CISSP Practice question #69

On which TCP/IP layer do we find IP Addresses?
A: Link and physical.
B: Internetworks.
C: Transport.
D: Application.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


B: Internet/Internetwork layer is responsible of sending packets across potentially multiple networks. Requires sending data from the source network to the destination network (routing). The Internet Protocol performs two basic functions: Host addressing and identification: This is done with a hierarchical IP addresses. Packet routing: Sending the packets of data (datagrams) from the source to the destination by forwarding them to the next network router closer to the final destination.

show less

Continue Reading

CISSP Practice question #68

What in our environment should be patched regularly?
A: Our servers.
B: Our SANs.
C: Our network equipment.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: We should patch all our hardware on a regular schedule, if we do not we can have many vulnerabilities on our network. We want defense in depth.

show less

Continue Reading

CISSP Practice question #67

When we want users to test our software but want key features disabled we release:
A: Cripple ware.
B: Shareware.
C: Freeware.
D: Bloatware.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Cripple ware: Partially functioning proprietary software, often with key features disabled. The user is required to make a payment to unlock the full functionality.

show less

Continue Reading

CISSP Practice question #66

Where would we not implement defense in depth?
A: Our data centers.
B: No where.
C: Our call center.
D: Our VPNs

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


B: We would implement defense in depth everywhere. We would not implement it “no where”, the double negative would cancel each other out. Remember this is also an exam in the English language assuming you take it in English, it does intend to trick you at times.

show less

Continue Reading

CISSP Practice question #64

Which of these is an identifier protected under the HIPAA rules?
A: Name.
B: Zip code.
C: License plate.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

show less

Continue Reading

CISSP Practice question #62

We are blocking unused ports on our servers as part of our server hardening, when we block TCP port 23, what are we blocking?
A: FTP data transfer.
B: FTP control.
C: SSH.
D: Telnet.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


D: Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

show less

Continue Reading

CISSP Practice question #61

In our access control implementations and looking at the IAAA model what could we use for authentication?
A: Their username.
B: A password.
C: Role based access control.
D: Non-repudiation.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: Authentication: Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.). Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).

show less

Continue Reading

IT Security from TechBeacon: “Why we need more women in cybersecurity”

Why we need more women in cybersecurity

Why we need more women in cybersecurity

It has been estimated that more than 1 million security jobs worldwide are unfilled. Further, (ISC)2 reports that of the currently employed cybersecurity professionals, women represent only 11 percent of the workforce. The unfilled cybersecurity jobs aren’t just a staffing issue; they’re a matter of national security, and women can help us solve the problem quickly.

Source: techbeacon.com/why-we-need-more-women-cybersecurity

Continue Reading
1 3 4 5 6 7 26