BROADCASTS.com

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  108

What are the various phases associated with completing a Penetration Test for an organization.

1. Planning, Reporting, Vulnerability Management, Exploiting, Information Gathering
2. Production, Registration, Vulnerability Management, Exploiting, Information Gathering
3. Planning, Reporting, Vulnerability Scanning, Exploiting, Information Gathering
4. Production, Reporting, Vulnerability Management, Exploiting, Information Gathering

Explanation: [c] Planning, Reporting, Vulnerability Scanning, Exploiting, and Information Gathering (not in order) are the phases of completing a penetration test for an organization.

------------------------------------

Question:  109

When creating metrics for your leadership, what are first items you should focus first on and what should be your level of complexity for the report?

1. Very complex metrics focused on all systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
2. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
3. Very simple metrics focused on critical systems; Management processes, Closed vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance issues
4. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues

Explanation:  [b] Starting off with simple metrics focused on critical systems with the following metrics:  Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues is the best method to get started.  Obviously, you organization may be different and you will have to modify to meet your needs, but it is good place to get started….keep it simple.  

------------------------------------

Question:  110

When completing a Penetration Test of your organization who needs to be involved in the discussion and decision?

1. No one; informing people that the penetration test will occur will taint the results resulting in waste
2. Everyone; it is important that people don't feel duped that this test was designed to trick them
3. Key personnel; it is important to focus on only telling the decision makers/influencers (CEO/CIO, Legal, Public Affairs, Compliance) as it relates to a penetration test.
4. None of the above

Explanation: [c] It is important the right people are involved in the decision making process as a Pen Test can have significant impact on an organization and cause a disruption within a company.

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources