- (Exam Topic 6)
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

1. A. Change management processes
2. B. User administration procedures
3. C. Operating System (OS) baselines
4. D. System backup documentation

Correct Answer: A

- (Exam Topic 13)
Which Identity and Access Management (IAM) process can be used to maintain the principle of least
privilege?

1. A. identity provisioning
2. B. access recovery
3. C. multi-factor authentication (MFA)
4. D. user access review

Correct Answer: A

- (Exam Topic 14)
Which of the following BEST describes how access to a system is granted to federated user accounts?

1. A. With the federation assurance level
2. B. Based on defined criteria by the Relying Party (RP)
3. C. Based on defined criteria by the Identity Provider (IdP)
4. D. With the identity assurance level

Correct Answer: C
Reference: https://resources.infosecinstitute.com/cissp-domain-5-refresh-identity-and-access-management/

- (Exam Topic 11)
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

1. A. Application interface entry and endpoints
2. B. The likelihood and impact of a vulnerability
3. C. Countermeasures and mitigations for vulnerabilities
4. D. A data flow diagram for the application and attack surface analysis

Correct Answer: D

- (Exam Topic 15)
What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

1. A. Publish a social media guidelines document.
2. B. Publish an acceptable usage policy.
3. C. Document a procedure for accessing social media sites.
4. D. Deliver security awareness training.

Correct Answer: A