RCR 052-1: Quick Tip Questions for the CISSP Exam (Domain 5) - CISSP Training and Study!

cissp cissp domains cissp exam guide cissp exam questions cissp for dummies cissp prep cissp salary cissp study guide cissp syllabus cissp training cissp training free cybersecurity isc2 cissp Dec 21, 2019
CISSP Cyber Training
RCR 052-1: Quick Tip Questions for the CISSP Exam (Domain 5) - CISSP Training and Study!
5:39
 

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about questions for Domain 5 (Identity and Access Management) of the CISSP Exam.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

QUESTION 1

A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations:

  • Threat modeling
  • White-box testing
  • Path coverage
  • Negative testing

CORRECT ANSWER - Threat modeling 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

QUESTION 2

This criteria requires sufficient test cases for each feasible data flow to be executed at least once:

  • Statement coverage
  • Path coverage
  • Data flow coverage
  • Condition coverage

CORRECT ANSWER - Data flow coverage 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

QUESTION 3

Tests an application for the use of system components or configurations that are known to be insecure:

  • Synthetic performance monitoring
  • Automated Vulnerability Scanners
  • Multi-condition coverage
  • Architecture security reviews

CORRECT ANSWER - Automated Vulnerability Scanners 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-5-quiz-Types-of-access-control-systems?q0=0&x=77&y=10>

Want to find Shon Gerber elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

TRANSCRIPT:

  welcome to reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host for this action-packed informative podcasts join me each week is I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam domain five rights of you'll probably have been paying attention we've been doing some cissp questions we're kind of setup as a019 and that was kind of starting off a zero when I was working the cissp questions but changing things up a little bit I'm trying this out just to see if this it works a lot better as it follows through with the podcast and it will go in conjunction with the episode so in the case I guess it's episode 52 is what has been released and so this will be installment one of the cissp exam questions for that week so hence 52 - 1 cissp exam questions so I hope that explains a little bit of white but other than that let's get going alright so this is going to be neighbors again we're focusing on domain 1 getting into some various aspects around domain five the main five is identity and access management and these are all good questions that you can get from bug or you can go to and this case your Tech target.com and you can get those as well and they have the domain 5 quiz that's available for you to go ahead and use so just some different options around that I thought this would be a good option to get started all right so question one the process by which developers can understand security threats to a system determi let's roll on into a question at 3 testing application for the use of system components or configurations that are known to be insecure okay so tested application for the use of system components or configurations that are known to be insecure a synthetic performance monitoring automated vulnerability scanners C multi condition coverage architecture Security reviews okay so it's basically test applications for the use of components or configurations that are known to be insecure the answer is be automated vulnerability scanners affect full effect or affect I thought we have today for these two cissp questions so again only three questions but the whole point of it is to get you to go to Sean gerber.com where you can get more cissp questions and some free domain training that I provide for my cassp there are some free domain videos out there for your enjoyment all you got to do is just sign up for my email list and then bada-boom bada-bing you get them so you can go to champs.com if you have any questions you also can reach out to me at Shawn s h o n at Shawn gerber.com and I'd be happy to answer any questions you may have about cissp already all I hope you have a wonderful weekend my podcast if you like what you heard please leave a review on iTunes appreciate the feedback also check out my cissp videos that you can find out on YouTube just search for Shawn s h o n Gerber like the baby food toilet or whatever you choose and then you will find a plethora of content to help you pass Lashley head over to Shawn gerber.com Cornucopia free cissp materials available to all my email subscribers thanks again for listeningne risk from those threats and establish appropriate mitigations threat modeling be white-box testing pass coverage D- testing write the question is process by which developers can understand security threats to a system determine risk of those threats and establish appropriate medications a threat modeling be white-box testing CPAP coverage D- testing and the answer is a threat modeling all right question to this criteria require sufficient test cases for each feasibility each feasible dataflow to be executed at least once okay so this criteria require sufficient test cases for each feasible dataflow to be executed at least once a statement coverage data flow coverage crd condition coverage I think y'all can figure this one out it is C dataflow coverage and sits in the name and that kind of flows along hahaha nope along with the question 2

CISSP Cyber Training Academy Program!

Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification? 

Let CISSP Cyber Training help you pass the CISSP Test the first time!

LEARN MORE | START TODAY!