CISSP - Mock Questions with all domains

If we look at our Business Continuity Plan (BCP), which team is defined as responsible for the dealing with getting our Disaster Recovery (DR) site up and running?

Options are :

  • Rescue.
  • Recovery. (Correct)
  • Salvage.
  • All of these.

Answer : Recovery.

Explanation Recovery team (failover):Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

As part of our disaster recovery planning, we are looking at an alternate site. We would want it to take us somewhere between 4 hours and 2-3 days to be back up operating on critical applications. Which type of Disaster Recovery site are we considering?

Options are :

  • Redundant site.
  • Hot site.
  • Warm site. (Correct)
  • Cold site.

Answer : Warm site.

Explanation Warm site: Similar to the hot site, but not with real or near-real time data, often restored with backups. A smaller but full data center, with redundant UPS’, HVACs, ISP’s, generators, … We manually fail traffic over, a full switch and restore can take 4-24 hrs.+.

In our Disaster Recovery Plan (DRP), we could have listed the minimum hardware requirements for a certain system to function. What would that be called?

Options are :

  • MTBF.
  • MTTR.
  • MOR. (Correct)
  • MTD.

Answer : MOR.

Explanation MOR (Minimum Operating Requirements): The minimum environmental and connectivity requirements for our critical systems to function, can also at times have minimum system requirements for DR sites. We may not need a fully spec'd system to resume the business functionality.

As part of our disaster recovery response, we are paying a provider to keep a copy of our servers and data. The servers are to remain down always, with the exception of patches and database syncs, and are only to be spun up if we have a disaster. What would this be called?

Options are :

  • Reciprocal.
  • Redundant.
  • Mobile site.
  • Subscription site. (Correct)

Answer : Subscription site.

Explanation Subscription/cloud site: We pay someone else to have a minimal or full replica of our production environment up and running within a certain number of hours (SLA). They have fully built systems with our applications and receive backups of our data, if we are completely down we contact them and they spin the systems up and apply the latest backups. How fast and how much is determined by our plans and how much we want to pay for this type of insurance.

How would a US government agency be allowed to access company emails?

Options are :

  • Anything turned over voluntary. (Correct)
  • Your emails.
  • Your internet history.
  • Anything done online.

Answer : Anything turned over voluntary.

Explanation Anything subpoena, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment. If it was legal will be decided in a court of law later. We need ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

After a disaster at our primary site, we are restoring functionality at our Disaster Recovery (DR) site. Which applications would we get up and running LAST?

Options are :

  • Least critical. (Correct)
  • Most critical.
  • The most resource intensive.
  • The least resource intensive.

Answer : Least critical.

Explanation The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Recovery team (failover): Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

When would be a time we should update our Business Continuity Plan (BCP) and its sub plans outside of our annual cycle?

Options are :

  • We wouldn't every 12 months is fine.
  • When we add a new server.
  • When we patch our Windows servers.
  • We had a disaster and we had a lot of gaps in our plans. (Correct)

Answer : We had a disaster and we had a lot of gaps in our plans.

Explanation The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. If our organization has had a major change we also update the plans. This could be: We acquired another company or we split off into several companies. We changed major components of our systems (new backup solution, new IP scheme, …). We had a disaster and we had a lot of gaps in our plans. A significant part of senior leadership has changed.

In software acceptance testing, what is the purpose of compliance acceptance testing?

Options are :

  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry. (Correct)
  • To ensure the software perform as expected in our live environment vs. our development environment.
  • To ensure the software is functional for and tested by the end user and the application manager.

Answer : To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.

Explanation Compliance acceptance testing: Is the software compliant with the rules, regulations and laws of our industry?

Which programming language uses short mnemonics like ADD and SUB, which is then matched to its full length binary code?

Options are :

  • Machine code.
  • Source code.
  • Assembler language. (Correct)
  • Compiler language.

Answer : Assembler language.

Explanation Assembler Language: Short mnemonics like ADD/SUB/JMP which is matched with the full length binary machine code, an assembler converts assembly language into machine language, a disassembler does the reverse.

Which software development methodology uses prototypes in addition to, or instead of, design specifications.

Options are :

  • RAD. (Correct)
  • Prototyping.
  • XP.
  • Scrum.

Answer : RAD.

Explanation RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.

In database normalization, in which form would we move data that is partially dependent on the primary key to another table?

Options are :

  • 1st normal form.
  • 2nd normal form. (Correct)
  • 3rd normal form.
  • 4th normal form.

Answer : 2nd normal form.

Explanation Database normalization: Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data, and improves the integrity and availability of the database. Normalization has three forms (rules): First Normal Form: Divides the base data into tables, primary key is assigned to most or all tables. Second Normal Form: Move data that is partially dependent on the primary key to another table. Third normal Form: Remove data that is not dependent on the primary key.

Looking at different database query languages, which of them would use these statements? SELECT, DELETE, INSERT, and UPDATE.

Options are :

  • DDL.
  • DML. (Correct)
  • DRP.
  • BGP.

Answer : DML.

Explanation Data Manipulation Language (DML): Used for selecting, inserting, deleting and updating data in a database. Common DML statements are SELECT, DELETE, INSERT, UPDATE.

In our business improvement process we are using the CMM (Capability Maturity Model). In which stages of the CMM model are processes defined? (Select all that apply).

Options are :

  • Level 1.
  • Level 2.
  • Level 3. (Correct)
  • Level 4. (Correct)
  • Level 5. (Correct)

Answer : Level 3. Level 4. Level 5.

Explanation CMM (Capability Maturity Model): The maturity relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined repeatable steps, to managed result metrics, to active optimization of the processes. From level and upwards we have clearly defined processes. Level 1: Initial Processes at this level that they are normally undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. Level 2: Repeatable. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.

As part of the annual board retreat, senior management is wanting to put a face on the IT organization and thinks Jane is a great candidate for it. They have asked her to talk briefly about native XML vulnerabilities. Which type of database does XML use?

Options are :

  • Object-oriented.
  • Relational.
  • Document-oriented. (Correct)
  • Hierarchical.

Answer : Document-oriented.

Explanation A document-oriented database, or document store, is a computer program designed for storing, retrieving and managing document-oriented information. XML databases are a subclass of document-oriented databases that are optimized to work with XML documents.

In CASE programming, designers use these categories of tools, EXCEPT which?

Options are :

  • Tools.
  • Workbenches.
  • Environments.
  • References. (Correct)

Answer : References.

Explanation CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.

We are in the process of developing some new software. On some of our previous releases of different software we have had security problems. We are considering releasing the source code for the new software, what would that make our software?

Options are :

  • Open source. (Correct)
  • Closed source.
  • Proprietary software.
  • Prevented software.

Answer : Open source.

Explanation Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

Under which of these open source software license agreements, is it allowed to alter the original software and sell the altered software?

Options are :

  • GNU.
  • BSD. (Correct)
  • Apache.
  • CKR.

Answer : BSD.

Explanation BSD (Berkeley Software Distribution): A family of permissive free software licenses, imposing minimal restrictions on the use and redistribution of covered software. This is different than copyleft licenses, which have reciprocity share-alike requirements.

Which software project management methodology is based on 4 phases we go through over and over?

Options are :

  • Waterfall
  • Sashimi.
  • Spiral. (Correct)
  • Agile.

Answer : Spiral.

Explanation The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.

We are using the scrum project management methodology on one of our projects. For that project who would be responsible for the analysis, design, and documentation?

Options are :

  • The product owner.
  • The development team. (Correct)
  • The scrum master.
  • All of these.

Answer : The development team.

Explanation Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Development teams are cross-functional, with all of the skills as a team necessary to create a product increment.

Which type of hacker is NOT very skilled but can be dangerous because of their lack of knowledge and understanding of what they are doing?

Options are :

  • Black hat.
  • Gray hat.
  • White hat.
  • Script kiddie. (Correct)

Answer : Script kiddie.

Explanation Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

In the TCP/IP model, packets are the protocol data units (PDUs) of which layer?

Options are :

  • Link and physical.
  • Internetworks. (Correct)
  • Transport.
  • Application.

Answer : Internetworks.

Explanation Packets are the PDUs of the Internetwork layer of the TCP/IP model. (OSI layer 3 - Networking layer).

On our workstations, we are implementing new security measures. As part of that, we will start blocking TCP port 20. Which protocol are we blocking?

Options are :

  • FTP data transfer. (Correct)
  • FTP control.
  • SSH.
  • Telnet.

Answer : FTP data transfer.

Explanation FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer - the actual data is sent here.

As part of our server hardening we have chosen to block TCP port 25. What are we blocking on the servers?

Options are :

  • SMTP. (Correct)
  • HTTP.
  • HTTPS.
  • POP3.

Answer : SMTP.

Explanation Simple Mail Transfer Protocol (SMTP), uses TCP port 25, but can also use port 2525.

We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking?

Options are :

  • NetBIOS name service.
  • NetBIOS datagram service.
  • IMAP. (Correct)
  • Microsoft Terminal Server (RDP).

Answer : IMAP.

Explanation Internet Message Access Protocol (IMAP) uses TCP port 143.

Which organization is responsible for delegating IP addresses to ISPs in the Caribbean and Latin America?

Options are :

  • ARIN.
  • APNIC.
  • LACNIC. (Correct)
  • RIPE NNC.

Answer : LACNIC.

Explanation The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. LACNIC (Latin America and Caribbean Network Information Centre): Latin America and parts of the Caribbean region.

An IPv4 address consists of how many bits?

Options are :

  • 4 bit.
  • 8 bit.
  • 128 bit.
  • 32 bit (Correct)

Answer : 32 bit

Explanation IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32 bit integer binary.

Which type of IPv4 address is the range 172.31.0.0/24?

Options are :

  • Loopback.
  • Link-local.
  • Private. (Correct)
  • Public.

Answer : Private.

Explanation 172.16.0.0 – 172.31.255.255 are private IP's, we can use them on our internal network, they are not routable on the internet.

If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?

Options are :

  • Loopback. (Correct)
  • Link-local.
  • Private.
  • Public.

Answer : Loopback.

Explanation IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.

We have implemented static Network address translation (NAT). How many public IP addresses do we need if we are using 5 private IP addresses and they all need internet access at the same time?

Options are :

  • 1
  • 5 (Correct)
  • 6
  • 10

Answer : 5

Explanation Static NAT Translates 1-1, we need 1 Public IP per Private IP we use, not practical and not sustainable.

Which of these is NOT a downside to enforcing software tokens on phones for multifactor authentication?

Options are :

  • Phones can be lost.
  • Phones has to be charged.
  • SIM cloning.
  • It is user friendly. (Correct)

Answer : It is user friendly.

Explanation Software tokens on phones are easy, user friendly, but also comes with some challenges. What can a user do if they lose the phone, if their SIM card is cloned, the phone is not charged, …

What can we implement that could help DECREASE identity theft online?

Options are :

  • Multifactor authentication. (Correct)
  • Single factor authentication.
  • Usernames and passwords.
  • Saving usernames and passwords on your computer.

Answer : Multifactor authentication.

Explanation Multifactor authentication is a good way to decrease online identity theft, passwords and usernames are easily compromised, adding a possession based factor to it makes it much more secure.

In our access management, we would NEVER want to use group user accounts. Why is that?

Options are :

  • No authentication.
  • No accountability. (Correct)
  • No authorization.
  • No availability.

Answer : No accountability.

Explanation Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability.

Which type of authentication can also be used for identification?

Options are :

  • Fingerprint.
  • Password.
  • Passport. (Correct)
  • PIN.

Answer : Passport.

Explanation In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.

Type 2 authentication includes all these, EXCEPT which?

Options are :

  • TOTP token.
  • Passport.
  • Cookie.
  • Password. (Correct)

Answer : Password.

Explanation Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). A password is something you know (type 1 factor).

What can we do we do when a type 1 authentication is compromised?

Options are :

  • Issue a new password. (Correct)
  • Issue a new ID card.
  • Stop use of that type of biometric for that employee or use another finger if fingerprint.
  • Revoke the token.

Answer : Issue a new password.

Explanation Type 1 Authentication is something you know, this could be passwords, pass phrase, PIN etc. We would issue a new different password.

Which type of authentication will ask the user for something they have?

Options are :

  • Type 1.
  • Type 2. (Correct)
  • Type 3.
  • Type 4.

Answer : Type 2.

Explanation Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

For our new startup, we are looking at different types of identity and access management. Which of these are COMMON types of that? (Select all that apply).

Options are :

  • DAC (Discretionary Access Control). (Correct)
  • RUBAC (Rule Based Access Control).
  • MAC (Mandatory Access Control). (Correct)
  • RBAC (Role Based Access Control). (Correct)
  • TRAC (Trust Ratio Access Control).

Answer : DAC (Discretionary Access Control). MAC (Mandatory Access Control). RBAC (Role Based Access Control).

Explanation In Identity and Access Management we can use DAC (Discretionary Access Control), which is often used when Availability is most important. Access to an object is assigned at the discretion of the object owner. MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position. RUBAC is based on IF/THEN statements (think older firewalls), and is not a type of Identity and Access Management. TRAC is .. well nothing, I made it up 0_o

A HMAC-based one-time password (HOTP) is an example of which type of authentication method?

Options are :

  • Something you know.
  • Something you have. (Correct)
  • Something you are.
  • Somewhere you are.

Answer : Something you have.

Explanation Something you have - Type 2 Authentication: HOTP (HMAC-based one-time password): Shared secret and incremental counter, generate code when asked, valid till used.

We are using one-time passwords that are pushed every 30 seconds to an application on our technical staff's phones. Which type of tokens are we using?

Options are :

  • HOTP.
  • TOTP. (Correct)
  • ROTP.
  • BOTP.

Answer : TOTP.

Explanation Something you have - Type 2 Authentication: TOTP (Time-based One-Time Password): Time based with shared secret, often generated every 30 or 60 seconds, synchronized clocks are critical.

Implementing our access control model, you are asked, "In which type of access management would you use access lists?" What do you answer?

Options are :

  • MAC.
  • DAC. (Correct)
  • RBAC.
  • RAC.

Answer : DAC.

Explanation DAC (Discretionary Access Control): Often used when Availability is most important. Uses DACLs (Discretionary access lists), based on user identity. Access to an object is assigned at the discretion of the object owner. The owner can add, remove rights, commonly used by most OS’.

In which type of access management would we use labels for objects?

Options are :

  • MAC. (Correct)
  • DAC.
  • RBAC.
  • RAC.

Answer : MAC.

Explanation MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. Labels: Objects have Labels assigned to them, the subjects clearance must dominate the objects label. The label is used to allow Subjects with the right clearance access them. Labels are often more granular than just “Top Secret?, they can be “Top Secret – Nuclear?.

John is not allowed to access the organization's network from anywhere but his home and at his desk at work. He just went on vacation and tried to log in. His access request was denied. This is a type of what?

Options are :

  • Content-based access control.
  • Context-based access control. (Correct)
  • Both context and content.
  • Role based access control.

Answer : Context-based access control.

Explanation Context-based access control: Access to an object is controlled based on certain contextual parameters, such as location, time, sequence of responses, and access history. Providing the username and password combination, followed by a challenge and response mechanism such as CAPTCHA, filtering the access based on MAC addresses on wireless, or a firewall filtering the data based on packet analysis, are all examples of context-dependent access control mechanisms.

Which of these protocols is vendor neutral?

Options are :

  • LDAP. (Correct)
  • AD.
  • EIGRP.
  • VTP.

Answer : LDAP.

Explanation LDAP (The Lightweight Directory Access Protocol): Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389. LDAP is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users.

Which of these protocols is the MOST commonly used for remote management of routers and switches?

Options are :

  • Kerberos.
  • RADIUS. (Correct)
  • DIAMETER.
  • LDAP.

Answer : RADIUS.

Explanation RADIUS (Remote Authentication Dial-In User Service): A networking protocol that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. Widely used by ISPs (Internet service providers) and large organizations to manage access to IP networks, APs, VPNs, Servers, 802.1x, etc. Uses a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. Use UDP ports 1812 for authentication and 1813 for accounting, can use TCP as the transport layer with TLS for security.

The TACACS+ protocol as default uses which TCP port?

Options are :

  • 443
  • 80
  • 49 (Correct)
  • 23

Answer : 49

Explanation TACACS+: Provides better password protection by using two-factor strong authentication. Not backwards compatible with TACACS. Uses TCP port 49 for authentication with the TACACS+ server. Similar to RADIUS, but RADIUS only encrypts the password TACACS+, encrypts the entire data package.

In software testing, we are doing synthetic transaction. What does that mean?

Options are :

  • Test the code while executing it.
  • Passively test the code, but not run it.
  • Submit random malformed input to crash the software or elevate privileges.
  • Build scripts and tools that would simulate normal user activity. (Correct)

Answer : Build scripts and tools that would simulate normal user activity.

Explanation Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.

We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and ultimately, if they can, admin access?

Options are :

  • Gaining access.
  • Discovery.
  • System browsing.
  • Escalate privileges. (Correct)

Answer : Escalate privileges.

Explanation Escalate Privileges: Get higher level access, ultimately we want admin access.

A penetration tester is calling one of our employees, and they are talking about friends they have in common. The penetration tester then asks for help from the employee. This is which type of social engineering?

Options are :

  • Authority.
  • Intimidation.
  • Scarcity.
  • Familiarity. (Correct)

Answer : Familiarity.

Explanation Social engineering uses people skills to bypass security controls. Familiarity (Have a common ground, or build it) - Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.

In software testing, component interface testing would test what?

Options are :

  • The functionality of a specific section of code.
  • Interfaces between components against the software design.
  • Data handling passed between different units or subsystems. (Correct)
  • Processes and security alerts when encountering errors.

Answer : Data handling passed between different units or subsystems.

Explanation Component interface testing: Testing can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units.

Which phase could a penetration tester go to after they are finished with one of the "System browsing" phases? (Select all that apply).

Options are :

  • Install additional tools. (Correct)
  • Escalate privileges.
  • Discovery. (Correct)
  • Gaining access.

Answer : Install additional tools. Discovery.

Explanation After system browsing, the pen tester would either try to install additional tools or go back to the discovery/planning phase.

To ensure our compliance before we pay for a structured audit, we want to do an "unstructured" audit. What would that entail?

Options are :

  • Testing against a published standard.
  • External auditors comes in.
  • Internal auditors looking for flaws. (Correct)
  • Internal IT Security employees double checking their work.

Answer : Internal auditors looking for flaws.

Explanation Unstructured audits: Internal auditors to improve our security and find flaws; often done before an external audit.

Which type of hacker is skilled and often alerts companies to vulnerabilities before publishing them?

Options are :

  • Black hat.
  • Gray hat. (Correct)
  • White hat.
  • Script kiddie.

Answer : Gray hat.

Explanation Gray/Grey Hat hackers: They are somewhere between the white and black hats, they often alert the company so they can fix the flaw, if the company does nothing they then publish it flaw.

In our software code testing, one of the coders is mentioning the test coverage analysis. What is she talking about?

Options are :

  • Each pair of input parameters to a system.
  • All interfaces exposed by the application.
  • How much of the code was tested in relation to the entire application. (Correct)
  • The amount of errors in the code.

Answer : How much of the code was tested in relation to the entire application.

Explanation Test Coverage Analysis: Identifies the how much of the code was tested in relation to the entire application.

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?

Options are :

  • Administrative.
  • Technical. (Correct)
  • Physical.
  • Detective.

Answer : Technical.

Explanation Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

What could be used to provide audit log integrity during an attack?

Options are :

  • Using WORM media for audit logs. (Correct)
  • Localized logging with push to a centralized server every 24 hours.
  • Centralized logging pushed every hour.
  • Local logging accessible with administrator privileges.

Answer : Using WORM media for audit logs.

Explanation WORM (Write Once - Read Many) is media you can't erase the content once it is written without destroying the media.

What do we often uncover in our vulnerability scans?

Options are :

  • Open ports that should not be. (Correct)
  • Unauthorized users.
  • Attacks.
  • None of these.

Answer : Open ports that should not be.

Explanation Vulnerability scanning/testing: A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. It is very important to understand the output from a vulnerability scan, they can be 100's of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability). When we understand the true Risk, we can then plan our mitigation.

Why would we choose to delete a user account after the employee leaves the organization?

Options are :

  • Regulations.
  • User’s privacy protection. (Correct)
  • Accountability traceability for events discovered later.
  • Retention policy.

Answer : User’s privacy protection.

Explanation We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.

Jane is working on strengthening our detective access controls. What could she look at to do that?

Options are :

  • Encryption
  • Anti-virus. (Correct)
  • Backups.
  • Patches.

Answer : Anti-virus.

Explanation Detective: Controls that detect during or after an attack – IDS, CCTV, Alarms, anti-virus.

Using a quantitative risk analysis approach what would we use?

Options are :

  • Risk analysis matrix.
  • Cost per incident. (Correct)
  • Asumptions.
  • Likeliness.

Answer : Cost per incident.

Explanation Quantitative Risk Analysis – What will it actually cost us in $? This is fact based analysis, Total $ value of asset, math is involved.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions