Effective CISSP Questions

Your organization conducts full backup on Sundays and incremental backup on weekdays and Saturdays, all at midnight and supported by a highly automated tape library and offsite tape vaulting. An internal auditor asked the backup operator to restore tapes to a spare server to verify the effectiveness of the backup. Which of the following assessment methods does the internal auditor employ?
A. Simulation
B. Interviewing
C. Testing
D. Examination

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Testing.

Security Assessment Overview

According to NIST SP 800-115 and ISACA CISA review manual, there are three typical types of assessment methods: testing, examination, and interviewing.

  • Testing is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors.
  • Examination is the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence.
  • Interviewing is the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence.

Intuitively, people tend to relate simulation to exercising or practicing something. However, it’s more common to use mathematical models to estimate, forecast, or “simulate” something, e.g. Monte Carlo simulation.


您的組織在星期日進行完整備份,並在工作日和星期六進行增量備份,所有備份都在午夜進行,並得到高度自動化的磁帶庫(automated tape library)和異地磁帶庫蔵(offsite tape vaulting)的支持。 內部審計員要求備份操作員將磁帶還原到備用服務器,以驗證備份的有效性。 內部審計師採用以下哪種評估方法?
A. 模擬 (Simulation)
B. 訪談 (Interviewing)
C. 測試 (Testing)
D. 查驗 (Examination)

3 thoughts on “CISSP PRACTICE QUESTIONS – 20200219

Leave a Reply