CISSP Practice question #124

In the IAAA model which is not one of the A’s?
A: Authentication.
B: Alteration.
C: Authorization.
D: Accountability.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: IAAA is Identification and Authentication, Authorization and Accountability. Alteration is the opposite of integrity from the CIA triad.

show less

Continue Reading

CISSP Practice question #123

Which plan would we look at in our BCP for dealing with evacuating staff in an emergency?
A: COOP.
B: CCP.
C: OEP.
D: CIRP.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: OEP (Occupant Emergency Plan): How do we protect our facilities, our staff and the environment in a disaster event. This could be fires, hurricanes, floods, criminal attacks, terrorism, etc. Focuses on safety and evacuation, details how we evacuate, how often we do the drills and the training staff should get.

show less

Continue Reading

CISSP Practice question #121

Why would we use a differential backups over an incremental?
A: Faster restores.
B: Faster backup time.
C: To exclude certain directories from the backup.
D: To include all directories in the backup.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Differential backup: Backs up everything since the last Full backup. Does not clear the archive bit. Faster to restore since we just need 2 tapes for a full restore, the full and the differential. Backups take longer tan the incrementals, we are backing everything since the last full.

show less

Continue Reading

CISSP Practice question #120

Which project management methodology is better geared towards year long project with very clear software requirements that should not change?
A: Waterfall.
B: Agile.
C: XP.
D: Rapid prototyping.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Waterfall methodology is well suited for long, very clearly defined projects.

show less

Continue Reading

CISSP Practice question #119

What would be proper data disposal of SSD drives?
A: Degaussing.
B: Formatting.
C: Deleting all files.
D: Overwriting.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: SSD drives can’t be degaussed and formatting or deleting the files only removes the file structure, most if not all files are recoverable. We would need to overwrite all the data with random 0s and 1s.

show less

Continue Reading

CISSP Practice question #118

Testing is done to:
A: See if the plan is accurate, complete and effective.
B: See how staff reacts and to train them.
C: Ensure the plan is being followed and understood.
D: Ensure compliance with regulations.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Testing: To ensure the plan is accurate, complete and effective, happens before we implement the plan.

show less

Continue Reading

CISSP Practice question #117

What would be a good security practice for BYOD and IOT devices?
A: Segment them on their own VLAN.
B: Allow them on the normal network so we can monitor them.
C: Allow employees to keep PHI on their own devices.
D: Let them use the same wireless as medical equipment is on.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: BYOD and IOT almost never has as good security posture as the organization hardware, we want to segment it on it’s own limited VLAN to ensure any compromised hardware can do as little damage as possible.

show less

Continue Reading