CISSP - Mock Questions with all domains

Which project management methodology is better geared towards yearlong project, with very clearly defined software requirements that should NOT change?

Options are :

  • Waterfall. (Correct)
  • Agile.
  • XP.
  • Rapid prototyping.

Answer : Waterfall.

Explanation Waterfall methodology is well suited for long, very clearly defined projects.

Looking at our relational databases and the errors they can have, if we talk about semantic integrity, to what are we referring?

Options are :

  • When every foreign key in a secondary table matches the primary key in the parent table.
  • Each attribute value is consistent with the attribute data type. (Correct)
  • Each tuple has a unique primary value that is not null.
  • When the database has errors.

Answer : Each attribute value is consistent with the attribute data type.

Explanation Semantic integrity: Each attribute value is consistent with the attribute data type.

We are implementing database shadowing. How does it help us ensure we can recover from a data loss on our primary systems?

Options are :

  • It sends transaction logs to a remote location, but not the files themselves. We can rebuild the transactions from the logs.
  • It uses a remote backups service that sends backup files electronically offsite at a certain interval or when the files change.
  • It makes an exact real time copy at another location, this can be another local disk or preferred remote to another type of media. (Correct)
  • It takes a full backup of our database once a week to tape.

Answer : It makes an exact real time copy at another location, this can be another local disk or preferred remote to another type of media.

Explanation Database shadowing: Exact real time copy of the database or files to another location. It can be another disk in the same server, but best practices dictates another geographical location, often on a different media.

We are finishing our software development and we are doing the software acceptance testing. What is the purpose of user acceptance testing?

Options are :

  • To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
  • To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
  • To ensure the software perform as expected in our live environment vs. our development environment.
  • To ensure the software is functional for and tested by the end user and the application manager. (Correct)

Answer : To ensure the software is functional for and tested by the end user and the application manager.

Explanation The User Acceptance test: Is the software functional for the users who will be using it, it is tested by the users and application managers.

Having a single, well-controlled, defined data integrity system increases all of these EXCEPT which?

Options are :

  • Performance.
  • Maintainability.
  • Stability.
  • Redundant data. (Correct)

Answer : Redundant data.

Explanation Having a single, well controlled, and well defined data-integrity system increases: Stability: One centralized system performs all data integrity operations. Performance: All data integrity operations are performed in the same tier as the consistency model. Re-usability: All applications benefit from a single centralized data integrity system. Maintainability: One centralized system for all data integrity administration.

Where would we define the attributes and values of the database tables?

Options are :

  • Database views.
  • Data dictionary.
  • Database schema. (Correct)
  • Database query language.

Answer : Database schema.

Explanation Database schema: Describes the attributes and values of the database tables. Names should only contain letters, in the US SSNs should only contain 8 numbers, …

Which type of query languages would use SELECT, DELETE, INSERT, and DROP?

Options are :

  • DDL.
  • DML. (Correct)
  • DRP.
  • DDR.

Answer : DML.

Explanation Data Manipulation Language (DML). Used for selecting, inserting, deleting and updating data in a database. Common DDL statements are SELECT, DELETE, INSERT, UPDATE.

We are implementing remote journaling. How does it help us ensure we can recover from a data loss on our primary systems?

Options are :

  • It sends transaction logs to a remote location, but not the files themselves. We can rebuild the transactions from the logs. (Correct)
  • It uses a remote backups service that sends backups files electronically offsite at a certain interval or when the files change.
  • It makes an exact real time copy at another location, this can be another local disk or preferred remote to another type of media.
  • It takes a full backup of our database once a week to tape.

Answer : It sends transaction logs to a remote location, but not the files themselves. We can rebuild the transactions from the logs.

Explanation Remote journaling: Sends transaction log files to a remote location, not the files themselves. The transactions can be rebuilt from the logs if we lose the original files.

At a financial steering committee meeting, you are asked about the difference between private and public IP addresses. Which of these IPs are public addresses? (Select all that apply).

Options are :

  • 10.2.4.255
  • 172.15.11.45 (Correct)
  • 172.32.1.0 (Correct)
  • 192.168.44.12
  • 154.12.5.1 (Correct)

Answer : 172.15.11.45 172.32.1.0 154.12.5.1

Explanation The easiest way to remember if an IP is private or public is to remember the 3 private ranges. Private Addresses (RFC 1918 – Not routable on the internet): 10.0.0.0 - 10.255.255.255 (10.0.0.0/8), 172.16.0.0 - 172.31.255.255 (172.16.0.0/12) and 192.168.0.0 - 192.168.255.255 (192.168.0.0/16)

We are, as part of our server hardening, blocking unused ports on our servers. One of the ports we are blocking is TCP port 23. What are we blocking?

Options are :

  • FTP data transfer.
  • FTP control.
  • SSH.
  • Telnet. (Correct)

Answer : Telnet.

Explanation Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

We are blocking unused ports on our servers as part of our server hardening. If we block TCP port 110, what would we be blocking?

Options are :

  • SMTP.
  • HTTP.
  • HTTPS.
  • POP3. (Correct)

Answer : POP3.

Explanation Post Office Protocol, version 3 (POP3) uses TCP port 110.

Brute force can, in theory, break any password, even one-time pads. Is that a problem we should consider if we use proper security measures around our one-time pads?

Options are :

  • Yes. If broken, the one-time pad is useless.
  • Yes, The attacker would have the key.
  • No. There would be too many false positives for it to matter. (Correct)
  • Brute force can't break one-time pads.

Answer : No. There would be too many false positives for it to matter.

Explanation Brute Force attacks uses the entire keyspace (every possible key). With enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad; it would eventually decrypt it, but it would also generate so many false positives the data would be useless.

When we look at using type 3 authentication, we would talk about all these terms EXCEPT which?

Options are :

  • FAR.
  • CER.
  • FRR.
  • CRR. (Correct)

Answer : CRR.

Explanation Something you are - Type 3 Authentication (Biometrics), uses Errors for Biometric Authentication: FRR (False rejection rate), FAR (False accept rate) and CER (Crossover Error Rate).

In part of our backup and disposal policy, you would find all these regarding backup tapes, EXCEPT which?

Options are :

  • Hardware encrypted.
  • Software encrypted.
  • Thrown in the trash when the retention period is over. (Correct)
  • Kept in a secure geographical distance climate controlled facility.

Answer : Thrown in the trash when the retention period is over.

Explanation Tapes should be properly disposed of, our data is still on the tape even if the retention has expired.

As part of our checks on our SQL databases, we want to ensure we have database integrity. Which of these are COMMON integrity we can have on relational databases? (Select all that apply).

Options are :

  • Referential integrity. (Correct)
  • Foreign integrity.
  • Semantic integrity. (Correct)
  • Entity integrity. (Correct)
  • Parent integrity.

Answer : Referential integrity. Semantic integrity. Entity integrity.

Explanation Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.Semantic integrity: Each attribute value is consistent with the attribute data type. Entity integrity: Each tuple (row) has a unique primary value that is not null.

When we create an application blacklist we are doing what?

Options are :

  • Make a list of allowed applications.
  • Making a list of prohibited applications. (Correct)
  • Making a list of all applications.
  • Making a list of all of our own developed applications.

Answer : Making a list of prohibited applications.

Explanation Application blacklisting: We make a list of all the application not permitted on our systems. There are 10,000’s of application and we can never keep up with them.

Using RAID 5 on one of our servers Jane is adding which type of disk pool?

Options are :

  • Mirroring.
  • Striping.
  • Striping with parity. (Correct)
  • Mirroring with parity.

Answer : Striping with parity.

Explanation RAID 5: Block level striping with distributed parity, requires at least 3 disks. Combined speed with redundancy.

We have hired a team of penetration testers to audit our network for vulnerabilities. During a test one of the testers discovers a real attack underway, what should the tester do?

Options are :

  • Nothing, he was hired to test, nothing else.
  • Stop the attacker, cut off access.
  • Notify the organization immediately. (Correct)
  • Shut the system down to prevent further damage.

Answer : Notify the organization immediately.

Explanation The tester should never act or fix anything on our network, if they notice an attack they need to let us know right away so we can act on it.

Which of these would be a layer 3 broadcast address?

Options are :

  • FF:FF:FF:FF:FF:FF
  • 255.255.255.255 (Correct)
  • 127.0.0.1
  • 0.0.0.0

Answer : 255.255.255.255

Explanation Layer 3 uses IP addresses, for broadcast it uses the 255.255.255.255 broadcast IP address, routers do not pass it, they drop it.

A blackout is when:

Options are :

  • We have a long loss of power. (Correct)
  • We have a short loss of power.
  • We have a long low voltage period.
  • We have a long high voltage period.

Answer : We have a long loss of power.

Explanation Power Fluctuation Terms: Blackout - Long loss of power.

Lattice based access control uses which access control principle?

Options are :

  • DAC.
  • RBAC.
  • RUBAC.
  • MAC (Correct)

Answer : MAC

Explanation Lattice Based Access Control (LBAC) is a form of mandatory access control. A subject can have multiple access rights. A Subject with “Top Secret? {crypto, chemical} would be able to access everything in this lattice. A Subject with “Secret? {crypto} would only have access to that level.

Which layer of the ring model houses the applications?

Options are :

  • -1
  • 0
  • 2
  • 3 (Correct)

Answer : 3

Explanation The Ring Model: 4 ring model that seperates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

When we have too much availability which other controls can suffer?

Options are :

  • Confidence.
  • Integrity.
  • Confidentiality and Integrity. (Correct)
  • Confidentiality.

Answer : Confidentiality and Integrity.

Explanation Too much Availability and both the Confidentiality and Integrity can suffer.

Which would not be a factor to protect our integrity?

Options are :

  • Missing database injection protection. (Correct)
  • Digital signatures.
  • Message digests.
  • Database injection protection through input validation.

Answer : Missing database injection protection.

Explanation If we do not protect against database injections our integrity can suffer.

Who should probably approve the deployment of honeypots and honey nets?

Options are :

  • Our legal team. (Correct)
  • Our HR and payroll team.
  • The engineer deploying it.
  • A judge.

Answer : Our legal team.

Explanation Get approval from senior management and your legal department before deploying honeypots or honey nets, legal would know the legal ramifications and senior management are ultimately liable. Both can pose legal and practical risks.

In our risk management, how would we define residual risk?

Options are :

  • How bad is it if we are compromised?
  • A potential harmful incident.
  • A weakness that can possibly be exploited.
  • The total risk after we have implemented our countermeasures. (Correct)

Answer : The total risk after we have implemented our countermeasures.

Explanation Residual Risk = Total Risk – Countermeasures.

Which of these would be a type of corrective access control?

Options are :

  • Encryption.
  • Backups.
  • Patches. (Correct)
  • Intrusion detection systems.

Answer : Patches.

Explanation Corrective: Controls that Correct an attack – Anti-virus, Patches, IPS.

We are training some of our new employees in our policies, procedures, and guidelines. Our guidelines are which of these?

Options are :

  • Non-specific, but can contain patches, updates, strong encryption.
  • Specific, all laptops are W10, 64bit, 8GB memory, etc.
  • Low level step-by-step guides.
  • Recommendations. (Correct)

Answer : Recommendations.

Explanation Guidelines – non-mandatory; recommendations; discretionary; suggestions on how you would to do it.

Jane is looking at the CIA triad and working on mitigating our availability vulnerabilities. Select all the threats against our availability:

Options are :

  • Distributed Denial of Service (DDoS) (Correct)
  • Hardware failure. (Correct)
  • Keyloggers.
  • Code injections.
  • Software coding errors. (Correct)

Answer : Distributed Denial of Service (DDoS) Hardware failure. Software coding errors.

Explanation Common attacks on our availability includes DDOS attacks, hardware failures, software failures. Keyloggers are normally attacks on our confidentiality and code injections are attacks on our integrity.

At a meeting with upper management, we are looking at different types of intellectual property materials. How is copyright protected?

Options are :

  • Protected for 70 years after the creators death or 95 years for corporations. (Correct)
  • You tell no one, if discovered you are not protected.
  • Protected for 20 years after filing.
  • Protected 10 years at a time, can be renewed indefinitely.

Answer : Protected for 70 years after the creators death or 95 years for corporations.

Explanation Copyright © - (Exceptions: first sale, fair use). Books, Art, Music, Software. Automatically granted and lasts 70 years after creator’s death or 95 years after creation by/for corporations.

We are in a court of law presenting our case from a security incidence. What constitutes collaborative or corroborative evidence?

Options are :

  • Testimony from a first hand witness.
  • Tangible objects.
  • Logs and system documents from the time of the attack.
  • Supporting facts and elements. (Correct)

Answer : Supporting facts and elements.

Explanation Collaborative Evidence: Supports facts or elements of the case, not a fact on its own, but support other facts.

Under which type of law can incarceration, financial penalty, and death penalty be the punishment?

Options are :

  • Civil law.
  • Criminal law. (Correct)
  • Administrative law.
  • Private regulations.

Answer : Criminal law.

Explanation Criminal Law: “Society? is the victim and proof must be “beyond a reasonable doubt." Incarceration, death, and financial fines to “Punish and Deter?.

You hear that senior management is looking at the ISO 27005 standard, and a colleague asks you, "What is that focused on?"

Options are :

  • ITSM.
  • Protecting PHI.
  • Risk management. (Correct)
  • HIPAA.

Answer : Risk management.

Explanation ISO 27005: Standards based approach to Risk Management.

Who would determine the risk appetite of our organization?

Options are :

  • Middle management.
  • The users.
  • Senior management. (Correct)
  • The IT leadership team.

Answer : Senior management.

Explanation Governance – This is C-level Executives they determine our risk appetite – Aggressive, neutral, adverse. Stakeholder needs, conditions and options are evaluated to define: Balanced agreed-upon enterprise objectives to be achieved. Setting direction through prioritization and decision making. Monitoring performance and compliance against agreed-upon direction and objectives.

Looking at the CIA triad, when we have TOO MUCH availability, which other controls can suffer?

Options are :

  • Confidence.
  • Integrity.
  • Confidentiality and Integrity. (Correct)
  • Confidentiality.

Answer : Confidentiality and Integrity.

Explanation Too much Availability and both the Confidentiality and Integrity can suffer.

Which would NOT be a factor to protect our integrity?

Options are :

  • Missing database injection protection. (Correct)
  • Digital signatures.
  • Message digests.
  • Database injection protection through input validation.

Answer : Missing database injection protection.

Explanation Database injections would most likely compromise out confidentiality, not integrity. We would use digital signatures, MDs, and input validation to ensure out integrity.

When an attacker is using code injections, it is MOSTLY targeting which leg of the CIA triad?

Options are :

  • Authentication.
  • Confidentiality.
  • Availability.
  • Integrity. (Correct)

Answer : Integrity.

Explanation Code injections: code injected into user forms; often seen is SQL/LDAP; often used to compromise the integrity of our data. Our countermeasures should include: only allowing users to input appropriate data into the fields - only letters in names, numbers in phone number, dropdowns for country and state (if applicable); we limit how many characters people can use per cell, etc.

Which of these could be something we would use to ensure data availability?

Options are :

  • Hashes.
  • Multifactor authentication.
  • Redundant hardware. (Correct)
  • None of these.

Answer : Redundant hardware.

Explanation To ensure system integrity and sata availability we can use patch management, redundancy on hardware power (multiple power supplies/UPSs/generators), disks (RAID), traffic paths (network design), HVAC, staff, HA (high availability) and much more.

During an attack, some of our data was deleted. Which leg of the CIA triad would be MOSTLY affected?

Options are :

  • Authentication.
  • Confidentiality.
  • Availability. (Correct)
  • Integrity.

Answer : Availability.

Explanation Destruction is the opposite of availability our data or systems have been destroyed or rendered inaccessible.

When authenticating against our access control systems, you present your fingerprint. Which type of authentication are you using?

Options are :

  • A possession factor.
  • A knowledge factor.
  • A biometric factor. (Correct)
  • A location factor.

Answer : A biometric factor.

Explanation Something you are - Type 3 Authentication (Biometrics): Fingerprint, iris scan, facial geometry etc., these are also called realistic authentication. The subject uses these to authenticate their identity, if they are that, they must be who they say they are. Something that is unique to you, this one comes with more issues than the two other common authentication factors.

You are explaining the IAAA model to one of the directors from payroll. Which of these is NOT is not one of the A's from the model?

Options are :

  • Authentication.
  • Access. (Correct)
  • Authorization.
  • Accountability.

Answer : Access.

Explanation IAAA is Identification and Authentication, Authorization and Accountability. Access is something you are given based on your authorization.

We are implementing governance standard and control frameworks focused on goals for the entire organization. Which of these would be something we would consider?

Options are :

  • COBIT.
  • ITIL.
  • COSO. (Correct)
  • FRAP

Answer : COSO.

Explanation COSO (Committee Of Sponsoring Organizations) focuses on goals for the entire organization.

We are in a court, where the proof must be "the Majority of Proof". Which type of court are we in?

Options are :

  • Criminal court.
  • Civil court. (Correct)
  • Administrative court.
  • Probation court.

Answer : Civil court.

Explanation Civil Law (Tort Law): Individuals, groups or organizations are the victims and proof must be ?the Majority of Proof." Financial fines to “Compensate the Victim(s)."

We have had a security incident. After our forensics is completed, we present the compromised hard drive in court. Which type of evidence does the actual hard drive represent?

Options are :

  • Real evidence. (Correct)
  • Direct evidence.
  • Secondary evidence.
  • Circumstantial evidence.

Answer : Real evidence.

Explanation Real Evidence: Tangible and Physical objects, in IT Security: Hard Disks, USB Drives – NOT the data on them.

Which of these would be something that could get the case dismissed, or at least make our evidence inadmissible in court?

Options are :

  • Entrapment. (Correct)
  • Complete chain of custody.
  • Taking a bit level copy of the compromised hard drive, hashing both drives, hashes are identical. Do forensics on the copy drive, hash after forensics is identical too.
  • Enticement.

Answer : Entrapment.

Explanation Entrapment (Illegal and unethical): When someone is persuaded to commit a crime they had no intention to commit and is then charged with it. Openly advertising sensitive data and then charging people when they access them. Entrapment is a solid legal defense.

We need to physically store sensitive data in a secure way. Which of these could be an option that can easily be hidden?

Options are :

  • Wall safe. (Correct)
  • Depository.
  • Vault.
  • Data center.

Answer : Wall safe.

Explanation A wall or floor safe are embedded into a wall or the floor and are often hidden. Think crime movie where they take our $100,000 from the safe behind the painting.

When assigning sensitivity to our data, which of these should NOT be a factor?

Options are :

  • Who will have access to the data.
  • What the data is worth.
  • How bad a data exposure would be.
  • How the data will be used. (Correct)

Answer : How the data will be used.

Explanation Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, how we use the data should not.

Which of these would be something we would consider for proper data disposal of SSD drives?

Options are :

  • Degaussing.
  • Formatting.
  • Deleting all files.
  • Shredding. (Correct)

Answer : Shredding.

Explanation SSD drives can't be degaussed and formatting or deleting the files only removes the file structure, most if not all files are recoverable. We would need to shred the SSD drives.

Which of these would be something we can implement to better protect our data in use? (Select all that apply).

Options are :

  • Clean desk policy. (Correct)
  • Encryption.
  • View angle privacy screen for monitors. (Correct)
  • Print policy. (Correct)
  • Workstation locking. (Correct)

Answer : Clean desk policy. View angle privacy screen for monitors. Print policy. Workstation locking.

Explanation Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean desk policy, print policy, allow no ‘shoulder surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.

Which of these would be something we should encrypt if we are dealing with sensitive data?

Options are :

  • Hard disks.
  • Backup tapes.
  • Data sent over the network.
  • All of these. (Correct)

Answer : All of these.

Explanation When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

We are looking at the data we send over our network. What we send determines our security posture. Which of these is NOT considered PII?

Options are :

  • Address.
  • Birthday.
  • Marital status.
  • IP address. (Correct)

Answer : IP address.

Explanation PII is any information about an individual that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Which of these would still have data remanence after the system has been removed from power completely for 10 minutes?

Options are :

  • Hard disks.
  • Read only memory.
  • All of these. (Correct)
  • Tapes.

Answer : All of these.

Explanation Hard disks, ROM and tapes are designed to keep data even when powered off.

We have had some tapes going missing from our inventory. We are unsure if they were stolen or just misplaced. Which of these should we ALWAYS use when dealing with sensitive tape backups?

Options are :

  • Proper handling.
  • Proper marking.
  • Proper destruction.
  • All of these. (Correct)

Answer : All of these.

Explanation For tape backups we want to make sure they are properly marked/labeled with content, retention, sensitivity, etc. We want to ensure only permitted individuals handle the data and at the end of its usefulness it is disposed of properly.

We have 12 old servers that have been decommissioned. Each server had 4 hard drives. Which of these would NOT be an acceptable way for us to deal with remanence?

Options are :

  • Disk shredding.
  • Degaussing.
  • Overwriting.
  • E-recycle as is. (Correct)

Answer : E-recycle as is.

Explanation It is acceptable to e-recycle hardware after it has been shredded, degaussed and/or overwritten, not before.

What is the LAST stage of the information lifecycle?

Options are :

  • Acquisition.
  • Disposal. (Correct)
  • Use.
  • Analytics.

Answer : Disposal.

Explanation We end the information lifecycle with proper data disposal.

One of the senior directors at your organization has asked what data mining is. Which of these would be the BEST answer to give him?

Options are :

  • Data remanence.
  • How long we keep the data.
  • The data content. (Correct)
  • The data's use.

Answer : The data content.

Explanation We do appropriate data mining on the data.

A wide range of identifiable items are protected under the US HIPAA rules. Which of these would be considered Personally Identifiable Health Information (PHI)?

Options are :

  • Medical record numbers.
  • Social security numbers.
  • Email addresses.
  • All of these. (Correct)

Answer : All of these.

Explanation Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

We are making our procedures on proper use and disposal of SSD drives. Which type of which drives are they?

Options are :

  • EEPROM and DRAM. (Correct)
  • EPROM and DRAM.
  • Spinning disk.
  • PROM.

Answer : EEPROM and DRAM.

Explanation A SSD is a combination of flash memory (EEPROM) and DRAM.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions