CISSP DOMAIN 6 QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Targeted Testing - ANSWER Most like a white-box software test.
The targeted testing method provides information to both the pen tester and the customer's security
personnel.
Also known as the lights-on approach.
Double-Blind Penetration Test - ANSWER Most like a black-box software test.
Also known as a zero-knowledge.
No information is provided to the tester or to the customer's security staff.
Blind Penetration Test - ANSWER The tester is provided with no information about the customer,
however, the customer's security staff will know that a vulnerability assessment that involves a
penetration test is underway.
Partial-Knowledge Penetration Test - ANSWER Most like a grey-box software test.
Pen testers are provided with a limited amount of information about the customer's environment, but
are not provided access to everything.
System Event logs - ANSWER Contain records that include information about objects on a file system.
Most likely to be audited to determine when a file was deleted.
Also typically record changes in user privileges and can provide evidence of unauthorized activity on a
system.
Network Event logs - ANSWER Records evidence of network attacks, like DoS attacks.
could record instances of traffic to a specific unauthorized service on a host within an organization, such
as a P2P file sharing network.
Most likely to be audited to determine whether unauthorized or inappropriate activity is occurring on
the network.
Application Event Logs - ANSWER Depends on the logging capabilities of the app.
, Most likely to be audited to determine whether a particular application has been attacked or
compromised.
User Activity Logs - ANSWER Record information that is similar to system events logs, but a user activity
log would most likely be used to audit who deleted a file, not when the file was deleted.
Most likely to be audited to determine the actions of a particular user.
Security Test - ANSWER Verify that a control is functioning properly.
They include automated scans, tool-assisted pen tests, and manual attempts to undermine security.
Takes place on a regular schedule
Security Assessments - ANSWER Comprehensive reviews of the security of a system, application, or
other tested environment.
Main work product of a security assessment is normally a report addressed to management that
contains the results of the assessment in business language.
During a security assessment, a trained information security professional performs a risk assessment
that identifies vulnerabilities in the tested environment that may allow a compromise and makes
recommendations for remediation, as needed.
Security Audits - ANSWER Evaluations performed with the purpose of demonstrating the effectiveness of
controls to a third party. Security audits use many of the same techniques followed during security
assessments but must be performed by independent auditors.
CVE (Common Vulnerabilities and Exposures) - ANSWER A dictionary of publicly known security
vulnerabilities and exposures.
CVSS (Common Vulnerability Scoring System) - ANSWER Provides a standardized scoring system for
describing the severity of security vulnerabilities.
CCE (Common Configuration Enumeration) - ANSWER Provides a naming system for system configuration
issues.
ANSWERS WITH SOLUTIONS 2024
Targeted Testing - ANSWER Most like a white-box software test.
The targeted testing method provides information to both the pen tester and the customer's security
personnel.
Also known as the lights-on approach.
Double-Blind Penetration Test - ANSWER Most like a black-box software test.
Also known as a zero-knowledge.
No information is provided to the tester or to the customer's security staff.
Blind Penetration Test - ANSWER The tester is provided with no information about the customer,
however, the customer's security staff will know that a vulnerability assessment that involves a
penetration test is underway.
Partial-Knowledge Penetration Test - ANSWER Most like a grey-box software test.
Pen testers are provided with a limited amount of information about the customer's environment, but
are not provided access to everything.
System Event logs - ANSWER Contain records that include information about objects on a file system.
Most likely to be audited to determine when a file was deleted.
Also typically record changes in user privileges and can provide evidence of unauthorized activity on a
system.
Network Event logs - ANSWER Records evidence of network attacks, like DoS attacks.
could record instances of traffic to a specific unauthorized service on a host within an organization, such
as a P2P file sharing network.
Most likely to be audited to determine whether unauthorized or inappropriate activity is occurring on
the network.
Application Event Logs - ANSWER Depends on the logging capabilities of the app.
, Most likely to be audited to determine whether a particular application has been attacked or
compromised.
User Activity Logs - ANSWER Record information that is similar to system events logs, but a user activity
log would most likely be used to audit who deleted a file, not when the file was deleted.
Most likely to be audited to determine the actions of a particular user.
Security Test - ANSWER Verify that a control is functioning properly.
They include automated scans, tool-assisted pen tests, and manual attempts to undermine security.
Takes place on a regular schedule
Security Assessments - ANSWER Comprehensive reviews of the security of a system, application, or
other tested environment.
Main work product of a security assessment is normally a report addressed to management that
contains the results of the assessment in business language.
During a security assessment, a trained information security professional performs a risk assessment
that identifies vulnerabilities in the tested environment that may allow a compromise and makes
recommendations for remediation, as needed.
Security Audits - ANSWER Evaluations performed with the purpose of demonstrating the effectiveness of
controls to a third party. Security audits use many of the same techniques followed during security
assessments but must be performed by independent auditors.
CVE (Common Vulnerabilities and Exposures) - ANSWER A dictionary of publicly known security
vulnerabilities and exposures.
CVSS (Common Vulnerability Scoring System) - ANSWER Provides a standardized scoring system for
describing the severity of security vulnerabilities.
CCE (Common Configuration Enumeration) - ANSWER Provides a naming system for system configuration
issues.
