CISSP Practice question #12

Which of these would not have data remanence after the system has been powered off for 10 minutes.
A: Hard disks.
B: Read only memory.
C: Random access memory.
D: Tapes.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


C: RAM (Random access memory) would lose its data remanence after a few seconds to a few minutes after the loss of power.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #11

In open source programming we:
A: Release the software, but not the code.
B: Release the code and the software.
C: Release neither the software or code.
D: Release the code, but not the software.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #10

These can all be used in IPSec except which concept?
A: AH.
B: ESP.
C: SA.
D: DR.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #9

Which type of access control model would we use if integrity is most important?
A: DAC.
B: RBAC.
C: MAC.
D: RUBAC.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #8

Jane is tasked with looking at FIDM, which of these would she not consider.
A: Security tokens.
B: Microsoft Azure cloud.
C: RFID.
D: Windows identity foundation.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: RFID (Radio Frequency Identification) is used a variety of things including smart cards and not FIDM (Federated Identity Management).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Certification: Competition time – Win a CISSP practice test! October 8th 2017

Competition time!

Enter to win a free CISSP Practice exam.

Rules:

To enter you must do these 2 to be eligible (+3 entries)

  1. Join the CISSP study group at https://www.facebook.com/groups/ThorTeaches/
  2. Like and comment on the competition post in the Facebook group.

Optional:

  1. Share this post on Facebook (+5 entries).

The Winner will be drawn at random after the competition is over and announced in the Facebook group!
If you already own all 4 practice tests, we can do an amazon gift card instead, but only available to people with all 4 tests ($10 value).
The competition ends October 14th at 12:00 HST (noon).

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #7

A fire can be which type of a disaster?
A: Environmental.
B: Human.
C: Natural.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: Fires can be caused by nature, our environment and people.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #6

Why would we use a RTM in software testing?
A: To ensure we are secure.
B: To test for malformed input.
C: To map requirements to the testing plan.
D: To test the code while executing it.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


C: TM/RTM (Requirements Traceability Matrix): Normally a table, used to map customer requirements to the testing plan using a many-to-many relationship comparison. A requirements traceability matrix may be used to check if the current project requirements are being met, and to help in the creation of a request for proposal, software requirements specification, various deliverable documents, and project plan tasks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #5

Who would perform a structured audit?
A: Senior management.
B: IT security staff.
C: External auditors.
D: Internal auditors.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


C: Structured audits (3rd party): External auditors there to validate compliance, they are experts and the audit adds credibility. Can also be a knowledge transfer for the organization, required annually in many organizations.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #4

Which is true about Twofish?
A: It is a 64bit block cipher, with 56bit keys.
B: It is a 64bit block cipher with a 112bit key.
C: It is a 64bit block cipher with a 128bit key.
D: It is a 128bit block cipher with 128, 192 or 256bit keys.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: Twofish. Uses Feistel. Symmetric, block cipher 128bit blocks, key length 128, 192, 256 bits. Considered secure.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading