RCR 053-1 - CISSP Exam Questions on Vulnerability Scanners (Domain 6)

Dec 25, 2019

 

SubscribeiTunes | Goggle Play | Stitcher Radio | RSS

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

CISSP EXAM QUESTIONS

QUESTION 1

A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations.

  • A. Threat modeling
  • B. White-box testing
  • C. Path coverage
  • D. Negative testing

CORRECT ANSWER - A. Threat modeling 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

QUESTION 2

This criteria requires sufficient test cases for each feasible data flow to be executed at least once.

  • A. Statement coverage
  • B. Path coverage
  • C. Data flow coverage
  • D. Condition coverage

CORRECT ANSWER - C. Data flow coverage 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

QUESTION 3

Tests an application for the use of system components or configurations that are known to be insecure.

  • A. Synthetic performance monitoring
  • B. Automated vulnerability scanners
  • C. Multi-condition coverage
  • D. Architecture security reviews

CORRECT ANSWER - B. Automated vulnerability scanners 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

LINKS: 

TRANSCRIPT:

  welcome to reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week is I provide the information you need to grow your but you're better prepared to pass the cissp exam hey all this is Sean Gerber with reduce Everest podcast how are you all doing today I hope everything's going well in your lives and it's going great here in the most wonderful Midwest of the United States in the great city of Wichita Kansas by all wondering where is Wichita guided to spend money kids are excited to get presents but with that we got some great presents for you all yes the wonderful part of President were going to provide is cissp exam training I'll just waiting with bated breath what should I have what should I have is it TCP IP is it RDP is it a security assessment I don't know so you can find out here just a few minutes alright I want to talk about today is we are going to be covering domain 5 identity and access management typically called I am or India Alpha Mike and we're going to be going through some different questions around identity and access management now what today is brought to you through ISC squares training study guide we got some stuff in there and then we also have through techtarget the questions are going to be rolled in from techtarget and that you'll be able to see those through domain by that's really good question so I basically took those and we'll talk about them and then the shut the link to Tech Target will be in the show. So you can go ahead and check it out don't let us get started the number one a process by which developers can understand security threats to a system determine risk from those threat and establish appropriate mitigations a threat modeling white-box testing pass coverage that is negative testing a process by which developers can understand security threats to a system determine wrist from those threats and establish appropriate medications white box box testing see something that isn't right that's coverage D is negative testing and answer is a threat modeling liefeld mbso I deal with threat modeling on a routine basis alright question 2 Iroquois sufficient test cases for each feasible dataflow to be executed at least once is criteria required sufficient test cases for each feasible dataflow to be executed at least once a statement coverage coverage D condition coverage alright so if you don't know what the answer is turning on trying to parse it out a little bit and we talked about dataflow and we talked about what could that be there all our coverage could that be so the criteria's require sufficient test cases for each feasible dataflow to be executed at least once at least one time a statement coverage B pass coverage C dataflow coverage deconditioned coverage answer is C dataflow coverage all right we're moving now into the last question for this question 3 testing application for the use of system components or configurations that are known to be insecure for the use of system components or configurations that are known to be in secure all right so it's going to be checking to see if something is insecure synthetic performance monitoring automated vulnerability scanners C multi condition coverage architecture Security reviews maybe and the answer is be automated vulnerability scanners pom pom pom yes they're checking for any sort of vulnerability and configuration issues that they may have so those scanners work like a champ one big thing to keep in mind that when you using vulnerability scanner is if you are using it against systems that are like really old and Antiquated typically when and how it works especially if it's an authentic scan it will go ahead and connect it as it connects it will then also run multiple ping pong roll over on itself and so therefore you need to avoid doing automated scans with older systems need a handheld scanner when you go through it just on the off-chance that something bad happens so that is all the questions I have for today I hope everybody's doing well you can check out all these questions at Shawn gerber.com is s h o n g e r b e r, you can check out all these questions train from domains 1 through 4 for the cissp exam that is free for you to use their some Samples Videos out there free to look at also on top of that is that there is the domain 1 through 8 is available for you to purchase and you can have access to all of those domain to include with that you'll be getting contact with me and I'll be helping out with the cissp exam so we are here to help you that's what it's all about alright so if you got any questions just feel free to reach out to me at Sean at Shawn gerber.com I'd be happy to answer any questions you may have but other than that I hope you all have a wonderful day we'll catch up sides today on my podcast I would greatly appreciate the feedback also check out my cissp videos that you can find out on YouTube just search for Shawn s h o n Gerber like the baby food toilet or whatever you choose and then you will find a plethora of content to help you pass the cissp exam the first time Leslie head over to Sean gerber.com and look at the Cornucopia free cissp materials available to email subscribers

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team. You'r information will not be shared.

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .