CISSP Free Practice Test

- (Exam Topic 15)
The Chief Executive Officer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company's policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization's robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?

1. A. The external penetration testing company used custom zero-day attacks that could not have been predicted.
2. B. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
3. C. The scope of the penetration test exercise and the internal audit were significantly different.
4. D. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.

Correct Answer: C

- (Exam Topic 13)
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate?

1. A. Directory traversal
2. B. Structured Query Language (SQL) injection
3. C. Cross-Site Scripting (XSS)
4. D. Shellcode injection

Correct Answer: C

- (Exam Topic 15)
Which of the following is a canon of the (ISC)2 Code of Ethics?

1. A. Integrity first, association before serf, and excellence in all we do
2. B. Perform all professional activities and duties in accordance with all applicable laws and the highest ethical standards.
3. C. Provide diligent and competent service to principals.
4. D. Cooperate with others in the interchange of knowledge and ideas for mutual security.

Correct Answer: C

- (Exam Topic 10)
What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

1. A. Brute force attack
2. B. Frequency analysis
3. C. Social engineering
4. D. Dictionary attack

Correct Answer: C