CISSP Free Practice Test

- (Exam Topic 11)
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

1. A. Application interface entry and endpoints
2. B. The likelihood and impact of a vulnerability
3. C. Countermeasures and mitigations for vulnerabilities
4. D. A data flow diagram for the application and attack surface analysis

Correct Answer: D

- (Exam Topic 15)
Which of the following is the BEST way to determine the success of a patch management process?

1. A. Analysis and impact assessment
2. B. Auditing and assessment
3. C. Configuration management (CM)
4. D. Change management

Correct Answer: A

- (Exam Topic 14)
Which of the following techniques BEST prevents buffer overflows?

1. A. Boundary and perimeter offset
2. B. Character set encoding
3. C. Code auditing
4. D. Variant type and bit length

Correct Answer: B
Some products installed on systems can also watch for input values that might result in buffer overflows, but the best countermeasure is proper programming. This means use bounds checking. If an input value is only sup-posed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to buffer overflows than others, so programmers should understand these issues, use the right languages for the right purposes, and carry out code review to identify buffer overflow vulnerabilities.

- (Exam Topic 10)
Which of the following assures that rules are followed in an identity management architecture?

1. A. Policy database
2. B. Digital signature
3. C. Policy decision point
4. D. Policy enforcement point

Correct Answer: D

- (Exam Topic 15)
A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a radio. Which of the following antenna types should the AP utilize?

1. A. Omni
2. B. Directional
3. C. Yagi
4. D. Parabolic

Correct Answer: A