CISSP certification: Full 125 question practice test #4 - test 1 (Anthony Today) Flashcards
Looking at the logical ring model, where would we find a VM hypervisor?
A. -1
B. 3
C. 2
D. 0
A. -1
Explanation:
The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.
In software testing, we are doing synthetic transaction. What does that mean?
A. Passively test the code, but not run it
B. Build scripts and tools that would simulate normal user activity
C. Submit random malformed input to crash the software or elevate privileges
D. Test the code while executing it
B. Build scripts and tools that would simulate normal user activity
Explanation: Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.
During a security audit, we found some security issues that we need to address. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we implement to mitigate layer 2 threats?
A. Access Lists
B. Start using firewalls
C. Shut down open unused ports
D. Installing UPS’ in the data center
C. Shut down open unused ports
Explanation:
Layer 2 devices: Switches are bridges with more than 2 ports. Each port is it’s own collision domain, fixing some of the issues with collisions. Uses MAC addresses to direct traffic. Good switch security includes: Shutting unused ports down. Put ports in specific VLANs. Using the MAC Sticky command to only allow that MAC to use the port, either with a warning or shut command if another MAC accesses the port. Use VLAN pruning for Trunk ports.
John has installed a backdoor to your system and he is using it to send spam emails to thousands of people. He is using a C&C structure. What is your system?
A. A standalone bot
B. A botnet
C. A bot herder in a botnet
D. A bot in a botnet
D. A bot in a botnet
Explanation:
Bots and botnets (short for robot): Bots are a system with malware controlled by a botnet. The system is compromised by an attack or the user installing a Remote Access Trojan (game or application with a hidden payload). They often use IRC, HTTP or HTTPS. Some are dormant until activated. Others are actively sending data from the system (Credit card/bank information for instance). Active bots can also can be used to send spam emails. Botnets is a C&C (Command and Control) network, controlled by people (bot-herders). There can often be 1,000’s or even 100,000’s of bots in a botnet.
If we are using a qualitative risk analysis approach, which of these would we use?
A. Asset value
B. Cost per incident
C. Exposure factor
D. Risk analysis matrix
D. Risk analysis matrix
Explanation:
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.
A HMAC-based one-time password (HOTP) is an example of which type of authentication method?
A. Something you know
B. Something you have
C. Somewhere you are
D. Something you are
B. Something you have
Explanation:
Something you have - Type 2 Authentication: HOTP (HMAC-based one-time password): Shared secret and incremental counter, generate code when asked, valid till used.
On our workstations, we are implementing new security measures. As part of that, we will start blocking TCP port 20. Which protocol are we blocking?
A. SSH
B. FTP Data Transfer
C. FTP Control
D. Telnet
B. FTP Data Transfer
Explanation:
FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer - the actual data is sent here.
If we look at our Disaster Recovery Plan (DRP) for what to do when we are attacked, in which phase of incident management do we shut system access down?
A. Detection
B. Response
C. Preparation
D. Recovery
B. Response
Explanation:
Response: The response phase is when the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident. This can be taking a system off the network, isolating traffic, powering off the system, or however our plan dictates to isolate the system to minimize both the scope and severity of the incident. Knowing how to respond, when to follow the policies and procedures to the letter and when not to, is why we have senior staff handle the responses. We make bit level copies of the systems, as close as possible to the time of incidence to ensure they are a true representation of the incident.
In the TCP/IP model, packets are the Protocol Data Units (PDUs) of which layer?
A. Transport
B. Application
C. Internetworks
D. Link and Physical
C. Internetworks
Explanation:
Packets are the Protocol Data Units (PDUs) of the Internetwork layer of the TCP/IP model. (OSI layer 3 - Networking layer).
Which of these are COMMON attacks on trade secrets?
A. Software piracy
B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done
C. Counterfeiting
D. Someone using your protected design in their products
B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done
Explanation:
Trade Secrets. While a organization can do nothing if their Trade Secret is discovered, how it is done can be illegal. You tell no one about your formula, your secret sauce. If discovered anyone can use it; you are not protected.
Using highly targeted emails to senior management, an attacker has sent an email threatening a lawsuit if attached documents are not filled out and returned by a certain date. What is this an example of?
A. Vishing
B. Whale Phishing
C. MITM
D. Social Engineering
B. Whale Phishing
Explanation:
This is whale phishing, which is a social engineering attack. Whale Phishing (Whaling): Spear phishing targeted at senior leadership of an organization. This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.
Our networking department is recommending we use a baseband solution for an implementation. Which of these is a KEY FEATURE of those?
A. Only one system on the network can send one signal at a time
B. Both systems can send and receive at the same time
C. One way communication, one system transmits the other received, direction can be reversed
D. One way communication, one system transmits the other receives, direction cant be reversed
A. Only one system on the network can send one signal at a time
Explanation:
Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT” STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.
We are using one-time passwords that are pushed every 30 seconds to an application on our technical staff’s phones. Which type of tokens are we using?
A. TOTP
B. HOTP
C. ROTP
D. BOTP
A. TOTP
Explanation:
Something you have - Type 2 Authentication: TOTP (Time-based One-Time Password): Time based with shared secret, often generated every 30 or 60 seconds, synchronized clocks are critical.
We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and ultimately, if they can, admin access?
A. Gaining Access
B. Discovery
C. Escalate privileges
D. System Browsing
C. Escalate privileges
Explanation:
Escalate Privileges: Get higher level access, ultimately we want admin access.
Which of these could be an example of a type of corrective access control?
A. Patches
B. Encryption
C. Backups
D. Alarms
A. Patches
Explanation:
Corrective: Controls that Correct an attack – Anti-virus, Patches, IPS.
Which software development methodology uses prototypes in addition to, or instead of, design specifications.
A. XP
B. Prototyping
C. Scrum
D. RAD
D. RAD
Explanation:
RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.
What would we call social engineering through emails that target specific individuals, where the attacker has specific knowledge about the company?
A. Vishing
B. Phishing
C. Whale phishing
D. Spear phishing
D. Spear phishing
Explanation:
Spear Phishing: Targeted Phishing, not just random spam, but targeted at specific individuals. Sent with knowledge about the target (person or company); familiarity increases success.
Which of these is NOT a downside to enforcing software tokens on phones for multifactor authentication?
A. It is user friendly
B. Phones has to be changed
C. SIM Cloning
D. Phones can be lost
A. It is user friendly
Explanation:
Software tokens on phones are easy, user friendly, but also comes with some challenges. What can a user do if they lose the phone, if their SIM card is cloned, the phone is not charged, …
For our new startup, we are looking at different types of identity and access management. Which of these are COMMON types of that? (Select all that apply).
A. RBAC (Role Based Access Control) B. RUBAC (Rule Based Access Control) C. DAC (Discretionary Access Control) D. TRAC (Trust Ratio Access Control) E. MAC (Mandatory Access Control)
A. RBAC (Role Based Access Control)
C. DAC (Discretionary Access Control)
E. MAC (Mandatory Access Control)
Explanation:
In Identity and Access Management we can use DAC (Discretionary Access Control), which is often used when Availability is most important. Access to an object is assigned at the discretion of the object owner. MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position. RUBAC is based on IF/THEN statements (think older firewalls), and is not a type of Identity and Access Management. TRAC is .. well nothing, I made it up 0_o
What handles all access between objects and subjects in the computer kernel?
A. Superuser mode
B. Supervisor mode
C. Reference Monitor
D. User mode
C. Reference Monitor
Explanation:
The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. Microkernels are modular kernels. The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.
We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking?
A. NetBIOS name service
B. Microsoft Terminal Server (RDP)
C. NetBIOS datagram service
D. IMAP
D. IMAP
Explanation:
Internet Message Access Protocol (IMAP) uses TCP port 143.
In which type of software testing would we test the functionality of the code?
A. Regression Testing
B. Unit Testing
C. Integration Testing
D. Installation Testing
B. Unit Testing
Explanation: Unit testing: Tests that verify the functionality of a specific section of code. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. Usually written by developers as they work on code (white-box), to ensure that the specific function is working as expected.
Which type of authentication can also be used for identification?
A. Password
B. Fingerprint
C. PIN
D. Passport
D. Passport
Explanation:
In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.
As part of our disaster recovery planning, we are looking at an alternate site. We would want it to take us somewhere between 4 hours and 2-3 days to be back up operating on critical applications. Which type of Disaster Recovery site are we considering?
A. Cold Site
B. Warm Site
C. Hot Site
D. Redundant Site
B. Warm Site
Explanation:
Warm site: Similar to the hot site, but not with real or near-real time data, often restored with backups. A smaller but full data center, with redundant UPS’, HVACs, ISP’s, generators, … We manually fail traffic over, a full switch and restore can take 4-24 hrs.+.
An IPv4 address consists of how many bits?
A. 32 bit
B. 4 bit
C. 128 bit
D. 8 bit
A. 32 bit
Explanation:
IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32 bit integer binary.
Which of these could be a countermeasure we have in place that could help us recover after an incident?
A. Patches
B. Encryption
C. Intrusion detection systems
D. Backups
D. Backups
Explanation:
Recovery: Controls that help us Recover after an attack – DR Environment, Backups, HA Environments .
How would a US government agency be allowed to access company emails?
A. Anything done online
B. Your emails
C. Your internet history
D. Anything turned over voluntary
D. Anything turned over voluntary
Explanation:
Anything subpoena, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment. If it was legal will be decided in a court of law later. We need ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.
Which type of hacker is skilled and often alerts companies to vulnerabilities before publishing them?
A. Gray hat
B. Script kiddie
C. Black hat
D. White hat
A. Gray hat
Explanation:
Gray/Grey Hat hackers: They are somewhere between the white and black hats, they often alert the company so they can fix the flaw, if the company does nothing they then publish it flaw.
In which order does the CPU process work?
A. Fetch, decode, store, execute
B. Fetch, execute, decode, store
C. Fetch, decode, execute, store
D. Execute, fetch, decode, store
C. Fetch, decode, execute, store
Explanation:
CPU (Central Processing Unit): Fetch, Decode, Execute, Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction).
In our Disaster Recovery Plan (DRP), we could have listed the minimum hardware requirements for a certain system to function. What would that be called?
A. Minimum Operating Requirements (MOR)
B. MTTR
C. MTD
D. MTBF
A. Minimum Operating Requirements (MOR)
Explanation:
Minimum Operating Requirements (MOR) (Minimum Operating Requirements): The minimum environmental and connectivity requirements for our critical systems to function, can also at times have minimum system requirements for DR sites. We may not need a fully spec’d system to resume the business functionality.
When assigning sensitivity to our data, which of these should NOT be a factor?
A. What the data is worth
B.Where we will store the data
C. Who will have access to the data
D. How bad a data exposure would be
B.Where we will store the data
Explanation:
Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, where we store the data should not. If it is sensitive it should be stored in an appropriate location.
What can we do we do when a type 1 authentication is compromised?
A. Issue a new password
B. Issue a new ID Card
C. Stop use of that type of biometric for that employee or use another finger if fingerprint
D. Revoke the token
A. Issue a new password
Explanation:
Type 1 Authentication is something you know, this could be passwords, pass phrase, PIN etc. We would issue a new different password.
As part of our ongoing Disaster Recovery Planning, Bob is working on categorizing incidents. Which category would misconfigurations fall under?
A. Human
B. Environmental
C. All of these
D. Natural
A. Human
Explanation:
Human: Done intentionally or unintentionally by humans, these are by far the most common.
Which programming language uses short mnemonics like ADD and SUB, which is then matched to its full-length binary code?
A. Source code
B. Machine code
C. Assembler language
D. Compiler language
C. Assembler language
Explanation:
Assembler Language: Short mnemonics like ADD/SUB/JMP which is matched with the full length binary machine code, an assembler converts assembly language into machine language, a disassembler does the reverse.
When physically storing sensitive data in a secure way, which of these has slots where staff can easily slip sensitive paperwork into?
A. Data center
B. Depository
C. Vault
D. Wall Safe
B. Depository
Explanation:
A depository is a safe with slots or an opening where staff can add sensitive physical data. Think depositing money at the bank outside of their operating hours in the envelopes at the ATMs.
In our risk analysis, we know there is a risk, but we do not analyze how bad an impact would be. Which type of risk response is that an example of?
A. Risk avoidance
B. Risk transference
C. Risk rejection
D. Risk mitigation
C. Risk rejection
Explanation:
Risk Rejection – You know the risk is there, but you are ignoring it. This is never acceptable. (You are liable).
In our risk analysis, we are looking at the risk. What would that comprise of?
A. Threat x vulnerability
B. Threat * vulnerability * asset value
C. Threat + vulnerability
D. (threat * vulnerability * asset value) - countermeasures
A. Threat x vulnerability
Explanation:
Risk = Threat x Vulnerability.
In a risk analysis, we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?
A. ARO
B. ALE
C. SLE
D. TCO
D. TCO
Explanation:
Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)
In software testing, component interface testing would test what?
A. The functionality of a specific section of code
B. Processes and security alerts when encountering errors
C. Data handling passed between different units or subsystems
D. Interfaces between components against the software design
C. Data handling passed between different units or subsystems
Explanation:
Component interface testing: Testing can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units.
What is the relationship between plaintext and ciphertext is called?
A. Diffusion
B. Substition
C. Confusion
D. Permutation
C. Confusion
Explanation:
Confusion is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible.
Why would we choose to delete a user account after the employee leaves the organization?
A. Accountability traceability for events discovered later
B. Regulations
C. User’s privacy protection
D. Retention policy
C. User’s privacy protection
Explanation:
We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.
In our business improvement process, we are using the Capability Maturity Model (CMM). In which stages of the CMM model are processes defined? (Select all that apply).
A. Level 2 B. Level 5 C. Level 4 D. Level 3 E. Level 1
B. Level 5
C. Level 4
D. Level 3
Explanation:
CMM (Capability Maturity Model): The maturity relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined repeatable steps, to managed result metrics, to active optimization of the processes. From level and upwards we have clearly defined processes. Level 1: Initial Processes at this level that they are normally undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. Level 2: Repeatable. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.
We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?
A. Infrastructure as a Service (IaaS)
B. Software as a Service (SaaS)
C. Identity as a Service (IDaaS)
D. Platform as a Service (PaaS)
D. Platform as a Service (PaaS)
Explanation:
In public cloud PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.
In which part of the computer are all the calculations done?
A. CPU
B. ALU
C. ROM
D. CU
B. ALU
Explanation:
Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math.
If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?|
A. Private
B. Link-local
C. Loopback
D. Public
C. Loopback
Explanation:
IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.
What are Programmable Logic Controllers (PLCs) used for?
A. Controlling manufacturing processes
B. Computerized control system for a process or plant
C. High level control supervisory management
D. Monitor our servers, workstations and network devices
A. Controlling manufacturing processes
Explanation:
PLC (Programmable Logic Controllers) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes such as assembly lines, robotic devices or any activity that requires high reliability control, ease of programming and process fault diagnosis.
How can we safely we dispose of damaged SSD drives and ensure there is no data remanence?
A. Formatting
B. All of these
C. Shredding
D. Overwriting
C. Shredding
Explanation:
SSD drives: Formatting just deletes the file structure, most if not all files are recoverable. Since the drive is damaged we can’t overwrite it, we would need to rely on just shredding it.
We want our employees to be connected without interruptions wherever they go: break rooms, meeting rooms, and their desks. What would be the BEST to use?
A. Copper Ethernet
B. Wireless
C. Fiber Ethernet
D. Coax Copper
B. Wireless
Explanation:
To stay connected with employees roaming we need to not be connected to cables, wireless is the only option.
In CASE programming, designers use these categories of tools, EXCEPT which?
A. References
B. Environments
C. Tools
D. Workbenches
A. References
Explanation:
CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.
Type 2 authentication includes all these, EXCEPT which?
A. Password
B. Cookie
C. Passport
D. TOTP token
A. Password
Explanation:
Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). A password is something you know (type 1 factor).