ISC2 CISSP Quiz 11 Topic 5 Questions 51-55

Question: 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

AThe organization enforces the rules to other organization's user provisioning

BThe organization establishes a trust relationship with the other organizations

CThe organization defines internal standard for overall user identification

DThe organization specifies alone how to authenticate other organization's users

Show Answer

Question: 2

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Aross-Site Scripting (XSS)

BCross-Site request forgery (CSRF)

CCross injection

DBroken Authentication And Session Management

Show Answer

Question: 3

When conduting a security assessment of access controls , Which activity is port of the data analysis phase?

ACollect logs and reports.

BPresent solutions to address audit exceptions.

CCategorize and Identify evidence gathered during the audit

DConduct statiscal sampling of data transactions.

Show Answer

Question: 4

The amount of data that will be collected during an audit is PRIMARILY determined by the

Aaudit scope.

Bauditor's experience level.

Cavailability of the datA.

Dintegrity of the datA.

Show Answer

Question: 5

Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

AASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.

BOpportunistic attackers will look for any easily exploitable vulnerable applications.

CMost regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.

DSecuring applications at ASVS Level 1 provides adequate protection for sensitive data.

Show Answer

ISC2 CISSP Quiz:11 Topic:5 Questions:51-55