CISSP Official Practice Tests by Mike Chapple, David Seidl

Chapter 7: Security Operations (Domain 7)  385 D. The hypervisor runs within the virtualization platform and serves as the mode ...

386 Appendix ■ Answers 4 4. B. The scrutiny of hard drives for forensic purposes is an example of media analysis. Embedded devic ...

Chapter 7: Security Operations (Domain 7)  387 Warm site: C. A site that relies on shared storage and backups for recovery. Ser ...

388 Appendix ■ Answers 6 4. C. The Mitigation phase of incident response focuses on actions that can contain the damage incurred ...

Chapter 7: Security Operations (Domain 7)  389 D. Any attempt to undermine the security of an organization or violation of a se ...

390 Appendix ■ Answers 8 2. C. SSH uses TCP port 22, so this attack is likely an attempt to scan for open or weakly secured SSH ...

Chapter 7: Security Operations (Domain 7)  391 witnesses testify about their direct observations. Real evidence consists of tang ...

392 Appendix ■ Answers 1 01. D. The benefits of additional discovery must be proportional to the additional costs that they will ...

Chapter 8: Software Development Security (Domain 8) 393 Chapter 8: Software Development Security (Domain 8) B. Coupling is a de ...

394 Appendix ■ Answers 10. C. In the diagram, Account is the name of the class. Owner and Balance are attributes of that class. ...

Chapter 8: Software Development Security (Domain 8) 395 A. Macro viruses are most commonly found in office productivity documen ...

396 Appendix ■ Answers 3 1. A. Black box testing begins with no prior knowledge of the system implementation, simulating a user ...

Chapter 8: Software Development Security (Domain 8) 397 B. Web application firewalls (WAFs) sit in front of web applications an ...

398 Appendix ■ Answers 4 7. B. Chris is in an Agile sprint phase and is likely developing code based on user stories. Planning i ...

Chapter 8: Software Development Security (Domain 8) 399 B. Client-side input validation is not an effective control against any ...

400 Appendix ■ Answers 6 4. C. The Agile Manifesto includes 12 principles for software development. Three of those are listed as ...

Chapter 8: Software Development Security (Domain 8) 401 D. The Time of Check to Time of Use (TOCTOU) attack exploits timing dif ...

402 Appendix ■ Answers 8 2. C. In the Establishing phase of the IDEAL model, the organization takes the general recommendations ...

Chapter 8: Software Development Security (Domain 8) 403 threats (APTs) that does not exploit vulnerabilities identified in secur ...

404 Appendix ■ Answers 9 9. B. A master boot record (MBR) virus redirects the boot process to load malware during the operating ...