Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
As a CISSP, you have been appointed as the Cyber Security manager of a department. During a team meeting, a project team inside your department performs a demo of a system they are about to release to the public (the production environment is already live and they are using it for the demo). Thanks to your expertise and your sharp eye, you understand that several vulnerabilities may exist. Right after the meeting, you go back to your desk, type the url of the system that has been demonstrated in your favorite browser and start a penetration test to validate your guess; of course, at that time, the team is unaware of your thoughts (nor of your tests). It happens that you were correct in your initial assumptions and one of the vulnerabilities you have found is that authentication can be bypassed. In order to demonstrate that you have been able to hack the system by bypassing authentication, you :
Download a backdoor to the server to be able to demonstrate to the team that you have been able to hack the system.
Use administrative features to create a new user with a specific name related to you to demonstrate that you have accessed the restricted feature.
Make screen copies of administrative features that you shouldn't have been able to access, and carefully do not make any change to the system.
Penetrate the system and call every one from your department to tell them the system is vulnerable and should not be released.
As a CISSP security expert, you must respect the code of ethics from (ISC)2. Hence, you should avoid pentesting systems in their production environments to make sure you do not create availability issues. However, in case you have no choice but use production environments, you should make totally sure pentests do not alter them or changes can be totally reverted (no backdoor should remain, no bulk data should exist, etc.); as such, non-destructive actions should be the only actions taken.
EDIT: As a CISSP !!!??? in a CEH Cert !!!
Comment: All answers are wrong, you shall not access a live system without permission, even in your own organization. (Comment #2: It may be true that you can do no more than what you are permitted to do to a live system, but the question didn't ask about strict obedience to guidelines. Given the four options, if one has no choice, I believe that the non-invasive option is indeed best.)
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.