CISSP Practice question #257

In building a new system we need to ensure we protect the Protected Health Information (PHI) in accordance with the HIPAA standard. Which of these is protected under the HIPAA standard?
A: URLs.
B: IP addresses.
C: Full dates.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #256

Using highly targeted emails to senior management an attacker has sent an email threatening with a lawsuit if attached documents are not filled out and returned by a certain date. What is this an example of?
A: Vishing.
B: Social engineering.
C: Whale phishing.
D: MITM.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: This is whale phishing, which is a social engineering attack. Whale Phishing (Whaling): Spear phishing targeted at senior leadership of an organization. This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #255

When a computer uses more than one processor at a time for a task it is called?
A: Multithreading.
B: Multiprocessing.
C: Multitasking.
D: Multiprogramming.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Multiprocessing – A computer using more than one CPU at a time for a task.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #254

In our Redundant Array of Independent Disks (RAID) configuration we are using striping with redundancy. At least how many disks would we need?
A: 1
B: 2
C: 3
D: 4

CBK 7: Security Operations
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in it self does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #253

If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?
A: Loopback.
B: Link-local.
C: Private.
D: Public.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


A: IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #252

An IPv4 address consists of how many bits?
A: 4 bit.
B: 8 bit.
C: 128 bit.
D: 32 bit

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32bit integer binary.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #251

What could be a security concern we would need to address in a procurement situation?
A: Who gets the IT Infrastructure?
B: How do we ensure their security standards are high enough?
C: Security is part of the SLA.
D: All of these.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Procurement: When we buy products or services from a 3rd party, security part of the SLA.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #250

In software testing we are doing synthetic transaction. What does that mean?
A: Test the code while executing it.
B: Passively test the code, but not run it.
C: Submit random malformed input to crash the software or elevate privileges.
D: Build scripts and tools that would simulate normal user activity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


D: Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #249

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?
A: Administrative.
B: Technical.
C: Physical.
D: Detective.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


B: Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #248

In a risk analysis we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?
A: ALE.
B: ARO.
C: TCO.
D: SLE.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests – https://www.udemy.com/user/thorpedersen/

Answer


C: Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading