CISSP Practice question #51

A pen tester calling an employee and explains how they are the CEO’s executive assistant and they need to do what they are told is:
A: Authority.
B: Intimidation.
C: Scarcity.
D: Familiarity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Social engineering uses people skills to bypass security controls. Authority (someone you trust or are afraid of) – Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks.

show less

Continue Reading

CISSP Practice question #50

When Jane is designing the specifications she is including technology and countermeasures for hurricanes, what type of disasters is the focused on?
A: Natural.
B: Man made.
C: Environmental.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Natural: Hurricanes, floods, earthquakes, blizzards, anything that is caused by nature.

show less

Continue Reading

Why I think the CISSP CAT (Computerized Adaptive Testing) is a good thing!

I just published a new video on why (ISC)² switching the CISSP exam to CAT (Computerized Adaptive Testing) is a good thing.
This will test students on their knowledge (just like the current version), but not on their ability to handle the 6 hour brain melting previous exam.

You can watch the video on my free CISSP course here (lecture 8):
https://www.udemy.com/cissp-essentials/

Or you can watch it on my youtube channel here:

 

 

Continue Reading

CISSP Computerized Adaptive Testing

My notes: I think this can be a good thing, here are a few reasons why:

  • Maximum 3 hour exam, same questions and difficulty, but you won’t hit the 4 and 5 hour wall. <Definite win>
  • The same questions, same weight as before just less of them <win>
  • Minimum 100 questions, maximum 150 questions vs. 250 questions in the current version (still 25 beta questions). Less scenarios less brain-melt <Definite win>
  • No ability to review, a little conflicted on this, but probably a good thing not rethinking answers you already did <meh>
  • No changes to the curriculum: “As the CISSP exam content outline and passing standard for the linear and CAT versions of the examination are exactly the same, candidate preparation should not change based on the format of the examination.” Nothing to restudy, keep doing what you are doing <Definite win>

The (ISC)² announcement:
Effective Dec. 18, 2017: (ISC)² will introduce Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide. CISSP CAT enables you to prove your knowledge by answering fewer items and completing the exam in half the time.

Continue Reading

CISSP Practice question #47

An artificial neural network tries to emulate a brain, which of these is not true about ANNs?
A: They can analyze images where they know a fact about, this could be “gecko” or “no gecko”, the more images they process the better they become at recognizing the fact.
B: They are mostly used in areas that are difficult to express in a traditional computer algorithm using rule based programming.
C: They are organized in layers, different layers perform different transformations on their input.
D: They use rule based programming and a lot of IF/THEN statements.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: ANNs do not use IF/THEN statements.

show less

Continue Reading

CISSP Practice question #46

Why would we not want to shut a compromised system down?
A: There could still be data on the hard disks, it will be lost if we shut the server down.
B: There could still be data in the non-volatile memory, it will be lost if we shut the server down.
C: There could still be data in the volatile memory, it will be lost if we shut the server down.
D: There could still be permitted users on the system.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: The digital (computer) forensics process: We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs. This can be through malware that is only in volatile memory, if power is shut off (to preserve the crime scene), the malware is gone and the evidence is lost.

show less

Continue Reading
1 2 3 20