CISSP Practice Questions - All CISSP Domains 120Q - 2022 #1 (2 of 2 / Anthony Today)

Question 1

As a security consultant for a large company, you are expected to align the security operations with the industry-standard control frameworks. For that purpose, your client wants you to put the focus on technology solutions that will negatively impact malicious activities. Which type of control should you focus on?

A. Discouraging
B. Corrective
C. Preventative
D. Discarding
E. Detective
F. Deterrent

Answer 1

F. Deterrent

Explanation:
Deterrent security controls are technology-related and used to discourage malicious activities. Please note that preventative controls prevent an incident to occur (e.g., firewalls), detective controls will detect exceptions to an environment (e.g. CCTV), and a corrective control modifies the environment to return systems to normal after an unwanted or unauthorized activity has occurred. Finally, discouraging is not part of the security controls taxonomy.

Question 2

You are working on a business continuity project for the company ABC. This project generates a large volume of documents every day. Your team estimated two hours as the maximum tolerable data loss in a disaster recovery or business continuity event. Where should you document this in the business continuity plan?

A. Maximum Tolerable Downtime (MTD)
B. Maximum Data Tolerance (MDT)
C. Recovery Point Objective (RPO)
D. Recovery Time Objective (RTO)

Answer 2

C. Recovery Point Objective (RPO)

Explanation:
The Recovery Point Objective (RPO) determines the maximum tolerable data loss for the firm. Please note that the Recovery Time Objective (RTO) sets the time under which key operations of the firm should be reestablished, the Maximum Tolerable Downtime (MTD) covers the time between the incident and the recovery of the services. MDT is not a terminology used in business continuity management.

Question 3

Fred needs to transfer files between two servers on the DMZ that is exposed to the Internet. Given that this network is untrusted, what encryption protocol should he select to protect his data?

A. SFTP
B. TCP
C. SSH
D. IPsec

Answer 3

A. SFTP

Explanation:
From the listed option, SSH is used for secure command-line access, but not for transferring files. TCP is a transport protocol, but does not protect the files during the transfer. Likewise, IPsec could be leveraged to setup a tunnel between the two servers to transfer the files, but it isn’t designed for file transfers. Finally, the Secure File Transfer Protocol (SFTP) is purposely designed to transferring encrypted files.

Question 4

James is performing a business impact assessment (BIA) as part of his organization’s business continuity program. He determined the longest period of time that a service can be unavailable without causing damage to the business. What BIA variable did James determine?

A. RPO
B. MTD
C. ALE
D. RTO

Answer 4

B. MTD

Explanation:
The Maximum Tolerable Downtime (MTD) is the amount of time that a service may be unavailable before causing significant damage to the business. It is the senior management of the company that determines the MTD. Please note that the RPO and RTO are objectives, that the company will try to reach should an event occur. The Recovery Time Objective (RTO) is the amount of time the business expects it will take to recover operations after a disruption. The Recovery Point Objective (RPO) describes the amount of acceptable data loss in the event of a disruption.

Question 5

The CEO of your company is extremely worried about the potential disruption of the services provided to the clients. Which one of the following is not normally included in business continuity plan documentation?

A. Statement of priorities
B. Statement of accounts
C. Statement of importance
D. Statement of organizational responsibility

Answer 5

B. Statement of accounts

Explanation:
The elements usually covered by a business continuity plan documentation are the continuity planning goals, statement of organizational responsibility, a statement of importance, statement of priorities, statement of urgency and timing, risk assessment and risk treatment information, emergency response guidelines, and documentation for maintaining and testing the plan.

Question 6

In communications, multiple exchanges take place. What is sent at the second step of the three-way TCP handshake?

A. FIN/ACK
B. ACK
C. SYN/ACK
D. SYN

Answer 6

C. SYN/ACK

Explanation:
The three-way handshake is SYN, SYN/ACK, ACK. The counterpart system is expected to respond with “Synchronize and Acknowledge” after having received a SYN.

Question 7

Susan, a cybersecurity expert, needs to scan a system for vulnerabilities, and she wants to use an open-source tool to test the system remotely. Which of the following options would meet her requirements and allow vulnerability scanning?

A. MBSA
B. Nessus
C. Nmap
D. OpenVAS

Answer 7

D. OpenVAS

Explanation:
Open Vulnerability Assessment Scanner (OpenVAS) is an open-source vulnerability scanning tool that generates a report of the vulnerabilities from a remote, network-based scan. Nmap (Network mapper) is an open-source port scanner. Both the Microsoft Baseline Security Analyzer (MBSA) and Nessus are closed source tools.

Question 8

You are working with your personnel department on a legal arrangement to protect information shared with a vendor. What type of agreement would be most effective?

A. Indemification
B. NDA
C. SLA
D. Non-compete

Answer 8

B. NDA

Explanation:
Non-Disclosure Agreements (NDAs) protect sensitive information shared between two entities, requiring one or both entities to maintain confidentiality with regard to the information available. Please note that a Service Level Agreement (SLA) will determine the level of performance expected from a third party. The other two terms are not relevant here.

Question 9

Polarizz is a security service provider based in the middle of an industrial area and tries to develop its offering. What type of vulnerability does a TOC/TOU attack target?

A. Injection flaw
B. Race condition
C. Lack of encryption
D. Lack of input validation

Answer 9

B. Race condition

Explanation:
Time to Check / Time-of-Use (TOC/TOU) attacks target situations where there is a race condition, meaning that a dependence on the timing of actions allows impermissible actions to take place. The other vulnerabilities listed here do not characterize a TOC/TOU type of attack

Question 10

What is Nmap for a type of tool?

A. Network design and layout
B. Port scanner
C. Vulnerability Scanner
D. Web application fuzzer

Answer 10

B. Port scanner

Explanation:
Nmap, which stands for Network Mapper, is a very popular open-source port scanner. None of the other options can be correct.

Question 11

From the following options, which technology is used to verify that a dial-up user is connecting from the phone number they are preauthorized to use in a way that avoids spoofing?

A. Callback
B. CallerID
C. CHAP
D. PPP

Answer 11

A. Callback

Explanation:
Callback disconnects a remote user after their initial connection and then calls them back at a preauthorized number. This technology avoids spoofing. Caller Identification (CallerID) can help with this but can be spoofed, making callback a better solution. Challenge-Handshake Authentication Protocol (CHAP) is an authentication protocol, and Point-to-Point Protocol (PPP) is a dial-up protocol. Neither will verify a phone number.

Question 12

In financial services, what approach to technology management integrates the three components of technology management: operations, development, and quality assurance?

A. ITIL
B. DevOps
C. Agile
D. Lean

Answer 12

B. DevOps

Explanation:
ITIL is about sound IT management practices, and Lean is a method for increasing the efficiency of a business. The DevOps approach to technology management seeks to integrate software development, operations, and Quality Assurance in a seamless approach that builds collaboration between the three disciplines.

Question 13

René is in charge of the data center management for the company Transparent Ltd. He is connected on the web interface of an equipment via the port 443, and he is analyzing log files. From the following options, which type of log file does contain samples of deny status for inbound and outbound TCP and UDP sessions?

A. System
B. Firewall
C. Web server
D. Application

Answer 13

B. Firewall

Explanation:
The contextual information brings little information, but given the description of the log file, it is very likely that it was generated by a firewall. In fact, log files from firewalls record the exchanges of information from one IP address to another and include the transport protocol information. Log files from applications are specific to each application. In general, system logs are related to processes or events.

Question 14

From the following activities, which one is considered as an integral part to all phases of the SDLC?

A. Verification
B. Design
C. Testing
D. Security

Answer 14

D. Security

Explanation:
The Software Development Lifecycle (SDLC) has several phases, including Design and Test, but from the listed options, only Security is part of all phases. Verification is synonym to the testing phase, but does not address the question.

Question 15

From the following examples, which one is a covert timing channel when used to exfiltrate information from a company?

A. Dispatching an encrypted electronic mail message
B. Typing with the rhythm of Morse code
C. Sharing a file on a peer to peer sharing service
D. Copying data to a shared memory space

Answer 15

B. Typing with the rhythm of Morse code

Explanation:
In general, covert channels use surreptitious communications paths. Thus, covert timing channels alter the use of a resource in a measurable fashion to exfiltrate information. When typing using a specific rhythm of Morse code, it is a sample of a covert timing channel because someone listening to the keystrokes could receive a secret message with no trace of the message left in logs.

Question 16

In general, application developers are creative in their approach to address the requirements of their stakeholders. How do we refer to a test that aims at preventing unintended actions?

A. Manual testing
B. Dynamic testing
C. Use case testing
D. Misuse case testing

Answer 16

D. Misuse case testing

Explanation:
Use case testing are designed to specifically test the functions that the software is expected to perform. On the other hand, misuse case testing aims to prevent unintended actions. Manual testing refers to testing the code by hand, while dynamic testing is based on how the code handles variables that change over time.

Question 17

Hector has been commissioned to conduct an account management assessment. What are the accounts that are usually of most interest for an assessor?

A. A random sample
B. Highly privileged accounts
C. Accounts with no expiration dates
D. Newly created accounts

Answer 17

B. Highly privileged accounts

Explanation:
In general, assessors are interested in the highly privileged accounts because they pose a greater risk to the environment. Accounts with no expiration dates can be concerning, but it doesn’t mean that they have high privileges. Newly created accounts might be the outcome of automated processes, hence they should not be too much of a concern. Finally, the random sample is a good approach, but the biggest focus should be highly privileged accounts because of their power.

Question 18

From the following options, which isn’t true about SSAE-18?

A. SSAE-18 is used for external audits
B. SSAE-18 mandates a specific control set
C. SSAE-18 is an attestation standard
D. SSAE-18 uses a framework, including SOC1, SOC2 and SOC3 reports

Answer 18

B. SSAE-18 mandates a specific control set

Explanation:
Statement on Standards for Attestation Engagements no. 18 is a generally accepted audit standard. More specifically, it reviews the use and application of controls in an audited organization. Additionally, it is an attestation standard, used for external audits, and forms part of the underlying audit framework for SOC 1, 2, and 3 reports.

Question 19

You are replacing used magnetic hard drives from a facility and are worried about data remanence issues. What tool can you use to effectively address this issue?

A. Degausser
B. Sinple-pass wiper
C. Disk formatter
D. Disk partitioner

Answer 19

A. Degausser

Explanation:
From the proposed solution, the degausser is the only approach that goes beyond the logical alteration of the hard drive content. In fact, the degausser will directly modify the magnetic field on the hard drives’ platters. In this scenario, it is the most appropriate solution. Please note that the other solutions proposed do not address the data remanence issue but are reassigning the storage space.

Question 20

Alice would like to have read permissions on an object and knows that Bob already has those rights and would like to give them to herself. Which one of the rules in the Take-Grant protection model would allow her to complete this operation?

A. Take Rule
B. Create Rule
C. Remote Rule
D. Grant Rule

Answer 20

A. Take Rule

Explanation:
The take rule allows a subject to take the rights belonging to another object. If Alice has take rights over Bob, she can give herself the same permissions that Bob already possesses. Grant rule is about granting someone else the right.

Question 21

Jean-Yves, a student in computer sciences, asks you the following question: What technology ensures that an OS allocates separate memory spaces used by each application on a system?

A. Process Isolation
B. Data Hiding
C. Layering
D. Abstraction

Answer 21

A. Process Isolation

Explanation:
In multilevel security systems, the process isolation ensures that the operating systems allocate a separate section of memory for each process. Resultantly, process isolation prevents processes from accessing each other’s data.

Question 22

True or False: Key clustering takes place when the combination of two encryption keys is needed to create a plaintext input message?

A. TRUE
B. FALSE

Answer 22

B. FALSE

Explanation:
Key clustering takes place when different encryption keys generate the same ciphertext from the exact same plaintext input message.

Question 23

The BioStrong contracting firm would like to add an administrative security control that protects against insider threats. Which one of the following controls would best fit the purpose?

A. Penetration tests
B. Background checks
C. Data Loss Prevention Systems
D. Vulnerability Scans

Answer 23

B. Background checks

Explanation:
Conducting background checks in order to identify profile flaws supports the organization in being diligent in its hiring process. Therefore, background check is the appropriate administrative control described here. Note that DLP, penetration tests, and vulnerability scans are technical controls that might have an impact on your technical environment.

Question 24

Phoser Ltd just faced a major incident and lost several thousands of personal data. Their Chief Compliance Officer worries about the media exposure of the incident, and the potential lawsuits that the company will face. Given the fact that the company is in the process of addressing the incident, within which phase would the IT team design new security controls with the aim to prevent the future occurrence of such an issue?

A. Remediation
B. Lessons Learned
C. Recovery
D. Reporting

Answer 24

A. Remediation

Explanation:
The context of the incident says little about its way to address it. Let’s consider it as an intentional distraction. From the listed options, the remediation phase encompasses the root cause analysis as well as the implementation of the necessary security measures that would prevent the occurrence of a similar incident. The reporting phase is about gathering the relevant information about the incident and notifying the necessary stakeholders (e.g., regulators if mandated to do so). The recovery phase has a much shorter time frame than the remediation phase for the reason that it focuses on bringing back the system to a normal state. Thus, if the company faced a system interruption, it would aim to bring it back online as fast as possible, without worrying directly about the cause of the incident. The lessons learned take place post-remediation, and consist of gathering what went well and what didn’t so that processes can be adjusted where needed.

Question 25

If a system starts to archive the log when the log file reaches 50MB, what is the issue that may occur due to the log handling settings?

A. Log data may be overwritten
B. Log data may be lost when the log is archived
C. Log data may fill the system disk
D. Log data may not include needed information

Answer 25

C. Log data may fill the system disk

Explanation:
There is a risk that archiving logs will fill up the system disk. Based on the information given, there is not enough information for another answer to be true.

Question 26

From the following virus types, which creates many variants by altering its code to deceive antivirus solutions?

A. Polymorphic virus
B. Monochrome virus
C. Stealth virus
D. Encrypted virus

Answer 26

A. Polymorphic virus

Explanation:
A polymorphic virus will slightly change from infection to infection, which will make its detection harder because it has a different signature on each infection system. A stealth virus will hide the modification that it has in files. An encrypted virus will be completely different at each infected system because it will use a different key to encrypt itself. A monochrome virus is a made-up term.

Question 27

Matthieu is in charge of the security of payment card information stored in a database. What security measure could prevent accidental deletion of database entries while Matthieu performs operational duties?

A. Implementing strict permissions
B. Purchasing insurance
C. Encrypting the database contents
D. Defining an exception model

Answer 27

A. Implementing strict permissions

Explanation:
Purchasing insurance would transfer some of the risks, but would not limit the risk of entries deletion. From the other proposed options, only the implementation of strict permission would technically reduce the risk of accidental deletion of records.

Question 28

Which of the following algorithms would not be acceptable to use to securely exchange sensitive information over the Internet?

A. RSA
B. DES
C. AES
D. Blowfish

Answer 28

B. DES

Explanation:
The Data Encryption Standard (DES) is an outdated symmetric encryption algorithm, that has been retired by NIST more than a decade ago, and per consequent, is no longer considered secure.

Question 29

Altma Ltd made the acquisition of a large real estate complex, next to a pharmaceutical company. Alberto has recently been appointed network engineer of the company and is designing the network topology of the new building. He is aware that he needs to span a distance of more than 175 meters with a 1000Base-T network. This newly constructed complex is designed in order to address the requirements from Altma Ltd, which is to locate the finance department on the third floor, and the IT team on the ground floor. From the approaches listed here, which would be the most suitable technology for the described situation?

A. The network engineer must use redundant STP cables to prevent noise from affecting the signal
B. Alberto should use Cat7 cables in order to improve long distance communications
C. Alberto should leverage the help from an electrician to set up a couple of gateways to handle this long distance
D. Alberto should install a repeater at least every 100 meters

Answer 29

D. Alberto should install a repeater at least every 100 meters

Explanation:
Cat7 cables are appropriate for a 10Gbps network, which is not the requirement described here. Additionally, these cables are suitable for shorter communications. Redundant STP cables are a made-up name. Nevertheless, an STP cable is preconized for a distance of about 150 meters, which would not be suitable for the described situation. Leveraging the expertise from an electrician may be useful for the installation, but the installation of gateways does not make sense, and/or lack clarity to be an acceptable answer to this question. Finally, given the distance specified (175 meters), it would be necessary to set up a repeater in order to amplify the signal. Such a device should be placed at least every 100 meters, hence, one equipment in this situation.

Question 30

Alfred is looking after a network issue and notices that the NAT router he is connected to has 192.168.x.x as its subnet, and 192.168.1.140 as its external IP address. What is the issue?

A. The upstream system is unable to de-encapsulate his packets and he needs to use PAT instead
B. 192.168.x.x is a nonroutable network and will not be carried to the Internet
C. 192.168.1.40 is not a valid address because it is reserved by RFC 1918
D. Double NATing is not possible using the same IP range

Answer 30

D. Double NATing is not possible using the same IP range

Explanation:
The Network Address Translation (NAT) method maps an IP address from one area to another network area by modifying the IP header of the packets in transit. Double NATing isn’t possible with the same IP range; the same IP addresses cannot appear inside and outside of a NAT router. RFC 1918 addresses are reserved, but only so they are not used and routable on the Internet, and changing to PAT would not fix the issue.

Question 31

Two interconnection models coexist in our environment; using the OSI model. What format does the Data link Layer use to format messages received from higher up the stack?

A. A frame
B. A segment
C. A datastream
D. A datagram

Answer 31

A. A frame

Explanation:
When a message reaches the Data Link layer, it is called a frame. Data streams exist at the application, presentation, and session layers, whereas segments and datagrams exist at the transport layer (for TCP and UDP, respectively).

Question 32

After consulting your peers, you have decided to accept one of the risks related to the business continuity planning effort. What will be the next step?

A. Design a disaster recovery plan
B. Document the decision making process
C. Repeat the business impact assessment
D. Implement a new security controls to reduce the risk level

Answer 32

B. Document the decision making process

Explanation:
Every such decision should be documented so that both the auditors have a track record of the approach chosen, and your company records the reasoning of the decision that was made. The other options listed here would take place at a later stage.

Question 33

Theo reviewed the configuration of a level 3 switch. From the following options, which one should he give consideration when multilayer protocols are allowed?

A. Encryption cant be incorporated at multiple layers
B. A range of protocols is used at higher layers
C. Covert channels are allowed
D. Filters cannot be bypassed

Answer 33

C. Covert channels are allowed

Explanation:
The concerns related to multilayer protocols are threefold; there is a risk of covert channels, filters can be bypassed through layered protocols, and logical boundaries can be bypassed too. Multilayer protocols allow encryption at various layers and support a range of protocols at higher layers.

Question 34

Janet is developing a mission-critical application that has a direct impact on human safety. Given the fact that functioning software is more important than cost and time aspects, which software development methodologies would be the most appropriate?

A. DevOps
B. C
C. Waterfall
D. Agile

Answer 34

C. Waterfall

Explanation:
The Agile methodology enables the development team to take into consideration new requirements as they develop the software. Likewise, the DevOps methodology is complementary to the Agile methodology, thus, both would not be appropriate for this case because incorporating constant changes in the requirements increases the likelihood of errors. C is a programming language. Although C language is considered to be reliable and provides fast execution when compiled, it is not a development methodology. The Waterfall methodology is appropriate to this situation because it is designed for stable requirements and control over the development process.

Question 35

From the following options which element of information is not considered personally identifiable information that would trigger most U.S. state data breach laws?

A. Credit card number
B. Drivers license number
C. Student identification number
D. Social security number

Answer 35

C. Student identification number

Explanation:
Student identification number is not considered as PII, however, social security number, a driver’s license number and a credit card number are all considered as PII.

Question 36

True or False: Multi-stage lattice models are security models that depict strict layers of subjects and objects, and define clear rules that allow or prevent interactions between them based on the layers they are in?

A. TRUE
B. FALSE

Answer 36

A. TRUE

Question 37

Which method involves the removal of characteristics from an entity to represent its essential properties?

A. Abstraction
B. Algorithm
C. Diffusion
D. Substitution

Answer 37

A. Abstraction

Explanation:
Abstraction enables the assignment of security controls to a group of alike objects, with the aim to simplify the model.

Question 38

NIST Special Publication 800-92, the Guide to Computer Security Log Management, was developed in conjunction with the FISMA, and describes four types of common challenges to log management: many log sources, inconsistent log content, inconsistent timestamps, inconsistent log formats. Which of the following solutions is best suited to solving these issues?

A. Standardize on the Windows event log format for all devices and use NTP
B. Implement a SIEM
C. Ensure logging is enabled on all endpoints using their native logging formats and set their local time correctly
D. Implement SNMP for all logging devices

Answer 38

B. Implement a SIEM

Explanation:
A Security Information and Event Management (SIEM) is a tool that centralizes logs from multiple systems. A SIEM solution can also analyze and trigger alerts in the case of abnormal activities derived from the analyses. The other options address only partially the question.

Question 39

From the following options, which one is not an example of technical control that could safeguard your assets?

A. Encryption
B. Router ACL
C. Data Classification
D. Firewall Rule

Answer 39

C. Data Classification

Explanation:
All are technical controls, except data classification, which is an administrative control.

Question 40

Considering that the protection of client’s data is your most important duty, what encryption algorithm would provide strong protection for data stored on a USB thumb drive?

A. DES
B. SHA1
C. TLS
D. AES

Answer 40

D. AES

Explanation:
From the list options, Advanced Encryption Standard (AES) is a strong symmetric cipher that is appropriate for use with data at rest. As data stored on a USB thumb drive data at rest, AES would be the best answer here. SHA1 is a cryptographic hash, while TLS is appropriate for data in motion. DES is an outdated and insecure symmetric encryption method.

Question 41

What type of tool are the following equipment: Nessus, OpenVAS, and SAINT?

A. Vulnerability scanners
B. Port scanners
C. Port mappers
D. Patch management system

Answer 41

A. Vulnerability scanners

Explanation:
SAINT, Nessus, and OpenVAS are vulnerability scanning tools widely used on the market. In order to operate, these tools also include port-scanning capabilities, but that’s only a subset of their features.

Question 42

While numerous regulations have been established in the financial industry, what law provides intellectual property protection to the holders of trade secrets?

A. Glass-Steagall Act
B. Economic Espionage Act
C. Copyright Law
D. Lanham Act

Answer 42

B. Economic Espionage Act

Explanation:
The Lanham Act, from1946, also known as the Trademark Act, governs the trademarks. The Economic Espionage Act imposes fines and jail sentences on anyone found guilty of stealing trade secrets from a U.S. corporation. It gives true teeth to the intellectual property rights of trade secret owners.

Question 43

You are responsible of an online forum. if an attacker posts a message that contains an embedded malicious script that won’t be displayed to the user but executes on the user’s system when read. Which type of attack would that be?

A. Persistent XSS
B. Nonpersistent XSRF
C. Nonpersistent XSS
D. Persistent XSRF

Answer 43

A. Persistent XSS

Explanation:
This is a persistent cross-site scripting (XSS) attack because the attacker trick’s the victim’s browser into executing a script through the use of a third-party. In this particular scenario, the attack is considered persistent because the script remains on the forum.

Question 44

Kevin is a database administrator and would like to use a tool designed to test the security of his databases. Which one of the following tools is best suited for this purpose?

A. Sqlmap
B. Nmap
C. Sqlthrash
D. Nessus

Answer 44

A. Sqlmap

Explanation:
Sqlmap is a dedicated database vulnerability scanner and is well-suited for Kevin’s purposes. Nmap is a network port scanner that would not provide relevant results. Nessus is a network vulnerability scanner and may detect issues with a database but would not be as effective as sqlmap. Sqlthrash does not exist.

Question 45

Howard chooses a cryptographic algorithm that supports the creation of digital signatures. Which of the following options might meet his requirement?

A. Blowfish
B. DES
C. RSA
D. AES

Answer 45

C. RSA

Explanation:
Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only the Rivest-Shamir-Adleman cryptosystem, more commonly known as RSA, is asymmetric and supports digital signature capabilities.

Question 46

Jean-Patrick is conducting a risk assessment for his organization. He determined the amount of damage that a single flood could cause. What is the identified metric?

A. AV
B. SLE
C. ALE
D. ARO

Answer 46

B. SLE

Explanation:
The Asset Value is the amount ($) of your asset that you risk losing. The Annual Loss Expectancy is the amount of losses for an entire year. Several losses can occur during the year. The Annual Rate of Occurrence represents the number of occurrences per year. If there is a risk that the incident occurs once every 100 years, the ARO = 1 /100 = 0.01. The Single Loss Expectancy (SLE, $) is the amount of damage that a risk is expected to cause each time that it occurs.

Question 47

From the following list of controls, which one would protect an organization should it face a longer period of power loss?

A. Generator
B. RAID
C. Redundant servers
D. Uninterruptible power supply (UPS)

Answer 47

A. Generator

Explanation:
All options would improve the resiliency of an organization. The RAID, if configured for example as RAID 5, would prevent the loss of data in the case of a disk failure. The redundant servers would protect against the loss of availability (e.g., of a service). A UPS would protect an organization from short power shortages or surges. Compared to a generator, a UPS has a limited power reserve depending on the size of its batteries and the consumption. A generator would be the best way to address a longer power loss because its power reserve can be refueled.

Question 48

Events that could lead to a negative impact on the company occur more often than we think. During which phase of the incident response process would an analyst receive an intrusion detection system alert and verify its accuracy?

A. Detection
B. Response
C. Mitigation
D. Reporting

Answer 48

A. Detection

Explanation:
Verification of the accuracy of the alerts takes place during the detection phase. However, the mitigation, reporting, or response phases all take place after the detection phase.

Question 49

Which of the following is not a valid LDAP DN?

A. ou=example,dc=example,dc=com+dc=org
B. ou=example
C. cn=ben,ou=example;
D. cn=ben+ou=sales

Answer 49

C. cn=ben,ou=example;

Explanation:
Lightweight Directory Access Protocol (LDAP) Distinguished Names (DN) are composed of comma-separated components, ending with a semicolon. From the listed options, only one matches this requirement.

Question 50

Our environment can be impaired by vulnerabilities. Which one of the following is an example of physical infrastructure hardening?

A. Fire suppression system
B. Antivirus software
C. Hardware-based network firewall
D. Two-factor authentication

Answer 50

A. Fire suppression system

Explanation:
Antivirus software, hardware firewalls, and two-factor authentication are all examples of logical controls. Fire suppression systems protect infrastructure from physical damage. Along with uninterruptible power supplies, fire suppression systems are good examples of technology used to harden physical infrastructure.

Question 51

As the security administrator for a medical practice in a large city, you are concerned about the type of information subject to the Health Insurance Portability and Accountability Act (HIPAA). Which one of the following best describes HIPAA-regulated information?

A. SBU
B. PII
C. PHI
D. Classified

Answer 51

C. PHI

Explanation:
Protecting the Protected Health Information (PHI) is the primary purpose of the Health Insurance Portability and Accountability Act (HIPAA). Note that Classified information applies to military and defense regulations, and the Personally Identifying Information (PII) is not specific enough in this scenario.

Question 52

Which core element of an operating system has for the main function to provide access to system resources?

A. System kernel
B. State attacks
C. Software
D. Firmware

Answer 52

A. System kernel

Explanation:
The system kernel is a core element of an operating system and is in charge of giving access to the system resources. State attacks is a race condition attack for an access to data. Firmware and software are types of algorithms that do not aim to provide access to the system resources.

Question 53

Security standards on access management have very recently been amended. From the following options, which is best described as an access control model that focuses on subjects and identifies the objects that each subject can access?

A. An access control list
B. A capability table
C. A rights management matrix
D. An implicit denial list

Answer 53

B. A capability table

Explanation:
Access Control List (ACL) is object-focused rather than subject-focused. Capability Tables List (CPL) the privileges assigned to subjects and identify the objects that subjects can access. Implicit deny is a principle that states that anything that is not explicitly allowed is denied, and a rights management matrix is not an access control model.

Question 54

Isabelle recently read about a new hacking group that is using advanced tools to break into the web servers of firms running public-facing applications. In risk management terminology, how would she describe this group of hackers?

A. Standard
B. Vulnerability
C. Threat
D. Risk

Answer 54

C. Threat

Explanation:
For the reason that hackers are external to the company, and that they seek to take advantage of a vulnerability, they are considered as a threat. Note that vulnerabilities are weak items in the environment that you can control, and risks are the combination of a threat agent exploiting a vulnerability. Threats are internal or external factors, but cannot be controlled. Nevertheless, they have to be taken into consideration.

Question 55

You are an experienced project manager who leads a project that aims to onboard the client’s top applications of the company’s strategic security solutions. What type of project management tool uses nodes to represent milestones and deliverables, and shows the estimated time between milestones?

A. Wireframe diagram
B. WBS chart
C. PERT Chart
D. Gantt Chart

Answer 55

C. PERT Chart

Explanation:
Gantt charts use a different format with a row for each task and lines showing the expected duration of the task. Work breakdown structures are an earlier deliverable that divides project work into achievable tasks. Program Evaluation and Review Technique (PERT) charts use nodes to represent milestones or deliverables and then show the estimated time to move between milestones. Wireframe diagrams are used in web design.

Question 56

You are working for a pharmaceutical company that is ready to release a new cancer-curing drug. From the listed options, which business process requires sign-off from a manager before modifications are made to a production system?

A. Change management
B. SDN
C. Release management
D. Versioning

Answer 56

A. Change management

Explanation:
The described context should not alter your answer to this question. Change management is based on a sequence of administrative steps to follow. Thus, the approval from a manager, usually named Change Manager, might be required prior to any change made to a system. Release management refers to a process toward the Production release of a new software, while versioning is the methodology that describes how multiple versions of the same software should be referred to and managed. Versioning involves a naming nomenclature for the different versions (e.g., minor version #.x, major version x,#). SDN, which stands for Software-defined Networking, is an approach to networking that uses software-based controllers.

Question 57

Samual is blocked from writing to the data file by the Biba integrity model. To draft the scene, Samual has a Secret security clearance, and the file is classified Top Secret. His manager can edit this file. What is the principle that is preventing Samual from editing this file?

A. Simple Security Property
B. *-Security Property
C. *-Integrity Property
D. Simple Integrity Property

Answer 57

C. *-Integrity Property

Explanation:
The * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (no write up).

Question 58

True or False: A hybrid cloud infrastructure is a composition of at least two cloud infrastructure models that remain unique entities but are linked together by standardized or proprietary technology that enables data and application portability?

A. TRUE
B. FALSE

Answer 58

A. TRUE

Explanation:

Question 59

Faith is looking at the /etc/passwd file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field?

A. Plaintext password
B. *
C. x
D. Hashed Password

Answer 59

C. x

Explanation:
When a system uses shadowed passwords, the hashed password value is stored in /etc/shadow instead of /etc/passwd. The /etc/passwd file would not contain the password in plaintext or hashed form. Instead, it would contain an x to indicate that the password hash is in the shadow file. The * character is normally used to disable interactive logins to an account.

Question 60

Your organization has the goal to optimize the protection of the organizational assets. As a security consultant, you are expected to recommend the best method to limit data remanence in the organization. Which is of the following method should you recommend?

A. Degaussing
B. Data Encryption
C. Physical Destruction
D. Overwriting of data
D. Formatting volumes

Answer 60

C. Physical Destruction

Explanation:
From the methods listed, degaussing and the physical destruction are the two methods that go beyond the logical removal of data. Although degaussing alters the magnetic field of the hard drive’s platters, it is not possible to confirm the deletion of the data. Therefore, the physical destruction is the best solution applicable to this scenario.