Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 6 Question 93 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 93
Topic #: 6
[All CISSP Questions]

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Cordelia at Jul 08, 2024, 06:50 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Corrie
4 months ago
Not sure if all scenarios are equally important though.
upvoted 0 times
...
Nicolette
5 months ago
Compromised admin access is a must, no doubt!
upvoted 0 times
...
Eun
5 months ago
Surprised that accidental access isn't a bigger concern!
upvoted 0 times
...
Afton
5 months ago
I think internal attackers are more critical to test.
upvoted 0 times
...
Lou
5 months ago
Definitely need to cover third-party vendors!
upvoted 0 times
...
Carmen
6 months ago
I’m a bit confused about option D; while accidental access is a concern, I’m not sure if it’s as critical as the others for a penetration test.
upvoted 0 times
...
Phillip
6 months ago
I think we practiced a question similar to this, and I recall that third-party vendors can pose risks, so option A might also be important to include.
upvoted 0 times
...
Nydia
6 months ago
I'm not entirely sure, but I feel like option B, compromising system administrator access, could lead to significant damage, so it might be a must-have scenario.
upvoted 0 times
...
Johnetta
6 months ago
I remember we discussed the importance of covering internal threats, so I think option C about an internal attacker is crucial.
upvoted 0 times
...
Demetra
6 months ago
This is a good question that gets at the heart of effective penetration testing. I think the key is to make sure the test covers all the potential entry points, both external and internal. That way you can really stress-test the system's defenses.
upvoted 0 times
...
Ilona
6 months ago
Okay, for this type of question, I'd focus on identifying the scenarios that pose the greatest risk to the organization. A compromised admin or third-party vendor access seem like critical areas to test. I'll make sure I understand those attack vectors well.
upvoted 0 times
...
Cherelle
6 months ago
This seems like a straightforward question about the scope of a penetration test. I think the key is to consider all the potential attack vectors that could compromise the system, including insider threats like a compromised admin or third-party vendor access.
upvoted 0 times
...
Lino
6 months ago
Hmm, I'm a bit unsure about this one. I know penetration testing is important, but I'm not sure if all those scenarios are required to be covered. I'll need to think through the different types of threats more carefully.
upvoted 0 times
...
Yolando
6 months ago
This is a tricky one. I'll have to think carefully about the risk response strategies that apply to both positive and negative risks.
upvoted 0 times
...
Lashanda
6 months ago
From what I practiced, I feel like option A aligns best with standard policies, while the others don't really fit the definition of significant accounting policies as I learned them.
upvoted 0 times
...
Marci
6 months ago
Hmm, I'm not totally sure about this one. I'd have to think it through a bit more to decide between the social sharing rate and the click to open rate.
upvoted 0 times
...
Glory
11 months ago
I heard the test also includes a scenario where the CEO accidentally replies to a Nigerian prince email. That's a classic!
upvoted 0 times
...
Isabelle
11 months ago
A is a tricky one. Gotta make sure those third-party vendors aren't a weak link in the security chain.
upvoted 0 times
Reiko
10 months ago
A is definitely important, can't overlook those vendors.
upvoted 0 times
...
Benedict
10 months ago
B) System administrator access compromised
upvoted 0 times
...
Corinne
10 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Reita
10 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Ezekiel
11 months ago
D is a good one too. Accidental data access is a common issue that shouldn't be overlooked.
upvoted 0 times
Penney
10 months ago
D) Internal user accidentally accessing data
upvoted 0 times
...
Alecia
10 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Jin
10 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Keshia
11 months ago
C seems like the most realistic scenario. An internal attacker with access could do a lot of damage if the systems aren't properly secured.
upvoted 0 times
Daniel
11 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Nadine
11 months ago
B) System administrator access compromised
upvoted 0 times
...
Silvana
11 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Alonzo
11 months ago
I think the correct answer is B. System administrator access compromised. That's a critical access point that needs to be tested.
upvoted 0 times
...
Mariann
1 year ago
I believe scenario B should also be covered. If a system administrator's access is compromised, it could lead to a major security breach.
upvoted 0 times
...
Sheridan
1 year ago
I agree with Olga. Internal attackers are often overlooked but can cause significant damage.
upvoted 0 times
...
Olga
1 year ago
I think scenario C must be covered because internal attackers can pose a serious threat.
upvoted 0 times
...

Save Cancel