A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

While the Hawaii Emergency Management Agency says a false missile alert was not a hack, a password in a photo has drawn criticism of its security practices.

Source: www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1

Continue Reading

CISSP Practice question #108

During a security incident you heard something this constitutes what type of evidence?
A: Real evidence.
B: Direct evidence.
C: Secondary evidence.
D: Circumstantial evidence.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: Direct Evidence: Testimony from a first hand witness, what they experienced with their 5 senses.

show less

Continue Reading

CISSP Practice question #107

Which of these should not be part of a data retention policy?
A: Which data do we keep?
B: How long do we keep the data?
C: Where do we keep the backup data?
D: How to safely destroy the data after the retention has expired?

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.

show less

Continue Reading

CISSP Practice question #105

What would staff sign to show they understand and agree with their responsibilities during a disaster?
A: MOA
B: MTT.
C: MRA.
D: MIT.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: MOU/MOA (Memorandum of Understanding/Agreement): Staff signs a legal document acknowledging they are responsible for a certain activity. If the test asks “A critical staff member didn’t show, and they were supposed to be there. What could have fixed that problem?” it would be the MOU/MOA. While slightly different they are used interchangeably on the test.

show less

Continue Reading

CISSP Practice question #104

Which type of networking circuits can the traffic use different paths?
A: Packet switching.
B: Circuit switching.
C: Weighted routing tables.
D: Full traffic switching.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: Packet switching – Cheap, but no capacity guarantee, very widely used today. Data is sent in packets, but take multiple different paths to the destination. The packets are reassembled at the destination.

show less

Continue Reading

CISSP Practice question #103

We have hired a penetration testing company to find security flaws, they are at the enumeration phase. What are they doing?
A: Reconnaissance.
B: Scanning.
C: Vulnerability assessment.
D: Exploitation.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


“B: Pen testing would normally have these phases, enumeration is the same as scanning. Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting.

show less

Continue Reading

CISSP Practice question #101

In identity and access provisioning identities correspond to?
A: Entities.
B: Rights.
C: Attributes.
D: Objects.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: We can have multiple identities per entity and each identity can have multiple attributes. I can be staff, alumni and enrolled student at a college. As staff I could have access to different areas and data than I would as alumni and student.

show less

Continue Reading
1 2 3 26