CISSP Practice question #55

We have an agreement with another organization in our line of business, where we have a rack of our hardware in their data center and they have a rack in our data center. The racks are completely segmented off from the rest of the network, what are these agreements called?
A: Reciprocal.
B: Redundant.
C: Mobile site.
D: Subscription site.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Reciprocal Agreement site: Your organization has a contract with another organization that they will give you space in their data center in a disaster event and vise versa. This can be promised space or some racks with hardware completely segmented off the network there.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #54

In software acceptance testing, what is the purpose of user acceptance testing?
A: To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
B: To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
C: To ensure the software perform as expected in our live environment vs. our development environment.
D: To ensure the software is functional for and tested by the end user and the application manager.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: The User Acceptance test: Is the software functional for the users who will be using it, it is tested by the users and application managers.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #53

Each row in a relational database is called a/an:
A: Tuple.
B: Attribute.
C: Relation.
D: Schema.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Relational model: Rows are also called records or tuples. Generally, each table/relation represents one entity type. The rows represent instances of that type of entity and the columns representing values attributed to that instance.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #52

Before upgrading a system or applying a patch, which type of backup will not interfere with backup cycle and allows us to do a full restore with a single tape.
A: Full backup.
B: Incremental backup.
C: Differential backup.
D: Copy backup.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: Copy backup: This is a full backup with one important difference, it does not clear the archive bit. Often used before we do system updates, patches and similar upgrades. We do not want to mess up the backup cycle, but we want to be able to revert to a previous good copy if something goes wrong.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #51

A pen tester calling an employee and explains how they are the CEO’s executive assistant and they need to do what they are told is:
A: Authority.
B: Intimidation.
C: Scarcity.
D: Familiarity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Social engineering uses people skills to bypass security controls. Authority (someone you trust or are afraid of) – Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #50

When Jane is designing the specifications she is including technology and countermeasures for hurricanes, what type of disasters is the focused on?
A: Natural.
B: Man made.
C: Environmental.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Natural: Hurricanes, floods, earthquakes, blizzards, anything that is caused by nature.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Why I think the CISSP CAT (Computerized Adaptive Testing) is a good thing!

I just published a new video on why (ISC)² switching the CISSP exam to CAT (Computerized Adaptive Testing) is a good thing.
This will test students on their knowledge (just like the current version), but not on their ability to handle the 6 hour brain melting previous exam.

You can watch the video on my free CISSP course here (lecture 8):
https://www.udemy.com/cissp-essentials/

Or you can watch it on my youtube channel here:

 

 

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #49

What would we encrypt when dealing with sensitive data?
A: USB drives.
B: Wireless access points.
C: Laptops.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #48

Which of these would be a layer 2 broadcast address?
A: FF:FF:FF:FF:FF:FF
B: 255.255.255.255
C: 127.0.0.1
D: 0.0.0.0

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: Layer 2 uses MAC addresses, they use the FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Computerized Adaptive Testing

My notes: I think this can be a good thing, here are a few reasons why:

  • Maximum 3 hour exam, same questions and difficulty, but you won’t hit the 4 and 5 hour wall. <Definite win>
  • The same questions, same weight as before just less of them <win>
  • Minimum 100 questions, maximum 150 questions vs. 250 questions in the current version (still 25 beta questions). Less scenarios less brain-melt <Definite win>
  • No ability to review, a little conflicted on this, but probably a good thing not rethinking answers you already did <meh>
  • No changes to the curriculum: “As the CISSP exam content outline and passing standard for the linear and CAT versions of the examination are exactly the same, candidate preparation should not change based on the format of the examination.” Nothing to restudy, keep doing what you are doing <Definite win>

The (ISC)² announcement:
Effective Dec. 18, 2017: (ISC)² will introduce Computerized Adaptive Testing (CAT) for all English CISSP exams worldwide. CISSP CAT enables you to prove your knowledge by answering fewer items and completing the exam in half the time.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading
1 2 3 20