CISSP Practice question #15

We are implementing database shadowing, how does it help us ensure we can recover from a data loss on our primary systems?
A: It sends transaction logs to a remote location, but not the files themselves. We can rebuild the transactions from the logs.
B: It uses a remote backups service that sends backup files electronically offsite at a certain interval or when the files change.
C: It makes an exact real time copy at another location, this can be another local disk or preferred remote to another type of media.
D: It takes a full backup of our database once a week to tape.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


C: Database shadowing: Exact real time copy of the database or files to another location. It can be another disk in the same server, but best practices dictates another geographical location, often on a different media.

show less

Continue Reading

IT Security – from Novinite “New Мeasures to Scale up EU Cybersecurity”

New Мeasures to Scale up EU Cybersecurity – Novinite.com – Sofia News Agency

A new set of wide-ranging measures to build strong cybersecurity in the European Union is on the table. The European Commission has proposed the creation of an EU Cybersecurity Agency to assist member states in dealing with cyber-attacks, as well as a new European certification scheme that will ensure that products and services in the digital world are safe to use.

Source: www.novinite.com/articles/183428/

Continue Reading

CISSP Practice question #13

When we create an application whitelist we are doing what?
A: Make a list of allowed applications.
B: Making a list of prohibited applications.
C: Making a list of all applications.
D: Making a list of all of our own developed applications.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Application whitelisting: We can whitelist the applications we want to allow to run on our environments, but it can also be compromised. We would whitelist against a trusted digital certificate, a known hash or path and name, the latter is the least secure, an attacker can replace the file at the path with a malicious copy.

show less

Continue Reading

CISSP Practice question #12

Which of these would not have data remanence after the system has been powered off for 10 minutes.
A: Hard disks.
B: Read only memory.
C: Random access memory.
D: Tapes.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


C: RAM (Random access memory) would lose its data remanence after a few seconds to a few minutes after the loss of power.

show less

Continue Reading

IT Security from LA Times: “Equifax website is apparently hacked (again)..

Equifax website is apparently hacked

Equifax website is apparently hacked

Equifax has taken part of its website offline after a security analyst said clicking a link on the site sent him to a malicious URL. Separately, a top Republican congressman introduced a bill that would stop credit reporting firms from using Social Security numbers to identify Americans.

Source: www.latimes.com/business/la-fi-equifax-social-security-numbers-20171012-story.html

Continue Reading

IT Security – from TechRepublic “Report: Negligent employees are no. 1 cause of cybersecurity breaches at small and medium business'”

Report: Negligent employees are no. 1 cause of cybersecurity breaches at SMBs

Report: Negligent employees are no. 1 cause of cybersecurity breaches at SMBs

Careless workers and poor passwords have led to a rise in ransomware attacks and other breaches on SMBs, which cost an average of $1 million.

Source: www.techrepublic.com/article/report-negligent-employees-are-no-1-cause-of-cybersecurity-breaches-at-smbs/

Continue Reading

CISSP Practice question #11

In open source programming we:
A: Release the software, but not the code.
B: Release the code and the software.
C: Release neither the software or code.
D: Release the code, but not the software.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

show less

Continue Reading

IT Security from arstechnica.com “DOJ tries to rebrand weakened encryption as “responsible encryption””

Trump’s DOJ tries to rebrand weakened encryption as “responsible encryption”

A high-ranking Department of Justice official took aim at encryption of consumer products today, saying that encryption creates “law-free zones” and should be scaled back by Apple and other tech companies. Instead of encryption that can’t be broken, tech companies should implement “responsible encryption” that allows law enforcement to access data, he said.

Source: arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

Continue Reading

CISSP Practice question #10

These can all be used in IPSec except which concept?
A: AH.
B: ESP.
C: SA.
D: DR.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: IPSEC (Internet Protocol Security): Set of protocols that provide a cryptographic layer to IP traffic (IPv4 and IPv6). It uses AH (Authentication Header) to provide authentication and integrity for each packet. ESP (Encapsulation Security Payload) which provides confidentiality and SA (Security Association) which is a simplex one-way communication (Like a walkie talkie).Can be used to negotiate ESP or AH parameters.

show less

Continue Reading