CISSP Assessment Testing Security Operations Practice Exam

Sample Questions

Q) Which of the following test method examines the functionality of an application without scrutinizing its internal structure or know the details of its interior?

a) Black-box testing

b) parallel test

c) Regression testing

d) pilot testing

Q) Which of the following is not a technique used to perform a penetration test?

a) traffic padding

b) scanning and probing

c) the composition of war

d) sniffing

Q) Which of the following is not a valid reason to use external companies to penetrate services rather than corporate resources?

a) They are more affordable

b) They offer a lack of corporate bias

c) They use highly talented ex-hacker

d) They ensure a more comprehensive reporting

Q) Which of the following statements related to ethical hacking is not it?

a) An organization should use ethical hackers that do not sell auditing, hardware, software, firewall, hosting, and / or network services.

b) Testing should be done remotely to external threats simulation.

c) ethical hacking should not result in the writing or editing of the target systems negatively.

d) Ethical hackers are using tools that have the potential to affect a server or services.

Q) Common Criteria 15408 requirements generally guarantee contours and through a functional concept of the safety assessment process of ______________, ____________, __________ for Evaluated Assurance levels (Eals) to certify a product or system.

a) EAL, Security Target, Target Evaluation

b) SFR, Profile Protection, Security Target

c) Protection Profile, Target evaluation Security Target

d) SFR, Security Target, Target Evaluation