CISSP Official ISC2 practice tests (All
domains)
[USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B- CONNECTS TO
SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED VIA -D-] Trianlge
70. Which letters should be associated with data at rest?
A. A, B, and C
B. C and E
C. A and E
D. B, D, and F - correct answer-C. A and E can both be expected to have data at rest. C, the
Internet, is an unknown,
and the data can't be guaranteed to be at rest. B, D, and F are all data in transit across
network links.
[USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B- CONNECTS TO
SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED VIA -D-] Trianlge
71. What would be the best way to secure data at points B, D, and F?
A. AES256
B. SSL
C. TLS
D. 3DES - correct answer-C. B, D, and F all show network links. Of the answers provided,
Transport Layer Security (TLS) provides the best security for data in motion. AES256 and
3DES are both symmetric ciphers and are more likely to be used for data at rest. SSL has
been replaced with TLS and should not be a preferred solution.
[USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B- CONNECTS TO
SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED VIA -D-] Trianlge
72. What is the best way to secure files that are sent from workstation A via the Internet
service (C) to remote server E?
A. Use AES at rest at point A, and TLS in transit via B and D.
B. Encrypt the data files and send them.
C. Use 3DES and TLS to provide double security.
D. Use full disk encryption at A and E, and use SSL at B and D. - correct answer-B. Sending
a file that is encrypted before it leaves means that exposure of the file in transit will not result
in a confidentiality breach and the file will remain secure until decrypted at location E. Since
answers A, C, and D do not provide any information about what happens at point C, they
should be considered insecure, as the file may be at rest at point C in an unencrypted form.
,1. Angela is an information security architect at a bank and has been assigned to ensure that
transactions are secure as they traverse the network. She recommends that all transactions
use TLS. What threat is she most likely attempting to stop, and what method is she using to
protect against it?
A. Man-in-the-middle, VPN
B. Packet injection, encryption
C. Sniffing, encryption
D. Sniffing, TEMPEST - correct answer-C. Encryption is often used to protect traffic like bank
transactions from sniffing.
While packet injection and man-in-the-middle attacks are possible, they are far less likely to
occur, and if a VPN were used, it would be used to provide encryption. TEMPEST is a
specification for techniques used to prevent spying using electromagnetic emissions and
wouldn't be used to stop attacks at any normal bank.
1. During a port scan, Susan discovers a system running services on TCP and UDP 137-139
and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects
to the machine?
A. A Linux email server
B. A Windows SQL server
C. A Linux file server
D. A Windows workstation - correct answer-B. TCP and UDP ports 137-139 are used for
NetBIOS services, whereas 445 is used for Active Directory. TCP 1433 is the default port for
Microsoft SQL, indicating that this is probably a Windows server providing SQL services.
1. Matthew is the security administrator for a consulting firm and must enforce access
controls that restrict users' access based upon their previous activity. For example, once a
consultant accesses data belonging to Acme Cola, a consulting client, they may no longer
access data belonging to any of Acme's competitors. What security model best fits
Matthew's needs?
A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash - correct answer-D. The Brewer-Nash model allows access controls to
change dynamically based upon a user's actions. It is often used in environments like
Matthew's to implement a "Chinese wall" between data belonging to different clients.
1. Referring to the figure below, what technology is shown that provides fault tolerance for
the database servers?
A. Failover cluster
B. UPS
C. Tape backup
D. Cold site - correct answer-A. The illustration shows an example of a failover cluster,
where DB1 and DB2 are both configured as database servers. At any given time, only one
will function as the active database server, while the other remains ready to assume
,responsibility if the first one fails. While the environment may use UPS, tape backup, and
cold sites as disaster recovery and business continuity controls, they are not shown in the
diagram.
1. What important factor listed below differentiates Frame Relay from X.25?
A. Frame Relay supports multiple PVCs over a single WAN carrier connection.
B. Frame Relay is a cell-switching technology instead of a packet-switching technology like
X.25.
C. Frame Relay does not provide a Committed Information Rate (CIR).
D. Frame Relay only requires a DTE on the provider side. - correct answer-A. Frame Relay
supports multiple private virtual circuits (PVCs), unlike X.25. It is a packet-switching
technology that provides a Committed Information Rate (CIR), which is a minimum
bandwidth guarantee provided by the service provider to customers. Finally, Frame Relay
requires a DTE/DCE at each connection point, with the DTE providing access to the Frame
Relay network, and a provider-supplied DCE, which transmits the data over the network.
1. What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost.benefit analysis. - correct answer-D.
The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organisation should implement proposed countermeasure(s).
1. When designing an object-oriented model, which of the following situations is ideal?
A. High cohesion, high coupling
B. High cohesion, low coupling
C. Low cohesion, low coupling
D. Low cohesion, high coupling - correct answer-B.
Coupling is a description of the level of interaction between objects. Cohesion is the strength
of the relationship between the purposes of methods within the same class.
When you are developing an object-oriented model, it is desirable to have high
cohesion and low coupling.
1. Which of the following is best described as an access control model that focuses on
subjects and identifies the objects that each subject can access?
A. An access control list
B. An implicit denial list
C. A capability table
D. A rights management matrix - correct answer-C. Capability tables list the privileges
assigned to subjects and identify the objects that subjects can access. Access control lists
are object-focused rather than subjectfocused. Implicit deny is a principle that states that
anything that is not explicitly allowed is denied, and a rights management matrix is not an
access control model.
, 10. Callback to a home phone number is an example of what type of factor?
A. Type 1
B. Somewhere you are
C. Type 3
D. Geographic - correct answer-B. A callback to a home phone number is an example of a
"somewhere you are" factor. This could potentially be spoofed by call forwarding or using a
VoIP system. Type 1 factors are "something you know," Type 3 factors are biometric, and
geographic factors are typically based on IP addresses or access to a GPS.
10. In a response to a Request for Proposal, Susan receives a SAS-70 Type 1 report. If she
wants a report that includes operating effectiveness detail, what should Susan ask for as
follow up and why?
A. An SAS-70 Type II, because Type I only covers a single point in time
B. An SOC Type 1, because Type II does not cover operating effectiveness
C. An SOC Type 2, because Type I does not cover operating effectiveness
D. An SAC-70 type 3, because Types 1 and 2 are outdated and no longer accepted - correct
answer-C. Service Organization Control (SOC) reports replaced SAS-70 reports in 2010. A
Type 1 report only covers a point in time, so Susan needs an SOC Type 2 report to have the
information she requires to make a design and operating effectiveness decision based on
the report.
10. In the diagram shown here, which is an example of a method?
A. Account
B. Owner
C. AddFunds
D. None of the above - correct answer-C.
In the diagram, Account is the name of the class. Owner and Balance are attributes of
that class. AddFunds and RemoveFunds are methods of the class.
10. Jim would like to identify compromised systems on his network that may be participating
in a botnet. He plans to do this by watching for connections made to known
command-and-control servers. Which one of the following techniques would be most likely to
provide this information if Jim has access to a list of known servers?
A. Netflow records
B. IDS logs
C. Authentication logs
D. RFC logs - correct answer-A. Netflow records contain an entry for every network
communication session that took place on a network and can be compared to a list of known
malicious hosts. IDS logs may contain a relevant record but it is less likely because they
would only create log entries if the traffic triggers the IDS, as opposed to netflow records,
which encompass all communications. Authentication logs and RFC logs would not have
records of any network traffic.