CC Free Practice Test

Which type of software testing focuses on examining the source code for vulnerabilities and security issues?

1. A. Black-box testing
2. B. White-box testing
3. C. Functional testing
4. D. User acceptance testing

Correct Answer: B

EKristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission. According to the ISC2 Code of Ethics, to whom does Kristal ultimately report in this situation?

1. A. The company Kristal works for
2. B. The governments of the countries where the company operates
3. C. ISC2
4. D. The users

Correct Answer: D

What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?

1. A. FISMA
2. B. HIPAA
3. C. GLBA
4. D. FERPA

Correct Answer: A

A hacker gains access to an organization system without authorization and steal confidential data. What term best describes this ?

1. A. Event
2. B. Breach
3. C. Intrusion
4. D. Exploit

Correct Answer: C

Which security control mostly used to prevent data breach

1. A. Physical control
2. B. Logical Control
3. C. Adminstrative Control
4. D. RBAC

Correct Answer: B