CISSP Security Engineering Certification Practical Exam Set 3

What is an error called that causes a system to be vulnerable because of the environment in which it is installed?


Options are :

  • Configuration error
  • Environmental error (Correct)
  • Exceptional condition handling error
  • Access validation error

Answer : Environmental error

CISSP - Mock Questions with all domains

Individual accountability does not include which of the following?


Options are :

  • unique identifiers
  • audit trails
  • policies and procedures (Correct)
  • access rules

Answer : policies and procedures

A public key algorithm that does both encryption and digital signature is which of the following?


Options are :

  • DES
  • RSA (Correct)
  • Diffie-Hellman
  • IDEA

Answer : RSA

In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?


Options are :

  • Subordinate CA
  • Master CA
  • Top Level CA (Correct)
  • Big CA

Answer : Top Level CA

CISSP Security Engineering Certification Practice Exam Set 8

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?


Options are :

  • Phase 2
  • No peer authentication is performed
  • Pre Initialization Phase
  • Phase 1 (Correct)

Answer : Phase 1

Which of the following is the most costly countermeasure to reducing physical security risks?


Options are :

  • Electronic Systems
  • Security Guards (Correct)
  • Hardware Devices
  • Procedural Controls

Answer : Security Guards

What is a characteristic of using the Electronic Code Book mode of DES encryption?


Options are :

  • The previous DES output is used as input.
  • Individual characters are encoded by combining output from earlier encryption routines with plaintext.
  • A given block of plaintext and a given key will always produce the same ciphertext (Correct)
  • Repetitive encryption obscures any repeated patterns that may have been present in the plaintext.

Answer : A given block of plaintext and a given key will always produce the same ciphertext

CISSP - Security and Risk Management Pratice Questions

What is the role of IKE within the IPsec protocol?


Options are :

  • enforcing quality of service
  • data signature
  • data encryption
  • peer authentication and key exchange (Correct)

Answer : peer authentication and key exchange

What is the Biba security model concerned with?


Options are :

  • Confidentiality
  • Reliability
  • Availability
  • Integrity (Correct)

Answer : Integrity

Which of the following statements is TRUE about data encryption as a method of protecting data?


Options are :

  • It requires careful key management (Correct)
  • It is usually easily administered
  • It makes few demands on system resources
  • It should sometimes be used for password files

Answer : It requires careful key management

CISSP Security and Risk Management Certified Practice Exam Set 3

You have been approached by one of your clients. They are interested in doing some security re-engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client?


Options are :

  • Bell LaPadula
  • Biba
  • Information Flow Model combined with Bell LaPadula (Correct)
  • Information Flow Model

Answer : Information Flow Model combined with Bell LaPadula

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?


Options are :

  • TLS and SSL
  • PKCS#10 and X.509
  • S/MIME and SSH
  • IPsec and L2TP (Correct)

Answer : IPsec and L2TP

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?


Options are :

  • 64 bits of data input results in 56 bits of encrypted output
  • 128 bit key with 8 bits used for parity
  • 56 bits of data input results in 56 bits of encrypted output
  • 64 bit blocks with a 64 bit total key length (Correct)

Answer : 64 bit blocks with a 64 bit total key length

CISSP - Mock Questions with all domains

The RSA Algorithm uses which mathematical concept as the basis of its encryption?


Options are :

  • PI (3.14159...)
  • Geometry
  • Two large prime numbers (Correct)
  • 16-round ciphers

Answer : Two large prime numbers

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?


Options are :

  • The Bell-LaPadula integrity model
  • The Biba integrity model
  • The Clark Wilson integrity model (Correct)
  • The Take-Grant model

Answer : The Clark Wilson integrity model

Which security model uses an access control triple and also requires separation of duty?


Options are :

  • Bell-LaPadula
  • Clark-Wilson (Correct)
  • DAC
  • Lattice

Answer : Clark-Wilson

CISSP - Mock Questions with all domains

Which one of the following authentication mechanisms creates a problem for mobile users?


Options are :

  • One-time password mechanism
  • Mechanism with reusable passwords
  • Mechanisms based on IP addresses (Correct)
  • Challenge response mechanism.

Answer : Mechanisms based on IP addresses

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?


Options are :

  • Use of the recipient's public key for encryption and decryption based on the recipient's private key.
  • Use of software encryption assisted by a hardware encryption accelerator.
  • Use of public key encryption to secure a secret key, and message encryption using the secret key. (Correct)
  • Use of elliptic curve encryption.

Answer : Use of public key encryption to secure a secret key, and message encryption using the secret key.

Which of the following was the FIRST mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access?


Options are :

  • Biba
  • Clark-Wilson
  • State machine
  • Bell-LaPadula (Correct)

Answer : Bell-LaPadula

CISSP Security Engineering Certification Practical Exam Set 8

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?


Options are :

  • chosen plaintext
  • known plaintext (Correct)
  • brute force
  • ciphertext only

Answer : known plaintext

Which of the following algorithms does NOT provide hashing?


Options are :

  • MD5
  • RC4 (Correct)
  • SHA-1
  • MD2

Answer : RC4

Which of the following components are considered part of the Trusted Computing Base?


Options are :

  • Trusted computer operators and system managers (Correct)
  • Trusted hardware and firmware.
  • Trusted hardware and software.
  • Trusted hardware, software and firmware.

Answer : Trusted computer operators and system managers

CISSP - Software Development Security Mock Questions

Which of the following models does NOT include data integrity or conflict of interest?


Options are :

  • Bell-LaPadula (Correct)
  • Biba
  • Brewer-Nash
  • Clark-Wilson

Answer : Bell-LaPadula

Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?


Options are :

  • Secure Shell (SSH-2)
  • Encapsulating Security Payload (ESP)
  • Secure Sockets Layer (SSL)
  • Authentication Header (AH) (Correct)

Answer : Authentication Header (AH)

What is the length of an MD5 message digest?


Options are :

  • varies depending upon the message size
  • 160 bits
  • 128 bits (Correct)
  • 256 bits

Answer : 128 bits

CISSP-ISSEP Information Systems Security Engineering Exam Set 6

Which of the following is NOT a true statement regarding the implementation of the 3DES modes?


Options are :

  • DES-EEE2 uses two keys
  • DES-EEE3 uses three keys
  • DES-EDE2 uses two keys
  • DES-EEE1 uses one key (Correct)

Answer : DES-EEE1 uses one key

PGP uses which of the following to encrypt data?


Options are :

  • A symmetric key distribution system
  • A symmetric encryption algorithm (Correct)
  • An asymmetric encryption algorithm
  • An X.509 digital certificate

Answer : A symmetric encryption algorithm

The BIGGEST difference between System High Security Mode and Dedicated Security Mode is:


Options are :

  • The clearance required
  • Need-to-know (Correct)
  • Subjects cannot access all objects
  • Object classification

Answer : Need-to-know

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?


Options are :

  • Algorithms that are immune to brute force key attacks
  • The use of good key generators.
  • Nothing can defend you against a brute force crypto key attack.
  • The use of session keys. (Correct)

Answer : The use of session keys.

Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?


Options are :

  • Rivest, Shamir, Adleman (RSA)
  • Advanced Encryption Standard (AES)
  • Elliptic Curve Cryptography (ECC) (Correct)
  • El Gamal

Answer : Elliptic Curve Cryptography (ECC)

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions