CISSP - Mock Questions with all domains

Which type of a phishing attack is it when an attacker use phone calls to try to get access to our sensitive data?

Options are :

  • Spear phishing.
  • Whale phishing.
  • Phishing.
  • Vishing. (Correct)

Answer : Vishing.

Explanation Vishing (Voice Phishing): Attacks over automated VOIP (Voice over IP) systems, bulk spam similar to Phishing. These are: “Your taxes are due�, “Your account is locked� or “Enter your PII to prevent this� types of calls.

By implementing a layered defense strategy across our organization, what do we improve?

Options are :

  • Availability.
  • Integrity.
  • Confidentiality.
  • All of these. (Correct)

Answer : All of these.

Explanation Defense in Depth – Also called Layered Defense or Onion Defense. We implement multiple overlapping security controls to protect an asset. By implementing Defense in Depth you improve your organizations Confidentiality, Integrity and Availability.

When you sign the (ISC)² code of ethics prior to taking the exam, what do you NOT promise to protect?

Options are :

  • Society.
  • Your organization. (Correct)
  • Infrastructure.
  • The common good.

Answer : Your organization.

Explanation While your organization is important, it is not part of the ISC2 code of ethics. The common good, infrastructure and society is.

Who will ULTIMATELY determine if the evidence we present was obtained legally?

Options are :

  • The police.
  • The lawyers.
  • Senior management.
  • The courts. (Correct)

Answer : The courts.

Explanation The court will determine if evidence was obtained legally. If not, it is inadmissible in court.

When we are talking about the governance part of our organization, who are we referring to?

Options are :

  • Middle management.
  • The users.
  • Senior management. (Correct)
  • The IT leadership team.

Answer : Senior management.

Explanation The senior leadership in our organization sets the company direction and clarifies when there are questions. They are the governing body, although they can at times be doing so under the directions of the board.

Who is the person leading our organization?

Options are :

  • CFO.
  • CTO.
  • CEO. (Correct)
  • CIO.

Answer : CEO.

Explanation The CEO (Chief Executive Officer) is the head of the senior executives.

If we are wanting to implement governance standard and control frameworks focused on internal risk analysis, which of these could we implement?

Options are :

  • COBIT.
  • ITIL.
  • COSO.
  • FRAP (Correct)

Answer : FRAP

Explanation FRAP (Facilitated Risk Analysis Process) analyses one business unit, application or system at a time in a roundtable brainstorm with internal employees. Impact analyzed, Threats and Risks Prioritized.

In our organization we have a lot of policies, procedures, standards, and guidelines we use to make our decisions. Which of them is non-mandatory?

Options are :

  • Policies.
  • Procedures.
  • Standards.
  • Guidelines. (Correct)

Answer : Guidelines.

Explanation Guidelines – non-Mandatory. Recommendations, discretionary – Suggestions on how you would to do it.

Which of these could be something we use to help us protect our datas confidentiality?

Options are :

  • Hashes.
  • Multifactor authentication. (Correct)
  • Redundant hardware.
  • Redundant software

Answer : Multifactor authentication.

Explanation To ensure confidentiality we can use strong passwords, multi factor authentication, masking, access control, need-to-know, least privilege and many other factors.

Healthcare insurers, providers and clearing house agencies must comply with HIPAA (Health Insurance Portability and Accountability Act) if they operate in the United States. Which of these are rules they MUST follow? (Select all that apply).

Options are :

  • Breach notification rule. (Correct)
  • Encryption rule.
  • Disclosure rule.
  • Security rule. (Correct)
  • Privacy rule. (Correct)

Answer : Breach notification rule. Security rule. Privacy rule.

Explanation Puts strict privacy and security rules on how PHI (Personal Health Information is handled by health insurers, providers and clearing house agencies (Claims)). HIPAA has 3 rules – Privacy rule, Security rule and Breach Notification rule. The rules mandate Administrative, Physical and Technical safeguards. Security Breach Notification Laws. NOT Federal, 48 states have individual laws, know the one for your state (none in Alabama and South Dakota). They normally require organizations to inform anyone who had their PII compromised. Many have an encryption clause. Lost encrypted data may not require disclosure.

When an attacker is attacking our encryption, they are MOSTLY targeting which leg of the CIA triad?

Options are :

  • Authentication.
  • Confidentiality. (Correct)
  • Availability.
  • Integrity.

Answer : Confidentiality.

Explanation To ensure confidentiality we use encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or IPSEC). There are many attacks against encryption, it is almost always easier to steal the key than breaking it, this is done with cryptanalysis.

When an attacker has altered our data, which leg of the CIA triad is MOSTLY affected?

Options are :

  • Authentication.
  • Confidentiality.
  • Availability.
  • Integrity. (Correct)

Answer : Integrity.

Explanation Alteration is the opposite of integrity our data has been changed.

When authenticating against our access control systems, you present your ID. Which type of authentication are you using?

Options are :

  • A possession factor. (Correct)
  • A knowledge factor.
  • A biometric factor.
  • A location factor.

Answer : A possession factor.

Explanation Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

In the IAAA model, which of these is not NOT of the A's?

Options are :

  • Authentication.
  • Alteration. (Correct)
  • Authorization.
  • Accountability.

Answer : Alteration.

Explanation IAAA is Identification and Authentication, Authorization and Accountability. Alteration is the opposite of integrity from the CIA triad.

We often use the IAAA model in IT security, but what does it do?

Options are :

  • Provide a framework where we authorize, identify and authenticate our users and hold accountable for their actions. (Correct)
  • Provide a framework where we provide integrity, authenticate, authorize our users and hold accountable for their actions.
  • Provide a framework where we identify, authenticate, authorize our users and make sure the data they need is available.
  • Provide a framework where we identify, authenticate, give users access dependent on their job title.

Answer : Provide a framework where we authorize, identify and authenticate our users and hold accountable for their actions.

Explanation IAAA is Identification and Authentication, Authorization and Accountability, we identify our staff, have them authenticate, authorize them to access what they are permitted and hold them accountable for their actions.

During a security breach, one of our honeypots was used for a downstream attack on a rival business. The competitor lost over $200,000 in revenue from the attack. Who is ULTIMATELY liable?

Options are :

  • The IT security team.
  • Middle management.
  • Whomever deployed the honeypot.
  • Senior management. (Correct)

Answer : Senior management.

Explanation C-Level executives (senior leadership) are ultimately liable, this does not mean anyone else is not liable, if other people involved did not perform due care and due diligence they may be liable as well, but the questions was ultimately liable.

We are in a court where the proof must be "More likely than not". Which court are we in?

Options are :

  • Criminal court.
  • Civil court.
  • Administrative court. (Correct)
  • Probation court.

Answer : Administrative court.

Explanation Administrative Law (Regulatory Law): Laws enacted by Government Agencies (FDA Laws, HIPAA, FAA Laws etc.) Proof “More likely than not�.

During a security incident you see something that is usable in court. This constitutes which type of evidence?

Options are :

  • Real evidence.
  • Direct evidence. (Correct)
  • Secondary evidence.
  • Circumstantial evidence.

Answer : Direct evidence.

Explanation Direct Evidence: Testimony from a first hand witness, what they experienced with their 5 senses.

Which of these is something that is COMMONLY trademarked?

Options are :

  • Software.
  • Logos. (Correct)
  • Inventions.
  • Public domain (CC0) photos.

Answer : Logos.

Explanation Trademarks ™ and ® (Registered Trademark). Brand Names, logos, slogans, etc. Must be registered, is valid for 10 years at a time, can be renewed indefinitely.

What would be one of the security concern we would need to address in a divestiture?

Options are :

  • Who gets the IT Infrastructure? (Correct)
  • How do we ensure their security standards are high enough?
  • Security is part of the SLA.
  • All of these.

Answer : Who gets the IT Infrastructure?

Explanation Divestitures: Your organization is being split up. How do you ensure no data crosses boundaries it shouldn't? Who gets the IT Infrastructure?

Which of these is one of the data owner’s responsibilities?

Options are :

  • Make the policies, procedures and standards that govern our data security.
  • Perform the backups and restores.
  • Be trained in the policies, procedures and standards.
  • Assign the sensitivity labels and backup frequency of the data. (Correct)

Answer : Assign the sensitivity labels and backup frequency of the data.

Explanation Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.

When we apply standards and framework, we can use tailoring to do what?

Options are :

  • To implement the full standard or framework, but implement different standards in some areas. (Correct)
  • To pick and chose which parts of the standard or framework we want to implement.
  • Find out how much the implementation will cost us.
  • To see if the standard is a good fit for our organization.

Answer : To implement the full standard or framework, but implement different standards in some areas.

Explanation Tailoring is customizing a standard to your organization. We will apply this standard, but we use a stronger encryption (AES 256-bit).

Jane is using an industry framework to help her team to do self-directed risk management. Which framework is Jane using?

Options are :

  • COSO.
  • COBIT.
  • OCTAVE. (Correct)
  • FRAP.

Answer : OCTAVE.

Explanation OCTAVE® - Operationally Critical Threat, Asset, and Vulnerability Evaluation: Self-Directed Risk Management.

We have many different types of memory. Which type is volatile?

Options are :

  • DRAM. (Correct)
  • PROM.
  • Flash Memory.

Answer : DRAM.

Explanation RAM (Random Access Memory) is volatile memory. It loses the memory content after a power loss or within a few minutes. ROM (Read Only Memory) is nonvolatile it retains memory after power loss.

Which type ROM can only be programmed once?

Options are :

  • EPROM.
  • PROM. (Correct)
  • APROM.

Answer : PROM.

Explanation PROM (Programmable Read Only Memory) – Can only be written once, normally at the factory.

We have chosen to use multiple types of data destruction on our sensitive data. Why would we do that?

Options are :

  • Because it is easier than just a single type of data destruction.
  • To ensure there is no data remanence. (Correct)
  • To ensure data is still accessible after the destruction.
  • To make sure we have the old drives available.

Answer : To ensure there is no data remanence.

Explanation It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding). While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.

What would be a COMMON attack on our data at rest?

Options are :

  • Cryptanalysis. (Correct)
  • Shoulder surfing.
  • Eavesdropping.
  • All of these.

Answer : Cryptanalysis.

Explanation Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.

An attacker has stolen one of our backup tapes. What could prevent the data on the tape from being accessible?

Options are :

  • Proper data handling.
  • Proper data storage.
  • Proper data retention.
  • Proper data encryption. (Correct)

Answer : Proper data encryption.

Explanation Proper encryption can prevent data compromise even if the physical tape is lost. This obviously requires that the encryption is strong enough.

Jane is explaining the different states of data to an executive. Where would you find data at rest? (Select all that apply).

Options are :

  • On our routers.
  • In use on a workstation.
  • Traversing our network.
  • On tapes. (Correct)
  • On a hard disk. (Correct)
  • On a CD. (Correct)

Answer : On tapes. On a hard disk. On a CD.

Explanation Data at Rest (Stored data): This is data on disks, tapes, CDs/DVDs, USB sticks, etc. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs).

We are getting rid of a pile of old hard drives. Which of these would we use on the regular spinning disk drives, to ensure there is no data remanence?

Options are :

  • Degauss.
  • Overwrite.
  • Shred.
  • All of these. (Correct)

Answer : All of these.

Explanation With regular spinning disk hard drives, degauss, overwrite and shred are all good options. Often done with more than one of them just to be sure.

We want to ensure there is no data remanence when we dispose of our old hard disks. When we overwrite a hard disk, what does the overwrite program do?

Options are :

  • Writes random letters over used sections of the disk.
  • Writes 0's over all the sectors with active data on it.
  • Writes 0's over all the sectors. (Correct)
  • Writes random numbers over all the sectors.

Answer : Writes 0's over all the sectors.

Explanation Overwriting is done by writing 0’s or random characters over the data. As far as we know there is no tool available that can recover even single pass overwriting (not possible on damaged media).

In our organization we do not own a degasser or disk crusher. What should we do with our old hard disks when we need to dispose of them?

Options are :

  • Since we have no means of destroying them, we have done our due care and we can recycle them with the rest of the electronic waste.
  • We can pay another company to do it. (Correct)
  • We can overwrite all the functional disks and the rest we can ignore since they are damaged anyways.
  • We can throw them in a lake or the ocean.

Answer : We can pay another company to do it.

Explanation If we do not have the means for proper data destruction, we can pay another company to do so. They obviously have to be licensed to do so and adhere to all our security policies.

When a CPU can execute multiple processes concurrently, it is called what?

Options are :

  • Multithreading. (Correct)
  • Multiprocessing.
  • Multitasking.
  • Multiprogramming.

Answer : Multithreading.

Explanation Multithreading is the ability of a central processing unit (CPU) or a single core in a multi-core processor to execute multiple processes or threads concurrently, appropriately supported by the operating system.

When we are rearranging the plaintext what is it called?

Options are :

  • Confusion.
  • Diffusion.
  • Substitution
  • Permutation. (Correct)

Answer : Permutation.

Explanation Permutation (transposition) provides confusion by rearranging the characters of the plaintext.

A historical type of encryption that was based on a set of disks with random letters; the sender and receiver would agree on the disk order. What is it called?

Options are :

  • Caesar cipher.
  • Spartan Scytale.
  • Vigenère cipher.
  • Bazeries. (Correct)

Answer : Bazeries.

Explanation The Jefferson Disk (Bazeries Cylinder) - is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around the edge. Jefferson (US president) invented it, and Bazeries improved it. The order of the letters is different for each disk and is usually scrambled in some random way. Each disk is marked with a unique number. A hole in the center of the disks allows them to be stacked on an axle. The disks are removable and can be mounted on the axle in any order desired. The order of the disks is the cipher key, and both sender and receiver must arrange the disks in the same predefined order. Jefferson's device had 36 disks.

After the Second World War the US designed and built the SIGABA. How many rotors did it use?

Options are :

  • 3
  • 4
  • 10
  • 15 (Correct)

Answer : 15

Explanation SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.

When we are talking about the Twofish encryption algorithm, which of these is TRUE?

Options are :

  • It is a 64-bit block cipher, with 56-bit keys.
  • It is a 64-bit block cipher with a 112-bit key.
  • It is a 64-bit block cipher with a 128-bit key.
  • It is a 128-bit block cipher with 128, 192 or 256-bit keys. (Correct)

Answer : It is a 128-bit block cipher with 128, 192 or 256-bit keys.

Explanation Twofish. Uses Feistel. Symmetric, block cipher 128-bit blocks, key length 128, 192, 256-bits. Considered secure.

When we experience a power surge, what is happening?

Options are :

  • We have a long loss of power.
  • We have a short loss of power.
  • We have a long low voltage period.
  • We have a long high voltage period. (Correct)

Answer : We have a long high voltage period.

Explanation Power Fluctuation Terms: Surge - Long high voltage.

Jane is talking to a colleague about a regular computer bus. What is that connected to?

Options are :

  • CPU.
  • RAM.
  • Mouse/Keyboard.
  • All of these. (Correct)

Answer : All of these.

Explanation Regular Computer Bus – The primary communications channel on a computer. Communicates between internal hardware and I/O devices (Input/Output), keyboards, mice, monitors, webcams, etc.

A monolithic kernel runs in which mode?

Options are :

  • User mode.
  • Supervisor mode. (Correct)
  • Reference monitor.
  • Superuser mode.

Answer : Supervisor mode.

Explanation The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. A monolithic kernel is one static executable and the kernel runs in supervisor mode. All functionality required by a monolithic kernel must be precompiled in.

When we are replacing one character with another, what is that called?

Options are :

  • Confusion.
  • Diffusion.
  • Substitution. (Correct)
  • Permutation.

Answer : Substitution.

Explanation Substitution replaces one character for another, this provides diffusion.

When we are looking at an IPSec implementation, all of these could be part of it, EXCEPT which?

Options are :

  • AH.
  • ESP.
  • SA.
  • DR. (Correct)

Answer : DR.

Explanation IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

Which type of ASTM standard gate could you have at your house?

Options are :

  • Class I. (Correct)
  • Class III.
  • Class IV.
  • Class XI.

Answer : Class I.

Explanation Gate ASTM Standards: Class I Residential (your house).

We are implementing passive monitoring in our data center. We have chosen to use infrared motion detectors. What do they use to detect movement?

Options are :

  • Heat. (Correct)
  • Pulses.
  • Light.
  • Sound.

Answer : Heat.

Explanation Infrared sensors detect changes in heat signatures.

When we are installing motion sensors, we are implementing which type of control?

Options are :

  • Administrative and detective.
  • Detective and deterrence. (Correct)
  • Deterrence and preventative.
  • Preventative and detective.

Answer : Detective and deterrence.

Explanation Motion Detectors (Detective, Deterrence): Used to alert staff by triggering an alarm (silent or not). Someone is here, did an authorized person pass the checkpoint? IF yes, then log the event and do nothing else - IF no, then alert/alarm. Basic ones are light-based - They require light, making them not very reliable.

What can we use digital signatures to provide?

Options are :

  • Confidentiality.
  • Availability.
  • Non-repudiation. (Correct)
  • Authentication.

Answer : Non-repudiation.

Explanation Digital Signatures: Provides Integrity and Non-Repudiation.

Jane and Bob are talking about hashing and they use the abbreviation MAC. What are they talking about?

Options are :

  • Mandatory Access Control.
  • Media Access Control.
  • Message Authentication Code. (Correct)
  • Message Access Code.

Answer : Message Authentication Code.

Explanation MAC (Message Authentication Code) – The exam uses MAC for several concepts; it will be spelled out which one it is. Hash function using a key. CBC-MAC, for instance, uses Cipher Block Chaining from a symmetric encryption (like DES). Provides integrity and authenticity.

We are blocking unused ports on our servers as part of our server hardening. We have chosen to block UDP port 137. What are we blocking?

Options are :

  • NetBIOS name service. (Correct)
  • NetBIOS datagram service.
  • IMAP.
  • Microsoft Terminal Server (RDP).

Answer : NetBIOS name service.

Explanation NetBIOS Name Service uses UDP port 137 and is used for name registration and resolution.

Which organization is responsible for delegating IP addresses to ISPs in Europe, Russia, and the Middle East?

Options are :

  • ARIN.
  • APNIC.
  • RIPE NNC. (Correct)

Answer : RIPE NNC.

Explanation The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. RIPE NCC (Réseaux IP Européens Network Coordination Centre) Europe, Russia, Middle East, and Central Asia.

Which of these is the Open Systems Interconnection (OSI) models layer 2 broadcast address?

Options are :

  • FF:FF:FF:FF:FF:FF (Correct)

Answer : FF:FF:FF:FF:FF:FF

Explanation Layer 2 uses MAC addresses. They use the FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass. is which type of IPv4 addresses?

Options are :

  • Loopback.
  • Link-local.
  • Private.
  • Public. (Correct)

Answer : Public.

Explanation This is a public address and it is internet routable, not to be confused by the private IPv4 range of –, we can use them on our internal network, they are not routable on the internet.

We have implemented NAT overload. How many public IP addresses do we need, if we are using 5 private IP addresses and they all need internet access at the same time?

Options are :

  • 1 (Correct)
  • 5
  • 6
  • 10

Answer : 1

Explanation PAT was introduced to solve the 1-1 NAT issues, it uses IP AND Port number. Also called One-to-Many or NAT Overload since it translates One public IP to Many private IP’s.

Which of these protocol transports files in plaintext?

Options are :

  • FTP. (Correct)
  • SFTP.
  • FTPS
  • HTTPS:

Answer : FTP.

Explanation FTP (File Transfer Protocol): Transfers files to and from servers. No confidentiality or Integrity checks. Data is sent in plaintext. Should also not be used, since the vast majority of what we transport is over unsecure networks.

A system is requesting an IP address using DHCP. How would the traffic flow look?

Options are :

  • Request > Offer >Discovery > Acknowledge.
  • Request > Discovery > Offer > Acknowledge.
  • Request > Offer > Acceptance > Acknowledge.
  • Discovery > Offer > Request > Acknowledge. (Correct)

Answer : Discovery > Offer > Request > Acknowledge.

Explanation DHCP (Dynamic Host Configuration Protocol) uses the Discovery > Offer > Request > Acknowledge flow. It is the protocol we use to assign IP’s. Controlled by a DHCP Server for your environment.

Which type of networking cables would we use in our data center if we need to avoid EMI and save on cost?

Options are :

  • Single-mode fiber.
  • Multi-mode fiber. (Correct)
  • Copper Ethernet.
  • COAX.

Answer : Multi-mode fiber.

Explanation In data centers we would use multimode fiber over single mode fiber as they are cheaper, more versatile and neither are susceptible to EMI.

Looking at legacy internet speeds. What was the speed of the European E3 connections?

Options are :

  • 1.544Mbps.
  • 44.736Mbps.
  • 2.048Mbps.
  • 34.368Mbps. (Correct)

Answer : 34.368Mbps.

Explanation E3 (Europe): 16 bundled E1 lines, creating a dedicated 34.368 Mbps circuit.

When we talk about multicast, the traffic using it is using which of these?

Options are :

  • One-to-all.
  • One-to-many. (Correct)
  • One-to-one.
  • All-to-one.

Answer : One-to-many.

Explanation Multicast -one-to-many (predefined): The traffic is sent to everyone in a predefined list.

We are slowly moving to IPv6 in our organization. In the transition period, we are using dual stack. What is the link-local prefix for IPv6?

Options are :

  • fffe:
  • fe80: (Correct)
  • eeef:
  • fefe:

Answer : fe80:

Explanation IPv6 Link Local address, only for local traffic uses the fe80: prefix, for instance fe80::b8:20fa:22ff:fe52:888a.

In our data center we are using cold and hot aisles to minimize the cost of cooling. Where would the servers pull the cold air in from?

Options are :

  • Rack front. (Correct)
  • Rack middle.
  • Rack rear.
  • Sub-ceiling.

Answer : Rack front.

Explanation Servers pull cold air in from the cold aisles and push out in the warm aisles. The cold aisles would be at the front of the rack and the hot aisles at the rear of the rack. Servers have intake in the front and exhaust in the back and switches are often reserved.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions