Sample Test Questions Domain 6

Question 1

the most important reason to log events remotely is ___

Answer 1

To prevent against log tampering

Question 2

a ___ transaction is a scripted process used to emulate user behavior in application testing

Answer 2

synthetic

Question 3

The greatest value of security metrics is to establish the ___ and ___ that must be used by senior management to evaluate the effectiveness of an information security management system (ISMS)

Answer 3

key performance indicators (KPIs);

key risk indicators (KRIs)

Question 4

No matter how technically comprehensive a report to management must be, the executive summary should never exceed ___

Answer 4

two pages

Question 5

A security ___ program addresses all employees regardless of role, whereas security ___ is role specific

Answer 5

awareness; training

Question 6

A(n) ___ is a comparison between the properties of a system and some predetermined standardized configuration. A(n) ___ is a related series of these.

Answer 6

test; assessment

Question 7

A dedicated and persistent adversary will likely gain a level of knowledge of their target that rivals or exceeds that of the ___, both in breadth and accuracy

Answer 7

internal audit team

Question 8

The most important practice when conducting internal audits is to ensure both that the results are actionable by operations staff and that ___

Answer 8

their importance is well understood by the management team that is responsible for actions being taken

Question 9

When testing a set of controls across a fleet of systems, if it can be determined that ___, it may make little sense to inspect each of them individually, and certainly will increase the cost of the assessment

Answer 9

they are uniformly configured and deployed