CISSP Practice question #62

We are blocking unused ports on our servers as part of our server hardening, when we block TCP port 23, what are we blocking?
A: FTP data transfer.
B: FTP control.
C: SSH.
D: Telnet.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


D: Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

show less

Continue Reading

CISSP Practice question #61

In our access control implementations and looking at the IAAA model what could we use for authentication?
A: Their username.
B: A password.
C: Role based access control.
D: Non-repudiation.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: Authentication: Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.). Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).

show less

Continue Reading

IT Security from TechBeacon: “Why we need more women in cybersecurity”

Why we need more women in cybersecurity

Why we need more women in cybersecurity

It has been estimated that more than 1 million security jobs worldwide are unfilled. Further, (ISC)2 reports that of the currently employed cybersecurity professionals, women represent only 11 percent of the workforce. The unfilled cybersecurity jobs aren’t just a staffing issue; they’re a matter of national security, and women can help us solve the problem quickly.

Source: techbeacon.com/why-we-need-more-women-cybersecurity

Continue Reading

From (ISC)² Endorsement Demystified

(ISC)² Endorsement Demystified

Following the jubilant moment of finding out you have achieved a passing score on your (ISC)² exam, you’re now ready for the endorsement process – but what does that actually mean? First, believe us when we say that the hard part is over! You’ve already passed the exam, and there’s no reason to be anxious or delay your endorsement. Especially if you’ve heard any of the endorsement myths below we are about to bust. Endorsement isn’t important It sure is! Becoming a certified member of (ISC)² is more than simply passing an exam, no matter how rigorous and challenging that…

Source: blog.isc2.org/isc2_blog/2017/11/isc²-endorsement-demystified.html

Continue Reading

IT Security from Forbes: “Cybersecurity skills shortage creating hiring chaos”

Cybersecurity skills shortage creating hiring chaos

Here’s a quick review of some of the cybersecurity skills shortage data I’ve cited about in recent blogs:

  1. According to ESG research from early 2017, 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
  2. In a recent research project conducted by ESG and the information systems security association (ISSA), 70 percent of cybersecurity professionals say the cybersecurity skills shortage has had an impact on their organization. The skills shortage has led to an increasing workload on existing staff, the need to hire and train junior employees due to the lack of experienced talent, and a situation where the cybersecurity staff spends most of its time on emergency issues and very little time on proactive strategic planning or training.
  3. When asked to identify factors that contributed to past security incidents, 22 percent said their cybersecurity team was not large enough for the size of their organization, while 18 percent stated that the cybersecurity team cannot keep up with the workload.
  4. More than two-thirds (67 percent) of cybersecurity professionals claim they are too busy with their jobs to keep up with skills development and training.

So, in aggregate, many organizations are understaffed, many lack some (or many) types of advanced cybersecurity skills, and the staff is too busy to invest time in continuing education to keep up with the latest threats. Yikes!

Huge demand for cybersecurity talent

CISOs recognize these issues and many organizations are actively hanging a “help wanted” sign to find cybersecurity talent. Unfortunately, it is exceedingly difficult to bring new people onboard. Why? Experienced cybersecurity professionals are in high demand, so organizations are engaged in a battle royale to coax them away from their present employers and outbid others for their services.

Source: www.csoonline.com/article/3238745/security/cybersecurity-skills-shortage-creating-recruitment-chaos.html

Continue Reading

CISSP Practice question #58

Which of these indicates the average time between hardware failures?
A: MTBF.
B: MTTR.
C: MOR.
D: MTD.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: MTBF (Mean Time Between Failures): How long a new or repaired system or component will function on average before failing, this can help us plan for spares and give us an idea of how often we can expect hardware to fail.

show less

Continue Reading

CISSP Practice question #57

Which low tech or no tech attack can often be just as successful at very technical attacks?
A: DDOS.
B: Social engineering.
C: Trojan.
D: Worm.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


B: Social engineering can often be just as successful as more technical attacks, people want to be helpful.

show less

Continue Reading

CISSP Practice question #56

Implementing secure cables in our building what would be our cheapest option?
A: Copper Ethernet.
B: Fiber Ethernet.
C: Wireless.
D: Coax copper.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


B: The most secure cable is fiber cables, it is slightly more expensive than copper, since we need both we would use fiber cables. Wireless is .. well not a cable.

show less

Continue Reading