CISSP Free Practice Test

- (Exam Topic 15)
Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?

1. A. System logs
2. B. Anti-spyware
3. C. Integrity checker
4. D. Firewall logs

Correct Answer: C

- (Exam Topic 15)
Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?

1. A. Unit testing
2. B. Integration testing
3. C. Negative testing
4. D. Acceptance testing

Correct Answer: B

- (Exam Topic 15)
Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

1. A. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to services.
2. B. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to services.
3. C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identityprovider (IdP) and allows access to resources.
4. D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to resources.

Correct Answer: A

- (Exam Topic 15)
When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

1. A. Service Organization Control (SOC) 1, Type 2
2. B. Service Organization Control (SOC) 2, Type 2
3. C. International Organization for Standardization (ISO) 27001
4. D. International Organization for Standardization (ISO) 27002

Correct Answer: B

- (Exam Topic 15)
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

1. A. Functional test
2. B. Unit test
3. C. Grey box
4. D. White box

Correct Answer: C