RCR 093: CISSP Exam Questions for Software Development

Published: July 8, 2020, 10:16 a.m.

Subscribe: iTunes | Goggle Play | Stitcher Radio | RSS


Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

Shon will provide CISSP training and study around the tools you need to better understand what you need to know to be better prepared for the CISSP Exam Questions.  His knowledge will provide the skills needed to pass the CISSP Exam.

BTW - Get access to all my Free Content and CISSP Training Courses here at:  https://shongerber.com/

Available Courses: 

CISSP Exam Questions

Question:  162

John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of issue?
A. Application is written in the C programming language.
B. Application is not carrying out enforcement of the trusted computing base.
C. Application is running in ring 3 of a ring-based architecture.
D. Application is not interacting with the memory manager properly.


  1. The C language is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying out bounds checking.




Question:  163

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection.

A. Non-protected ROM sections
B. Vulnerabilities that allowed malicious code to execute in protected memory sections
C. Lack of a predefined and implemented trusted computing base
D. Lack of a predefined and implemented security kernel


  1. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.



Question:  156

If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _________ the data, objects, and resources.

A) Control

B) Audit

C) Access

D) Repudiate




Accessibility of data, objects, and resources is the goal of availability. If a security mechanism offers availability, then it is highly likely that the data, objects, and resources are accessible to authorized subjects.




Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/