Practice Test 1 Flashcards
NIST SP800-53 discusses a set of security controls as what type of security tool?
a. A configuration list
b. A threat management strategy
c. A baseline
d. The CIS standard
C. NIST SP 800-53 discusses security control baselines as a list of security controls. CIS releases security baselines, and a baseline is a useful part of a threat management strategy and may contain a list of acceptable configuration items.
Ed has been tasked with identifying a service that will provide a low-latency, high-performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer’s customers around the world can access their content quickly, easily, and reliably?
a. A hot site
b. A CDN
c. Redundant servers
d. A P2P CDN
B. A Content Distribution Network (CDN) is designed to provide reliable, low-latency, geographically distributed content distribution. In this scenario, a CDN is an ideal solution. A P2P CDN like BitTorrent isn’t a typical choice for a commercial entity, whereas redundant servers or a hot site can provide high availability but won’t provide the remaining requirements.
Which one of the following is not a function of a forensic device controller?
a. Preventing the modification of data on a storage device
b. Returning data requested from the device
c. Reporting errors sent by the device to the forensic host
d. Blocking read commands sent to the device
D. A forensic disk controller performs four functions. One of those, write blocking, intercepts write commands sent to the device and prevents them from modifying data on the device. The other three functions include returning data requested by a read operation, returning access-significant information from the device, and reporting errors from the device back to the forensic host. The controller should not prevent read commands from being sent to the device because those commands may return crucial information.
Mike is building a fault-tolerant server and wishes to implement RAID 1. How many physical disks are required to build this solution?
a. 1
b. 2
c. 3
d. 5
B. RAID 1, disk mirroring, requires two physical disks that will contain copies of the same data.
Which Kerberos service generates a new ticket and session keys and sends them to the client?
a. KDC
b. TGT
c. AS
d. TGS
D. The TGS, or Ticket-Granting Service (which is usually on the same server as the KDC) receives a TGT from the client. It validates the TGT and the user’s rights to access the service they are requesting to use. The TGS then issues a ticket and session keys to the client. The AS serves as the authentication server, which forwards the username to the KDC.
Communication systems that rely on start and stop flags or bits to manage data transmission are known as what type of communication?
a. Analog
b. Digital
c. Synchronous
d. Asynchronous
D. Asynchronous communications rely on a a built-in stop and start flag or bit. This makes asynchronous communications less efficient than synchronous communications, but better suited to some types of communication.
What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders?
a. Infrared
b. Heat-based
c. Wave pattern
d. Capacitance
C. Wave pattern motion detectors transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects.
Susan sets up a firewall that keeps track of the status of the communication between two systems, and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?
a. A static packet filtering firewall
b. An application-level gateway firewall
c. A stateful packet inspection firewall
d. A circuit-level gateway firewall
C. Stateful packet inspection firewalls, also known as dynamic packet filtering firewalls, track the state of a conversation, and can allow a response from a remote system based on an internal system being allowed to start the communication. Static packet filtering and circuit level gateways only filter based on source, destination, and ports, whereas application-level gateway firewalls proxy traffic for specific applications.
Questions 9–11 refer to the following scenario:
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer grade wireless router and a cable modem connected via a commercial cable data contract. Using this information about Ben’s network, answer the following questions.
How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes?
a. WPA2 PSK
b. A captive portal
c. Require customers to use a publicly posted password like “BensCoffee.”
d. Port security
B. A captive portal can require those who want to connect to and use Wi-Fi to provide an email address to connect. This allows Ben to provide easy-to-use wireless while meeting his business purposes. WPA2 PSK is the preshared key mode of WPA and won’t provide information about users who are given a key. Sharing a password doesn’t allow for data gathering either. Port security is designed to protect wired network ports based on MAC addresses.
Questions 9–11 refer to the following scenario:
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer grade wireless router and a cable modem connected via a commercial cable data contract. Using this information about Ben’s network, answer the following questions.
Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?
a. Run WPA2 on the same SSID.
b. Set up a separate SSID using WPA2.
c. Run the open network in Enterprise mode.
d. Set up a separate wireless network using WEP.
B. Many modern wireless routers can provide multiple SSIDs. Ben can create a private, secure network for his business operations, but he will need to make sure that the customer and business networks are firewalled or otherwise logically separated from each other. Running WPA2 on the same SSID isn’t possible without creating another wireless network and would cause confusion for customers (SSIDs aren’t required to be unique). Running a network in Enterprise mode isn’t used for open networks, and WEP is outdated and incredibly vulnerable.
Questions 9–11 refer to the following scenario:
Ben owns a coffeehouse and wants to provide wireless Internet service for his customers. Ben’s network is simple and uses a single consumer grade wireless router and a cable modem connected via a commercial cable data contract. Using this information about Ben’s network, answer the following questions.
After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers’ web traffic, including using their usernames and passwords. How is this possible?
a. The password is shared by all users, making traffic vulnerable.
b. A malicious user has installed a Trojan on the router.
c. A user has ARP spoofed the router, making all traffic broadcast to all users.
d. Open networks are unencrypted, making traffic easily sniffable.
D. Unencrypted open networks broadcast traffic in the clear. This means that unencrypted sessions to websites can be easily captured with a packet sniffer. Some tools like FireSheep have been specifically designed to capture sessions from popular websites. Fortunately, many now use TLS by default, but other sites still send user session information in the clear. Shared passwords are not the cause of the vulnerability, ARP spoofing isn’t an issue with wireless networks, and a Trojan is designed to look like safe software, not to compromise a router.
Which one of the following is not a mode of operation for the Data Encryption Standard?
a. CBC
b. CFB
c. OFB
d. AES
D. The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR). The Advanced Encryption Standard (AES) is a separate encryption algorithm.
Tom is tuning his security monitoring tools in an attempt to reduce the number of alerts received by administrators without missing important security events. He decides to configure the system to only report failed login attempts if there are five failed attempts to access the same account within a one-hour period of time. What term best describes the technique that Tom is using?
a. Thresholding
b. Sampling
c. Account lockout
d. Clipping
D. Clipping is an analysis technique that only reports alerts after they exceed a set threshold. It is a specific form of sampling, which is a more general term that describes any attempt to excerpt records for review. Thresholding is not a commonly used term. Administrators may choose to configure automatic or manual account lockout after failed login attempts but that is not described in the scenario.
Sally has been tasked with deploying an authentication, authorization, and accounting server for wireless network services in her organization, and needs to avoid using proprietary technology. What technology should she select?
a. OAuth
b. RADIUS
c. TACACS
d. TACACS+
B. RADIUS is a common AAA technology used to provide services for dial-up, wireless networks, network devices, and a range of other systems. OAuth is an authentication protocol used to allow applications to act on a user’s behalf without sharing the password, and is used for many web applications. While both TACACS and TACACS+ provide the functionality Sally is looking for, both are Cisco proprietary protocols.
An accounting clerk for Christopher’s Cheesecakes does not have access to the salary information for individual employees but wanted to know the salary of a new hire. He pulled total payroll expenses for the pay period before the new person was hired and then pulled the same expenses for the following pay period. He computed the difference between those two amounts to determine the individual’s salary. What type of attack occurred?
a. Aggregation
b. Data diddling
c. Inference
d. Social engineering
C. In an inference attack, the attacker uses several pieces of generic nonsensitive information to determine a specific sensitive value.
Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation if the relationship exists between Alice and Bob?
a. Take rule
b. Grant rule
c. Create rule
d. Remote rule
A. The take rule allows a subject to take the rights belonging to another object. If Alice has take rights on Bob, she can give herself the same permissions that Bob already possesses.
During a log review, Danielle discovers a series of logs that show login failures:
Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa
Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab
Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac
Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad
Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaad
What type of attack has Danielle discovered?
a. A pass-the-hash attack
b. A brute-force attack
c. A man-in-the-middle attack
d. A dictionary attack
B. Brute-force attacks try every possible password. In this attack, the password is changing by one letter at each attempt, which indicates that it is a brute-force attack. A dictionary attack would use dictionary words for the attack, whereas a man-in-the-middle or pass-the-hash attack would most likely not be visible in an authentication log except as a successful login.
What property of a relational database ensures that two executing transactions do not affect each other by storing interim results in the database?
a. Atomicity
b. Isolation
c. Consistency
d. Durability
B. Isolation requires that transactions operate separately from each other. Atomicity ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred. Consistency ensures that all transactions are consistent with the logical rules of the database, such as having a primary key. Durability requires that once a transaction is committed to the database it must be preserved.
Kim is the system administrator for a small business network that is experiencing security problems. She is in the office in the evening working on the problem and nobody else is there. As she is watching, she can see that systems on the other side of the office that were previously behaving normally are now exhibiting signs of infection. What type of malware is Kim likely dealing with?
a. Virus
b. Worm
c. Trojan horse
d. Logic bomb
B. Worms have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction to spread. Logic bombs do not spread from system to system but lie in wait until certain conditions are met, triggering the delivery of their payload.
Which one of the following attack types takes advantage of a vulnerability in the network fragmentation function of some operating systems?
a. Smurf
b. Land
c. Teardrop
d. Fraggle
C. In a teardrop attack, the attacker fragments traffic in such a way that the system is unable to reassemble them. Modern systems are not vulnerable to this attack if they run current operating systems, but the concept of this attack illustrates the danger of relying upon users following protocol specifications instead of performing proper exception handling.
Which of the following sequences properly describes the TCP 3-way handshake?
a. SYN, ACK, SYN/ACK
b. PSH, RST, ACK
c. SYN, SYN/ACK, ACK
d. SYN, RST, FIN
C. The TCP three-way handshake consists of initial contact via a SYN, or synchronize flagged packet, which receives a response with a SYN/ACK, or synchronize and acknowledge flagged packet, which is acknowledged by the original sender with an ACK, or acknowledge packet. RST is used in TCP to reset a connection, PSH is used to send data immediately, and FIN is used to end a connection.
Which one of the following technologies is not normally a capability of Mobile Device Management (MDM) solutions?
a. Remotely wiping the contents of a mobile device
b. Assuming control of a nonregistered BYOD mobile device
c. Enforcing the use of device encyrption
d. Managing device backups
B. MDM products do not have the capability of assuming control of a device not currently managed by the organization. This would be equivalent to hacking into a device owned by someone else and might constitute a crime.
Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place?
a. Identity as a Service
b. Employee ID as a service
c. Cloud based RADIUS
d. OAuth
A. Identity as a Service (IDaaS) provides an identity platform as a third-party service. This can provide benefits, including integration with cloud services and removing overhead for maintenance of traditional on-premise identity systems, but can also create risk due to third-party control of identity services and reliance on an offsite identity infrastructure.
Gina recently took the CISSP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation?
a. Advance and protect the profession.
b. Act honorably, honestly, justly, responsibly, and legally.
c. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
d. Provide diligent and competent service to principals.
A. Gina’s actions harm the CISSP certification and information security community by undermining the integrity of the examination process. While Gina also is acting dishonestly, the harm to the profession is more of a direct violation of the code of ethics.
























