You have to pass the CT-SEC exam to receive the certification from ISTQB. To increase the effectiveness of your study and make you familiar with the actual exam pattern, we have prepared this ISTQB Security Tester sample questions. Our Sample ISTQB Certified Tester Security Tester Practice Exam will give you more insight about both the type and the difficulty level of the questions on the ISTQB CTFL - Security Tester exam.
However, we are strongly recommending practice with our Premium ISTQB Certified Tester Foundation Level - Security Tester (CT-SEC) Practice Exam to achieve the best score in your actual ISTQB CT-SEC Exam. The premium practice exam questions are more comprehensive, exam oriented, scenario-based and exact match of ISTQB Certified Tester Security Tester exam questions.
ISTQB Security Tester Sample Questions:
01. What are key attributes of security authentication of a medium complexity IT system?
a) It verifies that the user has the correct profile and corresponding rights to access limited parts of the system
b) It is key in identifying the amount of system resources the user can utilize
c) It verifies that user entering the system is legitimate
d) It uses common credentials among users to gain entry into the system
02. During component level testing, why should the security tester review compiler warnings?
a) Because these indicate security problems that must be fixed
b) Because these indicate potential issues that should be investigated
c) Because these indicate coding issues that will cause functional defects
d) Because these indicate poor programming practices that will increase maintainability
03. Why is an attack from inside the organization particularly worrisome?
a) The attacker is likely driven by curiosity and will be unrelenting
b) The attacker is likely bored at work and will continue hacking the system for entertainment
c) The attacker is already inside the firewall and is an authorized system user
d) The attacker is likely to launch a DOS attack which will cripple the servers
04. Which of the following are main characteristics of an effective security test environment?
a) Closely tied to production systems to enhance security at all points
b) Isolates different old versions of the operating systems for use in the environment
c) Includes all production environment plug-ins as well as other plug-ins not in the production environment in order to ensure the most comprehensive setup
d) Mimics the production environment in terms of access rights
05. In what way are dynamic security analysis tools different from general dynamic analysis tools?
a) The security tools probe the system rather than just the application under test
b) The security tools work the same in dynamic or static mode
c) The security tools are better suited to detect problems such as memory leaks
d) The security tools need to be tailored to the language in which the application is implemented
06. At what point in the SDLC should there be checking to ensure that proper secure coding practices have been followed?
a) Component testing
b) Integration testing
c) System testing
d) Security acceptance testing
07. Which of the following would you apply to most effectively test the abilities of an intrusion detection tool?
a) Develop a series of scenarios based on past experience
b) Use tests that generate malicious traffic to add new intrusive specifications
c) Apply it to situations of known malicious traffic
d) Use it in conjunction with other IDS products when possible
08. You are finalizing your security test status report for a project that is ready for deployment into production. There is a high degree of risk for this project due to the nature of the system. As a result, you want to place particular emphasis on risk.
Based on this, what is the best way to articulate risk on your report?
a) A descriptive risk assessment included in the summary
b) Overall risk included in the last section of the report
c) Risk impact described in the summary and later detailed in terms of specific vulnerabilities
d) Risk impact is not part of the summary of the report
09. If an organization experiences a security breach and legal action results, how does it help the organization to have done security testing?
a) By tracing through the documented tests, the security testing team can discover how the breach was possible
b) The documentation from the security testing can be used to track down the perpetrator
c) Since any important information would have been backed up before security testing, this backup can be used to restore any compromised information
d) It can show that the organization has done due diligence to try to prevent such an incident
10. What is a significant concern when seeking approval for the security testing tools?
a) Some countries prohibit the use of certain security testing tools
b) Ensure the approval process for security testing tools can be bypassed on an exception basis in cases where a malicious event is in progress
c) The risks of the tool are rarely known before it is procured and are better discovered when the tools is in use
d) Because security testing tool risks are usually known, there is no need for a mitigating strategy
If you find any errors or typos in ISTQB Certified Tester Foundation Level - Security Tester (CT-SEC) sample question-answers or online ISTQB CTFL - Security Tester practice exam, please report them to us on email@example.com