CISSP Practice Test

Question 1

What is the correct definition of penetration testing?

Answer 1

test procedure performed by security professionals with management approval

Question 2

Based on the Federal Privacy Act of 1974, which type of permission must be obtained by a government agency to disclose private information that the agency collected?

Answer 2

• written permission

Question 3

You are researching computer crimes. All of the following are categories of this type of crime, EXCEPT:

• computer-targeted crime
• computer-commerce crime
• computer-incidental crime
• computer-assisted crime

Answer 3

• computer-commerce crime

Question 4

You have developed the information security policy for your organization. Which step should precede the adoption of this policy?

Answer 4

• obtaining management approval

Question 5

Which security threat often uses tracking cookies to collect and report on a user’s activities?

Answer 5

• spyware

Question 6

Which statement is true of symmetric cryptography?

Answer 6

• Symmetric cryptography is faster than asymmetric cryptography

Question 7

Your company must comply with a cybersecurity certification body’s requirements. Management has requested that you perform a test prior to applying for this certification. Which type of test should you perform?

Answer 7

• Perform an internal assessment or audit using personnel from within the company.

Question 8

You are the security administrator for your organization. A user in the IT department informs you that a print server was recently the victim of a teardrop attack. Which statement correctly defines the attack that has occurred?

Answer 8

• It involves the use of malformed fragmented packets and causes the target system to either freeze or crash

Question 9

What information is true of an information processing facility?

Answer 9

• Doors and frames should have the same fire rating

Question 10

Which type of virus is specifically designed to infect programs as they are loaded into memory?

Answer 10

• Resident virus

Question 11

Which type of channel is used when one process writes data to a hard drive and another process reads it?

Answer 11

• covert storage channel

Question 12

You are designing employee termination process guidelines. Which activity is NOT included in the employee termination process?

Answer 12

• signing a non-disclosure agreement

Question 13

A security technician reports to you that a file server is experiencing unscheduled initial program loads (IPLs). Which statement BEST explains this problem?

Answer 13

• The system is rebooting

Question 14

Your company has implemented a host-based intrusion detection system (HIDS). You have recently become concerned with your problems when these systems are implemented. What is a major problem when deploying this type of system?

Answer 14

• It must be deployed on each computer that needs it

Question 15

What does sending data across an insecure network, such as the Internet, primarily affect?

Answer 15

• confidentiality and integrity

Question 16

During which step of incident response does root cause analysis occur?

Answer 16

• review

Question 17

What is used in evolutionary computing?

Answer 17

• genetic algorithms

Question 18

Which statement is true of a multilevel security mode?

Answer 18

• The multilevel security mode involves the use of sensitivity labels

Question 19

Which statement is NOT true regarding multicast transmissions?

Answer 19

• A message has one source and destination address

Question 20

Which statement is true of the dedicated security mode?

Answer 20

• All users have the clearance and formal approval required to access all of the data

Question 21

Which security principle identifies sensitive data and ensures that unauthorized entities cannot access it?

Answer 21

• confidentiality

Question 22

Which access control model uses the star (*) integrity axiom and the simple integrity axiom?

Answer 22

• Biba model

Question 23

What is a physical barrier that acts as the first line of defense against an intruder?

Answer 23

• a fence

Question 24

Given two messages, M1 and M2, what is the LEAST likely outcome when using the same one-way hash function, H, to encrypt the messages?

Answer 24

• H(M1) = H(M2)

Question 25

Which type of malicious code is hidden inside an otherwise benign program when the program is written

Answer 25

• Trojan horse

Question 26

Your network allows remote users to connect over the Internet. Recently, hackers have attempted to breach your network. Management has decided to implement an authentication method that checks both ends of a connection. Which authentication method should you implement?

Answer 26

• mutual authentication

Question 27

The business continuity team is interviewing users to gather information about business units and their functions. Which part of the business continuity plan includes this analysis?

Answer 27

• business impact analysis (BIA)

Question 28

An organization wants to implement the access control model that is the easiest to administer. Which access control model should they use?

Answer 28

• RBAC

Question 29

You have been asked to implement network monitoring that detects any changes or deviations in network traffic. Which type of monitoring are you implementing?

Answer 29

• anomaly-based

Question 30

Which notebook is most preferred during the course of investigation in legal record keeping?

Answer 30

• bound notebook

Question 31

Your organization has a fault-tolerant, clustered database that maintains sales records. Which transactional technique is used in this environment?

Answer 31

Online transaction processing (OLTP) is used in this environment. OLTP is a transactional technique used when a fault-tolerant, clustered database exists. OLTP balances transactional requests and distributes them among the different servers based on transaction load. OLTP uses a two-phase commit to ensure that all the databases in the cluster contain the same data.

Question 32

Which statement correctly defines dynamic data exchange (DDE)?

Answer 32

• DDE allows multiple applications to share and exchange the same set of data

Question 33

At which OSI layer does an active hub function?

Answer 33

• Physical

Question 34

Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?

Answer 34

• NIDS analyzes encrypted information

Question 35

Which statement is true of the information flow model?

Answer 35

• The information flow model allows the flow of information within the same security level

Question 36

During which step of the NIST SP 800-137 are the decisions on risk response made?

Answer 36

• Respond to findings

Question 37

Your organization has decided to implement a network-based intrusion detection system (NIDS). What is the primary advantage of using this type of sytem?

Answer 37

• low maintenance

Question 38

Which of the following is not part of the Penetration Test?

Answer 38

• Implementation of Controls

Question 39

Which attack is NOT directed ONLY at virtual machines?

Answer 39

• MITM

Question 40

A customer has requested a computer with a Clipper Chip. What is a Clipper Chip?

Answer 40

• It is an encryption chip

Question 41

You are the security administrator for an organization. Management decides that all communication on the network should be encrypted using the data encryption standard (DES) algorithm. Which statement is true of this algorithm?

Answer 41

• A Triple DES (3DES) algorithm uses 48 rounds of computation

Question 42

Which statement is true of covert channels?

Answer 42

• A covert channel is not controlled by a security mechanism

Question 43

Your company is establishing new employment candidate screening processes. Which of the following should be included?

a) check all references
b) verify all education
c) review military records and experience
d) perform a background check

Answer 43

• all of the options

Question 44

Which type of application serves as a core for the business operations of an organization?

Answer 44

• a critical application

Question 45

Which attack sends unsolicited messages over a Bluetooth connection?

Answer 45

• blue jacking

Question 46

Which is true of administrative law?

Answer 46

• Administrative law emphasizes the performance and conduct of organizations

Question 47

Which entity must certify the public key pair of a root CA?

Answer 47

• the root CA

Question 48

Your company decides that a new software product must be purchased to help the marketing staff manage campaigns and the resources used. During which phase of the software acquisition process do you document the software requirements?

Answer 48

• Planning phase

Question 49

You are the incident investigator for your organization. You need to create two images of a file server’s hard drive. The incident investigation procedures state that you need to ensure that the new media is properly purged.

What should you do to meet this requirement?

Answer 49

• Ensure that the new media does not contain any residual data

Question 50

Which processes control the flow of information in the lattice-based access control (LBAC) model?

Answer 50

• least upper and greatest lower bound operators

Question 51

Which security principle in the Bell-LaPadula model prevents the security level of subjects and objects from being changed once they have been created?

Answer 51

• tranquility principle

Question 52

Which type of virus includes protective code that prevents outside examination of critical elements?

Answer 52

• armored virus

Question 53

A user inherits a permission based on his group membership. Which type of right has been implemented?

Answer 53

• implicit right

Question 54

Which WLAN technology supports maximum of 11 Mbps data transmission?

Answer 54

• 802.11b

Question 55

You DO NOT want to protect the file contents from being viewed; however, you want to be able to determine whether the contents of the file were altered during transit.

Which protective measure should you use?

Answer 55

• a digital signature

Question 56

What is an integrated circuit with internal logic that is programmable?

Answer 56

• a PLD

Question 57

Which of the following is not based on the Feistel cipher?

Answer 57

• Diffie-Hellman

Question 58

Which statement is true of a data haven?

Answer 58

• a data haven either has no laws or poorly enforced laws for information protection

Question 59

You are examining an access control matrix for your organization. Which entity corresponds to a row in this matrix?

Answer 59

• capability

Question 60

Which is typically part of an information policy?

Answer 60

• classification of information

Question 61

Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?

Answer 61

• Data Control Language (DCL) implements security through access control and granular restrictions

Question 62

As an organization’s security administrator, you must prevent conflicts of interest when assigning personnel to complete certain security tasks. Which operations security tenant are you implementing?

Answer 62

• separation of duties

Question 63

Evidence must be legally permissible in a court of law and must provide a foundation of a case. All of the following characteristics of evidence are important, EXCEPT:

Answer 63

• confidentiality

Question 64

Which statement is true of the staff members of an organization in the context of information security?

Answer 64

• They pose more threat than external hackers

Question 65

Your organization has asked the security team to add terrorist attacks to the organization’s business continuity plan. Which type threat does this represent?

Answer 65

• politically motivated threat

Question 66

In which situation does cross-site scripting pose the most danger?

Answer 66

• a user access a financial orgs site using his or her login credentials

Question 67

You are performing a forensic investigation of a recent computer security breach. You have been asked to use disk management to create a copy of a hard drive’s contents. Which statement is true of disk imaging when performed in a forensic investigation?

Answer 67

• A bit-level copy of the disk assists in the forensic investigation

Question 68

You install a network analyzer to capture your network’s traffic as part of your company’s security policy. Later, you examine the captured packets and discover that only Subnet 1 traffic was captured. You need to capture packets from all four subnets on your network.

What could you do?

a) Install a port scanner
b) Install the network analyzer on all four subnets
c) Install a distributed network analyzer
d) Install the network analyzer on a router
e) Install the network analyzer on the firewall

Answer 68

• b and c

Question 69

You are preparing a proposal for management about the value of using cryptography to protect your network. Which statement is true of cryptography?

Answer 69

• key management is a primary concern of cryptography

Question 70

Which protocol is NOT used by network-attached storage?

Answer 70

• NTFS

Question 71

Which Rainbow Series book covers security issues for networks and network components?

Answer 71

• Red book

Question 72

You are analyzing risks for your organization. You must ensure that senior management provides the risk management components that you needed. All of the following components are provided by senior management, EXCEPT:

Answer 72

• risk mitigation procedures

Question 73

Which characteristics of a system are evaluated by the Trusted Computer Systems Evaluation Criteria (TCSEC)?

a) assurance
b) authenticity
c) functionality
d) response-time

Answer 73

• a and c

Question 74

Which functions can take place at the Data-link layer of the OSI model?

a) routing
b) flow control
c) error notification
d) physical addressing
e) setting voltage levels in transmission media

Answer 74

• b, c, d

Question 75

What is the best description of cache memory?

Answer 75

• memory used for high-speed transfer of data

Question 76

Which role is a strategic role that helps to develop policies, standards, and guidelines and ensure the security elements are implemented properly?

Answer 76

• security analyst

Question 77

What is a characteristic of maintaining logs in a system?

Answer 77

• Logging helps administrator to detect security breaches and vulnerable points in a network

Question 78

What is the first step in designing an effective physical security program?

Answer 78

• identify the physical security program team

Question 79

Which standard must be used to protect email for communication with the US military?

Answer 79

• MSP (Message Security Protocol)

Question 80

Your company has a backup solution that performs a full backup each Saturday evening, and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?

Answer 80

• two

Question 81

Which OSI process ensures that each OSI layer at the sender adds its own information packet and each OSI layer at the receiver strips off its corresponding information?

Answer 81

• encapsulation

Question 82

What is SOCKS?

Answer 82

• a circuit-level proxy firewall that provides a secure channel between two computers

Question 83

An employee is suspected of criminal activity involving access to data in excess of the employee’s authority. You have obtained the original signed copy of the no-right-to-privacy agreement that the employee signed when he was hired. What kind of evidence is this agreement?

Answer 83

• best evidence

Question 84

Which process includes auditing and tracking of changes made to the trusted computing base?

Answer 84

• configuration management

Question 85

Which stipulation is usually NOT provided in an offsite vendor contract?

Answer 85

• specific location of the offsite facility

Question 86

Which statement best describes an access control list (ACL)?

Answer 86

• a list of subjects that have been granted access to a specific object, including the level of access granted

Question 87

Which statement is true of data diddling?

Answer 87

• data diddling refers to manipulation of the input data in an application

Question 88

Which options are components of the security kernel?

a) software
b) hardware
c) reference monitor
d) trusted computing base

Answer 88

• options a and b

Question 89

Your organization has recently implemented an artificial neural network (ANN). The ANN enabled the network to make decisions based on the experience provided to them. Which characteristic of the ANN is described?

Answer 89

• adaptability

Question 90

What is an example of a stream cipher?

Answer 90

• RC4

Question 91

Which type of virus installs itself under the anti-virus system and intercepts any calls that the anti-virus system makes to the operating system?

Answer 91

• tunneling virus

Question 92

Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together?

a) Hub
b) Router
c) Switch
d) Bridge
e) Repeater
f) Multiplexer

Answer 92

• b, c, and d

Question 93

You have been asked to manage your company’s information security continuous monitoring (ISCM) program. Which of the following statements regarding automated versus manual reporting is FALSE?

Answer 93

• Manual tools are more thorough in their reporting than automated methods.

Question 94

Your organization has decided to implement the Diffie-Hellman asymmetric algorithm. Which statement is true of this algorithm’s key exchange?

Answer 94

• authorized users exchange secret keys over a non-secure medium

Question 95

You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data which causes the entire network to slow down.

Which device is a quick and low-cost solution to isolating the accounting department?

Answer 95

• bridge

Question 96

What is DNS poisoning?

Answer 96

• the practice of dispensing IP addresses and host names with the goal of traffic diversion

Question 97

A file server has unexpectedly rebooted into single-user mode. You are not sure what caused the reboot. What should you do next?

Answer 97

• Recover damaged file system files.

Question 98

What is the purpose of a device using direct memory access (DMA)?

Answer 98

• It implements high-speed data transfer between the device and memory

Question 99

Which type of network monitoring method requires that updates be regularly obtained to ensure its effectiveness?

Answer 99

• signature-based

Question 100

What is a data aggregator?

Answer 100

• a company that compiles, stores, and sells personal information

Question 101

Which database interface language is a replacement for Open Database Connectivity (ODBC) and can only be used by Microsoft Windows clients?

Answer 101

• OLE DB

Question 102

What is the highest data classification category?

Answer 102

• Top Secret

Question 103

What is the name of a condition where long-term employees have more access permissions than needed as a result of changing jobs within the organization over time?

Answer 103

• authorization creep

Question 104

Which function does start and stop bits provide?

Answer 104

• they mark the beginning and ending of asynchronous communication

Question 105

What kind of attack involves injecting malicious code into a web application?

Answer 105

• cross-site scripting

Question 106

What is true of an RSA algorithm?

Answer 106

• a public key algorithm that performs both encryption and authentication
• does not deal with discrete logarithms
• can prevent MITM attacks
• uses public and private key signatures for integrity verification

Question 107

Which security control ensures that data at rest remains confidential?

Answer 107

• drive encryption

Question 108

What can cause issues with RFI?

Answer 108

• fluorescent lighting

Question 109

What is a rootkit?

Answer 109

• a collection of programs that grants a hacker administrative access to a computer or network

Question 110

What are the levels of data classification for government or military use?

Answer 110

• unclassified
• sensitive
• confidential
• secret
• top secret

Question 111

What characteristics of the hand are evaluated by a hand geometry scan biometric system?

Answer 111

• width of hand
• width of fingers
• length of fingers

Question 112

What affects asset retention policies?

Answer 112

• laws and regulations
• asset or data age
• asset or data type

Question 113

What device converts messages between two dissimilar electronic e-mail applications?

Answer 113

• e-mail gateway

- e.g. between an Exchange server and a Sendmail server

Question 114

What are corrective controls?

Answer 114

• controls that take corrective action against threats

Question 115

What produces 160-bit checksums?

Answer 115

• SHA

Question 116

What size checksums does MD5 produce?

Answer 116

• 128-bit

Question 117

What size checksums does DES produce?

Answer 117

• 56-bit

Question 118

What size checksums does AES produce?

Answer 118

• 128-bit, 192-bit, 256-bit

Question 119

What is a “land attack”?

Answer 119

• involves sending spoofed TCP SYN packet with the target host’s IP address and an open port as both the source and the destination to the target host on an open port
• causes a system to freeze or crash

Question 120

What is a “ping of death” attack?

Answer 120

• involves flooding target computers with oversized packets, exceeding the acceptable size during the process of reassembly
• causes the system to freeze or crash

Question 121

Which entity can operate as both a subject and object?

Answer 121

• program
• a program operates as an object when a user or group accesses the program
• a program operates as subject when the program accesses data in another location, such as a database

Question 122

What encryption algorithm is based on Diffie-Hellman key agreement?

Answer 122

• El Gamal

Question 123

You are responsible for managing your company’s virtualization environment. Which feature should NOT be allowed on a virtualization host?

Answer 123

• browsing the Internet
• this could introduce a possible security breach by allowing spyware or malware
• anything that affects a virtualization host also affects all virtual computers on the host

Question 124

Which type of card has an antenna that surrounds the card to allow the card to be read by the reader?

Answer 124

• contactless smart card

Question 125

Which type of notebook is most preferred during the course of an investigation in legal record keeping?

Answer 125

• bound notebook

Question 126

Which web browser add-in uses Authenticode for security?

Answer 126

• ActiveX

- Authenticode is a certificate technology that allows ActiveX components to be validated by a server

Question 127

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?

Answer 127

• post-mortem review

Question 128

Which radio transmission technology does the 802.11b standard specify?

Answer 128

• DSSS (direct sequence spread spectrum)

Question 129

What does an incremental backup do?

Answer 129

• It backs up all the new files that have changed since the last full or incremental backup and resets the archive bit

Question 130

You are the incident investigator. You need to create two images of a file server’s hard drive. The incident investigation procedure states that you need to ensure that the new media is properly purged.

What should you do to meet this requirement?

Answer 130

• ensure that the new media does not contain any residual data
• only the data collected as evidence during the incident investigation should be placed on the new media

Question 131

Implicit right

Answer 131

• occurs when a user inherits a permission based on group membership
• can occur due to role assignment

Question 132

Capability

Answer 132

• access right that is assigned directly to a subject

Question 133

Explicit right

Answer 133

• occurs when a user is given a permission directly

Question 134

Access right

Answer 134

• generic term referring to any permission granted to a user, whether implicitly or explicitly

Question 135

What is a difference between PGP and the use of formal trust certificates?

Answer 135

• the establishment of a web of trust between users

- PGP establishes a web of trust, which implies that the users generate and distribute their public keys

Question 136

What functionalities does PGP provide?

Answer 136

• confidentiality through the IDEA
• integrity through the MD5 hashing algorithm
• authentication through public key certificates
• nonrepudiation through encrypted signed messages

Question 137

What is IDEA

Answer 137

International Data Encryption Algorithm

Question 138

Which access control principle ensure that a particular role has more than one person trained to perform its duties?

Answer 138

• job rotation

Question 139

Which entities correspond to columns and rows in an access control matrix?

Answer 139

• a subject’s capability corresponds to a row

- a column in an access control matrix corresponds to the ACL for an object

Question 140

What is the purpose of a software escrow?

Answer 140

• to provide a software vendor’s source code in the event the vendor goes out of business

Question 141

What is another term for technical controls?

Answer 141

• logical controls

Question 142

What is the most common form of identification and authentication?

Answer 142

• user identification with reusable password

Question 143

You are setting up the server computers for a new company. You have been asked to design the ACLs for the files and folders on the servers. Which principles affect the design?

Answer 143

• least privilege

- need to know

Question 144

Which type of encryption algorithm is Diffie-Hellman an example?

Answer 144

• asymmetric with authentication

Question 145

What are examples of asymmetric encryption?

Answer 145

• RSA
• DH
• ElGamal
• Elliptic Curve Cryptosystem (ECC)
• LUC
• Knapsack

Question 146

Which access control model is the easiest to administer?

Answer 146

• RBAC