CISSP Practice Questions - All CISSP Domains 120Q - 2022 #3 (1 of 2 / Anthony Today)

Question 1

What topology would accurately describe Ethernet?

A. A ring
B. A star
C. A mesh
D. A bus

Answer 1

D. A bus

Explanation:
Don’t confuse physical representation of a network (inter-connection of devices) and the way they communicate. On an Ethernet network, devices can all communicate on the same bus simultaneously, and the Ethernet protocol manages the collisions by requesting the participants to reiterate their communication after a random time buffer.

Question 2

Which of the following activities is not a consideration during data classification?

A. Who can access the data
B. What the impact would be if the data was lost or breached
C. How much the data cost to create
D. What protection regulations may be required for the data

Answer 2

C. How much the data cost to create

Explanation:
Who can access the data and what regulatory or compliance requirements cover the data are important considerations, but do not address the question. However, the cost of the data is not directly included in the classification process. Instead, the impact to the organization if the data were exposed or breached is considered.

Question 3

What software development model would be represented in a clearly defined sequence of activities, with no changes to the requirements until the product is being tested?

A. Waterfall
B. Agile
C. Lean
D. Spiral

Answer 3

A. Waterfall

Explanation:
The scenario described here is the waterfall approach because it lays out the development process in a rigid environment where requirements don’t change. Less and less environments are suitable for such development processes.

Question 4

What software development model would be represented with multiple loops, representing daily activities as well as larger deliveries?

A. Waterfall
B. Agile
C. Lean
D. Spiral

Answer 4

B. Agile

Explanation:
The waterfall approach does not iterate through the entire process repeatedly but rather only allows movement backward and forward one stage. A spiral model of software development. In this approach, developers use multiple iterations of a waterfall-style software development process. The agile approach to software development focuses on iterative improvement, and is composed of daily development activities, which are themselves part of sprints that can cover 15 to 30 days of work. Finally, Lean is a process improvement methodology and not a software development model.

Question 5

Lembele is a mid-sized business focusing on building automation systems. They host a panel of local file servers in their on-premises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Christelle works in the Lembele IT department and is responsible, amongst others, for designing and implementing the organization’s backup strategy. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Lembele experienced a server failure at 3 p.m. on Wednesday. Christelle rebuilds the server and wants to restore data from the backups. What backup should Christelle apply to the server first?

A. Sunday’s full backup
B. Monday’s differential backup
C. Tuesday’s differential backup
D. Wednesday’s differential backup

Answer 5

A. Sunday’s full backup

Explanation:
Given the description of the situation, the first restoration should Sunday’s full backup, follow-up by the latest backup (Tuesday’s).

Question 6

What type of motion detector senses alterations in the electromagnetic fields in monitored areas?

A. Infrared
B. Wave Pattern
C. Capacitance
D. Photoelectric

Answer 6

C. Capacitance

Explanation:
From the listed option, the capacitance motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.

Question 7

You work as a contract to the US government on a defense project, and deal with secret data. You would like to reuse the equipment from a decommissioned infrastructure that used to host top secret data, but you have been informed that internal policies prevent you from doing so. What can’t you request a degaussing of these equipment instead of building a business case to invest in a new infrastructure?

A. Data permanence may be an issue
B. Data remanence is a concern
C. Degaussing equipment may cause sensible damage to hardware
D. Data from tapes cant be erased by degaussing

Answer 7

B. Data remanence is a concern

Explanation:
The biggest issue highlighted here is the risk of data remanence on the equipment, specifically because the previous project dealt with top secret data. Although from a pure financial perspective the investment in a new infrastructure may be more costly, running the risk of unauthorized access to top secret data bears a higher risk.

Question 8

Eric is troubleshooting an issue with his organization’s SIEM reporting. He has been told that the servers have recently been rebooted, but he notices that there are inconsistencies in the log timestamps. Which protocol could help to address this issue?

A. SSH
B. FTP
C. TLS
D. NTP

Answer 8

D. NTP

Explanation:
Transport Layer Security (TLS) is an encryption process used to protect information in transit over a network. The Secure Shell (SSH) protocol provides encrypted administrative connections to servers. The Network Time Protocol (NTP) allows the synchronization of system clocks with a standardized time source. Finally, the File Transfer Protocol (FTP) is used for data exchange.

Question 9

The company that Ludovic works for is reviewing the security of their company issued cell phones. They issue 4G capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. Ludovic is concerned about the company data that would still be on the phone in the case it would be lost or stolen. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What could be a situation that would cause a remote wipe of a mobile phone to fail?

A. The phone has a passcode on it
B. The phone cannot contact a network
C. The provider has not unlocked the phone
D. The phone is in use

Answer 9

B. The phone cannot contact a network

Explanation:
Remote wipe solutions are designed to wipe data from the phone regardless of whether it is in use or has a passcode. Providers unlock phones for use on other cellular networks rather than for wiping or other feature support. Remote wipe tools are a useful solution, but they only work if the phone can access either a cellular or Wi-Fi network.

Question 10

When Benoit verifies an individual’s identity and adds a unique identifier like a user ID to an identity system, what process has occurred?

A. Identity Proofing
B. Registration
C. Directory management
D. Session mangement

Answer 10

A. Identity Proofing

Explanation:
Proofing occurs when the user provides information to prove who they are. Directories are managed to maintain lists of users, services, and other items. Session management tracks application and user sessions. Registration is the process of adding a user to an identity management system. This includes creating their unique identifier and adding any attribute information that is associated with their identity.

Question 11

What term is not used to describe a privileged mode of system operation?

A. User mode
B. Kernel mode
C. Supervisory mode
D. System mode

Answer 11

A. User mode

Explanation:
User mode is an unprivileged mode. Kernel mode, supervisory mode, and system mode are all terms used to describe privileged modes of system operation.

Question 12

You prepare a business continuity plan for your organization. What value should you try to minimize?

A. AV
B. SSL
C. RTO
D. MTO

Answer 12

C. RTO

Explanation:
The Recovery Time Objective (RTO) is the amount of time needed to restore normal business operations, and is the factor that you should try to minimize. AV is the asset value, SSL is a communication protocol, and Maximum Tolerable Outage is the maximum time a business can run with its services down.

Question 13

Your organization just established a new information security policy, and you recommend updating the password policy by including stronger password requirements. Which requirement would provide stronger resilience against brute-force attacks?

A. Change maximum age from 1 year to 180 days
B. Increase the minimum password length from 8 characters to 16 characters
C. Increase the password complexity so that at least three character classes are required
D. Retain a password history of at least four passwords to prevent reuse

Answer 13

B. Increase the minimum password length from 8 characters to 16 characters

Explanation:
The longer the password the less efficient are brute-force attacks. Thus, a single character increase in a password increases the complexity by 26 variants. All requirements listed here increase the complexity, but the password length has the greatest impact.

Question 14

You are sitting in a meeting with your colleagues, and the core of the discussion is related to the responsibilities about the data collected by the firm. Which individual bears the ultimate responsibility for data protection tasks?

A. Data owner
B. Data custodian
C. User
D. Auditor

Answer 14

A. Data owner

Explanation:
The data owner typically delegates some tasks to one or more data custodians, but the data owner, usually a senior manager, bears the ultimate responsibility for data protection tasks.

Question 15

You are troubleshooting an issue after having been reported that users are experiencing network and system slowness. As part of the early steps that you take, you try to identify the scope of the issue. You have a list of the servers in your infrastructure and try to determine patterns and commonalities based on the users feedback you received. You believe that some of the servers have been compromised and are creating troubles on the network. Which information would allow you to determine the servers affecting the network?

A. Netflow records
B. IDS logs
C. Authentications logs
D. RFC logs

Answer 15

A. Netflow records

Explanation:
Netflow records contain an entry for every network communication session that took place on a network and can enable you to shortlist the servers that affect your network performances. RFC logs and authentication logs would not have records of any network traffic. Intrusion Detection Systems (IDS) logs may contain a relevant record but would not have all communications.

Question 16

What type of key does WEP use to encrypt wireless communications with the aim to prevent eavesdropping?

A. An asymmetric key
B. Unique key sets for each host
C. A predefined shared static key
D. Unique asymmetric keys for each host

Answer 16

C. A predefined shared static key

Explanation:
Wired Equivalent Privacy (WEP) is based on symmetric encryption, and leverages a static key being shared among the actors of the communication. WEP is considered as a weak encryption practice, and studies show that little effort is required to intercept the communications.

Question 17

Before releasing a new software version to production you follow the software development lifecycle requirements that mandate you to run a vulnerability scanning test. You are running the Nitko tool against the web server where you plan to deploy the software and a flag about the directory name /test. What is the reason?

A. The /test directory allows administrative access to PHP
B. It is used to store sensitive data
C. Test directories often contain scripts that can be misused
D. It indicates a potential compromise

Answer 17

C. Test directories often contain scripts that can be misused

Explanation:
In general, test directories, or temp folders include scripts that were left over from the setup and may have poor protections. The tool flag directories that could contain data that may be misused. Although test directories are not commonly used to store sensitive data, there is a higher likelihood that they contain data that doesn’t need to be there once in production.

Question 18

Cyber security professionals have access to a panel of tools such as OpenVAS, Nessus and SAINT. What are these types of tools?

A. Port Scanners
B. Patch management suites
C. Port mappers
D. Vulnerability Scanners

Answer 18

A. Port Scanners

Explanation:
The common feature of these tools is port scanning. While some have some more advanced functionalities, port scanning is what they are all capable of.

Question 19

Your organization handles three types of data: information that it uses internally to conduct business, information that it shares with customers, and trade secret information that offers the organization significant competitive advantages. The information shared with clients is used and stored on web servers. The internal business data and the trade secret information are stored on internal file servers and employee workstations. Your organization is not a military affiliated department, and does not carry any defense related duties. What data classification model would be applied in this case?

A. Unclassified, confidential, top secret
B. Public, sensitive, private
C. Public, sensitive, proprietary
D. Public, confidential, private

Answer 19

C. Public, sensitive, proprietary

Explanation:
Given the scenario described, the classification model should be composed of the public, sensitive, proprietary categories. Confidential is a military classification, therefore, proprietary classification is generally preferred over a private classification.

Question 20

Users from your organization reported slowness of the systems earlier today, but the situation seems back to normal. For the reason that no specific action was taken by your team, you want to investigate this unexplained situation and get to the root cause. Based on the information already gathered, a large volume of encrypted communication left your organization. What would be the best approach to clarify what happened and shed some light on the root cause of this incident?

A. Packet Captures
B. Netflow data
C. Intrusion detection system logs
D. Centralized authentication records

Answer 20

B. Netflow data

Explanation:
Analyzing Netflow data includes the source, destination, and size of all communication, which enables the shortlisting of the involved hosts. This option provides you the most information, while all the others will give you only isolated data points that won’t be necessarily linked together.

Question 21

Software threat modeling aims, amongst others, to identify threats. Which of the following is not a goal of software threat modeling?

A. Reducing the number of security-related design flaws
B. To reduce the number of security-related coding flaws
C. Lower the severity of non-security related flaws
D. Limit the number of threat vectors

Answer 21

D. Limit the number of threat vectors

Explanation:
In its essence, software threat modeling is designed to reduce the number of security-related design, coding flaws and the severity of other flaws. Because it is commonly agreed that threats are external to the organization, developers have no control over the threat environment.

Question 22

You are well rounded with sanitization methods of backup tapes using magnetic bands. However, what is the best method to sanitize a solid-state drive (SSD)?

A. Clearing
B. Zero Fill
C. Disintegration
D. Degaussing

Answer 22

C. Disintegration

Explanation:
Clearing and degaussing are not effective techniques to sanitize an SSD, and zero filling will for sure impact the performance of the SSD in the long run. Thus, the best method is the disintegration of the SSD.

Question 23

Your company is handling data from clients in Germany and Saudi Arabia. Which of the following is not one of the European Union’s General Data Protection Rule principles?

A. Information must be processed fairly
B. Information has to be deleted within one year of acquisition
C. Information shall be maintained securely
D. It is preferred to have accurate information

Answer 23

B. Information has to be deleted within one year of acquisition

Explanation:
GDPR came into action in May 2018, and mandated a certain number of requirements, whereof the data must be processed fairly, maintained securely, and remain accurate. However, GDPR does not mandate the deletion of information after one year.

Question 24

What software development life-cycle model can be represented as a series of sequential steps that include feedback loops?

A. Spiral
B. Agile
C. Boehm
D. Waterfall

Answer 24

D. Waterfall

Explanation:
From the list of options, the waterfall model could be the only correct answer. In fact, the key characteristic of this model is a series of sequential steps, which include a feedback loop. These feedback loops enable the process to connect with the prior step when necessary.

Question 25

What technique relies on reviewing code without running it?

A. Fuzzing
B. Black box analysis
C. Static analysis
D. Gray box analysis

Answer 25

C. Static analysis

Explanation:
From the proposed options, only the static analysis is a process that reviews code without running it, because it relies on techniques like data flow analysis to review what the code does if it was run with a given set of inputs. On the other hand, black and gray box analyses aren’t forms of code review, but rather penetration testing techniques. Finally, fuzzing is based on submitting invalid or unexpected inputs to an application to see how the data is being handled. As this requires the application to run, it cannot be the answer to this question.

Question 26

Based on the queries sent to the database server, you are suspicious about the use of the data. More specifically, the functions used seem to summarize the data collected from the previous queries. What kind of function are these?

A. Inference
B. Polymorphic
C. Aggregate
D. Modular

Answer 26

C. Aggregate

Explanation:
Functions that summarize the information from prior queries are aggregate functions, Such an approach could enable an ill-intended user to get access to sensitive information. An inference is a deduction of information made from changing content. Polymorphic and modular are not function types.

Question 27

You address a question from a colleague complaining about slow system activities. While troubleshooting the issue on the user’s workstation, you notice that a large amount of social media traffic originates from the system. However, more concerning is the fact that the user does not use social media. The message exchanges are not readable in clear text. Based on your experience, what can be the cause of this traffic?

A. Other users are relaying social media requests through this users computer
B. This workstation is part of a botnet
C. The user doesnt tell the truth about social media usage
D. You’re not troubleshooting the correct workstation

Answer 27

B. This workstation is part of a botnet

Explanation:
Based on the described scenario, the computer was infected with malware and joined it to a botnet. Social media are commonly used as a command-and-control system for such botnet activities.

Question 28

NIST Special Publication 800-53A describes four types of objects that can be assessed. If you review the password standard of your organization, which of the four types of objects are you assessing?

A. A mechanism
B. A specification
C. An activity
D. An individual

Answer 28

B. A specification

Explanation:
You are looking after a specification. In general, specifications are document-based artifacts like policies or designs. Mechanisms are usually the firmware- hardware-, or software-based controls or systems in an information system.

Question 29

You are the owner of a website that provides information for high school students preparing for exams, and you reside in California, US. You are unsure whether the activities of this website falls under the jurisdiction of the Children’s Online Privacy Protection Act (COPPA). Under this law, from which age of the children do the parents no longer need to provide a prior consent to share the data?

A. 13
B. 15
C. 17
D. 18

Answer 29

A. 13

Explanation:
13 is the age limit of the children from which parents will no longer need to provide a prior consent to use their personal information.

Question 30

You are the network expert that explores the communications between two servers. What process adds a header and a footer to data received at each layer of the OSI model?

A. Attribution
B. Encapsulation
C. TCP Wrapping
D. Data hiding

Answer 30

B. Encapsulation

Explanation:
Encapsulation is the process described here. Attribution determines who or what performed a specific action. TCP wrapping takes place on host-based network access control systems, and data hiding is a technique leveraged in the development of applications.

Question 31

You are the quality assurance team lead of your company, and have knowledge about the panel of test cases executed as part of the black box testing approach. What type of report is generated after such a test?

A. A test coverage report
B. A penetration test report
C. A code coverage report
D. A line coverage report

Answer 31

A. A test coverage report

Explanation:
Black box testing is a type of penetration testing where the tester does not have prior knowledge about the system tested. Thus, such a test results in a penetration test report.

Question 32

As a security expert, you look for a robust authentication solution to grant access to the datacenter. What type of error occurs when a valid subject using a fingerprint authenticator is not authenticated?

A. Type 1 Error
B. Type 2 Error
C. Type 3 Error
D. Type 4 Error

Answer 32

B. Type 2 Error

Explanation:
Type 3 and Type 4 errors are not associated with fingerprint authentication. Type 1 errors occur when a valid subject is not authenticated. Type 2 errors occur when an invalid subject is incorrectly authenticated.

Question 33

You would like to enable users of your websites to connect with their Google accounts. Which technology should you consider?

A. Kerberos
B. LDAP
C. OpenID
D. SESAME

Answer 33

C. OpenID

Explanation:
OpenID is used, amongst others, by Google, and is a supported authentication standard that allows a user to leverage a single account to log into multiple sites. The other options listed here are not in line with Penelope’s expectations.

Question 34

Your friend was in charge of wiring the building some years ago and he recalls that the telecommunication setup he did put in place. What are the ISDN, DSL and cable modems types of technology?

A. Baseband
B. Broadband
C. Digital
D. Broadcast

Answer 34

B. Broadband

Explanation:
Cable models, ISDN and DSL are based on broadband technology and do support multiple simultaneous signals. By nature, they are analog, hence, digital and broadcast could not be the right answers. Baseband is used in the case of Ethernet connection.

Question 35

You are selecting a disaster recovery facility for your organization. The aim is to choose a facility that balances the time required to recover operations with the cost involved. What would be the most appropriate kind of facility?

A. Hot Site
B. Warm Site
C. Cold Site
D. Red Site

Answer 35

B. Warm Site

Explanation:
Based on the requirements set, the warm site would be the best choice. In fact, it would be a good balance between cost and recovery time. Both, the hot and cold sites, would have respectively faster and slow recovery time, but as well as high and low costs associated with their operations. In disaster recovery taxonomy, a red site is not a term generally used.

Question 36

You are an experienced penetration tester with multiple tools installed on your laptop. What tool should you use during the discovery phase?

A. Nessus
B. John
C. Nmap
D. Nikto

Answer 36

C. Nmap

Explanation:
During the discovery phase it would be recommended to use Nmap in order to discover the services that are responding to automated requests. Nikto and Nessus are tools to use during vulnerability scanning, and john is a password checker.

Question 37

You are the network administrator of your company and you discuss with some colleagues about an IP address that you saw on a server. You express concerns about it and request some clarifications. What type of address is 201.24.12.7?

A. A public IP address
B. An RFC 1918 address
C. An APIPA address
D. A loopback address

Answer 37

A. A public IP address

Explanation:
201.24.12.7 is a public IP address. APIPA addresses are assigned between 169.254.0.0 to 169.254.255.254. Such addresses can be encountered when the network services are getting errors on a system. RFC 1918 defines three classes of addresses with the following ranges 10.0.0.0 to 0.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. The 127.0.0.1 is a loopback address, and it is part of a reserved range 127.x.x.x. You will encounter this address when running locally hosted web servers, for example.

Question 38

You are in charge of the IT infrastructure of your company. Where would the data be most likely to be found at rest?

A. On the users workstation
B. On the connection between a workstation and a server
C. On the connection between the router and service provider
D. On the RAM when it is called by a kernel process

Answer 38

A. On the users workstation

Explanation:
From the listed options, the only place where data can be found at rest would be on the users’ workstations. In the other cases the data would either be in transit or in use.

Question 39

You own a brasserie and would like to provide wireless Internet service to your customers. The network setup is simple and it uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. You receive complaints from users because they experience strange behavior while browsing on their usual websites. How could it be that their credentials are being reused on other devices?

A. The password is shared by all users, making traffic vulnerable
B. A malicious user has installed a Trojan on the router
C. A user has ARP spoofed the router, making all traffic broadcast to all users
D. Open networks are unencrypted, making traffic easily sniffable

Answer 39

D. Open networks are unencrypted, making traffic easily sniffable

Explanation:
Based on the description of the situation, the communications on the wireless network are not encrypted, which allows the credentials of some sites to be sniffed if they were not handled securely by the websites.

Question 40

The processes of your company are being scrutinized following some recent issues. Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party?

A. internal auditors
B. Penetration testers
C. External auditors
D. Employees who design, implement and monitor the controls

Answer 40

C. External auditors

Explanation:
External auditors are expected to provide an unbiased and impartial view of an organization’s controls to third parties. Penetration tests are assessing technical controls with the aim to discover vulnerabilities in the system.

Question 41

What are the following examples: files, databases, computers, programs, processes, devices, and media?

A. Subjects
B. Objects
C. File stores
D. Users

Answer 41

B. Objects

Explanation:
Although some of these items can be subjects, files, databases, and storage media can’t be. Processes and programs aren’t file stores, and of course none of these are users. All of these are objects.

Question 42

In your corporate network, how can you prioritize critical network traffic over web traffic browsing and social media use?

A. Implement VLANs
B. Implement QoS
C. Implement VPN
D. Implement ISDN

Answer 42

B. Implement QoS

Explanation:
QoS policies define which traffic is prioritized, and traffic is then handled based on the policy. Quality of service is a feature round on routers and other network devices that can prioritize specific network traffic.

Question 43

You are working as a cloud engineer and are looking after the virtual machines of the finance department. What infrastructure component has the ability to enforce the separation between virtual machines?

A. Guest Operating System
B. Hypervisor
C. Kernel
D. Protection Manager

Answer 43

B. Hypervisor

Explanation:
The hypervisor has the responsibility of coordinating access to physical hardware and enforcing isolation between different virtual machines running on the same physical platform.

Question 44

You are troubleshooting error messages on your production LDAP server. What type of monitoring should he use in the case that he wants to use the production servers and actual traffic for his test?

A. Active
B. Real Time
C. Passive
D. Replay

Answer 44

C. Passive

Explanation:
Active monitoring relies on synthetic or previously recorded traffic, and both replay and real time are not common industry terms used to describe types of monitoring. For the reason that the troubleshooting happens on production systems, it is preferred to conduct passive monitoring in order to avoid any impact on the normal operations.

Question 45

Under what type of software license does the recipient of software have an unlimited right to copy, distribute, modify, or resell a software package?

A. GNU Public License
B. Freeware
C. Open Source
D. Public Domain

Answer 45

D. Public Domain

Explanation:
From the listed option, only softwares released into the public domain can be used for any purpose.

Question 46

You are the network expert who looks after the flow of communication across the infrastructure of your organization. What open protocol was designed to replace RADIUS—including support for additional commands and protocols, replacing UDP traffic with TCP, and providing for extensible commands—but does not preserve backward compatibility with RADIUS?

A. TACACS
B. RADIUS-NG
C. Kerberos
D. Diameter

Answer 46

D. Diameter

Explanation:
Diameter was designed to provide enhanced, modern features to replace RADIUS. Kerberos is not a direct competitor for RADIUS, and TACACS is not an open protocol. Diameter provides better reliability and a broad range of improved functionality. RADIUS-NG is a made-up term.

Question 47

Which one of the following computing models allows the execution of multiple processes on a single processor by having the operating system switch between them without requiring modification to the applications?

A. Multitasking
B. Multiprocessing
C. Multiprogramming
D. Multithreading

Answer 47

A. Multitasking

Explanation:
The terminology of these terms are important because they allow us to be specific. Multiprocessing uses multiple processors to perform multiple processes simultaneously. Multithreading runs multiple threads within a single process. Multitasking handles multiple processes on a single processor by switching between them using the operating system. Multiprogramming requires modifications to the underlying applications.

Question 48

Let’s imagine that you have been working for the same company during the past six years, and evolved from a help desk role to system engineer to an application manager role. Each time that you changed position, new access rights have been given to you. What should concern about the activities of the identity management team in your company?

A. The provisioning process prevent you from working
B. You have excessive privileges
C. You are in a situation of privilege creep
D. Teams do not work together

Answer 48

C. You are in a situation of privilege creep

Explanation:
Based on the situation described, new access rights have been added to you over the years. The term describing such a situation is privilege creep.

Question 49

What is not a valid LDAP DN?

A.

Question 50

What classification levels is the U.S. government’s classification label for data that could cause serious damage?

A. Top Secret
B. Secret
C. Confidential
D. Classified

Answer 50

B. Secret

Explanation:
The U.S. government uses the label Secret for data that could cause serious damage if it was disclosed without authorization.

Question 51

What would be the simplest type of firewall design?

A. Single Tier
B. Two Tier
C. Three Tier
D. Next Generation

Answer 51

A. Single Tier

Explanation:
A single-tier firewall deployment is very simple and would neither allow subnet exchanges not even DMZ.

Question 52

Which one of the following is not a mode of operation for the Data Encryption Standard?

A. CBC
B. CFB
C. OFB
D. AES

Answer 52

D. AES

Explanation:
The Advanced Encryption Standard (AES) is a separate encryption algorithm. The DES modes of operation are Cipher Feedback (CFB), Electronic Codebook (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB), and Counter (CTR).

Question 53

You are the lead developer for an application and you plan to use a fuzzing tool that tests an application by developing data models and creating fuzzed data depending on how it is being handled by the application. Which type of fuzzing is that?

A. Mutation
B. Parametric
C. Generational
D. Derivative

Answer 53

C. Generational

Explanation:
Mutation based fuzzers are sometimes called “dumb” fuzzers because they simply mutate or modify existing data samples to create new test samples. Generational fuzzing is based on models for application input and conducts fuzzing attacks based on that information. Parametric and derivative are not part of the fuzzers taxonomy.

Question 54

You are working with the management team in your company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security are you trying to enforce?

A. Availability
B. Denial
C. Confidentiality
D. Integrity

Answer 54

C. Confidentiality

Explanation:
Reducing the likelihood of a data breach is an attempt to prevent unauthorized disclosure. Confidentiality controls prevent the disclosure of sensitive information to unauthorized individuals.

Question 55

You are based in Los Angeles and your friend just relocated to Paris. You would like to begin communicating using cryptography to protect the confidentiality of the communications. Your initial exchange digital certificates and plan to leverage asymmetric encryption for secure exchange of emails. What additional security goal could you achieve by using digital signatures in email exchanges?

A. Secrecy
B. Availability
C. Confidentiality
D. Nonrepudiation

Answer 55

D. Nonrepudiation

Explanation:
Digital signatures enforce nonrepudiation, which prevents an individual from denying that he or she was the actual originator of the message.

Question 56

You are working on a highly critical system on which a key business process is being executed. A process on a system needs access to a file that is currently in use by another process. What state will the process scheduler place this process in until the file becomes available?

A. Running
B. Ready
C. Waiting
D. Stopped

Answer 56

C. Waiting

Explanation:
The running state is used when a process is executing on the CPU, whereas the stopped state is called when a process terminates. The waiting state is used when a process is blocked waiting for an external event. The ready state is used when a process is prepared to execute, but the CPU is not available.

Question 57

Which method consists of exposing a media to a strong magnetic field to erase its data?

A. Magwipe
B. Degaussing
C. Sanitization
D. Purging

Answer 57

B. Degaussing

Explanation:
Degaussing uses strong magnetic fields to erase magnetic media. Purging is a form of clearing used on media that will be reused in a lower classification or lower security environment. Sanitization is a combination of processes used to remove data from a system or media to ensure that it cannot be recovered.

Question 58

SatTelco is a web content development company with 90+ employees located in two offices: one in Roma and another one in Rio de Janeiro. Each office has a local area network protected by a perimeter firewall. The LAN contains modern switch equipment connected to both wired and wireless networks. Each office has its own file server, and the IT team runs software every hour to synchronize files between the two servers, distributing content between the offices. These servers are primarily used to store images and other files related to web content developed by the company. The team also uses a SaaS-based email and document collaboration solution for much of their work. Many consultants are traveling between both offices, as they follow the needs of their clients. Finally, there are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add an integrity control that allows you to verify on a periodic basis that the files were not modified. What control can you add?

A. Hashing
B. ACLs
C. Read Only Attributes
D. Firewalls

Answer 58

A. Hashing

Explanation:
Firewalls are network security controls that are not concerns about the integrity of the data. Hashing allows you to computationally verify that a file has not been modified between hash evaluations. Read-only attributes and Access Control Lists can be leveraged for some controls, but are not specific to detect unexpected modifications of the data.

Question 59

NIST uses a five-step process for risk management. If the systems of an organization handle credit card information, what regulation does specifically apply to this organization?

A. PCI-DSS
B. FISMA
C. EU-US Privacy Shield
D. ISAE 3405

Answer 59

A. PCI-DSS

Explanation:
PCI DSS provides a set of required security controls and standards, applicable to organizations handling credit card information. The other regulations listed are applicable to different industries.

Question 60

You configured a RAID level 5 on a server that you operate with three disks. How many disks may fail without the loss of data?

A. 0
B. 1
C. 2
D. 3

Answer 60

B. 1

Explanation:
RAID 5 uses at least three disks, where the data is stripped over two disks while the third is used for parity. The RAID level 5 is also known as disk striping with parity. The technology allows the loss of a single disk.