Free Access to ISC.CISSP.v2024-01-19.q999 with Valid Practice Test (Page 195)

Question 966

Which of the following statements pertaining to ethical hacking is incorrect?

A.An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.
B.Testing should be done remotely to simulate external threats.
C.Ethical hacking should not involve writing to or modifying the target systems negatively.
D.Ethical hackers never use tools that have the potential of affecting servers or services.

Correct Answer: D

This means that many of the tools used for ethical hacking have the potential of
exploiting vulnerabilities and causing disruption to IT system. It is up to the individuals performing
the tests to be familiar with their use and to make sure that no such disruption can happen or at
least shoudl be avoided.
The first step before sending even one single packet to the target would be to have a signed
agreement with clear rules of engagement and a signed contract. The signed contract explains to
the client the associated risks and the client must agree to them before you even send one packet
to the target range. This way the client understand that some of the test could lead to interruption
of service or even crash a server. The client signs that he is aware of such risks and willing to
accept them.
The following are incorrect answers:
An organization should use ethical hackers who do not sell auditing, hardware, software, firewall,
hosting, and/or networking services. An ethical hacking firm's independence can be questioned if
they sell security solutions at the same time as doing testing for the same client. There has to be
independance between the judge (the tester) and the accuse (the client).
Testing should be done remotely to simulate external threats Testing simulating a cracker from the
Internet is often time one of the first test being done, this is to validate perimeter security. By
performing tests remotely, the ethical hacking firm emulates the hacker's approach more
realistically.
Ethical hacking should not involve writing to or modifying the target systems negatively. Even
though ethical hacking should not involve negligence in writing to or modifying the target systems
or reducing its response time, comprehensive penetration testing has to be performed using the
most complete tools available just like a real cracker would.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Appendix F: The Case for Ethical Hacking (page
520).

Question 967

In the CIA triad, what does the letter A stand for?

A.Auditability
B.Accountability
C.Availability
D.Authentication

Question 968

Configuration Management is a requirement for the following level(s) of the Orange Book?

A.B3 and A1
B.B1, B2 and B3
C.A1
D.B2, B3, and A1

Question 969

Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have

A.access to the original personnel that were on staff at the organization.
B.access to the skill sets consistent with the programming languages used by the organization.
C.the ability to maintain all of the applications in languages they are familiar with.
D.processes that are identical to that of the organization doing the outsourcing.

Question 970

Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?

A.When the fire is in an enclosed area
B.When the fire involves electrical equipment
C.When the fire is caused by flammable products
D.When the fire involves paper products

Question 966

Question 967

Question 968

Question 969

Question 970

Download PDF File