CISSP certification: Full 125 question practice test #1 – test 2 – Results 01102020by adminOctober 1, 2020Spread the love CISSP certification: Full 125 question practice test #1 – test 2 – Results Return to review Attempt 8 All knowledge areas All questions Question 1: Skipped As part of our risk management, we are working on quantitative risk analysis. Select all the terms we would use in this phase: Future Growth Potential (FGP) Asset Value (AV) (Correct) Exposure factor (EF) (Correct) Risk Analysis Matrix (RAM) Annualized Loss Expectancy (ALE) (Correct) Explanation Quantitative Risk Analysis – We want exactly enough security for our needs. This is where we put a number on that. We find the asset’s value: How much of it is compromised, how much one incident will cost, how often the incident occurs and how much that is per year. Asset Value (AV) – How much is the asset worth? Exposure factor (EF) – Percentage of Asset Value lost? Single Loss Expectancy (SLE) – (AV x EF) – What does it cost if it happens once? Annual Rate of Occurrence (ARO) – How often will this happen each year? Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing. Question 2: Correct What would a penetration testing Statement Of Work (SOW) NOT include? Time frames. IP ranges. Rules of engagement. Complete and accurate employee Protected Health Information (PHI). (Correct) Explanation Penetration Testing (Pen Testing) have very clear rules of engagement defined in a SOW (Statement Of Work). Which IP ranges, time frame, tools, POC, how to test, what to test. Question 3: Skipped Which type of access control model is based on a subject’s clearance? Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Mandatory Access Control (MAC) (Correct) Rule-Based Access Control (RUBAC) Explanation MAC – (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels. Question 4: Correct Which process would we use to handle updates to our environments? Change management. (Correct) Process review. Change consolidation. Agile project management. Explanation Change Management: Often called change control, a formalized process on how we handle changes to our environments. If done right we will have full documentation, understanding and we communicate changes to appropriate parties. The change review board should be comprised of both IT and other operational units from the organization, we may consider impacts on IT, but we are there to serve the organization, they need to understand how it will impact them and raise concerns if they have any. Question 5: Correct We have decided to implement job rotation in our organization. What can that help prevent? Errors. All of these. (Correct) Employee burnout. Fraud. Explanation Job rotation: For the exam, think of it as a way to detect errors and frauds. It is easier to detect fraud, and there is less chance of collusion between individuals if they rotate jobs. It also helps with employee burnout, and it helps employees understand the entire business. This can be too cost prohibitive for the exam/real life; make sure that on the exam, the cost justifies the benefit. Question 6: Correct When you discover a software vulnerability, you notify the vendor of the vulnerability for them to fix it. What is the term used for this? Partial disclosure. (Correct) Full disclosure. No disclosure. Predictable disclosure. Explanation Responsible/Partial disclosure: Telling the vendor, they have time to develop a patch and then disclose it. If they do nothing we can revert to the full disclosure forcing them to act. Question 7: Skipped Active Directory (AD) uses trust domains; one domain establishes a trust relationship with another domain. Which of these is NOT an AD trust domain? Transitive trust. Reflective trust. (Correct) Intransitive trust. One-way trust. Explanation One-way trust, Two-way trust, Trusted domain, Transitive trust and Intransitive trust are all trust domains, there is no reflective trust. Question 8: Skipped What does SOC2 type 1 report on? The future state of our controls and countermeasures. How resilient our systems are and how often we can expect exploits with our current settings. The suitability of the design of controls. (Correct) The suitability of the design AND operating effectiveness of controls. Explanation SOC 2 Type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Question 9: Correct Why would we choose a centralized access control system over a decentralized one? It is easier to manage. (Correct) If the internet between sites is down, we can’t authenticate. Different security postures at different locations. Faster response time at remote locations. Explanation Centralized Pros: (Decentralized Cons): All systems and locations have the same security posture. Easier to manage: All records, configurations and policies are centralized and only configured once per policy. Attackers look for the weakest link in our chain, if a small satellite office is not following our security posture, they can be an easy way onto our network. It is more secure, only a few people have access and can make changes to the system. It can also provide separation of duties, the local admin can’t edit/delete logs from their facility. SSO can be used for user access to multiple systems with one login. Centralized Con’s: (Decentralized Pros): Traffic overhead and response time, how long does it take for a door lock to authenticate the user against the database at the head office? Is connectivity to the head office stable, is important equipment on redundant power and internet? Question 10: Correct Which type of software development uses programming pairs? Agile. XP. (Correct) Waterfall. Scrum. Explanation XP (Extreme programming) uses programming in pairs or doing extensive code review. Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted. Question 11: Correct In the TCP/IP model, frames and bits are the Protocol Data Units (PDUs) of which layer? Link and physical. (Correct) Application. Transport. Internetworks. Explanation Frames and bits are the Protocol Data Units (PDUs) of the Link and physical layer of the TCP/IP model. (Frames are OSI layer 2 and bits are OSI layer 1). Question 12: Incorrect What would we use a Security Information and Event Management (SIEM) system for? Near real-time automated identification, analysis and recovery from some security events. (Incorrect) Giving us a holistic view of all events and incidents in our organization. Centralized storage and interpreting of logs and traffic. All of these. (Correct) Explanation SIEM (Security Information and Event Management) provides real-time analysis of security alerts generated by network hardware and applications. Question 13: Correct We often allow users to use “secret questions and answers” to unlock their accounts, because it makes our administrators workload lighter. Can they also be used as an attack vector? Yes, but it really never happens, the information we use for them is so hard to get it is hardly worth it. Yes, but it would be harder to break than encryption. No, no one else would know the answers. Yes, the answers are often something that can be researched. (Correct) Explanation Secret questions like “Where were you born?” are poor examples of a knowledge factor, it is known by a lot of people and can often be researched easily. Question 14: Skipped Which of these encryption methods is truly unbreakable if it is implemented right? Symmetric encryption. Enigma. A Vigenère cipher. One-time pads. (Correct) Explanation One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure. Question 15: Skipped When our organization is using mandatory access control. What would subjects have? Labels. Objects. Assets. Clearance. (Correct) Explanation Subjects have Clearance assigned to them. A formal decision on a subject’s current and future trustworthiness. The higher the clearance, the more in-depth the background checks should be (always in military, not always in business). Question 16: Correct We want to be able to restore our systems with no more than 48 hours of data loss. Which of these could be a backup rotation we could chose to implement? Weekly full and incremental backups every 3 days. Monthly full backups and weekly incrementals. Weekly full backups and daily differential backups. (Correct) Backups before each system update or patch we apply. Explanation If we can have no more than 48 hours of data loss the only viable option is a daily backup. Question 17: Incorrect There are a lot of challenges with audit record management. Which of these is not of them? We are storing logs and alerts for too long. (Correct) Log entries and alerts are not prioritized. Logs are not reviews on a regular and timely basis. (Incorrect) Audit records are only reviewed for the bad stuff. Explanation Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets – they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff. Question 18: Skipped Jane is explaining how using AI can help predict healthcare issues for patients. What is AI? Artificial Intelligence. (Correct) Artifact Incidents. Arithmetic Interference. Artificial Integrity. Explanation AI (Artificial Intelligence): Intelligence exhibited by machines, rather than humans or other animals. True AI is a topic of discussion; what was considered AI years ago has been achieved, and once the goal is reached, the AI definition is tweaked a little. Question 19: Skipped Which of these authentication protocols is no longer considered secure? TACACS. (Correct) TACACS+. Diameter. Radius. Explanation TACACS (The Terminal Access Controller Access Control System): Centralized access control system requiring users to send an ID and reusable (vulnerable) passwords for authentication, because of this it is no longer considered secure. Uses TCP/UDP port 49. TACACS has generally been replaced by TACACS+ and RADIUS. Question 20: Skipped When we are talking about RAM what are we referencing? Non-volatile memory. Volatile memory. (Correct) Real alerting mirroring. Remote access management. Explanation RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss(or within a few minutes). This can be memory sticks or embedded memory. Question 21: Skipped Our organization is using least privilege in our user access management. How are our users assigned privileges? Exactly the minimum feasible access for the user to perform their job. (Correct) Privileges at the data owner’s discretion The same privileges as the rest of the group has. More privileges than they need for their day-to-day job, so they can perform certain tasks in an emergency. Explanation Least Privilege also called “Minimum necessary access”, we give our users and systems exactly the access they need, no more, no less. Question 22: Skipped Which of these protocols is NOT found on layer 7 of the Open Systems Interconnection (OSI) model? PAP. (Correct) Telnet HTTP. FTP. Explanation PAP is a layer 5 protocol (used for setting up sessions). FTP, LDAP and HTTP are all layer 7 protocols. Question 23: Skipped When we implement centralized logging, we want it to be: Automated, unsecure, and accessible by administrators. Automated, secure and accessible by everyone. Automated, secure, and accessible by administrators. Automated, secure and administrators should have limited access. (Correct) Explanation Centralized Logging: Should be automated, secure and even administrators should have limited access. Question 24: Skipped Which of these would NOT be part of a good identity and access provisioning lifecycle? Identify accounts that has not been used for more than 10 days following their creation. Leaving accounts unlocked when employees leave the organization. (Correct) Locking accounts when employees leave the organization. Notifying users to change their passwords before they expire. Revoking accounts and access when contractors stop working for us. Explanation Account should be locked when employees leave the organization. Deleting them makes it harder to audit, deactivation/locking is preferred. Question 25: Skipped Using EEPROM makes work easier for our IT staff, what is one of the dangers associated with it? Anyone can easily access it. There are no dangers, it is completely safe. Flashing with an UV light can damage your eyes. Since it is programmable, attackers can attack it. (Correct) Explanation EEPROM (Electrically Erasable Programmable Read Only memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers. Question 26: Skipped We are in a court of law and we are presenting real evidence. What constitutes real evidence? The data on our hard drives. Logs, audit trails and other data from the time of the attack. Tangible and physical objects. (Correct) Something you personally saw or witnessed. Explanation Real Evidence is tangible and physical objects, in IT Security it is things like hard disks, USB drives and not the data on them. Question 27: Skipped What is a WEAKNESS of the Challenge Handshake Authentication Protocol (CHAP)? It periodically verifies the identity of clients with a 3-way handshake. Credentials are stored in plaintext on the server. (Correct) It uses incremental changing identifiers and variable challenge-values. Credentials are sent over the network in plaintext. Explanation CHAP (Challenge-Handshake Authentication Protocol): The CHAP server stores plaintext passwords of each client, an attacker gaining access to the server can steal all the client passwords stored on it. Provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. Requires the client and server know the plaintext of a shared secret, but it is never sent over the network. Providing better security compared to PAP which is vulnerable for both these reasons. Used by PPP (Point to Point Protocol) servers to validate the remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. Question 28: Skipped Which of these is NOT a normal phase of a white hat hacker’s strategy? Installing additional tools as they gain more access and higher privileges. Deleting their tracks, the audit files and logs. (Correct) Escalate privileges. Discovery, finding the vulnerabilities. Explanation White hat hackers use many of the same tools and approaches that black hats would, but they do not delete their tracks, audit files or logs. Question 29: Skipped What is one of the key benefits of using a Host-based Intrusion Prevention System (HIPS) over a Network-based Intrusion Prevention System (NIPS)? We can inspect the IP packets and prevent port scans. We can protect against Distributed Denial Of Service (DDOS) attacks. We can see the unencrypted data. (Correct) We look at the entire network segment. Explanation Host based, on a client, normally a server or workstation. Can look at the actual data (it is decrypted at the end device), NIDS/NIPS can’t look at encrypted packets. Question 30: Skipped What would we NOT look at in a security assessment? Employee performance. (Correct) Change management. Penetration tests. Security audits. Explanation Security Assessments: A full picture approach to assessing how effective our access controls are, they have a very broad scope. We would not look at Employee performance. Security assessments often span multiple areas, and can use some or all of these components: Policies, procedures, and other administrative controls. Assessing the real world-effectiveness of administrative controls. Change management. Architectural review. Penetration tests. Vulnerability assessments. Security audits. Question 31: Skipped Bob is working on designing new access controls across our organization. Which documentation should he reference to know how and what to implement? He would ask his peers what they would implement since they know best and when they agree implement that. The latest tech reviews and technology. Our policies, procedures and standards. (Correct) It is at his discretion, Bob is the most knowledgeable employee we have on access control. Explanation Our Access Control is determined by our policies, procedures, and standards. This outlines how we grant access whom to what: We use least privilege, need to know, and we give our staff and systems exactly the access they need and no more. Question 32: Skipped What is LDAP COMMONLY used for? Central username and password storage. (Correct) Managing firewall and router access lists. Hashing passwords. Internet routing protocol. Explanation LDAP (The Lightweight Directory Access Protocol) is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users. Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389. Question 33: Skipped Which of these is NOT covered by the Wassenaar Arrangement? Encryption algorithms. Munitions. SQL Databases. (Correct) Rockets. Explanation Wassenaar Arrangement – 1996 – present. Limits exports on military and “dual-use” technologies. Cryptography is part of that. Some nations also use it to prevent their citizens from having strong encryption (easier to spy on your own people if they can’t use strong cryptography). Question 34: Skipped Looking at our data management, what is the user’s role? Perform the backups and restores. Make the policies, procedures and standards that govern our data security. Assign the sensitivity labels and backup frequency of the data. Be trained in the policies, procedures and standards. (Correct) Explanation Users: These are the users of the data. User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards. Question 35: Skipped Which of these is NOT an example of broken authentication or session management (OWASP A2)? Session IDs are kept in plaintext. Session IDs are predictable. Session IDs are pseudo random. (Correct) Session never expires. Explanation A2 Broken Authentication and Session Management. Sessions do not expire or take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, session IDs, Passwords, etc., are kept in plaintext. Pseudo random session IDs would be a broken authentication counter measure. Question 36: Skipped As part of a security assessment we are having an external company do penetration testing. What do we call a penetration test where the tester has full admin level knowledge about our organization and IT infrastructure? (Select all that apply). Black box. Gray box. Clear box. (Correct) Full box. Crystal box. (Correct) White box. (Correct) Explanation White box (Crystal/Clear) Pen testing: (Full Knowledge). The attacker has knowledge of the internal network and access to it like a privileged employee would. Normally Administrator access employee with full knowledge of our environment. There is no full box, gray is partial knowledge and black is no knowledge. Question 37: Skipped We have had a lot of employee complaints since we started blocking TCP/UDP port 80. What are we blocking? SMTP. POP3. HTTPS. HTTP. (Correct) Explanation Hypertext Transfer Protocol (HTTP) uses TCP/UDP port 80, can also use port 8008 and 8080 . Question 38: Skipped Which is NOT one of the (ISC)² ethics canons? Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principles. Think about the social consequences of the program you are writing or the system you are designing. (Correct) Explanation ISC2 Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principles. Advance and protect the profession. Question 39: Skipped As part of our server hardening, are blocking all ports on our servers, unless specified as something we needed open in the technical design documentation. When we block TCP/UDP port 3389, what are we blocking? IMAP. NetBIOS datagram service. Microsoft Terminal Server (RDP). (Correct) NetBIOS name service. Explanation Microsoft Terminal Server (RDP) uses TCP/UDP port 3389. Question 40: Skipped Prior to an external structured audit, we would often do an ‘unstructured’ audit. Who would perform that? Internal auditors. (Correct) IT security staff. Senior management. External auditors. Explanation Unstructured audits: Internal auditors to improve our security and find flaws, often done before an external audit. Question 41: Skipped We are throughout our organization using Intrusion detection systems (IDS) and Intrusion prevention system (IPS). What are some of the COMMON types of those? Heuristic, host based, network based. (Correct) Network based, host based, firewall based. Switch based, network based, signature based. Signature based, network based, firewall based. Explanation IDSs (Intrusion Detection Systems) and IPSs (Intrusion Prevention Systems) can be categorized into 2 types and with 2 different approaches to identifying malicious traffic. Network based, placed on a network segment (a switch port in promiscuous mode). Host based, on a client, normally a server or workstation. Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns. Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic. Question 42: Skipped Which type of security governance and management would we want to see in our organization? Middle of the road. Agile. Bottom-up. Top-down. (Correct) Explanation We always want top-down security governance and management, we want senior leadership on our side. Top-Down: IT leadership is on board with IT Security, they lead and set the direction. Bottom-Up: IT Security is seen as a nuisance and not a helper, often change when breaches happen. Question 43: Skipped When we are performing background checks on our new employees, we would NEVER look at which of these? References, employment history, criminal records. References, degrees, criminal records, credit history. References, degrees, political affiliation, employment history. (Correct) Employment history, credit history, references. Explanation When we hire new staff we often do background to ensure we minimize our risks. We can check: References, Degrees, Employment, Criminal, Credit history (less common, more costly). We have new staff sign an NDA (Non-Disclosure Agreement). It is illegal to check or inquire about political preference. Question 44: Skipped We are using cloud computing and have chosen to use IaaS. Who is responsible for the databases? The network team. The customer. (Correct) The vendor. The security team. Explanation IaaS – (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up. Question 45: Skipped When our organization is buying custom developed third party software, which of these should NOT be a concern? How good are they at what they do. What other companies who have implemented the exact same software says about it. (Correct) Who will support it when development is completed. Who owns the code. Explanation We should address support, who owns the code and how good the software development company is, we can’t really see what other companies say about the software it is being custom developed for us. Question 46: Skipped We are implementing several new countermeasures to make our organization less susceptible to fraud. As part of that we are implementing mandatory vacations. How would we use those? Scheduled far in advance and the employee is notified. Used to upgrade systems. Given to employees to reward them. A detective mechanism that can detect fraud. (Correct) Explanation Mandatory vacations: Done to ensure one person is not always performing the same task, someone else has to cover and it can keep fraud from happening or help us detect it. Their accounts are locked and an audit is performed on the accounts. If the employee has been conducting fraud and covering it up, the audit will discover it. The best way to do this is to not give too much advance notice of vacations. Question 47: Skipped Why would an organization offer to use a source code escrow to their customers? Because we want them to see the source code whenever they want to. To make our source code publicly available. To ensure the code is tested completely. So the customer has access to the source code if we go bankrupt. (Correct) Explanation Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement. Question 48: Skipped We are implementing biometric authentication. What would be a good reason to do that? It is much cheaper than knowledge factors. People can easily change their biometrics. It is easy to copy. It rarely changes. (Correct) Explanation Biometric features rarely change unless we have a serious accident. It is more difficult to copy, people can’t change them unless they get surgery and it is normally more expensive than possession or knowledge factors. Question 49: Skipped When we talk about referential databases, what does referential integrity mean? Each attribute value is consistent with the attribute data type. When every foreign key in a secondary table matches the primary key in the parent table. (Correct) When the database has errors. Each tuple has a unique primary value that is not null. Explanation Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key. Question 50: Skipped Looking at our incident management plan, which of these can we possibly mitigate with a redundant geographical distant site? Disasters. (Correct) Emergencies. Events. Incidents. Explanation Disaster: Our entire facility is unusable for 24 hours or longer. If we are geographically diverse and redundant we can mitigate this a lot. Yes, a snowstorm can be a disaster. Question 51: Skipped As part of our updated security posture, we have started blocking TCP/UDP port 22 as a default. What are we blocking? Telnet. FTP data transfer. FTP control. SSH. (Correct) Explanation SSH (Secure Shell) uses the well-known TCP/UDP port 22. Question 52: Skipped The Central Processing Unit (CPU) consists of which two elements? RAM and BIOS. CU and RPG. South bridge and RAM. ALU and CU. (Correct) Explanation CPU (Central Processing Unit) is the brains of the system. Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math. Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU. Question 53: Skipped If our organization have role-based access control and need to know policies, which of these actions are allowed? Accessing your colleagues payroll data to see how much they get paid. Browsing around random data to just see what it contains. Accessing data you need to do your job. (Correct) Accessing data you don’t need to do your job. Explanation Role based access control assigns access to roles, with added need to know, just because you have access does not mean you are allowed the data. You need a valid reason for accessing the data. If you do not have one you can be terminated/sued/jailed/fined. Question 54: Skipped When someone is typo squatting, what are they doing? Legal. Never profitable. Potentially illegal. (Correct) Always illegal. Explanation Typo squatting – Buying an URL that is VERY close to real website name (Can be illegal in certain circumstances). Question 55: Skipped When we are implementing new access control mechanisms, looking at the IAAA model, what could we use for identification? Usernames. (Correct) Non-repudiation. A password. Role based access control. Explanation User names are used for identification, we should never allow group logins or accounts. Your name, username, ID number, employee number, SSN etc. Question 56: Skipped We are using some of the best practice rules on our password’s requirements. Which of these would NOT be part of that? Maximum password age. No minimum password age. (Correct) Password hashing and salting. Minimum password age. Explanation Minimum password age is implemented to prevent users from cycling through the last used passwords to return to their favorite password again. They should also use contain minimum length, upper/lower case letters, numbers and symbols, they should not contain full words or other easy to guess phrases. Question 57: Skipped We are wanting to erase EPROM memory to update to the latest firmware. How would we do that? We can use programs to erase the content. It can’t be erased once it has been written. Taking the chip out of the motherboard and degauss it. Shine an UV light on the chip. (Correct) Explanation EPROM (Erasable Programmable Read Only memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil). Question 58: Skipped Which of these could be some of the ways we can protect our data when an employee is actively using it? Clean desk policies, print policies, job rotation, mandatory vacations, view angle screens. Need to know policy. Clean desk policies, view angle screens, computer locking when not in use. (Correct) Encryption, clean desk policies, view angle screen. Explanation Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation. Question 59: Skipped In our digital forensics, which of these should NEVER happen? Do forensics on a bit level copy of the compromised hard drive. Do forensics on the compromised hard drive. (Correct) Keep a perfect chain of custody log. Remove the system from the network to prevent the issue from spreading. Explanation Digital forensics should always be done on bit level copies of the original, never the original. Question 60: Skipped When we are reviewing our audit logs, it is which type of a control? Preventative. Deterrent. Detective. (Correct) Physical. Explanation Audit log reviews is a detective control, we look at what happened after it happened, looking for patterns and issues. Question 61: Skipped When we are using knowledge-based factors in our authentication process, we would use all of these, EXCEPT which? Passwords. Pass phrases. Single-use passwords. (Correct) PINs. Explanation Single-use password is not a knowledge based factor, it is a possession based factor. Question 62: Skipped On which layer of the Open Systems Interconnect (OSI) model do we establish the connection between 2 applications? 4 6 3 5 (Correct) Explanation Layer 5: Session Layer: Establishes connection between 2 applications: Setup > Maintenance > Tear Down. Question 63: Skipped After a major security incident, we need to provide the chain of custody logs for one of the compromised hard drives. Which of these should NOT be part of the logs? What was done. What was found. (Correct) Who handled it. When they did it. Explanation With the chain of custody everything is documented: Who had it when? What was done? When did they do it? Not what was found. Question 64: Skipped In IT Security we are talking about something as an event, what does that mean? Something changed, neither negative or positive. (Correct) A system has crashed. A triggered warning when something predefined happens (i.e. disk usage over 85%). We are being hacked. Explanation Event: An observable change in state, this is neither negative nor positive, it is just something has changed. A system powered on, traffic from one segment to another, an application started. Question 65: Skipped Which of these is the WEAKEST form of authentication we can implement? Something you are. Something you have. Something you know. (Correct) Biometrics. Explanation Something you know – Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. It is the weakest form of authentication, and can easily be compromised. Question 66: Skipped In Scrum project management, what is the Scrum master’s role? Removing obstacles for the development team. (Correct) Representing the stakeholders/customers. Developing the code/product at the end of each sprint. Being a traditional project manager. Explanation Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed. Question 67: Skipped Which of these would be an IP socket-pair? 10.0.10.1 and 126.96.36.199 10.0.10.1:80 and 188.8.131.52 10.0.10.1 and 184.108.40.206:https 10.0.10.1:http and 220.127.116.11:51515 (Correct) Explanation Socket Pairs (TCP): 2 sets of IP and Port (Source and Destination). This could be Source pair:192.168.0.6:49691 Destination pair: 18.104.22.168:https. Well-known ports are often translated, port 443 is https. Question 68: Skipped After a major security breach, we are wanting to a lessons learned. Why is that? To prevent incidents from ever happening again. To learn from the incident so we can do better on future incidents. (Correct) To blame someone. To show what exactly happened in this incident. Explanation Lessons Learned: This phase is often overlooked, we removed the problem, we have implemented new controls and safeguards. We can learn a lot from lessons learned, not just about the specific incidence, but how well we handle them, what worked, what didn’t. How can we as an organization grow and become better next time we have another incidence, while we may have fixed this one vulnerability there are potentially 100’s of new ones we know nothing about yet. At the end of lessons learned we produce a report to senior management, with our finding, we can only make suggestions, they are ultimately in charge (and liable). Question 69: Skipped When we talk about WORM media, what are we referring to? RAM. R DVD’s. (Correct) Hard disks. EEPROM. Explanation WORM Media (Write Once Read Many): CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write). Question 70: Skipped As part of improving the security posture of our organization we have added multifactor authentication. Which of these pairs does NOT constitute multifactor authentication? Fingerprint and PIN. PIN and credit card. Username and smartcard. Password and username. (Correct) Explanation Multifactor authentication uses authentication from more than one factor (something you know, are or have). Passwords and usernames are not multifactor, they are both knowledge factors. Question 71: Skipped Which layer of the Open Systems Interconnect (OSI) model isolates traffic into broadcast domains? 3 (Correct) 1 4 5 Explanation Layer 3: Network Layer: Expands to many different nodes (IP) – The Internet is IP based. Isolates traffic into broadcast domains. Question 72: Skipped When the Patriot Act was signed into law in 2001, it allowed law enforcement to do what? Allows search and seizure without immediate disclosure. (Correct) Protect electronic communication by mandating service providers to use strong encryption. Allow law enforcement to use wiretaps without a warrant or oversight. Protect electronic communication against warrantless wiretapping. Explanation PATRIOT Act of 2001: Expands law enforcement electronic monitoring capabilities. Allows search and seizure without immediate disclosure. Question 73: Skipped To ensure the confidentiality, integrity, and availability of our backup tapes, where would it be appropriate to store them? A closet we have access to. In a backup storage facility. (Correct) Our data center. Under the bed. Explanation Where do we keep our sensitive data? It should be kept in a secure, climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too. Many older breaches were from bad policies around tape backups. Tapes were kept at the homes of employees instead of at a proper storage facility or in a storage room with no access logs and no access restrictions (often unencrypted). Question 74: Skipped With the CIA triad in mind, if we have too much confidentiality which other control will suffer the MOST? Availability. (Correct) Integrity. Authentication. Accountability. Explanation Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the cornerstone of IT Security – finding the RIGHT mix for your organization. Too much Confidentiality and the Availability can suffer. Question 75: Skipped We are implementing Active Directory (AD) to use for managing our access control. Which of these OS families have AD natively included in their processes and services? Linux. Windows. (Correct) Unix. MacOS. Explanation AD (Active Directory): Included in most Windows Server OS as a set of processes and services. Directory service that Microsoft developed for Windows domain networks. Originally it was only in charge of centralized domain management. As of Windows Server 2008, AD became an umbrella term for a broad range of directory-based identity-related services. Question 76: Skipped What is happening when we experience buffer overflows? User session IDs or tokens are stolen. We are not using SSL/TLS. The buffer overruns its boundaries and overwrites adjacent hard disk locations. The buffer overruns its boundaries and overwrites adjacent memory locations. (Correct) Explanation Buffer overflow (buffer overrun): An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations, happen from improper coding when a programmer fails to perform bounds checking. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs, if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, if an anomalous transaction produces more data it could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code, and replace it with malicious code. Question 77: Skipped What was the intent of the US Electronic Communications Privacy Act of 1986 (ECPA)? To protect electronic communication by mandating service providers to use strong encryption. To allow law enforcement to use wiretaps without a warrant or oversight. To allow search and seizure without immediate disclosure. To protect electronic communication against warrantless wiretapping. (Correct) Explanation Electronic Communications Privacy Act (ECPA) was designed for protection of electronic communications against warrantless wiretapping, but it was very weakened by the Patriot Act. Question 78: Skipped One of your coworkers is telling you about our new policies for PII. What is she referring to? Professional Information Identifiers. Personality Indicator Information. Personally Identifiable Information. (Correct) Personally Information Indicators. Explanation PII is the abbreviation for Personally Identifiable Information. Question 79: Skipped As part of our layered defense, and to prevent unauthorized devices on our network, we have added the MAC sticky command. Where would we configure that? Larger image File server. Router. Firewall. Desktop. Switch. (Correct) Explanation Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea. Question 80: Skipped What could be one of the ways we could protect our data-at-rest? Privacy screens for monitors. Clean desk policy. Encryption. (Correct) DAC. Explanation Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption. Question 81: Skipped When we talk about using cryptanalysis in our work, what are we doing? The science of securing communications. A cryptographic algorithm. The science of breaking encrypted communications. (Correct) Creates messages with a hidden meaning. Explanation Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them. Question 82: Skipped Which of these hackers would you hire to do penetration testing? Gray hat hacker. White hat hacker. (Correct) Black hat hacker. Script kiddie. Explanation White Hat hackers: Professional Pen Testers trying to find flaws so we can fix it (Ethical Hackers). Black Hat hackers: Malicious hackers, trying to find flaws to exploit them (Crackers – they crack the code). Gray/Grey Hat hackers: They are somewhere between the white and black hats, they go looking for vulnerable code, systems or products. They often just publicize the vulnerability (which can lead to black hats using it before a patch is developed). Gray hats sometimes also approach the company with the vulnerability and ask them to fix it and if nothing happens they publish. Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing. Question 83: Skipped Which of these protocols is NOT found on layer 3 of the OSI model? IKE. IP. ICMP. IMAP. (Correct) Explanation IMAP is a layer 7 protocol. IP, IPSEC, IKE, ICMP, … are all layer 3 protocols. Question 84: Skipped When would we deploy honeypots? During an attack to trick the attacker. None of these. (Correct) Whenever we want to, to lure attackers in. Whenever we deploy a new system to see if it is vulnerable. Explanation While honeypots can be useful, we do not want to lure attackers in (entrapment). If we deployed one each time we launched a system we could have 1000’s of them, and during an attack we are busy with more important things. Question 85: Skipped What are some of the dangers if we chose to NOT use proper and regular patching of our systems? We are at risk of compromise from publicly known attacks. (Correct) We won’t have enough for our employees to do. There are no real dangers as long as we have firewalls. We can’t access the internet if we are missing too many patches. Explanation Patches are released to fix known security vulnerabilities, not applying leaves us open to those vulnerabilities that the attackers also know about. Question 86: Skipped The port numbers we use can categorized as well-known, registered, or dynamic/private/ephemeral ports. Which of these is NOT a well-known port? 1023 1024 (Correct) 80 666 Explanation Well-known Ports are the ports from port 0-1023, they are mostly used for protocols. Question 87: Skipped For access control management, which of these is considered something you have? PIN. Cookie on computer. (Correct) Fingerprint. MAC address. Explanation Things in your possession, not things you know (knowledge factor) or something you are (biometrics). Question 88: Skipped Which industry is the US Gramm-Leach-Bliley Act (GLBA) focused on? Financial. (Correct) Aerospace. Online stores. Healthcare. Explanation Gramm-Leach-Bliley Act (GLBA): Applies to financial institutions; driven by the Federal Financial Institutions Examination Council (FFIEC); enforced by member agencies, OCC, FDIC, FRB, NCUA, and CFPB. Enacted in 1999, requires protection of the confidentiality and integrity of consumer financial information. Question 89: Skipped To establish a TCP session, we are using the TCP 3-way handshake. What is the correct order of the handshake? SYN > ACK > ACK. SYN/ACK > ACK > SYN. SYN > SYN/ACK > ACK. (Correct) SYN > SYN/ACK > SYN. Explanation The 3-way handshake is client SYN > Server SYN/ACK > Client ACK. Question 90: Skipped As part of our backup policy we are deciding on how long we should keep our backups. What should we base that decision on? 1 month, as long as we have a full backup of everything. As long as it is useful or required, whichever is longer. (Correct) All data is required to be kept 1 year. Forever, we can never get rid of backup data. Explanation Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater). Question 91: Skipped We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need? 2000 200 (Correct) 100 4950 Explanation Asymmetric encryption uses 2 keys per user, so we would need 200 keys. Question 92: Skipped Which type of Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) are completely vulnerable to 0-day attacks? Signature based. (Correct) Heuristic based. Network based. Behavioral based. Explanation Signature based: Looks for known malware signatures. Faster since they just check traffic against malicious signatures. Easier to set up and manage, someone else does the signatures for us. They are completely vulnerable to 0 day attacks, and have to be updated constantly to keep up with new vulnerability patterns. Question 93: Skipped After an attack on our servers, who should handle digital forensic evidence? The data owner. The data steward. Anyone who is available. Someone trained in the process. (Correct) Explanation People handling digital forensic evidence should always be trained in proper handling. Question 94: Skipped Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption? RSA. (Correct) RC6. 3DES. Twofish. Explanation RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption. Question 95: Skipped We often refer to 0-day vulnerabilities when we talk about IT security vulnerabilities. What would constitute 0-day vulnerabilities? Known vulnerabilities that we have not patched yet. Vulnerabilities not generally known or discovered. (Correct) Known vulnerabilities we have already patched. Vulnerabilities that do not affect our systems. Explanation 0day vulnerabilities: Vulnerabilities not generally known or discovered, the first time an attack is seen is considered day 0, hence the name. From a vulnerability is discovered it is now only a short timespan before patches or signatures are released on major software. Question 96: Skipped Which type of Intrusion Prevention System (IPS) response prevents authorized traffic? False negative. True positive. False positive. (Correct) True negative. Explanation False Positive: Normal traffic and the system detects it and acts. Question 97: Skipped BIBA’s Invocation Property prohibits users from what? No read and write up. (Correct) No read and write up and down. No write up. No write down. Explanation Invocation Property: “No Read or Write UP”. Subjects can never access or alter data on a higher level. Question 98: Skipped What could a vulnerability scan possibly help us find? System misconfigurations, missing patches and a list of threats. Missing patches, outdated software and high utilization on a resource. Missing patches, outdated software and users accessing files they shouldn’t. Outdated software, missing patches and system misconfigurations. (Correct) Explanation A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. Question 99: Skipped On which layer of the Open Systems Interconnection model (OSI) model would we find the broadcast address FF:FF:FF:FF:FF:FF? Larger image A: Layer 5. C: Layer 3. E: Layer 1. D: Layer 2. (Correct) B: Layer 4. Explanation FF:FF:FF:FF:FF:FF is the layer 2 broadcast address. Layer 2 uses mac addresses. Question 100: Skipped In incident management, which of these is NOT a recognized category of events and/or incidents? Behavioral. (Correct) Human. Environments. Natural. Explanation Behavioral is a subset of human, and no a recognized category. Question 101: Skipped In software acceptance testing, what is the purpose of production acceptance testing? To ensure the software perform as expected in our live environment vs. our development environment. (Correct) To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities. To ensure the software is functional for and tested by the end user and the application manager. To ensure the software is as secure or more secure than the rules, laws and regulations of our industry. Explanation Compatibility/production testing: Does the software interface as expected with other applications or systems? Does the software perform as expected in our production environment vs. the development environment Question 102: Skipped What would be one of the EASIEST ways to confirm if our access control mechanics are working? Stand at the doors and look at who enters a building or a certain room. Get alerts for each login and manually check them all. Reviewing CCTV files. Reviewing security audit logs. (Correct) Explanation Audit log reviews is the easiest way to confirm our access control mechanisms are working. Question 103: Skipped We have removed a server from our production environment. We format the hard drives, install a new OS (Operating System), and application on the disks. We then put the newly installed server back into production. Which of these would be TRUE about the original data a week later? Always completely recoverable. Hidden, but not recoverable. Possibly partially recoverable. (Correct) Gone forever. Explanation We can still recover files that has not been overwritten yet, formatting just removes the file structure. Question 104: Skipped Senior leadership has approved the use of flash drives. Which type of memory do they use? DRAM. PROM. EEPROM. (Correct) SDRAM. Explanation Flash memory: Small portable drives (USB sticks are an example); they are a type of EEPROM. Question 105: Skipped We have a contract with some penetration testers. In which phase would the tester look for vulnerabilities and design the attack? Gaining access. Discovery. (Correct) Escalate privileges. System browsing. Explanation Discovery (planning): Finding the vulnerabilities, design the attacks. Question 106: Skipped As part of our software testing, we are doing static software testing. What are we doing? Test the code while executing it. Submit random malformed input to crash the software or elevate privileges. Build scripts and tools that would simulate normal user activity. Passively test the code, but not run it. (Correct) Explanation Static testing – Passively testing the code, it is not running. This is walkthroughs, syntax checking, and code reviews. Looks at the raw source code itself looking for evidence of known insecure practices, functions, libraries, or other characteristics having been used in the source code. Question 107: Skipped When would a logic bomb go off? When the system gets internet access. As soon as it is introduced to the system. When it has infected the entire network. A certain event happens or at a certain time. (Correct) Explanation Logic Bombs – Malicious code that executes at a certain time or event – they are dormant until the event (IF/THEN). IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code. IF date and time 5/15/18 00:02:12, THEN execute malicious code. Question 108: Skipped What could be one of the NEGATIVE consequences of implementing Single Sign On (SSO) in our organization? It takes too long to remember a single password over many. It is easier for users to just use one login. If compromised the attacker has access to all the systems the user does. (Correct) SSO has weaker password requirements than regular applications does. Explanation SSO (Single sign-on): Users use a single sign-on for multiple systems. If an attacker compromises a single password they have access to everything that user can access. Often deployed in organizations where users have to access 10+ systems, and they think it is too burdensome to remember all those passwords. SSO have the same strong password requirements as normal single system passwords. Question 109: Skipped After a security breach, Bob has been asked to ensure evidence integrity. What would he do with the compromised hard drive? Add another drive to the system and copy all he can see on the compromised drive onto the new drive and then do his analysis on the new drive. Pull the drive from the system, format it and reinsert it into another production server. Encrypt the drive, then do his forensics on the original drive and when he is done do a hash. Hash the drive and take a bit level copy, hash the copy drive and they should match, then work on the bit level copy. (Correct) Explanation Evidence Integrity – It is vital that the evidence’s integrity cannot be questioned. We do this with hashes; any forensics is done on copies and never the originals. We make a bit level copy of the original, hash it, and the copy should match. We do another hash after the forensics, and that should be the same as the prior two. Question 110: Skipped Which organization is responsible for delegating IP address ranges to ISPs (Internet Service Providers) in North America? RIPE NNC. APNIC. ARIN. (Correct) LACNIC. Explanation The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. ARIN (American Registry for Internet Numbers): United States, Canada, several parts of the Caribbean region, and Antarctica. Question 111: Skipped When we are categorizing disasters for our Business Continuity Plan (BCP), we would categorize them into which of these categories? (Select all that apply). Environmental. (Correct) Physical. Hardware. Human. (Correct) Natural. (Correct) Explanation We categorize disasters in 3 categories: natural, human, or environmental. Natural: Anything caused by nature; this could be earthquakes, floods, snow, tornados, etc. Human: Anything caused by humans; they can be intentional or unintentional disasters; unintentional could be an employee using a personal USB stick on a PC at work and spreading malware, which would be just as bad as if an attacker had done it, but the employee was just ignorant, careless, or didn’t think it would matter. Environmental (not to be confused with natural disasters); Anything in our environment; could be power outage/spikes, hardware failures, provider issues, etc. Question 112: Skipped Which security principle is Clark-Wilson based on? Confidentiality. Accountability. Integrity. (Correct) Availability. Explanation Clark-Wilson – Integrity: Separates end users from the backend data through ‘Well-formed transactions’ and ‘Separation of Duties’. The model uses Subject/Program/Object. We have discussed the Subject/Object relationship before, but this puts a program between the two. We don’t allow people access to our inventory when they buy from us. We give them a limited functionality interface they can access. Question 113: Skipped Jane is using the Scrum project management methodology. Which of these would be some of the core team roles in the Scrum framework? (Select all that apply). The development team. (Correct) The project sponsor. The Scrum master. (Correct) The product owner. (Correct) The project manager. Explanation Scrum is a framework for managing software development. Scrum is designed for teams of approximately 10 individuals, and generally relies on two-week development cycles, called “sprints”, as well as short daily stand-up meetings. The three core roles in the Scrum framework. The product owner: Representing the product’s stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business. Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed. Question 114: Skipped Those acting under “the color of law” can act on an exigent circumstance. What would constitute exigent circumstances? Immediate threat to human life or of evidence destruction. (Correct) An outside circumstance which does not pose any threat to life or data. Potential threat to data or human life in the future. An unpatched vulnerability on our systems, attackers have no way of exploiting. Explanation Exigent circumstances apply if there is an immediate threat to human life or of evidence destruction. This will later be decided by a court if it was justified. Only applies to law enforcement and those operating under the “color of law” – Title 18. U.S.C. Section 242 – Deprivation of Rights Under the Color of Law. Question 115: Skipped We are using the CIA triad to, at a high level, explain IT security to our board of directors. Which of these are the 3 legs of the CIA triad? Identity, accountability and confidentiality. Confidentiality, Integrity and Accountability. Integrity, availability and confidentiality. (Correct) Confidentiality, Identity and Availability. Explanation The CIA (Confidentiality, Integrity, Availability) Triad: Confidentiality – We keep our data and secrets secret. Integrity – We ensure the data has not been altered. Availability – We ensure authorized people can access the data they need, when they need to. Question 116: Skipped When we talk about auditing in the IAAA model, what does that mean? Allows users to access data 24/7. Compares object labels to the clearance of the subject. Assigns attributes to identities. Traces actions to subjects identities. (Correct) Explanation Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability. Uses audit trails and logs, to associate a subject with its actions. Question 117: Skipped In which order would you use the Software Development Life Cycle (SDLC)? Analysis, investigation, design, build, implement, test, maintenance and support. Investigation, analysis, design, build, implement, test, maintenance and support. Investigation, design, analysis, build, implement, test, maintenance and support. Investigation, analysis, design, build, test, implement, maintenance and support. (Correct) Explanation SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal). Can have security built into each step of the process, for the exam it always does. Question 118: Skipped You hear a colleague talk about polyinstantiation. What does that mean? Deducing facts from data rather than specific statements. Looking at a normal baseline and learning of new factors on the network from higher traffic. Collecting data to analyze it. Two or more instances of the same data, depending on who accesses it. (Correct) Explanation Polyinstantiation (Alternative Facts) – Two (or more) instances of the same file depending on who accesses it. The real information may be available to subjects with Top Secret clearance, but different information will be available to staff with Secret or lower clearance. Question 119: Skipped When an attacker is using intimidation, it is a form of what? Reverse psychology. Proper management. Social engineering. (Correct) Brute force attack. Explanation Social engineering uses people skills to bypass security controls. Intimidation (If you don’t bad thing happens) – Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks. Question 120: Skipped In our data management, which of these BEST describe the data owner responsibilities? Backups, restores, patches, system configuration. The systems that house the data. Assigning sensitivity labels and backup frequency. (Correct) The policies that govern our data security. Explanation Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments. Question 121: Skipped What is your public key in asymmetric encryption? Used by you to decrypt messages sent to you. Shared. (Correct) Used by someone else to decrypt messages from you. Secret. Explanation Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can’t be decrypted with your public Key. Your Private Key – You keep this safe. You use it to decrypt messages sent with your public key. Question 122: Skipped Which of these is a TRUE statement about the TCP protocol? It is connection oriented. (Correct) It is connectionless. It is proprietary. It is always encrypted. Explanation TCP (Transmission Control Protocol): Reliable, Connection oriented, Guaranteed delivery, 3 way handshake, slower/more overhead, data reassembled. Question 123: Skipped Which is the MOST secure encryption type of these 4? AES. (Correct) DES. RC4. Blowfish. Explanation DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure. Question 124: Skipped We are asked to help design the policies for our organization in regarding to PHI. What is that? Personal Heuristic Information. Protected Human Interactions. Protected Health Information. (Correct) Procured Hospital Information. Explanation PHI is the abbreviation for Protected Health Information. Question 125: Skipped Diameter was designed to replace Radius, but the change never happened. Where is Diameter COMMONLY used now? In the 3/4G space. (Correct) Router management. Wireless access points. Webserver file uploads and downloads. Explanation Diameter is largely used in the 3/4G space, RADIUS is used elsewhere. Was intended to replacement for RADIUS, but the use cases changed and both now have different uses. Also provides centralized AAA (Authentication, Authorization, and Accounting) management for users who connect and use a network service. Overview Q&A Notes Announcements Related posts:hash collision - use of file hash on a download pageCISSP certification: Full 125 question practice test #1 - test 2 - Results Attempt 3SQL Injection OWASP Top 10 2017 - A1 (Injection) Leave a Reply Cancel replyYou must be logged in to post a comment.