CISSP Practice question #134

How many backup tapes would we use to restore all the data if we do weekly full backups Sunday at midnight and daily incrementals at midnight and the system fails Wednesday afternoon?
A: 2
B: 3
C: 1
D: 4

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: We would need the Sunday full tape, the incremental tapes from Monday and Tuesday night so 3 tapes total.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #133

What would not be part of our server hardening before we promote a new server to production.
A: Apply all patches.
B: Disable unused ports.
C: Disable non-required services.
D: Open all ports.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


“D: Leaving ports open is the opposite of server hardening. When we receive or build new systems they often are completely open, before we introduce them to our environment we harden them. We develop a long list of ports to close, services to disable, accounts to delete, missing patches and many other things.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #132

Smurf attacks happen on which OSI layer?
A: 1
B: 2
C: 3
D: 4

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


C: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. ICMP is a layer 3 protocol.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #131

Data owner should:
A: Make the policies, procedures and standards that govern our data security.
B: Perform the backups and restores.
C: Be trained in the policies, procedures and standards.
D: Assign the sensitivity labels and backup frequency of the data.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #130

CASE software is classified into 3 categories, which are they?
A: Tools, workbenches and environments.
B: Tools, environments and scenarios.
C: Workbenches, environments and scenarios.
D: Workbenches, use cases and tools.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: CASE (Computer-Aided Software Engineering) software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #129

Using type 3 authentication we talk about all of these terms except which?
A: FAR.
B: CER.
C: FRR.
D: CRR.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: Something you are – Type 3 Authentication (Biometrics), uses Errors for Biometric Authentication: FRR (False rejection rate), FAR (False accept rate) and CER (Crossover Error Rate).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #128

In our BCP which team is defined as responsible for the dealing with the disaster when it happens?
A: Rescue.
B: Recovery.
C: Salvage.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Rescue team (activation/notification): Responsible for dealing with the disaster as it happens. Evacuate employees, notifies the appropriate personnel (call trees) pull the network from the infected server or shut down systems, and initial damage assessment.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #127

An attacker is using fragmentation to avoid our IPS, what is that?
A: Breaking the data into segments.
B: Sending traffic on a well-known TCP port, where we would not expect the malicious traffic.
C: Have many different agents use different IPs and ports.
D: Change the attack signature.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Fragmentation: Sending fragmented packets, the attack can avoid the detection system’s ability to detect the attack signature.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #126

Bob is working on categorizing incidences for our incident management plan what category does fires fall under?
A: Natural.
B: Environmental.
C: Human.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: Fires can be natural, caused by our equipment or set by people.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #125

What was the speed of T3?
A: 1,544Mbps.
B: 44,736Mbps.
C: 2,048Mbps.
D: 34,368Mbps.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


D: E3 (Europe): 16 bundled E1 lines, creating a dedicated 34,368 Mbps circuit.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading