CISSP Official Practice Tests by Mike Chapple, David Seidl

Chapter 12: Practice Test 4 447 C. Mike should use overwriting to protect this device. While degaussing is a valid secure data ...

Chapter 5 ■ dentity and Access Management (Domain 5)I 125 What authentication protocol does Windows use by default for Active D ...

448 Appendix ■ Answers 2 7. C. A power spike is a momentary period of high voltage. A surge is a prolonged period of high voltag ...

...

Chapter 12: Practice Test 4 449 B. Record retention ensures that data is kept and maintained as long as it is needed, and that ...

Security Assessment and Testing (Domain 6) Chapter 6 ...

450 Appendix ■ Answers 4 7. C. Synchronous communications use a timing or clock mechanism to control the data stream. This can p ...

128 Chapter 6 ■ Security Assessment and Testing (Domain 6) During a port scan, Susan discovers a system running services on TCP ...

Chapter 12: Practice Test 4 451 C. The client sends its existing valid TGT to the KDC and requests access to the resource. A. T ...

Chapter 6 ■ Security Assessment and Testing (Domain 6) 129 Susan needs to scan a system for vulnerabilities, and she wants to u ...

452 Appendix ■ Answers 6 8. B. System owners have to ensure that the systems they are responsible for are properly labeled based ...

130 Chapter 6 ■ Security Assessment and Testing (Domain 6) In a response to a Request for Proposal, Susan receives an SSAE 18 S ...

Chapter 12: Practice Test 4 453 B. The recovery time objective (RTO) is the amount of time that it may take to restore a servic ...

Chapter 6 ■ Security Assessment and Testing (Domain 6) 131 Ben uses a fuzzing tool that tests an application by developing data ...

454 Appendix ■ Answers 8 8. C. Release control includes acceptance testing to ensure that any alterations to end-user work tasks ...

132 Chapter 6 ■ Security Assessment and Testing (Domain 6) For questions 19–21, please refer to the following scenario: The comp ...

Chapter 12: Practice Test 4 455 the waterfall and spiral models. The SDLC does not mandate the use of an iterative or sequential ...

Chapter 6 ■ Security Assessment and Testing (Domain 6) 133 What technology should an organization use for each of the devices s ...

456 Appendix ■ Answers 10 9. The disaster recovery test types, listed in order of their potential impact on the business from th ...

134 Chapter 6 ■ Security Assessment and Testing (Domain 6) Testing that is focused on functions that a system should not allow ...