← Back to exam page

CISSP Certified Information Systems Security Professional

Loading demo links...

Showing 13–15 of 20 questions

Question 13 (Mixed questions)

Which of the following is true of Service Organization Control (SOC) reports?

Select an option, then click Submit answer.

  • SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls

  • SOC 2 Type 2 reports include information of interest to the service organization’s management

  • SOC 2 Type 2 reports assess internal controls for financial reporting

  • SOC 3 Type 2 reports assess internal controls for financial reporting
Question 14 (Software Development Security)

What is the FINAL step in the waterfall method for contingency planning?

Select an option, then click Submit answer.

  • Maintenance

  • Testing

  • Implementation

  • Training
Question 15 (Jan 2023 Update)

What are the PRIMARY responsibilities of security operations for handling and reporting violations and incidents?

Select an option, then click Submit answer.

  • Monitoring and identifying system failures, documenting incidents for future analysis, and scheduling patches for systems

  • Scheduling patches for systems, notifying the help desk, and alerting key personnel

  • Monitoring and identifying system failures, alerting key personnel, and containing events

  • Documenting incidents for future analysis, notifying end users, and containing events