CISSP certification: Full 125 question practice test #1 – test 2 – Results

  • by
Spread the love

Question 1: Correct

We are implementing Active Directory (AD) to use for managing our access control. Which of these OS families have AD natively included in their processes and services?
  • MacOS.
  • Linux.
  • Windows.
  • Unix.


AD (Active Directory): Included in most Windows Server OS as a set of processes and services. Directory service that Microsoft developed for Windows domain networks. Originally it was only in charge of centralized domain management. As of Windows Server 2008, AD became an umbrella term for a broad range of directory-based identity-related services.

Question 2: Correct

Which organization is responsible for delegating IP address ranges to ISPs (Internet Service Providers) in North America?
  • APNIC.
  • ARIN.


The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. ARIN (American Registry for Internet Numbers): United States, Canada, several parts of the Caribbean region, and Antarctica.

Question 3: Correct

Which industry is the US Gramm-Leach-Bliley Act (GLBA) focused on?
  • Financial.
  • Aerospace.
  • Healthcare.
  • Online stores.


Gramm-Leach-Bliley Act (GLBA): Applies to financial institutions; driven by the Federal Financial Institutions Examination Council (FFIEC); enforced by member agencies, OCC, FDIC, FRB, NCUA, and CFPB. Enacted in 1999, requires protection of the confidentiality and integrity of consumer financial information.

Question 4: Correct

Diameter was designed to replace Radius, but the change never happened. Where is Diameter COMMONLY used now?
  • Router management.
  • Webserver file uploads and downloads.
  • In the 3/4G space.
  • Wireless access points.


Diameter is largely used in the 3/4G space, RADIUS is used elsewhere. Was intended to replacement for RADIUS, but the use cases changed and both now have different uses. Also provides centralized AAA (Authentication, Authorization, and Accounting) management for users who connect and use a network service.

Question 5: Correct

After a major security incident, we need to provide the chain of custody logs for one of the compromised hard drives. Which of these should NOT be part of the logs?
  • When they did it.
  • What was done.
  • Who handled it.
  • What was found.


With the chain of custody everything is documented: Who had it when? What was done? When did they do it? Not what was found.

Question 6: Incorrect

Which type of Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) are completely vulnerable to 0-day attacks?
  • Network based.
  • Behavioral based.
  • Heuristic based.
  • Signature based.


Signature based: Looks for known malware signatures. Faster since they just check traffic against malicious signatures. Easier to set up and manage, someone else does the signatures for us. They are completely vulnerable to 0 day attacks, and have to be updated constantly to keep up with new vulnerability patterns.

Question 7: Correct

What is happening when we experience buffer overflows?
  • The buffer overruns its boundaries and overwrites adjacent hard disk locations.
  • We are not using SSL/TLS.
  • The buffer overruns its boundaries and overwrites adjacent memory locations.
  • User session IDs or tokens are stolen.


Buffer overflow (buffer overrun): An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations, happen from improper coding when a programmer fails to perform bounds checking. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs, if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, if an anomalous transaction produces more data it could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code, and replace it with malicious code.

Question 8: Correct

When an attacker is using intimidation, it is a form of what?
  • Brute force attack.
  • Proper management.
  • Social engineering.
  • Reverse psychology.


Social engineering uses people skills to bypass security controls. Intimidation (If you don’t bad thing happens) – Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks.

Question 9: Incorrect

What is your public key in asymmetric encryption?
  • Used by you to decrypt messages sent to you.
  • Used by someone else to decrypt messages from you.
  • Secret.
  • Shared.


Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can’t be decrypted with your public Key. Your Private Key – You keep this safe. You use it to decrypt messages sent with your public key.

Question 10: Incorrect

BIBA’s Invocation Property prohibits users from what?
  • No write up.
  • No write down.
  • No read and write up.
  • No read and write up and down.


Invocation Property: “No Read or Write UP”. Subjects can never access or alter data on a higher level.

Question 11: Correct

When we are performing background checks on our new employees, we would NEVER look at which of these?
  • Employment history, credit history, references.
  • References, degrees, political affiliation, employment history.
  • References, employment history, criminal records.
  • References, degrees, criminal records, credit history.


When we hire new staff we often do background to ensure we minimize our risks. We can check: References, Degrees, Employment, Criminal, Credit history (less common, more costly). We have new staff sign an NDA (Non-Disclosure Agreement). It is illegal to check or inquire about political preference.

Question 12: Correct

As part of our layered defense, and to prevent unauthorized devices on our network, we have added the MAC sticky command. Where would we configure that?

  • Router.
  • File server.
  • Desktop.
  • Switch.
  • Firewall.


Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.

Question 13: Correct

What could be one of the ways we could protect our data-at-rest?
  • Privacy screens for monitors.
  • Clean desk policy.
  • DAC.
  • Encryption.


Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.

Question 14: Skipped

What is one of the key benefits of using a Host-based Intrusion Prevention System (HIPS) over a Network-based Intrusion Prevention System (NIPS)?
  • We look at the entire network segment.
  • We can inspect the IP packets and prevent port scans.
  • We can see the unencrypted data.
  • We can protect against Distributed Denial Of Service (DDOS) attacks.


Host based, on a client, normally a server or workstation. Can look at the actual data (it is decrypted at the end device), NIDS/NIPS can’t look at encrypted packets.

Question 15: Correct

What would we use a Security Information and Event Management (SIEM) system for?
  • All of these.
  • Near real-time automated identification, analysis and recovery from some security events.
  • Centralized storage and interpreting of logs and traffic.
  • Giving us a holistic view of all events and incidents in our organization.


SIEM (Security Information and Event Management) provides real-time analysis of security alerts generated by network hardware and applications.

Question 16: Correct

What are some of the dangers if we chose to NOT use proper and regular patching of our systems?
  • There are no real dangers as long as we have firewalls.
  • We can’t access the internet if we are missing too many patches.
  • We are at risk of compromise from publicly known attacks.
  • We won’t have enough for our employees to do.


Patches are released to fix known security vulnerabilities, not applying leaves us open to those vulnerabilities that the attackers also know about.

Question 17: Correct

In IT Security we are talking about something as an event, what does that mean?
  • We are being hacked.
  • A triggered warning when something predefined happens (i.e. disk usage over 85%).
  • A system has crashed.
  • Something changed, neither negative or positive.


Event: An observable change in state, this is neither negative nor positive, it is just something has changed. A system powered on, traffic from one segment to another, an application started.

Question 18: Correct

To establish a TCP session, we are using the TCP 3-way handshake. What is the correct order of the handshake?
  • SYN > SYN/ACK > ACK.
  • SYN > ACK > ACK.
  • SYN/ACK > ACK > SYN.
  • SYN > SYN/ACK > SYN.


The 3-way handshake is client SYN > Server SYN/ACK > Client ACK.

Question 19: Correct

Why would an organization offer to use a source code escrow to their customers?
  • To make our source code publicly available.
  • So the customer has access to the source code if we go bankrupt.
  • To ensure the code is tested completely.
  • Because we want them to see the source code whenever they want to.


Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.

Question 20: Correct

One of your coworkers is telling you about our new policies for PII. What is she referring to?
  • Professional Information Identifiers.
  • Personally Information Indicators.
  • Personally Identifiable Information.
  • Personality Indicator Information.


PII is the abbreviation for Personally Identifiable Information.

Question 21: Incorrect

Which security principle is Clark-Wilson based on?
  • Confidentiality.
  • Accountability.
  • Integrity.
  • Availability.


Clark-Wilson – Integrity: Separates end users from the backend data through ‘Well-formed transactions’ and ‘Separation of Duties’. The model uses Subject/Program/Object. We have discussed the Subject/Object relationship before, but this puts a program between the two. We don’t allow people access to our inventory when they buy from us. We give them a limited functionality interface they can access.

Question 22: Correct

When we are talking about RAM what are we referencing?
  • Real alerting mirroring.
  • Volatile memory.
  • Non-volatile memory.
  • Remote access management.


RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss(or within a few minutes). This can be memory sticks or embedded memory.

Question 23: Correct

We have had a lot of employee complaints since we started blocking TCP/UDP port 80. What are we blocking?
  • HTTPS.
  • HTTP.
  • SMTP.
  • POP3.


Hypertext Transfer Protocol (HTTP) uses TCP/UDP port 80, can also use port 8008 and 8080 .

Question 24: Correct

When we are reviewing our audit logs, it is which type of a control?
  • Preventative.
  • Deterrent.
  • Detective.
  • Physical.


Audit log reviews is a detective control, we look at what happened after it happened, looking for patterns and issues.

Question 25: Skipped

As part of our risk management, we are working on quantitative risk analysis. Select all the terms we would use in this phase:
  • ​Annualized Loss Expectancy (ALE)
  • ​Risk Analysis Matrix (RAM)
  • ​Future Growth Potential (FGP)
  • ​Exposure factor (EF) 
  • Asset Value (AV) 


Quantitative Risk Analysis – We want exactly enough security for our needs. This is where we put a number on that. We find the asset’s value: How much of it is compromised, how much one incident will cost, how often the incident occurs and how much that is per year. Asset Value (AV) – How much is the asset worth? Exposure factor (EF) – Percentage of Asset Value lost? Single Loss Expectancy (SLE) – (AV x EF) – What does it cost if it happens once? Annual Rate of Occurrence (ARO) – How often will this happen each year? Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

Question 26: Correct

You hear a colleague talk about polyinstantiation. What does that mean?
  • Deducing facts from data rather than specific statements.
  • Looking at a normal baseline and learning of new factors on the network from higher traffic.
  • Collecting data to analyze it.
  • Two or more instances of the same data, depending on who accesses it.


Polyinstantiation  (Alternative Facts) – Two (or more) instances of the same file depending on who accesses it. The real information may be available to subjects with Top Secret clearance, but different information will be available to staff with Secret or lower clearance.

Question 27: Correct

Jane is using the Scrum project management methodology. Which of these would be some of the core team roles in the Scrum framework? (Select all that apply).
  • The product owner.
  • The Scrum master.
  • The development team.
  • The project sponsor.
  • The project manager.


Scrum is a framework for managing software development. Scrum is designed for teams of approximately 10 individuals, and generally relies on two-week development cycles, called “sprints”, as well as short daily stand-up meetings. The three core roles in the Scrum framework. The product owner: Representing the product’s stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business. Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.

Question 28: Correct

What could a vulnerability scan possibly help us find?
  • System misconfigurations, missing patches and a list of threats.
  • Outdated software, missing patches and system misconfigurations.
  • Missing patches, outdated software and high utilization on a resource.
  • Missing patches, outdated software and users accessing files they shouldn’t.


A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching.

Question 29: Skipped

When we talk about auditing in the IAAA model, what does that mean?
  • Assigns attributes to identities.
  • Traces actions to subjects identities.
  • Allows users to access data 24/7.
  • Compares object labels to the clearance of the subject.


Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability. Uses audit trails and logs, to associate a subject with its actions.

Question 30: Skipped

When our organization is using mandatory access control. What would subjects have?
  • Clearance.
  • Labels.
  • Objects.
  • Assets.


Subjects have Clearance assigned to them. A formal decision on a subject’s current and future trustworthiness. The higher the clearance, the more in-depth the background checks should be (always in military, not always in business).

Question 31: Skipped

The port numbers we use can categorized as well-known, registered, or dynamic/private/ephemeral ports. Which of these is NOT a well-known port?
  • 1023
  • 1024
  • 666
  • 80


Well-known Ports are the ports from port 0-1023, they are mostly used for protocols.

Question 32: Correct

Prior to an external structured audit, we would often do an ‘unstructured’ audit. Who would perform that?
  • External auditors.
  • IT security staff.
  • Senior management.
  • Internal auditors.


Unstructured audits: Internal auditors to improve our security and find flaws, often done before an external audit.

Question 33: Skipped

When we talk about using cryptanalysis in our work, what are we doing?
  • A cryptographic algorithm.
  • Creates messages with a hidden meaning.
  • The science of securing communications.
  • The science of breaking encrypted communications.


Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them.

Question 34: Correct

We have decided to implement job rotation in our organization. What can that help prevent?
  • Employee burnout.
  • Errors.
  • All of these.
  • Fraud.


Job rotation: For the exam, think of it as a way to detect errors and frauds. It is easier to detect fraud, and there is less chance of collusion between individuals if they rotate jobs. It also helps with employee burnout, and it helps employees understand the entire business. This can be too cost prohibitive for the exam/real life; make sure that on the exam, the cost justifies the benefit.

Question 35: Correct

Which of these would NOT be part of a good identity and access provisioning lifecycle?
  • Locking accounts when employees leave the organization.​
  • Leaving accounts unlocked when employees leave the organization.
  • Notifying users to change their passwords before they expire. Revoking accounts and access when contractors stop working for us.
  • Identify accounts that has not been used for more than 10 days following their creation.


Account should be locked when employees leave the organization. Deleting them makes it harder to audit, deactivation/locking is preferred.

Question 36: Correct

What would we NOT look at in a security assessment?
  • Change management.
  • Penetration tests.
  • Security audits.
  • Employee performance.


Security Assessments: A full picture approach to assessing how effective our access controls are, they have a very broad scope. We would not look at Employee performance. Security assessments often span multiple areas, and can use some or all of these components: Policies, procedures, and other administrative controls. Assessing the real world-effectiveness of administrative controls. Change management. Architectural review. Penetration tests. Vulnerability assessments. Security audits.

Question 37: Correct

When someone is typo squatting, what are they doing?
  • Legal.
  • Never profitable.
  • Always illegal.
  • Potentially illegal.


Typo squatting – Buying an URL that is VERY close to real website name (Can be illegal in certain circumstances).

Question 38: Correct

After an attack on our servers, who should handle digital forensic evidence?
  • Someone trained in the process.
  • The data steward.
  • Anyone who is available.
  • The data owner.


People handling digital forensic evidence should always be trained in proper handling.

Question 39: Correct

We are using the CIA triad to, at a high level, explain IT security to our board of directors. Which of these are the 3 legs of the CIA triad?
  • Confidentiality, Integrity and Accountability.
  • Integrity, availability and confidentiality.
  • Confidentiality, Identity and Availability.
  • Identity, accountability and confidentiality.


The CIA (Confidentiality, Integrity, Availability) Triad: Confidentiality – We keep our data and secrets secret. Integrity – We ensure the data has not been altered. Availability – We ensure authorized people can access the data they need, when they need to.

Question 40: Skipped

In software acceptance testing, what is the purpose of production acceptance testing?
  • To ensure the software perform as expected in our live environment vs. our development environment.
  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
  • To ensure the software is functional for and tested by the end user and the application manager.


Compatibility/production testing: Does the software interface as expected with other applications or systems? Does the software perform as expected in our production environment vs. the development environment

Question 41: Skipped

As part of improving the security posture of our organization we have added multifactor authentication. Which of these pairs does NOT constitute multifactor authentication?
  • Username and smartcard.
  • Fingerprint and PIN.
  • PIN and credit card.
  • Password and username.


Multifactor authentication uses authentication from more than one factor (something you know, are or have). Passwords and usernames are not multifactor, they are both knowledge factors.

Question 42: Incorrect

When we talk about WORM media, what are we referring to?
  • RAM.
  • Hard disks.
  • R DVD’s.


WORM Media (Write Once Read Many): CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).

Question 43: Correct

Our organization is using least privilege in our user access management. How are our users assigned privileges?
  • Privileges at the data owner’s discretion

  • Exactly the minimum feasible access for the user to perform their job.
  • The same privileges as the rest of the group has.
  • More privileges than they need for their day-to-day job, so they can perform certain tasks in an emergency.


Least Privilege also called “Minimum necessary access”, we give our users and systems exactly the access they need, no more, no less.

Question 44: Correct

When we are using knowledge-based factors in our authentication process, we would use all of these, EXCEPT which?
  • Passwords.
  • Pass phrases.
  • PINs.
  • Single-use passwords.


Single-use password is not a knowledge based factor, it is a possession based factor.

Question 45: Correct

What would be one of the EASIEST ways to confirm if our access control mechanics are working?
  • Reviewing CCTV files.
  • Stand at the doors and look at who enters a building or a certain room.
  • Get alerts for each login and manually check them all.
  • Reviewing security audit logs.


Audit log reviews is the easiest way to confirm our access control mechanisms are working.

Question 46: Skipped

Which type of access control model is based on a subject’s clearance?
  • Mandatory Access Control (MAC)
  • Role-Based Access Control (RBAC)
  • Discretionary Access Control (DAC)
  • Rule-Based Access Control (RUBAC)


MAC – (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels.

Question 47: Correct

Which type of Intrusion Prevention System (IPS) response prevents authorized traffic?
  • True negative.
  • True positive.
  • False negative.
  • False positive.


False Positive: Normal traffic and the system detects it and acts.

Question 48: Skipped

In incident management, which of these is NOT a recognized category of events and/or incidents?
  • Environments.
  • Behavioral.
  • Human.
  • Natural.


Behavioral is a subset of human, and no a recognized category.

Question 49: Skipped

When we are implementing new access control mechanisms, looking at the IAAA model, what could we use for identification?
  • Non-repudiation.
  • Role based access control.
  • A password.
  • Usernames.


User names are used for identification, we should never allow group logins or accounts. Your name, username, ID number, employee number, SSN etc.

Question 50: Incorrect

When would we deploy honeypots?
  • Whenever we want to, to lure attackers in.
  • During an attack to trick the attacker.
  • Whenever we deploy a new system to see if it is vulnerable.
  • None of these.


While honeypots can be useful, we do not want to lure attackers in (entrapment). If we deployed one each time we launched a system we could have 1000’s of them, and during an attack we are busy with more important things.

Question 51: Correct

We are asked to help design the policies for our organization in regarding to PHI. What is that?
  • Protected Health Information.
  • Protected Human Interactions.
  • Procured Hospital Information.
  • Personal Heuristic Information.


PHI is the abbreviation for Protected Health Information.

Question 52: Incorrect

Which of these is the WEAKEST form of authentication we can implement?
  • Something you are.
  • Something you know.
  • Something you have.
  • Biometrics.


Something you know – Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. It is the weakest form of authentication, and can easily be compromised.

Question 53: Skipped

What is a WEAKNESS of the Challenge Handshake Authentication Protocol (CHAP)?
  • Credentials are sent over the network in plaintext.
  • It periodically verifies the identity of clients with a 3-way handshake.
  • It uses incremental changing identifiers and variable challenge-values.
  • Credentials are stored in plaintext on the server.


CHAP (Challenge-Handshake Authentication Protocol): The CHAP server stores plaintext passwords of each client, an attacker gaining access to the server can steal all the client passwords stored on it. Provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. Requires the client and server know the plaintext of a shared secret, but it is never sent over the network. Providing better security compared to PAP which is vulnerable for both these reasons. Used by PPP (Point to Point Protocol) servers to validate the remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake.

Question 54: Correct

We are in a court of law and we are presenting real evidence. What constitutes real evidence?
  • Logs, audit trails and other data from the time of the attack.
  • Something you personally saw or witnessed.
  • Tangible and physical objects.
  • The data on our hard drives.


Real Evidence is tangible and physical objects, in IT Security it is things like hard disks, USB drives and not the data on them.

Question 55: Correct

Which of these hackers would you hire to do penetration testing?
  • Gray hat hacker.
  • White hat hacker.
  • Black hat hacker.
  • Script kiddie.


White Hat hackers: Professional Pen Testers trying to find flaws so we can fix it (Ethical Hackers). Black Hat hackers: Malicious hackers, trying to find flaws to exploit them (Crackers – they crack the code). Gray/Grey Hat hackers: They are somewhere between the white and black hats, they go looking for vulnerable code, systems or products. They often just publicize the vulnerability (which can lead to black hats using it before a patch is developed). Gray hats sometimes also approach the company with the vulnerability and ask them to fix it and if nothing happens they publish. Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

Question 56: Correct

We want to be able to restore our systems with no more than 48 hours of data loss. Which of these could be a backup rotation we could chose to implement?
  • Backups before each system update or patch we apply.
  • Monthly full backups and weekly incrementals.
  • Weekly full backups and daily differential backups.
  • Weekly full and incremental backups every 3 days.


If we can have no more than 48 hours of data loss the only viable option is a daily backup.

Question 57: Incorrect

There are a lot of challenges with audit record management. Which of these is not of them?
  • Audit records are only reviewed for the bad stuff.
  • Logs are not reviews on a regular and timely basis.
  • We are storing logs and alerts for too long.
  • Log entries and alerts are not prioritized.


Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets – they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff.

Question 58: Incorrect

When our organization is buying custom developed third party software, which of these should NOT be a concern?
  • How good are they at what they do.
  • What other companies who have implemented the exact same software says about it.
  • Who will support it when development is completed.
  • Who owns the code.


We should address support, who owns the code and how good the software development company is, we can’t really see what other companies say about the software it is being custom developed for us.

Question 59: Skipped

Which of these could be some of the ways we can protect our data when an employee is actively using it?
  • Need to know policy.
  • Encryption, clean desk policies, view angle screen.
  • Clean desk policies, print policies, job rotation, mandatory vacations, view angle screens.
  • Clean desk policies, view angle screens, computer locking when not in use.


Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.

Question 60: Incorrect

When we are categorizing disasters for our Business Continuity Plan (BCP), we would categorize them into which of these categories? (Select all that apply).
  • Environmental.
  • Natural.
  • Hardware.
  • Physical.
  • Human.


We categorize disasters in 3 categories: natural, human, or environmental. Natural: Anything caused by nature; this could be earthquakes, floods, snow, tornados, etc. Human: Anything caused by humans; they can be intentional or unintentional disasters; unintentional could be an employee using a personal USB stick on a PC at work and spreading malware, which would be just as bad as if an attacker had done it, but the employee was just ignorant, careless, or didn’t think it would matter. Environmental (not to be confused with natural disasters); Anything in our environment; could be power outage/spikes, hardware failures, provider issues, etc.

Question 61: Skipped

In which order would you use the Software Development Life Cycle (SDLC)?
  • Analysis, investigation, design, build, implement, test, maintenance and support.
  • Investigation, design, analysis, build, implement, test, maintenance and support.
  • Investigation, analysis, design, build, test, implement, maintenance and support.
  • Investigation, analysis, design, build, implement, test, maintenance and support.


SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal). Can have security built into each step of the process, for the exam it always does.

Question 62: Skipped

Which layer of the Open Systems Interconnect (OSI) model isolates traffic into broadcast domains?
  • 4
  • 1
  • 5
  • 3


Layer 3: Network Layer: Expands to many different nodes (IP) – The Internet is IP based. Isolates traffic into broadcast domains.

Question 63: Skipped

In the TCP/IP model, frames and bits are the Protocol Data Units (PDUs) of which layer?
  • Application.
  • Transport.
  • Internetworks.
  • Link and physical.


Frames and bits are the Protocol Data Units (PDUs) of the Link and physical layer of the TCP/IP model. (Frames are OSI layer 2 and bits are OSI layer 1).

Question 64: Skipped

What was the intent of the US Electronic Communications Privacy Act of 1986 (ECPA)?
  • To protect electronic communication by mandating service providers to use strong encryption.
  • To protect electronic communication against warrantless wiretapping.
  • To allow search and seizure without immediate disclosure.
  • To allow law enforcement to use wiretaps without a warrant or oversight.


Electronic Communications Privacy Act (ECPA) was designed for protection of electronic communications against warrantless wiretapping, but it was very weakened by the Patriot Act.

Question 65: Skipped

For access control management, which of these is considered something you have?
  • MAC address.
  • PIN.
  • Cookie on computer.
  • Fingerprint.


Things in your possession, not things you know (knowledge factor) or something you are (biometrics).

Question 66: Skipped

Which process would we use to handle updates to our environments?
  • Agile project management.
  • Process review.
  • Change management.
  • Change consolidation.


Change Management: Often called change control, a formalized process on how we handle changes to our environments. If done right we will have full documentation, understanding and we communicate changes to appropriate parties. The change review board should be comprised of both IT and other operational units from the organization, we may consider impacts on IT, but we are there to serve the organization, they need to understand how it will impact them and raise concerns if they have any.

Question 67: Skipped

When the Patriot Act was signed into law in 2001, it allowed law enforcement to do what?
  • Protect electronic communication against warrantless wiretapping.
  • Allow law enforcement to use wiretaps without a warrant or oversight.
  • Allows search and seizure without immediate disclosure.
  • Protect electronic communication by mandating service providers to use strong encryption.


PATRIOT Act of 2001: Expands law enforcement electronic monitoring capabilities. Allows search and seizure without immediate disclosure.

Question 68: Skipped

We are using cloud computing and have chosen to use IaaS. Who is responsible for the databases?
  • The network team.
  • The customer.
  • The vendor.
  • The security team.


IaaS – (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

Question 69: Skipped

We are implementing several new countermeasures to make our organization less susceptible to fraud. As part of that we are implementing mandatory vacations. How would we use those?
  • Used to upgrade systems.
  • A detective mechanism that can detect fraud.
  • Scheduled far in advance and the employee is notified.
  • Given to employees to reward them.


Mandatory vacations: Done to ensure one person is not always performing the same task, someone else has to cover and it can keep fraud from happening or help us detect it. Their accounts are locked and an audit is performed on the accounts. If the employee has been conducting fraud and covering it up, the audit will discover it. The best way to do this is to not give too much advance notice of vacations.

Question 70: Skipped

To ensure the confidentiality, integrity, and availability of our backup tapes, where would it be appropriate to store them?
  • Our data center.
  • A closet we have access to.
  • Under the bed.
  • In a backup storage facility.


Where do we keep our sensitive data? It should be kept in a secure, climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too. Many older breaches were from bad policies around tape backups. Tapes were kept at the homes of employees instead of at a proper storage facility or in a storage room with no access logs and no access restrictions (often unencrypted).

Question 71: Skipped

What does SOC2 type 1 report on?
  • The future state of our controls and countermeasures.
  • The suitability of the design of controls.
  • How resilient our systems are and how often we can expect exploits with our current settings.
  • The suitability of the design AND operating effectiveness of controls.


SOC 2 Type 1 report on management’s description of a service organization’s system and the suitability of the design of controls.

Question 72: Skipped

As part of our software testing, we are doing static software testing. What are we doing?
  • Submit random malformed input to crash the software or elevate privileges.
  • Passively test the code, but not run it.
  • Test the code while executing it.
  • Build scripts and tools that would simulate normal user activity.


Static testing – Passively testing the code, it is not running. This is walkthroughs, syntax checking, and code reviews. Looks at the raw source code itself looking for evidence of known insecure practices, functions, libraries, or other characteristics having been used in the source code.

Question 73: Skipped

We are throughout our organization using Intrusion detection systems (IDS) and Intrusion prevention system (IPS). What are some of the COMMON types of those?
  • Heuristic, host based, network based.
  • Switch based, network based, signature based.
  • Network based, host based, firewall based.
  • Signature based, network based, firewall based.


IDSs (Intrusion Detection Systems) and IPSs (Intrusion Prevention Systems) can be categorized into 2 types and with 2 different approaches to identifying malicious traffic. Network based, placed on a network segment (a switch port in promiscuous mode). Host based, on a client, normally a server or workstation. Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns. Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic.

Question 74: Skipped

When we talk about referential databases, what does referential integrity mean?
  • Each tuple has a unique primary value that is not null.
  • When the database has errors.
  • Each attribute value is consistent with the attribute data type.
  • When every foreign key in a secondary table matches the primary key in the parent table.


Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.

Question 75: Skipped

Which of these encryption methods is truly unbreakable if it is implemented right?
  • A Vigenère cipher.
  • One-time pads.
  • Symmetric encryption.
  • Enigma.


One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure.

Question 76: Skipped

We have removed a server from our production environment. We format the hard drives, install a new OS (Operating System), and application on the disks. We then put the newly installed server back into production. Which of these would be TRUE about the original data a week later?
  • Hidden, but not recoverable.
  • Gone forever.
  • Always completely recoverable.
  • Possibly partially recoverable.


We can still recover files that has not been overwritten yet, formatting just removes the file structure.

Question 77: Skipped

We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need?
  • 4950
  • 2000
  • 100
  • 200


Asymmetric encryption uses 2 keys per user, so we would need 200 keys.

Question 78: Skipped

We have a contract with some penetration testers. In which phase would the tester look for vulnerabilities and design the attack?
  • Gaining access.
  • System browsing.
  • Discovery.
  • Escalate privileges.


Discovery (planning): Finding the vulnerabilities, design the attacks.

Question 79: Skipped

What is LDAP COMMONLY used for?
  • Hashing passwords.
  • Managing firewall and router access lists.
  • Internet routing protocol.
  • Central username and password storage.


LDAP (The Lightweight Directory Access Protocol) is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users. Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389.

Question 80: Skipped

What would a penetration testing Statement Of Work (SOW) NOT include?
  • IP ranges.
  • Rules of engagement.
  • Complete and accurate employee Protected Health Information (PHI).
  • Time frames.


Penetration Testing (Pen Testing) have very clear rules of engagement defined in a SOW (Statement Of Work). Which IP ranges, time frame, tools, POC, how to test, what to test.

Question 81: Skipped

Which type of software development uses programming pairs?
  • Waterfall.
  • Scrum.
  • Agile.
  • XP.


XP (Extreme programming) uses programming in pairs or doing extensive code review. Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted.

Question 82: Skipped

We often refer to 0-day vulnerabilities when we talk about IT security vulnerabilities. What would constitute 0-day vulnerabilities?
  • Known vulnerabilities we have already patched.
  • Known vulnerabilities that we have not patched yet.
  • Vulnerabilities that do not affect our systems.
  • Vulnerabilities not generally known or discovered.


0day vulnerabilities: Vulnerabilities not generally known or discovered, the first time an attack is seen is considered day 0, hence the name. From a vulnerability is discovered it is now only a short timespan before patches or signatures are released on major software.

Question 83: Skipped

We are using some of the best practice rules on our password’s requirements. Which of these would NOT be part of that?
  • Password hashing and salting.
  • Minimum password age.
  • Maximum password age.
  • No minimum password age.


Minimum password age is implemented to prevent users from cycling through the last used passwords to return to their favorite password again. They should also use contain minimum length, upper/lower case letters, numbers and symbols, they should not contain full words or other easy to guess phrases.

Question 84: Skipped

Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption?
  • RSA.
  • RC6.
  • Twofish.
  • 3DES.


RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.

Question 85: Skipped

On which layer of the Open Systems Interconnection model (OSI) model would we find the broadcast address FF:FF:FF:FF:FF:FF?

  • B: Layer 4.
  • E: Layer 1.
  • C: Layer 3.
  • D: Layer 2.
  • A: Layer 5.


FF:FF:FF:FF:FF:FF is the layer 2 broadcast address. Layer 2 uses mac addresses.

Question 86: Skipped

Which of these is NOT an example of broken authentication or session management (OWASP A2)?
  • Session never expires.
  • Session IDs are kept in plaintext.
  • Session IDs are pseudo random.
  • Session IDs are predictable.


A2 Broken Authentication and Session Management. Sessions do not expire or take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, session IDs, Passwords, etc., are kept in plaintext. Pseudo random session IDs would be a broken authentication counter measure.

Question 87: Skipped

Which of these is a TRUE statement about the TCP protocol?
  • It is connection oriented.
  • It is connectionless.
  • It is proprietary.
  • It is always encrypted.


TCP (Transmission Control Protocol): Reliable, Connection oriented, Guaranteed delivery, 3 way handshake, slower/more overhead, data reassembled.

Question 88: Skipped

As part of our updated security posture, we have started blocking TCP/UDP port 22 as a default. What are we blocking?
  • Telnet.
  • FTP control.
  • SSH.
  • FTP data transfer.


SSH (Secure Shell) uses the well-known TCP/UDP port 22.

Question 89: Skipped

Which of these authentication protocols is no longer considered secure?
  • Diameter.
  • Radius.
  • TACACS+.


TACACS (The Terminal Access Controller Access Control System): Centralized access control system requiring users to send an ID and reusable (vulnerable) passwords for authentication, because of this it is no longer considered secure. Uses TCP/UDP port 49. TACACS has generally been replaced by TACACS+ and RADIUS.

Question 90: Skipped

As part of a security assessment we are having an external company do penetration testing. What do we call a penetration test where the tester has full admin level knowledge about our organization and IT infrastructure? (Select all that apply).
  • Clear box.
  • Gray box.
  • Black box.
  • Full box.
  • Crystal box.
  • White box.


White box (Crystal/Clear) Pen testing: (Full Knowledge). The attacker has knowledge of the internal network and access to it like a privileged employee would. Normally Administrator access employee with full knowledge of our environment. There is no full box, gray is partial knowledge and black is no knowledge.

Question 91: Skipped

Looking at our incident management plan, which of these can we possibly mitigate with a redundant geographical distant site?
  • Emergencies.
  • Events.
  • Incidents.
  • Disasters.


Disaster: Our entire facility is unusable for 24 hours or longer. If we are geographically diverse and redundant we can mitigate this a lot. Yes, a snowstorm can be a disaster.

Question 92: Skipped

Looking at our data management, what is the user’s role?
  • Be trained in the policies, procedures and standards.
  • Perform the backups and restores.
  • Make the policies, procedures and standards that govern our data security.
  • Assign the sensitivity labels and backup frequency of the data.


Users: These are the users of the data. User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards.

Question 93: Skipped

When we implement centralized logging, we want it to be:
  • Automated, unsecure, and accessible by administrators.
  • Automated, secure and administrators should have limited access.
  • Automated, secure and accessible by everyone.
  • Automated, secure, and accessible by administrators.


Centralized Logging: Should be automated, secure and even administrators should have limited access.

Question 94: Skipped

Which of these protocols is NOT found on layer 7 of the Open Systems Interconnection (OSI) model?
  • PAP.
  • FTP.
  • Telnet
  • HTTP.


PAP is a layer 5 protocol (used for setting up sessions). FTP, LDAP and HTTP are all layer 7 protocols.

Question 95: Skipped

Those acting under “the color of law” can act on an exigent circumstance. What would constitute exigent circumstances?
  • An outside circumstance which does not pose any threat to life or data.
  • An unpatched vulnerability on our systems, attackers have no way of exploiting.
  • Potential threat to data or human life in the future.
  • Immediate threat to human life or of evidence destruction.


Exigent circumstances apply if there is an immediate threat to human life or of evidence destruction. This will later be decided by a court if it was justified. Only applies to law enforcement and those operating under the “color of law” – Title 18. U.S.C. Section 242 – Deprivation of Rights Under the Color of Law.

Question 96: Skipped

What could be one of the NEGATIVE consequences of implementing Single Sign On (SSO) in our organization?
  • SSO has weaker password requirements than regular applications does.
  • It is easier for users to just use one login.
  • It takes too long to remember a single password over many.
  • If compromised the attacker has access to all the systems the user does.


SSO (Single sign-on): Users use a single sign-on for multiple systems. If an attacker compromises a single password they have access to everything that user can access. Often deployed in organizations where users have to access 10+ systems, and they think it is too burdensome to remember all those passwords. SSO have the same strong password requirements as normal single system passwords.

Question 97: Skipped

If our organization have role-based access control and need to know policies, which of these actions are allowed?
  • Browsing around random data to just see what it contains.
  • Accessing data you don’t need to do your job.
  • Accessing data you need to do your job.
  • Accessing your colleagues payroll data to see how much they get paid.


Role based access control assigns access to roles, with added need to know, just because you have access does not mean you are allowed the data. You need a valid reason for accessing the data. If you do not have one you can be terminated/sued/jailed/fined.

Question 98: Skipped

With the CIA triad in mind, if we have too much confidentiality which other control will suffer the MOST?
  • Integrity.
  • Availability.
  • Accountability.
  • Authentication.


Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the cornerstone of IT Security – finding the RIGHT mix for your organization. Too much Confidentiality and the Availability can suffer.

Question 99: Skipped

We are wanting to erase EPROM memory to update to the latest firmware. How would we do that?
  • Shine an UV light on the chip.
  • Taking the chip out of the motherboard and degauss it.
  • It can’t be erased once it has been written.
  • We can use programs to erase the content.


EPROM (Erasable Programmable Read Only memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil).

Question 100: Skipped

Using EEPROM makes work easier for our IT staff, what is one of the dangers associated with it?
  • There are no dangers, it is completely safe.
  • Flashing with an UV light can damage your eyes.
  • Since it is programmable, attackers can attack it.
  • Anyone can easily access it.


EEPROM (Electrically Erasable Programmable Read Only memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers.

Question 101: Skipped

Why would we choose a centralized access control system over a decentralized one?
  • It is easier to manage.
  • Faster response time at remote locations.
  • If the internet between sites is down, we can’t authenticate.
  • Different security postures at different locations.


Centralized Pros: (Decentralized Cons): All systems and locations have the same security posture. Easier to manage: All records, configurations and policies are centralized and only configured once per policy. Attackers look for the weakest link in our chain, if a small satellite office is not following our security posture, they can be an easy way onto our network. It is more secure, only a few people have access and can make changes to the system. It can also provide separation of duties, the local admin can’t edit/delete logs from their facility. SSO can be used for user access to multiple systems with one login. Centralized Con’s: (Decentralized Pros): Traffic overhead and response time, how long does it take for a door lock to authenticate the user against the database at the head office? Is connectivity to the head office stable, is important equipment on redundant power and internet?

Question 102: Skipped

We often allow users to use “secret questions and answers” to unlock their accounts, because it makes our administrators workload lighter. Can they also be used as an attack vector?
  • Yes, but it would be harder to break than encryption.
  • No, no one else would know the answers.
  • Yes, but it really never happens, the information we use for them is so hard to get it is hardly worth it.
  • Yes, the answers are often something that can be researched.


Secret questions like “Where were you born?” are poor examples of a knowledge factor, it is known by a lot of people and can often be researched easily.

Question 103: Skipped

Which of these would be an IP socket-pair?
  • and
  • and
  • and
  • and


Socket Pairs (TCP): 2 sets of IP and Port (Source and Destination). This could be Source pair: Destination pair: Well-known ports are often translated, port 443 is https.

Question 104: Skipped

Which of these is NOT covered by the Wassenaar Arrangement?
  • Munitions.
  • Rockets.
  • SQL Databases.
  • Encryption algorithms.


Wassenaar Arrangement – 1996 – present. Limits exports on military and “dual-use” technologies. Cryptography is part of that. Some nations also use it to prevent their citizens from having strong encryption (easier to spy on your own people if they can’t use strong cryptography).

Question 105: Skipped

In our digital forensics, which of these should NEVER happen?
  • Keep a perfect chain of custody log.
  • Do forensics on the compromised hard drive.
  • Do forensics on a bit level copy of the compromised hard drive.
  • Remove the system from the network to prevent the issue from spreading.


Digital forensics should always be done on bit level copies of the original, never the original.

Question 106: Skipped

Bob is working on designing new access controls across our organization. Which documentation should he reference to know how and what to implement?
  • Our policies, procedures and standards.
  • It is at his discretion, Bob is the most knowledgeable employee we have on access control.
  • The latest tech reviews and technology.
  • He would ask his peers what they would implement since they know best and when they agree implement that.


Our Access Control is determined by our policies, procedures, and standards. This outlines how we grant access whom to what: We use least privilege, need to know, and we give our staff and systems exactly the access they need and no more.

Question 107: Skipped

In our data management, which of these BEST describe the data owner responsibilities?
  • The policies that govern our data security.
  • Assigning sensitivity labels and backup frequency.
  • Backups, restores, patches, system configuration.
  • The systems that house the data.


Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.

Question 108: Skipped

After a security breach, Bob has been asked to ensure evidence integrity. What would he do with the compromised hard drive?
  • Encrypt the drive, then do his forensics on the original drive and when he is done do a hash.
  • Hash the drive and take a bit level copy, hash the copy drive and they should match, then work on the bit level copy.
  • Pull the drive from the system, format it and reinsert it into another production server.
  • Add another drive to the system and copy all he can see on the compromised drive onto the new drive and then do his analysis on the new drive.


Evidence Integrity – It is vital that the evidence’s integrity cannot be questioned. We do this with hashes; any forensics is done on copies and never the originals. We make a bit level copy of the original, hash it, and the copy should match. We do another hash after the forensics, and that should be the same as the prior two.

Question 109: Skipped

Which type of security governance and management would we want to see in our organization?
  • Middle of the road.
  • Top-down.
  • Agile.
  • Bottom-up.


We always want top-down security governance and management, we want senior leadership on our side. Top-Down: IT leadership is on board with IT Security, they lead and set the direction. Bottom-Up: IT Security is seen as a nuisance and not a helper, often change when breaches happen.

Question 110: Skipped

After a major security breach, we are wanting to a lessons learned. Why is that?
  • To show what exactly happened in this incident.
  • To blame someone.
  • To prevent incidents from ever happening again.
  • To learn from the incident so we can do better on future incidents.


Lessons Learned: This phase is often overlooked, we removed the problem, we have implemented new controls and safeguards. We can learn a lot from lessons learned, not just about the specific incidence, but how well we handle them, what worked, what didn’t. How can we as an organization grow and become better next time we have another incidence, while we may have fixed this one vulnerability there are potentially 100’s of new ones we know nothing about yet. At the end of lessons learned we produce a report to senior management, with our finding, we can only make suggestions, they are ultimately in charge (and liable).

Question 111: Skipped

Senior leadership has approved the use of flash drives. Which type of memory do they use?
  • DRAM.
  • PROM.
  • SDRAM.


Flash memory: Small portable drives (USB sticks are an example); they are a type of EEPROM.

Question 112: Skipped

On which layer of the Open Systems Interconnect (OSI) model do we establish the connection between 2 applications?
  • 6
  • 3
  • 4
  • 5


Layer 5: Session Layer: Establishes connection between 2 applications: Setup > Maintenance > Tear Down.

Question 113: Skipped

When you discover a software vulnerability, you notify the vendor of the vulnerability for them to fix it. What is the term used for this?
  • Predictable disclosure.
  • Full disclosure.
  • No disclosure.
  • Partial disclosure.


Responsible/Partial disclosure: Telling the vendor, they have time to develop a patch and then disclose it. If they do nothing we can revert to the full disclosure forcing them to act.

Question 114: Skipped

Which of these protocols is NOT found on layer 3 of the OSI model?
  • ICMP.
  • IKE.
  • IMAP.
  • IP.


IMAP is a layer 7 protocol. IP, IPSEC, IKE, ICMP, … are all layer 3 protocols.

Question 115: Skipped

Which is NOT one of the (ISC)² ethics canons?
  • Act honorably, honestly, justly, responsibly, and legally.
  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Provide diligent and competent service to principles.
  • Think about the social consequences of the program you are writing or the system you are designing.


ISC2 Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principles. Advance and protect the profession.

Question 116: Skipped

When would a logic bomb go off?
  • When it has infected the entire network.
  • A certain event happens or at a certain time.
  • As soon as it is introduced to the system.
  • When the system gets internet access.


Logic Bombs – Malicious code that executes at a certain time or event – they are dormant until the event (IF/THEN). IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code. IF date and time 5/15/18 00:02:12, THEN execute malicious code.

Question 117: Skipped

As part of our server hardening, are blocking all ports on our servers, unless specified as something we needed open in the technical design documentation. When we block TCP/UDP port 3389, what are we blocking?
  • Microsoft Terminal Server (RDP).
  • IMAP.
  • NetBIOS datagram service.
  • NetBIOS name service.


Microsoft Terminal Server (RDP) uses TCP/UDP port 3389.

Question 118: Skipped

Which is the MOST secure encryption type of these 4?
  • Blowfish.
  • DES.
  • AES.
  • RC4.


DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.

Question 119: Skipped

Which of these is NOT a normal phase of a white hat hacker’s strategy?
  • Escalate privileges.
  • Deleting their tracks, the audit files and logs.
  • Installing additional tools as they gain more access and higher privileges.
  • Discovery, finding the vulnerabilities.


White hat hackers use many of the same tools and approaches that black hats would, but they do not delete their tracks, audit files or logs.

Question 120: Skipped

As part of our backup policy we are deciding on how long we should keep our backups. What should we base that decision on?
  • All data is required to be kept 1 year.
  • 1 month, as long as we have a full backup of everything.
  • Forever, we can never get rid of backup data.
  • As long as it is useful or required, whichever is longer.


Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).

Question 121: Skipped

We are implementing biometric authentication. What would be a good reason to do that?
  • It is much cheaper than knowledge factors.
  • It rarely changes.
  • People can easily change their biometrics.
  • It is easy to copy.


Biometric features rarely change unless we have a serious accident. It is more difficult to copy, people can’t change them unless they get surgery and it is normally more expensive than possession or knowledge factors.

Question 122: Skipped

In Scrum project management, what is the Scrum master’s role?
  • Removing obstacles for the development team.
  • Representing the stakeholders/customers.
  • Developing the code/product at the end of each sprint.
  • Being a traditional project manager.


Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.

Question 123: Skipped

Jane is explaining how using AI can help predict healthcare issues for patients. What is AI?
  • Artificial Intelligence.
  • Artificial Integrity.
  • Arithmetic Interference.
  • Artifact Incidents.


AI (Artificial Intelligence): Intelligence exhibited by machines, rather than humans or other animals. True AI is a topic of discussion; what was considered AI years ago has been achieved, and once the goal is reached, the AI definition is tweaked a little.

Question 124: Skipped

The Central Processing Unit (CPU) consists of which two elements?
  • ALU and CU.
  • RAM and BIOS.
  • South bridge and RAM.
  • CU and RPG.


CPU (Central Processing Unit) is the brains of the system. Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math. Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.

Question 125: Skipped

Active Directory (AD) uses trust domains; one domain establishes a trust relationship with another domain. Which of these is NOT an AD trust domain?
  • Intransitive trust.
  • Reflective trust.
  • One-way trust.
  • Transitive trust.


One-way trust, Two-way trust, Trusted domain, Transitive trust and Intransitive trust are all trust domains, there is no reflective trust.

Leave a Reply