RCR 053-2: Regression Analysis Questions for CISSP Exam (Domain 6) - CISSP Training and Study!

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 6 (Security Assessment and Testing) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

CISSP EXAM QUESTIONS

QUESTION 1

The determination of the impact of a change based on a review of the relevant documentation.

• A. Validation
• B. Regression analysis
• C. Data flow coverage
• D. Security log management

CORRECT ANSWER - B. Regression analysis 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

QUESTION 2

Analysis of the application source code for finding vulnerabilities in software without actually executing the application.

• A. System events
• B. Architecture security reviews
• C. Static source code analysis (SAST)
• D. Audit records

CORRECT ANSWER - C. Static source code analysis (SAST) 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

QUESTION 3

Contain security event information such as successful and failed authentication attempts, file access, security policy changes, account changes and use of privileges.

• A. System events
• B. Static source code analysis (SAST)
• C. Path coverage
• D. Audit records

CORRECT ANSWER - D. Audit records  

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

QUESTION 4

A design that allows one to peek inside the "box" and focuses specifically on using internal knowledge of the software to guide the selection of test data.

• A. Positive testing
• B. White-box testing
• C. Statement coverage
• D. Negative testing

 CORRECT ANSWER - B. White-box testing  

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-6-quiz-Vulnerabilities-in-software?q0=0&x=77&y=7>

LINKS: 

• ISC2 Training Study Guide
• https://www.isc2.org/Training/Self-Study-Resources
• TechTarget
• https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9

 TRANSCRIPT:

welcome to the reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam Paola Sean Gerber again with reduce cyber risk podcast hope everybody's having a beautiful blessed week this week as we marched closer to the Christmas holidays and I know when our family in the Gerber household with all seven of us it is exciting the kids are kind of paint off the walls and they are truly waiting for Christmas Even though they're at the age now where they don't get a whole lot of cool gifts they kind of get close I got to buy him clothes and if I'm going to spend stop making you so let's come to play what does it mean to say they don't know that they listen to the podcast but know things are going great here and the great wonderful state of Kansas in the heart of United States so we are very very fortunate to be living in the country that we live in and being able to study and be able to talk about the cissp yes so weird for today and today is going to be covering again domain 5 identity and access management of the cissp exam this is coming to you from I see squares train training guide again these lot of the stuff that were covering here is and I see squares training manual as well as techtarget I've picked up some questions from techtarget and the links the the links will be in the show notes you better go check that out as well so let us get started on some of these wonderful questions that we have all right question number 1 numeral Uno the determination of the impact of change based on review of the relevant documentation is a lot of big big ten dollar words in there I mean termination the determination of the impact of a change based on the review of relevant documentation a validation to regression analysis that's up to a validation bees regression analysis C is data flow coverage D is security log management duration of impact of a change based on the review of relevant documentation to your checking what's going to happen okay so you're determined what's going to happen based on change and that is called regression analysis that is little letter be alright question 2 analysis of the application source code for finding vulnerabilities without actually executing the application is a system events be architecture Security reviews static source code analysis D records pictures of the application source code for finding vulnerabilities without actually executing the application is a system events B architecture reviews C static source code analysis or sast free auto records static source code analysis okay so let's see it's basically what kind of source code look Source goes in application I made a big run RI question 3 contain security event information such as successful and failed authentication attempts file access security policy changes account changes and use of privileges a lot of Big Ten Dollar Words contain security event information success and fail Authentication file access security pile policy changes account changes and the use of privileges system events be static source code analysis test see past coverage Auto Wreckers system events static source code analysis pass coverage audit records Enos asked was in the one that was previous and it's probably not this one so you can throw that one out right and you're dealing with event information such a successful and fell authentication attempts you're trying to look at privileges all of those things well that sounds like an audit so it is it is D audit records find that allows one to peek Inside the quote-unquote Box Kansas specifically on using internal knowledge of the software to guide the selection of test data design that allows one to peek inside the Oracle box and focus on using internal knowledge of software to guide the selection of the test data alright so a is positive testing B is white-box testing C statement coverage negative testing case if you don't really know you can at least say there's three testing ones and the the question kind of asked about that so those the deal Steven coverage go away is positive testing B's white-box testing C statement coverage we got rid of and then D is negative testing the answer is a is be white box testing is what the answer is so you basically able to peek inside the box white-box testing I hope you guys enjoy that the cissp exam questions reduce Everest podcast as well as few questions you can find a tech target.com finally you can go to Sean gerber.com s s h o n g e r b ER yes you can go there and you can check out a plethora of cissp study materials for you I've got the cissp training That's goes from domains one through eight it is there it's available is for sale is very reasonable especially considering it cost you a fortune to get this done through normal channels I have a 1-800 100% pass guarantee you buy it if you don't like it I'll refund your money not a big deal I understand it completely but man is awesome it's great training is available for you to be able to go out and purchase and then also in conjunction with that I can work with you as well on studying for your cissp so I firmly believe in this I'd my training I completely agree that you will do very well on it and right now the security industry is so smoking hot that you'd there's jobs everywhere and so therefore it's important that you get the training you need to be sick successful to pass the cissp exam the first time all right guys have a wonderful day we'll catch you on the flip side Michael Jared please leave a review on I would greatly appreciate the feedback also check out my cissp videos that you can find out on YouTube just search for Shawn s h o n Gerber like the baby food toilet or whatever you choose and then you will find a plethora of content to help you pass the cissp exam the first time lastly head over to Sean gerber.com and look at the Cornucopia free cissp materials available to all my emails