CISSP Practice question #178

Having a single, well controlled and defined data integrity system increases all of these except what?
A: Performance.
B: Maintainability.
C: Stability.
D: Redundant data.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: Having a single, well controlled, and well defined data-integrity system increases: Stability: One centralized system performs all data integrity operations. Performance: All data integrity operations are performed in the same tier as the consistency model. Re-usability: All applications benefit from a single centralized data integrity system. Maintainability: One centralized system for all data integrity administration.

show less

Continue Reading

CISSP Practice question #177

Semantic integrity is:
A: When every foreign key in a secondary table matches the primary key in the parent table.
B: Each attribute value is consistent with the attribute data type.
C: Each tuple has a unique primary value that is not null.
D: When the database has errors.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Semantic integrity: Each attribute value is consistent with the attribute data type.

show less

Continue Reading

CISSP Practice question #176

How many rotors did SIGABA use?
A: 3
B: 4
C: 10
D: 15

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.

show less

Continue Reading

CISSP Practice question #175

Which type of IDS/IPS can maybe mitigate 0day attacks?
A: Heuristic based.
B: Preference matching.
C: Signature based.
D: Network based.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Heuristic (Behavioral) based: Looks for abnormal behavior – can produce a lot of false positives. We build a baseline of what normal network traffic looks like and all traffic is matches to that baseline. They can at times mitigate 0day attacks. Can detect ‘out of the ordinary’ activity, not just attacks. Takes much more work and skills.

show less

Continue Reading

CISSP Practice question #172

Injection attacks are attacks against what?
A: Our physical security.
B: Our SQL servers.
C: Our firewalls.
D: Our employees.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: OWASP A1 Injection. Can be any code injected into user forms, often seen is SQL/LDAP. Attackers can do this because our software does not use: Strong enough input validation and data type limitations input fields. Input length limitations. The fix is to do just that, we only allow users to input appropriate data into the fields, only letters in names, numbers in phone number, have dropdowns for country and state (if applicable), we limit how many characters people can use per cell, …

show less

Continue Reading

CISSP Practice question #171

We are blocking unused ports on our servers as part of our server hardening, when we block UDP port 137, what are we blocking?
A: NetBIOS name service.
B: NetBIOS datagram service.
C: IMAP.
D: Microsoft Terminal Server (RDP).

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: NetBIOS Name Service uses UCP port 137 and is used for name registration and resolution.

show less

Continue Reading

CISSP Practice question #169

Drills are done to:
A: See if the plan is accurate, complete and effective.
B: See how staff reacts and to train them.
C: Ensure the plan is being followed and understood.
D: Ensure compliance with regulations.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: Drills (exercises): Walkthroughs of the plan, main focus is to train staff, and improve employee response (think fire drills).

show less

Continue Reading