indicate test metrics?A test coverage reportA penetration test reportA code coverage reportA line coverage report

      64 As part of their code coverage testing, Susan's team runs the analysis in a nonproduction environment using logging and tracing tools. Which of the following types of code issues is most likely to be missed during testing due to this change in the operating environment?Improper bounds checkingInput validationA race conditionPointer manipulation

      65 Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?PatchingReportingRemediationValidation

      66 The automated code testing and integration that Andrea ran as part of her organization's CI/CD pipeline errored out. What should Andrea do with the code if the company needs the code to go live immediately?Manually bypass the test.Review error logs to identify the problem.Rerun the test to see if it works.Send the code back to the developer for a fix.

      67 Michelle wants to compare vulnerabilities she has discovered in her data center based on how exploitable they are, if exploit code exists, and how hard they are to remediate. What scoring system should she use to compare vulnerability metrics like these?CSVNVDVSSCVSS

      68 During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?Web serversFile serversWireless access pointsPrinters

      69 Nikto, Burp Suite, and Wapiti are all examples of what type of tool?Web application vulnerability scannersCode review toolsVulnerability scannersPort scanners

      70 Frank's team is testing a new API that his company's developers have built for their application infrastructure. Which of the following is not a common API issue that you would expect Frank's team to find?Improper encryptionObject-level authorization issuesUser authentication issuesLack of rate limiting

      71 Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?Systems will be scanned for vulnerabilities.Systems will have known vulnerabilities exploited.Services will be probed for buffer overflow and other unknown flaws.Systems will be tested for zero-day exploits.

      72 Susan needs to ensure that the interactions between the components of her e-commerce application are all handled properly. She intends to verify communications, СКАЧАТЬ