CISSP Practice question #108

During a security incident you heard something this constitutes what type of evidence?
A: Real evidence.
B: Direct evidence.
C: Secondary evidence.
D: Circumstantial evidence.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: Direct Evidence: Testimony from a first hand witness, what they experienced with their 5 senses.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #107

Which of these should not be part of a data retention policy?
A: Which data do we keep?
B: How long do we keep the data?
C: Where do we keep the backup data?
D: How to safely destroy the data after the retention has expired?

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #106

Swiping a card is using which technology?
A: Magnetic stripe.
B: Contactless cards.
C: Contact cards.
D: HOTP tokens.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: Magnetic Stripe Cards: Swiped through a reader, no circuit. Very easy to duplicate.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #105

What would staff sign to show they understand and agree with their responsibilities during a disaster?
A: MOA
B: MTT.
C: MRA.
D: MIT.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: MOU/MOA (Memorandum of Understanding/Agreement): Staff signs a legal document acknowledging they are responsible for a certain activity. If the test asks “A critical staff member didn’t show, and they were supposed to be there. What could have fixed that problem?” it would be the MOU/MOA. While slightly different they are used interchangeably on the test.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #104

Which type of networking circuits can the traffic use different paths?
A: Packet switching.
B: Circuit switching.
C: Weighted routing tables.
D: Full traffic switching.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: Packet switching – Cheap, but no capacity guarantee, very widely used today. Data is sent in packets, but take multiple different paths to the destination. The packets are reassembled at the destination.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #103

We have hired a penetration testing company to find security flaws, they are at the enumeration phase. What are they doing?
A: Reconnaissance.
B: Scanning.
C: Vulnerability assessment.
D: Exploitation.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


“B: Pen testing would normally have these phases, enumeration is the same as scanning. Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #102

An infrared motion detector uses what to detect movement?
A: Heat.
B: Pulses.
C: Light.
D: Sound.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


A: Infrared sensors detect changes in heat signatures.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #101

In identity and access provisioning identities correspond to?
A: Entities.
B: Rights.
C: Attributes.
D: Objects.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: We can have multiple identities per entity and each identity can have multiple attributes. I can be staff, alumni and enrolled student at a college. As staff I could have access to different areas and data than I would as alumni and student.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #100

In a pen test, in which phase would the tester try to get onto our network?
A: Gaining access.
B: Discovery.
C: System browsing.
D: Escalate privileges.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Gaining Access: Access the network.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #99

We have had a major security breach, one of our honeypots was used for a downstream attack on a rival business, the competitor has lost over $200,000 in revenue. Who is ultimately liable.
A: The IT security team.
B: Middle management.
C: Whomever deployed the honeypot.
D: Senior management.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: C-Level executives (senior leadership) are ultimately liable, this does not mean anyone else is not liable, if other people involved did not perform due care and due diligence they may be liable as well, but the questions was ultimately liable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading
1 2 3 13