CISSP Practice Quiz: All Domains Quiz 2

1. Which development model requires the activities in each phase to be performed and documented before the next phase begins?

• Waterfall
• Pillar
• Bastion
• Citadel

2. To minimize the possibility of privilege escalation inadvertently happening on a Linux-based server, the use of which command should be minimized?

• sys
• bin
• adm
• sudo

3. Which of the following would contain a list of known “good” website addresses?

• Bluelist
• Greenlist
• Blacklist
• Whitelist

4. Black box security testing is most associated with which of the following types of security application testing?

• FAST
• SAST
• BAST
• DAST

5. Which of the following is an authorization framework that enables a third-party application to obtain limited access to an HTTP service?

• Hauth
• Oauth
• SAML
• RADIUS

6. Security professionals are expected to actively practice “ethical disclosure”. Which of the following best defines that principle?

• If a vulnerability is discovered, there is a responsibility to keep it quiet.
• If a vulnerability is discovered, there is a responsibility to further investigate it.
• If a vulnerability is discovered, there is a responsibility to report it.
• If a vulnerability is discovered, there is a responsibility to correct it.

7. Which of the following is a framework for helping organizations implement/formulate a strategy for application security around the business risks facing the organization?

• ITIL
• SAMM
• CMM
• IPT

8. The practice of monitoring outbound data from one network to another is classified as which of the following?

• Egress monitoring
• Seepage monitoring
• Ingress monitoring
• Outflow monitoring

9. When an outside vendor is brought in to perform an audit, this is known as which of the following types of audits?

• Peripheral
• Tangential
• External
• Ancillary

10. Which of the following is a markup language standard for exchanging authentication and authorization data between security domains?

• TRAML
• OPAU
• SAML
• LPP