RCR 093: CISSP Exam Questions for Software Development – CISSP Training and Study!

Apr 22, 2020

 

 

SubscribeiTunes | Goggle Play | Stitcher Radio | RSS 

Description: 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.   

Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam.  

BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/  

Available Courses:   

CISSP Exam Questions 

Question:  162 

John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of issue? 
A. Application is written in the C programming language. 
B. Application is not carrying out enforcement of the trusted computing base. 
C. Application is running in ring 3 of a ring-based architecture. 
D. Application is not interacting with the memory manager properly. 

 

  1. The C language is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying out bounds checking.

https://www.brainscape.com/subjects/cissp-domains 

------------------------------------ 

Question:  163 

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. 
 
A. Non-protected ROM sections 
B. Vulnerabilities that allowed malicious code to execute in protected memory sections 
C. Lack of a predefined and implemented trusted computing base 
D. Lack of a predefined and implemented security kernel 

  1. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.

https://www.brainscape.com/subjects/cissp-domains 

------------------------------------ 

Question:  164 

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. 
 
A. Non-protected ROM sections 
B. Vulnerabilities that allowed malicious code to execute in protected memory sections 
C. Lack of a predefined and implemented trusted computing base 
D. Lack of a predefined and implemented security kernel 

  1. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.

https://www.brainscape.com/subjects/cissp-domains 

Want to find Shon elsewhere on the internet? 

LinkedIn – www.linkedin.com/in/shongerber 

Facebook - https://www.facebook.com/CyberRiskReduced/ 

LINKS:  

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team. You'r information will not be shared.

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .