CISSP Practice question #43

When an attacker altered our data which leg of the CIA triad was mostly effected?
A: Authentication.
B: Confidentiality.
C: Availability.
D: Integrity.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: Alteration is the opposite of integrity our data has been changed.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

How Many (ISC)² Members Are There Per Certification in your country?

See how many CISSP certified people there are in your country and in the world.

Source: www.isc2.org/en/About/Member-Counts

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #42

Who is the governance part of our organization?
A: Middle management.
B: The users.
C: Senior management.
D: The IT leadership team.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


C: The senior leadership in our organization sets the company direction and clarifies when there are questions. They are the governing body, although they can at times be doing so under the directions of the board.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #41

We are implementing remote journaling, how does it help us ensure we can recover from a data loss on our primary systems?
A: It sends transaction logs to a remote location, but not the files themselves. We can rebuild the transactions from the logs.
B: It uses a remote backups service that sends backups files electronically offsite at a certain interval or when the files change.
C: It makes an exact real time copy at another location, this can be another local disk or preferred remote to another type of media.
D: It takes a full backup of our database once a week to tape.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Remote journaling: Sends transaction log files to a remote location, not the files themselves. The transactions can be rebuilt from the logs if we lose the original files.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Just launched my free CISSP Essentials course on Udemy.

I JUST launched my FREE CISSP Certification Essentials course on Udemy, as the kickoff for my Early Bird Black Friday sale.
 
This is NOT curriculum for the 8 domains, it is:
  • A short introduction to the CISSP and tips on how you can study successfully.
  • 80 Free practice questions (10 from each domain).
  • Why you want to get certified.
  • The domains at a high level.
  • Study materials.
  • Practice test approach.
  • Exam day.
  • What to do when you pass.
  • What to do when you fail.
 
Link to the Free CISSP essentials course on Udemy:
If you like the free course and you think it could help other CISSP students please leave a review when it asks you to 🙂
It helps both future students as well as me, the key to success on Udemy is reviews (even on free courses).
 
My full CISSP curriculum course is still being recorded and released as soon as it is ready.
It is currently it is around 20 hours long, and will be available at the same price as my practice tests $10.
 
Also part of my Early Bird Black Friday sale, you can also get my 4 CISSP practice exams for $10 each.
  test1-150
test2-150
test3-150

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #40

A security audit has determined we have some rather large security flaws in our organization. The IT Security team has been asked to suggest mitigation strategies using the OSI model, what could we use for layer 3?
A: Access Lists.
B: Shut down open unused ports.
C: Installing UPS’ in the data center.
D: Start using firewalls.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: ACL (access control list) is a sequential list of permit or deny statements that apply to the IP address and or upper-layer protocols. Packet filtering works at the network layer (layer 3) of the OSI model.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #39

Why would a company use multiple types of data destruction on sensitive data?
A: Because it is easier than just a single type of data destruction.
B: To ensure there is no data remanence.
C: To ensure data is still accessible after the destruction.
D: To make sure we have the old drives available.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


B: It is common to do multiple types of data destruction on sensitive data (both degaussing and disk crushing/shredding). While it may not be necessary, it is a lot cheaper than a potential $1,000,000 fine or loss of proprietary technology or state secrets.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #38

What does IAAA do?
A: Provide a framework where we authorize, identify and authenticate our users and hold accountable for their actions.
B: Provide a framework where we provide integrity, authenticate, authorize our users and hold accountable for their actions.
C: Provide a framework where we identify, authenticate, authorize our users and make sure the data they need is available.
D: Provide a framework where we identify, authenticate, give users access dependent on their job title.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


A: IAAA is Identification and Authentication, Authorization and Accountability, we identify our staff, have them authenticate, authorize them to access what they are permitted and hold them accountable for their actions.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading