CISSP Practice question #254

In our Redundant Array of Independent Disks (RAID) configuration we are using striping with redundancy. At least how many disks would we need?
A: 1
B: 2
C: 3
D: 4

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in it self does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

show less

Continue Reading

CISSP Practice question #253

If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?
A: Loopback.
B: Link-local.
C: Private.
D: Public.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.

show less

Continue Reading

CISSP Practice question #252

An IPv4 address consists of how many bits?
A: 4 bit.
B: 8 bit.
C: 128 bit.
D: 32 bit

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32bit integer binary.

show less

Continue Reading

CISSP Practice question #251

What could be a security concern we would need to address in a procurement situation?
A: Who gets the IT Infrastructure?
B: How do we ensure their security standards are high enough?
C: Security is part of the SLA.
D: All of these.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Procurement: When we buy products or services from a 3rd party, security part of the SLA.

show less

Continue Reading

CISSP Practice question #250

In software testing we are doing synthetic transaction. What does that mean?
A: Test the code while executing it.
B: Passively test the code, but not run it.
C: Submit random malformed input to crash the software or elevate privileges.
D: Build scripts and tools that would simulate normal user activity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.

show less

Continue Reading

CISSP Practice question #249

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?
A: Administrative.
B: Technical.
C: Physical.
D: Detective.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

show less

Continue Reading

CISSP Practice question #248

In a risk analysis we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?
A: ALE.
B: ARO.
C: TCO.
D: SLE.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)

show less

Continue Reading

CISSP Practice question #247

Our networking department is recommending we use a baseband solution for an implementation. Which of these is a key feature of those?
A: One way communication, one system transmits the other receives, direction can’t be reversed.
B: Both systems can send and receive at the same time.
C: Only one system on the network can send one signal at a time.
D: One way communication, one system transmits the other receives, direction can be reversed.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT” STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.

show less

Continue Reading

CISSP Practice question #246

If we are using a qualitative risk analysis approach. Which of these would we use?
A: Risk analysis matrix.
B: Cost per incident.
C: Exposure factor.
D: Asset value.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.

show less

Continue Reading

CISSP Practice question #245

Which type of authentication will asks the user for something they have?
A: Type 1.
B: Type 2.
C: Type 3.
D: Type 4.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Something you have – Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

show less

Continue Reading