CISSP Security Assessment Testing Security Operations Exam Set 5

Which Orange Book evaluation level is described as "Verified Design"?


Options are :

  • B2.
  • B3
  • A1.
  • B1.

Answer :A1.

CISSP Security Engineering Certification Practical Exam Set 8

Which of the following best describes signature-based detection?


Options are :

  • Compare source code, looking for events or sets of events that could cause damage to a system or network.
  • Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.
  • Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.
  • Compare system activity for the behavior patterns of new attacks.

Answer :Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.

Which of the following is required in order to provide accountability?


Options are :

  • Integrity
  • Authentication
  • Confidentiality
  • Audit trails

Answer :Audit trails

Which of the following questions is LESS likely to help in assessing identification and authentication controls?


Options are :

  • Are inactive user identifications disabled after a specified period of time?
  • s there a process for reporting incidents?
  • Is a current list maintained and approved of authorized users and their access?
  • Are passwords changed at least every ninety days or earlier if needed?

Answer :s there a process for reporting incidents?

CISSP - Security Engineering Mock Questions

Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system.


Options are :

  • SFR, Protection Profile, Security Target
  • SFR, Security Target, Target of Evaluation
  • EAL, Security Target, Target of Evaluation
  • Protection Profile, Target of Evaluation, Security Target

Answer :Protection Profile, Target of Evaluation, Security Target

Which of the following would be the best reason for separating the test and development environments?


Options are :

  • To segregate user and development staff.
  • To restrict access to systems under test.
  • To secure access to systems under development.
  • To control the stability of the test environment

Answer :To control the stability of the test environment

You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls. Which method would you use in this scenario:


Options are :

  • Pivoting method
  • Black box Method
  • Grey Box Method
  • White Box Method

Answer :Pivoting method

CISSP Security Engineering Certification Practical Exam Set 4

Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of its internals?


Options are :

  • Black-box testing
  • Parallel Test
  • Pilot Testing
  • Regression Testing

Answer :Black-box testing

What setup should an administrator use for regularly testing the strength of user passwords?


Options are :

  • A networked workstation so that the live password database can easily be accessed by the cracking program.
  • A standalone workstation on which the password database is copied and processed by the cracking program.
  • A networked workstation so the password database can easily be copied locally and processed by the cracking program.
  • A password-cracking program is unethical; therefore it should not be used.

Answer :A standalone workstation on which the password database is copied and processed by the cracking program.

Which of the following is NOT an example of preventive control?


Options are :

  • Encrypt the data so that only authorize user can view the same
  • User login screen which allows only authorize user to access website
  • Physical access control like locks and door
  • Duplicate checking of a calculation

Answer :Duplicate checking of a calculation

CISSP - Software Development Security Mock Questions

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?


Options are :

  • Intrusion Management System (IMS)
  • Intrusion Detection System
  • Compliance Monitoring System
  • Compliance Validation System

Answer :Intrusion Detection System

Which of the following is NOT a critical security aspect of Operations Controls?


Options are :

  • Operators using resources
  • Data media used.
  • Environmental controls.
  • Controls over hardware.

Answer :Environmental controls.

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?


Options are :

  • Senior Management
  • IS security specialists
  • Senior security analysts
  • systems Auditors

Answer :Senior Management

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Who should measure the effectiveness of Information System security related controls in an organization?


Options are :

  • The systems auditor
  • The local security specialist
  • The central security manager
  • The business manager

Answer :The systems auditor

Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?


Options are :

  • A pattern matching IDS can only identify known attacks
  • Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams
  • An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines
  • Anomaly detection tends to produce more data

Answer :Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams

Which of the following is most appropriate to notify an external user that session monitoring is being conducted?


Options are :

  • Wall poster
  • Written agreement
  • Logon Banners
  • Employee Handbook

Answer :Logon Banners

CISSP - Security Engineering Mock Questions

The fact that a network-based IDS reviews packets payload and headers enables which of the following?


Options are :

  • Detection of denial of service
  • Detection of data corruption
  • Detection of all viruses
  • Detection of all password guessing attacks

Answer :Detection of denial of service

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a


Options are :

  • Detective control
  • Compensating control
  • Corrective control
  • Preventative control.

Answer :Detective control

Which of the following would best describe the difference between white-box testing and black-box testing?


Options are :

  • White-box testing is performed by an independent programmer team.
  • Black-box testing uses the bottom-up approach.
  • Black-box testing involves the business units
  • White-box testing examines the program internal logical structure.

Answer :White-box testing examines the program internal logical structure.

CISSP - Security and Risk Management Pratice Questions

Which of the following is a not a preventative control?


Options are :

  • Run a source comparison program between control and current source periodically
  • Establish procedures for emergency changes.
  • Require change requests to include information about dates, descriptions, cost analysis and anticipated effects.
  • Deny programmer access to production data.

Answer :Run a source comparison program between control and current source periodically

Business Continuity and Disaster Recovery Planning (Primarily) addresses the:


Options are :

  • Availability, Confidentiality and Integrity of the CIA triad
  • Availability of the CIA triad
  • . Integrity of the CIA triad
  • Confidentiality of the CIA triad

Answer :Availability of the CIA triad

CISSP - Security and Risk Management Pratice Questions

A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of the following?


Options are :

  • Redundant servers
  • Server clustering
  • Server fault tolerance
  • Multiple servers

Answer :Server clustering

Which of the following is BEST defined as a physical control?


Options are :

  • Logical access control mechanisms
  • Monitoring of system activity
  • Fencing
  • Identification and authentication methods

Answer :Fencing

Which of the following server contingency solutions offers the highest availability?


Options are :

  • System backups
  • Load balancing/disk replication
  • Electronic vaulting/remote journaling
  • Redundant arrays of independent disks (RAID)

Answer :Load balancing/disk replication

CISSP Security Assessment Testing Security Operations Exam Set 1

Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications?


Options are :

  • External Hot site
  • Dual Data Center
  • Internal Hot Site
  • Warm Sit

Answer :Internal Hot Site

Which of the following statements pertaining to RAID technologies is incorrect?


Options are :

  • RAID-0 relies solely on striping.
  • RAID-5 has a higher performance in read/write speeds than the other levels
  • RAID-4 uses dedicated parity.
  • RAID-3 uses byte-level striping with dedicated parity.

Answer :RAID-5 has a higher performance in read/write speeds than the other levels

Which of the following is a transaction redundancy implementation?


Options are :

  • On-site mirroring
  • Remote Journaling
  • Electronic Vaulting
  • Database Shadowing

Answer :On-site mirroring

CISSP Security Engineering Certification Practical Exam Set 6

What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?


Options are :

  • The least critical functions should be moved back first
  • The most critical operations are moved from alternate site to primary site before others
  • You move items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site
  • Operation may be carried by a completely different team than disaster recovery team

Answer :The least critical functions should be moved back first

Which of the following is the most critical item from a disaster recovery point of view?


Options are :

  • Software Applications
  • Communication Links
  • Data
  • Hardware/Software

Answer :Data

A Differential backup process:


Options are :

  • Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
  • Backs up data labeled with archive bit 1 and changes the data label to archive bit 0
  • Backs up data labeled with archive bit 0 and changes the data label to archive bit 1
  • Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0

Answer :Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1

CISSP - Software Development Security Mock Questions

If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below?


Options are :

  • Acquisition collection and identification
  • Destruction
  • Storage, preservation, and transportation
  • Analysis

Answer :Destruction

The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:


Options are :

  • Security Testing.
  • Design Verification.
  • System Architecture Specification.
  • System Integrity.

Answer :System Integrity.

Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations?


Options are :

  • Maintain access rosters of maintenance personnel who are not authorized to work on the system
  • Escort all contractors with access to the system while on site
  • Restrict access to main air intake points to persons who have a work-related reason to be there
  • Ensure that all air intake points are adequately secured with locking devices

Answer :Maintain access rosters of maintenance personnel who are not authorized to work on the system

CISSP Security Assessment Testing Security Operations Exam Set 6

Which of the following teams should NOT be included in an organization's contingency plan?


Options are :

  • Damage assessment team
  • Legal affairs team
  • Tiger team
  • Hardware salvage team

Answer :Tiger team

Organizations should not view disaster recovery as which of the following?


Options are :

  • Enforcement of legal statutes.
  • Committed expense.
  • Discretionary expense
  • Compliance with regulations

Answer :Discretionary expense

Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?


Options are :

  • Strict version control should be maintained
  • The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan.
  • Copies of the plan should be provided to recovery personnel for storage offline at home and office.
  • The plan should be reviewed at least once a year for accuracy and completeness.

Answer :The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan.

CISSP - Mock Questions with all domains

The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels?


Options are :

  • B2 and above.
  • C2 and above.
  • B1 and above.
  • C1 and above.

Answer :C2 and above.

Prior to a live disaster test also called a Full Interruption test, which of the following is most important?


Options are :

  • Conduct of a successful Parallel Test
  • Arrange physical security for the test site.
  • Restore all files in preparation for the test
  • Document expected findings.

Answer :Conduct of a successful Parallel Test

Which of the following items is NOT a benefit of cold sites?


Options are :

  • A secondary location is available to reconstruct the environmen
  • No resource contention with other organization
  • Low Cost
  • . Quick Recovery

Answer :. Quick Recovery

CISSP Communication and Network Security Practice Exam Set 6

The first step in the implementation of the contingency plan is to perform:


Options are :

  • A firmware backup
  • An application software backup
  • A data backup
  • An operating systems software backup

Answer :A data backup

What is the MOST critical piece to disaster recovery and continuity planning?


Options are :

  • Availability of backup information processing facilities
  • Security policy
  • Management support
  • Staff trainin

Answer :Management support

Which of the following statements regarding an off-site information processing facility is TRUE?


Options are :

  • It should be located in proximity to the originating site so that it can quickly be made operational.
  • Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
  • t should be easily identified from the outside so in the event of an emergency it can be easily found.
  • It should have the same amount of physical access restrictions as the primary processing site.

Answer :It should have the same amount of physical access restrictions as the primary processing site.

CISSP - Communications and Network Security Mock Questions

Covert Channel Analysis is FIRST introduced at what level of the TCSEC rating?


Options are :

  • B1 and above.
  • C2 and above.
  • B2 and above
  • B3 and above.

Answer :B2 and above

Which of the following questions is less likely to help in assessing an organization's contingency planning controls?


Options are :

  • Is there an up-to-date copy of the plan stored securely off-site?
  • s the location of stored backups identified?
  • Is damaged media stored and/or destroyed?
  • Are the backup storage site and alternate site geographically far enough from the primary site?

Answer :Is damaged media stored and/or destroyed?

Which of the following backup sites is the most effective for disaster recovery


Options are :

  • Cold sites
  • Reciprocal Agreement
  • Hot sites
  • Time brokers

Answer :Hot sites

CISSP Security Engineering Certification Practice Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions