RCR 052-2: CISSP Exam Questions on Information Security (Domain 5) - CISSP Training and Study

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 5 (Identity and Access Management) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

QUESTION 1

The determination of the impact of a change based on review of the relevant documentation:

• Validation
• Regression analysis
• Data flow coverage
• Security log management

CORRECT ANSWER - Regression analysis 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

QUESTION 2

Analysis of the application source code for finding vulnerabilities without actually executing the application:

• System events
• Architecture security reviews
• Static source code analysis (SAST)
• Audit records

CORRECT ANSWER - Static source code analysis (SAST) 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

QUESTION 3

Contain security event information such as successful and failed authentication attempts, file access, security policy changes, account changes and use of privileges:

• System events
• Static source code analysis (SAST)
• Path coverage
• Audit records

CORRECT ANSWER - Audit records  

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

QUESTION 4

A design that allows one to peek inside the "box" and focuses specifically on using internal knowledge of the software to guide the selection of test data:

• Positive testing
• White-box testing
• Statement coverage
• Negative testing

CORRECT ANSWER - White-box testing  

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10

TRANSCRIPT:

welcome to reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host for this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam podcast in today's episode is going to be focused on cissp exam questions this is episode 52 - 2 just like we had last week we changed it up a little bit and we're now going to basically tie the exam questions to the actual podcast that is out for that week hence this is last through this week was 52 and then this is 52 - 1 so that's a cissp exam questions domain 5 all right so let's get going and see what we come up with as a relates to some cissp questions episode of we're going to be focusing on the domain 5 we talked about that a little bit Daddy and access management you can get all of these questions on Shawn gerber.com so go check it out and send it for my email list and you get some free stuff location of the impact of a change based on review of relevant documentation a lot of $10 words that are filling up a sentence that's like really really confusing is data flow coverage daddy is security log management Kate the determination of an impact of a change based on a review of the relevant documentation it is B regression analysis you're now analyzing it yes we disagree do regression testing out our applications were doing development so yes that's regression analysis question 2 analysis of the application source code for finding vulnerabilities without exactly without actually executing the application K analysis of the application source code for finding vulnerabilities without actually executing the application play some events be architecture Security reviews Cortland code analysis sast or D Auto Wreckers please look and listen to those questions that question and those answers you probably you could do that pretty easily bottom line is that it comes down to what would it be static source code analysis hence that is letter c source code analysis all right question sorrow contain security event information such as successful and fail authentication Tim's file access security policy changes account changes and the use of privileges security event information such a successful and failed authentication attempts file access security policy changes count changes and the use of privileges what it was that information be a system events Mercer score static source code analysis we had that in the first one that was not right or I should say question to I wouldn't I wouldn't be applicable in this one sees past coverage don't know what that means D is auto wreckers audit maybe so security event information such as successful attempt file access security policy changes ahead of myself and the answer is the audit records that is correct alright next question question 4 to peek inside the box score and focuses specifically on using internal knowledge of the software to guide the selection of the test data k a design that allows for one to peek inside the box or quotes and focuses specifically on using internal knowledge of the software to guide the selection of the testator testing white-box testing D statement coverage negative testing okay so if you go through those you find out real quick that there's only one that really makes any sense whatsoever and that's the quote they got the airbox thing can I get that's white-box testing. answer it is a letter rabo as in b as in boy that's all I've got to do for this year is this domain fine go to Sean gerber.com and check out my free stuff I got lots of free stuff there as far as the means of videos for you to be exam questions as well and as we are just building out that site they'll be more and more things that would be heading that way over time so it's only going to grow so you can access this by signing up for my my email website for my email emails in the website get back in touch with you with you'll get access to a bunch of videos and other wonderful paraphernalia for you to use so you can pass the cissp the first time Bountiful day will catch you on the flip side seat so much for joining me today on my podcast I would greatly appreciate that also check out my cissp videos that you can find out on YouTube just search for Shawn s h o n Gerber like the baby food toilet or whatever you choose and then you will find a plethora of content to help you pass the cissp exam the first time Leslie head over to Sean gerber.com and look at the Cornucopia free cissp materials available to all my email subscribers