CISSP Practice question #218

Looking at the logical ring model, where would we find a VM hypervisor?
A: -1
B: 0
C: 2
D: 3

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #217

When Jane is designing the specifications in our Disaster Recovery Plan (DRP), she is including technology and countermeasures for unauthorized use of USB ports on servers. Which type of disasters is she focusing on? ​
A: Natural.
B: Man made.
C: Environmental.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Human: Done intentionally or unintentionally by humans, these are by far the most common.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #216

A HMAC-based one-time password (HOTP) is an example of which type of authentication method?
A: Something you know.
B: Something you have.
C: Something you are.
D: Somewhere you are.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Something you have – Type 2 Authentication: HOTP (HMAC-based one-time password): Shared secret and incremental counter, generate code when asked, valid till used.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

I just released my new course “CISSP Certification: CISSP Domain 1 & 2 Video Boot Camp 2018”

I just released my new course “CISSP Certification: CISSP Domain 1 & 2 Video Boot Camp 2018”

You can buy it here for $9.99.
https://www.udemy.com/cissp-domain-1-2/?couponCode=NINENINENINE

This is my current release schedule for the rest of the CISSP video series:
“CISSP Certification: CISSP Domain 3 & 4 Video Boot Camp 2018” 5/6-2018 (this Sunday).
“CISSP Certification: CISSP Domain 5 & 6 Video Boot Camp 2018” 5/17-2018.
“CISSP Certification: CISSP Domain 7 & 8 Video Boot Camp 2018” 5/31-2018.

As soon as they are released you can use the NINENINENINE coupon code to get them for $9.99 each, the same goes for all my practice tests:

 

Set 1 (Exam emulation sets with 2x 125 questions):

CISSP certification practice questions #1:
https://www.udemy.com/cissp-certification-practice-exam-1/?couponCode=NINENINENINE

CISSP certification practice questions #2:
https://www.udemy.com/cissp-certification-practice-exam-2/?couponCode=NINENINENINE

CISSP certification practice questions #3:
https://www.udemy.com/cissp-certification-practice-exam-3/?couponCode=NINENINENINE

CISSP certification practice questions #4:
https://www.udemy.com/cissp-certification-practice-exam-4/?couponCode=NINENINENINE

Set 2 (Domain based, 2 domains per test):

CISSP certification practice questions Domain 1 & 2:
https://www.udemy.com/cissp-domain1-2/?couponCode=NINENINENINE

CISSP certification practice questions Domain 3 & 4:
https://www.udemy.com/cissp-domain3-4/?couponCode=NINENINENINE

CISSP certification practice questions Domain 5 & 6:
https://www.udemy.com/cissp-domain5-6/?couponCode=NINENINENINE

CISSP certification practice questions Domain 7 & 8:
https://www.udemy.com/cissp-domain7-8/?couponCode=NINENINENINE

I hope I can help get you certified,

Thor

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #215

In which type of access management would we use labels for objects?
A: MAC.
B: DAC.
C: RBAC.
D: RAC.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. Labels: Objects have Labels assigned to them, the subjects clearance must dominate the objects label. The label is used to allow Subjects with the right clearance access them. Labels are often more granular than just “Top Secret”, they can be “Top Secret – Nuclear”.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #214

When a penetration calling an employee talks to the employee about friends they have in common, and then asks for help. It is which type of social engineering?
A: Authority.
B: Intimidation.
C: Scarcity.
D: Familiarity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: Social engineering uses people skills to bypass security controls. Familiarity (Have a common ground, or build it) – Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

All videos updated with the April 15th 2018 changes.

Good news everyone!

I just finished updating all the videos on my free CISSP Certification Essentials + 80 practice questions! 2018 with the changes from the new April 15th 2018 CISSP curriculum.

https://udemy.com/cissp-essentials/

I did it obviously to ensure this course is current, but also as part of upcoming full CISSP course (ETA 2-4 weeks).

The changes to the curriculum are very minor, less than 1%.

Of the curriculum changes that happens every 3 years, this is by far the smallest.

I mentioned it last time, if I was a student I would not buy another book if I already had the old one. As a diligent instructor I of course bought it 🙂

I hope I can help you get certified,

Thor

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #213

Using which of these would your work not be protected if someone copies your work?
A: Trademark.
B: Patent.
C: Copyright.
D: Trade secret.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: Trade Secrets. You tell no one about your formula, your secret sauce. If discovered anyone can use it; you are not protected.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #212

If an attacker is using a digraph attack, what is the attacker looking for? ​
A: How often certain letters are used.
B: How often pairs of letters are used.
C: How many messages are sent.
D: How often messages are sent.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #211

Which of these protocols is vendor neutral?
A: LDAP.
B: AD.
C: EIGRP.
D: VTP.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: LDAP (The Lightweight Directory Access Protocol): Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389. LDAP is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading
1 4 5 6 7 8 29