CISSPISC2Certified Information Systems Security Professional
QUESTION: 225 As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed? A. Use a web scanner to scan for vulnerabilities within the website. B. Perform a code review to ensure that the database references are properly addressed. C. Establish a secure connection to the web server to validate that only the approved ports are open. D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input. Answer: D QUESTION: 226 Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals? A. Senior management B. Information security department C. Audit committee D. All users Answer: C QUESTION: 227 Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?