CISSP Official Practice Tests by Mike Chapple, David Seidl

44 Chapter 2 ■ Asset Security (Domain 2) NIST SP 800-60 provides a process shown in the following diagram to assess information ...

368 Appendix ■ Answers 8 8. B. The Simple Authentication and Security Layer (SASL) for LDAP provides support for a range of auth ...

Chapter 2 ■ Asset Security (Domain 2) 45 Which letters on this diagram are locations where you might find data at rest? A. A, ...

Chapter 6: Security Assessment and Testing (Domain 6) 369 B. Locks can be preventative access controls by stopping unwanted acc ...

46 Chapter 2 ■ Asset Security (Domain 2) Which one of the following is not considered PII under U.S. federal government regulat ...

370 Appendix ■ Answers B. An IPS is an example of a mechanism like a hardware-, software-, or firmware-based control or system. ...

Chapter 2 ■ Asset Security (Domain 2) 47 For questions 86–88, please refer to the following scenario: As shown in the following ...

Chapter 6: Security Assessment and Testing (Domain 6) 371 C. Generational fuzzing relies on models for application input and co ...

48 Chapter 2 ■ Asset Security (Domain 2) Susan’s organization performs a zero fill on hard drives before they are sent to a thi ...

372 Appendix ■ Answers 2 5. A. A test coverage analysis is often used to provide insight into how well testing covered the set o ...

Chapter 2 ■ Asset Security (Domain 2) 49 Which California law requires conspicuously posted privacy policies on commercial web- ...

Chapter 6: Security Assessment and Testing (Domain 6) 373 or banner information and may flag patched versions if the software pr ...

50 Chapter 2 ■ Asset Security (Domain 2) Which mapping correctly matches data classifications between nongovernment and governm ...

Security Architecture and Engineering (Domain 3) Chapter 3 ...

374 Appendix ■ Answers 4 0. C. Passive monitoring only works after issues have occurred because it requires actual traffic. Synt ...

52 Chapter 3 ■ Security Architecture and Engineering (Domain 3) Matthew is the security administrator for a consulting firm and ...

Chapter 6: Security Assessment and Testing (Domain 6) 375 B. Security vulnerabilities can be created by misconfiguration, logic ...

Chapter 3 ■ Security Architecture and Engineering (Domain 3) 53 Ralph is designing a physical security infrastructure for a new ...

54 Chapter 3 ■ Security Architecture and Engineering (Domain 3) Michael is responsible for forensic investigations and is inves ...

376 Appendix ■ Answers 5 8. C. The audit finding indicates that the backup administrator may not be monitoring backup logs and t ...