Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP Domains - Asentium > Domain 6- Security Assessment and Strategy > Flashcards

Domain 6- Security Assessment and Strategy Flashcards

1
Q

Penetration Testing Methodology

A 
-Planning
Reconnaissance
-Scanning
-Vulnerability Assessment
-Exploitation
-Reporting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability Testing

A

-scans a network or system for a list of predefined vulnerabilities
.system misconfiguration
.outdated software
.lack of patching
-Results in a Common Vulnerability Scoring System (CVSS) score

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Assessment

A

-A holistic approach to accessing the effectiveness of security controls
-Where are the gaps in control, what are the applicable threats
-Broad scope
-Domains may include
.Administrative control (policies and procedures)
.Change management
. Architectural review
. Penetration test
.Vulnerability assessment
.Security Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internal audits

A

Structured Audit

  • external audience
  • validate compliance, etc.

Unstructured audit

  • internal audience
  • to improve security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3rd Party Audit

A
  • Experts
  • Add credibility
  • Teach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Log Review - Security Audit Logs

A
  • a detective control
  • Types of logs to collect
    .Network security hardware and software
    .Antivirus logs
    .IDS/IPS logs
    .Remote access software
    .web proxy
    .vulnerability management
    .authentication servers
    .routers and firewalls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Software Testing Methods

A

-Static: test code passively, without running
-Dynamic: tests code while executing
-Black box: gives testers no internal details
-Traceability matrix or Requirements Traceability Matrix RTM: maps customers requirements to the software testing plan
Fuzzing: enters random, malformed data as inputs into software programs to determine of they will crash. (Black box)
Combinatorial: seeks to identify and test all unique combinations of software inputs (black box)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Software Testing Levels

A

Unit Testing: test of software components (functions, objects, procedures)
Installation Testing: as software is installed and first operated
Integration Testing: testing multiple components as the are combines into a working system
Regression Testing: testing software after updates, modifications, or patches
Acceptance Testing: customer tests to ensure that software meets operational requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP Domains - Asentium (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions