Flashcards

Security Assessment and Testing

Evaluate systems to ensure security

5 minutes 5 Questions

Security Assessment and Testing is a critical domain within the CISSP Common Body of Knowledge that encompasses methodologies and processes for evaluating the effectiveness of security controls and measures in an organization. Security Assessment involves systematic evaluation of security posture …

Concepts covered

Risk Assessments Incident Response Plan Testing Vulnerability Assessment Penetration Testing Code Review Security Control Testing Security Awareness Training and Education Third-Party Security Assessment Security Testing Security Audits Continuous Monitoring Red Team Exercises Configuration Management Review Disaster Recovery Testing

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

Which of the following is an example of a social engineering tactic?

Man-in-the-middle attack Port scanning SQL injection Phishing email

Correct Answer: Phishing email

Phishing is a social engineering tactic that involves sending an email or other communication that appears to be from a reputable source but is actually designed to trick the recipient into revealing sensitive information or performing an action that is harmful to the target system.

Question 2

A company is experiencing difficulties managing configuration documentation. As a CISSP, which of the following tools would you recommend to improve efficiency?

Email reminders to staff Manually tracking changes in spreadsheets Storing documents on individual computers Automated configuration management software

Correct Answer: Automated configuration management software

Automated configuration management software helps centralize documentation and streamline change management processes, leading to more efficiency. Other options do not adequately address efficiency concerns or rely on less effective methods.

Question 3

A new project manager is added to a team and needs access to previous configuration management documentation. As a CISSP, what best practice would you follow?

Provide a physical copy of the documents Ensure the documentation is centralized and securely accessible Email sensitive documents as attachments Grant access to their predecessor's computer

Correct Answer: Ensure the documentation is centralized and securely accessible

Ensuring the documentation is centralized and securely accessible prevents unauthorized access, maintains privacy, and enhances efficiency in accessing past documentation. Other options do not provide a secure or efficient means to access necessary information.

Unlock Premium Access

CISSP

More Security Assessment and Testing questions

185 questions (total)

Start 100 question test

Security Assessment and Testing

CISSP - Security Assessment and Testing Example Questions

Question 1

Question 2

Question 3

Unlock Premium Access