CISSP Practice Questions - All CISSP Domains 120Q - 2022 #2 (1 of 2 / Anthony Today)

Question 1

Network communications rely on the exchange of information. What process makes TCP a connection-oriented protocol?

A. It works via network connections
B. It uses a handshake
C. It monitors for dropped connections
D. It uses a complex header

Answer 1

B. It uses a handshake

Explanation:
Transmission Control Protocol use of a handshake process to establish communications makes it a connection-oriented protocol. However, TCP does not monitor for dropped connections nor does the fact that it works via network connections make it connection-oriented.

Question 2

Darielle is an information security risk analyst for Scholes Agricultural Products. She looks after a fire suppression solution for the data center. Based on experts she consulted, a fire would destroy all equipment of the data center, but would not damage the structure of the building. Replacing the data center facility would cost 20 millions USD. If she installs a fire suppression solution, recovering from a fire damage would cost 7.5 millions USD. Based on the same expert, there is a risk of fire every 50 years in similar facilities. What is the exposure factor of fire for the data center?

A. 7.50%
B. 15.00%
C. 27.50%
D. 37.50%

Answer 2

D. 37.50%

Explanation:
An exposure factor (EF) is the potential percentage of loss to a specific asset if a specific threat is realized. In this scenario, it is the ratio of the damage (7.5 millions USD) over the overall data center replacement cost (20 millions USD), which results in 37.5%.

Question 3

Melinda selects a disaster recovery facility for her organization. One of the conditions, based on confidentiality reasons, is to remain independent from other organizations. Which DR setup would allow an activation in about a week after a disaster, while limiting costs?

A. Cold Site
B. Warm Site
C. Mutual assistance agreement
D. Hot site

Answer 3

B. Warm Site

Explanation:
A hot site is associated with a high cost, and mutual assistance agreement is excluded from the potential answers based on the described scenario. A warm site would have all the connection and equipment in place, but would still need to restore the systems as they were at the primary site. This recovery process may take a week. The cold site, although it is the least expensive option here, might take weeks to recover the operations because of the time required to get all equipment.

Question 4

Solen needs to ensure that the interactions between the components of her e-commerce application are all handled properly. She intends to verify communications, error handling, and session management capabilities throughout her infrastructure. What type of testing is she planning to conduct?

A. Misuse case testing
B. Fuzzing
C. Regression testing
D. Interface testing

Answer 4

D. Interface testing

Explanation:
Based on the scenario described, Solen conducts interface testing, which

Question 5

Jeff recently joined your team and asked you the following question: The DARPA TCP/IP model’s Application layer matches up to what three OSI model layers?

A. Application, Presentation, and Transport
B. Presentation, Session and Transport
C. Application, Presentation and Session
D. There is not a direct match. The TCP model was created before the OSI model

Answer 5

B. Presentation, Session and Transport

Explanation:
From the listed systems, Windows desktop systems do not general syslog events. However, they generate Windows native logs. In order to connect a Windows desktop to a SIEM solution, an application needs to be installed on the operating system.

Question 6

Which of the following options is not an access control layer?

A. Physical
B. Policy
C. Administrative
D. Technical

Answer 6

B. Policy

Explanation:
The Communications Assistance to Law Enforcement Act (CALEA) requires that all communications carriers make wiretaps possible for law enforcement officials who have an appropriate court order.

Question 7

You try to protect the infrastructure from any form of attack. Which form of malware spreads by exploiting vulnerabilities without the need of user intervention?

A. Trojan Horse
B. Virus
C. Logic Bomb
D. Worm

Answer 7

C. Logic Bomb

Explanation:
Tokens are hardware devices (something you have) that generate a one-time password based on time or an algorithm. They are typically combined with another factor like a password to authenticate users. Common Access Card (CAC) and Personal Identity Verification (PIV) cards are US government–issued smart cards.

Question 8

Considering that millions of packets are being exchanged on a network, what happens after a host on an Ethernet network detects a collision and transmits a jam signal?

A. The host that transmitted the jam signal is allowed to re transmit while all other hosts pause until that transmission is received successfully
B. All hosts stop transmitting, and each host waits a random period of time before attempting to transmit again
C. All hosts stop transmitting, and each host waits a period of time based on how recently it successfully transmitted
D. Hosts wait for the token to be passed and then resume transmitting data as they pass the token

Answer 8

A. The host that transmitted the jam signal is allowed to re transmit while all other hosts pause until that transmission is received successfully

Explanation:
Kernel mode, supervisory mode, and system mode are all terms used to describe privileged modes of system operation. Thus, user mode is not a privileged mode.

Question 9

Milene suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident?

A. NIDS
B. Firewall
C. HIDS
D. DLP

Answer 9

C. HIDS

Explanation:
From the listed options, the network intrusion detection systems (NIDSs), firewalls, and DLP systems are network-based and may not notice rogue processes. However, a host-based intrusion detection system (HIDS) would be able to detect unauthorized processes running on a system.

Question 10

Your Line Manager challenges you on a topic out of your comfort zone, but you are determined to make a good impression. What would be your answer to the following question: Which of the following is not a code review process?

A. Email pass-around
B. Over the shoulder
C. Pair programming
D. IDE forcing

Answer 10

D. IDE forcing

Explanation:
Pair programming requires two developers, only one of whom writes code while both collaborate. IDE forcing is not a type of code review; an IDE is an integrated development environment. Over-the-shoulder reviews require the original developer to explain her code to a peer while walking through it. It is considered as a social engineering technique. Email pass-around code reviews are done by sending code for review to peers.

Question 11

You work for a government agency that is required to meet U.S. federal government requirements for data security. What should you do with the data to make sure data is identifiable by its classification level?

A. Classify the data
B.Encrypt the data
C. Label the data
D. Apply DRM to the data

Answer 11

C. Label the data

Explanation:
In order for the data to be identifiable by its classification level, you need to label it. Thus classifying data is not sufficient because you are not identifying the data itself. Encrypting the data would be used in other circumstances. Digital Rights Management (DRM) tools provide the possibility to control the data while it is encrypted, and ensure confidentiality and integrity of the data.

Question 12

Although the Computer Fraud and Abuse Act is a criminal law, what is the threshold for malicious damage to a federal computer system that triggers it?

A. $500
B. $2,500
C. $5,000
D. $10,000

Answer 12

C. $5,000

Explanation:
The Computer Fraud and Abuse Act (CFAA) makes it a federal crime to maliciously cause damage over $5,000 to a federal computer system during any one-year period.

Question 13

You are working for an industrial production facility, and you have been required to protect the network against electromagnetic interference due to the devices operating around your wire closet. What network cabling should you use to avoid such perturbations?

A. 10Base2
B. 100BaseT
C. 1000BaseT
D. Fiber-optic

Answer 13

D. Fiber-optic

Explanation:
Fiber-optic is not subject to electromagnetic interference, while all the other options are.

Question 14

Kobe would like to access a remote file server through a VPN connection. He begins this process by connecting to the VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Kobe’s login attempt?

A. Kobe
B. VPN
C. Remote File Server
D. Files contained on the remote server

Answer 14

A. Kobe

Explanation:
In the subject/object model of access control, the user or process making the request for a resource is the subject of that request. In this example, Kobe is requesting access to the VPN (the object of the request) and is, therefore, the subject.

Question 15

At Merel Shipping, the access to the total sales volume information is classified as secret information. Nevertheless, a shipping clerk can access individual transactions in order to perform its duties. Recently, a shipping clerk accessed all transactions from a specific client during the previous quarter, and consolidated the information to get its total sales volume. How would you qualify such kind of attack?

A. Social engineering
B. Inference
C. Aggregation
D. Data diddling

Answer 15

C. Aggregation

Explanation:
In an aggregation attack, individual(s) use their access to specific pieces of information to piece together a larger picture that they are not authorized to access.

Question 16

Which of these formulas about risk is correct?

A. Risk = Threat * Vulnerability
B. Risk = Threat / Vulnerability
C. Risk = Asset * Threat
D. Risk = Asset / Threat

Answer 16

A. Risk = Threat * Vulnerability

Explanation:
Although a risk can be loosely defined in the literature, in this case, there is only one correct formula. Risks exist when there is an intersection of a threat and a vulnerability. This is described using the equation: Risk = Threat * Vulnerability.

Question 17

There is a general misalignment regarding the definition of a security event and a security incident. Nevertheless, from the following list of options, which one is a commonly agreed computer security incident?

A. Completion of a backup schedule
B. System access recorded in a log
C. Unauthorized vulnerability scan of a file server
D. Update of antivirus signatures

Answer 17

C. Unauthorized vulnerability scan of a file server

Explanation:
It is commonly agreed that security incidents negatively affect the confidentiality, integrity, or availability of information or assets and/or violate a security policy. Thus, an unauthorized vulnerability scan of a server does violate security policy and may negatively affect the security of that system, so it qualifies as a security incident. The other options listed here are common administrative routine tasks that should not be categorized as incidents.

Question 18

You are a security expert specialized in the assessment of financial systems. What type of identity systems use the X.500 standard?

A. Kerberos
B. Provisioning services
C. Biometric authentication systems
D. Directory services

Answer 18

D. Directory services

Explanation:
In a nutshell, the X.500 series of standards covers directory services. Thus, the other options listed here cover different aspects. Kerberos is described in RFCs. Biometric systems are described in multiple standards, including ISO. Provisioning services standards can be found in Service Provisioning Markup Language (SPML).

Question 19

You are searching for a network security solution that will allow you to reduce zero-day attacks while using identities to enforce a security policy on systems prior they connect to the network. Which solution should you implement?

A. A firewall
B. A NAC system
C. An intrusion detection system
D. Port security

Answer 19

B. A NAC system

Explanation:
Based on the options listed, Network Access Control (NAC) systems can be used to authenticate users and then validate their system’s compliance with a security standard before they are allowed to connect to the network. Enforcing security profiles can help reduce zero-day attacks, making NAC a useful solution. A firewall can’t enforce system security policies, whereas an IDS can only monitor for attacks and alarms when they happen. Thus, neither a firewall nor an IDS meets Calin’s needs. Finally, port security is a MAC address–based security feature that can only restrict which systems or devices can connect to a given port.

Question 20

Tarten is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of both, an intercepted message that is encrypted, and a copy of the decrypted version of that message. With this information, what attack type should he choose to retrieve the secret key?

A. Chosen ciphertext
B. Chosen plaintext
C. Known plaintext
D. Brute force

Answer 20

C. Known plaintext

Explanation:
Based on the listed options, only the known plaintext attack can be conducted with the information at hand.

Question 21

Mich recently implemented an intrusion prevention system (IPS) designed to block common network attacks from affecting his organization. What kind of risk management strategy is that?

A. Risk acceptance
B. Risk avoidance
C. Risk mitigation
D. Risk transference

Answer 21

C. Risk mitigation

Explanation:
Based on this description, the IPS solution plays an active role against network attacks, therefore it reduces the risk. Consequently, the right answer is risk mitigation because it reduces the likelihood of a successful attack.

Question 22

Nicolas is considering locating a business in the downtown area of Paris, France. He consults the floodplain map for the region and determines that the area lies within a 100-year floodplain. What is the ARO of a flood in this area?

A. 100
B. 1
C. 0.1
D. 0.0.1

Answer 22

D. 0.0.1

Explanation:
This question is straightforward, the annualized rate of occurrence (ARO) is the frequency at which you should expect a risk to materialize each year. In a 100-year flood plain, risk analysts expect a flood to occur once every 100 years, or 0.01 times per year.

Question 23

Your peers consider you as the network guru of the organization. They ask you the following question: ICMP, RIP, and network address translation all occur at what layer of the OSI model?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Answer 23

C. Layer 3

Explanation:
This is a pure knowledge question for which you need to remember the OSI model representation. Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), and network address translation (NAT) all occur at layer 3, the Network layer from the OSI model.

Question 24

What is the encryption standard used in the Advanced Encryption Standard?

A. Blowfish
B. Twofish
C. Rijndael
D. Skipjack

Answer 24

C. Rijndael

Explanation:
Again, this is a pure knowledge-based question. The Rijndael block cipher is the cryptographic algorithm underlying the Advanced Encryption Standard (AES).

Question 25

What type of attack is perpetrated by Anonymous when they use the Low Orbit Ion Cannon (LOIC) tool?

A. DDoS
B.Ionization
C. Zombie Hoard
D. Teardrop

Answer 25

A. DDoS

Explanation:
LOIC are Distributed Denial-of-Service (DDoS) attacks. In general such attacks start by compromising devices with low intelligence / sophistication, that will later be turned into mass attack weapons with the aim to render the victim’s system unavailable.

Question 26

From the following standardized authentication methodologies, which one is a ticket-based authentication protocol?

A. RADIUS
B. OAuth
C. SAML
D. Kerberos

Answer 26

D. Kerberos

Explanation:
From the listed option, only Kerberos is an authentication protocol that uses tickets and provides secure communications between the client, key distribution center (KDC), ticket-granting service (TGS), authentication server (AS), and endpoint services. RADIUS does not provide the same level of security by default, SAML is a markup language, and OAuth is designed to allow third-party websites to rely on credentials from other sites like Google or Microsoft.

Question 27

Dave is working on developing a project schedule for a software development effort, and he comes across a chart showing the proposed start and end dates for different activities. What type of chart is this?

A. Work breakdown structure
B. Functional requirements
C. PERT Chart
D. Gnatt Chart

Answer 27

D. Gnatt Chart

Explanation:
In general, A Gantt chart is representing the proposed start and end dates for different activities. It is developed based on the work breakdown structure (WBS), which is developed based on functional requirements. Program Evaluation Review Technique (PERT) charts show the project schedule as a series of numbered nodes.

Question 28

Laurent, your colleague from the Service Desk questions you about the authentication mechanisms used within the company. Which of the following is not part of a Kerberos authentication system?

A. KFC
B. TGT
C. AS
D. TS

Answer 28

D. TS

Explanation:
There is no TS in a Kerberos infrastructure. A key distribution center (KDC) provides authentication services, and ticket-granting tickets (TGTs) provide proof that a subject has authenticated and can request tickets to access objects. Authentication services (ASs) are part of the KDC.

Question 29

The (ISC)2 code of ethics applies to all CISSP holders, and strict understanding of the code of ethics is expected from you. From the options listed here, which is not a mandatory canon of the code of ethics?

A. Protect society, the common good , the necessary public trust and confidence, and the infrastructure
B. Disclose breaches of privacy, trust and ethics
C. Provide diligent and competent service to the principles
D. Advance and protect the profession

Answer 29

B. Disclose breaches of privacy, trust and ethics

Explanation:
The (ISC)2 code of ethics also includes “Act honorably, honestly, justly, responsibly, and legally” but does not specifically require credential holders to disclose all breaches of privacy, trust, or ethics.

Question 30

You are trying to prepare a disaster recovery tests that would allow the review of the plan without disrupting the business activities of your organization, while limiting the effort requested by the participants. What are you preparing?

A. Tabletop exercise
B. Parallel Test
C. Full interruption test
D. Checklist review

Answer 30

D. Checklist review

Explanation:
From the listed option, the checklist review is the least disruptive type of disaster recovery test. A tabletop exercise requires slightly more involvement, although there is no disruption of services. The parallel test and the full interruption tests require substantial efforts and therefore do not correspond at all to the described situation.

Question 31

If you implement a RAID 5 with three disks before installing a server on it, how many disks can fail before your server can’t operate anymore?

A. 0
B. 1
C. 2
D. 3

Answer 31

A. 0

Explanation:
RAID level 5 is also known as disk striping with parity. Thus, with three disks, the checksum of two disks is written on the third, making one out of three disks redundant. Consequently, only one disk can be lost before your server stops operating.

Question 32

If you design the disaster recovery plan for your organization, and you try to determine the amount of time that it will take to restore a specific IT service, what exactly are you determining for this service?

A. MTD
B. RTO
C. RPO
D. SLA

Answer 32

B. RTO

Explanation:
The recovery point objective (RPO) identifies the maximum amount of data, measured in time, that may be lost during a recovery effort. Service-level agreements (SLAs) are written contracts that document service expectations. The recovery time objective (RTO) is the amount of time expected to return an IT service or component to operation after a failure. The maximum tolerable downtime (MTD) is the longest amount of time that an IT service or component may be unavailable without causing serious damage to the organization.

Question 33

You discover that a user on your network has been using the Wireshark tool, and you believe that its usage was for an illicit purpose. What principle of information security has this user violated?

A. Integrity
B. Denial
C. Availability
D. Confidentiality

Answer 33

D. Confidentiality

Explanation:
Wireshark is a protocol analyzer and may be used to eavesdrop on network connections. Eavesdropping is an attack against confidentiality.

Question 34

Your organization suffered from a material security breach, and your legal department exchanges information with an external service provider. From the following options, which forensic investigation type has the highest evidentiary standards?

A. Administrative
B. Criminal
C. Civil
D. Industry

Answer 34

B. Criminal

Explanation:
Industry is a made-up name and does not correspond to any forensic investigation type. Criminal forensic investigations typically have the highest standards for evidence, as they must be able to help prove the case beyond a reasonable doubt. Administrative investigations merely need to meet the standards of the organization and to be able to be defended in court, while civil investigations operate on a preponderance of the evidence.

Question 35

By setting up an application firewall through the management plane of your IaaS provider, you are trying to limit the attack footprint of your environment. Looking at it from a risk management perspective, what are you trying to reduce?

A. Impact
B. RPO
C. MTO
D. Likelihood

Answer 35

D. Likelihood

Explanation:
Installing a device that will block attacks is an attempt to lower risk by reducing the likelihood of a successful application attack.

Question 36

If access control is the first step of an exchange, what are the factors that access control rely on to guarantee accountability?

A. Identification and authorization
B. Authentication and authorization
C. Identification and authentication
D. Accountability and authentication

Answer 36

C. Identification and authentication

Explanation:
Access control systems rely on identification and authentication to provide accountability. Effective authorization systems are desirable, but not required, since logs can provide information about who accessed what resources, even if access to those resources is not managed well. Of course, poor authorization management can create many other problems.

Question 37

CISSP holders are expected to strictly follow the code of ethics. Which one of the following is not a canon of the (ISC)2 code of ethics?

A. Protect society, the common good, necessary public trust and confidence and the infrastructure
B. Promptly report security vulnerabilities to relevant authorities
C. Act honorably, honestly, justly, responsibly and legally
D. Provide diligent and competent service to principals

Answer 37

B. Promptly report security vulnerabilities to relevant authorities

Explanation:
The four canons of the (ISC)2 code of ethics are to protect society, the common good, necessary public trust and confidence, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession.

Question 38

Reporting security metrics is absolutely key to enable your stakeholders in taking a decision. Which of the following is not a valid use for key risk indicators?

A. Provide warnings before issues occur
B. Provide real-time incident response information
C. Provide historical views of past risks
D. Provide insight into risk tolerance for the organization

Answer 38

B. Provide real-time incident response information

Explanation:
While key risk indicators can provide useful information for organizational planning and a deeper understanding of how organizations view risk, KRIs are not a great way to handle a real-time security response. Monitoring and detection systems like Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM), and other tools are better suited to handling actual attacks.

Question 39

You are developing a software that records eye movement patterns that will be leveraged by the EV systems that you are improving. From the following options, which one would allow you to design new software tests and ensure the quality of the tests before you release the software into production?

A. Code auditing
B.. Static code analysis
C. Regression testing
D. Mutation testing

Answer 39

D. Mutation testing

Explanation:
From the listed options, code auditing is an analysis of the source code, static code analysis, as its name indicates, does the same. Regression testing will check whether your new release will pass the same tests as previously. Finally, mutation testing modifies a program in small ways and then tests that mutant to determine whether it behaves as expected.

Question 40

Your manager suggests retiring the fleet of multifunction printers, but you have some concerns that they can’t be directly picked up by a specialized third party because of the data that may still be stored on the built-in hard drives. What situation has just been described?

A. Data pooling
B. Failed clearing
C. Data permanence
D. Data remanence

Answer 40

D. Data remanence

Explanation:
Failed clearing and data pooling are not technical terms, and data permanence describes how long data last. Data remanence describes data that is still on media after an attempt has been made to remove it.

Question 41

Robert is a consultant who helps organizations create and develop mature software development practices. He prefers to use the Software Capability Maturity Model (SW-CMM) to evaluate the current and future status of organizations using both independent review and self-assessments. He is currently working with two different clients. Acme Widgets is not very well organized with its software development practices. They have a dedicated team of developers who do “whatever it takes” to get software out the door, but they do not have any formal processes. Beta Particles is a company with years of experience developing software using formal, documented software development processes. They use a standard model for software development but do not have quantitative management of those processes. What phase of the SW-CMM should Robert report as the current status of Beta Particles?

A. Defined
B. Repeatable
C. Optimizing
D. Managed

Answer 41

A. Defined

Explanation:
The Defined stage of the SW-CMM is marked by the presence of basic life-cycle management processes and reuse of code. It includes the use of requirements management, software project planning, quality assurance, and configuration management practices.

Question 42

If the access to a server has to be strictly controlled, which factors are key for user acceptance of a fingerprint identification system?

A. The FAR
B. The throughput rate and the time required to enroll
C. The CER and the ERR
D. How often users must re-enroll and the reference profile requirements

Answer 42

B. The throughput rate and the time required to enroll

Explanation:
A fingerprint identification system can face major usability challenges if the time to enroll is long (over a couple of minutes) and if the speed at which the fingerprint system is able to scan and accept or reject the user is too slow. FAR and FRR may be important in the design decisions made by administrators or designers, but they aren’t typically visible to users. CER and ERR are the same and are the point where FAR and FRR meet. Reference profile requirements are a system requirement, not a user requirement.

Question 43

You are in charge of the website of your fitness club, and you would like to ensure that it can cope with heavy traffic load. What tool can you use to monitor the performance of your website against simulated traffic?

A. Log analysis
B. Synthetic monitoring
C. Passive monitoring
D. Simulated transaction analysis

Answer 43

B. Synthetic monitoring

Explanation:
Log analysis is typically performed against actual log data but can be performed on simulated traffic to identify issues. Simulated transaction analysis is not an industry term. Synthetic monitoring uses emulated or recorded transactions to monitor for performance changes in response time, functionality, or other performance monitors. Passive monitoring uses a span port or other method to copy traffic and monitor it in real-time.

Question 44

During what phase of the IDEAL model do you determine where you are relative to where you want to be?

A. Initiating
B. Diagnosing
C. Establishing
D. Acting

Answer 44

B. Diagnosing

Explanation:
In the Diagnosing phase you perform an analysis to baseline your current practices and probe for potential improvement opportunities.

Question 45

During what phase of the IDEAL model do you execute the tasks according to plan?

A. Initiating
B. Diagnosing
C. Establishing
D. Acting

Answer 45

D. Acting

Explanation:
In the Acting phase you perform the work as planned

Question 46

Nowadays, attacks are leveraging a panel of scanning tools before starting to exploit identified vulnerabilities. SPIT attacks target what technology?

A. Virtualization platforms
B .Web services
C. VoIP Systems
D. Secure Process Internal Transfers

Answer 46

C. VoIP Systems

Explanation:
SPIT stands for Spam over Internet Telephony and targets Voice-over IP systems.

Question 47

To avoid being overwhelmed by the large volume of records maintained in your organization’s central log system, what technique can you use to select only a representative set of records?

A. Statistical sampling
B. Clipping
C. Choose the first 5% of records from each day
D. Choose 5% of records from the middle of the day

Answer 47

A. Statistical sampling

Explanation:
You can use statistical sampling techniques to choose a set of records for review that are representative of the entire day’s data. Clipping chooses only records that exceed a set threshold so it is not a representative sample. Choosing records based on the time they are recorded may not produce a representative sample because it may capture events that occur at the same time each day and miss many events that simply don’t occur during the chosen time period.

Question 48

In order to operate your e-commerce website, you are collecting the essential information to deliver the orders to your customers. What data role does a system that is used to process data have?

A. Mission Owner
B. Data owner
C. Data processor
D. Custodian

Answer 48

C. Data processor

Explanation:
Systems used to process data are data processors. Data owners are typically CEOs or other very senior staff, custodians are granted rights to perform day-to-day tasks when handling data, and mission owners are typically program or information system owners.

Question 49

You are a consultant working with a laptop at your client’s site. What protocol is preferred over Telnet for remote server administration via the command line?

A. SCP
B. SFTP
C. WDS
D. SSH

Answer 49

D. SSH

Explanation:
Secure Shell (SSH) is an encrypted protocol for remote login and command-line access. SCP and SFTP are both secure file transfer protocols, while WDS is the acronym for Windows Deployment Services, which provides remote installation capabilities for Windows operating systems.

Question 50

You have been requested to deploy a network device to interconnect two networks and you want to be able to control the traffic that flows through that device. What is the network equipment that you will use?

A. A switch
B. A bridge
C. A gateway
D. A router

Answer 50

D. A router

Explanation:
This is a basic networking question. A router is designed to control the traffic on a network and between networks. A bridge would interconnect two different networks, while a switch does not have the basic abilities to control the traffic. Finally, a gateway is used to connect networks through a specific protocol by transforming the traffic flowing through it.

Question 51

You are investigating a strange activity detected on one of the production servers. Based on your knowledge, which kind of malware spreads from system to system without user intervention?

A. Trojan horse
B. Virus
C. Logic Bomb
D. Worm

Answer 51

D. Worm

Explanation:
Viruses and Trojan horses typically require user interaction to spread. Logic bombs do not spread from system to system but lie in wait until certain conditions are met, triggering the delivery of their payload. Worms have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access.

Question 52

Robert is a consultant who helps organizations create and develop mature software development practices. He prefers to use the Software Capability Maturity Model (SW-CMM) to evaluate the current and future status of organizations using both independent review and self-assessments. He is currently working with two different clients. Archelor is not very well organized with their software development practices. They have a dedicated team of developers who do “whatever it takes” to get software out the door, but they do not have any formal processes. NetFusionIT Particles is a company with years of experience developing software using formal, documented software development processes. They use a standard model for software development but do not have quantitative management of those processes. Robert is working with Archelor on a strategy to advance their software development practices. What SW-CMM stage should be their next target milestone?

A. Defined
B. Repeatable
C. Initial
D. Managed

Answer 52

B. Repeatable

Explanation:
The Repeatable stage is the second stage in the SW-CMM, following the Initial stage. It should be the next milestone goal for Archelor. The Repeatable stage is characterized by basic life-cycle management processes.

Question 53

If a system processes data, what data role does it have?

A. Mission owner
B. Data owner
C. Data processor
D. Custodian

Answer 53

C. Data processor

Explanation:
Systems used to process data are data processors. Data owners are typically CEOs or other very senior staff, custodians are granted rights to perform day-to-day tasks when handling data, and mission owners are typically program or information system owners.

Question 54

What encryption algorithm would you recommend to store data on an USB thumb drive?

A. TLS
B. SHA1
C. AES
D. DES

Answer 54

C. AES

Explanation:
SHA1 is a cryptographic hash, TLS is appropriate for data in motion, and DES is an outdated / insecure symmetric encryption method. Thus, AES is the only potential solution because it is a strong symmetric cipher that is appropriate for use with data at rest.

Question 55

You recently faced a cybersecurity incident that looks like a denial of service attack that came for an internal source. How would you qualify such an attack?

A. Espionage
B. Confidentiality Breach
C. Sabotage
D. Integrity breach

Answer 55

C. Sabotage

Explanation:
An attack committed against an organization by an insider, such as an employee, is known as sabotage. Espionage and confidentiality breaches involve the theft of sensitive information, which is not alleged to have occurred in this case. Integrity breaches involve the unauthorized modification of information, which is not described in this scenario.

Question 56

If you are trying to validate the identity of other organizations based on their domain name when receiving / sending an email, what tool would you use for that purpose?

A. PEM
B. S/MIME
C. DKIM
D. MOSS

Answer 56

C. DKIM

Explanation:
Domain Keys Identified Mail (DKIM) is designed to allow assertions of domain identity to validate emails. The other options, S/MIME, PEM, and MOSS are all solutions that can provide authentication, integrity, nonrepudiation, and confidentiality, depending on how they are used.

Question 57

You work in a department that labels removable media based on the data classification it contains. What is the reason that you label all data, including public data?

A. It is cheaper to order all prelabeled media
B. It prevents sensitive media from not being marked by mistake
C. It prevents reuse of public media for sensitive data
D. Labeling all media is required by HIPAA

Answer 57

B. It prevents sensitive media from not being marked by mistake

Explanation:
Labeling all media is good practice. If all media are labeled it prevents them from treating them inappropriately due to wrong assumptions.

Question 58

What type of firewall is capable of inspecting traffic at layer 7 and performing protocol-specific analysis for malicious traffic?

A. Application firewall
B. Stateful Inspection Firewall
C. Packet Filtering Firewall
D. Bastion Host

Answer 58

A. Application firewall

Explanation:
From the list of options, only the application firewalls add a layer 7 functionality to other firewall solutions, which includes the ability to inspect application-layer details such as analyzing HTTP, DNS, FTP, and other application protocols.

Question 59

The large business that Johnny works for has been using non-centralized logging for years. After deploying a centralized logging solution, he discovered that a potential breach involved a malicious insider. What would be a complementary solution to detect similar issues?

A. Deploy and use an IDS
B. Send logs to a central logging server
C. Deploy and use a SIEM
D. Use syslog

Answer 59

C. Deploy and use a SIEM

Explanation:
A Security Information and Event Management tool (SIEM) is designed to provide automated analysis and monitoring of logs and security events. A SIEM that receives access to logs can help detect and alert on events like logs being purged or other breach indicators. A central logging server can receive and store logs, but won’t help with analysis without taking additional actions. Syslog is simply a log format. An IDS can help detect intrusions, but IDSs are not typically designed to handle central logs.

Question 60

If your organization requires you to log in with your username, password, PIN and fingerprint, how many authentication factors have you to use?

A. One
B. Two
C. Three
D. Four

Answer 60

B. Two

Explanation:
There exist three types of authentication factors (something you know, something you have, something you are), of which two are used here. Password and PIN are type 1 factors, something you know. A fingerprint is a type 3 factor, something you are.