ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 174 discussion

Actual exam question from ISC's CISSP
Question #: 174
Topic #: 1
[All CISSP Questions]

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)
Code of Professional Ethics, which of the following should the CISSP do?

  • A. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified
  • B. Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner
  • C. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it
  • D. Review the PCI requirements before performing the vulnerability assessment
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Rollizo at Oct. 1, 2022, 11:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
crazywai1221
Highly Voted 1 year, 5 months ago
Selected Answer: A
For exam, A. For real work environment, D. Your boss ask you to do it, do it please
upvoted 18 times
shmoeee
10 months, 2 weeks ago
AGREEED!
upvoted 3 times
...
jackdryan
1 year, 4 months ago
A is correct
upvoted 2 times
...
...
gjimenezf
Most Recent 8 months, 2 weeks ago
Selected Answer: A
According to the (ISC) Code of Professional Ethics, CISSP professionals are obligated to provide services only in areas where they are competent and qualified. If a CISSP has never performed a vulnerability assessment on a web application and is unsure of their capabilities, the ethical course of action is to inform the CISO that they are unable to perform the task and may need to seek assistance or additional training. Option A aligns with the principle of integrity and responsibility outlined in the (ISC) Code of Professional Ethics. It emphasizes the importance of honesty and competence in providing services. Seeking assistance or training in areas where competence is lacking is a responsible and ethical approach.
upvoted 3 times
...
74gjd_37
1 year ago
Selected Answer: A
The CISSP cannot perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit if they are not fully competent and qualified because it goes against the (ISC) Code of Professional Ethics. The code requires that a CISSP should render only those services for which they are fully competent and qualified. Performing a task that the CISSP is not fully competent and qualified to do can result in inadequate or incorrect assessment and recommendations, which can lead to security vulnerabilities and non-compliance with regulations such as PCI DSS. It is essential to ensure that the person performing the vulnerability assessment has the necessary knowledge, skills, and experience to carry out a comprehensive and accurate assessment.
upvoted 3 times
...
shash33
1 year, 8 months ago
Selected Answer: A
Separation of Duties plus act honestly !
upvoted 1 times
...
init2winit
1 year, 8 months ago
Selected Answer: D
Not sure why the answer would be A, anyone that has worked with PCI-DSS knows its a self regulated standard. There is no accreditation on the part of the assessor https://www.pcidssguide.com/how-to-successfully-pass-a-pci-compliance-scan/
upvoted 1 times
...
Ivanchun
1 year, 9 months ago
Selected Answer: A
A, no experience should not take the task
upvoted 1 times
...
Cccccccc123
1 year, 10 months ago
Selected Answer: D
First step would be to investigate whether they are actually not qualified and competent if you ask me. With A you are already assuming this. D for me.
upvoted 3 times
evenkeel
1 year, 8 months ago
Agreed. Due Diligence.
upvoted 1 times
...
...
Rollizo
2 years ago
Selected Answer: A
A is right, it is a canon of ISC2
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago