Whizlabs Wrong Only Flashcards
Domain: Communications and Network Security
Which networking technology enables the fastest device to device connectivity, without the
requirement for an access point?
A. Zigbee
B. Wifi-Direct
C. Bluetooth
D. Wifi
B. Wifi-Direct
Explanation:
Correct Answer: B
Device to device connectivity through Wifi-Direct, provides the fastest connectivity. While other
technologies such as Zigbee and Bluetooth enable such communication, they are slower than Wifi
Direct. Wifi requires an access point.
Option A is incorrect. Zigbee uses 2.4 GHZ frequency to support short-range applications
Option B is correct. Device to device connectivity via Wifi-Direct is best suited for high-speed
requirements. It is important to note however, that with a direct connection you are more
vulnerable to attackers compromising the link, given usage of legacy protocols such as WPS.
Option C is incorrect. Bluetooth supports low range device to device connectivity, but consumes
more power than Zigbee
Option D is incorrect. Wifi requires an access point with multiple devices connecting to it. It
requires more power than Zigbee and Bluetooth
Domain: Identity and Access Management
Susan’s work pattern requires her to leave her computer to attend regular sessions in a day. Her
system uses Device and browser metadata, and keystroke pattern to regularly validate that the user
accessing the device is Susan. What is this concept called?
A. Single Factor Authentication
B. Multi Factor Authentication
C. Continuous Authentication
D. Consent Management
C. Continuous Authentication
Explanation:
Correct Answer: C
In continuous authentication, user presence is continuously verified by the system, through review of
supporting context including device/browser metadata or monitoring keystroke patterns. In emerging
cases, systems leverage inbuilt device cameras to obtain validation of authorized users.
Option A is incorrect. Single Factor authentication involves usage of single authentication factor
(one of Something you know, something you have, something you are) to authenticate an
identity to the system
Option B is incorrect. Multi Factor authentication involves usage of two or more authentication
factors (between Something you know, something you have, something you are) to authenticate
an identity to the system
Option C is correct. continuous authentication, user presence is continuously verified by the
system, through review of supporting context including device/browser metadata or monitoring
keystroke patterns
Option D is incorrect. Consent Management refers to Authorizing an application to access your
data on your behalf (Delegated permission)
Domain: Security Operations
When collecting digital evidence to be submitted in court, what rule establishes comprehension (easy
to understand) of the evidence and deems it believable to the jury
A. Authenticity
B. Completion
C. Convincing
D. Admissible
C. Convincing
Explanation:
Correct Answer: C
When presenting evidence in court, it is important that the evidence is easy to understand and can
convince to jury. If the evidence is not comprehensible, it will not be able to support its claim in court.
The five rules of evidence submission are Authenticity, Accuracy, Completion, Convincing and
Admission
Option A is incorrect. Authenticity refers to tying back of the evidence to the crime scene.
Option B is incorrect. The evidence is complete, and can counter other contrary evidence.
Option C is correct. The evidence can be understood easily and is believable to the jury.
Option D is incorrect. The evidence is admissible in court.
Domain: Security Operations
Which of the following DR (Disaster Recovery) plans will aid in validating the RPO (Recovery Point
Objective ) and RTO (Recovery Time Objective)?
A. Tabletop
B. Walkthrough
C. Simulation
D. Full interruption
C. Simulation
Explanation:
Correct Answer: C
Simulation is done to validate the Disaster recovery plan works as intended and the organization is
able to meet the defined RTO & RPO as per the organization’s goal.
Option A is incorrect. A tabletop exercise gathers the key stakeholders, and the plan is placed on
the tabletop for role-playing the scenario.
Option B is incorrect. Extension of the walkthrough but responded in the actual location of the
stakeholders.
Option C is Correct. Simulation is done to validate that the system can be restored according to
defined RTO and RPO metrics and that the backup data integrity is intact.
Option D is incorrect. Full interruption is done as if a real disaster had occurred.
Reference:
CISSP CBK 6th Edition, Domain 7, Test Disaster Recovery Plans
Domain: Communications and Network Security
MITM (Man in the middle) attack also referred to as Machine in the middle attack happens in which of
the following layers of the OSI( Open System Interconnection) reference model?
A. Physical
B. Datalink
C. Network
D. Transport
B. Datalink
Explanation:
Correct Answer: B
In the man-in-the-middle attack, the intruder broadcasts the IP address of a machine that will be
attacked along with a MAC address. As a result of this communication, the neighbouring switches are then updated and transmit data to the attacker’s system resulting in ARP poisoning.
Option A is incorrect. MITM doesn’t happen at Physical Layer.
Option B is Correct. ARP poisoning is the pre-cursor for MITM attacks and that operates in Datalink
layer.
Option C is incorrect. MITM doesn’t happen at Network Layer.
Option D is incorrect. MITM doesn’t happen at Transport Layer.
Reference:
https://vincenttriola.com/blogs/ten-years-of-academic-writing/data-link-layer-attacks
Domain: Other
Which of the following is the best way to ensure that the security program is aligned with the security
strategy?
A. Formal periodic management review
B. Monitor Key risk indicators (KRI)
C. Measure Key performance indicators (KPI)
D. Penetration testing
A. Formal periodic management review
Explanation:
Correct Answer: A
A management review is a formal meeting of senior organizational leaders to determine whether the
security programs are effectively accomplishing their strategic goals.
Domain: Security Operations
When establishing an SLA (Service level agreement), what type of metric addresses measures such as
anti-virus updates/patching to address an incident.
A. Service Availability
B. Security
C. Defect Rate
D. Technical quality
B. Security
Explanation:
Correct Answer: B
When establishing a metric, the
“Security” metric measures the security aspects, such as anti-virus updates / patching to address an incident.
Option A is incorrect. Service availability measures the amount of time the service is up and
running for usage (e.g. 99.5%)
Option B is correct. Security measures the security practices put in place by the service provider
to address incidents (e.g. use of firewall to address a security compromise)
Option C is incorrect. The defect rate measures percentage of error in a major deliverable, such
as incomplete backups / restores.
Option D is incorrect. Technical quality is focused on application development, and measures
factors such as program size and coding defects.