I just released my new course “CISSP Certification: CISSP Domain 5 & 6 Video Boot Camp 2018”

I just released my new course “CISSP Certification: CISSP Domain 5 & 6 Video Boot Camp 2018”

You can buy it here for $9.99:
https://www.udemy.com/cissp-domain-5-6/?couponCode=NINENINENINE

You can also buy the video course for CISSP domain 1-2 here for $9.99:
https://www.udemy.com/cissp-domain-1-2/?couponCode=NINENINENINE

You can also buy the video course for CISSP domain 3-4 here for $9.99:
https://www.udemy.com/cissp-domain-3-4/?couponCode=NINENINENINE

This is my current release schedule for the rest of the CISSP video series:
“CISSP Certification: CISSP Domain 7 & 8 Video Boot Camp 2018” 6/13-2018.

As soon as it is released you can use the NINENINENINE coupon code to get it for $9.99, the same goes for all my practice tests:

 
Set 1 (Exam emulation sets with 2x 125 questions):
 
CISSP certification practice questions #1:
 
CISSP certification practice questions #2:
 
CISSP certification practice questions #3:
 
CISSP certification practice questions #4:
 
Set 2 (Domain based, 2 domains per test):
 
CISSP certification practice questions Domain 1 & 2:
 
CISSP certification practice questions Domain 3 & 4:
 
CISSP certification practice questions Domain 5 & 6:
 
CISSP certification practice questions Domain 7 & 8:
 
I hope I can help get you certified,
 
Thor
Continue Reading

CISSP Practice question #234

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?
A: IaaS.
B: SaaS
C: PaaS
D: IDaaS

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: In public cloud PaaS – (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

show less

Continue Reading

CISSP Practice question #233

In quantitative risk analysis what does the ALE tell us?
A: The value of the asset.
B: How often that asset type is compromised per year.
C: What it will cost us per year if we do nothing.
D: How much of the asset is lost per incident.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

show less

Continue Reading

CISSP Practice question #232

In our risk analysis we are looking at the risk. What would that comprise of?
A: Threat + vulnerability.
B: Threat * vulnerability.
C: Threat * vulnerability * asset value.
D: (threat * vulnerability * asset value) – countermeasures.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Risk = Threat x Vulnerability.

show less

Continue Reading

CISSP Practice question #231

As part of our ongoing Disaster Recovery Planning Bob is working on categorizing incidents. Which category would misconfigurations fall under?
A: Natural.
B: Environmental.
C: Human.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Human: Done intentionally or unintentionally by humans, these are by far the most common.

show less

Continue Reading

CISSP Practice question #230

Which type of IPv4 address is the range 172.31.0.0/24?
A: Loopback.
B: Link-local.
C: Private.
D: Public.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: 172.16.0.0 – 172.31.255.255 are private IP’s, we can use them on our internal network, they are not routable on the internet.

show less

Continue Reading

CISSP Practice question #229

Which type of authentication can also be used for identification?
A: Fingerprint.
B: Password.
C: Passport.
D: PIN.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.

show less

Continue Reading

CISSP Practice question #228

Why would we choose to delete a user account after the employee leaves the organization?
A: Regulations.
B: User’s privacy protection.
C: Accountability traceability for events discovered later.
D: Retention policy.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.

show less

Continue Reading

CISSP Practice question #227

On our workstations we are implementing new security measures. As part of that we will start blocking TCP port 20. Which protocol are we blocking?
A: FTP data transfer.
B: FTP control.
C: SSH.
D: Telnet.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer – the actual data is sent here.

show less

Continue Reading

CISSP Practice question #225

If we plan to use what we find in our digital forensics in a court of law, what should the evidence not be?
A: Accurate.
B: Authentic.
C: Admissible.
D: Compromised.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: The evidence we collect must be accurate, complete, authentic, convincing, admissible.

show less

Continue Reading
1 2 3 40