Certified Information Systems Security Professional (CISSP) Quiz Questions and Answers
Which of the following is the most effective method to mitigate Cross-Site Scripting (XSS) attacks?
Answer :
Whitelist input validation
Which attack defines a piece of code that is inserted into software to trigger a malicious function?
Answer :
Logic bomb
Which of the following is the most effective countermeasure against data remanence?
Answer :
Destruction
Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?
Answer :
Leave the computer off and prepare the computer for transportation to the laboratory
When is security personnel involvement in the Systems Development Life Cycle (SDLC) process most beneficial?
Answer :
Requirements definition phase
What is one way to mitigate the risk of security flaws in custom software?
Answer :
Include security assurance clauses in the Service Level Agreement (SLA)
Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?
Answer :
Confidentiality
Which of the following actions should be performed when implementing a change to a database schema in a production system?
Answer :
Change in development, perform user acceptance testing, develop a back-out strategy, and implement change
How does an organization verify that an information system's current hardware and software match the standard system configuration?
Answer :
By comparing the actual configuration of the system against the baseline
The best method of demonstrating a company's security level to potential customers is_______.
