CISSP - Communications and Network Security Mock Questions

During a security audit, we found some security issues that we need to address. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we implement to mitigate layer 2 threats?

Options are :

  • Installing UPS' in the data center.
  • Start using firewalls.
  • Access Lists.
  • Shut down open unused ports. (Correct)

Answer : Shut down open unused ports.

Explanation Layer 2 devices: Switches are bridges with more than 2 ports. Each port is it’s own collision domain, fixing some of the issues with collisions. Uses MAC addresses to direct traffic. Good switch security includes: Shutting unused ports down. Put ports in specific VLANs. Using the MAC Sticky command to only allow that MAC to use the port, either with a warning or shut command if another MAC accesses the port. Use VLAN pruning for Trunk ports.

CISSP - Security Operations Mock Questions

Which network topology did ARCNET use?

Options are :

  • Tree.
  • Star. (Correct)
  • Mesh.
  • Ring.

Answer : Star.

Explanation ARCNET (Attached Resource Computer Network): Used network tokens for traffic, no collisions. Used a Star topology. 2.5Mbps.

When Bob's workstation is requesting a new IP address from the DHCP server, which well-known port would the DHCP client use?

Options are :

  • 67
  • 68 (Correct)
  • 23
  • 22

Answer : 68

Explanation DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.

Looking at US legacy internet speeds, a T3 connection would bundle T1 connections. What was the speed of a T3 internet connection?

Options are :

  • 44.736Mbps. (Correct)
  • 34.368Mbps.
  • 2.048Mbps.
  • 1.544Mbps.

Answer : 44.736Mbps.

Explanation T3 (US): 28 bundled T1 lines, creating a dedicated 44.736 Mbps circuit.

CISSP - Mock Questions with all domains

We are implementing new networking infrastructure in our organization. The new infrastructure is using Carrier-sense multiple access with collision detection (CSMA/CD). What are we implementing?

Options are :

  • Ethernet. (Correct)
  • Wireless.
  • Internet.
  • Extranet.

Answer : Ethernet.

Explanation CSMA/CD (Carrier Sense Multiple Access Collision Detection): Used for systems that can send and receive at the same time, like Ethernet. If two clients listen at the same time and see the line is clear, they can both transmit at the same time, causing collisions; CD is added to help with this scenario. Clients listen to see if the line is idle, and if idle, they send; if in use, they wait a random amount of time (milliseconds). While transmitting, they monitor the network. If more input is received than sent, another workstation is also transmitting, and they send a jam signal to tell the other nodes to stop sending, and wait for a random amount of time before starting to retransmit.

We have implemented pool Network Address Translation (NAT). How many public IP addresses do we need if we are using 5 private IP addresses and they all need internet access at the same time?

Options are :

  • 1
  • 5 (Correct)
  • 6
  • 10

Answer : 5

Explanation Pool NAT: Translates 1-1, we need 1 Public IP per Private IP accessing the internet, but a pool was available to all clients not assigned to specific clients.

Which port is used by our DHCP servers to communicate with the clients?

Options are :

  • 22
  • 23
  • 67 (Correct)
  • 68

Answer : 67

Explanation DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.

CISSP - Software Development Security Mock Questions

Using the OSI model, which of these are COMMON layer 5-7 threats?

Options are :

  • Eavesdropping.
  • Worms. (Correct)
  • Ping of death.
  • SYN floods.

Answer : Worms.

Explanation A computer worm is a standalone malware computer program that replicates itself to spread to other computers; they normally operate on OSI layer 5-7.

On which layer of the OSI model would we consider physical security?

Options are :

  • 3
  • 4
  • 2
  • 1 (Correct)

Answer : 1

Explanation Layer 1: Physical Layer: wires, fiber, radio waves, hub, part of NIC, connectors (wireless).

We want our employees to be connected without interruptions wherever they go: break rooms, meeting rooms, and their desks. What would be the BEST to use?

Options are :

  • Wireless. (Correct)
  • Copper Ethernet.
  • Coax copper.
  • Fiber Ethernet.

Answer : Wireless.

Explanation To stay connected with employees roaming we need to not be connected to cables, wireless is the only option.

CISSP Security Engineering Certification Practical Exam Set 7

We have implemented a solution where networking traffic can use DIFFERENT paths. What did we implement?

Options are :

  • Circuit switching.
  • Full traffic switching.
  • Packet switching. (Correct)
  • Weighted routing tables.

Answer : Packet switching.

Explanation Packet switching - Cheap, but no capacity guarantee, very widely used today. Data is sent in packets, but take multiple different paths to the destination. The packets are reassembled at the destination.

In the TCP/IP model, frames and bits are the PDUs of which layer?

Options are :

  • Internetworks.
  • Link and physical. (Correct)
  • Transport.
  • Application.

Answer : Link and physical.

Explanation Frames and bits are the PDUs of the Link and physical layer of the TCP/IP model. (Frames are OSI layer 2 and bits are OSI layer 1).

If we wanted the CHEAPEST possible cable for connecting our workstations to switches, what would we use?

Options are :

  • Wireless.
  • Copper Ethernet. (Correct)
  • Coax copper.
  • Fiber Ethernet.

Answer : Copper Ethernet.

Explanation The cheapest cable would be copper Ethernet, normally to workstations we are not so worried about sniffing and EMI.

CISSP Security Engineering Certification Practice Exam Set 4

Looking at the Open Systems Interconnect model, which of these are COMMON layer 1 threats?

Options are :

  • ARP spoofing.
  • Eavesdropping. (Correct)
  • Ping of death.
  • SYN floods.

Answer : Eavesdropping.

Explanation Eavesdropping is done on copper Ethernet, which are part of layer 1 of the OSI model.

On which layer of the TCP/IP model would we find IP Addresses?

Options are :

  • Transport.
  • Internetworks. (Correct)
  • Application.
  • Link and physical.

Answer : Internetworks.

Explanation Internet/Internetwork layer is responsible of sending packets across potentially multiple networks. Requires sending data from the source network to the destination network (routing). The Internet Protocol performs two basic functions: Host addressing and identification: This is done with a hierarchical IP addresses. Packet routing: Sending the packets of data (datagrams) from the source to the destination by forwarding them to the next network router closer to the final destination.

Looking at legacy speeds in Europe, what was the speed of an E1 connection?

Options are :

  • 34.368Mbps.
  • 44.736Mbps.
  • 2.048Mbps. (Correct)
  • 1.544Mbps.

Answer : 2.048Mbps.

Explanation E1 (Europe): Dedicated 2,048 circuit carrying 30 channels.

CISSP Security Engineering Certification Practical Exam Set 2

In the TCP/IP model, packets are the protocol data units (PDUs) of which layer?

Options are :

  • Internetworks. (Correct)
  • Link and physical.
  • Application.
  • Transport.

Answer : Internetworks.

Explanation Packets are the PDUs of the Internetwork layer of the TCP/IP model. (OSI layer 3 - Networking layer).

When our engineers are talking about "the internet", to what are they referring?

Options are :

  • An organization's privately owned and operated internal network.
  • The local area network we have in our home.
  • Connected private intranets often between business partners or parent/child companies.
  • The global collection of peered WAN networks, often between ISPs or long haul providers. (Correct)

Answer : The global collection of peered WAN networks, often between ISPs or long haul providers.

Explanation The Internet is a global collection of peered WAN networks, it really is a patchwork of ISP’s.

CISSP - Security Operations Mock Questions

When we talk about multicast, the traffic using it is using which of these?

Options are :

  • One-to-one.
  • One-to-all.
  • One-to-many. (Correct)
  • All-to-one.

Answer : One-to-many.

Explanation Multicast -one-to-many (predefined): The traffic is sent to everyone in a predefined list.

We use the DNS protocol every day, but what does it do?

Options are :

  • Translates server names into IP addresses. (Correct)
  • Prevents ARP poisoning.
  • Allows users to securely browse the internet.
  • Assign IP addresses to our hosts.

Answer : Translates server names into IP addresses.

Explanation DNS (Domain Name System): Translates server names into IP Addresses, uses TCP and UDP Port 53. Google.com can get translated into 66.102.12.231 or 2607:f8b0:4007:80b::200e depending on requesters IP.

When choosing a cable type for our data center we are looking at different pros and cons. Which of these cable type has attenuation?

Options are :

  • Copper. (Correct)
  • Glass.
  • Fiber.
  • Wireless.

Answer : Copper.

Explanation Attenuation is the signal getting weaker the farther it travels. Copper lines have attenuation, with DSL the farther you are from the DSLAM (Digital Subscriber Line Access Multiplexer) the lower speed you get.

CISSP Security Engineering Certification Practice Exam Set 1

In a security audit, we have found some security flaws that can compromise our availability. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we suggest for layer 1?

Options are :

  • Installing UPS' in the data center. (Correct)
  • Start using firewalls.
  • Shut down open unused ports.
  • Access Lists.

Answer : Installing UPS' in the data center.

Explanation Having uninterrupted power can prevent the entire data center going down when we lose power.

Which of these remote access protocol sends all data in plaintext?

Options are :

  • Command prompt.
  • PowerShell.
  • Secure Shell.
  • Telnet. (Correct)

Answer : Telnet.

Explanation Telnet is used for remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

The port numbers we use can categorized as well-known, registered, or dynamic/private/ephemeral ports. Which of these is NOT a well-known port?

Options are :

  • 1024 (Correct)
  • 80
  • 666
  • 1023

Answer : 1024

Explanation Well-known Ports are the ports from port 0-1023, they are mostly used for protocols.

CISSP - Mock Questions with all domains

Looking at legacy internet speeds. What was the speed of the European E3 connections?

Options are :

  • 1.544Mbps.
  • 2.048Mbps.
  • 44.736Mbps.
  • 34.368Mbps. (Correct)

Answer : 34.368Mbps.

Explanation E3 (Europe): 16 bundled E1 lines, creating a dedicated 34.368 Mbps circuit.

Which of these file transfer protocols would use the TLS and SSL protocols?

Options are :

  • FTPS (Correct)
  • FTP.
  • TFTP.
  • SFTP.

Answer : FTPS

Explanation FTPS (FTP Secure) - Uses TLS and SSL to add security to FTP.

Jane is considering using Shielded Twisted Pair (STP) copper Ethernet cables over Unshielded Twisted Pair (UTP) copper Ethernet cables. What would be a reason to consider that?

Options are :

  • They are less susceptible to EMI. (Correct)
  • They cost less.
  • They are more flexible.
  • There is never a good reason to use STP over UTP.

Answer : They are less susceptible to EMI.

Explanation STP (Shielded Twisted Pair): Has extra metal mesh shielding around each pair of cables, making them less susceptible to EMI, but also making the cables thicker, stiffer and more expensive.

CISSP - Security Operations Mock Questions

Looking at these transport protocol, which of them transports files using Secure Shell (SSH)?

Options are :

  • FTPS
  • TFTP.
  • FTP.
  • SFTP. (Correct)

Answer : SFTP.

Explanation SFTP (SSH /Secure File Transfer Protocol) - Uses SSH to add security to FTP.

CISSP - Security Operations Mock Questions

At a financial steering committee meeting, you are asked about the difference between private and public IP addresses. Which of these IPs are public addresses? (Select all that apply).

Options are :

  • 172.32.1.0 (Correct)
  • 172.15.11.45 (Correct)
  • 154.12.5.1 (Correct)
  • 10.2.4.255
  • 192.168.44.12

Answer : 172.32.1.0 172.15.11.45 154.12.5.1

Explanation The easiest way to remember if an IP is private or public is to remember the 3 private ranges. Private Addresses (RFC 1918 – Not routable on the internet): 10.0.0.0 - 10.255.255.255 (10.0.0.0/8), 172.16.0.0 - 172.31.255.255 (172.16.0.0/12) and 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)

As part of our server hardening, we have chosen to block TCP port 21. What are we blocking?

Options are :

  • FTP control. (Correct)
  • SSH.
  • Telnet.
  • FTP data transfer.

Answer : FTP control.

Explanation FTP (File Transfer Protocol): Uses TCP Port 21 for the control collection - commands are sent here.

Jane is talking to a clinical director and she mentions we would use one of our SANs for an implementation we are doing for the director. What does the abbreviation SAN mean in this case?

Options are :

  • Switch area network.
  • Segment area network.
  • Server area network.
  • Storage area network. (Correct)

Answer : Storage area network.

Explanation SAN (Storage Area Network) protocols provides a cost-effective ways that uses existing network infrastructure technologies and protocols to connect servers to storage. A SAN allows block-level file access across a network, it acts like an attached hard drive.

CISSP Security Engineering Certification Practice Exam Set 2

Attackers are using distributed denial of service (DDOS) attacks on our organization using UDP flood. How does that type of DDOS attack work?

Options are :

  • Sends many ethernet frames, each with different media access control addresses.
  • Sends many IP addresses to a router.
  • Opens many TCP sessions but never replies to the ACK from the host.
  • Sends many user datagram protocol packets. (Correct)

Answer : Sends many user datagram protocol packets.

Explanation UDP (User datagram protocol) floods are used frequently for larger bandwidth DDoS attacks because they are connectionless and it is easy to generate UDP messages from many different scripting and compiled languages.

Our networking department is recommending we use a baseband solution for an implementation. Which of these is a KEY FEATURE of those?

Options are :

  • Only one system on the network can send one signal at a time. (Correct)
  • One way communication, one system transmits the other receives, direction can be reversed.
  • One way communication, one system transmits the other receives, direction can't be reversed.
  • Both systems can send and receive at the same time.

Answer : Only one system on the network can send one signal at a time.

Explanation Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT? STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.

All of these are examples of distributed denial of service (DDOS) attacks, except one. Which of these is NOT a DDOS attack?

Options are :

  • UDP flood.
  • SYN flood.
  • IPSec flood. (Correct)
  • MAC flood.

Answer : IPSec flood.

Explanation There are many different types of DDOS (distributed denial of service) attacks, there is no such thing as an IPSec flood. UDP, SYN and MAC floods are all DDOS attacks.

CISSP - Security Operations Mock Questions

We have chosen to block TCP port 443 on a segment of our servers. What are we blocking?

Options are :

  • POP3.
  • HTTP.
  • SMTP.
  • HTTPS. (Correct)

Answer : HTTPS.

Explanation Hypertext Transfer Protocol over TLS/SSL (HTTPS) uses TCP port 443.

What would happen if we are using a Bus topology in our LAN design, and a cable breaks?

Options are :

  • Nothing all nodes are connected to the switch by themselves.
  • Nothing the traffic just moves the other way.
  • Traffic stops at the break. (Correct)
  • The traffic is redirected.

Answer : Traffic stops at the break.

Explanation Bus: All nodes are connected in a line, each node inspects traffic and passes it along. Not very stable, a single break in the cable will break the signal to all nodes past that point, including communication between nodes way past the break. Faulty NICs (Network Interface Card) can also break the chain.

On our workstations, we are implementing new security measures. As part of that, we will start blocking TCP port 20. Which protocol are we blocking?

Options are :

  • FTP control.
  • FTP data transfer. (Correct)
  • Telnet.
  • SSH.

Answer : FTP data transfer.

Explanation FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer - the actual data is sent here.

CISSP - Security and Risk Management Pratice Questions

A security audit has uncovered some security flaws in our organization. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could they suggest for layer 3?

Options are :

  • Installing UPS' in the data center.
  • Start using firewalls.
  • Access Lists. (Correct)
  • Shut down open unused ports.

Answer : Access Lists.

Explanation ACL (access control list) is a sequential list of permit or deny statements that apply to the IP address and or upper-layer protocols. Packet filtering works at the network layer (layer 3) of the OSI model.

Attackers are using Distributed Denial Of Service (DDOS) attacks on our organization using SYN flood. How does that attack work?

Options are :

  • Opens many TCP sessions but never replies to the ACK from the host. (Correct)
  • Sends many IP addresses to a router.
  • Sends many ethernet frames, each with different media access control addresses,
  • Sends many user datagram protocol packets.

Answer : Opens many TCP sessions but never replies to the ACK from the host.

Explanation SYN floods are half open TCP (Transmission Control Protocol) sessions, client sends 1,000’s of SYN requests, but never the ACK.

Bob has been asked to implement system monitoring using SNMP, and it is a mandate the data must be encrypted. Which protocol should be use?

Options are :

  • SNMPv2
  • SNMPv3 (Correct)
  • SNMPv1
  • SNMPv4

Answer : SNMPv3

Explanation SNMPv1 and SNMPv2 sends data in cleartext. SNMPv3 uses encryption to provide CIA (Confidentiality, Integrity and Availability). There is as of yet no SNMPv4.

CISSP - Security and Risk Management Pratice Questions

Our networking department is recommending we use a half-duplex solution for an implementation. What is a KEY FEATURE of those?

Options are :

  • Both systems can send and receive at the same time.
  • One way communication, one system transmits the other receives, direction can be reversed. (Correct)
  • Only one system on the network can send one signal at a time.
  • One way communication, one system transmits the other receives, direction can't be reversed.

Answer : One way communication, one system transmits the other receives, direction can be reversed.

Explanation Half-duplex communication sends or receives at one time only (Only one system can transmit at a time).

Who is the organization responsible for delegating IP addresses to the ISPs in Asia, Australia, New Zealand, and the Pacific?

Options are :

  • LACNIC.
  • RIPE NNC.
  • APNIC. (Correct)
  • ARIN.

Answer : APNIC.

Explanation The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. APNIC (Asia-Pacific Network Information Centre): Asia, Australia, New Zealand, and neighboring countries.

CISSP Security Engineering Certification Practice Exam Set 6

As part of our updated security posture, we have started blocking TCP/UDP port 22 as a default. What are we blocking?

Options are :

  • FTP data transfer.
  • Telnet.
  • FTP control.
  • SSH. (Correct)

Answer : SSH.

Explanation SSH (Secure Shell) uses the well-known TCP/UDP port 22.

In today’s networking world we often make heavy use of switches. Which network topology do they use?

Options are :

  • Star. (Correct)
  • Ring.
  • Mesh.
  • Tree.

Answer : Star.

Explanation Star topology, all nodes are connected to a central device. This is what we normally use for ethernet, our nodes are connected to a switch.

We are building a new data center, and we will use the new site for real-time backups of our most critical systems. In the conduits between the demarc and the new server room, there are a lot of power cables. Which type of networking cables would be the BEST to use between the demarc and the server room?

Options are :

  • Fiber Ethernet. (Correct)
  • Copper Ethernet.
  • Wireless.
  • Coax copper.

Answer : Fiber Ethernet.

Explanation Fiber Optic Cables are not susceptible to EMI, so the cables can be run next to power cables with no adverse effects.

CISSP Security Engineering Certification Practical Exam Set 7

Which of these would we find on the Open System Interconnect (OSI model) model's layer 1?

Options are :

  • MAC addresses.
  • Switches.
  • Routers.
  • Hubs. (Correct)

Answer : Hubs.

Explanation Hubs are repeaters with more than 2 ports. They are layer 1 devices. All traffic is sent out all ports; no confidentiality or integrity; half-duplex and not secure at all.

We often segment threats into logical models using the OSI or TCP/IP model. Which of these is a COMMON OSI layer 3 threat?

Options are :

  • Ping of death. (Correct)
  • Eavesdropping.
  • SYN floods.
  • ARP spoofing.

Answer : Ping of death.

Explanation A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. Ping (ICMP) is a layer 3 protocol.

We are upgrading our documentation on the switch best practices we use in our organization. Which of these should NOT be something you would find on that documentation?

Options are :

  • Make all ports trunk ports. (Correct)
  • Use MAC sticky on ports.
  • Put all ports in specific VLANs.
  • Shut unused ports down.

Answer : Make all ports trunk ports.

Explanation Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.

CISSP - Software Development Security Mock Questions

Which type of networking cables would we use in our data center if we need to avoid EMI and save on cost?

Options are :

  • COAX.
  • Multi-mode fiber. (Correct)
  • Copper Ethernet.
  • Single-mode fiber.

Answer : Multi-mode fiber.

Explanation In data centers we would use multimode fiber over single mode fiber as they are cheaper, more versatile and neither are susceptible to EMI.

We are, as part of our server hardening, blocking unused ports on our servers. One of the ports we are blocking is TCP port 23. What are we blocking?

Options are :

  • Telnet. (Correct)
  • FTP data transfer.
  • FTP control.
  • SSH.

Answer : Telnet.

Explanation Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

CISSP Security Engineering Certification Practice Exam Set 9

Which of these is the Open Systems Interconnection (OSI) models layer 2 broadcast address?

Options are :

  • FF:FF:FF:FF:FF:FF (Correct)
  • 0.0.0.0
  • 255.255.255.255
  • 127.0.0.1

Answer : FF:FF:FF:FF:FF:FF

Explanation Layer 2 uses MAC addresses. They use the FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass.

Which of these protocol transports files in plaintext?

Options are :

  • FTPS
  • HTTPS:
  • SFTP.
  • FTP. (Correct)

Answer : FTP.

Explanation FTP (File Transfer Protocol): Transfers files to and from servers. No confidentiality or Integrity checks. Data is sent in plaintext. Should also not be used, since the vast majority of what we transport is over unsecure networks.

Which cable type would be the BEST to use for 30+ kilometer (20 miles) uninterrupted backbone cables?

Options are :

  • Single-mode fiber. (Correct)
  • Copper Ethernet.
  • Multi-mode fiber.
  • COAX.

Answer : Single-mode fiber.

Explanation Single mode fibers are used for backbones, it has no attenuation like copper, a single uninterrupted cable can be 150 miles+ (240km+) long. Single-Mode fiber - A Single strand of fiber carries a single mode of light (down the center), used for long distance cables (Often used in IP-Backbones).

CISSP - Security and Risk Management Pratice Questions

An attacker is using Smurf attacks. They happen on which layer of the Open Systems Interconnection model (OSI model)?

Options are :

  • D: Layer 2.
  • C: Layer 3. (Correct)
  • B: Layer 4.
  • A: Layer 5.
  • E: Layer 1.

Answer : C: Layer 3.

Explanation The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. ICMP is a layer 3 protocol.

We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking?

Options are :

  • IMAP. (Correct)
  • Microsoft Terminal Server (RDP).
  • NetBIOS name service.
  • NetBIOS datagram service.

Answer : IMAP.

Explanation Internet Message Access Protocol (IMAP) uses TCP port 143.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions