CISSP Practice Questions - All CISSP Domains 120Q - 2022 #2 (2 of 2 / Anthony Today)

Question 1

Michmich is helping a user who sees a message requesting to pay a ransom to get access to the data. He understands that something is not normal. What type of attack has occurred?

A. Availability
B. Confidentiality
C. Disclosure
D. Distributed

Answer 1

A. Availability

Explanation:
Ransomware encrypts the contents of a user’s computer to prevent legitimate use, which is an example of an availability attack. Although ransomware attacks evolve over time, the breach of confidentiality is not at the core of this type of attack. Same for disclosure.

Question 2

Zoe changes the MAC address of her laptop to one that is allowed on the network. The aim is to circumvent the MAC filtering in place. Which technique is Zoe using, and what other issue can that cause?

A. Broadcast domain exploit, address conflict
B. Spoofing, token loss
C. Spoofing, address conflict
D. Sham EUI creation, token loss

Answer 2

C. Spoofing, address conflict

Explanation:
Changing a MAC address to another valid MAC address is spoofing. The related issue to such a change is that it might cause address collision because of the network inconsistency. As a result, both equipment with the same MAC address might become unreachable on the network. The other options listed here are not related to MAC addresses.

Question 3

With the growing adoption of cloud services, security experts need to focus on cyber inquiries related to the storage and encryption of the data or to answer questions about the boundaries of responsibilities of the different parties involved. A cloud-based service that provides account provisioning, management, authentication, authorization, reporting, and monitoring capabilities is known as what type of service?

A. PaaS
B. IDaaS
C. IaaS
D. SaaS

Answer 3

B. IDaaS

Explanation:
PaaS is Platform as a Service, IaaS is Infrastructure as a Service, and SaaS is Software as a Service. Identity as a Service (IDaaS) provides capabilities such as account provisioning, management, authentication, authorization, reporting, and monitoring.

Question 4

The company that Jenny works for has implemented a central logging infrastructure. During normal operations, Jennifer’s team uses the SIEM appliance to monitor for exceptions received via syslog. From the listed systems, which one does generally not have support of syslog events?

A. Enterprise wireless access points
B. Windows Desktop Systems
C. Linux Web Servers
D. Enterprise Firewall Devices

Answer 4

B. Windows Desktop Systems

Explanation:
involves testing system or application components to ensure that they work properly together. Misuse case testing focuses on how an attacker might misuse the application and would not test normal cases. Fuzzing attempts to send unexpected input and might be involved in interface testing, but it won’t cover the full set of concerns. Regression testing is conducted when testing changes and is used to ensure that the application or system functions as it did before the update or change.

Question 5

You question a candidate for a cybersecurity consultant position, what answer are you expecting to the following question: Which law mandates that communications service providers cooperate with law enforcement requests?

A. ECPA
B. CALEA
C. Privacy Act
D. HITECH Act

Answer 5

C. Privacy Act

Explanation:
The Defense Advanced Research Projects Agency (DARPA) TCP/IP model was used to create the OSI model, and the designers of the OSI model made sure to map the OSI model layers to it. The Application layer of the TCP model maps to the Application, Presentation, and Session layers, while the TCP and OSI models both have a distinct Transport layer.

Question 6

A Type 2 authentication factor that generates dynamic passwords based on an algorithm- or time-based system is what type of authenticator?

A. A PIV
B. A Smart Card
C. A Token
D. A CAC

Answer 6

B. A Smart Card

Explanation:
The policy is a subset of the administrative layer of access controls. Administrative, technical, and physical access controls all play an important role in security.

Question 7

You have an exchange with a system engineer on securing the operating system of a server. From the following options, which one is not a privileged mode?

A. User Mode
B. Kernel Mode
C. Supervisory Mode
D. System Mode

Answer 7

D. System Mode

Explanation:
Worms have built-in propagation mechanisms that do not require user interaction, such as scanning for systems containing known vulnerabilities and then exploiting those vulnerabilities to gain access. Viruses and Trojan horses typically require user interaction to spread. Logic bombs do not spread from system to system but lie in wait until certain conditions are met, triggering the delivery of their payload.

Question 8

Your system engineer notices that your servers are handling more workload than usual, and he suspects that a malicious software might be using your servers’ computing power. From the following options, which would be the best position to detect this type of incident?

A. NIDS
B. Firewall
C. HIDS
D. DLP

Answer 8

B. Firewall

Explanation:
Ethernet networks use Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) technology. When a collision is detected and a jam signal is sent, hosts wait a random period of time before attempting retransmission.

Question 9

Clara used Nmap to perform a scan of a system under her control and received the results shown here. Refer to these results to answer the question. Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-08 15:08 EST Nmap scan report for myhost (192.168.107.9) Host is up (0.033s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https If Clara’s primary concern is preventing eavesdropping attacks, which port should she block?

A. 22
B. 80
C. 443
D. 1433

Answer 9

B. 80

Explanation:
Port 80 is used by the HTTP protocol for unencrypted web communications. If Clara wishes to protect against eavesdropping, she should block this port and restrict web access to encrypted HTTPS connections on port 443.

Question 10

Which NIST special publication covers the assessment of security and privacy controls?

A. 800-55A
B. 800-53A
C. 800-34
D. 800-86

Answer 10

B. 800-53A

Explanation:
NIST SP 800-53A is titled “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans,” and covers methods for assessing and measuring controls. SP 800-34 covers contingency planning and 800-86 is the “Guide to Integrating Forensic Techniques into Incident Response.”

Question 11

Suan is configuring the network equipment for a restaurant so that clients can authenticate using their email address. Additionally, the clients will have to agree with the acceptable use policy before being able to use the network. From your point of view, what network component is she setting up?

A. 802.11
B. NAC
C. A Captive Portal
D. A Wireless Gateway

Answer 11

C. A Captive Portal

Explanation:
From the listed option, only the captive portal can allow a connection with the email address and request the agreement to a policy. 802.11 is a standard for wireless communication, while the Network Access Control (NAC) will verify the security settings of a device before being allowed to connect on a network. Finally, the wireless gateway routes communications from a wireless network to another network.

Question 12

As part of the requirements to build a secure website, it is specified that you need a proof of identity of a user that registers on the website. What would you consider as a valid proof of identity?

A. Create unique questions that only users will know
B. Ask the users to enter their social security number in addition to their username
C. Use information that both you and the user have (ie questions derived from previous exchanges)
D. Call the user on the registered phone number to verify their identity

Answer 12

C. Use information that both you and the user have (ie questions derived from previous exchanges)

Explanation:
From the listed options, only the authentication based on shared information can enable you to properly identify a user. Creating unique questions known solely by the user is not a viable option. Requesting the social security number is neither a secure identification method nor recommended to do. Finally, calling back the user on a registered number is not a secure manner to identify an individual because recent hacks demonstrated that phone calls can be redirected easily once the phones have been compromised.

Question 13

Thomas published an article about the questions he had at the CISSP certification exam. Which aspect of the (ISC)2 code of ethics has he most directly violated?

A. Advance and protect the profession
B. Act honorably, justly, responsibly, and legally
C. Protect society, the common good, necessary public trust and confidence, and the infrastructure
D. Provide diligent and competent service to principals

Answer 13

A. Advance and protect the profession

Explanation:
It is clear that such an action is totally devious and harms the CISSP certification and information security community at large. Thus, publishing such an article would mostly violate the “advance and protect the profession” of the code of ethics.

Question 14

Shiny is a jewelry manufacturer that creates its own jewelry pieces and sells them through its website. The person in charge of the Shiny’s software development organization aims to bring the company to use industry-standard practices. The approach chosen is to develop a new change management process for the company that would enable multiple developers to work on code at the same time. Which change management process allows this?

A. Configuration control
B. Change Control
C. Release Control
D. Request Control

Answer 14

B. Change Control

Explanation:
Change control provides an organized framework within which multiple developers can create and test solutions prior to rolling them out into a production environment.

Question 15

Technologies are more and more sophisticated. Which one of the following technologies is not normally a capability of Mobile Device Management (MDM) solutions?

A. Remotely wiping the contents of a mobile device
B. Assuming control of a non-registered BYOD mobile device
C. Enforcing the use of device encryption
D. Managing device backups

Answer 15

B. Assuming control of a non-registered BYOD mobile device

Explanation:
MDM products do not have the capability of assuming control of a device not currently managed by the organization. This would be equivalent to hacking into a device owned by someone else and might constitute a crime.

Question 16

If you try to secure a communication, which of the following tools would you use to guarantee a nonrepudiation?

A. Digital signature
B. Symmetric encryption
C. Firewall
D. IDS

Answer 16

A. Digital signature

Explanation:
From the list of options, only digital signature enables nonrepudiation for a message. Symmetric encryption does not achieve nonrepudiation because the same encryption would be applied twice. Firewall and IDS are network tools and do not achieve nonrepudiation.

Question 17

During a log review, you discover a series of logs that show login failures, as shown here: Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=orange Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=Orang3 Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=Orange93 Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=Orangutan1 Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=Orangemonkey What type of attack is that?

A. A brute force attack
B. A man in the middle attack
C. A dictionary attack
D. A rainbow table attack

Answer 17

C. A dictionary attack

Explanation:
Based on these logs you can recognize a common word of the dictionary “orange”, from which multiple passwords are derived. Thus, it is a dictionary attack. Brute-force attacks are based on character iterations, trying out all possibilities. A rainbow table attack is based on password hashes that usually speeds up the process for an attacker. A man-in-the-middle attack would not show up in the authentication log as the attack takes place upfront.

Question 18

Axel would like to ask all of his staff to sign an agreement that they will not share his organization’s intellectual property with unauthorized individuals. What type of agreement should Axel ask employees to sign?

A. SLA
B. NDA
C. OLA
D. DLP

Answer 18

B. NDA

Explanation:
Non-Disclosure Agreements (NDAs) prohibit employees from sharing sensitive information without authorization, even after their employment ends. They may also apply to business partners, contractors, customers, and others. Service level agreements (SLAs) and operating level agreements (OLAs) specify the parameters of service that a vendor provides to a customer. Data loss prevention (DLP) technology prevents data loss but is a technical, rather than a policy control.

Question 19

After scanning all of the systems on the wireless network, you notice that one system is identified as an iOS device running a massively out-of-date version of Apple’s mobile operating system. When you investigate further, you notice that the device is an original iPad and that it cannot be updated to a current secure version of the operating system. What will be your next step?

A. Retire or replace the device
B. Isolate the device on a dedicated wireless network
C. Install a firewall on the tablet
D. Reinstall the OS

Answer 19

A. Retire or replace the device

Explanation:
Unfortunately this is a very common situation caused by the aging devices. Thus, based on the listed options, the retirement of the device is the only choice that you have because there are no alternatives to mitigate the risk of operating such an old iPad. Consequently, all other options are either not technically feasible, or not worth the effort.

Question 20

Turlut recently decided to purchase cyber-liability insurance to cover her company’s costs in the event of a data breach. What risk management strategy is she pursuing?

A. Risk acceptance
B. Risk mitigation
C. Risk transference
D. Risk avoidance

Answer 20

C. Risk transference

Explanation:
It may be tempting to think that this action mitigates the risk, but concretely nothing changes. Therefore, it is a risk transference that involves shifting the impact of a potential risk from the organization incurring the risk to another organization. Insurance is a common example of risk transference.

Question 21

Robert is a software developer who writes code in Node.js for his organization. The company is considering moving from a self-hosted Node.js environment to one where Robert will run her code on application servers managed by a cloud vendor. What type of cloud solution is Robert’s company considering?

A. IaaS
B. CaaS
C. PaaS
D. SaaS

Answer 21

C. PaaS

Explanation:
Based on the described situation, the execution of code on a cloud hosted platform is a Platform as a Service. The other options listed do not match this description.

Question 22

Hector would like to access a document owned by Soulemane and stored on a file server. Based on the subject/object model, who or what is the subject of the resource request?

A. Hector
B. Soulemane
C. Server
D. Document

Answer 22

A. Hector

Explanation:
In a subject/object model of access control, the user or process making the request for a resource is the subject of that request. Thus, in this scenario, Hector is requesting resource access and is, therefore, the subject.

Question 23

In 2022, what is the most common type of access control used by firewalls?

A. Discretionary access controls
B. Rule based access controls
C. Task based access control
D. Mandatory access controls

Answer 23

B. Rule based access controls

Explanation:
Firewalls use rule-based access control, or Rule-BAC, in their access control lists and apply rules created by administrators to all traffic that passes through them. DAC, or discretionary access control, allows owners to determine who can access objects they control, while task-based access control lists tasks for users. MAC, or mandatory access control, uses classifications to determine access.

Question 24

You explore existing encryption algorithms with the aim to develop your own one. From the following options, which one is not a mode of operation for the Data Encryption Standard?

A. CBC
B. CFB
C. OFB
D. AES

Answer 24

D. AES

Explanation:
The Advanced Encryption Standard (AES) is a separate encryption algorithm. The DES modes of operation are Electronic Codebook (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), Output Feedback (OFB), and Counter (CTR).

Question 25

Robert notices that a system on her network recently received connection attempts on all 65,536 TCP ports from a single system during a short period of time. What type of attack could that be?

A. Denial of Service
B. Reconnaissance
C. Malicious Insider
D. Compromise

Answer 25

B. Reconnaissance

Explanation:
Based on the description, this is an example of TCP scanning, which is a network reconnaissance technique that may precede other attacks. There is no evidence that the attack disrupted system availability, which would characterize a denial-of-service attack, that it was waged by a malicious insider, or that the attack resulted in the compromise of a system.

Question 26

You have been requested to wire the IP phones of the meeting room, and would like to ensure that the work is done securely. From the following options, which is not a usual security requirement for wiring closets?

A. Place only in areas monitored by security guards
B. Do not store flammable items in the closet
C. Use sensors on doors to log entries
D. Perform regular inspections of the closet

Answer 26

A. Place only in areas monitored by security guards

Explanation:
In general, wiring closets are not necessarily in areas monitored by security guards. All the other requirements are common sense / good practices.

Question 27

In order to implement a database recovery mechanism, you recommend automating the records of transactions from your primary site to your backup site on a regular basis. If performed on an hourly basis, what is this for database recovery technique?

A. Electronic Vaulting
B. Transaction logging
C. Remote mirroring
D. Remote journaling

Answer 27

D. Remote journaling

Explanation:

Question 27

You are about to leverage the expertise from a third party to review your code. As part of the requirements that you define, you request that the third party takes into consideration the business logic. From the listed options, what type of code review service are you seeking?

A. Static
B. Fuzzing
C. Manual
D. Dynamic

Answer 27

C. Manual

Explanation:
From the listed code reviews, only the manual code review corresponds to this scenario. A manual code review, which is performed by humans who review code line by line, is the best option when it is important to understand the context and business logic in the code. Fuzzing, dynamic, and static code review can all find bugs that manual code review might not but won’t take the intent of the programmers into account..

Question 28

Before sending your backup tapes to a third-party for secure storage, what are the steps that you should take?

A. Ensure that the tapes are handles the same way the original media would be handled based on their classification
B. Increase the classification level of the tapes because they are leaving the possession of the company
C. Purge the tapes to ensure that classified data is not lost
D. Decrypt the tapes in case they are lost in transit

Answer 28

A. Ensure that the tapes are handles the same way the original media would be handled based on their classification

Explanation:
Purging the tapes would result in removing the data from the tapes. Decrypting the tapes would leave the data unprotected while in transit, and increasing the classification of tapes would not make sense because the classification schemes are, in general, focusing on the data and not on the media type. Thus, the only viable option is to handle the tapes according to their classification.

Question 29

Helene is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both, the employee’s manager and the accounting manager, have to approve the request before the access is granted. What information security principle is Helene enforcing?

A. Least privilege
B. Two person control
C. Job rotation
D. Separation of duties

Answer 29

B. Two person control

Explanation:
The process described here is two-person control. The other principles listed described different scenarios.

Question 30

You are an experienced cybersecurity project manager. Which one is not a principle of the Agile approach to software development?

A. The most efficient method of conveying information is electronic
B. Working software is the primary measure of progress
C. Simplicity is essential
D. Business people and developers must work together daily

Answer 30

A. The most efficient method of conveying information is electronic

Explanation:
The Agile approach to software development states that working software is the primary measure of progress, that simplicity is essential, and that business people and developers must work together daily. It also states that the most efficient method of conveying information is face-to-face, not electronic.

Question 31

You try to secure communication between two hosts. Which of the following does not describe data in motion?

A. Data on a backup tape that is being shipped to a storage facility
B. Data in a TCP packet
C. Data in an e-commerce transaction
D. Data in files being copies between locations

Answer 31

A. Data on a backup tape that is being shipped to a storage facility

Explanation:
Data in a TCP packet, in an e-commerce transaction, or in local RAM is in motion and is actively being used. The correct answer is the tape that is being shipped to a storage facility. You might think that the tape in shipment is “in motion,” but the key concept is that the data is not being accessed and is instead in storage.

Question 32

You are in charge of implementing the company’s strategic authentication solution. By default, in what format does OpenLDAP store the value of the userPassword attribute?

A. In the clear
B. Salted and Hashed
C. MD5 hashed
D. Encrypted using AES256 encryption

Answer 32

A. In the clear

Explanation:
By default, OpenLDAP stores the userPassword attribute in the clear. This means that ensuring that the password is provided to OpenLDAP in a secure format is the responsibility of the administrator or programmer who builds its provisioning system.

Question 33

What type of alternate processing facility includes all of the hardware and data necessary to restore operations in a matter of minutes or seconds?

A. Hot site
B. Warm site
C. Cold Site
D. Mobile Site

Answer 33

A. Hot site

Explanation:
From the listed options, only hot sites contain all of the hardware and data necessary to restore operations and may be activated very quickly.

Question 34

With the aim to leverage the data in a different environment, you try to move the content of a database to another platform. What property of relational databases ensures that once a database transaction is committed to the database, it is preserved?

A. Atomicity
B. Consistency
C. Durability
D. Isolation

Answer 34

C. Durability

Explanation:
Atomicity ensures that if any part of a database transaction fails, the entire transaction must be rolled back as if it never occurred. Durability requires that once a transaction is committed to the database it must be preserved. Consistency ensures that all transactions are consistent with the logical rules of the database, such as having a primary key. Isolation requires that transactions operate separately from each other.

Question 35

Considering the average population height is taller in the Netherlands than in Japan, what is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?

A. 3 Feet
B. 4 feet
C. 5 feet
D. 6 feet

Answer 35

D. 6 feet

Explanation:
Fences designed to deter more than the casual intruder should be at least six feet high. If a physical security system is designed to deter even determined intruders, it should be at least eight feet high and topped with three strands of barbed wire.

Question 36

You have configured your WiFi signal to not broadcast an SSID. Why would you do that, and how could your network signal be discovered?

A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets.
B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer
C. Disabling SSID broadcast prevents issues with beacon frames. THe SSID can be recovered by reconstructing the BSSID
D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network

Answer 36

B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer

Explanation:
Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID. Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer.

Question 37

If you use STRIDE to assess the softwares of your organization and that you identify threat agents and their related business impacts, how would you categorize controls that highlight issues in transactions caused by the use of symmetric keys shared amongst multiple servers?

A. Information disclosure
B.Denial of Service
C. Tampering
D. Repudiation

Answer 37

A. Information disclosure

Explanation:
Since a shared symmetric key could be used by any of the servers, transaction identification problems caused by a shared key are likely to involve a repudiation issue. If encrypted transactions cannot be uniquely identified by the server, they cannot be proved to have come from a specific server.

Question 38

From the listed options, which one would provide a strong protection against the risks of buffer overflow attacks?

A. Firewall
B. Intrusion Detection System
C. Parameter checking
D. Vulnerability Scanning

Answer 38

C. Parameter checking

Explanation:
From the listed options, only the parameter checking can ensure that the inputs provided by the users are checked before being passed on to the application. The other defensive methods listed here do not protect against buffer overflow attacks.

Question 39

WiFi signals can be of different frequencies. What speed and frequency range is used by 802.11n?

A. 54 Mbps, 5 GHz
B. 200+ Mbps, 5GHz
C. 200+ Mbps, 2.4 and 5 GHz
D. 1 Gbps, 5 GHz

Answer 39

C. 200+ Mbps, 2.4 and 5 GHz

Explanation:
802.11n can operate at speeds over 200 Mbps, and it can operate on both the 2.4 and 5 GHz frequency range. 802.11g operates at 54 Mbps using the 2.4 GHz frequency range, and 802.11ac is capable of 1 Gbps using the 5 GHz range. 802.11a and b are both outdated and are unlikely to be encountered in modern network installations.

Question 40

In order to conduct a penetration test you start by discovering the network ports accessible on the systems you target. Which tool would you use for this discovery phase?

A. Nessus
B. John
C. Nmap
D. Nikto

Answer 40

C. Nmap

Explanation:
From the listed options, Nmap allows you to address the described situation. Nikto and Nessus can be leveraged during the scanning phase. John is a password cracker tool.

Question 41

If a new law is passed that would result in significant financial harm to your company should the data that it covers be stolen or inadvertently released, what approach would you suggest?

A. Select a new security baseline
B. Relabel the data
C. Encrypt all of the data at rest and in transit
D. Review its data classifications and classify the data appropriately

Answer 41

C. Encrypt all of the data at rest and in transit

Explanation:
From the listed option, the most effective approach is to ensure the data at rest and in transit because it would protect the confidentiality principle. Selecting a security baseline does not mean that you will effectively address the issue. Relabeling the data, and / or review the data classification are administrative approaches that will not necessarily lead to an effective protection of the data. Nevertheless, note that the encryption of the data at rest is a costly approach.

Question 42

Robert is a consultant who helps organizations create and develop mature software development practices. He prefers to use the Software Capability Maturity Model (SW-CMM) to evaluate the current and future status of organizations using both independent review and self-assessments. He is currently working with two different clients. Acme Widgets is not very well organized with its software development practices. They have a dedicated team of developers who do “whatever it takes” to get software out the door, but they do not have any formal processes. Beta Particles is a company with years of experience developing software using formal, documented software development processes. They use a standard model for software development but do not have quantitative management of those processes. Robert is working with Acme Widgets on a strategy to advance their software development practices. What SW-CMM stage should be their next target milestone?

A. Defined
B. Repeatable
C. Initial
D. Managed

Answer 42

B. Repeatable

Explanation:
The Repeatable stage is characterized by basic life-cycle management processes. The Repeatable stage is the second stage in the SW-CMM, following the Initial stage. It should be the next milestone goal for Acme Widgets.

Question 43

You will be audited by your colleagues from the 3rd line of defense. A kickoff meeting for this audit has been scheduled. What topic might not be on the agenda of this meeting.

A. Scope of the audit
B. Purpose of the audit
C. Expected timeframes
D. Expected findings

Answer 43

D. Expected findings

Explanation:
The scope, purpose and expected timeframe of an audit are all to be discussed at an audit kickoff meeting.

Question 44

During what phase of the IDEAL model do organizations develop a specific plan of action for implementing change?

A. Initiating
B. Diagnosing
C. Establishing
D. Acting

Answer 44

C. Establishing

Explanation:
In the Establishing phase of the Initiating, Diagnosing, Establishing, Acting, Learning (IDEAL) model, the organization takes the general recommendations from the Diagnosing phase and develops a specific plan of action that achieves those changes.

Question 45

During what phase of the IDEAL model do you plan the specifics of how you will reach the objectives?

A. Acting
B. Diagnosing
C. Establishing
D. Initiating

Answer 45

C. Establishing

Explanation:
In the Establishing phase you prioritize the recommendations from the previous phase and develop the plans to conduct the activities.

Question 46

During what phase of the IDEAL model do you record the experience learned from doing?

A. Initiating
B. Diagnosing
C. Establishing
D. Learning

Answer 46

D. Learning

Explanation:
In the Learning phase you consolidate the information learned from experience with the aim to improve future occurrence.

Question 47

You are traveling to Las Vegas for the next hacker conference. In order to connect remotely to your organization’s network, what should you do?

A. Connect to an open WiFi and launch your VPN tool
B. Discontinue all network usage. All WiFi connections can be spoofed
C. Only use trusted Wi-Fi networks
D. Connect to your companys VPN via a hostspot generated by your phone

Answer 47

D. Connect to your companys VPN via a hostspot generated by your phone

Explanation:
The best option is to generate a hotspot from your phone and connect to your company’s VPN. There is no such thing as trusted Wi-Fi networks at a hacker conference. Open WiFi signals are likely lures that can compromise the communications passing through.

Question 48

Which California law requires conspicuously posted privacy policies on commercial websites that collect the personal information of California residents?

A. The Personal Information Protection and Electronic Document Act
B. The California Online Privacy Protection Act
C. California Online Web Privacy Act
D. California Civil Code 1798.82

Answer 48

B. The California Online Privacy Protection Act

Explanation:
The California Online Web Privacy Act does not exist. The California Online Privacy Protection Act (COPPA). requires that operators of commercial websites and services post a prominently displayed privacy policy if they collect personal information on California residents. The Personal Information Protection and Electronic Documents Act is a Canadian privacy law, while California Civil Code 1798.82 is part of the set of California codes that requires breach notification.

Question 49

An auditor questions you regarding the backup scheduling that you have implemented. What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles?

A. Weekly
B. Monthly
C. Semi-annually
D. Annually

Answer 49

D. Annually

Explanation:
Individuals with specific business continuity roles should receive training on at least an annual basis.

Question 50

You have observed that some users are storing sensitive information on their workstations, and you are concerned that the information is not properly protected. What technology can you use to shed some light on this risk?

A. IDS
B. IPS
C. DLP
D. TLS

Answer 50

C. DLP

Explanation:
Based on the listed options, only the Data Leakage Prevention (DLP) focuses on the protection of the data. Should you put such a solution in place, you could prevent sensitive information from being stored on workstations. An IDS or an IPS can be used to detect or prevent intrusions in networks or systems, and TLS is a network encryption protocol.

Question 51

Your client data has the strongest classification that you have established. Why is declassification rarely chosen as an option for media reuse?

A. Purging is sufficient for sensitive data
B. Sanitation is the preferred method of data removal
C. It is more expensive than new media and may still fail
D. Clearing is required first

Answer 51

C. It is more expensive than new media and may still fail

Explanation:
Ensuring that data cannot be recovered is difficult, and the time and effort required to securely and completely wipe media as part of declassification can exceed the cost of new media. Sanitization, purging, and clearing may be part of declassification, but they are not reasons that it is not frequently chosen as an option for organizations with data security concerns.

Question 52

Leverage your legal expertise to address this question. In a contract dispute between a company and a software vendor, one party claims that a verbal agreement was made after the signature of a written contract. What rule of evidence can be invoked in this situation?

A. Real evidence rule
B. Best evidence rule
C. Parol evidence rule
D. Testimonial evidence rule

Answer 52

C. Parol evidence rule

Explanaition:
In this case, the parol evidence rule states that when an agreement between two parties is based on a written, subsequent amendments will take place in the same format. The other evidence rules do not apply in this case.

Question 53

Which of the following processes make TCP a connection-oriented protocol?

A. It works via network connections
B. It uses a handshake
C. It monitors for dropped connection
D. It uses a complex header

Answer 53

B. It uses a handshake

Explanation:
TCP does not monitor for dropped connections nor does the fact that it works via network connections make it connection-oriented. TCP’s use of a handshake process to establish communications makes it a connection-oriented protocol.

Question 54

You are setting up some new devices in the datacenter and are worried to have them too close to the neighbors’ bay. You are looking for a physical security control that broadcasts false emanations to cover the presence of true electromagnetic emanations from your device. Which equipment would you choose?

A. Faraday cage
B. Copper-infused windows
C. Shielded cabling
D. White noise

Answer 54

D. White noise

Explanation:
White noise generates false emanations that effectively “jam” the true emanations from electronic equipment. Hence, from all of the options listed, only white noise is an active control.

Question 55

You examine a risk scenario of an insurance organization in which a malicious hacker would leverage a SQL injection attack to deface an unpatched web server. What kind of threat is such a risk based on?

A. Unpatched web application
B. Web defacement
C. Malicious hacker
D. Operating system

Answer 55

C. Malicious hacker

Explanation:
Risks are the combination of a threat and a vulnerability. Threats are the external forces seeking to undermine security, such as the malicious hacker. In this scenario, if the malicious hacker (threat) attempts a SQL injection attack against the unpatched server (vulnerability), the result is website defacement.

Question 56

Swizz Travel has offices in both the European Union and Mexico and transfers personal information between those offices regularly. Customers have requested that their accounts are terminated based on their rights to delete their data under GDPR. What is that right?

A. The right to access
B. Privacy by design
C. The right to be forgotten
D. The right of data portability

Answer 56

C. The right to be forgotten

Explanation:
The situation described here is the right to be forgotten, which has to be interpreted by the organizations as the requirement to delete customer information at their request.

Question 57

You just created a database table that contains information about your organization’s employees. This table contains the name, user ID, birthdate, and address of your 17 employees. What is the degree of this table?

A. 3
B. 4
C. 6
D. 17

Answer 57

B. 4

Explanation:
The degree of a datatable is the number of attributes. In other terms, it is the number of columns, and not the number of rows.

Question 58

If you get the following audit finding: “The administrator shall review backup success and failure logs on a daily basis, and take action in a timely manner to resolve reported exceptions.”, what is the issue that your department may face when you have to restore some data?

A. They will not know if the backups succeeded or failed
B. The backups may not be properly logged
C. The backups may not be usable
D. The backup logs may not be properly reviewed

Answer 58

C. The backups may not be usable

Explanation:
The audit finding indicates that the backup administrator may not be monitoring backup logs and taking appropriate action based on what they report, thus resulting in potentially unusable backups.

Question 59

You wrote a script that sends data to a web application that you are testing. Every time the script runs, it sends a series of transactions with data that fits the expected requirements of the web application to verify that it responds to typical customer behavior. What type of transactions and test are you using?

A. Synthetic, passive monitoring
B. Synthetic, use case testing
C. Actual, dynamic monitoring
D. Actual, fuzzing

Answer 59

B. Synthetic, use case testing

Explanation:
Based on the description you are sending synthetic transactions and are conducting use case testing. Fuzzing involves sending unexpected inputs to an application. Active or passive monitoring are not commonly used terms, however we know that monitoring is passive by nature.