CISSP Practice Test

0%

Which statement is most accurate if one of your responsibilities is to manually monitor audit logs to detect suspicious activity, as stated in your job description?

Correct! Wrong!

Explanation:
This question may be especially challenging since it contains distractors. The best approach with questions like this is to analyze each option carefully, rule out certain options based on key words, and give the available options a rating to see which one is CLOSEST to being the right answer.
Knowledge needed:
This question combines a few cross-domain concepts but ultimately tests your knowledge about the different control categories, such as technical, detective, and compensating. The audit logs themselves are not any type of control (more of an output), but the mechanism that creates them is a technical control. In this case it’s important to pay attention to wording, as “The mechanism that creates audit logs” would definitely be a system drive process, therefore a technical control. Notice how the various responses try to entice you with distractors.

To authenticate the company's public users, your CIO wishes to employ Lightweight Directory Access Protocol (LDAP). The following should be your initial consideration:

Correct! Wrong!

Explanation:
Of these options, the best choice would be an updated version of LDAP to support TLS since (without knowing other factors) the other options are simply listing components of LDAP without applicability to security. TLS addresses security and would be the best choice in this scenario. If you have work-related experience in a certain area such as LDAP, try not to let it influence your answer selection. The Common Body of Knowledge talks about the better version of LDAP having support for TLS.

Configuration management is most likely handled during which phase (s) of the asset lifecycle?

Correct! Wrong!

Explanation:
This question tries to trick you by crossing concepts over domains. The question is really asking where is the baseline established? Most likely this is in the Secure phase.

To acquire access to a database and begin his work as an administrator, Jeffrey utilizes a secret code. He must also offer a thumbprint, a retina scan, and the system checks the position of his terminal's authentication. What is most likely being described?

Correct! Wrong!

Explanation:
This question may be challenging since it contains irrelevant information. The best approach with questions like this is to take your time in reading the question and available responses a few times to identify the irrelevant information. This will help you to understand what the question is really asking.
Knowledge needed:
Domain 5 teaches about the various factors of authentication: something you know, something you have, and something you are. If you require one, it’s single-factor (such as a password). If you require two or more, it’s considered multifactor.

Both the principal and mirror sites of Astrotek Company have recently gone down due to an unplanned outage. The outage will last at least three weeks, according to officials. What is the first category of items you should check for while reviewing the contingency plan?

Correct! Wrong!

Explanation:
This question may be especially challenging since it has multiple correct answers. The best approach with questions like this is to rate each response according to which one would be better than the other. Whichever response has the better rating should be the answer you select.
Knowledge needed:
If you struggled with this question, be sure to review the chapter(s) on contingency planning, steps, and RTO in your book(s). Notice how two sites are mentioned specifically in the question, a primary site and mirror site. There is no mention of a hot site, warm site, or cold site, so we can’t assume that any of these are being used. The best choice in this scenario is to select the “higher level” option of “alternate” site, and we should be looking for recovery steps within the RTO. The terms recovery and reconstitution may be interchangeable in questions like this, but in this case the answer is made obvious due to its relationship to the RTO.

A negative test is described by which of the following?

Correct! Wrong!

Explanation:
This question may be especially challenging since it asks the question in roundabout way. These questions are presented with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are good options EXCEPT” and then find the choice that doesn’t fit.
Knowledge needed:
Negative tests demonstrate application behavior when there is unexpected or invalid data.

You receive a message from Jeff. On his message, the cryptosystem does a hash. After that, Jeff's private key is used to encrypt the digest. This method is most likely to describe:

Correct! Wrong!

Explanation:
This question may be especially challenging since it does not have enough information to make a good choice with the available options (the question is vague or ambiguous). The best approach with questions like this is to either think through the process to what the eventual outcome or missing component might be, or to give the available options a rating to see which one is CLOSEST to being the right answer.
Knowledge needed:
One of the key words in this question is ‘process’. If it were asking about a ‘system’ the nature of the question would change entirely. This process describes a digital signature. The strength or weakness of the hashing function is irrelevant in this question.

What has most likely happened if a colleague uses publicly available information from social media to guess one of your system administrator's passwords and then takes classified information?

Correct! Wrong!

Explanation:
This question may be challenging since it contains distractors in the available responses. The best approach with questions like this is to analyze each option carefully, rule out certain options based on key words, and give the available options a rating to see which one is CLOSEST to being the right answer.
Knowledge needed:
Masquerading is the correct answer, and while the audit logs may not seem useful, if the incident is detected and reported, they may still prove to be useful.
Spoofing without repudiation or recourse would not be the right choice because an authorized account was used. Repudiation and recourse are distractors.
Escalation of privilege with non-repudiation would not be the right choice because no escalation occurred (the account already had elevated privileges).
Tampering, one of the damaging steps within the STRIDE model would not be the right choice because the data was not tampered with; it was stolen/exfiltrated.

The CIO asks for a solution to prevent digital squatting; the Board of Directors asks for a solution to safeguard digital rights; the CEO asks for a solution to safeguard intellectual property; and the CFO asks for a solution to safeguard digital real estate. Which of the following is only appropriate for one of the above requests?

Correct! Wrong!

Explanation:
This question may be especially challenging since it asks the question in an overly complicated way. The best approach with questions like this when the question is overly large is to skip to the answer options and read through each one carefully (even ISC2 recommends reading the options before the question), and then re-read the question and try to understand what it’s asking. Once you’ve read everything a second or third time, rate each response in terms of what’s closest to being the right answer.
Knowledge needed:
If you got this question wrong, be sure to review the chapter on intellectual property. A digital rights management solution would suitable to protect intellectual property.

Which of the following does not belong in the category of personnel security?

Correct! Wrong!

Explanation:
This question may be especially challenging since it asks the question in roundabout way. These questions are presented with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are good options EXCEPT” and then find the choice that doesn’t fit.
Knowledge needed:
An employee handbook that is not published is not current, and not in effect, thus it cannot be part of personnel security despite it potentially being published in the future (note: the question doesn’t indicate that it’ll be published ever).

The “State Machine Concept” security model stipulates that a system must be secure in all of its states (Startup, Function, and Shutdown) or it will not be secure. This requirement demands responding to security events in order to prevent further compromises. What security aspect is exemplified by this way of response?

Correct! Wrong!

Explanation:
Trusted Recovery is necessary for high-security systems and allows a system to terminate its processes in a secure manner. If a system crashes, it must restart in a secure mode in which no further compromise of system policy can occur. The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation. In object-oriented programming, the open–closed principle states “software entities (classes, modules, functions, etc.) should be open for extension, but closed for modification”; that is, such an entity can allow its behavior to be extended without modifying its source code. The least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities.

The possibility of a user's private key becoming lost is a security problem when employing private keys. A practitioner can mitigate this risk by using a key recovery agent that can backup and recover his keys. Because another party has key access, granting a single individual the capacity to recover users' private keys increases the risk of nonrepudiation. Which of the following principles could be used to reduce the risk?

Correct! Wrong!

Explanation:
Dual Control is a security principle that requires multiple parties to be present for a task that might have severe security implications. In this instance, it is likely best to have at least two network administrators present before a private key can be recovered. A subset of dual control is called M of N control. M and N are variables, but this control requires M out of a total of N administrators to be present to recover a key. Segregation of Duties is the concept of having more than one person required to complete a sensitive task. The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access or permissions needed to perform his job functions. The need-to-know principle is that access to secured data must be necessary for the conduct of the users’ job functions.

Because versions of OpenSSL were vulnerable to memory content read attempts, the Heartbleed virus recently compromised OpenSSL, resulting in the exposing of protected information, including services provider private keys. Many people believe that open design is preferable to closed design. What one factor is usually required for an open design to give increased security?

Correct! Wrong!

Explanation:
Open design is often thought to be better than closed design, as the openness allows for review from others in the community. The idea is that if others have access to the code, they will help examine and review the code, and ultimately improve it. That was not the case unfortunately with OpenSSL. If the code is not reviewed, it might as well be a closed source. Also, ultimately the quality of the code dictates the security, much more so than whether it is open or closed. Security through obscurity is the opposite of peer review and open design and could also be referred to as the complexity of the design. The hierarchical trust model is like an upside-down tree structure, the root is the starting point of trust. All nodes of the model have to trust the root CA and keep a root CA’s public-key certificate.

At what point in the BCP development process must Senior Management commit to supporting, funding, and assisting the BCP's creation?

Correct! Wrong!

Explanation:
Project Initiation is traditionally the phase in which senior management pledges its support for the project. Often in this phase, management provides a project charter, which is a formal written document in which the project is officially authorized, a project manager is selected and named, and management makes a commitment to support. Management’s BCP support must continue through the whole development process and include review and feedback as well as resources for the BCP to be successful.

What's the best proactive (and least time-consuming) strategy to reduce the chance of an attacker acquiring network access and sniffing unencrypted data with a protocol analyzer?

Correct! Wrong!

Explanation:
To significantly mitigate risks on the network, we have to implement security that limits connectivity to our network from external devices. Additionally, we are concerned with monitoring software being installed on our hosts, so we want to limit the ability of such software to be installed. Further, we want to ensure that other basic security requirements are satisfied, such as using strong passwords, lockout policies on systems, physical security, etc.
Remember: Proactive devices PREVENT an attack, as opposed to responding to it. Network scans often detect these devices, but they rarely prevent them. Policies describe high-level enterprise intentions which can then be implemented. Installing antispyware is a detective/corrective control, not a proactive/preventative one.

The security of a system is determined by its individual components. The system's trust is a reflection of the components' trust. The __________ of the system refers to all of these parts.

Correct! Wrong!

Explanation:
The TCB (Trusted Computer Base) describes the elements of a system that enforce the security policy and are used to determine the security capabilities of a system. This term was coined by the Orange Book. Ring 1 elements is a mathematical term. The kernel is a computer program at the core of a computer’s operating system that has complete control over everything in the system. It is the “portion of the operating system code that is always resident in memory”, and facilitates interactions between hardware and software components. (Also known as the Trusted Computer System evaluation criteria).
Some components included in the TCB are the system BIOS, the CPU, Memory, the OS kernel. In computing, firmware[a] is a specific class of computer software that provides low-level control for a device’s specific hardware. Firmware can either provide a standardized operating environment for more complex device software (allowing more hardware-independence) or, for less complex devices, act as the device’s complete operating system, performing all control, monitoring, and data manipulation functions.

Social engineering attacks can be used to compromise security. Although training can help reduce the amount of attacks, it cannot completely eliminate the risk. Which of the following options is the most likely to assist lessen this risk?

Correct! Wrong!

Explanation:
Segregation of Duties is frequently used to limit the amount of information to which anyone individual has access. E.G. a user cannot likely leak the password for a file server because that information is exclusively available for those for whom their jobs require access to that information. Segregation of duties frequently goes hand-in-hand with need-to-know and the principle of least privilege. Formal onboarding would increase user awareness but would not necessarily be a preventative control. Job rotation would limit the risk of a user conducting fraud, but not the risk of social engineering. Formal offboarding would not have any effect on social engineering risk.

Security measures must be matched with business goals, according to a fundamental security principle. Why is business alignment important when it comes to the influence security has on an organization's success?

Correct! Wrong!

Explanation:
There is always a trade-off for security. Sometimes the cost comes in actual dollars spent. Often, other times, security negatively affects performance, backward compatibility, and ease of use. An organization must look at the overall objectives of the business considering its primary needs. Sensitive military information must be designed with much more security than a small home/office environment that has information of little to no value to an attacker. The level of implemented security should be commensurate with business needs at a reasonable cost and needs to be crafted to match each enterprise’s individual needs.

Trust and Assurance are two elements that are included in the evaluation scope when evaluating a system using the TCSEC and the more modern Common Criteria. Which of the following best describes assurance and trust?

Correct! Wrong!

Explanation:
Trust is typically defined in terms of the security features, functions, mechanisms, services, procedures, and architectures implemented within a system. Security assurance is the measure of confidence that the security functionality is implemented correctly, operating as intended, and producing the desired outcome based on the reliability of the processes used to develop the system.

The least acceptable security configuration for a given environment is referred to as a system's minimum security baseline. Before defining the MSB, the system must be classified according to the Confidentiality, Integrity, and Availability requirements of its data. What is the overall category of a system where the potential impact of unauthorized disclosure is "high," the impact of an integrity breach is "mid," and the impact of data being momentarily unavailable is "low"?

Correct! Wrong!

Explanation:
For an information system, the potential impact values assigned to the respective security objectives (confidentiality, integrity, availability) shall be the highest values from among those security categories that have been determined for each type of information resident on the information system. As the highest category is “High”, the system is classified as “High”.

Gilbert Vernam invented a way to provide theoretically unbreakable encryption using a one-time pad as a key in 1918. Which modern encryption technology is based on the Vernam Cipher's concepts?

Correct! Wrong!

Explanation:
Sessions keys are used for a single session and are then discarded, as is the one-time pad. Additionally, each session key must be statistically unpredictable and unrelated to the previous key, as the one-time pad requires, as well. Any technology that takes advantage of a short-term password or key can ultimately be traced back to the one-time pad. Asymmetric Cryptography is often used to provide secure session key exchange. Digital signatures are used to verify a message sender and content. IPSec handshaking is used to establish a secure channel.

A user receives an email that he or she believes came from a coworker. An attacker spoofed the email. What security services would have alerted you to the fact that the mail had been spoofed?

Correct! Wrong!

Explanation:
Non-repudiation is the combination of authenticity and integrity and is implemented through the use of digital signatures. Privacy is involved in protecting private data from disclosure. Authorization is granting users access rights to objects.

The contents of mail communications are frequently encrypted using a symmetric technique, most typically AES. However, non-repudiation is achieved using a mix of hashing and an asymmetric algorithm. What is the process of non-repudiation?

Correct! Wrong!

Explanation:
A digital signature provides non-repudiation (a combination of integrity and authenticity) for a message. With a digital signature, the message is hashed with a hashing algorithm like SHA-1 or SHA-256. The hash is then encrypted with the sender’s private key using an algorithm like RSA. The recipient decrypts the signature with the sender’s public key and recalculates the hash from the message. If the two match then both the sender and the message’s contents are authenticated.

The source contents of a message or file should not be revealed by reversing a hash. In a hashing algorithm, what provides the secrecy?

Correct! Wrong!

Explanation:
Hashes are based on one-way math e.g. math that is very easy to perform one way, but exceedingly difficult to reverse. Passwords are frequently stored as hashes for this reason. If a password is forgotten, a network administrator can’t view the password, though they can reset it.

What does a birthday attack imply?

Correct! Wrong!

Explanation:
A birthday attack is based on the idea that it is easier to find two hashes that just happen to match rather than trying to produce a specific hash. It is called a birthday attack based on the fact that it is easier to find two people in a group whose birthdays just happen to match, rather than someone with a specific birthday.