CISSP Practice question #102

An infrared motion detector uses what to detect movement?
A: Heat.
B: Pulses.
C: Light.
D: Sound.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


A: Infrared sensors detect changes in heat signatures.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #101

In identity and access provisioning identities correspond to?
A: Entities.
B: Rights.
C: Attributes.
D: Objects.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: We can have multiple identities per entity and each identity can have multiple attributes. I can be staff, alumni and enrolled student at a college. As staff I could have access to different areas and data than I would as alumni and student.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #100

In a pen test, in which phase would the tester try to get onto our network?
A: Gaining access.
B: Discovery.
C: System browsing.
D: Escalate privileges.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Gaining Access: Access the network.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #99

We have had a major security breach, one of our honeypots was used for a downstream attack on a rival business, the competitor has lost over $200,000 in revenue. Who is ultimately liable.
A: The IT security team.
B: Middle management.
C: Whomever deployed the honeypot.
D: Senior management.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: C-Level executives (senior leadership) are ultimately liable, this does not mean anyone else is not liable, if other people involved did not perform due care and due diligence they may be liable as well, but the questions was ultimately liable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #98

In the TCP/IP model data is the PDUs of which layer?
A: Link and physical.
B: Internetworks.
C: Transport.
D: Application.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


D: Data are the PDUs of the Application layer of the TCP/IP model. (OSI layer 5-7).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #97

What is the primary reason we use a specific server for storing logs with limited admin access?
A: To have logs available for analysis.
B: To ensure the logs integrity.
C: For the SEIM to be able to access them.
D: For redundancy.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


B: We want to ensure our central log repository is not tempered with by staff or attackers. While it also can provide redundancy it is not the main reason. The SEIM can access logs where ever they may be.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #96

Who and what do you not promise to protect in the ISC2 code of ethics?
A: Society.
B: Your organization.
C: Infrastructure.
D: The common good.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: While your organization is important, it is not part of the ISC2 code of ethics. The common good, infrastructure and society is.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #95

Jane has been tasked with implementing multifactor authentication at our organization. The request from senior management is to make it secure, but also to protect employees privacy and not inadvertently record something that could reveal private employee health information. What are some good reasons to not use biometric authentication in Janes implementation?
A: It can reveal private employee information.
B: It is wrong more often than not.
C: Biometrics often change.
D: Biometrics are easily copied.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: Something you are – Type 3 Authentication (Biometrics): Can inadvertently breach our employees privacy: Some fingerprint patterns are related to chromosomal diseases. Iris patterns could reveal genetic sex, retina scans can show if a person is pregnant or diabetic. Hand vein patterns could reveal vascular diseases. Most behavioral biometrics could reveal neurological diseases, etc.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #94

What does digital signatures provide?
A: Confidentiality.
B: Availability.
C: Non-repudiation.
D: Authentication.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


C: Digital Signatures: Provides Integrity and Non-Repudiation.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #93

What are we dealing with when we do data disposal?
A: Data remanence.
B: How long we keep the data.
C: The data content.
D: The data in use.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


A: When we dispose of our data media we are making sure there is no data remanence on our hard disks, tapes, etc.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading