CISSP Practice Questions - All CISSP Domains 120Q - 2022 #1 (1 of 2 / Anthony Today)

Question 1

You are expected to give a networking lecture to the students from the school where you studied a decade ago. What network technology is best described as a token-passing network that uses a pair of rings with traffic flowing in opposite directions?

A. FDDI
B. SONET
C. Token Rign
D. A ring topology

Answer 1

A. FDDI

Explanation:
Synchronous Optical Network (SONET) is a protocol for sending multiple optical streams over fiber, and a ring topology is a design, not a technology. FDDI, or Fiber Distributed Data Interface, is a token-passing network that uses a pair of rings with traffic flowing in opposite directions. FDDI technology is resilient in the case that a ring is broken because it can use the second, in opposite direction, to continue to function. Although Token Ring uses tokens, it does not leverage dual loops.

Question 2

Bertrand has a set of sensitive documents that he would like to protect from public disclosure. He would like to use a control that, if the documents appear in a public forum, may be used to trace the leak back to the person who was originally given the document copy. What security control would best fulfill this purpose?

A. Digital signature
B. Document staining
C. Hashing
D. Watermarking

Answer 2

D. Watermarking

Explanation:
Watermarking alters a digital object to embed information about the source, either in a visible or hidden form. Digital signatures may identify the source of a document but they are easily removed. Hashing would not provide any indication of the document source, since anyone could compute a hash value. Document staining is not a security control.

Question 3

Sasha recently joined the cybersecurity of a bank. She is battling against a malware outbreak within the financial department. She leverages a malware analysis tool to capture samples of the malware from several workstations and notices that the code is changing slightly each time. Her boss is asking her to ensure that the antivirus software is up to date on each workstation and believes it might be the weak spot of these workstations. On the other hand, Sasha suspects that the nature of the virus is defeating the antivirus on the workstations. What type of malware is she referring to?

A. Encrypted Virus
B. Multipartite Virus
C. Stealth Virus
D. Polymorphic Virus

Answer 3

D. Polymorphic Virus

Explanation:
Before answering the question, please note that not all information provided in the question is relevant in order to provide an answer. Similar distractions are to be expected at the exam. Given the description of “changing slightly”, only the polymorphic virus could be the correct answer because such a virus would mutate marginally when progressing to other systems. An encrypted virus would change entirely between two systems because they encrypt with different keys each time. As indicated in its name, a multipartite virus is composed of several pieces working together, but are not changing from infection to infection. Finally, a stealth virus is hiding the modifications made from system to system, thus, there are no apparent changes.

Question 4

Which of the following storage media would not be affected by a degausser?

A. HDD
B. DVD
C. Tape
D. SSD

Answer 4

D. SSD

Explanation:
Solid State Drives (SSD) have integrated circuits instead of magnetic platters, hence leveraging a degausser would not impact the data stored on such devices. Nevertheless, you may risk damaging the device if using a degausser. Note that applying a degausser on DVD, Hard disk drive (HDD) or tapes would modify the data stored on them, as all three types of storage are dealing with magnetic fields.

Question 5

Youldo Ltd envisions storing its data into the cloud. Which one of the following individuals is normally responsible for fulfilling the operational data protection responsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies?

A. User
B. Data Owner
C. Data Custodian
D. Auditor

Answer 5

C. Data Custodian

Explanation:
The data custodian role is responsible for the operational data protection activities, usually defined by policy and senior management. The data owner does bear ultimate responsibility for these tasks, but the data owner is typically a senior leader who delegates operational responsibility to a data custodian.

Question 6

Henry, a cybersecurity engineer, working for a neighboring school, is in charge of safeguarding the privacy of student records. Which law most directly applies to her situation?

A. HITECH
B. FERPA
C. HIPAA
D. COPPA

Answer 6

B. FERPA

Explanation:
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of students in any educational institution that accepts any form of federal funding. The Children’s Online Privacy Protection Rule (COPPA) imposes requirements on operators’ services provided to children under the age of 13. The Health Information Technology for Economics and Clinical Health Act (HITECH) focuses on the healthcare sector, like the Health Insurance Portability and Accountability Act (HIPAA).

Question 7

Alfred, a database administrator is preparing a script to pull valuable information from databases. What principle of relational databases ensures the permanency of transactions that have been executed?

A. Isolation
B. Consistency
C. Atomicity
D. Durability

Answer 7

D. Durability

Explanation:
The principle of Durability requires that once a transaction is committed to the database it must be preserved. The principle of Consistency ensures that all transactions are consistent with the logical rules of the database, like for example setting a private key. The principle of Isolation mandates that transactions operate independently. The principle of Atomicity ensures that in the case any part of a database transaction fails, the entire transaction is cancelled.

Question 8

From the following options, which type of software program exposes the code to anyone who wants to look at it?

A. Unrestricted Source
B. Fixed Source
C. Closed Source
D. Open Source

Answer 8

D. Open Source

Explanation:
The open-source community includes major software packages such as the Linux operating system. Open-source software exposes the source code to public inspection and modification. Although the closed source is not a term used in the industry, it is more often referred to as proprietary software. Fixed source and unrestricted sources are not terminologies that you would encounter in this context.

Question 9

In recent years, concerns about data privacy and the protection of personal data made it to the top in the tabloid. Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information?

A. Social Security Number (SSN)
B. Secure Identity Information (SII)
C. Personally Identifiable Information (PII)
D. Personal Health Information (PHI)

Answer 9

C. Personally Identifiable Information (PII)

Explanation:
NIST Special Publication 800-122 - Guide to Protecting the Confidentiality of Personally Identifiable Information - defines PII as any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date, and place of birth, mother’s maiden name, biometric records, and other information that is linked or linkable to an individual such as medical, educational, financial, and employment information. PHI is health-related information about a specific person, Social Security numbers are issued to individuals in the United States, and SII is a made-up term.

Question 10

Bernard, a new joiner, tries to understand the IT setup in the company you are working for. He asks you the following question: Which technology listed here is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture?

A. RAID
B. Dual Power Supplies
C. Load Balancing
D. IPS

Answer 10

C. Load Balancing

Explanation:
An Intrusion Prevention System, known as IPS, can help to prevent attacks after having detected them. Redundant Array of Independent Disks (RAID) is a disk failure prevention technology. Load balancing can ensure that a failing server does not take a website offline, but instead redirects the traffic to another server. Dual-power supplies are power prevention measures that provide systems with two sources of power to increase their resiliency in the case of a power failure.

Question 11

Jean is a cybersecurity expert working with an experienced computer forensics investigator. He has been tasked to retrieve a forensic drive controller, but he can find any forensic drive controller in the storage room. What would be another name for this device?

A. RAID Controller
B. Forensic Device analyzer
C. SCSI Terminator
D. Write Blocker

Answer 11

D. Write Blocker

Explanation:
Forensic disc controllers are also named write blocker because, in essence, they prevent any content modification command to be sent to the device.

Question 12

You are a security consultant that has been engaged for testing the security measures of an application. From the following options, which technique focuses on testing the design and the logic of the software structure?

A. Logic-box test
B.White box test
C. Black Box Test
D. Gray Box Test

Answer 12

B.White box test

Explanation:
There three types of penetration tests, the black-box test that is conducted as an external attacker without any knowledge of the environment, the gray-box test that is executed with partial knowledge of the client’s environment such as the IP of the servers, or the technology used. Finally, there are the white-box test where a pentester would have access to the code of the application. Such an approach enables a thorough test of the algorithms and can spot logical weaknesses. The term logic-box test is a made-up term for some distractions.

Question 13

Daniel has been hired to strengthen the CISO team. During the interview process, he was asked the following question: Which one of the following systems assurance processes provides an independent third-party evaluation of a system’s controls that may be trusted by many different organizations?

A. Verification
B. Certification
C. Accreditation
D. Definition

Answer 13

A. Verification

Explanation:
The verification process is similar to the certification process in that it validates security controls. Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting an evaluating system, not evaluating the system itself.

Question 14

Sally just came out of law school but is interested in IT. After conducting a qualitative risk assessment of her organization, she recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?

A. Accept
B. Transfer
C. Reduce
D. Reject

Answer 14

B. Transfer

Explanation:
Purchasing insurance is a means of transferring risk. Acceptance would have been the case if Sally would have recommended going forward with the status quo. Risk reduction would take place if she would have advised taking measures that would either lower the likelihood or the impact, or both, of a risk. Rejection is not a valid risk treatment strategy.

Question 15

As a risk manager for your company, one of your colleagues asks you the following question: Which one of the following is an example of risk transference?

A. Relocating Facilities
B. Erecting Fences
C. Purchasing Insurance
D. Building a Guard Shock

Answer 15

C. Purchasing Insurance

Explanation:
Risk transference involves actions that shift risk from one party to another. Purchasing insurance is an example of risk transference because it moves the risk from the insured to the insurance company.

Question 16

Antoine, a security auditor, is looking at some logs. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions?

A. Restoring a system from backup
B. Purging log entries from the system
C. Logging into a workstation
D. Managing user accounts

Answer 16

C. Logging into a workstation|

Explanation:
From the listed options, logging into a workstation is likely not to be considered as privileged administrative activity. All the other options are administrative activities that should be conducted by experts having privileged administrative accesses.

Question 17

You are part of a large telecommunication company, operating in central Europe. From the following roles, which one might be the most effective organizational owner of the information security program you have suggested?

A. Chief Information Officer
B. CISSP-Certified Analyst
C. President and CEO
D. Manager of network security

Answer 17

A. Chief Information Officer

Explanation:
From the contextual information, only the size of the organization matters because there is a higher likelihood that these roles would be covered by different people. In smaller organizations, the same person may have several hats. Thus, from the listed option, the CIO would be the most senior individual in the perfect position to advocate for an appropriate security program. Although a CEO may be acquainted with technology and security measures, their domain of expertise often lies within the core business of the company. A manager of network security would certainly have the technical skills but lacks the aura and influence from the CIO. And finally, a CISSP certified analyst might be a person from the security team, who would not have the organizational weight to carry a security program.

Question 18

There is a growing interest from the attacker in gathering valuable information from us. What common security issue is often overlooked with cordless phones?

A. Their signal is rarely encrypted and thus can be easily monitored
B. They can allow attackers access to wireless networks;/
C. They are rarely patched and are vulnerable to malware
D. They use unlicensed frequencies

Answer 18

A. Their signal is rarely encrypted and thus can be easily monitored

Explanation:
Signals from cordless phones are not encrypted, or at best use weak encryption methods that are breakable in a matter of minutes. This weakness exposes the conversations to eavesdropping, and thus there is a risk to compromise confidentiality.

Question 19

Tao is the risk manager for NukePower, an electric powerhouse on the east coast of Japan. The data center is located in an area prone to seismic activities. Tao estimated that rebuilding the data center would cost Y10 million. An earthquake might destroy at least half of the data center. Experts determined that NukePower may suffer from an earthquake once every 200 years. What is the annualized loss expectancy for this data center being hit by an earthquake?

A. Y500,000
B. Y50,000
C. Y25,000
D. Y250,000

Answer 19

C. Y25,000

Explanation:
The annualized loss expectancy is calculated by multiplying the single loss expectancy (SLE) by the annualized rate of occurrence (ARO). In this case, the SLE is Y5,000,000, and the ARO is 0.005. Multiplying these numbers together gives you the ALE of Y25,000.

Question 20

Which method could be leveraged to take advantage of how a system handles multiple requests?

A. State attacks
B. State machine model
C. Aggregation
D. Message Authentication Code (MAC)

Answer 20

A. State attacks

Explanation:
The state attack, better known under race condition attack or TOCTOU, is taking place when a system has to deal with multiple requests at the same time. Such an attack takes place on shared data, between the moment the data is checked and the moment it is used. The other terms listed here are not relevant.

Question 21

Henry is performing a security risk assessment for his firm and is evaluating the risks associated with a flood inundating the firm’s building. The Local Environmental Agency, the LEA, determined that the building is located in a 100-year flood plain. Henry estimates that a flood would cause $5M of damage to the $40M building. What is the Annualized Loss Expectancy?

A. $50,000
B. $500,000,000
C. $5,000,000
D. $500,000

Answer 21

A. $50,000

Explanation:
ALE = SLE x ARO. To calculate the Annualized Loss Expectancy (ALE, $), you need to multiply the Single Loss Expectancy (SLE, $) with the Annualized Rate of Occurrence (ARO, ratio). In this scenario, the SLE corresponds to “Henry estimates that a flood would cause $5M of damage”. Hence, translating it to 1 event will cost $5M. Therefore, SLE=$5M. Thus, the ARO corresponds to “the building is located in a 100-year flood plain”. Hence, translate it to 1 flood in 100 years. Accordingly, ARO=1/100=0.01. Let’s calculate the ALE = SLE x ARO = $5M x 0.01 = $50,000 = $50k.

Question 22

Alfred is planning to deploy a new firewall on the perimeter of his organization’s network. What category of control does the firewall fit into?

A. Detective
B. Preventive
C. Administrative
D. Corrective
E. Attentive

Answer 22

B. Preventive

Explanation:
A properly configured firewall aims to decline communications that are not authorized. Therefore, the implementation of firewalls is a preventive control as it acts before the incident could take place. The other answers are not matching with a firewall.

Question 23

At TrustBee, every manager has clearly defined responsibilities. What should be an important function filled by senior managers on a business continuity planning team?

A. Designing failure controls
B. Arbitrating disputes about criticality
C. Evaluating the legal environment
D. Training staff

Answer 23

B. Arbitrating disputes about criticality

Explanation:
The primary function of senior managers in business continuity planning roles is to set priorities, get the required resources and arbitrate disputes about criticality.

Question 24

The organization that Matthieu works for has a traditional onsite Active Directory environment that uses a manual provisioning process for each addition to their 430-employee company. As the company adopts new technologies, they are increasingly using software as a service applications to replace their internally developed software stack. After having been in contact with several service providers, Matthieu selected the most appropriate offer. Now, he has been tasked with designing an identity management implementation that will allow his company to use cloud services while supporting their existing systems. Which technology should Matthieu use if needs to share identity information with business partners?

A. IDaaS
B.Single Sign On
C. Multifactor authentication
D. Federation

Answer 24

D. Federation

Explanation:
From the listed options, Federation is the only technology that links identity information between multiple organizations. Federating with a business partner can allow identification and authorization to occur between them, making integration much easier. Single sign-on might help to reduce the number of times a user has to enter its credentials. Multifactor might help to strengthen the authentication process. To conclude, an identity as a service (IDaaS) provider does not necessarily provide a federation.

Question 25

Quantum Computing Ltd regularly ships tapes of backup data to their second site in a neighbor state. Amongst others, these tapes contain confidential information from their accounting department and are made of solid plastic. To protect their tapes, what would be the most effective security measure that they could implement?

A. Media rotation
B. Data encryption
C. Private couriers specialized in tape shipping
D. Locked shipping containers

Answer 25

B. Data encryption

Explanation:
All options are good protection measures. However, encrypting the data is the most effective one because, no matter how secure the shipping process is, the data itself is protected against unintentional access. Even if someone gets access to the data, it won’t be possible to access it without decrypting it.

Question 26

Thomas is responsible for maintaining the security of systems used to control industrial processes located within a power plant. What term is used to describe these systems?

A. POWER
B. COBOL
C. SCADA
D. HAVAL

Answer 26

C. SCADA

Explanation:
Supervisory control and data acquisition (SCADA) systems are used to control and gather data from industrial processes. SCADA systems can be found in all kinds of industrial environments.

Question 27

You foresee building a hybrid cloud environment for your organization. Three vendors present their potential solutions. Which methodology should your team use to select the best solution?

A. Vendor review
B. Vendor screening
C. Standards selection
D. Standards deviation

Answer 27

C. Standards selection

Explanation:
In this scenario, the goal is to assess the proposed solution. Hence, you should consider the standards selection process because it will enable the team to determine the appropriate solution that suits the needs of the organization. Note that vendor screening and vendor reviewing are focusing on the third party and not on the solution.

Question 28

As part of the security review, Alfred looks into the security standards established within his company. What alternative to RADIUS is commonly used for Cisco network gear and that supports 2FA?

A. TACAS+
B. RADIUS+
C. Kerberos
D. XTACACS

Answer 28

A. TACAS+

Explanation:
From the listed options, Terminal Access Controller Access Control System (TACACS) is an earlier version of the TACACS+. These are security protocols that provide central validations of users trying to get access to network storage for example. TACACS+ is the most modern version and could be an alternative to RADIUS. Kerberos is a network authentication protocols based on tickets allowing access to network nodes. XTACACS is older than TACACS+.

Question 29

The business world relies more and more on informal communications, sometimes even off the IT’s radar. Which tool may be used to directly violate the confidentiality of communications on an unencrypted VoIP network?

A. Wireshark
B. Nmap
C. Nikto
D. Nessus

Answer 29

A. Wireshark

Explanation:
From the listed tools, Wireshark, a network monitoring tool, can capture and replay communications sent over a network. Unencrypted VoIP communications are subject to confidentiality breaches. Nmap, Nessus, and Nikto are all security tools that may identify security flaws in the network, but they do not directly erode confidentiality because they don’t capture communications.

Question 30

Aicha sent a message to Burnley. Burnley would like to demonstrate to Charles that the message he received definitely came from Aicha. Which cryptography goal is Burnley pursuing?

A. Nonrepudiation
B. Confidentiality
C. Integrity
D. Authentication

Answer 30

A. Nonrepudiation

Explanation:
Authentication aims to confirm the identity of the subject claiming who she/he is. Nonrepudiation materializes when the recipient of a message can demonstrate to a third party that the message came from the supposed sender. Confidentiality intends to protect from unauthorized access to the data. And finally, integrity aims to protect against unauthorized or accidental modification of the data.

Question 31

Danielle is testing tax software, and part of her testing process requires her to input a variety of actual tax forms to verify that the software produces the right answers. What type of testing is Danielle performing?

A. Misuse testing
B. Dynamic Testing
C. Use case testing
D. Fuzzing

Answer 31

C. Use case testing

Explanation:
Testing for desired functionality is use case testing. Dynamic testing is used to determine how code handles variables that change over time. Misuse testing focuses on how code handles examples of misuse, and fuzzing feeds unexpected data as an input to see how the code responds.

Question 32

Denzel Inc. recently faced a major incident that resulted in the loss of a data center. From the following options, which one marks the completion of their disaster recovery process?

A. Standing down first responders
B. Restoring operations in an alternate facility
C. Securing property and life safety
D. Restoring operations in the primary facility

Answer 32

D. Restoring operations in the primary facility

Explanation:
The ultimate target of a disaster recovery process is to restore normal business operations in the primary facility. The other options listed here do not refer to the end goal of a disaster recovery process.

Question 33

Intertrust Llc recently migrated its IT infrastructure to a second, very well guarded, data center. From the listed options, which physical security control broadcasts false emanations to mask the presence of true electromagnetic emanations from their devices?

A. White noise
B. Shielded cabling
C. Cooper-infused windows
D. Faraday cage

Answer 33

B. Shielded cabling

Explanation:
From the listed options, only the white noise is an active protection measure that generates false emanations that aim to “jam” the emanation from electronic equipment. The other controls can be considered as passive and protect against unwanted electromagnetic emanations.

Question 34

Jean and Gregoire are negotiating a business transaction, and Jean must demonstrate to Gregoire that he has access to a system without revealing sensitive information. What technique should Jean use?

A. Split-knowledge proof
B. Zero knowledge proof
C. Logical proof
D. Mathematical proof

Answer 34

B. Zero knowledge proof

Explanation:
In a zero-knowledge proof, one individual demonstrates to another that they can achieve a result that requires sensitive information without actually disclosing the sensitive information.

Question 35

A message digest is a shortened representation of a larger message. True or False: Message digests are used to maintain the authentication and integrity of information, not confidentiality?

A. TRUE
B. FALSE

Answer 35

A. TRUE

Explanation:
This statement is true.

Question 36

You are conducting a risk analysis for an Internet Service Provider (ISP) that has thousands of customers on its network. Over the past five years, some customers have been compromised or experienced data breaches. The ISP has a substantial amount of monitoring and logs data for all its customers. You need to determine the risk of additional customers experiencing a security incident based on that data. Which approach should you use for the risk analysis?

A. STRIDE
B. Quantitative
C. Qualitative
D. Market

Answer 36

B. Quantitative

Explanation:
There are three risk analysis methods to choose from: qualitative (e.g., high, medium, low), quantitative (computed based on existing data and figures), or a combination of both. As it is mentioned that the company monitors and gathered logs from the clients, the appropriate risk analysis method is the quantitative risk analysis. Please note that STRIDE is a threat modeling methodology, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, which focuses usually on the end results of an attack.

Question 37

What type of solution would you recommend to ensure that passwords are properly handled and that features like logging and password rotation occur when dealing with hundreds of systems with varying levels of security?

A. A strong password policy
B. A credential management system
C. Single sign on
D. Separation of duties

Answer 37

B. A credential management system

Explanation:
Credential management systems offer features like password management, multifactor authentication to retrieve passwords, logging, audit, and password rotation capabilities. A strong password policy would only make maintenance of passwords for many systems a more difficult task if done manually. Single sign-on would help if all of the systems had the same sensitivity levels, but different credentials are normally required for higher sensitivity systems.

Question 38

Henry has recently joined an accounting firm as a cybersecurity expert, and he uses encryption to protect sensitive business secrets when transiting over the Internet. Which risk aspect does he aim to reduce?

A. Likelihood
B. MTO
C. Frequency
D. Impact

Answer 38

A. Likelihood

Explanation:
Maximum Tolerable Outage (MTO) determines how long you can tolerate an outage without suffering from irrevocable losses. Frequency is not a risk related terminology. Using encryption reduces risk by lowering the likelihood that an eavesdropper will be able to gain access to sensitive information. Both Likelihood and impact could be true, but likelihood is a better answer because reducing the likelihood comes prior to reducing the impact. By encrypting the communications, you lower the likelihood of the sensible information being intercepted.

Question 39

You use symmetric encryption to protect data stored on a hard drive that will be sent with a professional carrier to another country. What key(s) are involved in the protection of this information?

A. Public and private key
B. Private key
C. Shared Key
D. Public key

Answer 39

C. Shared Key

Explanation:
Symmetric encryption is based on shared secret keys, as the encryption key is also the decryption key. Note that public and private are used for asymmetric encryption.

Question 40

In general, companies rely on a large number of service providers in order to run their business. Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party?

A. Penetration testers
B. Employees who design, implement and monitor the controls
C. External auditors
D. Internal auditors

Answer 40

C. External auditors

Explanation:
All groups listed here are performing some forms of controls. However, the external auditors are the best suited to evaluate and report on the effectiveness of administrative controls for a third party because they can provide an unbiased and impartial view of their controls.

Question 41

Gina is the firewall administrator for a small business and she has installed a new firewall. After seeing signs of unusually heavy network traffic, she checked the intrusion detection system, which reported that a SYN flood attack was underway. What firewall configuration change can Gina make to most effectively prevent this attack?

A. Enable SYN-ACK spoofing at the firewall
B. Block SYN from unknown IPs
C. Block SYN from known IPs
D. Disable TCP

Answer 41

A. Enable SYN-ACK spoofing at the firewall

Explanation:
While it may not immediately seem like the obvious answer, many firewalls have a built-in anti-SYN flood defense that responds to SYNs on behalf of protected systems. Once the remote system proves to be a legitimate connection by continuing the three-way handshake, the rest of the Transmission Control Protocol (TCP) session is passed through. If the connection proves to be an attack, the firewall handles the additional load using appropriate mitigation techniques. Blocking SYNs from known or unknown Internet Protocol (IP) addresses is likely to cause issues with systems that should be able to connect, and turning off TCP will break most modern network services!

Question 42

As an IT professional for a defense contractor that manages classified military information, which one of the following data classifications applies to information that might cause serious damage to national security if disclosed publicly?

A. Confidential
B. SBU
C. Secret
D. Top Secret

Answer 42

C. Secret

Explanation:
Information classified as Secret “applies to information for which the unauthorized disclosure could be expected to cause serious damage to the national security.” The keyword is “serious”. Note that Top Secret classification applies to information for which disclosure could cause exceptionally grave damages, and the disclosure of Confidential data could cause damage.

Question 43

Multiple attack vectors can be used by an attacker. From the following controls, which one would not be effective against SQL injections?

A. Escaping
B. Client Side Input Validation
C. Paramerterization
D. Limiting database permissions

Answer 43

B. Client Side Input Validation

Explanation:
A SQL injection attack can take place after the client-side input validation, thus this is not an effective control. Escaping, like parametrization, restricts some characters from being directly passed to the database. The limitation of database permission can prevent the execution of malicious code on the database.

Question 44

Jean-Charles, as part of the help desk team, receiving calls from users reporting that their Internet connection is slow. He confirms the issue and checks the state of the firewall. He notices that there are several thousands of unexpected inbound connections every second, and the firewall can’t cope with the number of requests. From the following options, what would such an attack be?

A. A hammering virus
B. A smurf attack
C. A denial of service attack
D. Worm

Answer 44

C. A denial of service attack

Explanation:
A Denial-of-Service (DOS) attack is threating the availability of a system in order to bring it on its knees. Based on the description, the firewall is about to collapse because it is unable to deal with the amount of requests it receives. A smurf attack is a form of Distributed DOS that exploits a vulnerability in the ICMP protocol by spoofing a victim’s IP address, resulting in high traffic targeting the victim. A worm is a self-replicating malware that propagates within the victim’s environment. Finally, a hammering virus is a made-up term.

Question 45

Marcel finished the wiring of the technical closet at the end of the corridor. What issue can happen when data transmitted over one set of wires is picked up by another set of wires?

A. Magnetic interference
B. Transmission absorption
C. Crosstalk
D. Amplitude modulation

Answer 45

C. Crosstalk

Explanation:
Crosstalk occurs when data transmitted on one set of wires is picked up on another set of wires. Magnetic interferences, also known as electromagnetic interferences can occur in presence of electrics current flowing through electronic devices. Transmission absorption is a made-up term, and amplitude modulation is how AM radio works.

Question 46

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?

A. A circuit-level gateway firewall
B. A stateful packet inspection firewall
C. An application level gateway firewall
D. A static packet filtering firewall

Answer 46

B. A stateful packet inspection firewall

Explanation:
Stateful packet inspection firewalls, also known as dynamic packet filtering firewalls, track the state of a conversation and can allow a response from a remote system based on an internal system being allowed to start the communication. Static packet filtering and circuit-level gateways only filter based on source, destination, and ports, whereas application-level gateway firewalls proxy traffic for specific applications.

Question 47

Attackers are increasingly experienced in infiltrating firms’ infrastructures to seek valuable information. Which one of the following systems is designed to lure attackers because it looks like containing interesting information?

A. Honeynet
B. Darknet
C. Honeypot
D. Pseudoflaw

Answer 47

C. Honeypot

Explanation:
A Honeypot is a decoy computer system used to bait intruders into attacking. A Honeynet is a network of multiple honeypots that creates a more sophisticated environment for intruders to explore. A Pseudoflaw is a false vulnerability in a system that may attract an attacker. A Darknet is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity.

Question 48

Jean-Charles is requesting his colleague to type some information on the computer in order to troubleshoot an issue. The Windows ipconfig command shows the following: 5C-5D-A4-4B-4C-5D. What is that information, and what could you do with it?

A. An IPv6 client ID, that can locate a computer in a room
B. A MAC address that gives you the version of your OS
C. An IP address with which you could locate the computer
D. A MAC address, to identify the network interface from the user

Answer 48

D. A MAC address, to identify the network interface from the user

Explanation:
A media access control address (MAC address) is a unique identifier assigned to a network interface controller. IP addresses have another syntax.

Question 49

Robert is the network administrator for a small business and has recently installed a new firewall. He received calls from his colleagues complaining that the connection seems slow. After seeing signs of unusually heavy network traffic, he checked his intrusion detection system, which reported that a Smurf Attack was underway. What firewall configuration change can Robert make to most effectively prevent this attack?

A. Block the source IP address of the attack
B. Block the destination IP address of the attack
C. Block inbound ICMP traffic
D. Block inbound UDP traffic

Answer 49

C. Block inbound ICMP traffic

Explanation:
Smurf Attack uses a distributed attack approach to send Internet Control Message Protocol (ICMP) echo replies at a targeted system from many different source addresses. The most effective way to block this attack would be to block inbound ICMP traffic. Blocking the source addresses is not feasible because the attacker would likely simply change the source addresses. Blocking destination addresses would likely disrupt normal activity. The Smurf Attack does not use User Datagram Protocol (UDP), so blocking that traffic would have no effect.

Question 50

Penta Solution developed a technology for creating computer motherboards. They would like to protect this technology but do not want to disclose how it works to their competitors. Which intellectual property protection technique is best suited for Penta Solution?

A. Trade secret
B. Trademark
C. Patents
D. Copyright

Answer 50

A. Trade secret

Explanation:
Trade secrets are used to protect business processes and technologies. In this case, details of the technology should not be revealed to Penta Solution competitors.

Question 51

Which of those elements can store data that has a high probability of being requested by the CPU?

A. Primary storage
B. Digital signatures
C. RAM
D. IT infrastructure library (ITIL)

Answer 51

A. Primary storage

Explanation:
The primary storage should store the data that is being requested frequently by the CPU. ITIL is a framework of good IT management. Random Access Memory is a type of storage leveraged by a system. Digital signatures are used in secure email exchanges.

Question 52

You conduct an audit for a client, during which you identify multiple instances of users gaining access to data without using an agreed access approval process. As part of the remediation, you recommend establishing a formal access approval process. Who should be responsible for defining which users can access the data?

A. Data creator
B. System owner
C.Data custodian
D. Data processor
E. Data owner

Answer 52

E. Data owner

Explanation:
Each data owner is in charge of approving access to data that they own. Policies set the requirements and the operation teams are implementing them. The data owner remains ultimately responsible for the data access. The other actors mentioned are not the ones approving the access to the data.

Question 53

Which method modifies a message into another format through the use of a code?

A. Firmware
B. OWASP
C. Encoding
D. Paging

Answer 53

C. Encoding

Explanation:
Encoding transforms a message to another format by leveraging a code. The other terms have different meanings.

Question 54

Chris deploys workstations for his firm and is aware that some will handle proprietary information. Which option best describes what should happen at the end of their lifecycle for workstations he is responsible for?

A. Sanitization
B. Erasing
C. Clearing
D. Destruction

Answer 54

A. Sanitization

Explanation:
Sanitization combines processes to ensure that data from a system cannot be recovered by any means. Clearing and erasing are both prone to mistakes and technical problems that can result in remnant data. Physical destruction is the last resort when the firm opts to destroy a workstation, which is a costly option.

Question 55

EasyEat is a large food chain with restaurants across the US. They operate hundreds of credit card transactions but are concerned about compliance issues surrounding credit card processing. What is the relevant regulation in this scenario?

A. SB 1398
B. GLBA
C. PCI-DSS
D. FERPA

Answer 55

C. PCI-DSS

Explanation:
In this scenario, the relevant standard is the Payment Card Industry Data Security Standard (PCI-DSS) because it covers the service providers who handle credit transactions. Note that GLBA applies to financial institutions, the California SB 1386 provides data breach notification requirements for California businesses, and FERPA deals with requirements for educational institutions. PCI-DSS is a set of security requirements that forces companies to implement a panel of security measures before that they are allowed to process electronic payment transactions.

Question 56

Susan is a security consultant commissioned to conduct a penetration test of a client’s wireless network. She leverages the aircrack-ng against the network and uses a password file. From the following options, what might cause her to fail in this attempt to break in?

A. The network is based on WPA2 encryption
B. WPA2 in PSK mode is implemented on this network
C. The network is set up with a strong WEP encryption
D. The network is configured to run on WPA2 enterprise mode

Answer 56

D. The network is configured to run on WPA2 enterprise mode

Explanation:
Nowadays, WEP encryption is considered to be a weak encryption methodology, and the tool mentioned could circumvent this security measure in a matter of minutes. WPA2 Enterprise leverage RADIUS authentication, which is based on a preshared key distributed by the authentication solution. This encryption is robust against password break-in attempts. WPA2 preshared key (PSK), also known as WPA2 personal, is based on a previously shared password, which Susan is specifically targeting.

Question 57

With your IT manager, you established a list of steps to be carried out in the case of a major disruption. The aim is to be able to recover as quickly as possible. What type of recovery enables a system to recover without administrator intervention and protects the systems from losing data?

A. Manual recovery
B. Automated recovery
C. Automated recovery without undue data loss
D. Functional recovery

Answer 57

B. Automated recovery

Explanation:
A manual recovery will require manual intervention, thus no automated. A functional recovery takes place when a system can autonomously recover a function. Recovering a function can be considered as a partial recovery. An automated recovery without undue data loss bears the risk that some data may be lost within the recovery process.

Question 58

You have been hired for your thorough networking skills. RIP, OSPF, and BGP are all examples of protocols associated with what type of network device?

A. Routers
B. Gateways
C. Switches
D. Bridges

Answer 58

A. Routers

Explanation:
Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and Open Shortest Path First (OSPF) are routing protocols that are associated with routers.

Question 59

True or False: A private cloud is a model where the cloud infrastructure is shared by multiple organizations?

A. TRUE
B. FALSE

Answer 59

B. FALSE

Explanation:
A private cloud is a model where the cloud infrastructure is made available for an exclusive use by a single organization.

Question 60

As a network administrator you have some solid knowledge about designing diagrams. What network topology has a central connection device?

A. A bus
B. A ring
C. A mesh
D. A star

Answer 60

D. A star

Explanation:
Ethernet networks may look like a star, but they are actually a logical bus topology that is sometimes deployed in a physical star. A star topology uses a central connection device.