CISSP Questions #2
🇬🇧
In English
In English
Practice Known Questions
Stay up to date with your due questions
Complete 5 questions to enable practice
Exams
Exam: Test your skills
Test your skills in exam mode
Learn New Questions
Manual Mode [BETA]
The course owner has not enabled manual mode
Specific modes
Learn with flashcards
multiple choiceMultiple choice mode
SpeakingAnswer with voice
TypingTyping only mode
CISSP Questions #2 - Leaderboard
CISSP Questions #2 - Details
Levels:
Questions:
67 questions
| 🇬🇧 | 🇬🇧 |
| Key override. Key override can be used during emergency situations or with authorized personnel to gain immediate access. Master keying has to do with the capability of reconfiguring the lock, as in resetting the access code. Door delay is a control that sets off an alarm if a door is open for an extended period. | Using special key combinations with cipher locks during emergency situations is called __________________. - Switch controls - Key override - Door delay - Master keying |
| Software that creates a one-time passwords. One-time passwords can also be generated in software, instead of requiring a piece of hardware as in a token device. These are referred to as soft tokens and require that the authentication service and application contain the same base secrets, which are used to generate the one-time passwords. | Joan's two network engineers are in a passionate debate over the value of a soft token versus a hard token device. Which of the following best describes a soft token? - Software that creates one-time passwords - Software that creates passwords for users, also called a password generator - A time-based one-time password generating device - A dynamic password versus a static password |
| Bell LaPadula. “The first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access” is a formal definition of the Bell-LaPadula model, which was created and implemented to protect government and military confidential information. | Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access? - Biba - Bell LaPadula - Clark-Wilson - State machine |
| Microprobing. Microprobing uses needles to remove the outer protective material on the card's circuits by using ultrasonic vibration. Once this is completed then data can be accessed and manipulated by directly tapping into the card's ROM chips. This is considered an invasive attack that can be used against smart cards. | Match one of the following to this definition: "The use of needles to remove the outer protective material on the card's circuits, by using ultrasonic vibration. Once this is completed then data can be accessed and manipulated by directly tapping into the card's ROM chips." - Microprobing - Differential power analysis - Electromagnetic analysis - Software attacks |
| Scripting attacks. If a process is not isolated properly through encapsulation, this means its interface is accepting potentially malicious instructions. | If an application is developed improperly and does not carry out proper process isolation through encapsulation, which of the following is the most likely security concern? - Scripting attacks - Man-in-the-middle attacks - Invalid input values - Macro viruses |
| Circuit-based proxy. A circuit-based proxy firewall looks at header information to make decisions on whether a packet is deemed acceptable for access. This is a different approach than application-based firewalls, which look at the information within the payload of the packet. A stateful firewall maintains a state table to keep track of each communication dialogue taking place between systems and makes access decisions based on the information within this table. | Which firewall makes access decisions based only on addresses and port numbers? - Circuit-based proxy - Application-based proxy - Stateful - Dual-homed |
| CIO. The chief information officer, or CIO, oversees and is responsible for the day-to-day technology operations of the company. The CIO may work for either the chief executive officer (CEO) or the chief financial officer (CFO), and the chief information security officer (CISO), who is responsible for information security, typically reports to the CIO. | Who is responsible for the strategic use and management of information systems and technology within the organization? - CIO - CFO - CEO - CISO |
| Oversee budgets. Senior executives have several key responsibilities in disaster recovery. These include: support and approval of plans, sponsoring all aspects of plans, verifying testing phases are being carried out, and overseeing budgets. Having the dedicated and consistent support of senior management is critical in the success of disaster recovery and contingency planning. | In disaster recovery, each level of employee should have clearly defined responsibilities. Which of the following is a responsibility of senior executives? - Develop testing plans - Establish project goals and develop plans - Identify critical business systems - Oversee budgets |
| Sender policy framework. Sender Policy Framework (SPF) is an e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, by verifying the sender’s IP address. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific SPF record in DNS. Mail exchanges use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators. | Jack is a network administrator who needs to be able to specify which systems can send e-mail through his company’s mail servers. Which of the following best describes the solution that would provide this type of functionality? - SMTP authentication - TLS within a PKI - Sender policy framework - SMTP and IMAP authentication framework |
| Excludes a misbehaving computer from the ring. If a computer detects a problem with the network, it sends a beacon frame. This frame generates a failure domain, which is between the computer that issued the beacon and its neighbor downstream. The computers and devices within this failure domain will attempt to reconfigure certain settings to try and work around the detected fault. | What is a beaconing functionality in a token passing technology? - Ensures that a fault domain never occurs - Ensures that only one frame is on the network at a time - Allows the computers to communicate to each other through the token - Excludes a misbehaving computer from the ring |
| Domain. A domain just means the resources that are available to subjects for carrying out their tasks. The subjects can be users, applications, or processes. | Nathalie has access to the following: the customer provisioning database, shared network drive F:, the company's intranet, and the customer records database. These systems are referred to collectively as her what? - Trusted computing base - Clipping level - Domain - Virtual machine |
| Fighting against cybercrime. The G8 is an annual economic and political summit meeting of the heads of government with international officials. One of the topics that is covered by this group is cybercrime. | G8 has been involved with which of the following items? - Fighting against cybercrime - Legislating on economic espionage - Protecting employee privacy rights - Prosecuting software pirates |
| Multi-cast. A multicast goes from one source to several destinations. The destinations that receive the data have chosen to participate and accept data from this source. A unicast is a one-to-one transmission and a broadcast is a one-to-all transmission. | What is a one-to-many transmission called? - Multi-cast - Broadcast - Unicast - Simplex |
| Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called a planning horizon. In defining a planning horizon, you will need to define your strategic goals, which are your long-term goals, your tactical goals or mid-term goals, and your operational goals, which are your daily goals. | Security models have many layers and different types of goals to accomplish in different time frames. Which of the following accurately describes the goals and their relationship? - Tactical goals or daily goals, operational goals or mid-term goals, strategic goals or long-term goals. This approach to planning is called a planning horizon - Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called the top-down approach - Tactical goals or daily goals, operational goals or mid-term goals, strategic goals or long-term goals. This approach to planning is called a bottom-up approach. - Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called a planning horizon |
| Passive relocking function. A safe with a passive relocking function can detect when someone attempts to tamper with it and then engage extra internal bolts that will fall in place to ensure that the safe can't be compromised. | A safe that has the capability to detect when someone attempts to tamper with it, and upon detection engages extra internal bolts to ensure that it cannot be compromised, has a(n)_______________________. - Thermal relocking function - Passive relocking function - Active relocking function - Intrustion detection alarm |
| Once per year. Backing up data is critical within operations organizations. The most important step to take is to create a backup plan. This will detail when and what to backup, as well as where to store the files. Even though each entity will require different phases of backups, it is not realistic to provide proper data security when only backing up data once per year. | Operations departments should back up data in all of the following situations except which of the following? - Once per year - Immediately following a reorganization - After a system upgrade - For authorized on-demand requests |
| Is vendor specific. | Which of the following is NOT true of the OSI model? - Promotes interoperability between vendors - Enables standardization - Is vendor specific - Describes the encapsulation (packaging) of data to enable it to get from point A to point B |
| True. | In the OSI model, a computer sending data starts at layer 7 (working its way down) adding headers at each layer, while the receiving computer starts at layer 1 (working its way up) using and stripping away the headers at each layer. True or False? |
| - Layer 1 Physical: bits - Layer 2 Data: frame - Layer 3 Network: packet - Layer 4 Transport: segment - Layer 5 Session, 6 Presentation, 7 Application: data | Match the name of the Protocol Data Unit (PDU) to each Layer of the OSI Model: - Layer 1 Physical - Layer 2 Data - Layer 3 Network - Layer 4 Transport - Layer 5 Session, 6 Presentation, 7 Application PDU's: data, segment, packet, frame, bits |
| Logical Link Control (LLC). | Which of the following is a sub-layer of the Data Link layer of the OSI model that performs error detection? - Logical Link Control (LLC) - Media Access Control (MAC) - Pretty Good Privacy (PGP) - Remote Desktop Protocol (RDP) |
| Media Access Control (MAC). | Which of the following is a sub-layer of the Data Link layer of the OSI model that creates a local unique identifier for a network card? - Logical Link Control (LLC) - Media Access Control (MAC) - Pretty Good Privacy (PGP) - Remote Desktop Protocol (RDP) |
| ARP or Address Resolution Protocol. | _____ takes a known ip address and learns an unknown MAC. - PGP - SSH - ARP - RDC |
| True. Poisoning or Pollution is modifying someone's cache usually for the purpose of redirection. | True or False? Anything that has cache can be subjected to poisoning or pollution. |
| 802.3 Ethernet. | CSMA/CD refers to detecting collision. Which of the following falls into this category? - 802.3 Ethernet - 802.11 Wireless |
| 802.11 Wireless. | CSMA/CA refers to avoiding collision. Which of the following falls into this category? - 802.3 Ethernet - 802.11 Wireless |
| Layer 1 the physical layer. | Theft, unauthorized access, vandalism, sniffing, interference, and data emanation are examples of threats to which layer of the OSI model? |
| Layer 2 data link and layer 3 network. | Across which layers of the OSI model does ARP function? |
| Layer 2 data link. | At which layer of the OSI model does ARP function at? |
| Forward Proxy. Forward proxy inspects traffic from inside going out. | Which type of proxy would you use to control/audit/collect where your users go/do on the web? - Forward - Reverse |
| Reverse Proxy. | Which type of proxy inspects outside traffic that is coming in? - Forward - Reverse |
| Firewalls. | Packet filtering, State full, Proxy, and Dynamic Packet filtering are all types of what? |
| Port Address Translation (PAT). | What is the term that allows a single external ip address that masks hundreds of internal ip addresses? - Network Address Translation (NAT) - Port Address Translation (PAT) |
| Network Address Translation (NAT). | What is the term that allows a single external ip address to mask a single internal ip address? - Network Address Translation (NAT) - Port Address Translation (PAT) |
| 127.0.01. | Which of the following is NOT an IP address that RFC 1918 says are private and not routable across the public internet? - 10.x.x.x - 172.16.x.x - 172..31.x.x - 127.0.0.1 - 192.168.x.x |
| ACL's should be complex. This is not a firewall best practice because ACL's or Access Control Lists should be simple. | Which of the following is NOT a firewall best practice? - Use implicit deny - ACL's should be complex - Perform ingress and egress filtering - Block unnecessary ICMP packets - ACL's should be simple |
| PPP or Point to Point Protocol. | Which protocol is used for layer 2 framing for remote access or WAN connectivity? |
| PPTP or Point to Point Tunneling Protocol. | Which protocol would be used for VPN? - PPP - UDP - PPTP |
| IPSEC. | What protocol must be used for VPN tunneling while using L2TP in order to secure the tunnel? |
| Generic Routing Encapsulation. | What does GRE stand for? |
| War dialing. War dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. | Which of the following is NOT a wireless security problem? - Unauthorized access - War dialing - Sniffing - War driving - Unauthorized or Rogue access points (Man in the middle) |
| RC-4. | Which stream cipher is used with WEP? |
| The IV is only 48-bits. WEP is 24-bits while WPA is 48-bits. | Which one of the following is not a weaknesses of WEP? - IV transmitted in clear text - the IV is only 24-bits - the IV is only 48-bits - Uses RC-4 stream cipher |
| WPA. | TKIP or Temporal Key Integral Protocol was introduced in which wireless security encryption method? - WEP - WPA - WPA2 |
| WPA2. | In which wireless security encryption method was AES introduced? - WEP - WPA - WPA2 |
| TKIP or Temporal Key Integral Protocol. | Which of the following protocols can be defined as have dynamically negotiated keys as opposed to using the same static key over and over again? - CCMP - TKIP - AES - RC-4 |
| Active. | When it comes to access, a subject (person, process or program) is considered ______. - Active - Passive |
| Passive. | When it comes to access, an object or resource (file, printer, etc.) is considered ______. - Active - Passive |
| - Identification: Make a claim (userid, etc.) - Authentication: Provide support or proof of your claim - Authorization: What rights and permissions you have - Auditing: Matching actions to subject | Match the definition with the correct component of IAAA of Access Control: Definition- What rights and permission you have, Make a claim (userid, etc.), Matching actions to subjects, Provide support or proof of your claim Component- Identification, Authentication, Authorization, Auditing |
| Something you need. | Which of the following is NOT a way to prove your identity? - Something you know - Something you need - Something you have - Something you are |
| CER or Crossover Error Rate. | In biometrics, the level at which False Rejection (FRR) and False Acceptance (FAR) meet is called _________. The lower the number, the more accurate the system is. (ie. Iris Scan are the most accurate). |
| Role-Based Access Control (RBAC). | When an employee changes roles and acquires an increase in additional permissions and privileges being properly withdrawn it is known as authorization creep. Which type of access control would help to prevent this? - Identity-based access control (IBAC) - Mandatory Access Control (MAC) - Role-Based Access Control (RBAC) - Discretionary Access Control (DAC) |
| Authentication Server (AS) | Which of the following Kerberos components allows an authentication of the user and issues a TGT? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS) |
| Ticket-Granting Service (TGS) | Which of the following issues a ticket for a particular user to access a particular service after receiving the TGT from the user? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS) |
| Ticket | Which of the following is a means of distributing Session Key? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS) |
| Key Distribution Center (KDC). | _________ is a system that runs the TGS and the AS. - Ticket - Ticket-Granting Ticket (TGT) - Key Distribution Center (KDC) - Authentication Server (AS) |
| Copy. | If you are doing an unscheduled backup you should always use a ______ because the archive bit is not cleared or reset. - Copy - Full - Differential - Incremental |
| Incremental | ______ backups backs up all files that have been modified since the last backup and reset the archive bit. - Copy - Full - Differential - Incremental |
| Differential. | _______ backups backs up all files that have been modified since last backup and the archive bit is not reset. - Copy - Full - Differential - Incremental |
| Copy. | Which type of backup should be used before upgrades, or system maintenance? - Copy - Full - Differential - Incremental |
| Primary key cannot be null. | What does Entity Integrity mean in relation to databases? - Primary key is null - Primary key cannot be null |
| True. | True or False? In databases Field, Columns, and Attributes mean the same thing. |
| True. | True or False? In databases Record, Rows, and Tuples mean the same thing. |
| Cardinality- Number of rows in a relation Degree- Number of columns in a relation DB Schema- Defines the design/structure | Match the following database terms to the correct definition. Term: Cardinality, Degree, DB Schema Definition: Defines the design/structure, Number of rows in a relation, Number of columns in a relation |
| Aggregation. | ______ is collecting information and pulling it together. - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation |
| Inference. | _________ looks at all the information there and try to reason out a connection. - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation |
| Polyinstantiation. | _________ is the ability of a database to maintain multiple records with the same key, and can also indicate that two different instances have the same name (identifier, primary key). - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation |
| Authentication, Authorization, Accounting. | Radius provides what three services? - Confidentiality, Integrity, Availability - Authentication, Authorization, Accounting |