CISSP Practice question #47

An artificial neural network tries to emulate a brain, which of these is not true about ANNs?
A: They can analyze images where they know a fact about, this could be “gecko” or “no gecko”, the more images they process the better they become at recognizing the fact.
B: They are mostly used in areas that are difficult to express in a traditional computer algorithm using rule based programming.
C: They are organized in layers, different layers perform different transformations on their input.
D: They use rule based programming and a lot of IF/THEN statements.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: ANNs do not use IF/THEN statements.

show less

Continue Reading

CISSP Practice question #46

Why would we not want to shut a compromised system down?
A: There could still be data on the hard disks, it will be lost if we shut the server down.
B: There could still be data in the non-volatile memory, it will be lost if we shut the server down.
C: There could still be data in the volatile memory, it will be lost if we shut the server down.
D: There could still be permitted users on the system.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: The digital (computer) forensics process: We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs. This can be through malware that is only in volatile memory, if power is shut off (to preserve the crime scene), the malware is gone and the evidence is lost.

show less

Continue Reading

CISSP Practice question #45

We have found some older systems on our network using PAP, why would we want to migrate away from using that?
A: Credentials are sent in plaintext over the network.
B: It uses SSL.
C: It uses PPP.
D: The client and server need to know a plaintext shared secret. It is stored in plaintext on the server, but never sent over the network.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: PAP (Password Authentication Protocol): One of the oldest authentication protocols, no longer secure. Credentials are sent over the network in plain text. Authentication is initialized by client/user by sending packet with credentials (username and password) at the beginning of the connection.

show less

Continue Reading

IT Security from Deutsche Welle: “Cybersecurity: Why it’s ‘hard to protect yourself’ online”

Cybersecurity: Why it’s ‘hard to protect yourself’ online | World | DW | 02.11.2017

Governments have fallen victim to a string of high-profile cyberattacks in recent years. German IT expert Sandro Gaycken tells DW about cybersecurity’s shortcomings and why he thinks Kaspersky did not work with Russia.

DW: At the end of October, a new virus called “BadRabbit” attacked computer systems in Russia, Ukraine, Germany and other countries. Among the victims were media organizations, ministries and various businesses. The last few months have seen similar attacks by viruses like “WannaCry” and “Petya.” Can we defend ourselves against these infiltrations?

Sandro Gaycken: No, not really. There are of course a number of IT-security technologies, but they’re all still in pretty early stages and only work to a limited degree. That’s why it’s hard to protect yourself, especially when the attacker is somewhat clever.

Is that our new reality?

Yes, right now it is. But a lot of money is currently being invested in the cybersecurity market, so better products are on the way. But it’ll take at least five to eight years [to get them ready].

What is your advice? How could we at least limit the damage?

Don’t connect your devices to the internet.

Source: www.dw.com/en/cybersecurity-why-its-hard-to-protect-yourself-online/a-41215364

Continue Reading

CISSP Practice question #44

What could an attacker who is vishing do?
A: Calling our dispatch trying to get information through social engineering.
B: Use a modem to call different numbers, looking for an answer with a modem carrier tone.
C: Driving around trying to gain access to unsecured or weak security wireless access points.
D: Disrupt our wireless access points by transmitting noise on the wireless channels we use.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Vishing is phishing over the phone, it is a common and effective form of social engineering.

show less

Continue Reading