Skip survey header

CISSP Practice Quiz: Domain 6 Security Assessment and Testing Quiz 2

CISSP Practice Quiz: Domain 6 Security Assessment and Testing Quiz 2

1. David ran a port scan of a system using Nmap and received the results shown below. Which one of the following services is NOT running on this system, assuming all services are using their default ports?

2. Dylan’s organization is considering using a new data center vendor and would like to obtain an audit report on that vendor’s security controls in which the vendor offers an opinion on the effectiveness of the controls based upon the results of testing.

Which one of the following reports would meet Dylan’s criteria?
3. Andrea would like to use a component of NIST’s SCAP framework to score security vulnerabilities detected in her organization’s systems. Which SCAP component is appropriate for this task?
4. Tom is running a vulnerability scan of a web server and identifies the transport security protocols in use on the device. Which one of the following protocols is safe for use?
5. Vincent would like to detect SQL injection vulnerabilities in a new application his organization is deploying. Which one of the following tools is LEAST suitable for this task?
6. During which phase of a penetration test is the tester most likely to use the Metasploit framework?
7. Nick’s organization uses the code review process shown below. What process are they using?

8. Which one of the following code testing measures would identify whether every logical test in the code has been tested under all possible combinations of input?
9. What TCP port is associated with HP JetDirect printing?
10. What status does Nmap report for a port when a network firewall interferes with the scan and makes it impossible to determine whether the port is open on the remote system?