CISSP Practice question #116

We are getting rid of a pile of hard drives, which of these would we use on the regular spinning disk ones to ensure there is no data remanence.
A: Degauss.
B: Overwrite.
C: Shred.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: With regular spinning disk hard drives, degauss, overwrite and shred are all good options. Often done with more than one of them just to be sure.

show less

Continue Reading

CISSP Practice question #115

What would be a common attack on data at rest?
A: Cryptanalysis.
B: Shoulder surfing.
C: Eavesdropping.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


A: Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.

show less

Continue Reading

CISSP Practice question #114

A too high sensitivity on our biometrics will often cause too many what?
A: False accepts.
B: False rejects.
C: True accepts.
D: True rejects.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: FRR (False rejection rate) Type 1 error: Authorized users are rejected. This can be too high settings – 99% accuracy on biometrics.

show less

Continue Reading

CISSP Practice question #113

Which is not protected by the 4th amendment in the US?
A: Anything search warranted.
B: Your emails.
C: Your internet history.
D: Anything done online.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: We ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated. Anything supinated, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment.

show less

Continue Reading

CISSP Practice question #112

When storing passwords in plaintext on a server it is obviously very vulnerable what would be a reason they chose to do so?
A: Because plaintext is more secure than encrypted.
B: Because the server is secure enough to not need the password encryption.
C: Access controls are only used on critical systems.
D: It is slightly faster than having to decrypt the password when the user tries to log in.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: It can take a second or two on older systems to authenticate if the passwords are hashed or encrypted. We should however never leave passwords in plaintext to save a second or two.

show less

Continue Reading

CISSP Practice question #111

Which are 4th generation programming languages.
A: Cobol, SQL, Perl, C++.
B: C++, Java, Cobol, C#.
C: ColdFusion, SQL, Perl, PHP.
D: ColdFusion, SQL, C++, Perl.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


C: 4th Generation languages (4GL) include ColdFusion, Progress 4GL, SQL, PHP and Perl. Fourth-generation languages are designed to reduce programming effort and the time it takes to develop software, resulting in a reduction in the cost of software development. Increases the efficiency by automating the creation of machine code. Often uses a GUI, drag and drop, and then generating the code, often used for websites, databases and reports.

show less

Continue Reading

CISSP Practice question #110

What would we do during the e-discovery process?
A: Discover all the electronic files we have in our organization.
B: Produce electronic information to a court.
C: Make sure we keep data long enough in our retention policies for us to fulfil the legal requirements for our state and sector.
D: Delete data that has been requested if the retention period has expired.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


B: e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation and data to a court or external attorneys in a legal proceeding.

show less

Continue Reading

CISSP Practice question #109

What would we use to ensure data confidentiality?
A: Hashes.
B: Multifactor authentication.
C: Redundant hardware.
D: None of these.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: To ensure confidentiality we can use strong passwords, multi factor authentication, masking, access control, need-to-know, least privilege and many other factors.

show less

Continue Reading

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

While the Hawaii Emergency Management Agency says a false missile alert was not a hack, a password in a photo has drawn criticism of its security practices.

Source: www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1

Continue Reading

CISSP Practice question #108

During a security incident you heard something this constitutes what type of evidence?
A: Real evidence.
B: Direct evidence.
C: Secondary evidence.
D: Circumstantial evidence.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: Direct Evidence: Testimony from a first hand witness, what they experienced with their 5 senses.

show less

Continue Reading