CarlsCloud™ Study Guide Series: CISSP Mock Exam Deep Dive - Questions 16-20

Carl Ballenger, CISSP, CCSP -

Welcome again, future CISSPs!

In this installment of our CarlsCloud™ Study Guide Series, we're taking a closer look at additional CISSP mock exam questions #16-20.

This continued two-part blog series for questions #16-20 will present five CISSP mock exam questions followed by a questions #16-20 answers and explanations allowing you to assess your current understanding.

Question #16:

Carla is conducting an assessment of an organization using the Software Assurance Maturity Model (SAMM).  She notes that the organization seems to have difficulty with defect management and will be reporting that finding.

Which business function of SAMM includes defect management?

A. Implementation

B. Governance

C. Verification

D. Operations

Question #17

You are reviewing a suspicious entry in the logs of your web server and find a request to the URL: https://yourapplication.com/index.asp?name=Mike';%20DELETE%20*%20FROM%20accounts;%20--

What type of attack has been attempted?

A. SQL injection

B. Cross-site scripting (XSS)

C. Cross-site request forgery (CSRF)

D. Server-side request forgery (SSRF)

Question #18:

You are working with the team developing a new web application and you would like to perform a test that evaluates whether the application is able to successfully handle malicious input that it receives through that interface.

Which one of the following activities would best meet this need?

A. Input validation

B. Parameterized queries

C. Stored procedures

D. Fuzz testing

Question #19:

What is the primary goal of change management in an organization?

A. Reducing the likelihood of service disruptions

B. Communicating to all affected stakeholders

C. Creating an auditable record

D. Organizing the work associated with a change

Question #20:

Vivek is the chief information security officer (CISO) for a large organization. She would like to conduct an assessment that will provide her with an accurate view of how an attacker might target her organization.

What type of assessment would best meet her needs?

A. Vulnerability assessment

B. External audit

C. Internal audit

D. Penetration test

Did you enjoy CarlsCloud™ today and did I help you at all?

If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks it would mean a lot!