CISSP - Security Engineering Mock Questions

If we want to implement a type of encryption that uses discrete logarithms, which of these could we choose?

Options are :

  • AES.
  • Twofish.
  • ECC. (Correct)
  • DES.

Answer : ECC.

Explanation Elliptic Curve Cryptography (ECC) is a one-way function that uses discrete Logarithms applied to elliptical curves. Much stronger per bit than normal discrete Logarithms.

CISSP - Security and Risk Management Pratice Questions

Which of these would be the PRIMARY reason we would chose to use hash functions?

Options are :

  • Availability.
  • Confidentiality.
  • Integrity. (Correct)
  • Authorization.

Answer : Integrity.

Explanation Hash Functions (One-Way Hash Functions) are used for Integrity: A variable-length plaintext is hashed into a fixed-length value hash or MD (Message Digest). It is used to prove the Integrity of the data has not changed. Even changing a comma in a 1000 page document will produce an entirely new hash.

We have decided to change the type of hashing we use to a newer version that is collision resistant. What happens when a hash collision occurs?

Options are :

  • You can figure out the plain text from the hash.
  • The same plain text produces two different hashes using the same hash function.
  • A variable-length text produces a fixed-length hash.
  • When two different plaintexts produce the same hash. (Correct)

Answer : When two different plaintexts produce the same hash.

Explanation Collisions: When 2 hashes of different data provide the same hash. It is possible, but very unlikely.

With newer CPU (Central Processing Units) we can use pipelining, where each processor cycle does multiple tasks. Which of these are functions the CPU performs? (Select all that apply).

Options are :

  • Fetch. (Correct)
  • Decode. (Correct)
  • Execute. (Correct)
  • Store. (Correct)
  • Retrieve.
  • Combine.

Answer : Fetch. Decode. Execute. Store.

Explanation CPU (Central Processing Unit), uses Fetch, Decode, Execute, and Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction). Pipelining – Combining multiple steps into one process; can Fetch, Decode, Execute, Store in same clock cycle.

CISSP Security Engineering Certification Practical Exam Set 4

We are adding hashing to our passwords. Which of these is a hashing function we could consider?

Options are :

  • RSA.
  • RIPEMD. (Correct)
  • DES.
  • Salting.

Answer : RIPEMD.

Explanation Hash Functions: RIPEMD: Developed outside of defense to ensure no government backdoors. 128, 256, 320 bit hashes. Not widely used. No longer secure.

When an attacker is using a brute force attack to break a password, what are they doing?

Options are :

  • Trying to recover the key without breaking the encryption.
  • Looking at common letter frequency to guess the plaintext.
  • Trying every possible key to, over time, break any encryption. (Correct)
  • Looking at the hash values and comparing it to thousands or millions of pre-calculated hashes.

Answer : Trying every possible key to, over time, break any encryption.

Explanation Brute Force: Using the entire keyspace (every possible key); with enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad; it would eventually decrypt it, but it would also generate so many false positives that the data would be useless.

Which of these countermeasures would be effective against rainbow tables?

Options are :

  • Salting. (Correct)
  • Keeping hashes in plaintext.
  • Key stretching.
  • Limiting login attempts.

Answer : Salting.

Explanation Salt (Salting): Random data that is used as an additional input to a one-way function that "hashes" a password or passphrase. The primary function of salts is to defend against dictionary attacks or a pre-compiled rainbow table attack. Rainbow Tables: Pre-made list of plaintext and matching ciphertext, often passwords and matching hashes. A table can contain millions of pairs.

CISSP Security Engineering Certification Practical Exam Set 5

The NSA wanted to embed the clipper chip on all motherboards. Which encryption algorithm did the chip use?

Options are :

  • DSA.
  • 3DES.
  • RSA.
  • Skipjack. (Correct)

Answer : Skipjack.

Explanation The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in backdoor. It used SkipJack, a block cipher.

In which of these protocols, is IPSEC built into and NOT added on later?

Options are :

  • IPv4.
  • IPv6. (Correct)
  • PGP.
  • HMAC.

Answer : IPv6.

Explanation IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic; for IPv4, it is bolted on. For IPv6, it is designed into the protocol.

What could be a type of physical access control that we would use, to prevent cars and vans from entering our perimeter?

Options are :

  • Lights.
  • Cameras.
  • Bollards. (Correct)
  • Motion sensors.

Answer : Bollards.

Explanation Bollards (Preventative): Used to prevent cars or trucks from entering an area while allowing foot traffic to pass. Often, shops use planters or similar; it looks prettier, but achieves the same goal. Most are static heavy duty objects, but some cylindrical versions can also be electronically raised or lowered to allow authorized traffic past a "no traffic" point. Some are permanent fixtures and can be removed with a key or other unlock function.

CISSP - Security Engineering Mock Questions

In our physical access control, we use gates and fences to ensure what happens?

Options are :

  • Ensure entry and exit from our facility only happens through the gates. (Correct)
  • Allow easy entry and exit from our facility.
  • Allow employees to safely exit in an emergency.
  • Prevent employees from safely exiting in an emergency.

Answer : Ensure entry and exit from our facility only happens through the gates.

Explanation Fences (Deterrence, Preventative): Smaller fences such as 3ft. (1m) can be a deterrence, while taller ones, such as 8ft. (2.4m) can be a prevention mechanism. The purpose of the fences is to ensure that entrances/exits from the facility happen through only a few entry points (doors, gates, turnstiles). Gates (Deterrence, Preventative): Placed at control points at the perimeter. Used with the fences to ensure that access only happens through a few entry points.

We are building a new data center and the walls must be slab-to-slab. What does that mean?

Options are :

  • The wall is from the real floor to the subceiling.
  • The wall is from the top of the subfloor to the subceiling.
  • The wall is from the real floor to the real ceiling. (Correct)
  • The wall is made of slabs.

Answer : The wall is from the real floor to the real ceiling.

Explanation Walls should be "slab to slab" (from the REAL floor to the REAL ceiling); if subflooring or subceilings are used, then they should be contained within the slab to slab walls.

We have, for many years, used dogs as part of our physical security. However, we are considering implementing other physical security measures and ceasing using dogs. Which of these could be the reason we would consider NOT using dogs anymore?

Options are :

  • It is expensive.
  • They are not very good at deterring.
  • They can cause liability issues. (Correct)
  • They are always friendly.

Answer : They can cause liability issues.

Explanation Dogs (Deterrent, Detective, Compensating): Most often used in controlled, enclosed areas. Liability can be an issue. Dogs are trained to corner suspects and attack someone who’s fleeing. People often panic when they encounter a dog and run. Even if they're in a secure area, the organization may still be liable for injuries.

CISSP - Security Engineering Mock Questions

We are choosing a site to build a new data center and offices in. Which of these would NOT be a valid security concern?

Options are :

  • Crime in the area.
  • How good the utilities are.
  • Whether the area is prone to flooding.
  • How pretty the area is. (Correct)

Answer : How pretty the area is.

Explanation Site Selection: Greenfield: Not built on yet; undeveloped land. Topography: the physical shape of the landscape - hills, valleys, trees, streams. Most often used in military sites where they can leverage (sometimes by altering) the topology for higher security. Utilities: How reliable is the power, the internet in the area? Crime: How high are the crime rates in the area? How close are the police?

When, in telecommunications, we talk about the Demarc, what are we referring to?

Options are :

  • The ISP terminates their line and your network begins. (Correct)
  • You place all your routers and switches.
  • You ensure all of the other tenants have full access to your network equipment.
  • The servers are places to ensure faster speeds.

Answer : The ISP terminates their line and your network begins.

Explanation Demarc - Point of Demarcation (POD): Where the ISP (Internet Service Provider) terminates their phone/internet lines and your network begins; most buildings only have one.

Which type of access control model is based on a subject’s clearance?

Options are :

  • DAC.
  • MAC. (Correct)
  • RBAC.
  • RUBAC.

Answer : MAC.

Explanation MAC - (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels.

CISSP - Security Assessment and Testing Mock

BIBA's Invocation Property prohibits users from what?

Options are :

  • No write down.
  • No write up.
  • No read and write up. (Correct)
  • No read and write up and down.

Answer : No read and write up.

Explanation Invocation Property: “No Read or Write UP?. Subjects can never access or alter data on a higher level.

Which security principle is Clark-Wilson based on?

Options are :

  • Availability.
  • Confidentiality.
  • Integrity. (Correct)
  • Accountability.

Answer : Integrity.

Explanation Clark-Wilson - Integrity: Separates end users from the backend data through ‘Well-formed transactions’ and ‘Separation of Duties’. The model uses Subject/Program/Object. We have discussed the Subject/Object relationship before, but this puts a program between the two. We don't allow people access to our inventory when they buy from us. We give them a limited functionality interface they can access.

The Central Processing Unit (CPU) consists of which two elements?

Options are :

  • RAM and BIOS.
  • CU and RPG.
  • ALU and CU. (Correct)
  • South bridge and RAM.

Answer : ALU and CU.

Explanation CPU (Central Processing Unit) is the brains of the system. Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math. Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.

CISSP - Software Development Security Mock Questions

When we talk about WORM media, what are we referring to?

Options are :

  • RAM.
  • EEPROM.
  • Hard disks.
  • R DVD's. (Correct)

Answer : R DVD's.

Explanation WORM Media (Write Once Read Many): CD/DVDs can be WORM Media (R), if they are not R/W (Read/Write).

We are using cloud computing and have chosen to use IaaS. Who is responsible for the databases?

Options are :

  • The vendor.
  • The customer. (Correct)
  • The security team.
  • The network team.

Answer : The customer.

Explanation IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

When would a logic bomb go off?

Options are :

  • A certain event happens or at a certain time. (Correct)
  • As soon as it is introduced to the system.
  • When it has infected the entire network.
  • When the system gets internet access.

Answer : A certain event happens or at a certain time.

Explanation Logic Bombs - Malicious code that executes at a certain time or event - they are dormant until the event (IF/THEN). IF Bob is not getting an annual bonus over $10,000, THEN execute malicious code. IF date and time 5/15/18 00:02:12, THEN execute malicious code.

CISSP - Security Operations Mock Questions

You hear a colleague talk about polyinstantiation. What does that mean?

Options are :

  • Collecting data to analyze it.
  • Deducing facts from data rather than specific statements.
  • Two or more instances of the same data, depending on who accesses it. (Correct)
  • Looking at a normal baseline and learning of new factors on the network from higher traffic.

Answer : Two or more instances of the same data, depending on who accesses it.

Explanation Polyinstantiation (Alternative Facts) – Two (or more) instances of the same file depending on who accesses it. The real information may be available to subjects with Top Secret clearance, but different information will be available to staff with Secret or lower clearance.

When we talk about using cryptanalysis in our work, what are we doing?

Options are :

  • Creates messages with a hidden meaning.
  • A cryptographic algorithm.
  • The science of securing communications.
  • The science of breaking encrypted communications. (Correct)

Answer : The science of breaking encrypted communications.

Explanation Cryptanalysis is the science of breaking encrypted communication. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. It uses mathematical analysis of the cryptographic algorithm, as well as side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation and the devices that run them.

Which of these encryption methods is truly unbreakable if it is implemented right?

Options are :

  • Symmetric encryption.
  • One-time pads. (Correct)
  • Enigma.
  • A Vigenère cipher.

Answer : One-time pads.

Explanation One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure.

CISSP Security Engineering Certification Practice Exam Set 2

Which of these is NOT covered by the Wassenaar Arrangement?

Options are :

  • Munitions.
  • Encryption algorithms.
  • SQL Databases. (Correct)
  • Rockets.

Answer : SQL Databases.

Explanation Wassenaar Arrangement - 1996 – present. Limits exports on military and "dual-use? technologies. Cryptography is part of that. Some nations also use it to prevent their citizens from having strong encryption (easier to spy on your own people if they can't use strong cryptography).

We have 100 users all needing to communicate with each other. If we are using asymmetric encryption how many keys would we need?

Options are :

  • 200 (Correct)
  • 100
  • 4950
  • 2000

Answer : 200

Explanation Asymmetric encryption uses 2 keys per user, so we would need 200 keys.

Which is the MOST secure encryption type of these 4?

Options are :

  • DES.
  • Blowfish.
  • AES. (Correct)
  • RC4.

Answer : AES.

Explanation DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.

CISSP Security Engineering Certification Practical Exam Set 7

Jack is looking at different types of encryption. Which of these is a type of asymmetric encryption?

Options are :

  • RSA. (Correct)
  • 3DES.
  • RC6.
  • Twofish.

Answer : RSA.

Explanation RSA is asymmetric. 3DES, RC6 and Twofish are all symmetric forms of encryption.

What is your public key in asymmetric encryption?

Options are :

  • Secret.
  • Shared. (Correct)
  • Used by you to decrypt messages sent to you.
  • Used by someone else to decrypt messages from you.

Answer : Shared.

Explanation Asymmetric Encryption uses 2 keys: a Public Key and a Private Key (Key Pair). Your Public Key is publicly available. Used by others to encrypt messages sent to you. Since the key is asymmetric, the ciphertext can't be decrypted with your public Key. Your Private Key - You keep this safe. You use it to decrypt messages sent with your public key.

When a CPU can execute multiple processes concurrently, it is called what?

Options are :

  • Multithreading. (Correct)
  • Multiprocessing.
  • Multitasking.
  • Multiprogramming.

Answer : Multithreading.

Explanation Multithreading is the ability of a central processing unit (CPU) or a single core in a multi-core processor to execute multiple processes or threads concurrently, appropriately supported by the operating system.

CISSP - Software Development Security Mock Questions

When we are rearranging the plaintext what is it called?

Options are :

  • Confusion.
  • Diffusion.
  • Substitution
  • Permutation. (Correct)

Answer : Permutation.

Explanation Permutation (transposition) provides confusion by rearranging the characters of the plaintext.

A historical type of encryption that was based on a set of disks with random letters; the sender and receiver would agree on the disk order. What is it called?

Options are :

  • Caesar cipher.
  • Spartan Scytale.
  • Vigenère cipher.
  • Bazeries. (Correct)

Answer : Bazeries.

Explanation The Jefferson Disk (Bazeries Cylinder) - is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around the edge. Jefferson (US president) invented it, and Bazeries improved it. The order of the letters is different for each disk and is usually scrambled in some random way. Each disk is marked with a unique number. A hole in the center of the disks allows them to be stacked on an axle. The disks are removable and can be mounted on the axle in any order desired. The order of the disks is the cipher key, and both sender and receiver must arrange the disks in the same predefined order. Jefferson's device had 36 disks.

After the Second World War the US designed and built the SIGABA. How many rotors did it use?

Options are :

  • 3
  • 4
  • 10
  • 15 (Correct)

Answer : 15

Explanation SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.

CISSP - Software Development Security Mock Questions

When we are talking about the Twofish encryption algorithm, which of these is TRUE?

Options are :

  • It is a 64-bit block cipher, with 56-bit keys.
  • It is a 64-bit block cipher with a 112-bit key.
  • It is a 64-bit block cipher with a 128-bit key.
  • It is a 128-bit block cipher with 128, 192 or 256-bit keys. (Correct)

Answer : It is a 128-bit block cipher with 128, 192 or 256-bit keys.

Explanation Twofish. Uses Feistel. Symmetric, block cipher 128-bit blocks, key length 128, 192, 256-bits. Considered secure.

When we experience a power surge, what is happening?

Options are :

  • We have a long loss of power.
  • We have a short loss of power.
  • We have a long low voltage period.
  • We have a long high voltage period. (Correct)

Answer : We have a long high voltage period.

Explanation Power Fluctuation Terms: Surge - Long high voltage.

Jane is talking to a colleague about a regular computer bus. What is that connected to?

Options are :

  • CPU.
  • RAM.
  • Mouse/Keyboard.
  • All of these. (Correct)

Answer : All of these.

Explanation Regular Computer Bus – The primary communications channel on a computer. Communicates between internal hardware and I/O devices (Input/Output), keyboards, mice, monitors, webcams, etc.

CISSP - Software Development Security Mock Questions

A monolithic kernel runs in which mode?

Options are :

  • User mode.
  • Supervisor mode. (Correct)
  • Reference monitor.
  • Superuser mode.

Answer : Supervisor mode.

Explanation The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. A monolithic kernel is one static executable and the kernel runs in supervisor mode. All functionality required by a monolithic kernel must be precompiled in.

When we are replacing one character with another, what is that called?

Options are :

  • Confusion.
  • Diffusion.
  • Substitution. (Correct)
  • Permutation.

Answer : Substitution.

Explanation Substitution replaces one character for another, this provides diffusion.

When we are looking at an IPSec implementation, all of these could be part of it, EXCEPT which?

Options are :

  • AH.
  • ESP.
  • SA.
  • DR. (Correct)

Answer : DR.

Explanation IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

CISSP - Security Operations Mock Questions

Which type of ASTM standard gate could you have at your house?

Options are :

  • Class I. (Correct)
  • Class III.
  • Class IV.
  • Class XI.

Answer : Class I.

Explanation Gate ASTM Standards: Class I Residential (your house).

We are implementing passive monitoring in our data center. We have chosen to use infrared motion detectors. What do they use to detect movement?

Options are :

  • Heat. (Correct)
  • Pulses.
  • Light.
  • Sound.

Answer : Heat.

Explanation Infrared sensors detect changes in heat signatures.

When we are installing motion sensors, we are implementing which type of control?

Options are :

  • Administrative and detective.
  • Detective and deterrence. (Correct)
  • Deterrence and preventative.
  • Preventative and detective.

Answer : Detective and deterrence.

Explanation Motion Detectors (Detective, Deterrence): Used to alert staff by triggering an alarm (silent or not). Someone is here, did an authorized person pass the checkpoint? IF yes, then log the event and do nothing else - IF no, then alert/alarm. Basic ones are light-based - They require light, making them not very reliable.

CISSP Security Engineering Certification Practical Exam Set 7

What can we use digital signatures to provide?

Options are :

  • Confidentiality.
  • Availability.
  • Non-repudiation. (Correct)
  • Authentication.

Answer : Non-repudiation.

Explanation Digital Signatures: Provides Integrity and Non-Repudiation.

A senior VP stops you in the cafeteria because you are one of those IT people. She asks you questions about Public Key Infrastructure (PKI). After you explain it at a high level, they ask for more detail. You could tell them PKI uses which of these?

Options are :

  • Asymmetric encryption.
  • Symmetric encryption.
  • Hashes.
  • All of these. (Correct)

Answer : All of these.

Explanation PKI (Public Key Infrastructure): Uses Asymmetric and Symmetric Encryption as well as Hashing to provide and manage digital certificates. To ensure PKI works well, we keep the private key secret.

When we are implementing IPSec, we would make use of all these, EXCEPT which?

Options are :

  • AH.
  • ESP.
  • SA.
  • AV. (Correct)

Answer : AV.

Explanation IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

CISSP - Mock Questions with all domains

Which type of ASTM standard gate would we have on a loading dock for 18-wheeler trucks?

Options are :

  • Class I.
  • Class III. (Correct)
  • Class IV.
  • Class XI.

Answer : Class III.

Explanation Class III Industrial/Limited Access (loading dock for 18-wheeler trucks).

As part of our security posture we have deployed turnstiles at our exit point from a facility. Which of these is a TRUE statement about turnstiles?

Options are :

  • Fail open. (Correct)
  • Fail shut.
  • Prevent exit in an emergency.
  • Prevent exit always.

Answer : Fail open.

Explanation Turnstiles should be designed to allow safe evacuation in case of an emergency. (Remember that people are more important to protect than stuff.)

In our data centers, we have microwave motion detectors installed. What do they use to detect movement?

Options are :

  • Heat.
  • Pulses. (Correct)
  • Light.
  • Sound.

Answer : Pulses.

Explanation Microwave sensors sends out microwave pulses and measures the reflection off a moving object. They cover a larger area than infrared sensors, but they are vulnerable to electrical interference and are more expensive.

CISSP - Security Operations Mock Questions

As part of our kickoff meeting for our IPSec implementation, Jane is asked a lot of questions by a senior manager. Which of these is something we could implement as part of our IPSec implementation? (Select all that apply).

Options are :

  • AH (Authentication Header). (Correct)
  • ESP (Encapsulation Security Payload). (Correct)
  • SA (Security Association). (Correct)
  • IKE (Internet Key Exchange). (Correct)
  • CRL (Certification Revocation List).
  • OFB (Output Feedback).

Answer : AH (Authentication Header). ESP (Encapsulation Security Payload). SA (Security Association). IKE (Internet Key Exchange).

Explanation IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It can use AH (Authentication Header) to provide Authentication and Integrity for each packet, ESP (Encapsulation Security Payload): Provides confidentiality, and it can provide Authentication and Integrity. SA (Security Association):Simplex one-way communication (Like a walkie talkie).IKE (Internet Key Exchange): IPSEC can use different types of encryption and hashes. For example, it can use MD5 or SHA-1/2 for integrity, and 3DES or AES for confidentiality. IKE negotiates the algorithm selection process. The 2 sides of an IPSEC tunnel will normally use IKE to negotiate to the highest and fastest level of security, selecting AES over single DES for confidentiality if both sides support AES, for example.

Using the Graham Denning model, which of these is NOT something subjects can execute on objects?

Options are :

  • Transfer access
  • Delete access.
  • Create subject.
  • Create access. (Correct)

Answer : Create access.

Explanation Graham-Denning Model – uses Objects, Subjects, and Rules. It does not use create access, it has 8 rules that a specific subject can execute on an object are: Transfer Access. Grant Access. Delete Access. Read Object. Create Object. Destroy Object. Create Subject. Destroy Subject.

When we have our private and public keys in key escrow, what does that mean?

Options are :

  • The server we keep our public and private keys on.
  • Someone keeping a copy of our keys, often law enforcement. (Correct)
  • The private key I have on my system.
  • The public key available to everyone.

Answer : Someone keeping a copy of our keys, often law enforcement.

Explanation Key Escrow: Keys are kept by a 3rd party organization (often law enforcement).

CISSP Security Engineering Certification Practice Exam Set 7

If we are using the Bell-LaPadula *security property," what CAN'T we do?

Options are :

  • Read down.
  • Read up.
  • Write down. (Correct)
  • Write up.

Answer : Write down.

Explanation Bell-LaPadula: (Confidentiality) (Mandatory Access Control): * Security Property: “No Write DOWN?. Subjects with Top Secret clearance can’t write Top Secret information to Secret folders.

Lattice based access control uses which access control principle?

Options are :

  • DAC.
  • RBAC.
  • RUBAC.
  • MAC (Correct)

Answer : MAC

Explanation Lattice Based Access Control (LBAC) is a form of mandatory access control. A subject can have multiple access rights. A Subject with “Top Secret? {crypto, chemical} would be able to access everything in this lattice. A Subject with “Secret? {crypto} would only have access to that level.

On which layer of the ring model would we find the applications?

Options are :

  • -1
  • 0
  • 2
  • 3 (Correct)

Answer : 3

Explanation The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

CISSP - Security Engineering Mock Questions

In computer architecture, what would the north bridge be connected to?

Options are :

  • CPU. (Correct)
  • Wireless.
  • Mouse/Keyboard.
  • All of these.

Answer : CPU.

Explanation The north bridge is connected to the CPU, the RAM and the video memory (and the south bridge).

Which part of the CPU controls fetching from memory and execution of instructions?

Options are :

  • RAM.
  • ROM.
  • ALU.
  • CU (Correct)

Answer : CU

Explanation Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.

Most newer systems would have multiple Central Processing Units (CPUs). What is it called when multiple tasks share one CPU?

Options are :

  • Multithreading.
  • Multiprocessing.
  • Multitasking. (Correct)
  • Multiprogramming.

Answer : Multitasking.

Explanation Multitasking - Tasks sharing a common resource (1 CPU).

CISSP Security Engineering Certification Practice Exam Set 2

Depending on our implementation, we may choose to use asymmetric or symmetric encryption. Which of these are types of symmetric encryption? (Select all that apply).

Options are :

  • Diffie–Hellman (DH)
  • Twofish. (Correct)
  • Advanced Encryption Standard (AES). (Correct)
  • Data Encryption Standard (DES). (Correct)
  • Elliptic Curve Cryptography (ECC).

Answer : Twofish. Advanced Encryption Standard (AES). Data Encryption Standard (DES).

Explanation Twofish, AES and DES are types of symmetric encryption. DH and ECC are asymmetric types of encryption.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions