100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
CISSP DOMAIN 6 QUESTIONS AND ANSWERS WITH SOLUTIONS 2024 $14.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. CISSP
  4.  
  5. CISSP

Exam (elaborations)

CISSP DOMAIN 6 QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
 11 views  0 purchase
  • Course
  • CISSP
  • Institution
  • CISSP

CISSP DOMAIN 6 QUESTIONS AND ANSWERS WITH SOLUTIONS 2024

Preview 2 out of 7  pages

Document information

  • August 17, 2024
  • 7
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • cissp domain 6 questions and answers with solution

Written for

  • CISSP
  • CISSP

Seller

avatar-seller
Performance

Reviews received

Content preview

CISSP DOMAIN 6 QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Targeted Testing - ANSWER Most like a white-box software test.

The targeted testing method provides information to both the pen tester and the customer's security
personnel.

Also known as the lights-on approach.



Double-Blind Penetration Test - ANSWER Most like a black-box software test.

Also known as a zero-knowledge.

No information is provided to the tester or to the customer's security staff.



Blind Penetration Test - ANSWER The tester is provided with no information about the customer,
however, the customer's security staff will know that a vulnerability assessment that involves a
penetration test is underway.



Partial-Knowledge Penetration Test - ANSWER Most like a grey-box software test.

Pen testers are provided with a limited amount of information about the customer's environment, but
are not provided access to everything.



System Event logs - ANSWER Contain records that include information about objects on a file system.

Most likely to be audited to determine when a file was deleted.

Also typically record changes in user privileges and can provide evidence of unauthorized activity on a
system.



Network Event logs - ANSWER Records evidence of network attacks, like DoS attacks.

could record instances of traffic to a specific unauthorized service on a host within an organization, such
as a P2P file sharing network.

Most likely to be audited to determine whether unauthorized or inappropriate activity is occurring on
the network.



Application Event Logs - ANSWER Depends on the logging capabilities of the app.

, Most likely to be audited to determine whether a particular application has been attacked or
compromised.



User Activity Logs - ANSWER Record information that is similar to system events logs, but a user activity
log would most likely be used to audit who deleted a file, not when the file was deleted.

Most likely to be audited to determine the actions of a particular user.



Security Test - ANSWER Verify that a control is functioning properly.

They include automated scans, tool-assisted pen tests, and manual attempts to undermine security.

Takes place on a regular schedule



Security Assessments - ANSWER Comprehensive reviews of the security of a system, application, or
other tested environment.

Main work product of a security assessment is normally a report addressed to management that
contains the results of the assessment in business language.

During a security assessment, a trained information security professional performs a risk assessment
that identifies vulnerabilities in the tested environment that may allow a compromise and makes
recommendations for remediation, as needed.



Security Audits - ANSWER Evaluations performed with the purpose of demonstrating the effectiveness of
controls to a third party. Security audits use many of the same techniques followed during security
assessments but must be performed by independent auditors.



CVE (Common Vulnerabilities and Exposures) - ANSWER A dictionary of publicly known security
vulnerabilities and exposures.



CVSS (Common Vulnerability Scoring System) - ANSWER Provides a standardized scoring system for
describing the severity of security vulnerabilities.



CCE (Common Configuration Enumeration) - ANSWER Provides a naming system for system configuration
issues.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $14.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76658 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$14.99
  • (0)
  Add to cart