CISSP Exam Questions for Self-Study (Domain 5)

Note:  Pardon the messiness of the questions.  These questions come from my podcast and will be cleaning the questions up over the coming weeks.

 

Question:

When looking at user logs, the purpose of the Username and Passwords provides the following:

  1. Identification
  2. Authentication
  3. Accountability
  4. Authorization

 

Explanation: [a] The username ensures that the correct identification is used when accessing the account.

 

Question:

Which one of the following is a "Preventative" access control type?

  1. CCTV
  2. Background checks
  3. Man-Trap
  4. None of the above

 

Explanation:  [c] Man-Traps are considered a preventative access control that will limit individuals from a specific facility. 

 

Link:  https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=1&q1=2&q2=2&q3=3&q4=2&q5=2&q6=2&q7=2&q8=2&q9=2&x=70&y=11

 

QUESTION 1

Abstract episodes of interaction between a system and its environment:

  • Misuse case
  • Web proxies
  • Use cases
  • Negative testing

 

CORRECT ANSWER - Use cases 

 

QUESTION 2

A list of the most widespread and critical errors that can lead to serious vulnerabilities in software:

  • Information security continuous monitoring (ISCM)
  • CWE/SANS Top 25 most dangerous software errors
  • Automated vulnerability scanners
  • Real user monitoring (RUM)

 

CORRECT ANSWER - Information security continuous monitoring (ISCM) 

 

QUESTION 3

This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior:

  • Statement coverage
  • Data flow coverage
  • Condition coverage
  • Path coverage

 

CORRECT ANSWER - Statement coverage 

QUESTION 1

A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations:

  • Threat modeling
  • White-box testing
  • Path coverage
  • Negative testing

CORRECT ANSWER - Threat modeling 

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

QUESTION 2

This criteria requires sufficient test cases for each feasible data flow to be executed at least once:

  • Statement coverage
  • Path coverage
  • Data flow coverage
  • Condition coverage

 

CORRECT ANSWER - Data flow coverage 

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

QUESTION 3

Tests an application for the use of system components or configurations that are known to be insecure:

  • Synthetic performance monitoring
  • Automated Vulnerability Scanners
  • Multi-condition coverage
  • Architecture security reviews

 

CORRECT ANSWER - Automated Vulnerability Scanners 

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

QUESTION 1

The determination of the impact of a change based on review of the relevant documentation:

  • Validation
  • Regression analysis
  • Data flow coverage
  • Security log management

 

CORRECT ANSWER - Regression analysis 

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

QUESTION 2

Analysis of the application source code for finding vulnerabilities without actually executing the application:

  • System events
  • Architecture security reviews
  • Static source code analysis (SAST)
  • Audit records

 

CORRECT ANSWER - Static source code analysis (SAST) 

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

QUESTION 3

Contain security event information such as successful and failed authentication attempts, file access, security policy changes, account changes and use of privileges:

  • System events
  • Static source code analysis (SAST)
  • Path coverage
  • Audit records

 

CORRECT ANSWER - Audit records  

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

QUESTION 4

A design that allows one to peek inside the "box" and focuses specifically on using internal knowledge of the software to guide the selection of test data:

  • Positive testing
  • White-box testing
  • Statement coverage
  • Negative testing

 

CORRECT ANSWER - White-box testing  

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

 

 

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .