CISSP Practice question #178

Having a single, well controlled and defined data integrity system increases all of these except what?
A: Performance.
B: Maintainability.
C: Stability.
D: Redundant data.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: Having a single, well controlled, and well defined data-integrity system increases: Stability: One centralized system performs all data integrity operations. Performance: All data integrity operations are performed in the same tier as the consistency model. Re-usability: All applications benefit from a single centralized data integrity system. Maintainability: One centralized system for all data integrity administration.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #177

Semantic integrity is:
A: When every foreign key in a secondary table matches the primary key in the parent table.
B: Each attribute value is consistent with the attribute data type.
C: Each tuple has a unique primary value that is not null.
D: When the database has errors.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Semantic integrity: Each attribute value is consistent with the attribute data type.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #176

How many rotors did SIGABA use?
A: 3
B: 4
C: 10
D: 15

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #175

Which type of IDS/IPS can maybe mitigate 0day attacks?
A: Heuristic based.
B: Preference matching.
C: Signature based.
D: Network based.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Heuristic (Behavioral) based: Looks for abnormal behavior – can produce a lot of false positives. We build a baseline of what normal network traffic looks like and all traffic is matches to that baseline. They can at times mitigate 0day attacks. Can detect ‘out of the ordinary’ activity, not just attacks. Takes much more work and skills.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #174

Using Kerberos what does the client send to the AS?
A: User ID.
B: Authenticator.
C: Session key.
D: Plaintext password.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: The client sends a cleartext user ID to the AS (Authentication Server) requesting services on behalf of the user.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #173

As part of our fault tolerance what would we not use?
A: RAID 0.
B: RAID 1.
C: RAID5.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: RAID0 has not fault tolerance, it just writes the data onto two disks for faster speed. If a disk dies we have no redundancy.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #172

Injection attacks are attacks against what?
A: Our physical security.
B: Our SQL servers.
C: Our firewalls.
D: Our employees.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: OWASP A1 Injection. Can be any code injected into user forms, often seen is SQL/LDAP. Attackers can do this because our software does not use: Strong enough input validation and data type limitations input fields. Input length limitations. The fix is to do just that, we only allow users to input appropriate data into the fields, only letters in names, numbers in phone number, have dropdowns for country and state (if applicable), we limit how many characters people can use per cell, …

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #171

We are blocking unused ports on our servers as part of our server hardening, when we block UDP port 137, what are we blocking?
A: NetBIOS name service.
B: NetBIOS datagram service.
C: IMAP.
D: Microsoft Terminal Server (RDP).

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: NetBIOS Name Service uses UCP port 137 and is used for name registration and resolution.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #170

How many keys would we have if we had 100 users using symmetric encryption?
A: 200
B: 100
C: 4950
D: 2000

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


C: Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100×99)/2 = 4950 keys.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #169

Drills are done to:
A: See if the plan is accurate, complete and effective.
B: See how staff reacts and to train them.
C: Ensure the plan is being followed and understood.
D: Ensure compliance with regulations.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: Drills (exercises): Walkthroughs of the plan, main focus is to train staff, and improve employee response (think fire drills).

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading