CISSP Practice question #292

On our systems what is the South bridge connected to?
A: CPU.
B: Wireless.
C: Mouse/Keyboard.
D: All of these.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer


C: The south bridge is connected to the hard disks and other drives, USB ports and other peripherals (and the north bridge).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #291

What would we call social engineering through emails, that target specific individuals, where the attacker has specific knowledge about the company?
A: Spear phishing.
B: Whale phishing.
C: Phishing.
D: Vishing.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


A: Spear Phishing: Targeted Phishing, not just random spam, but targeted at specific individuals. Sent with knowledge about the target (person or company); familiarity increases success.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #290

In our risk analysis we know there is a risk, but we do not analyze how bad an impact would be. Which type of risk response is that an example of?
A: Risk transference.
B: Risk mitigation.
C: Risk avoidance.
D: Risk rejection.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


D: Risk Rejection – You know the risk is there, but you are ignoring it. This is never acceptable. (You are liable).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #289

For which type of data would we want to use end-to-end encryption?
A: Data at rest.
B: Data in use.
C: Data in motion.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests –

Answer


C: Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #288

If we look at our Disaster Recovery Plan (DRP) for what to do when we are attacked. In which phase of incident management do we shut system access down?
A: Preparation.
B: Detection.
C: Response.
D: Recovery.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests –

Answer


C: Response: The response phase is when the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident. This can be taking a system off the network, isolating traffic, powering off the system, or however our plan dictates to isolate the system to minimize both the scope and severity of the incident. Knowing how to respond, when to follow the policies and procedures to the letter and when not to, is why we have senior staff handle the responses. We make bit level copies of the systems, as close as possible to the time of incidence to ensure they are a true representation of the incident.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #287

We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and if they can ultimately admin access?
A: Gaining access.
B: Discovery.
C: System browsing.
D: Escalate privileges.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests –

Answer


D: Escalate Privileges: Get higher level access, ultimately we want admin access.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #286

What are we dealing with when we talk about data retention?
A: Data remanence.
B: How long we keep the data.
C: The data content.
D: The data in use.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests –

Answer


B: Our data retention periods tells us how long we need to keep certain data for.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #285

How can we safely we dispose of damaged SSD drives and ensure there is no data remanence?
A: Overwriting.
B: Shredding.
C: Formatting.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests –

Answer


B: SSD drives: Formatting just deletes the file structure, most if not all files are recoverable. Since the drive is damaged we can’t overwrite it, we would need to rely on just shredding it.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #284

Which of the different types of logical intrusion system would only use alerts and sends the alerts if it sees traffic matching certain signatures?
A: IPS.
B: IDS.
C: Heuristic.
D: Pattern.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests –

Answer


D: Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #283

Have applied for a trademark and it has been approved. How are we protected?
A: Protected for 70 years after the creators death or 95 years for corporations.
B: You tell no one, if discovered you are not protected.
C: Protected for 20 years after filing.
D: Protected 10 years at a time, and it can be renewed indefinitely.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


D: Trademarks ™ and ® (Registered Trademark). Brand Names, Logos, Slogans – Must be registered, is valid for 10 years at a time, can be renewed indefinitely.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading
1 2 3 43