CISSP - Mock Questions with all domains

Who is responsible for the day to day IT security operations of our organization?

Options are :

  • The CEO.
  • The CFO
  • The CIO.
  • The CSO. (Correct)

Answer : The CSO.

Explanation The Chief Security Officer is responsible for the day to day IT Security operations.

What would we do during the e-discovery process?

Options are :

  • Discover all the electronic files we have in our organization.
  • Collect the data requested from the various stores it may be kept in. (Correct)
  • Make sure we keep data long enough in our retention policies for us to fulfil the legal requirements for our state and sector.
  • Delete data that has been requested if the retention period has expired.

Answer : Collect the data requested from the various stores it may be kept in.

Explanation e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation and data to a court or external attorneys in a legal proceeding. We need to ensure we collect all the relevant data from all the storage locations we may use.

Which type of malware replaces some of the OS with a malicious payload?

Options are :

  • Worms.
  • Trojans.
  • Rootkits. (Correct)
  • Logic bombs.

Answer : Rootkits.

Explanation Rootkits - Replaces some of the OS/Kernel with a malicious payload. User rootkits work on Ring 3 and Kernel rootkits on Ring 0.

What is SCADA used for?

Options are :

  • Computerized control system for a process or plant.
  • Controlling manufacturing processes.
  • Monitor our servers, workstations and network devices.
  • High level control supervisory management. (Correct)

Answer : High level control supervisory management.

Explanation SCADA (Supervisory Control And Data Acquisition) is a control system architecture that uses computers, networked data communications and graphical user interface (GUI) for high-level process supervisory management. The operator interfaces which enable monitoring and the issuing of process commands, such as controller set point changes, are handled through the SCADA supervisory computer system. However, the real-time control logic or controller calculations are performed by networked modules which connect to the field sensors and actuators.

Which routing protocol is used for the internet?

Options are :

  • Open Shortest Path First.
  • Routing Information Protocol.
  • Enhanced Interior Gateway Routing Protocol.
  • Border Gateway Protocol. (Correct)

Answer : Border Gateway Protocol.

Explanation BGP (Border Gateway Protocol): The routing protocol used for the Internet. BGP routes between AS (Autonomous Systems) which are networks with multiple Internet connections. EIGRP, RIP and OSPF are rarely used on the internet (although they may be used between ISP's and organizations).

What does a first generation firewall inspect?

Options are :

  • The packets to see if they match any of the IF/THEN statements. (Correct)
  • The records to see if it is a reflective request.
  • The entire unencrypted packet to see if the content is permitted.
  • Only the source IP.

Answer : The packets to see if they match any of the IF/THEN statements.

Explanation First generation: Packet filtering firewalls, OSI Layer 1-3. Packet filters act by inspecting the "packets" which are transferred between clients. If a packet does not match the packet filter's set of filtering rules, the packet filter will drop the packet or reject it and send error responses to the source.

In which phase of incident management do we restore from backup tapes?

Options are :

  • Preparation.
  • Detection.
  • Response.
  • Recovery. (Correct)

Answer : Recovery.

Explanation Recovery: We carefully restore the system or systems to operational status. When the system is ready for reinsertion is determined by the business unit responsible for the system. We closely monitor the rebuilt or cleaned system carefully, it is possible the attackers left backdoors or we did not remove all the infected sectors.

Which intrusion system alerts using behavior.

Options are :

  • IPS.
  • IDS.
  • Heuristic. (Correct)
  • Pattern.

Answer : Heuristic.

Explanation Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic.

Within our organization, it is important that we have a layered defense strategy. Which of these would be an example of a recovery access control?

Options are :

  • Encryption.
  • Alarms
  • Backups. (Correct)
  • Patches.

Answer : Backups.

Explanation Recovery: Controls that help us Recover after an attack – DR Environment, Backups, HA Environments .

In our risk analysis, we are looking at the total risk of a vulnerability. What would we look at to find the total risk?

Options are :

  • Threat + vulnerability.
  • Threat * vulnerability.
  • Threat * vulnerability * asset value. (Correct)
  • (threat * vulnerability * asset value) - countermeasures.

Answer : Threat * vulnerability * asset value.

Explanation Total Risk = Threat * Vulnerability * Asset Value.

We are looking at the different classifications for access controls. Which of these is a type of detective access control?

Options are :

  • Encryption.
  • Backups.
  • Patches.
  • Intrusion detection systems. (Correct)

Answer : Intrusion detection systems.

Explanation IDSs (Intrusion Detection Systems) on our network to capture and alert traffic seen as malicious. They can be categorized into 2 types and with 2 different approaches to identifying malicious traffic. Network based, placed on a network segment (a switch port in promiscuous mode). Host based, on a client, normally a server or workstation. Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns. Heuristic (Behavioral) based, uses a normal traffic pattern baseline to monitor for abnormal traffic.

Looking at the governance of our organization, our standards could be described by which of these?

Options are :

  • Non-specific, but can contain patches, updates, strong encryption.
  • Specific: all laptops are W10, 64-bit, 8GB memory. (Correct)
  • Low level step-by-step guides.
  • Recommendations.

Answer : Specific: all laptops are W10, 64-bit, 8GB memory.

Explanation Standards – Mandatory. Describes a specific use of technology (All laptops are W10, 64-bit, 8GB memory, etc.)

In our quantitative risk analysis, we are looking at the ARO. What does that tell us?

Options are :

  • How many times it happens per year. (Correct)
  • How much many percent of the asset is lost.
  • What will it cost us it if happens once.
  • What will it cost us per year if we do nothing.

Answer : How many times it happens per year.

Explanation Annual Rate of Occurrence (ARO) – How often will this happen each year?

Where would be a good place for us to NOT implement defense in depth?

Options are :

  • Our data centers.
  • Nowhere. (Correct)
  • Our call center.
  • Our VPNs

Answer : Nowhere.

Explanation We would implement defense in depth everywhere. We would not implement it "no where", the double negative would cancel each other out. Remember this is also an exam in the English language assuming you take it in English, it does intend to trick you at times.

We are in criminal court and the defendant says we used enticement. In this setting, enticement is which of these?

Options are :

  • A solid legal defense strategy.
  • Not a solid legal defense strategy. (Correct)
  • Something we can do without consulting our legal department.
  • Legal and unethical.

Answer : Not a solid legal defense strategy.

Explanation Enticement (Legal and ethical): Making committing a crime more enticing, but the person has already broken the law or at least has decided to do so. Honeypots can be a good way to use enticement. Have open ports or services on a server that can be attacked. Enticement is not a valid defense.

One of our senior VPs calls you up to explain a term he heard at a conference. He heard about cybersquatting and wants to know more. Which of these is TRUE about it?

Options are :

  • Always illegal.
  • Potentially illegal.
  • Legal. (Correct)
  • Never profitable.

Answer : Legal.

Explanation Cybersquatting – Buying an URL you know someone else will need (To sell at huge profit – not illegal).

As an IT Security professional, you are expected to perform due care. What does this mean?

Options are :

  • Researching and acquiring the knowledge to do your job right.
  • Do what is right in the situation and your job. Act on the knowledge. (Correct)
  • Continue the security practices of your company.
  • Apply patches annually.

Answer : Do what is right in the situation and your job. Act on the knowledge.

Explanation Due Care – Prudent person rule – What would a prudent person do in this situation? Implementing the IT Security architecture, keep systems patched. If compromised: fix the issue, notify affected users (Follow the Security Policies to the letter).

Senior management is looking at the ISO27799 standard. What is it focused around?

Options are :

  • ITSM.
  • Protecting PHI. (Correct)
  • Risk management.
  • PCI-DSS.

Answer : Protecting PHI.

Explanation ISO 27799: Directives on how to protect PHI (Personal Health Information).

We are working on our risk management and we are doing quantitative risk analysis. What does the ALE tell us?

Options are :

  • How many times it happens per year.
  • How much many percent of the asset is lost.
  • What will it cost us if it happens once.
  • What will it cost us per year if we do nothing. (Correct)

Answer : What will it cost us per year if we do nothing.

Explanation Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

With the CIA triad in mind, when we choose to have too much integrity, which other control will MOST LIKELY suffer?

Options are :

  • Confidentiality.
  • Availability. (Correct)
  • Identity.
  • Accountability.

Answer : Availability.

Explanation Finding the right mix of Confidentiality, Integrity and Availability is a balancing act. This is really the cornerstone of IT Security – finding the RIGHT mix for your organization. Too much Integrity and the Availability can suffer.

Which of these would NOT be a factor we would consider to protect our availability?

Options are :

  • Patch management.
  • Redundant hardware.
  • SLA's.
  • Non-redundant hardware. (Correct)

Answer : Non-redundant hardware.

Explanation To ensure availability we use: IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLA’s – How high uptime to we want (99.9%?) – (ROI).

We are looking at our risk responses. We are considering buying insurance to cover the gaps we have. Which type of response would that be?

Options are :

  • Risk transference. (Correct)
  • Risk rejection.
  • Risk avoidance.
  • Risk mitigation.

Answer : Risk transference.

Explanation Transfer the Risk – The Insurance Risk approach – We could get flooding insurance for the Data Center, the flooding will still happen, we will still lose 15% of the infrastructure, but we are insured for cost.

Jane has suggested we implement full disk encryption on our laptops. Our organization, on average, loses 25 laptops per year, and currently it costs us $10,000 per laptop. The laptop itself costs $1,000, as well as $9,000 in losses from non-encrypted data being exposed. We want to keep using laptops, and have our ARO (Annualized Rate of Occurrence) stay the same. How much can the countermeasures we implement cost, for us to break even??

Options are :

  • 2250000
  • 225000 (Correct)
  • 250000
  • 22500

Answer : 225000

Explanation If we implemented full disk encryption, the break even point would be $225,000. We would still lose the 25 laptops per year ($1,000 per), and the cost of that loss is $25,000 per year from that ,regardless of encryption. What we would save is the 25 * $9,000 ($225,000) from the non-encrypted data exposure. This is what we can use for the encryption.

Laws, regulations, and standards should not be confused. Which of these are NOT a law?

Options are :

  • HIPAA.
  • PCI-DSS. (Correct)
  • Homeland security act.
  • Gramm-Leach-Bliley act.

Answer : PCI-DSS.

Explanation Payment Card Industry Data Security Standard (PCI-DSS) – Technically not a law. Created by the payment card industry. The standard applies to cardholder data for both credit and debit cards. Requires merchants and others to meet a minimum set of security requirements. Mandates security policy, devices, control techniques, and monitoring.

When we are authenticating our employees, which of these would NOT be considered useful?

Options are :

  • Something you are.
  • Something you know.
  • Something you believe. (Correct)
  • Something you have.

Answer : Something you believe.

Explanation Something you know - Type 1 Authentication (passwords, pass phrase, PIN etc.). Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). Something you are - Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.). Somewhere you are - Type 4 Authentication (IP/MAC Address). Something you do - Type 5 Authentication (Signature, Pattern unlock).

Which type of companies are subject to the Sarbanes-Oxley act (SOX)?

Options are :

  • Private companies.
  • Publicly traded companies. (Correct)
  • Healthcare companies.
  • Startup companies.

Answer : Publicly traded companies.

Explanation Sarbanes-Oxley Act of 2002 (SOX): Directly related to the accounting scandals in the late 90’s. Regulatory compliance mandated standards for financial reporting of publicly traded companies. Intentional violations can result in criminal penalties.

We are looking at lowering our risk profile and we are doing our quantitative risk analysis. What would EF tell us?

Options are :

  • How many times it happens per year.
  • How much many percent of the asset is lost. (Correct)
  • What will it cost us if it happens once.
  • What will it cost us per year if we do nothing.

Answer : How much many percent of the asset is lost.

Explanation Exposure factor (EF) – Percentage of Asset Value lost?

We are in a court where the evidence must be "the majority of the proof." Which type of law does that relate to?

Options are :

  • Civil law. (Correct)
  • Criminal law.
  • Administrative law.
  • Private regulations.

Answer : Civil law.

Explanation Civil Law (Tort Law): Individuals, groups or organizations are the victims and proof must be ?the Majority of Proof?. Financial fines to “Compensate the Victim(s)?.

Our organization has a lot of different and diverse leadership. Who is responsible for the day-to-day leadership?

Options are :

  • The CEO. (Correct)
  • The CFO
  • The CIO.
  • The CSO.

Answer : The CEO.

Explanation The Chief Executive Officer is responsible for the day to day leadership of the organization, the board may provide the direction.

What would we do during the e-discovery process?

Options are :

  • Discover all the electronic files we have in our organization.
  • Produce electronic information to our internal legal team who will present it in court. (Correct)
  • Make sure we keep data long enough in our retention policies for us to fulfil the legal requirements for our state and sector.
  • Delete data that has been requested if the retention period has expired.

Answer : Produce electronic information to our internal legal team who will present it in court.

Explanation e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation to our legal council, who will then present it in court or or external attorneys in a legal proceeding.

Looking at the data classifications classes of the US government: data that, if disclosed, won't cause any harm to national security, would be classified as?

Options are :

  • Unclassified. (Correct)
  • Unregulated.
  • Secret.
  • Common knowledge.

Answer : Unclassified.

Explanation Unclassified information isn't sensitive, and unauthorized disclosure won't cause any harm to national security.

Which of these is a COMMON attack against data at rest?

Options are :

  • Stealing unencrypted laptops. (Correct)
  • MITM.
  • Screen scrapers.
  • Keyloggers.

Answer : Stealing unencrypted laptops.

Explanation If we do not encrypt our laptops which uses the data from our database, it is a very good attack vector for someone wanting to steal our data.

In designing our data retention policy, which of these should NOT be a consideration?

Options are :

  • Which data do we keep?
  • How long do we keep the data?
  • Where do we keep the backup data?
  • How to safely destroy the data after the retention has expired? (Correct)

Answer : How to safely destroy the data after the retention has expired?

Explanation A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.

We have many policies we need to adhere to in our organization. Which of these would be part of our clean desk policy?

Options are :

  • Minimal use of paper copies and only used while at the desk and in use. (Correct)
  • Cleaning your desk of all the clutter.
  • Shred all paper copies everything.
  • Picking up anything you print as soon as you print it.

Answer : Minimal use of paper copies and only used while at the desk and in use.

Explanation As part of a clean desk policy we should only use paper copies of sensitive data when strictly needed.

What are we trying to get rid of with when we do our data disposal?

Options are :

  • Data remanence. (Correct)
  • How long we keep the data.
  • The data content.
  • The data in use.

Answer : Data remanence.

Explanation When we dispose of our data media we are making sure there is no data remanence on our hard disks, tapes, etc.

Which of these is a personally identifiable indicator protected under the HIPAA rules?

Options are :

  • Name.
  • Zip code.
  • License plate.
  • All of these. (Correct)

Answer : All of these.

Explanation Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

In our technology refresh cycle we need to dispose of old hardware. What would we do for proper data disposal of SSD drives if we need to keep the drives intact?

Options are :

  • Degaussing.
  • Formatting.
  • Deleting all files.
  • Overwriting. (Correct)

Answer : Overwriting.

Explanation SSD drives can't be degaussed and formatting or deleting the files only removes the file structure, most if not all files are recoverable. We would need to overwrite all the data with random 0s and 1s.

When a system has been certified, what does that mean?

Options are :

  • It has met the data owners security requirements. (Correct)
  • It has met the data stewards security requirements.
  • The data owner has accepted the certification and the residual risk, which is required before the system is put into production.
  • The data steward has accepted the certification and the residual risk, which is required before the system is put into production.

Answer : It has met the data owners security requirements.

Explanation Certification is when a system has been certified to meet the security requirements of the data owner. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system.

What would we encrypt, when we are dealing with sensitive data?

Options are :

  • USB drives.
  • Wireless access points.
  • Laptops.
  • All of these. (Correct)

Answer : All of these.

Explanation When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

We need to ensure proper security measures in place when we are dealing with Personally identifiable information (PII). Which of these is NOT considered PII?

Options are :

  • Address.
  • Birthday.
  • Marital status.
  • Cookies on your PC. (Correct)

Answer : Cookies on your PC.

Explanation Personally identifiable information (PII) is any information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Which of these would NOT have any data remanence after the system has been completely disconnected from power for 10 minutes?

Options are :

  • Hard disks.
  • Read only memory.
  • Random access memory. (Correct)
  • Tapes.

Answer : Random access memory.

Explanation RAM (Random access memory) would lose its data remanence after a few seconds to a few minutes after the loss of power.

Which security principle is Bell-LaPadula based on?

Options are :

  • Integrity.
  • Confidentiality. (Correct)
  • Availability.
  • Authentication.

Answer : Confidentiality.

Explanation Bell-LaPadula: (Confidentiality) (Mandatory Access Control): Simple Security Property “No Read UP?. Subjects with Secret clearance can’t read Top Secret data. * Security Property: “No Write DOWN?. Subjects with Top Secret clearance can’t write Top Secret information to Secret folders. Strong * Property: “No Read or Write UP and DOWN?. Subjects can ONLY access data on their own level.

How many keys would we have if we had 100 users using symmetric encryption?

Options are :

  • 200
  • 100
  • 4950 (Correct)
  • 2000

Answer : 4950

Explanation Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100x99)/2 = 4950 keys.

Which of these is NOT part of our server hardening?

Options are :

  • Blocking ports not required by the server.
  • Applying all patches.
  • Disabling default user accounts.
  • Enable the USB drives on the servers. (Correct)

Answer : Enable the USB drives on the servers.

Explanation Hardware Hardening: On our servers - we harden the server. Apply all patches, block ports not needed, delete default users, … most places are good about this.

We are designing a new data center. Which of these if installed should ALWAYS prevent power fluctuations?

Options are :

  • PDU.
  • UPS. (Correct)
  • CPU.
  • Batteries.

Answer : UPS.

Explanation UPSs (Uninterruptible Power Supplies): Ensure constant clean power to the systems. Have large battery banks that take over in the event of a power outage; they also act as surge protectors.

We are designing a new data center. At a presentation to senior management and the board of directors, you are asked: "Why do we need to keep the humidity controlled in the data center?" What should your reply be?

Options are :

  • To keep it nice in there for employees.
  • To prevent corrosion on our equipment.
  • To ensure the data is safe. (Correct)
  • To prevent EMI.

Answer : To ensure the data is safe.

Explanation To ensure the data is safe: We want to keep the humidity between 40 and 60% rH (Relative Humidity), too low humidity will cause static electricity and high humidity will corrode metals (electronics). While "Prevent corrosion" is correct, "Keep data safe" is more correct.

When we are replacing memory sticks in a server, we should use which of these to prevent damage to hardware when handling it?

Options are :

  • A dark data center.
  • Proper humidity.
  • A sharp screwdriver.
  • Antistatic equipment. (Correct)

Answer : Antistatic equipment.

Explanation Static Electricity: Can be mitigated by proper humidity control, grounding all circuits, using antistatic wrist straps and work surfaces. All personnel working with internal computer equipment (motherboards, insert cards, memory sticks, hard disks) should ground themselves before working with the hardware.

We have smoke photoelectric detectors installed in our data center. What do they detect?

Options are :

  • The infrared light emitted from a fire.
  • A change in the light indicating higher particle density. (Correct)
  • A rise in temperature indicating a fire.
  • If the light is off in the data center.

Answer : A change in the light indicating higher particle density.

Explanation Smoke Detectors: Photoelectric uses LED (Light Emitting Diode) and a photoelectric sensor that produces a small charge while receiving light. Triggers when smoke or any higher particle density interrupts the light.

We have seen an increasing number of viruses on our systems. As part of our defense in depth, we have implemented multiple overlapping countermeasures to mitigate the issues we have been having with viruses. Which of these are types of viruses? (Select all that apply).

Options are :

  • Boot Sector. (Correct)
  • Polymorphic. (Correct)
  • Logic Bombs.
  • Trojans.
  • Packers.
  • Macro. (Correct)

Answer : Boot Sector. Polymorphic. Macro.

Explanation Viruses - require some sort of human interaction and are often transmitted by USB sticks or other portable devices. When the program is executed, they replicate themselves by inserting their own code into other programs. Macro (document) viruses: Written in Macro Languages; embedded in other documents (Word, Outlook). Boot Sector viruses: infects the PC's boot sector or the Master Boot Record, ensuring it runs every time the PC boots. Stealth Viruses: try to hide themselves from the OS and antivirus software. Polymorphic Viruses: change their signature to avoid the antivirus signature definitions. Well-written polymorphic viruses have no parts that remain identical between infections, making it very difficult to detect directly using antivirus signatures. Multipart (Multipartite) Viruses: spread across multiple vectors. They are often hard to get rid of because even if you clean the file infections, the virus may still be in the boot sector and vice-versa.

In newer computer architecture, we have split the bus into a north and a south bridge. The north bridge is much faster than the south bridge. Which of these is the north bridge?


Options are :

  • A
  • B (Correct)
  • C

Answer : B

Explanation The Northbridge (Host bridge) is connected to the CPU, the RAM, GPU and the south bridge. The south bridge is connected to the peripherals and the north bridge. There are no North/Southbridge standards, but they must be able to work with each other.

What is the MOST important to secure the safety of FIRST in an emergency?

Options are :

  • Staff. (Correct)
  • Critical servers.
  • The building.
  • Backups.

Answer : Staff.

Explanation Remember people are always more important to protect than stuff.

Halon is by far the best fire suppression. It can keep hardware, employees, and our building safer by putting the fires out more efficiently. Why is it we no longer use Halon in our fire suppression systems?

Options are :

  • It is too expensive.
  • It is not very good at putting fires out.
  • It depletes the ozone layer. (Correct)
  • It damages hardware.

Answer : It depletes the ozone layer.

Explanation Halon 1301 has been the industry standard for protecting high-value assets from fire since the mid-1960s. It has many benefits: it is fast-acting, safe for assets, and requires little storage space. It is no longer used widely because it depletes atmospheric ozone and is potentially harmful to humans. In some countries, legislation requires the systems to be removed; in others, it is OK to use them still (with recycled Halon); however, systems have not been installed since 1994 (The Montreal Accord). The Montreal Accord (197 countries) banned the use and production of new Halon. A few exceptions for "essential uses“ include things like inhalers for asthma, and fire suppression systems in submarines and aircraft.

We use different types of fire suppression depending on where it is and what is in that location. Which areas would it be appropriate for us to use CO2 fire suppression?

Options are :

  • In unmanned areas. (Correct)
  • In our data center.
  • In all of our offices.
  • In the bathrooms.

Answer : In unmanned areas.

Explanation CO2: Should only be used in unmanned areas. It is colorless and odorless and causes people in it to pass out and then die. Staff working in an area of their organization where CO2 is used should be properly trained in CO2 safety.

If you are faced with a fire and you need to use a fire extinguisher, which method should you use?

Options are :

  • RACE.
  • PACE.
  • PASS. (Correct)
  • GASS.

Answer : PASS.

Explanation Use the PASS method to extinguish a fire with a portable fire extinguisher: Pull the pin in the handle. Aim at the base of the fire. Squeeze the lever slowly. Sweep from side to side.

Which type of fire extinguisher would you use on a metal fire?

Options are :

  • Wet chemical.
  • Dry powder. (Correct)
  • Soda-Acid.
  • Class A.

Answer : Dry powder.

Explanation Dry Powder Extinguishers (sodium chloride, graphite, ternary eutectic chloride). Lowers the temperature and removes oxygen in the area. Primarily used for metal fires (sodium, magnesium, graphite).

If we are using the Bell-LaPadula "simple security property", what can't we do?

Options are :

  • Read down.
  • Read up. (Correct)
  • Write down.
  • Write up.

Answer : Read up.

Explanation Bell-LaPadula: (Confidentiality) (Mandatory Access Control): Simple Security Property “No Read UP?. Subjects with Secret clearance can’t read Top Secret data.

At an all-hands IT meeting in our organization, one of the directors is talking about the intranet. What is he referring to?

Options are :

  • Connected private intranets often between business partners or parent/child companies.
  • An organization's privately owned and operated internal network. (Correct)
  • The global collection of peered WAN networks, often between ISPs or long haul providers.
  • The local area network we have in our home.

Answer : An organization's privately owned and operated internal network.

Explanation An Intranet is an organization's privately owned network, most larger organizations have them.

Our networking department is recommending we use a half-duplex solution for an implementation. What is a KEY FEATURE of those?

Options are :

  • One way communication, one system transmits the other receives, direction can't be reversed.
  • Both systems can send and receive at the same time.
  • Only one system on the network can send one signal at a time.
  • One way communication, one system transmits the other receives, direction can be reversed. (Correct)

Answer : One way communication, one system transmits the other receives, direction can be reversed.

Explanation Half-duplex communication sends or receives at one time only (Only one system can transmit at a time).

We have implemented a solution where networking traffic can use DIFFERENT paths. What did we implement?

Options are :

  • Packet switching. (Correct)
  • Circuit switching.
  • Weighted routing tables.
  • Full traffic switching.

Answer : Packet switching.

Explanation Packet switching - Cheap, but no capacity guarantee, very widely used today. Data is sent in packets, but take multiple different paths to the destination. The packets are reassembled at the destination.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions