CISSP Practice Test

A manufacturing organization wants to establish a Federated Identity Management (FIM)
system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

In which of the following programs is it MOST important to include the collection of security process data?

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Which of the following could cause a Denial of Service (DoS) against an authentication system?

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels