Certified Information Systems Security Professional (CISSP) Quiz Questions and Answers

Which of the following is the most effective method to mitigate Cross-Site Scripting (XSS) attacks?

Answer :
  • Whitelist input validation

Which attack defines a piece of code that is inserted into software to trigger a malicious function?

Answer :
  • Logic bomb

Which of the following is the most effective countermeasure against data remanence?

Answer :
  •  Destruction

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?

Answer :
  •  Leave the computer off and prepare the computer for transportation to the laboratory

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process most beneficial?

Answer :
  • Requirements definition phase

What is one way to mitigate the risk of security flaws in custom software?

Answer :
  • Include security assurance clauses in the Service Level Agreement (SLA)

Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Answer :
  • Confidentiality

Which of the following actions should be performed when implementing a change to a database schema in a production system?

Answer :
  • Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

How does an organization verify that an information system's current hardware and software match the standard system configuration?

Answer :
  • By comparing the actual configuration of the system against the baseline

The best method of demonstrating a company's security level to potential customers is_______.

Answer :
  • a report from an external auditor.