CISSP Practice question #311

Jane is talking to a friend and is explaining what digital signatures does. Which of these could be something she could tell her friend, is one of the main reasons we use digital signatures?
A: Confidentiality.
B: Availability.
C: Integrity.
D: Authentication.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer


C: Digital Signatures: Provides Integrity and Non-Repudiation.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #310

If we have mantraps in our environment, what should they do?
A: Fail open.
B: Fail shut.
C: Prevent exit in an emergency.
D: Prevent exit always.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer


A: Mantraps should be designed to allow safe evacuation in case of an emergency. (Remember that people are more important to protect than stuff.)

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #309

After a disaster at our primary site we are restoring functionality at our Disaster Recovery (DR) site. Which applications would we get up and running last?
A: Least critical.
B: Most critical.
C: The most resource intensive.
D: The least resource intensive.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests –

Answer


A: The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Recovery team (failover): Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #308

Which type of audit could we use to ensure our employees are following our policies?
A: Review user logs.
B: Review management.
C: Self reviews.
D: White box testing.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests –

Answer


A: We would want to review user logs to see if they are following our policies.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #307

Which of these would be common attacks focused on compromising our availability?
A: DDOS.
B: Social engineering.
C: Viruses.
D: All of these

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


A: For data availability we use: IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (RAID), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLA’s – How high uptime to we want (99,9%?) – (ROI) Threats: Malicious attacks (DDOS, physical, system compromise, staff, wireless jamming). Application failures (errors in the code). Component failure (hardware).

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #306

Which authentication method would use something you are expected to have?
A: Type 1.
B: Type 2.
C: Type 3.
D: Type 0.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests –

Answer


B: Something you have – Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #305

Which of these would not be an acceptable form of dealing with remanence?
A: Disk shredding.
B: Degaussing.
C: Overwriting.
D: Deleting files.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests –

Answer


D: Deleting a file just removes it from the table; everything is still recoverable.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #304

If we have 100 users in our organization that is needing to all communicate securely with each other. Would symmetric or asymmetric encryption use the highest number of encryption keys?
A: Asymmetric.
B: Symmetric.
C: They would use the same number of keys.
D: We would need more information to be able to tell.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests –

Answer


B: Symmetric would use 4950 keys (100x(100-1))/2, asymmetric uses 2 keys per person so 200 keys.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #303

Looking at our information security governance, who would approve and sign off on our policies?
A: Senior management.
B: The IT teams.
C: IT security.
D: IT management.

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


A: Policies are mandatory, they are high level and non-specific. They are contain “Patches, updates, strong encryption”, but they will not be specific to “OS, encryption type, vendor technology”. They are approved and often written by senior management.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #302

If we are wanting to implement a governance standard and control framework focused on IT service management. Which of these should we implement?
A: COBIT.
B: ITIL.
C: COSO.
D: FRAP

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests –

Answer


B: ITIL (Information Technology Infrastructure Library) focuses on ITSM (IT Service Management).

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading