by the Anakyst @Dotifi

Home>Blog>anakyst>TEST 2 CISSP certification: Full 125 question practice test #1 – test 2 – Results
anakyst

TEST 2 CISSP certification: Full 125 question practice test #1 – test 2 – Results

CISSP certification: Full 125 question practice test #1 – test 2 – Results

Chart

Pie chart with 4 slices.
End of interactive chart.
Attempt 15
Question 1: Correct

When we are using knowledge-based factors in our authentication process, we would use all of these, EXCEPT which?
  • Single-use passwords.
    (Correct)
  • Passwords.
  • PINs.
  • Pass phrases.

Explanation

Single-use password is not a knowledge based factor, it is a possession based factor.
Question 2:

Skipped
What is a WEAKNESS of the Challenge Handshake Authentication Protocol (CHAP)?
  • Credentials are sent over the network in plaintext.
  • It periodically verifies the identity of clients with a 3-way handshake.
  • It uses incremental changing identifiers and variable challenge-values.
  • Credentials are stored in plaintext on the server.
    (Correct)

Explanation

CHAP (Challenge-Handshake Authentication Protocol): The CHAP server stores plaintext passwords of each client, an attacker gaining access to the server can steal all the client passwords stored on it. Provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. Requires the client and server know the plaintext of a shared secret, but it is never sent over the network. Providing better security compared to PAP which is vulnerable for both these reasons. Used by PPP (Point to Point Protocol) servers to validate the remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake.
Question 3:

Skipped
In our data management, which of these BEST describe the data owner responsibilities?
  • Assigning sensitivity labels and backup frequency.
    (Correct)
  • Backups, restores, patches, system configuration.
  • The systems that house the data.
  • The policies that govern our data security.

Explanation

Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.
Question 4: Correct

When we talk about WORM media, what are we referring to?
  • Hard disks.
  • R DVD’s.
    (Correct)
  • EEPROM.
  • RAM.

Explanation

WORM Media (Write Once Read Many): CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).
Question 5: Incorrect

As part of our updated security posture, we have started blocking TCP/UDP port 22 as a default. What are we blocking?
  • FTP control.
    (Incorrect)
  • Telnet.
  • FTP data transfer.
  • SSH.
    (Correct)

Explanation

SSH (Secure Shell) uses the well-known TCP/UDP port 22.
Question 6:

Skipped
Which of these encryption methods is truly unbreakable if it is implemented right?
  • Enigma.
  • A Vigenère cipher.
  • One-time pads.
    (Correct)
  • Symmetric encryption.

Explanation

One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure.
Question 7:

Skipped
As part of our backup policy we are deciding on how long we should keep our backups. What should we base that decision on?
  • As long as it is useful or required, whichever is longer.
    (Correct)
  • Forever, we can never get rid of backup data.
  • 1 month, as long as we have a full backup of everything.
  • All data is required to be kept 1 year.

Explanation

Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).
Question 8: Correct

Which of these hackers would you hire to do penetration testing?
  • Black hat hacker.
  • White hat hacker.
    (Correct)
  • Gray hat hacker.
  • Script kiddie.

Explanation

White Hat hackers: Professional Pen Testers trying to find flaws so we can fix it (Ethical Hackers). Black Hat hackers: Malicious hackers, trying to find flaws to exploit them (Crackers – they crack the code). Gray/Grey Hat hackers: They are somewhere between the white and black hats, they go looking for vulnerable code, systems or products. They often just publicize the vulnerability (which can lead to black hats using it before a patch is developed). Gray hats sometimes also approach the company with the vulnerability and ask them to fix it and if nothing happens they publish. Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.
Question 9: Correct

When an attacker is using intimidation, it is a form of what?
  • Brute force attack.
  • Proper management.
  • Reverse psychology.
  • Social engineering.
    (Correct)

Explanation

Social engineering uses people skills to bypass security controls. Intimidation (If you don’t bad thing happens) – Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks.
Question 10: Correct

We are asked to help design the policies for our organization in regarding to PHI. What is that?
  • Protected Health Information.
    (Correct)
  • Personal Heuristic Information.
  • Procured Hospital Information.
  • Protected Human Interactions.

Explanation

PHI is the abbreviation for Protected Health Information.
Question 11: Incorrect

When would we deploy honeypots?
  • Whenever we deploy a new system to see if it is vulnerable.
  • None of these.
    (Correct)
  • Whenever we want to, to lure attackers in.
    (Incorrect)
  • During an attack to trick the attacker.

Explanation

While honeypots can be useful, we do not want to lure attackers in (entrapment). If we deployed one each time we launched a system we could have 1000’s of them, and during an attack we are busy with more important things.
Question 12: Correct

When we are talking about RAM what are we referencing?
  • Non-volatile memory.
  • Real alerting mirroring.
  • Volatile memory.
    (Correct)
  • Remote access management.

Explanation

RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss(or within a few minutes). This can be memory sticks or embedded memory.
Question 13: Correct

We are wanting to erase EPROM memory to update to the latest firmware. How would we do that?
  • It can’t be erased once it has been written.
  • Shine an UV light on the chip.
    (Correct)
  • We can use programs to erase the content.
  • Taking the chip out of the motherboard and degauss it.

Explanation

EPROM (Erasable Programmable Read Only memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil).
Question 14: Correct

You hear a colleague talk about polyinstantiation. What does that mean?
  • Looking at a normal baseline and learning of new factors on the network from higher traffic.
  • Collecting data to analyze it.
  • Deducing facts from data rather than specific statements.
  • Two or more instances of the same data, depending on who accesses it.
    (Correct)

Explanation

Polyinstantiation  (Alternative Facts) – Two (or more) instances of the same file depending on who accesses it. The real information may be available to subjects with Top Secret clearance, but different information will be available to staff with Secret or lower clearance.
Question 15:

Skipped
What is one of the key benefits of using a Host-based Intrusion Prevention System (HIPS) over a Network-based Intrusion Prevention System (NIPS)?
  • We can inspect the IP packets and prevent port scans.
  • We can see the unencrypted data.
    (Correct)
  • We can protect against Distributed Denial Of Service (DDOS) attacks.
  • We look at the entire network segment.

Explanation

Host based, on a client, normally a server or workstation. Can look at the actual data (it is decrypted at the end device), NIDS/NIPS can’t look at encrypted packets.
Question 16: Correct

Which is NOT one of the (ISC)² ethics canons?
  • Think about the social consequences of the program you are writing or the system you are designing.
    (Correct)
  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Provide diligent and competent service to principles.
  • Act honorably, honestly, justly, responsibly, and legally.

Explanation

ISC2 Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principles. Advance and protect the profession.
Question 17:

Skipped
What was the intent of the US Electronic Communications Privacy Act of 1986 (ECPA)?
  • To protect electronic communication by mandating service providers to use strong encryption.
  • To allow law enforcement to use wiretaps without a warrant or oversight.
  • To protect electronic communication against warrantless wiretapping.
    (Correct)
  • To allow search and seizure without immediate disclosure.

Explanation

Electronic Communications Privacy Act (ECPA) was designed for protection of electronic communications against warrantless wiretapping, but it was very weakened by the Patriot Act.
Question 18:

Skipped
Which layer of the Open Systems Interconnect (OSI) model isolates traffic into broadcast domains?
  • 4
  • 3
    (Correct)
  • 5
  • 1

Explanation

Layer 3: Network Layer: Expands to many different nodes (IP) – The Internet is IP based. Isolates traffic into broadcast domains.
Question 19:

Skipped
In Scrum project management, what is the Scrum master’s role?
  • Being a traditional project manager.
  • Removing obstacles for the development team.
    (Correct)
  • Representing the stakeholders/customers.
  • Developing the code/product at the end of each sprint.

Explanation

Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.
Question 20: Correct

We are implementing Active Directory (AD) to use for managing our access control. Which of these OS families have AD natively included in their processes and services?
  • Windows.
    (Correct)
  • MacOS.
  • Linux.
  • Unix.

Explanation

AD (Active Directory): Included in most Windows Server OS as a set of processes and services. Directory service that Microsoft developed for Windows domain networks. Originally it was only in charge of centralized domain management. As of Windows Server 2008, AD became an umbrella term for a broad range of directory-based identity-related services.
Question 21:

Skipped
Which process would we use to handle updates to our environments?
  • Change consolidation.
  • Change management.
    (Correct)
  • Agile project management.
  • Process review.

Explanation

Change Management: Often called change control, a formalized process on how we handle changes to our environments. If done right we will have full documentation, understanding and we communicate changes to appropriate parties. The change review board should be comprised of both IT and other operational units from the organization, we may consider impacts on IT, but we are there to serve the organization, they need to understand how it will impact them and raise concerns if they have any.
Question 22:

Skipped
Which type of Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) are completely vulnerable to 0-day attacks?
  • Heuristic based.
  • Network based.
  • Signature based.
    (Correct)
  • Behavioral based.

Explanation

Signature based: Looks for known malware signatures. Faster since they just check traffic against malicious signatures. Easier to set up and manage, someone else does the signatures for us. They are completely vulnerable to 0 day attacks, and have to be updated constantly to keep up with new vulnerability patterns.
Question 23: Correct

We often refer to 0-day vulnerabilities when we talk about IT security vulnerabilities. What would constitute 0-day vulnerabilities?
  • Vulnerabilities not generally known or discovered.
    (Correct)
  • Vulnerabilities that do not affect our systems.
  • Known vulnerabilities that we have not patched yet.
  • Known vulnerabilities we have already patched.

Explanation

0day vulnerabilities: Vulnerabilities not generally known or discovered, the first time an attack is seen is considered day 0, hence the name. From a vulnerability is discovered it is now only a short timespan before patches or signatures are released on major software.
Question 24:

Skipped
What is your public key in asymmetric encryption?
  • Secret.

  • Used by someone else to encrypt messages sent to you.

  • Used by you to decrypt messages sent to you.
  • Shared.
    (Correct)

Explanation

Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can’t be decrypted with your public Key. Your Private Key – You keep this safe. You use it to decrypt messages sent with your public key.
Question 25: Incorrect

Which of these is the WEAKEST form of authentication we can implement?
  • Something you are.
  • Biometrics.
  • Something you have.
    (Incorrect)
  • Something you know.
    (Correct)

Explanation

Something you know – Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. It is the weakest form of authentication, and can easily be compromised.
Question 26: Correct

When we are performing background checks on our new employees, we would NEVER look at which of these?
  • References, degrees, criminal records, credit history.
  • References, employment history, criminal records.
  • Employment history, credit history, references.
  • References, degrees, political affiliation, employment history.
    (Correct)

Explanation

When we hire new staff we often do background to ensure we minimize our risks. We can check: References, Degrees, Employment, Criminal, Credit history (less common, more costly). We have new staff sign an NDA (Non-Disclosure Agreement). It is illegal to check or inquire about political preference.
Question 27: Correct

We are implementing several new countermeasures to make our organization less susceptible to fraud. As part of that we are implementing mandatory vacations. How would we use those?
  • Given to employees to reward them.
  • A detective mechanism that can detect fraud.
    (Correct)
  • Used to upgrade systems.
  • Scheduled far in advance and the employee is notified.

Explanation

Mandatory vacations: Done to ensure one person is not always performing the same task, someone else has to cover and it can keep fraud from happening or help us detect it. Their accounts are locked and an audit is performed on the accounts. If the employee has been conducting fraud and covering it up, the audit will discover it. The best way to do this is to not give too much advance notice of vacations.
Question 28:

Skipped

When we talk about using cryptanalysis in our work, what exactly are we talking about?

  • The science of breaking encrypted communications.
    (Correct)
  • A cryptographic algorithm.
  • The science of securing communications.
  • Creates messages with a hidden meaning.

Explanation

Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them.
Question 29:

Skipped
There are a lot of challenges with audit record management. Which of these is not of them?
  • Log entries and alerts are not prioritized.
  • Logs are not reviews on a regular and timely basis.
  • Audit records are only reviewed for the bad stuff.
  • We are storing logs and alerts for too long.
    (Correct)

Explanation

Audit record management typically faces five distinct problems: Log are not reviewed on a regular and timely basis. Audit logs and audit trails are not stored for a long enough time period. Logs are not standardized or viewable by correlation toolsets – they are only viewable from the system being audited. Log entries and alerts are not prioritized. Audit records are only reviewed for the bad stuff.
Question 30:

Skipped
When we are implementing new access control mechanisms, looking at the IAAA model, what could we use for identification?
  • Usernames.
    (Correct)
  • Non-repudiation.
  • A password.
  • Role based access control.

Explanation

User names are used for identification, we should never allow group logins or accounts. Your name, username, ID number, employee number, SSN etc.
Question 31:

Skipped
If our organization have role-based access control and need to know policies, which of these actions are allowed?
  • Accessing your colleagues payroll data to see how much they get paid.
  • Accessing data you need to do your job.
    (Correct)
  • Browsing around random data to just see what it contains.
  • Accessing data you don’t need to do your job.

Explanation

Role based access control assigns access to roles, with added need to know, just because you have access does not mean you are allowed the data. You need a valid reason for accessing the data. If you do not have one you can be terminated/sued/jailed/fined.
Question 32: Correct

When would a logic bomb go off?
  • When it has infected the entire network.
  • A certain event happens or at a certain time.
    (Correct)
  • As soon as it is introduced to the system.
  • When the system gets internet access.

Explanation

Logic Bombs – Malicious code that executes at a certain time or event – they are dormant until the event (IF/THEN). IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code. IF date and time 5/15/18 00:02:12, THEN execute malicious code.
Question 33:

Skipped
When our organization is using mandatory access control. What would subjects have?
  • Labels.
  • Objects.
  • Assets.
  • Clearance.
    (Correct)

Explanation

Subjects have Clearance assigned to them. A formal decision on a subject’s current and future trustworthiness. The higher the clearance, the more in-depth the background checks should be (always in military, not always in business).
Question 34:

Skipped
As part of our risk management, we are working on quantitative risk analysis. Select all the terms we would use in this phase:
  • ​Exposure factor (EF)
    (Correct)
  • ​Annualized Loss Expectancy (ALE)
    (Correct)
  • ​Risk Analysis Matrix (RAM)
  • ​Future Growth Potential (FGP)
  • Asset Value (AV)
    (Correct)

Explanation

Quantitative Risk Analysis – We want exactly enough security for our needs. This is where we put a number on that. We find the asset’s value: How much of it is compromised, how much one incident will cost, how often the incident occurs and how much that is per year. Asset Value (AV) – How much is the asset worth? Exposure factor (EF) – Percentage of Asset Value lost? Single Loss Expectancy (SLE) – (AV x EF) – What does it cost if it happens once? Annual Rate of Occurrence (ARO) – How often will this happen each year? Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.
Question 35: Incorrect

When our organization is buying custom developed third party software, which of these should NOT be a concern?
  • Who owns the code.
  • How good are they at what they do.
    (Incorrect)
  • What other companies who have implemented the exact same software says about it.
    (Correct)
  • Who will support it when development is completed.

Explanation

We should address support, who owns the code and how good the software development company is, we can’t really see what other companies say about the software it is being custom developed for us.
Question 36:

Skipped
When you discover a software vulnerability, you notify the vendor of the vulnerability for them to fix it. What is the term used for this?
  • Predictable disclosure.
  • No disclosure.
  • Full disclosure.
  • Partial disclosure.
    (Correct)

Explanation

Responsible/Partial disclosure: Telling the vendor, they have time to develop a patch and then disclose it. If they do nothing we can revert to the full disclosure forcing them to act.
Question 37:

Skipped
What could a vulnerability scan possibly help us find?
  • Missing patches, outdated software and users accessing files they shouldn’t.
  • Outdated software, missing patches and system misconfigurations.
    (Correct)
  • Missing patches, outdated software and high utilization on a resource.
  • System misconfigurations, missing patches and a list of threats.

Explanation

A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching.
Question 38:

Skipped
Which of these is a TRUE statement about the TCP protocol?
  • It is proprietary.
  • It is always encrypted.
  • It is connection oriented.
    (Correct)
  • It is connectionless.

Explanation

TCP (Transmission Control Protocol): Reliable, Connection oriented, Guaranteed delivery, 3 way handshake, slower/more overhead, data reassembled.
Question 39: Correct

Why would we choose a centralized access control system over a decentralized one?
  • If the internet between sites is down, we can’t authenticate.
  • Faster response time at remote locations.
  • Different security postures at different locations.
  • It is easier to manage.
    (Correct)

Explanation

Centralized Pros: (Decentralized Cons): All systems and locations have the same security posture. Easier to manage: All records, configurations and policies are centralized and only configured once per policy. Attackers look for the weakest link in our chain, if a small satellite office is not following our security posture, they can be an easy way onto our network. It is more secure, only a few people have access and can make changes to the system. It can also provide separation of duties, the local admin can’t edit/delete logs from their facility. SSO can be used for user access to multiple systems with one login. Centralized Con’s: (Decentralized Pros): Traffic overhead and response time, how long does it take for a door lock to authenticate the user against the database at the head office? Is connectivity to the head office stable, is important equipment on redundant power and internet?
Question 40:

Skipped
When we talk about referential databases, what does referential integrity mean?
  • Each tuple has a unique primary value that is not null.
  • When the database has errors.
  • Each attribute value is consistent with the attribute data type.
  • When every foreign key in a secondary table matches the primary key in the parent table.
    (Correct)

Explanation

Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.
Question 41:

Skipped
We are throughout our organization using Intrusion detection systems (IDS) and Intrusion prevention system (IPS). What are some of the COMMON types of those?
  • Network based, host based, firewall based.
  • Signature based, network based, firewall based.
  • Switch based, network based, signature based.
  • Heuristic, host based, network based.
    (Correct)

Explanation

IDSs (Intrusion Detection Systems) and IPSs (Intrusion Prevention Systems) can be categorized into 2 types and with 2 different approaches to identifying malicious traffic. Network based, placed on a network segment (a switch port in promiscuous mode). Host based, on a client, normally a server or workstation. Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns. Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic.
Question 42: Correct

Our organization is using least privilege in our user access management. How are our users assigned privileges?
  • More privileges than they need for their day-to-day job, so they can perform certain tasks in an emergency.
  • The same privileges as the rest of the group has.

  • Privileges at the data owner’s discretion

  • Exactly the minimum feasible access for the user to perform their job.
    (Correct)

Explanation

Least Privilege also called “Minimum necessary access”, we give our users and systems exactly the access they need, no more, no less.
Question 43: Correct

We are using some of the best practice rules on our password’s requirements. Which of these would NOT be part of that?
  • No minimum password age.
    (Correct)
  • Password hashing and salting.
  • Minimum password age.
  • Maximum password age.

Explanation

Minimum password age is implemented to prevent users from cycling through the last used passwords to return to their favorite password again.

They should also use contain minimum length, upper/lower case letters, numbers and symbols, they should not contain full words or other phrases that are easy to guess .

Question 44: Correct

When someone is typo squatting, what are they doing?
  • Always illegal.
  • Legal.
  • Potentially illegal.
    (Correct)
  • Never profitable.

Explanation

Typo squatting – Buying an URL that is VERY close to real website name (Can be illegal in certain circumstances).
Question 45: Correct

Which of these would NOT be part of a good identity and access provisioning lifecycle?
  • Locking accounts when employees leave the organization.​
  • Leaving accounts unlocked when employees leave the organization.
    (Correct)
  • Notifying users to change their passwords before they expire. Revoking accounts and access when contractors stop working for us.
  • Identify accounts that has not been used for more than 10 days following their creation.

Explanation

Account should be locked when employees leave the organization. Deleting them makes it harder to audit, deactivation/locking is preferred.
Question 46: Correct

Jane is using the Scrum project management methodology. Which of these would be some of the core team roles in the Scrum framework? (Select all that apply).
  • The project manager.
  • The product owner.
    (Correct)
  • The Scrum master.
    (Correct)
  • The project sponsor.
  • The development team.
    (Correct)

Explanation

Scrum is a framework for managing software development. Scrum is designed for teams of approximately 10 individuals, and generally relies on two-week development cycles, called “sprints”, as well as short daily stand-up meetings. The three core roles in the Scrum framework. The product owner: Representing the product’s stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business. Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.
Question 47: Correct

We are implementing biometric authentication. What would be a good reason to do that?
  • It rarely changes.
    (Correct)
  • It is easy to copy.
  • It is much cheaper than knowledge factors.
  • People can easily change their biometrics.

Explanation

Biometric features rarely change unless we have a serious accident. It is more difficult to copy, people can’t change them unless they get surgery and it is normally more expensive than possession or knowledge factors.
Question 48:

Skipped
Which is the MOST secure encryption type of these 4?
  • Blowfish.
  • RC4.
  • DES.
  • AES.
    (Correct)

Explanation

DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.
Question 49:

Skipped
Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption?
  • 3DES.
  • RC6.
  • Twofish.
  • RSA.
    (Correct)

Explanation

RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.
Question 50: Incorrect

Diameter was designed to replace Radius, but the change never happened. Where is Diameter COMMONLY used now?
  • Wireless access points.
    (Incorrect)
  • Router management.
  • Webserver file uploads and downloads.
  • In the 3/4G space.
    (Correct)

Explanation

Diameter is largely used in the 3/4G space, RADIUS is used elsewhere. Was intended to replacement for RADIUS, but the use cases changed and both now have different uses. Also provides centralized AAA (Authentication, Authorization, and Accounting) management for users who connect and use a network service.
Question 51: Correct

In the TCP/IP model, frames and bits are the Protocol Data Units (PDUs) of which layer?
  • Internetworks.
  • Application.
  • Link and physical.
    (Correct)
  • Transport.

Explanation

Frames and bits are the Protocol Data Units (PDUs) of the Link and physical layer of the TCP/IP model. (Frames are OSI layer 2 and bits are OSI layer 1).
Question 52:

Skipped
Which type of software development uses programming pairs?
  • Agile.
  • Scrum.
  • Waterfall.
  • XP.
    (Correct)

Explanation

XP (Extreme programming) uses programming in pairs or doing extensive code review. Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted.
Question 53:

Skipped
We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need?
  • 100
  • 200
    (Correct)
  • 2000
  • 4950

Explanation

Asymmetric encryption uses 2 keys per user, so we would need 200 keys.
Question 54:

Skipped
Which of these is NOT an example of broken authentication or session management (OWASP A2)?
  • Session IDs are pseudo random.
    (Correct)
  • Session IDs are kept in plaintext.
  • Session IDs are predictable.
  • Session never expires.

Explanation

A2 Broken Authentication and Session Management. Sessions do not expire or take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, session IDs, Passwords, etc., are kept in plaintext. Pseudo random session IDs would be a broken authentication counter measure.
Question 55: Correct

In our digital forensics, which of these should NEVER happen?
  • Remove the system from the network to prevent the issue from spreading.
  • Do forensics on the compromised hard drive.
    (Correct)
  • Do forensics on a bit level copy of the compromised hard drive.
  • Keep a perfect chain of custody log.

Explanation

Digital forensics should always be done on bit level copies of the original, never the original.
Question 56:

Skipped
After a security breach, Bob has been asked to ensure evidence integrity. What would he do with the compromised hard drive?
  • Pull the drive from the system, format it and reinsert it into another production server.
  • Encrypt the drive, then do his forensics on the original drive and when he is done do a hash.
  • Add another drive to the system and copy all he can see on the compromised drive onto the new drive and then do his analysis on the new drive.
  • Hash the drive and take a bit level copy, hash the copy drive and they should match, then work on the bit level copy.
    (Correct)

Explanation

Evidence Integrity – It is vital that the evidence’s integrity cannot be questioned. We do this with hashes; any forensics is done on copies and never the originals. We make a bit level copy of the original, hash it, and the copy should match. We do another hash after the forensics, and that should be the same as the prior two.
Question 57: Correct

What would be one of the EASIEST ways to confirm if our access control mechanics are working?
  • Reviewing security audit logs.
    (Correct)
  • Reviewing CCTV files.
  • Stand at the doors and look at who enters a building or a certain room.
  • Get alerts for each login and manually check them all.

Explanation

Audit log reviews is the easiest way to confirm our access control mechanisms are working.
Question 58:

Skipped
After an attack on our servers, who should handle digital forensic evidence?
  • Anyone who is available.
  • Someone trained in the process.
    (Correct)
  • The data steward.
  • The data owner.

Explanation

People handling digital forensic evidence should always be trained in proper handling.
Question 59:

Skipped
We are using cloud computing and have chosen to use IaaS. Who is responsible for the databases?
  • The security team.
  • The network team.
  • The vendor.
  • The customer.
    (Correct)

Explanation

IaaS – (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.
Question 60:

Skipped
On which layer of the Open Systems Interconnect (OSI) model do we establish the connection between 2 applications?
  • 5
    (Correct)
  • 3
  • 4
  • 6

Explanation

Layer 5: Session Layer:

Establishes connection between 2 applications.

Setup > Maintenance > Tear Down.

Question 61:

Skipped
When we talk about auditing in the IAAA model, what does that mean?
  • Assigns attributes to identities.
  • Traces actions to subjects identities.
    (Correct)
  • Compares object labels to the clearance of the subject.
  • Allows users to access data 24/7.

Explanation

Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability. Uses audit trails and logs, to associate a subject with its actions.
Question 62:

Skipped
Which type of security governance and management would we want to see in our organization?
  • Middle of the road.
  • Agile.
  • Top-down.
    (Correct)
  • Bottom-up.

Explanation

We always want top-down security governance and management, we want senior leadership on our side. Top-Down: IT leadership is on board with IT Security, they lead and set the direction. Bottom-Up: IT Security is seen as a nuisance and not a helper, often change when breaches happen.
Question 63: Correct

As part of our layered defense, and to prevent unauthorized devices on our network, we have added the MAC sticky command. Where would we configure that?

  • Firewall.
  • Desktop.
  • File server.
  • Router.
  • Switch.
    (Correct)

Explanation

Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.
Question 64: Correct

Bob is working on designing new access controls across our organization. Which documentation should he reference to know how and what to implement?
  • It is at his discretion, Bob is the most knowledgeable employee we have on access control.
  • The latest tech reviews and technology.
  • Our policies, procedures and standards.
    (Correct)
  • He would ask his peers what they would implement since they know best and when they agree implement that.

Explanation

Our Access Control is determined by our policies, procedures, and standards. This outlines how we grant access whom to what: We use least privilege, need to know, and we give our staff and systems exactly the access they need and no more.
Question 65: Correct

As part of improving the security posture of our organization we have added multifactor authentication. Which of these pairs does NOT constitute multifactor authentication?
  • Username and smartcard.
  • Password and username.
    (Correct)
  • PIN and credit card.
  • Fingerprint and PIN.

Explanation

Multifactor authentication uses authentication from more than one factor (something you know, are or have). Passwords and usernames are not multifactor, they are both knowledge factors.
Question 66:

Skipped
We have a contract with some penetration testers. In which phase would the tester look for vulnerabilities and design the attack?
  • Discovery.
    (Correct)
  • System browsing.
  • Gaining access.
  • Escalate privileges.

Explanation

Discovery (planning): Finding the vulnerabilities, design the attacks.
Question 67:

Skipped
Those acting under “the color of law” can act on an exigent circumstance. What would constitute exigent circumstances?
  • Immediate threat to human life or of evidence destruction.
    (Correct)
  • An unpatched vulnerability on our systems, attackers have no way of exploiting.
  • Potential threat to data or human life in the future.
  • An outside circumstance which does not pose any threat to life or data.

Explanation

Exigent circumstances apply if there is an immediate threat to human life or of evidence destruction. This will later be decided by a court if it was justified. Only applies to law enforcement and those operating under the “color of law” – Title 18. U.S.C. Section 242 – Deprivation of Rights Under the Color of Law.
Question 68: Correct

Which organization is responsible for delegating IP address ranges to ISPs (Internet Service Providers) in North America?
  • APNIC.
  • LACNIC.
  • ARIN.
    (Correct)
  • RIPE NNC.

Explanation

The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. ARIN (American Registry for Internet Numbers): United States, Canada, several parts of the Caribbean region, and Antarctica.
Question 69:

Skipped
For access control management, which of these is considered something you have?
  • PIN.
  • Cookie on computer.
    (Correct)
  • Fingerprint.
  • MAC address.

Explanation

Things in your possession, not things you know (knowledge factor) or something you are (biometrics).
Question 70:

Skipped
In incident management, which of these is NOT a recognized category of events and/or incidents?
  • Natural.
  • Environments.
  • Behavioral.
    (Correct)
  • Human.

Explanation

Behavioral is a subset of human, and no a recognized category.
Question 71:

Skipped
In software acceptance testing, what is the purpose of production acceptance testing?
  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
  • To ensure the software is functional for and tested by the end user and the application manager.
  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
  • To ensure the software perform as expected in our live environment vs. our development environment.
    (Correct)

Explanation

Compatibility/production testing: Does the software interface as expected with other applications or systems? Does the software perform as expected in our production environment vs. the development environment
Question 72:

Skipped

We have removed a server from our production environment.

We format the hard drives, install a new OS (Operating System), and application on the disks. We then put the newly installed server back into production.

Which of these would be TRUE about the original data a week later?

  • Possibly partially recoverable.
    (Correct)
  • Always completely recoverable.
  • Gone forever.
  • Hidden, but not recoverable.

Explanation

We can still recover files that has not been overwritten yet, formatting just removes the file structure.
Question 73: Correct

One of your coworkers is telling you about our new policies for PII. What is she referring to?
  • Personality Indicator Information.
  • Professional Information Identifiers.
  • Personally Identifiable Information.
    (Correct)
  • Personally Information Indicators.

Explanation

PII is the abbreviation for Personally Identifiable Information.
Question 74:

Skipped
As part of our server hardening, are blocking all ports on our servers, unless specified as something we needed open in the technical design documentation. When we block TCP/UDP port 3389, what are we blocking?
  • NetBIOS datagram service.
  • IMAP.
  • Microsoft Terminal Server (RDP).
    (Correct)
  • NetBIOS name service.

Explanation

Microsoft Terminal Server (RDP) uses TCP/UDP port 3389.
Question 75:

Skipped
The port numbers we use can categorized as well-known, registered, or dynamic/private/ephemeral ports. Which of these is NOT a well-known port?
  • 1023
  • 1024
    (Correct)
  • 80
  • 666

Explanation

Well-known Ports are the ports from port 0-1023, they are mostly used for protocols.
Question 76:

Skipped
In IT Security we are talking about something as an event, what does that mean?
  • A system has crashed.
  • We are being hacked.
  • Something changed, neither negative or positive.
    (Correct)
  • A triggered warning when something predefined happens (i.e. disk usage over 85%).

Explanation

Event: An observable change in state, this is neither negative nor positive, it is just something has changed. A system powered on, traffic from one segment to another, an application started.
Question 77:

Skipped
When the Patriot Act was signed into law in 2001, it allowed law enforcement to do what?
  • Allow law enforcement to use wiretaps without a warrant or oversight.
  • Allows search and seizure without immediate disclosure.
    (Correct)
  • Protect electronic communication against warrantless wiretapping.
  • Protect electronic communication by mandating service providers to use strong encryption.

Explanation

PATRIOT Act of 2001: Expands law enforcement electronic monitoring capabilities. Allows search and seizure without immediate disclosure.
Question 78: Correct

With the CIA triad in mind, if we have too much confidentiality which other control will suffer the MOST?
  • Authentication.
  • Accountability.
  • Integrity.
  • Availability.
    (Correct)

Explanation

Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the cornerstone of IT Security – finding the RIGHT mix for your organization. Too much Confidentiality and the Availability can suffer.
Question 79:

Skipped
Senior leadership has approved the use of flash drives. Which type of memory do they use?
  • DRAM.
  • SDRAM.
  • EEPROM.
    (Correct)
  • PROM.

Explanation

Flash memory: Small portable drives (USB sticks are an example); they are a type of EEPROM.
Question 80: Correct

What are some of the dangers if we chose to NOT use proper and regular patching of our systems?
  • There are no real dangers as long as we have firewalls.
  • We can’t access the internet if we are missing too many patches.
  • We won’t have enough for our employees to do.
  • We are at risk of compromise from publicly known attacks.
    (Correct)

Explanation

Patches are released to fix known security vulnerabilities, not applying leaves us open to those vulnerabilities that the attackers also know about.
Question 81:

Skipped
What would we use a Security Information and Event Management (SIEM) system for?
  • All of these.
    (Correct)
  • Centralized storage and interpreting of logs and traffic.
  • Giving us a holistic view of all events and incidents in our organization.
  • Near real-time automated identification, analysis and recovery from some security events.

Explanation

SIEM (Security Information and Event Management) provides real-time analysis of security alerts generated by network hardware and applications.
Question 82: Correct

Which of these is NOT a normal phase of a white hat hacker’s strategy?
  • Deleting their tracks, the audit files and logs.
    (Correct)
  • Discovery, finding the vulnerabilities.
  • Escalate privileges.
  • Installing additional tools as they gain more access and higher privileges.

Explanation

White hat hackers use many of the same tools and approaches that black hats would, but they do not delete their tracks, audit files or logs.
Question 83:

Skipped
Which security principle is Clark-Wilson based on?
  • Accountability.
  • Confidentiality.
  • Integrity.
    (Correct)
  • Availability.

Explanation

Clark-Wilson – Integrity: Separates end users from the backend data through ‘Well-formed transactions’ and ‘Separation of Duties’. The model uses Subject/Program/Object. We have discussed the Subject/Object relationship before, but this puts a program between the two. We don’t allow people access to our inventory when they buy from us. We give them a limited functionality interface they can access.
Question 84:

Skipped
In which order would you use the Software Development Life Cycle (SDLC)?
  • Analysis, investigation, design, build, implement, test, maintenance and support.
  • Investigation, analysis, design, build, implement, test, maintenance and support.
  • Investigation, design, analysis, build, implement, test, maintenance and support.
  • Investigation, analysis, design, build, test, implement, maintenance and support.
    (Correct)

Explanation

SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal). Can have security built into each step of the process, for the exam it always does.
Question 85:

Skipped
Which type of access control model is based on a subject’s clearance?
  • Rule-Based Access Control (RUBAC)
  • Role-Based Access Control (RBAC)
  • Mandatory Access Control (MAC)
    (Correct)
  • Discretionary Access Control (DAC)

Explanation

MAC – (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels.
Question 86: Correct

What could be one of the NEGATIVE consequences of implementing Single Sign On (SSO) in our organization?
  • If compromised the attacker has access to all the systems the user does.
    (Correct)
  • It takes too long to remember a single password over many.
  • It is easier for users to just use one login.
  • SSO has weaker password requirements than regular applications does.

Explanation

SSO (Single sign-on): Users use a single sign-on for multiple systems. If an attacker compromises a single password they have access to everything that user can access. Often deployed in organizations where users have to access 10+ systems, and they think it is too burdensome to remember all those passwords. SSO have the same strong password requirements as normal single system passwords.
Question 87: Correct

We often allow users to use “secret questions and answers” to unlock their accounts, because it makes our administrators workload lighter. Can they also be used as an attack vector?
  • Yes, but it really never happens, the information we use for them is so hard to get it is hardly worth it.
  • No, no one else would know the answers.
  • Yes, the answers are often something that can be researched.
    (Correct)
  • Yes, but it would be harder to break than encryption.

Explanation

Secret questions like “Where were you born?” are poor examples of a knowledge factor, it is known by a lot of people and can often be researched easily.
Question 88: Correct

Jane is explaining how using AI can help predict healthcare issues for patients. What is AI?
  • Artifact Incidents.
  • Artificial Intelligence.
    (Correct)
  • Artificial Integrity.
  • Arithmetic Interference.

Explanation

AI (Artificial Intelligence): Intelligence exhibited by machines, rather than humans or other animals. True AI is a topic of discussion; what was considered AI years ago has been achieved, and once the goal is reached, the AI definition is tweaked a little.
Question 89: Correct

Looking at our data management, what is the user’s role?
  • Perform the backups and restores.
  • Assign the sensitivity labels and backup frequency of the data.
  • Be trained in the policies, procedures and standards.
    (Correct)
  • Make the policies, procedures and standards that govern our data security.

Explanation

Users: These are the users of the data. User awareness must be trained; they need to know what is acceptable and what is not acceptable, and the consequences for not following the policies, procedures and standards.
Question 90:

Skipped
Prior to an external structured audit, we would often do an ‘unstructured’ audit. Who would perform that?
  • Internal auditors.
    (Correct)
  • IT security staff.
  • External auditors.
  • Senior management.

Explanation

Unstructured audits: Internal auditors to improve our security and find flaws, often done before an external audit.
Question 91:

Skipped
BIBA’s Invocation Property prohibits users from what?
  • No write down.
  • No read and write up and down.
  • No write up.
  • No read and write up.
    (Correct)

Explanation

Invocation Property: “No Read or Write UP”. Subjects can never access or alter data on a higher level.
Question 92: Correct

We have decided to implement job rotation in our organization. What can that help prevent?
  • All of these.
    (Correct)
  • Errors.
  • Fraud.
  • Employee burnout.

Explanation

Job rotation: For the exam, think of it as a way to detect errors and frauds. It is easier to detect fraud, and there is less chance of collusion between individuals if they rotate jobs. It also helps with employee burnout, and it helps employees understand the entire business. This can be too cost prohibitive for the exam/real life; make sure that on the exam, the cost justifies the benefit.
Question 93:

Skipped
We want to be able to restore our systems with no more than 48 hours of data loss. Which of these could be a backup rotation we could chose to implement?
  • Weekly full and incremental backups every 3 days.
  • Monthly full backups and weekly incrementals.
  • Weekly full backups and daily differential backups.
    (Correct)
  • Backups before each system update or patch we apply.

Explanation

If we can have no more than 48 hours of data loss the only viable option is a daily backup.
Question 94:

Skipped
Which of these is NOT covered by the Wassenaar Arrangement?
  • Encryption algorithms.
  • Rockets.
  • SQL Databases.
    (Correct)
  • Munitions.

Explanation

Wassenaar Arrangement – 1996 – present. Limits exports on military and “dual-use” technologies. Cryptography is part of that. Some nations also use it to prevent their citizens from having strong encryption (easier to spy on your own people if they can’t use strong cryptography).
Question 95: Correct

We are using the CIA triad to, at a high level, explain IT security to our board of directors.

Which of these are the 3 legs of the CIA triad?

  • Confidentiality, Integrity and Accountability.
  • Confidentiality, Identity and Availability.
  • Integrity, availability and confidentiality.
    (Correct)
  • Identity, accountability and confidentiality.

Explanation

The CIA (Confidentiality, Integrity, Availability) Triad:

Confidentiality – We keep our data and secrets secret.

Integrity – We ensure the data has not been altered.

Availability – We ensure authorized people can access the data they need, when they need to.

Question 96: Correct

After a major security breach, we are wanting to a lessons learned. Why is that?
  • To prevent incidents from ever happening again.
  • To learn from the incident so we can do better on future incidents.
    (Correct)
  • To blame someone.
  • To show what exactly happened in this incident.

Explanation

Lessons Learned: This phase is often overlooked, we removed the problem, we have implemented new controls and safeguards. We can learn a lot from lessons learned, not just about the specific incidence, but how well we handle them, what worked, what didn’t. How can we as an organization grow and become better next time we have another incidence, while we may have fixed this one vulnerability there are potentially 100’s of new ones we know nothing about yet. At the end of lessons learned we produce a report to senior management, with our finding, we can only make suggestions, they are ultimately in charge (and liable).
Question 97:

Skipped
Which of these authentication protocols is no longer considered secure?
  • Radius.
  • TACACS+.
  • Diameter.
  • TACACS.
    (Correct)

Explanation

TACACS (The Terminal Access Controller Access Control System): Centralized access control system requiring users to send an ID and reusable (vulnerable) passwords for authentication, because of this it is no longer considered secure. Uses TCP/UDP port 49. TACACS has generally been replaced by TACACS+ and RADIUS.
Question 98:

Skipped
What would a penetration testing Statement Of Work (SOW) NOT include?
  • Time frames.
  • IP ranges.
  • Rules of engagement.
  • Complete and accurate employee Protected Health Information (PHI).
    (Correct)

Explanation

Penetration Testing (Pen Testing) have very clear rules of engagement defined in a SOW (Statement Of Work). Which IP ranges, time frame, tools, POC, how to test, what to test.
Question 99: Correct

We are in a court of law and we are presenting real evidence. What constitutes real evidence?
  • Logs, audit trails and other data from the time of the attack.
  • Tangible and physical objects.
    (Correct)
  • Something you personally saw or witnessed.
  • The data on our hard drives.

Explanation

Real Evidence is tangible and physical objects, in IT Security it is things like hard disks, USB drives and not the data on them.
Question 100:

Skipped
Which industry is the US Gramm-Leach-Bliley Act (GLBA) focused on?
  • Healthcare.
  • Aerospace.
  • Financial.
    (Correct)
  • Online stores.

Explanation

Gramm-Leach-Bliley Act (GLBA): Applies to financial institutions; driven by the Federal Financial Institutions Examination Council (FFIEC); enforced by member agencies, OCC, FDIC, FRB, NCUA, and CFPB. Enacted in 1999, requires protection of the confidentiality and integrity of consumer financial information.
Question 101: Correct

Which of these protocols is NOT found on layer 7 of the Open Systems Interconnection (OSI) model?
  • HTTP.
  • PAP.
    (Correct)
  • FTP.
  • Telnet

Explanation

PAP is a layer 5 protocol (used for setting up sessions). FTP, LDAP and HTTP are all layer 7 protocols.
Question 102:

Skipped
Why would an organization offer to use a source code escrow to their customers?
  • To ensure the code is tested completely.
  • Because we want them to see the source code whenever they want to.
  • To make our source code publicly available.
  • So the customer has access to the source code if we go bankrupt.
    (Correct)

Explanation

Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.
Question 103:

Skipped
Active Directory (AD) uses trust domains; one domain establishes a trust relationship with another domain. Which of these is NOT an AD trust domain?
  • One-way trust.
  • Intransitive trust.
  • Reflective trust.
    (Correct)
  • Transitive trust.

Explanation

One-way trust, Two-way trust, Trusted domain, Transitive trust and Intransitive trust are all trust domains, there is no reflective trust.
Question 104:

Skipped
Which type of Intrusion Prevention System (IPS) response prevents authorized traffic?
  • False negative.
  • True negative.
  • True positive.
  • False positive.
    (Correct)

Explanation

False Positive: Normal traffic and the system detects it and acts.
Question 105: Correct

The Central Processing Unit (CPU) consists of which two elements?
  • CU and RPG.
  • South bridge and RAM.
  • ALU and CU.
    (Correct)
  • RAM and BIOS.

Explanation

CPU (Central Processing Unit) is the brains of the system. Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math. Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.
Question 106: Incorrect

When we are categorizing disasters for our Business Continuity Plan (BCP), we would categorize them into which of these categories? (Select all that apply).
  • Hardware.
  • Environmental.
    (Correct)
  • Physical.
  • Human.
    (Correct)
  • Natural.
    (Correct)

Explanation

We categorize disasters in 3 categories: natural, human, or environmental. Natural: Anything caused by nature; this could be earthquakes, floods, snow, tornados, etc. Human: Anything caused by humans; they can be intentional or unintentional disasters; unintentional could be an employee using a personal USB stick on a PC at work and spreading malware, which would be just as bad as if an attacker had done it, but the employee was just ignorant, careless, or didn’t think it would matter. Environmental (not to be confused with natural disasters); Anything in our environment; could be power outage/spikes, hardware failures, provider issues, etc.
Question 107: Incorrect

Which of these could be some of the ways we can protect our data when an employee is actively using it?
  • Need to know policy.
  • Encryption, clean desk policies, view angle screen.
  • Clean desk policies, view angle screens, computer locking when not in use.
    (Correct)
  • Clean desk policies, print policies, job rotation, mandatory vacations, view angle screens.
    (Incorrect)

Explanation

Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.
Question 108: Correct

We have had a lot of employee complaints since we started blocking TCP/UDP port 80. What are we blocking?
  • HTTPS.
  • SMTP.
  • HTTP.
    (Correct)
  • POP3.

Explanation

Hypertext Transfer Protocol (HTTP) uses TCP/UDP port 80, can also use port 8008 and 8080 .
Question 109:

Skipped
Which of these protocols is NOT found on layer 3 of the OSI model?
  • IKE.
  • IP.
  • IMAP.
    (Correct)
  • ICMP.

Explanation

IMAP is a layer 7 protocol. IP, IPSEC, IKE, ICMP, … are all layer 3 protocols.
Question 110: Correct

What could be one of the ways we could protect our data-at-rest?
  • Encryption.
    (Correct)
  • DAC.
  • Clean desk policy.
  • Privacy screens for monitors.

Explanation

Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.
Question 111: Incorrect

When we implement centralized logging, we want it to be:
  • Automated, secure and accessible by everyone.
  • Automated, unsecure, and accessible by administrators.
  • Automated, secure and administrators should have limited access.
    (Correct)
  • Automated, secure, and accessible by administrators.
    (Incorrect)

Explanation

Centralized Logging: Should be automated, secure and even administrators should have limited access.
Question 112:

Skipped
Looking at our incident management plan, which of these can we possibly mitigate with a redundant geographical distant site?
  • Incidents.
  • Events.
  • Emergencies.
  • Disasters.
    (Correct)

Explanation

Disaster: Our entire facility is unusable for 24 hours or longer. If we are geographically diverse and redundant we can mitigate this a lot. Yes, a snowstorm can be a disaster.
Question 113:

Skipped

On which layer of the Open Systems Interconnection model (OSI) model would we find the broadcast address FF:FF:FF:FF:FF:FF?

  • E: Layer 1.
  • C: Layer 3.
  • B: Layer 4.
  • D: Layer 2.
    (Correct)
  • A: Layer 5.

Explanation

FF:FF:FF:FF:FF:FF is the layer 2 broadcast address. Layer 2 uses mac addresses.
Question 114:

Skipped
What is LDAP COMMONLY used for?
  • Managing firewall and router access lists.
  • Hashing passwords.
  • Internet routing protocol.
  • Central username and password storage.
    (Correct)

Explanation

LDAP (The Lightweight Directory Access Protocol) is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users. Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389.
Question 115:

Skipped
Which of these would be an IP socket-pair?
  • 10.0.10.1:80 and 21.12.12.1
  • 10.0.10.1 and 21.12.12.1
  • 10.0.10.1:http and 21.12.12.1:51515
    (Correct)
  • 10.0.10.1 and 21.12.12.1:https

Explanation

Socket Pairs (TCP): 2 sets of IP and Port (Source and Destination). This could be Source pair:192.168.0.6:49691 Destination pair: 195.122.177.218:https. Well-known ports are often translated, port 443 is https.
Question 116:

Skipped
As part of our software testing, we are doing static software testing. What are we doing?
  • Build scripts and tools that would simulate normal user activity.
  • Test the code while executing it.
  • Passively test the code, but not run it.
    (Correct)
  • Submit random malformed input to crash the software or elevate privileges.

Explanation

Static testing – Passively testing the code, it is not running. This is walkthroughs, syntax checking, and code reviews. Looks at the raw source code itself looking for evidence of known insecure practices, functions, libraries, or other characteristics having been used in the source code.
Question 117: Correct

To ensure the confidentiality, integrity, and availability of our backup tapes, where would it be appropriate to store them?
  • Our data center.
  • Under the bed.
  • A closet we have access to.
  • In a backup storage facility.
    (Correct)

Explanation

Where do we keep our sensitive data? It should be kept in a secure, climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too. Many older breaches were from bad policies around tape backups. Tapes were kept at the homes of employees instead of at a proper storage facility or in a storage room with no access logs and no access restrictions (often unencrypted).
Question 118: Correct

When we are reviewing our audit logs, it is which type of a control?
  • Deterrent.
  • Preventative.
  • Detective.
    (Correct)
  • Physical.

Explanation

Audit log reviews is a detective control, we look at what happened after it happened, looking for patterns and issues.
Question 119:

Skipped
To establish a TCP session, we are using the TCP 3-way handshake. What is the correct order of the handshake?
  • SYN > ACK > ACK.
  • SYN > SYN/ACK > ACK.
    (Correct)
  • SYN > SYN/ACK > SYN.
  • SYN/ACK > ACK > SYN.

Explanation

The 3-way handshake is client SYN > Server SYN/ACK > Client ACK.
Question 120:

Skipped
What does SOC2 type 1 report on?
  • The suitability of the design of controls.
    (Correct)
  • How resilient our systems are and how often we can expect exploits with our current settings.
  • The future state of our controls and countermeasures.
  • The suitability of the design AND operating effectiveness of controls.

Explanation

SOC 2 Type 1 report on management’s description of a service organization’s system and the suitability of the design of controls.
Question 121: Correct

What is happening when we experience buffer overflows?
  • The buffer overruns its boundaries and overwrites adjacent hard disk locations.
  • We are not using SSL/TLS.
  • The buffer overruns its boundaries and overwrites adjacent memory locations.
    (Correct)
  • User session IDs or tokens are stolen.

Explanation

Buffer overflow (buffer overrun): An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations, happen from improper coding when a programmer fails to perform bounds checking. Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs, if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, if an anomalous transaction produces more data it could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes. By sending in data designed to cause a buffer overflow, it is possible to write into areas known to hold executable code, and replace it with malicious code.
Question 122: Correct

What would we NOT look at in a security assessment?
  • Security audits.
  • Employee performance.
    (Correct)
  • Penetration tests.
  • Change management.

Explanation

Security Assessments: A full picture approach to assessing how effective our access controls are, they have a very broad scope. We would not look at Employee performance. Security assessments often span multiple areas, and can use some or all of these components: Policies, procedures, and other administrative controls. Assessing the real world-effectiveness of administrative controls. Change management. Architectural review. Penetration tests. Vulnerability assessments. Security audits.
Question 123:

Skipped
Using EEPROM makes work easier for our IT staff, what is one of the dangers associated with it?
  • Anyone can easily access it.
  • There are no dangers, it is completely safe.
  • Since it is programmable, attackers can attack it.
    (Correct)
  • Flashing with an UV light can damage your eyes.

Explanation

EEPROM (Electrically Erasable Programmable Read Only memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers.
Question 124:

Skipped
After a major security incident, we need to provide the chain of custody logs for one of the compromised hard drives. Which of these should NOT be part of the logs?
  • What was found.
    (Correct)
  • Who handled it.
  • When they did it.
  • What was done.

Explanation

With the chain of custody everything is documented: Who had it when? What was done? When did they do it? Not what was found.
Question 125: Incorrect

As part of a security assessment we are having an external company do penetration testing. What do we call a penetration test where the tester has full admin level knowledge about our organization and IT infrastructure? (Select all that apply).
  • White box.
    (Correct)
  • Gray box.
  • Black box.
  • Full box.
  • Crystal box.
    (Correct)
  • Clear box.
    (Correct)

Explanation

White box (Crystal/Clear) Pen testing: (Full Knowledge). The attacker has knowledge of the internal network and access to it like a privileged employee would. Normally Administrator access employee with full knowledge of our environment. There is no full box, gray is partial knowledge and black is no knowledge.
Continue

Course content

 

  • Start

    Practice Test 1: CISSP certification: Full 125 question practice test #1 – test 1

  • Start

    Practice Test 2: CISSP certification: Full 125 question practice test #1 – test 2

  • Start

    Practice Test 3: 10 CISSP bonus questions from test #2!

About this course

CISSP certification practice questions #1 – 2 FULL 125 question CISSP tests – 250

TIMELINE FOR NEXT FACE TO FACE ONLINE LECTURES

May 2023
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

SEARCH

The Four CISSP Exam Frameworks A good way to look at the CISSP exam is to view in through the lens of four different frameworks: CIA: Confidentiality, Integrity and Availability. Technology: technical skills. Management: what is the best approach to do something from a security manager’s perspective? Risk: risk management which is very important topic in the exam Every time you see a CISSP question, you should be able to look it from one of those perspectives or frameworks. If you get a question about symmetric vs asymmetric encryption, then that’s the technology perspective and the question is testing your technical knowledge. A question about the company’s best approach for security, is challenging your management perspective, and here you should put your self in the place of a security manager and think how would a security manager act in the situation. Then you have questions about availability vs confidentiality vs integrity and this is the CIA perspective, while a question about the annual loss expectancy (ALE) is related to risk management. What is the difference between differential and incremental backups? The difference in incremental vs. differential backup is that, while an incremental backup only includes the data that has changed since the previous backup, a differential backup contains all of the data that has changed since the last full backup.1

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.