Home My Story Free Resources Podcast Get In Touch
start today

RCR 093: CISSP Exam Questions for Software Development – CISSP Training and Study!

Apr 22, 2020

 

 

SubscribeiTunes | Goggle Play | Stitcher Radio | RSS 

Description: 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.   

Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam.  

BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/  

Available Courses:   

CISSP Exam Questions 

Question:  162 

John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of issue? 
A. Application is written in the C programming language. 
B. Application is not carrying out enforcement of the trusted computing base. 
C. Application is running in ring 3 of a ring-based architecture. 
D. Application is not interacting with the memory manager properly. 

 

  1. The C language is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying out bounds checking.

https://www.brainscape.com/subjects/cissp-domains 

------------------------------------ 

Question:  163 

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. 
 
A. Non-protected ROM sections 
B. Vulnerabilities that allowed malicious code to execute in protected memory sections 
C. Lack of a predefined and implemented trusted computing base 
D. Lack of a predefined and implemented security kernel 

  1. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.

https://www.brainscape.com/subjects/cissp-domains 

------------------------------------ 

Question:  164 

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. 
 
A. Non-protected ROM sections 
B. Vulnerabilities that allowed malicious code to execute in protected memory sections 
C. Lack of a predefined and implemented trusted computing base 
D. Lack of a predefined and implemented security kernel 

  1. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.

https://www.brainscape.com/subjects/cissp-domains 

Want to find Shon elsewhere on the internet? 

LinkedIn – www.linkedin.com/in/shongerber 

Facebook - https://www.facebook.com/CyberRiskReduced/ 

LINKS:  

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras sed sapien quam. Sed dapibus est id enim facilisis, at posuere turpis adipiscing. Quisque sit amet dui dui.
Call To Action

Stay connected with news and updates!

Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.

We hate SPAM. We will never sell your information, for any reason.

Categories

All Categories cissp cissp domains cissp exam guide cissp exam questions cissp for dummies cissp prep cissp salary cissp study guide cissp syllabus cissp training cissp training free compliance cyber risk cyber security career cyber security careers cyber security course cyber security training cybercrime cybersecurity cybersecurity 101 cybersecurity course cybersecurity for beginners cybersecurity fundamentals cybersecurity jobs cybersecurity news cybersecurity training data theft education expert hr information security information security jobs insurance isc2 isc2 cissp it it security learn cyber security learn cyber security free learn cybersecurity free medium business network security regulatory risk small business smb statistics tech industry virus protection