CISSP Free Practice Test

- (Exam Topic 11)
Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?

1. A. Verify countermeasures have been deactivated.
2. B. Ensure firewall logging has been activated.
3. C. Validate target systems have been backed up.
4. D. Confirm warm site is ready to accept connections.

Correct Answer: C

- (Exam Topic 13)
It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

1. A. Negotiate schedule with the Information Technology (IT) operation’s team
2. B. Log vulnerability summary reports to a secured server
3. C. Enable scanning during off-peak hours
4. D. Establish access for Information Technology (IT) management

Correct Answer: C
Section: Security Operations

- (Exam Topic 15)
Which of the following events prompts a review of the disaster recovery plan (DRP)?

1. A. New members added to the steering committee
2. B. Completion of the security policy review
3. C. Change in senior management
4. D. Organizational merger

Correct Answer: D

- (Exam Topic 14)
Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength. Drag the authentication type on the correct positions on the right according to strength from weakest to
strongest.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

1. A. Common Vulnerabilities and Exposures (CVE)
2. B. Common Vulnerability Scoring System (CVSS)
3. C. Asset Reporting Format (ARF)
4. D. Open Vulnerability and Assessment Language (OVAL)

Correct Answer: B