CISSP Practice question #236

What do we often uncover in our vulnerability scans?
A: Open ports that should not be.
B: Unauthorized users.
C: Attacks.
D: None of these.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: Vulnerability scanning/testing: A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. It is very important to understand the output from a vulnerability scan, they can be 100’s of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability). When we understand the true Risk, we can then plan our mitigation.

show less

Continue Reading

CISSP Practice question #235

In our access management we would never want to use group user accounts. Why is that?
A: No authentication.
B: No accountability.
C: No authorization.
D: No availability.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability.

show less

Continue Reading

I just released my new course “CISSP Certification: CISSP Domain 5 & 6 Video Boot Camp 2018”

I just released my new course “CISSP Certification: CISSP Domain 5 & 6 Video Boot Camp 2018”

You can buy it here for $9.99:
https://www.udemy.com/cissp-domain-5-6/?couponCode=NINENINENINE

You can also buy the video course for CISSP domain 1-2 here for $9.99:
https://www.udemy.com/cissp-domain-1-2/?couponCode=NINENINENINE

You can also buy the video course for CISSP domain 3-4 here for $9.99:
https://www.udemy.com/cissp-domain-3-4/?couponCode=NINENINENINE

This is my current release schedule for the rest of the CISSP video series:
“CISSP Certification: CISSP Domain 7 & 8 Video Boot Camp 2018” 6/13-2018.

As soon as it is released you can use the NINENINENINE coupon code to get it for $9.99, the same goes for all my practice tests:

 
Set 1 (Exam emulation sets with 2x 125 questions):
 
CISSP certification practice questions #1:
 
CISSP certification practice questions #2:
 
CISSP certification practice questions #3:
 
CISSP certification practice questions #4:
 
Set 2 (Domain based, 2 domains per test):
 
CISSP certification practice questions Domain 1 & 2:
 
CISSP certification practice questions Domain 3 & 4:
 
CISSP certification practice questions Domain 5 & 6:
 
CISSP certification practice questions Domain 7 & 8:
 
I hope I can help get you certified,
 
Thor
Continue Reading

CISSP Practice question #234

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?
A: IaaS.
B: SaaS
C: PaaS
D: IDaaS

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: In public cloud PaaS – (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

show less

Continue Reading

CISSP Practice question #233

In quantitative risk analysis what does the ALE tell us?
A: The value of the asset.
B: How often that asset type is compromised per year.
C: What it will cost us per year if we do nothing.
D: How much of the asset is lost per incident.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

show less

Continue Reading

CISSP Practice question #232

In our risk analysis we are looking at the risk. What would that comprise of?
A: Threat + vulnerability.
B: Threat * vulnerability.
C: Threat * vulnerability * asset value.
D: (threat * vulnerability * asset value) – countermeasures.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Risk = Threat x Vulnerability.

show less

Continue Reading

CISSP Practice question #231

As part of our ongoing Disaster Recovery Planning Bob is working on categorizing incidents. Which category would misconfigurations fall under?
A: Natural.
B: Environmental.
C: Human.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Human: Done intentionally or unintentionally by humans, these are by far the most common.

show less

Continue Reading

CISSP Practice question #230

Which type of IPv4 address is the range 172.31.0.0/24?
A: Loopback.
B: Link-local.
C: Private.
D: Public.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: 172.16.0.0 – 172.31.255.255 are private IP’s, we can use them on our internal network, they are not routable on the internet.

show less

Continue Reading

CISSP Practice question #229

Which type of authentication can also be used for identification?
A: Fingerprint.
B: Password.
C: Passport.
D: PIN.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.

show less

Continue Reading

CISSP Practice question #228

Why would we choose to delete a user account after the employee leaves the organization?
A: Regulations.
B: User’s privacy protection.
C: Accountability traceability for events discovered later.
D: Retention policy.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.

show less

Continue Reading
1 2 3 40