CISSP Practice question #23

Tape backups should never be:
A: Hardware encrypted.
B: Software encrypted.
C: Thrown in the trash when the retention period is over.
D: Kept in a secure geographical distance climate controlled facility.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


C: Tapes should be properly disposed of, our data is still on the tape even if the retention has expired.

show less

Continue Reading

IT Security from Reuters – U.S. warns public about attacks on energy, industrial firms

U.S. warns public about attacks on energy, industrial firms

The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.

Source: www.reuters.com/article/us-usa-cyber-energy/u-s-warns-public-about-attacks-on-energy-industrial-firms-idUSKBN1CQ0IN

Continue Reading

CISSP Practice question #22

In all pairs testing we test what?
A: Each pair of input parameters to a system.
B: All interfaces exposed by the application.
C: How much of the code was tested in relation to the entire application.
D: The amount of errors in the code.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: All-pairs testing (Pairwise testing): Each pair of input parameters to a system, typically, a software algorithm, tests all possible discrete combinations of those parameters. It uses carefully chosen test vectors, this can be done much faster than an exhaustive search of all combinations of all parameters, by parallelizing the tests of parameter pairs. The most common bugs in a program are generally triggered by either a single input parameter or an interaction between pairs of parameters.

show less

Continue Reading

CISSP Practice question #21

When is access to data based on IF/THEN statements?
A: DAC.
B: MAC.
C: RBAC.
D: RUBAC.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: RUBAC (Rule Based Access Control), it is mostly used on firewalls with IF/THEN statements, but can be used in conjunction with the other models to provide defense in depth.

show less

Continue Reading

CISSP Practice question #20

An attacker gets access to our hashed passwords we haven’t used salting or nonces on, why is this a problem?
A: The attacker can circumvent clipping levels.
B: It isn’t a problem, hashes are one-way functions and can’t be reversed.
C: Because the attacker now known our encryption keys.
D: The attacker can now reverse the hash to the real password by hashing the hash he stole.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: If an attacker can get access to the file of hashed passwords guessing can be done off-line, rapidly testing candidate passwords against the true password’s hash value. This will circumvent the clipping levels, stealing is always easier than decrypting it.

show less

Continue Reading

CISSP Practice question #19

In which phase of incident management do we write the procedures?
A: Preparation.
B: Detection.
C: Response.
D: Recovery.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Preparation: This are all the steps we take to prepare for incidences. We write the policies, procedures, we train our staff, we procure the detection soft/hardware, we give our incidence response team the tools they need to respond to an incident. The more we train our team, the better they will handle the response, the faster we recover, the better we preserve the crime scene (if there is one), the less impactful an incident will be.

show less

Continue Reading

CISSP Practice question #18

In Scrum what is the product owners role?
A: Representing the stakeholders/customers.
B: Developing the code/product at the end of each sprint.
C: Removing obstacles for the development team.
D: Being a traditional project manager.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: The product owner: Representing the product’s stakeholders, the voice of the customer, and is accountable for ensuring that the team delivers value to the business.

show less

Continue Reading

CISSP Practice question #17

We are implementing governance standard and control frameworks focused on stakeholder IT related goals. What should we implement?
A: COBIT.
B: ITIL.
C: COSO.
D: FRAP

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


A: COBIT (Control Objectives for Information and related Technology) focuses on goals for IT. Stakeholder needs are mapped down to IT related goals.

show less

Continue Reading

CISSP Practice exams and all udemy courses for $10 or $12.

To celebrate Diwali every single Udemy courses are discounted to $10 for students in India and $12 for everyone else for the next 4 days.

My 4 full CISSP practice exams below are four $10 for everyone using the coupon below.
If you follow the link you can buy anything else on udemy for $10/$12 until 10/20 at midnight PST.

CISSP study and training! | Study material recommendations image 1
CISSP certification: Full 250 question practice test #1 2017

https://goo.gl/5gciyA

CISSP study and training! | Study material recommendations image 2
CISSP certification: Full 250 question practice test #2 2017
https://goo.gl/RZxVYx

CISSP study and training! | Study material recommendations image 3
CISSP certification: Full 250 question practice test #3 2017
https://goo.gl/vgWL8p

CISSP study and training! | Study material recommendations image 4
CISSP certification: Full 250 question practice test #4 2017
https://goo.gl/F9RDx2

Other interesting courses @ $10/$12:

The Complete Cyber Security Course : Hackers Exposed! – 4.6 (5,564 ratings) – 11 hours.
https://goo.gl/u7EiF4

The Complete Ethical Hacking Course: Beginner to Advanced! 4.4 (14,282 ratings) – 24.5 hours.
https://goo.gl/DYc7me

CompTIA A+ Certification 901. The Total Course – 4.6 star rating with 4,936 ratings – 15.5 hours.
https://goo.gl/SqoCkh

CompTIA A+ Certification 902. The Total Course – 4.7 star rating with 1,298 ratings – 14 hours.
https://goo.gl/tsy4j9

CompTIA Network+ Cert.; N10-006. The Total Course – 4.7 star rating with 5,925 ratings – 15.5 hours.
https://goo.gl/GYAN9j

CompTIA Security+ Certification; SY0-401 – The Total Course 4.6 star rating with 1,425 ratings – 13.5 hours.
https://goo.gl/u94ZjB

 

Continue Reading

CISSP Practice question #16

What can possibly protect a backup tape that has been stolen from leading to the data on it being accessible?
A: Proper data handling.
B: Proper data storage.
C: Proper data retention.
D: Proper data encryption.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: Proper encryption can prevent data compromise even if the physical tape is lost. This obviously requires that the encryption is strong enough.

show less

Continue Reading
1 2 3 14