CISSP - Security Operations Mock Questions

When our Intrusion Prevention Systems (IPS) allows permitted traffic pass, that is an example of what?

Options are :

  • True positive.
  • True negative. (Correct)
  • False positive.
  • False negative.

Answer : True negative.

Explanation True Negative: Normal traffic on the network and the system detects it and does nothing

CISSP - Software Development Security Mock Questions

To help with managing the applications we allow on our servers and workstations, we are creating an application whitelist. What are we doing?

Options are :

  • Make a list of allowed applications. (Correct)
  • Making a list of prohibited applications.
  • Making a list of all applications.
  • Making a list of all of our own developed applications.

Answer : Make a list of allowed applications.

Explanation Application whitelisting: We can whitelist the applications we want to allow to run on our environments, but it can also be compromised. We would whitelist against a trusted digital certificate, a known hash or path and name, the latter is the least secure, an attacker can replace the file at the path with a malicious copy.

Which of these would NOT be part of the server hardening process, we do before we promote a new server into our production environment?

Options are :

  • Apply all patches.
  • Disable unused ports.
  • Disable non-required services.
  • Leave the default ports open. (Correct)

Answer : Leave the default ports open.

Explanation Leaving ports open is the opposite of server hardening. When we receive or build new systems they often are completely open, before we introduce them to our environment we harden them. We develop a long list of ports to close, services to disable, accounts to delete, missing patches and many other things.

We are going over our backup policies and implementations. Which type of backup backs everything up and clears the archive bit?

Options are :

  • Full. (Correct)
  • Copy.
  • Incremental.
  • Differential.

Answer : Full.

Explanation Full backup: This backs everything up, the entire database (most often), or the system. A full backup clears the all archive bits. Dependent on the size of the data we may do infrequent full backups, with large datasets it can take many hours for a full backup.

CISSP Security Engineering Certification Practice Exam Set 6

In our Redundant Array of Independent Disks (RAID) configuration, we are using disk striping. How many disks would be need AT LEAST for that?

Options are :

  • 1
  • 2 (Correct)
  • 3
  • 4

Answer : 2

Explanation Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

In which of the sub-plans of our Business Continuity Plan (BCP) would we look at for dealing with evacuating staff in an emergency?

Options are :

  • COOP.
  • CCP.
  • OEP. (Correct)
  • CIRP.

Answer : OEP.

Explanation OEP (Occupant Emergency Plan): How do we protect our facilities, our staff and the environment in a disaster event. This could be fires, hurricanes, floods, criminal attacks, terrorism, etc. Focuses on safety and evacuation, details how we evacuate, how often we do the drills and the training staff should get.

When Jane is designing the specifications in our Disaster Recovery Plan (DRP), she is including technology and countermeasures for hurricanes. Which type of disasters is the focused on?

Options are :

  • Natural. (Correct)
  • Man made.
  • Environmental.
  • All of these.

Answer : Natural.

Explanation Natural: Hurricanes, floods, earthquakes, blizzards, anything that is caused by nature.

CISSP - Security Assessment and Testing Mock

In our Disaster Recovery Plan (DRP) we have distinct phases. In which of the phases do we DECREASE the likelihood on a disaster?

Options are :

  • Mitigation. (Correct)
  • Preparation.
  • Response.
  • Recovery.

Answer : Mitigation.

Explanation Mitigation: Reduce the impact, and likeliness of a disaster.

Our organization has used RAID (Redundant Array of Independent/Inexpensive Disks) for over 15 years. Which of these are associated with RAID? (Select all that apply).

Options are :

  • Disk mirroring. (Correct)
  • Disk shadowing.
  • Disk striping. (Correct)
  • Disk parity. (Correct)
  • Disk exclusion.

Answer : Disk mirroring. Disk striping. Disk parity.

Explanation RAID (Redundant Array of Independent/Inexpensive Disks), comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

In our Business Continuity Plan (BCP) plan, which team is the team responsible for the failback?

Options are :

  • Rescue.
  • Recovery.
  • Salvage. (Correct)
  • All of these.

Answer : Salvage.

Explanation Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

CISSP - Security Assessment and Testing Mock

Which of these would indicate the average time between hardware failures?

Options are :

  • MTBF. (Correct)
  • MTTR.
  • MOR.
  • MTD.

Answer : MTBF.

Explanation MTBF (Mean Time Between Failures): How long a new or repaired system or component will function on average before failing, this can help us plan for spares and give us an idea of how often we can expect hardware to fail.

In our disaster planning, we are looking at another site. We would want there to be no real downtime if our main facility went down. What are we considering?

Options are :

  • Redundant site. (Correct)
  • Hot site.
  • Warm site.
  • Cold site.

Answer : Redundant site.

Explanation Redundant site: Complete identical site to our production, receives a real time copy of our data. Power, HVAC, Raised floors, generators, … If our main site is down the redundant site will r automatically have all traffic fail over to the redundant site. The redundant site should be geographically distant, and have staff at it. By far the most expensive recovery option, end users will never notice the failover.

We have an agreement with another organization in our line of business. We have a rack of our hardware in their data center and they have a rack in our data center. The racks are completely segmented off from the rest of the network. What are these agreements called?

Options are :

  • Reciprocal. (Correct)
  • Redundant.
  • Mobile site.
  • Subscription site.

Answer : Reciprocal.

Explanation Reciprocal Agreement site: Your organization has a contract with another organization that they will give you space in their data center in a disaster event and vise versa. This can be promised space or some racks with hardware completely segmented off the network there.

CISSP - Security Operations Mock Questions

We do weekly full backups Sunday at midnight and daily incrementals at midnight. How many backup tapes would we use to restore all the data, if the system fails Wednesday afternoon?

Options are :

  • 2
  • 3 (Correct)
  • 1
  • 4

Answer : 3

Explanation We would need the Sunday full tape, the incremental tapes from Monday and Tuesday night so 3 tapes total.

In our backup strategy, why would we choose to use a differential backup over an incremental?

Options are :

  • Faster restores. (Correct)
  • Faster backup time.
  • To exclude certain directories from the backup.
  • To include all directories in the backup.

Answer : Faster restores.

Explanation Differential backup: Backs up everything since the last Full backup. Does not clear the archive bit. Faster to restore since we just need 2 tapes for a full restore, the full and the differential. Backups take longer than the incrementals, we are backing everything since the last full.

We are performing digital forensics on one of our hard drives after an attack. Which of these could be part of what use?

Options are :

  • Symmetric encryption.
  • Asymmetric encryption.
  • Hashing. (Correct)
  • PKI.

Answer : Hashing.

Explanation Digital forensics: The evidence we collect must be accurate, complete, authentic, convincing, admissible. Everything is documented. Chain of custody: who had it when? What was done? When did they do it? Pull the original, put it in write protected machine, we make a hash. We only do examinations and analysis on bit level copies. We confirm they have the same hash as the original before and after examination.

CISSP Communication and Network Security Practice Exam Set 4

After an attack, we are performing digital forensics on one of the compromised hard drives. Which of these could be part of what use?

Options are :

  • RAID.
  • A write blocker. (Correct)
  • Access lists.
  • BCP.

Answer : A write blocker.

Explanation Digital forensics: The evidence we collect must be accurate, complete, authentic, convincing, admissible. To ensure the disk is not written to and inadmissible, we can use a write blocker. For instance, a Tableau write blocker. Everything is documented. Chain of custody: who had it when? What was done? When did they do it? Pull the original, put it in write protected machine, we make a hash. We only do examinations and analysis on bit level copies. We confirm they have the same hash as the original before and after examination.

When we are doing our digital forensics, in which order would we perform the steps?

Options are :

  • Analyze, identify, acquire, report.
  • Identify, acquire, analyze, report. (Correct)
  • Report, identify, analyze, report.
  • Identify, analyze, acquire, report.

Answer : Identify, acquire, analyze, report.

Explanation The digital (computer) forensics process: Identify the potential evidence, acquire the evidence, analyze the evidence, make a report. We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs.

During and after an attack on one of our server, what would be one of the reason we would we NOT want to shut a compromised system down?

Options are :

  • There could still be data on the hard disks, it will be lost if we shut the server down.
  • There could still be data in the non-volatile memory, it will be lost if we shut the server down.
  • There could still be data in the volatile memory, it will be lost if we shut the server down. (Correct)
  • There could still be permitted users on the system.

Answer : There could still be data in the volatile memory, it will be lost if we shut the server down.

Explanation The digital (computer) forensics process: We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs. This can be through malware that is only in volatile memory, if power is shut off (to preserve the crime scene), the malware is gone and the evidence is lost.

CISSP - Security Operations Mock Questions

We are designing our patch management policies. Which parts of our environment should be patched regularly?

Options are :

  • Our servers.
  • Our SANs.
  • Our network equipment.
  • All of these. (Correct)

Answer : All of these.

Explanation We should patch all our hardware on a regular schedule, if we do not we can have many vulnerabilities on our network. We want defense in depth.

What would be a good security practice we should implement for Bring Your Own Device (BYOD) and Internet of Things (IoT) devices?

Options are :

  • Segment them on their own VLAN. (Correct)
  • Allow them on the normal network so we can monitor them.
  • Allow employees to keep PHI on their own devices.
  • Let them use the same wireless as medical equipment is on.

Answer : Segment them on their own VLAN.

Explanation BYOD and IOT almost never have as good security posture as the organization hardware. We want to segment it on its own limited VLAN to ensure any compromised hardware can do as little damage as possible.

When we are building a new server, if we want fault tolerance, which of these would we NOT use?

Options are :

  • RAID 0. (Correct)
  • RAID 1.
  • RAID5.
  • All of these.

Answer : RAID 0.

Explanation RAID0 has not fault tolerance, it just writes the data onto two disks for faster speed. If a disk dies we have no redundancy.

CISSP - Software Development Security Mock Questions

Which of these would be something that staff could sign to acknowledge that they understand and agree with their responsibilities during a disaster?

Options are :

  • MOA (Correct)
  • MTT.
  • MRA.
  • MIT.

Answer : MOA

Explanation MOU/MOA (Memorandum of Understanding/Agreement): Staff signs a legal document acknowledging they are responsible for a certain activity. If the test asks, "A critical staff member didn't show, and they were supposed to be there. What could have fixed that problem?" it would be the MOU/MOA. While slightly different, they are used interchangeably on the test.

We have a self-contained data center, which can be relocated. What would that be called?

Options are :

  • Reciprocal.
  • Redundant.
  • Mobile site. (Correct)
  • Subscription site.

Answer : Mobile site.

Explanation Mobile site: Basically a data center on wheels, often a container or trailer that can be moved wherever by a truck. Has HVAC, fire suppression, physical security, (generator), etc.; everything you need in a full data center. Some are independent with generator and satellite internet, others needs power and internet hookups.

We do weekly full backups Sunday at midnight and daily differential at midnight. How many backup tapes would we use to restore the data if the system fails Wednesday afternoon?

Options are :

  • 2 (Correct)
  • 3
  • 1
  • 4

Answer : 2

Explanation We would need the Sunday full tape, the differential tape from Tuesday night so 2 tapes total. Differential backs up everything since the last full backup.

CISSP Communication and Network Security Practice Exam Set 6

We are using a weekly full backup on Sundays and daily differential backups Monday - Saturday. The full backups have 4 weeks retention and the differential backups have 7 days retention. How many tapes would we use on a rolling basis after 1 month?

Options are :

  • 7
  • 10 (Correct)
  • 30
  • 21

Answer : 10

Explanation We would have 4 full backup tapes at all times and 6 differential tapes, totaling at 10 tapes at all times.

What could be a reason we would chose incremental backups over differential backups?

Options are :

  • Faster restores.
  • Faster backup time. (Correct)
  • To exclude certain directories from the backup.
  • To include all directories in the backup.

Answer : Faster backup time.

Explanation Incremental backups: Backs up everything that has changed since the last backup. Clears the archive bits. Incrementals are often fast to do, they only backup what has changed since the last incremental or full. Since they clear the archive bit each backup is faster than differential.

To have true power redundancy, we would want which of these configurations?

Options are :

  • Redundant PSUs on different UPSs. (Correct)
  • Redundant PSUs on the same UPS.
  • Single PSUs.
  • Redundant PSUs, but only one cabled at a time, we would swap the cable over if the master fails.

Answer : Redundant PSUs on different UPSs.

Explanation For real power redundancy we would want redundant power supplies connected to different (redundant) uninterruptible power supplies, if we use power distribution units we want the same redundancy, no single point of failure.

CISSP Security and Risk Management Certified Practice Exam Set 3

Jane is designing a server cluster with an active/passive relationship. What would she use on the passive server to monitor if the active server is up?

Options are :

  • Sleep-alive.
  • Heartbeat. (Correct)
  • Keep-sleep.
  • A reference checker.

Answer : Heartbeat.

Explanation Clustering can be active/active; this is load balancing; with two servers, both servers would actively process traffic. Active/passive: there is a designated primary active server and a secondary passive server; they are connected, and the passive sends a keep-alive or heartbeat every 1-3 seconds, "are you alive, are you alive..."

The temperature is slowly rising in the area where our main data center is located. We are having a hard time keeping up with the load on our HVAC systems. Which of these would NOT be a solution we should consider?

Options are :

  • Raising the data center temperature, but still keep it within the recommended levels.
  • Adding another HVAC unit.
  • Opening the doors to the data center at night to lower the temperature and let the HVAC systems catch up. (Correct)
  • Optimize the airflow in the data center.

Answer : Opening the doors to the data center at night to lower the temperature and let the HVAC systems catch up.

Explanation Opening the doors to our data center is asking for trouble, never a good idea. The optimal solution would be adding another HVAC, raising the temperature and optimizing airflow are also good solutions, but often only a temporary fix.

We are not able to fully run our organization because of a personnel shortage. Which type of a disaster is that related to?

Options are :

  • Human.
  • Environmental.
  • Nature
  • It can be all of these. (Correct)

Answer : It can be all of these.

Explanation Personnel shortage can be caused by natural events (flooding, hurricane etc.), environmental (power outages or road collapses) or human (strikes).

CISSP Security and Risk Management Certified Practice Exam Set 2

These are all known ways around our Intrusion Prevention/Detection Systems (IPS/IDS), EXCEPT which?

Options are :

  • Not using default ports.
  • Fragmentation of packets.
  • Pattern change.
  • Using known signatures. (Correct)

Answer : Using known signatures.

Explanation Using known signatures would get an attack noticed.

During or after a security incident, in which order would we work on the forensic evidence?

Options are :

  • Least volatile to most volatile.
  • Most volatile to least volatile. (Correct)
  • First compromised system to last compromised system.
  • Last compromised system to first compromised system.

Answer : Most volatile to least volatile.

Explanation Digital forensics collection: We examine and analyze the data, and again document everything. We handle the evidence as little as possible. Work from most volatile to least volatile, starting with the RAM and ending with the hard disks.

When we work with digital forensics, how should we handle the evidence?

Options are :

  • As much as possible.
  • As little as possible. (Correct)
  • Using the chain of custody when we have enough time.
  • To ensure it is not relevant to the case.

Answer : As little as possible.

Explanation Digital forensics collection: We examine and analyze the data, again document everything. We handle the evidence as little as possible.

CISSP Security and Risk Management Certified Practice Exam Set 3

In our incident management, what are the 3 LAST phases in order?

Options are :

  • Remediation, recovery, lessons learned.
  • Recovery, remediation, lessons learned. (Correct)
  • Reporting, recovery, lessons learned.
  • Reporting, remediation, lessons learned.

Answer : Recovery, remediation, lessons learned.

Explanation The last 3 are recovery, remediation, lessons learned. The current exam lists a 7-step lifecycle, but does not include the first step in most incident handling methodologies preparation. Preparation > Detection (Identification) > Response (Containment) > Mitigation (Eradication) > Reporting > Recovery > Remediation > Lessons Learned (Post-incident Activity, Post Mortem, or Reporting).

What would we have our staff sign to acknowledge they understand and agree with their assigned responsibilities during a disaster?

Options are :

  • MOU. (Correct)
  • MTT.
  • MRA.
  • MIT.

Answer : MOU.

Explanation MOU/MOA (Memorandum of Understanding/Agreement): Staff signs a legal document acknowledging they are responsible for a certain activity. If the test asks "A critical staff member didn't show, and they were supposed to be there. What could have fixed that problem?" it would be the MOU/MOA. While slightly different they are used interchangeably on the test.

In designing our backup strategy, you are asked if there any types of backups you can't use together. Which of these would be the right answer?

Options are :

  • Full and incremental.
  • Incremental and copy.
  • Differential and copy
  • Differential and incremental. (Correct)

Answer : Differential and incremental.

Explanation Never use both incremental and differential on the same data, it is fine on the same backup solution, different data has different needs.

CISSP Security Engineering Certification Practical Exam Set 1

When we are using Redundant Array of Independent Disks (RAID) 5 on one of our servers, Jane is adding which type of a disk pool?

Options are :

  • Mirroring.
  • Striping.
  • Striping with parity. (Correct)
  • Mirroring with parity.

Answer : Striping with parity.

Explanation RAID 5: Block level striping with distributed parity, requires at least 3 disks. Combined speed with redundancy.

When should we update our Business Continuity Plan (BCP) and its sub plans outside of our annual cycle?

Options are :

  • Every 12 months is fine, no need to update ever outside of that.
  • When we add a new server.
  • When we patch our Windows servers.
  • We changed major components of our systems (new backup solution, new IP scheme). (Correct)

Answer : We changed major components of our systems (new backup solution, new IP scheme).

Explanation The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. If our organization has had a major change we also update the plans. This could be: We acquired another company or we split off into several companies. We changed major components of our systems (new backup solution, new IP scheme, …). We had a disaster and we had a lot of gaps in our plans. A significant part of senior leadership has changed.

In which of these processes would we build a business case, research vendors, and have stakeholders?

Options are :

  • Project Management. (Correct)
  • Change management.
  • Patch management.
  • Staff management.

Answer : Project Management.

Explanation Project management we would look at the business case, RIO, research vendors and we have stakeholders.

CISSP Security Engineering Certification Practice Exam Set 1

When we are hardening our new systems, we are using which of these?

Options are :

  • Implementation management. (Correct)
  • Change management.
  • Patch management.
  • Project management.

Answer : Implementation management.

Explanation Configuration Management: Often it is easier to have OS images that are completely hardened, and use the image for the new system. We then update the image when new vulnerabilities are found or patches need to be applied. Often though, we use a standard image and just apply the missing patches. We do this for any device on our network, servers, workstations, phones, routers, switches, etc. Pre-introduction into our production environment, we run vulnerability scans against the system to ensure we didn't miss anything (rarely done on workstations; should be done on servers/network equipment). Having a standard hardening baseline for each OS ensures all servers are similarly hardened, and there should be no weak links. We also have the standardized hardening, making troubleshooting much easier.

Jane has been working on our server redundancy and she is adding parity to the RAID configurations. Why does she do that?

Options are :

  • Faster write speed.
  • To be able to rebuild data from a lost disk. (Correct)
  • To help with read speed.
  • To prevent attackers from accessing the real data.

Answer : To be able to rebuild data from a lost disk.

Explanation We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Which legs of the CIA triad can power fluctuations compromise?

Options are :

  • Confidentiality and availability.
  • Availability and Integrity. (Correct)
  • Integrity and confidentiality.
  • Integrity and authentication.

Answer : Availability and Integrity.

Explanation Power fluctuations can damage hardware, which can interrupt our availability and integrity, faulty power can corrupt data.

CISSP - Security Engineering Mock Questions

If we plan to use what we find in our digital forensics in a court of law, what should the evidence NOT be?

Options are :

  • Accurate.
  • Authentic.
  • Admissible.
  • Partial. (Correct)

Answer : Partial.

Explanation The evidence we collect must be accurate, complete, authentic, convincing, admissible.

Which of these could allow a US government agency to access your personal files and would circumvent the 4th amendment?

Options are :

  • Exigent circumstances. (Correct)
  • Your emails.
  • Your internet history.
  • Anything done online.

Answer : Exigent circumstances.

Explanation Anything subpoenaed, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment. If it was legal will be decided in a court of law later. We need ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

In our network forensics, which of these is a COMMON form used?

Options are :

  • Stop, look and listen. (Correct)
  • Catch-and-release.
  • Stop, act and prevent.
  • Stop and release.

Answer : Stop, look and listen.

Explanation Network forensics: Systems used to collect network data for forensics use usually come in two forms: Catch-it-as-you-can: All packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage. Stop, look and listen: Each packet is analyzed in a basic way in memory and only certain information is saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.

CISSP - Security and Risk Management Pratice Questions

Bob is working on categorizing incidents for our incident management plan. In which category would failed hard disks be?

Options are :

  • Natural.
  • Environmental. (Correct)
  • Human.
  • All of these.

Answer : Environmental.

Explanation Environmental: This is not nature, but the environments we work in, the power grid, the internet connections, hardware failures, software flaws, etc.

In which phase of incident management do we analyze events?

Options are :

  • Preparation.
  • Detection. (Correct)
  • Response.
  • Recovery.

Answer : Detection.

Explanation Detection: Events are analyzed to determine if they might be a security incident. If we do not have strong detective capabilities in and around our systems, we will most likely not realize we have a problem until long after it has happened. The earlier we detect the events, the earlier we can respond, IDS' can help us detect, where IPS' can help us detect and prevent further compromise.

Which type of intrusion system would only alerts us if they discover malicious traffic?

Options are :

  • IPS.
  • IDS. (Correct)
  • Heuristic.
  • Pattern.

Answer : IDS.

Explanation IDS (Intrusion Detection System): They are passive, they monitors, but they take no action other than sending out alerts. Events trigger alerts: Emails/text message to administrators or an alert on a monitoring tool, but if not monitored right this can take hours before noticed.

CISSP Security Engineering Certification Practice Exam Set 2

We have a system that only send us an alert when it discovers malicious data, and it happens after the data is decrypted. What type of system would that be?

Options are :

  • HIDS. (Correct)
  • NIPS.
  • NIDS.
  • HIPS.

Answer : HIDS.

Explanation Only alert (intrusion detection) and after encryption (host), so we would be using a HIDS.

When an attacker is avoiding defaults signatures and setting to avoid detection of our Intrusion Prevention Systems (IPS), what is the attacker doing?

Options are :

  • Breaking the data into segments.
  • Sending traffic on a well-known TCP port, where we would not expect the malicious traffic. (Correct)
  • Have many different agents use different IPs and ports.
  • Change the attack signature.

Answer : Sending traffic on a well-known TCP port, where we would not expect the malicious traffic.

Explanation Avoiding defaults: The TCP port utilized by a protocol does not always provide an indication to the protocol which is being transported. Attackers can send malware over an unexpected port.

Our Intrusion Prevention Systems (IPS) has blocked malicious traffic. What is this an example of?

Options are :

  • True positive. (Correct)
  • True negative.
  • False positive.
  • False negative.

Answer : True positive.

Explanation True Positive: An attack is happening and the system detects it and acts.

CISSP - Software Development Security Mock Questions

We are restoring services and applications back from our DR site to our original site after a security incident. Which applications would we move back FIRST?

Options are :

  • Least critical. (Correct)
  • Most critical.
  • The most resource intensive.
  • The least resource intensive.

Answer : Least critical.

Explanation The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

Why do we NOT use full backups for all backups?

Options are :

  • The restore time can be too long.
  • The backup time can be too long. (Correct)
  • Full doesn't clear the archive bit.
  • It would make restores use more tapes.

Answer : The backup time can be too long.

Explanation Full backup: This backs everything up, the entire database (most often), or the system. A full backup clears the all archive bits. Dependent on the size of the data we may do infrequent full backups, with large datasets it can take many hours for a full backup.

After a disaster, which team would be working on returning us to our primary facility, or getting a new site up?

Options are :

  • Rescue team.
  • Recovery team.
  • Salvage team. (Correct)
  • Planning team.

Answer : Salvage team.

Explanation Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

CISSP - Mock Questions with all domains

If we are looking at our backups, what order would they be in if they were rated by which takes the longest to the shortest amount of time?

Options are :

  • Full > Differential > Incremental. (Correct)
  • Full > Differential > Copy.
  • Full > Incremental > Differential.
  • Differential> Full > Incremental.

Answer : Full > Differential > Incremental.

Explanation Full backups take the longest (same time as copy), differential take second most time and incremental the least amount of time.

Bob is applying patches to one of our systems, before he does that he wants a backup he can revert to if things go wrong. Which type of backup should he use?

Options are :

  • Full backup.
  • Incremental backup.
  • Differential backup.
  • Copy backup. (Correct)

Answer : Copy backup.

Explanation Copy backup: This is a full backup with one important difference, it does not clear the archive bit. Often used before we do system updates, patches and similar upgrades. We do not want to mess up the backup cycle, but we want to be able to revert to a previous good copy if something goes wrong.

As part of our Business Continuity Plan (BCP) and its sub plans we want to ensure we are redundant. Which of these is something we want to be redundant on?

Options are :

  • Power.
  • Internet connections.
  • People.
  • All of these. (Correct)

Answer : All of these.

Explanation We want layers of redundancy, just like we have defense in depth. We want power, internet, path, hardware, system, backup, people, etc. redundancy.

CISSP Security Engineering Certification Practical Exam Set 3

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now