Updates – CISSP study and training by Thor Teaches!

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #321

August 17, 2018 No Comments

If we are using the Graham Denning model, which of these is not something a subject can execute on an object?
A: Transfer access
B: Delete access.
C: Create subject.
D: Read subject

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer

D: Graham-Denning Model – uses Objects, Subjects, and Rules. It does not use read subjects, it has 8 rules that a specific subject can execute on an object are: Transfer Access. Grant Access. Delete Access. Read Object. Create Object. Destroy Object. Create Subject. Destroy Subject.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #320

August 16, 2018 No Comments

We are getting 50 old spinning disk hard drives. What would we use on the damaged ones to ensure there is no data remanence, but needed the drive to stay intact?
A: Degauss.
B: Overwrite.
C: Shred.
D: Format.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests –

Answer

A: Degaussing should ensure no data remanence, we can’t overwrite or format a damaged drive, and shredding would not leave the drive intact.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #319

August 15, 2018 No Comments

We want to protect against rainbow tables by implementing salting. What are rainbow tables made up of?
A: Pre-made list of matching passwords and hashes.
B: Pre-arranged lists of full words and numbers.
C: Pre-made list of matching biometrics and passwords.
D: Pre-made list of matching passwords and hashes using salts.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests –

Answer

A: Rainbow tables attacks: Pre-made list of plaintext and matching ciphertext. Often Passwords and matching Hashes a table can have 1,000,000’s of pairs.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #318

August 14, 2018 No Comments

Which of these is a true about hybrid encryption?
A: It does not use a shared key.
B: It is the strongest per bit.
C: It uses private and public keys to share a symmetric session key.
D: All of these.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer

C: Hybrid Encryption: Uses Asymmetric encryption to share a Symmetric Key (session key). We use the security over an unsecure media from Asymmetric for the initial exchange and we use the speed and higher security of the Symmetric for the actual data transfer. The Asymmetric Encryption may send a new session key ever so often to ensure security.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #317

August 13, 2018 No Comments

As part of our disaster recovery response we are paying a provider to keep a copy of our servers and data. The servers are to remain down always, with the exception for patches and database syncs and are only to be spun up if we have a disaster. What would this be called?
A: Reciprocal.
B: Redundant.
C: Mobile site.
D: Subscription site.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests –

Answer

D: Subscription/cloud site: We pay someone else to have a minimal or full replica of our production environment up and running within a certain number of hours (SLA). They have fully built systems with our applications and receive backups of our data, if we are completely down we contact them and they spin the systems up and apply the latest backups. How fast and how much is determined by our plans and how much we want to pay for this type of insurance.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #316

August 12, 2018 No Comments

After our CEO has had issues getting her finger printer reader to recognize her fingerprint, she is wanting us to lower the sensitivity on the readers. What could be a negative side effect of doing what she is asking us to do?
A: False accepts.
B: False rejects.
C: True accepts.
D: True rejects.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests –

Answer

A: FAR (False accept rate) Type 2 error: Unauthorized user is granted access. This is a very serious error.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #315

August 11, 2018 No Comments

In CASE programming, designers use these categories of tools except which?
A: Tools.
B: Workbenches.
C: Environments.
D: References.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests –

Answer

D: CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #314

August 10, 2018 No Comments

After a security incident, our legal counsel presents the logs from the time of the attack in court. They constitute which type of evidence?
A: Real evidence.
B: Direct evidence.
C: Secondary evidence.
D: Circumstantial evidence.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer

C: Secondary Evidence – This is common in cases involving IT. Logs and documents from the systems are considered secondary evidence.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #313

August 9, 2018 No Comments

In database normalization, in which form would we move data that is partially dependent on the primary key to another table?
A: 1st normal form.
B: 2nd normal form.
C: 3rd normal form.
D: 4th normal form.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests –

Answer

B: Database normalization: Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data, and improves the integrity and availability of the database. Normalization has three forms (rules): First Normal Form: Divides the base data into tables, primary key is assigned to most or all tables. Second Normal Form: Move data that is partially dependent on the primary key to another table. Third normal Form: Remove data that is not dependent on the primary key.

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

CISSP Certification, CISSP Certification practice questions, Updates

CISSP Practice question #312

August 8, 2018 No Comments

In a security audit we are looking at the authentication protocols we use. Which of these uses a key-distribution center?
A: Kerberos.
B: Radius.
C: Diameter.
D: LDAP.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests –

Answer

A: Kerberos: Authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to each other in a secure manner. It uses an AS (Authentication Server), a TGS (ticket-granting server) which are part the KDC (Key distribution center).

show less

Thor Pedersen

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.