CISSP Certification practice questions – Page 2

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #195

April 13, 2018 6 Comments

Which agile software development uses a master?
A: XP.
B: Scrum.
C: Spiral.
D: Sashimi.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer

B: Scrum master: Facilitates and accountable for removing impediments to the ability of the team to deliver the product goals and deliverables. Not a traditional team lead or project manager but acts as a buffer between the team and any distracting influences. The scrum master ensures that the Scrum framework is followed.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #194

April 12, 2018 7 Comments

MAC access control is based on what?
A: Labels and clearance.
B: The discretion of the object owner.
C: The job role of the user.
D: IF/THEN statements.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer

A: MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #193

April 11, 2018 4 Comments

Attacks on our encryption is mostly targeting which leg of the CIA triad?
A: Authentication.
B: Confidentiality.
C: Availability.
D: Integrity.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer

B: To ensure confidentiality we use encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or IPSEC). There are many attacks against encryption, it is almost always easier to steal the key than breaking it, this is done with cryptanalysis.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #192

April 10, 2018 9 Comments

What is the final stage of a penetration test?
A: Auditing.
B: Reporting.
C: Exploration.
D: Deleting log files.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer

B: Penetration Testing normally has 6 phases: Planning > Reconnaissance > Scanning (enumeration) > Vulnerability assessment > Exploitation > Reporting. The 6th phase for a real attack would be delete logs/evidence and install backdoors.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #191

April 9, 2018 5 Comments

Relational databases uses:
A: A hierarchy model.
B: An object model..
C: Star schema model.
D: Tables with rows and columns.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer

D: Relational model: Organizes data into one or more tables (or relations) of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Generally, each table/relation represents one entity type. The rows represent instances of that type of entity and the columns representing values attributed to that instance.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #190

April 8, 2018 2 Comments

When a system has been certified what does that mean?
A: It has met the data owners security requirements.
B: It has met the data stewards security requirements.
C: The data owner has accepted the certification and the residual risk, which is required before the system is put into production.
D: The data steward has accepted the certification and the residual risk, which is required before the system is put into production.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer

A: Certification is when a system has been certified to meet the security requirements of the data owner. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #189

April 7, 2018 4 Comments

When a pen tester is trying to gain access to our facility by trying to find an open door or window, which type of access control type is she testing?
A: Administrative.
B: Technical.
C: Physical.
D: Detective.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer

C: Physical Controls: Locks, fences, guards, dogs, gates, bollards, doors, windows, etc.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #188

April 6, 2018 2 Comments

Jane is implementing active directory at our organization and she wants all the domains to trust each other, which trust domain should she implement?
A: Two-way trust.
B: Intransitive trust.
C: Transitive trust.
D: One-way trust.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer

C: Transitive trust: A trust that can extend beyond two domains to other trusted domains in the forest.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #187

April 5, 2018 2 Comments

An disgruntled former employee of our organization is trying to break passwords of our administrator accounts using a key logger, how does he do that?
A: He uses the entire key space.
B: He uses full words often with numbers at the end.
C: He uses precompiled hashes to compare the password hash to.
D: He has software installed on a computer that records all keystrokes.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer

D: Keylogging (Keystroke logging): A keylogger is added to the users computer and it records every keystroke the user enters. Software, a program installed on the computer. The computer is often compromised by a trojan, where the payload is the keylogger or a backdoor. The keylogger calls home or uploads the keystrokes to a server at regular intervals. Hardware, attached to the USB port where the keyboard is plugged in. Can either call home or needs to be removed to retrieve the information.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, IT security, Updates

CISSP Practice question #186

April 4, 2018 3 Comments

In software testing, installation testing would test what?
A: That the software installs correctly on the customers hardware.
B: Lost or missing features after major code changes.
C: interfaces between components in the software.
D: Processes and security alerts when encountering errors.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer

A: Installation testing: Assures that the system is installed correctly and working at actual customer’s hardware.

show less

Thor Pedersen

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.