CISSP Practice question #55

We have an agreement with another organization in our line of business, where we have a rack of our hardware in their data center and they have a rack in our data center. The racks are completely segmented off from the rest of the network, what are these agreements called?
A: Reciprocal.
B: Redundant.
C: Mobile site.
D: Subscription site.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Reciprocal Agreement site: Your organization has a contract with another organization that they will give you space in their data center in a disaster event and vise versa. This can be promised space or some racks with hardware completely segmented off the network there.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #54

In software acceptance testing, what is the purpose of user acceptance testing?
A: To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.
B: To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.
C: To ensure the software perform as expected in our live environment vs. our development environment.
D: To ensure the software is functional for and tested by the end user and the application manager.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: The User Acceptance test: Is the software functional for the users who will be using it, it is tested by the users and application managers.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #53

Each row in a relational database is called a/an:
A: Tuple.
B: Attribute.
C: Relation.
D: Schema.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: Relational model: Rows are also called records or tuples. Generally, each table/relation represents one entity type. The rows represent instances of that type of entity and the columns representing values attributed to that instance.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #52

Before upgrading a system or applying a patch, which type of backup will not interfere with backup cycle and allows us to do a full restore with a single tape.
A: Full backup.
B: Incremental backup.
C: Differential backup.
D: Copy backup.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: Copy backup: This is a full backup with one important difference, it does not clear the archive bit. Often used before we do system updates, patches and similar upgrades. We do not want to mess up the backup cycle, but we want to be able to revert to a previous good copy if something goes wrong.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #51

A pen tester calling an employee and explains how they are the CEO’s executive assistant and they need to do what they are told is:
A: Authority.
B: Intimidation.
C: Scarcity.
D: Familiarity.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Social engineering uses people skills to bypass security controls. Authority (someone you trust or are afraid of) – Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #50

When Jane is designing the specifications she is including technology and countermeasures for hurricanes, what type of disasters is the focused on?
A: Natural.
B: Man made.
C: Environmental.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Natural: Hurricanes, floods, earthquakes, blizzards, anything that is caused by nature.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #49

What would we encrypt when dealing with sensitive data?
A: USB drives.
B: Wireless access points.
C: Laptops.
D: All of these.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: When dealing with sensitive data we want to encrypt as much as possible while still keeping data availability acceptable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #48

Which of these would be a layer 2 broadcast address?
A: FF:FF:FF:FF:FF:FF
B: 255.255.255.255
C: 127.0.0.1
D: 0.0.0.0

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


A: Layer 2 uses MAC addresses, they use the FF:FF:FF:FF:FF:FF broadcast MAC address, routers do not pass.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #47

An artificial neural network tries to emulate a brain, which of these is not true about ANNs?
A: They can analyze images where they know a fact about, this could be “gecko” or “no gecko”, the more images they process the better they become at recognizing the fact.
B: They are mostly used in areas that are difficult to express in a traditional computer algorithm using rule based programming.
C: They are organized in layers, different layers perform different transformations on their input.
D: They use rule based programming and a lot of IF/THEN statements.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


D: ANNs do not use IF/THEN statements.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #46

Why would we not want to shut a compromised system down?
A: There could still be data on the hard disks, it will be lost if we shut the server down.
B: There could still be data in the non-volatile memory, it will be lost if we shut the server down.
C: There could still be data in the volatile memory, it will be lost if we shut the server down.
D: There could still be permitted users on the system.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


C: The digital (computer) forensics process: We need to be more aware of how we gather our forensic evidence, attackers are covering their tracks, deleting the evidence and logs. This can be through malware that is only in volatile memory, if power is shut off (to preserve the crime scene), the malware is gone and the evidence is lost.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading
1 2 3 18