CISSP Practice question #190

When a system has been certified what does that mean?
A: It has met the data owners security requirements.
B: It has met the data stewards security requirements.
C: The data owner has accepted the certification and the residual risk, which is required before the system is put into production.
D: The data steward has accepted the certification and the residual risk, which is required before the system is put into production.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


A: Certification is when a system has been certified to meet the security requirements of the data owner. Certification considers the system, the security measures taken to protect the system, and the residual risk represented by the system.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #189

When a pen tester is trying to gain access to our facility by trying to find an open door or window, which type of access control type is she testing?
A: Administrative.
B: Technical.
C: Physical.
D: Detective.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


C: Physical Controls: Locks, fences, guards, dogs, gates, bollards, doors, windows, etc.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #188

Jane is implementing active directory at our organization and she wants all the domains to trust each other, which trust domain should she implement?
A: Two-way trust.
B: Intransitive trust.
C: Transitive trust.
D: One-way trust.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


C: Transitive trust: A trust that can extend beyond two domains to other trusted domains in the forest.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #187

An disgruntled former employee of our organization is trying to break passwords of our administrator accounts using a key logger, how does he do that?
A: He uses the entire key space.
B: He uses full words often with numbers at the end.
C: He uses precompiled hashes to compare the password hash to.
D: He has software installed on a computer that records all keystrokes.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: Keylogging (Keystroke logging): A keylogger is added to the users computer and it records every keystroke the user enters. Software, a program installed on the computer. The computer is often compromised by a trojan, where the payload is the keylogger or a backdoor. The keylogger calls home or uploads the keystrokes to a server at regular intervals. Hardware, attached to the USB port where the keyboard is plugged in. Can either call home or needs to be removed to retrieve the information.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #186

In software testing, installation testing would test what?
A: That the software installs correctly on the customers hardware.
B: Lost or missing features after major code changes.
C: interfaces between components in the software.
D: Processes and security alerts when encountering errors.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Installation testing: Assures that the system is installed correctly and working at actual customer’s hardware.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #185

Which protocol transports files in plaintext?
A: FTP.
B: SFTP.
C: FTPS
D: HTTPS:

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: FTP (File Transfer Protocol): Transfers files to and from servers. No confidentiality or Integrity checks. Data is sent in plaintext. Should also not be used, since the vast majority of what we transport is over unsecure networks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #184

Jane is looking at the Kerberos implementation we have in place and is working on the KDC, what is part of the KDC?
A: AS.
B: PSG.
C: TGT.
D: KDR.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


A: The KDC (Key Distribution Center) consists of the AS (Authentication Server) and the TGS (Ticket Granting Server).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #183

In network forensics which of these is a common form used?
A: Catch-as-you-can.
B: Catch-and-release.
C: Stop, act and prevent.
D: Stop and release.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Network forensics: Systems used to collect network data for forensics use usually come in two forms: Catch-it-as-you-can: All packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage. Stop, look and listen: Each packet is analyzed in a basic way in memory and only certain information is saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #182

Which remote access protocol can send data encrypted?
A: Telnet.
B: Secure Shell.
C: Command prompt.
D: Power Shell.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


B: SSH (Secure Shell) is used for remote access over a network. Data is encrypted, but some resent leaks have shown the CIA may have tools that can break SSH.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #181

Which type of query languages would use SELECT, DELETE, INSERT and DROP?
A: DDL.
B: DML.
C: DRP.
D: DDR.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


B: Data Manipulation Language (DML). Used for selecting, inserting, deleting and updating data in a database. Common DDL statements are SELECT, DELETE, INSERT, UPDATE.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading