CISSP – Certified Information Systems Security Professional

Loading demo links...

Showing 10–12 of 20 questions

Question 10 (Jan 2023 Update)

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?

Select an option, then click Submit answer.

○
Statement on Auditing Standards (SAS)70
○
Service Organization Control 1 (SOC1)
○
Service Organization Control 2 (SOC2)
○
Service Organization Control 3 (SOC3)

Question 11 (Jan 2023 Update)

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?

Select an option, then click Submit answer.

○
Cross-Site Scripting (XSS)
○
Cross-site request forgery (CSRF)
○
Injection
○
Click jacking

Question 12 (Security Architecture and Engineering)

What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

Select an option, then click Submit answer.

○
To ensure the organization’s controls and policies are working as intended
○
To ensure the organization can still be publicly traded
○
To ensure the organization’s executive team won’t be sued
○
To ensure the organization meets contractual requirements

← Prev 1 2 3 4 5 6 7 Next →

Page 4 of 7

Sale Ends In

2h 0m 0s