New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 6 Question 93 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 93
Topic #: 6
[All CISSP Questions]

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Cordelia at Jul 08, 2024, 06:50 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Corrie
3 months ago
Not sure if all scenarios are equally important though.
upvoted 0 times
...
Nicolette
3 months ago
Compromised admin access is a must, no doubt!
upvoted 0 times
...
Eun
3 months ago
Surprised that accidental access isn't a bigger concern!
upvoted 0 times
...
Afton
4 months ago
I think internal attackers are more critical to test.
upvoted 0 times
...
Lou
4 months ago
Definitely need to cover third-party vendors!
upvoted 0 times
...
Carmen
4 months ago
I’m a bit confused about option D; while accidental access is a concern, I’m not sure if it’s as critical as the others for a penetration test.
upvoted 0 times
...
Phillip
4 months ago
I think we practiced a question similar to this, and I recall that third-party vendors can pose risks, so option A might also be important to include.
upvoted 0 times
...
Nydia
4 months ago
I'm not entirely sure, but I feel like option B, compromising system administrator access, could lead to significant damage, so it might be a must-have scenario.
upvoted 0 times
...
Johnetta
5 months ago
I remember we discussed the importance of covering internal threats, so I think option C about an internal attacker is crucial.
upvoted 0 times
...
Demetra
5 months ago
This is a good question that gets at the heart of effective penetration testing. I think the key is to make sure the test covers all the potential entry points, both external and internal. That way you can really stress-test the system's defenses.
upvoted 0 times
...
Ilona
5 months ago
Okay, for this type of question, I'd focus on identifying the scenarios that pose the greatest risk to the organization. A compromised admin or third-party vendor access seem like critical areas to test. I'll make sure I understand those attack vectors well.
upvoted 0 times
...
Cherelle
5 months ago
This seems like a straightforward question about the scope of a penetration test. I think the key is to consider all the potential attack vectors that could compromise the system, including insider threats like a compromised admin or third-party vendor access.
upvoted 0 times
...
Lino
5 months ago
Hmm, I'm a bit unsure about this one. I know penetration testing is important, but I'm not sure if all those scenarios are required to be covered. I'll need to think through the different types of threats more carefully.
upvoted 0 times
...
Yolando
5 months ago
This is a tricky one. I'll have to think carefully about the risk response strategies that apply to both positive and negative risks.
upvoted 0 times
...
Lashanda
5 months ago
From what I practiced, I feel like option A aligns best with standard policies, while the others don't really fit the definition of significant accounting policies as I learned them.
upvoted 0 times
...
Marci
5 months ago
Hmm, I'm not totally sure about this one. I'd have to think it through a bit more to decide between the social sharing rate and the click to open rate.
upvoted 0 times
...
Glory
9 months ago
I heard the test also includes a scenario where the CEO accidentally replies to a Nigerian prince email. That's a classic!
upvoted 0 times
...
Isabelle
9 months ago
A is a tricky one. Gotta make sure those third-party vendors aren't a weak link in the security chain.
upvoted 0 times
Reiko
8 months ago
A is definitely important, can't overlook those vendors.
upvoted 0 times
...
Benedict
8 months ago
B) System administrator access compromised
upvoted 0 times
...
Corinne
8 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Reita
8 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Ezekiel
10 months ago
D is a good one too. Accidental data access is a common issue that shouldn't be overlooked.
upvoted 0 times
Penney
8 months ago
D) Internal user accidentally accessing data
upvoted 0 times
...
Alecia
8 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Jin
9 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Keshia
10 months ago
C seems like the most realistic scenario. An internal attacker with access could do a lot of damage if the systems aren't properly secured.
upvoted 0 times
Daniel
9 months ago
C) Internal attacker with access to the system
upvoted 0 times
...
Nadine
9 months ago
B) System administrator access compromised
upvoted 0 times
...
Silvana
9 months ago
A) Third-party vendor with access to the system
upvoted 0 times
...
...
Alonzo
10 months ago
I think the correct answer is B. System administrator access compromised. That's a critical access point that needs to be tested.
upvoted 0 times
...
Mariann
11 months ago
I believe scenario B should also be covered. If a system administrator's access is compromised, it could lead to a major security breach.
upvoted 0 times
...
Sheridan
11 months ago
I agree with Olga. Internal attackers are often overlooked but can cause significant damage.
upvoted 0 times
...
Olga
11 months ago
I think scenario C must be covered because internal attackers can pose a serious threat.
upvoted 0 times
...

Save Cancel