CISSP Practice question #75

In our BCP plan which team is the failback team?
A: Rescue.
B: Recovery.
C: Salvage.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

show less

Continue Reading

CISSP Practice question #73

We are performing digital forensics on one of our hard drives, which of these could be part of what use?
A: RAID.
B: A Tableau blocker.
C: Access lists.
D: BCP.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: Digital forensics: The evidence we collect must be accurate, complete, authentic, convincing, admissible. To ensure the disk is not written to and inadmissible we can use a write blocker for instance a Tableau blocker. Everything is documented, chain of custody: Who had it when? What was done? When did they do it? Pull the original, put it in write protected machine, we make a hash. We only do examinations and analysis on bit level copies, we confirm they have the same hash as the original before and after examination.

show less

Continue Reading

CISSP Practice question #71

When using username and password online, what else can we use for multifactor authentication?
A: PINs.
B: Passphrases.
C: Challenge response.
D: Cookies.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: The cookie is a possession factor, we still have multifactor authentication with the username, password and cookie. Username and password are knowledge factors just like PINs, passphrases and challenge response.

show less

Continue Reading

CISSP Practice question #70

What is the best way of storing passwords?
A: Plain text.
B: Encrypted asymmetric.
C: Hashed with salt.
D: Encrypted symmetric.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: Hashing with salting is the best way of password storage, confirmation can be near instant and the password can’t be reverse engineered.

show less

Continue Reading

CISSP Practice question #69

On which TCP/IP layer do we find IP Addresses?
A: Link and physical.
B: Internetworks.
C: Transport.
D: Application.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


B: Internet/Internetwork layer is responsible of sending packets across potentially multiple networks. Requires sending data from the source network to the destination network (routing). The Internet Protocol performs two basic functions: Host addressing and identification: This is done with a hierarchical IP addresses. Packet routing: Sending the packets of data (datagrams) from the source to the destination by forwarding them to the next network router closer to the final destination.

show less

Continue Reading

CISSP Practice question #68

What in our environment should be patched regularly?
A: Our servers.
B: Our SANs.
C: Our network equipment.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: We should patch all our hardware on a regular schedule, if we do not we can have many vulnerabilities on our network. We want defense in depth.

show less

Continue Reading

CISSP Practice question #67

When we want users to test our software but want key features disabled we release:
A: Cripple ware.
B: Shareware.
C: Freeware.
D: Bloatware.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Cripple ware: Partially functioning proprietary software, often with key features disabled. The user is required to make a payment to unlock the full functionality.

show less

Continue Reading
1 2 3 23