<Easy/Mid question>

We want our employees to be able to access our internal network over the internet from an external connection. For this implementation we also want to make sure attackers are not able to gain access pretending to be authorized users. Which of these technologies would make it the MOST secure?

SSO (Single Sign-On).

IDS (Intrusion Detection System).

Challenge response.

2FA (2 Factor Authentication).

<Hard question>

As configuration manager for an application, Francis checks the daily message digests of the files stored on ten production servers, and finds one server has different message digests for three configuration files. What is the BEST action Francis should do?

Re-perform the hash to see if the message digest changes

Call the SOC to ask if they want him to replace the files with copies from another server

Review the change tickets applied to that server that would account for the change; if the change is not authorized then alert SOC

Replace the three configuration files with copies from one of the other servers

Looking at the governance of our organization, we can use policies, standards, procedures, or other frameworks. Which of these characteristics would BEST describe our policies?

Recommendations.

Non-specific, but can contain patches, updates, strong encryption.

Low level step-by-step guides.

Specific, all laptops are W10, 64 bit, 8GB memory, etc.

<Hard question>

Our organization is spread across many smaller offices across the country. Which of these would present the LARGEST security risk?

Software development is outsourced.

System operations procedures are not being followed.

System capacity management processes are not being followed.

Change management processes are not being followed.

<Hard question>

Natalie is performing a risk assessment. She has been given the list of assets and owners of each asset. Harry is developing the list of Exposure Factors for each identified threat that is realized. What does Natalie need to ask the asset owners, in order to derive the Single Loss Expectancy?

The replacement cost of each asset, that is how much it would cost to replace

The value of the asset in monetary units

The business value of each asset, that is how much it contributes to the revenues or saves in business costs

The asset values using relative values on an ordinal scale

<Easy/Mid question>

Which of these, if used right, is the MOST secure form of “something you have” authentication?

Magnetic card.

Single-use password.

Smart card.

Passport.

<Hard question>

Which of these is the MOST important ability we should look for when we are interviewing candidates for a new CISO (Chief Information Security Officer) for our organization?

The ability to lead a diverse group of employees efficiently and effectively.

Knowledge about the latest IT technology platforms, trends, and development methodologies.

A clear understanding of the regulatory and legal requirement that are relevant to our industry and our organization.

A clear understanding of how to map Information Security technology to the needs of the organization.

<Easy/Mid question>

We are in a court where the evidence must be “the majority of the proof.” Which type of law does that relate to?

Administrative law.

Criminal law.

Private regulations.

Civil law.

<Hard question>

We are a financial institution and changes are being made to some of the security aspects of the PCI-DSS standard. What should our Information Security manager do FIRST?

Meet with the financial and legal leadership teams and decide how to comply.

Assess if our existing controls fulfill the new requirements.

Update our current security and privacy policies.

Analyze the key risks in the compliance.

10.

<Easy/Mid question>

Which type of access control model is based on a subject’s clearance?

DAC.

MAC.

RBAC.

RUBAC.

Try some sample practice questions from our CISSP course

<Easy/Mid question>

We want our employees to be able to access our internal network over the internet from an external connection. For this implementation we also want to make sure attackers are not able to gain access pretending to be authorized users. Which of these technologies would make it the MOST secure?

<Hard question>

Looking at the governance of our organization, we can use policies, standards, procedures, or other frameworks. Which of these characteristics would BEST describe our policies?

<Hard question>

<Hard question>

<Easy/Mid question>

Which of these, if used right, is the MOST secure form of “something you have” authentication?

<Hard question>

<Easy/Mid question>

We are in a court where the evidence must be “the majority of the proof.” Which type of law does that relate to?

<Hard question>

<Easy/Mid question>

Which type of access control model is based on a subject’s clearance?

Get our courses!

Subscribe to my newsletter and certification news.