CISSP - Exam questions to study/review 2023

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities? a) Privacy act b) Forth Amendment c) Second Amendment d) Gramm-Leach-Bliley act - Answer- b) Fourth Amendment Which component of the CIA triad has the most avenue or vectors of attacks and compromise? - Answer- Availability During the de-encapsulation procedure the _______________________ layer strips out its information and sends the message to the network layer - Answer- Data link which of the following is not a feature of packet switching? a) Bursty traffic b) Fixed known delays c) Sensitive to data loss d) Supports any type of traffic - Answer- b) Fixed know delays. Packet switching has unknown traffic delays. Circuit switching has fixed known delays Data objects and their names in the OSI model - Answer- Datalink layer: frame Network layer: datagram or packet Transport layer: segment Session, Presentation and Application: PDU (Protocol Data Unit) Which of the following is not a required component of a digital cerificate? a) serial number b) validity period c) receiver's name d) X.509 version - Answer- c) receiver's name What regulation formalizes the prudent man rule that requires senior executive to take personal responsibility for their actions? a) CFAA b) Federal Sentencing Guidelines c) GLBA d) Sarbanes-Oxley - Answer- b) Federal Sentencing Guidelines GLBA - Gramm-Leach-Bliley Act = financial institutions and privacy CFAA - Computer Fraude and Abuse Act What is the foundation of user and personnel security? a) Background checks b) Job descriptions c) Auditing and monitoring d) Discretionary access control - Answer- b) Job descriptions Which of the following provides the best protection against the loss of confidentiality for sensitive data: a) Data labels b) Data classification c) Data handling d) Data degaussing methods - Answer- b) Data classification Data labels and proper data handling depend on data being classified correctly first. WHich of the following is the type of antivirus response function that removes malicious code but leave the damage unrepaired a) cleaning b) removal c) stealth d) polymorphism - Answer- b) (virus) removal cleaning removes the virus and repairs the damage Which of the following is not a typical security concern with VOIP? a) VLAN hopping b) Caller ID falsification c) Vishing d) SPIT - Answer- VLAN hopping is not associated with VOIP, but a switch security issue. SPIT = Spam over Internet Telephony Which VPN protocol should not be used as the sole encapsulation mechanism if there is a dial-up mechanism present between the host and the link end-point? a) L2F b) PPTP c) IPSEC d) L2TP - Answer- IPSec is not designed to operate naked over a dial-up segment. It should be encapsulated with L2TP for example A tunnel mode VPN is used to connect which types of systems? a) Hosts and servers b) Clients and terminals c) Hosts and networks d) Servers and domain controllers - Answer- c) Hosts and networks Tunnel mode VPNs are used to connect Networks to Networks and Hosts to Networks Transport mode VPN is used to connect Hosts to Hosts. Host, server, client, terminal and domain controller are all synonyms in this context UDP: a) bits b) logical addressing c) data reformatting d) simplex - Answer- UDP is a simplex protocol at the Transport layer UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the header and payload. Abnormal or unauthorized activities detectable by IDS (select all that apply) a) External connection attempts b) Execution of malicious code c) Access to controlled object d) none of the above - Answer- a, b and c The question does not specify NIDS (network IDS) nor HIDS (Host ISD). Therefore assume both types. WiFi technique using a form of serial communication: a) Spread Spectrum b) FHSS c) DSSS d) OFDM - Answer- b) FHSS (Frequency Hopping Spread Spectrum) is an early implementation of frequency spread spectrum. Instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use. Direct Sequence Spread Spectrum (DSSS) employs all the available frequencies simultaneously in parallel Orthogonal frequency-division multiplexing (OFDM) sends data in multiple streams at the same time Cryptography: What term defines when the same text encrypted by different keys produces the same cyphertext? (Same plaintext -> 2 different keys -> Same cyphertext) - Answer- Clustering (aka key clustering) in cryptography Cryptography: Different text -> same hashing function -> same hashes - Answer- Collition Internet protocol all public emails comply with: a) IEEE 802.11 b) X.400 c) X.509 d) LDAP - Answer- b) X.400 IEEE 802.11 -> Wifi X.509 -> Digital certificates LDAP (Lightweight Directory Access Protocol) -> Directory information services protocol (i.e. name resolution, users database, domain controller DB, etc.) It is a cell-switching technology instead of packet-switching one: a) ISDN b) Frame Relay c) SMDS d) ATM - Answer- d) ATM is a cell-switching technology SMDS: Switched Multi-megabit Data Service. Frame Relay and ISDN are also packet switching services Which of the following algorithms/protocols provide inherent support for non-repudiation? a) HMAC b) DSA c) MD5 d) SHA1 - Answer- b) DSA (Digital Signature Algorithm) The Hashed Message Authentication Code (HMAC) algorithm implements a partial digital signature— it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation. MD5 and SHA are hashing (message digest) algorithms that provide integrity assurance. Evidence Standards for Civil Investigation and Criminal investigation - Answer- Civil Investigation -> Preponderance of the evidence Criminal Investigation -> Beyond a reasonable doubt Min # of keys for 3DES - Answer- Two 3DES uses 2 or 3 keys Boolean operators (symbols): - Answer- ! or ~ -> NOT ^ or & -> AND (^ looks like "A") V or || -> OR o -> NOR What protocol manage the security associations used by IPSec? a) ISAKMP b) SKIP c) IPCOMP d) SSL - Answer- a) ISAKMP (Internet Security Association and Key Management Protocol) ISAKMP provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations. Identification is the first step towards what ultimate goal? a) Accountability b) Authorization c) Auditing d) non-repudiation - Answer- a) Accountability is the ultimate goal of a process started by Identification STRIDE - Answer- Spoofing Tempering Repudiation Information disclosure Denial of service Elevation of privilege What element of data categorization management can override all other forms of data management control? a) Classification b) Physical access c) Custodian responsibilities d) Taking ownership - Answer- d) Taking ownership. It overrides controls and gives full access and control of the object Which of the following is the most distinctive concept in relation to layered security? a) Multiple b) Series c) Parallel d) Filter - Answer- b) Series. Layered security implies multiple layers and security controls in a series faction: one control after the other and if one control fails the overall security is not compromised What is the primary objective of data classification schemes? a) To control access to objects by authorized subjects b) To formalize and stratify the process of securing data based on assigning labels of importance and sensitivity c) To establish an transaction trail for auditing accountability d) To manipulate access control to provide for the most efficient mean to grant or restrict functionality - Answer- b) To formalize and stratify the process of securing data on assigning labels of importance and sensitivity. note that a) mainly refers to access control Military labels of data classification - Answer- Top Secret Secret Confidential Sensitive but unclassified Unclassified Note that Top Secret, Secret and Confidential are known as "Classified Information" in Military or Governmental organizations Commercial/Business Organization:s labels of data classification - Answer- Confidential (or Private for PII) Sensitive (or Internal) Public Breaches vs. Threat events - Answer- A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. Threat events are accidental and intentional exploitations of vulnerabilities. They can also be natural or manmade. Threat events include fire, earthquake, flood, system failure, human error (due to a lack of training or ignorance), and power outage. When a safeguard or countermeasure is non existent or inefficient, what remains? a) Vulnerability b) Risk c) Exposure d) Penetration - Answer- a) Vulnerability Vulnerability is the absence or weakness of a safeguard or countermeasure Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. It is an assessment of probability, possibility, or chance. Exposure is being susceptible to asset loss because of a threat; Vulnerability vs. Exposure - Answer- Vulnerability is the absence or weakness of a safeguard or countermeasure. Exposure is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event. What security control is directly focused on preventing collusion? a) Principle of least privilege b) Job rotation c) Separation of duties d) Qualitative risk analysis - Answer- c) Job rotation Separation of duties and Least privilege do not PREVENT collusion. In fact by giving people less privileges and by separating and limiting their duties people are required to collude if they want to commit any wrongdoing. That does not mean they should not be implemented, but collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used. Else there would be no need to collude if people have too much permission and have privileges to all of the data or system. Separation of duties prevents fraud. The principle of least privilege prevents unauthorized access to protected or sensitive objects and information. Notice that the likelihood that a co-worker will be willing to collaborate in a illegal or abusive activity is reduced because of the higher risk of detection created by the combination of separation of duties, reduced job responsibilities and job rotation You've performed a risk analysis and implemented a countermeasure. When evaluating the risk after the implementation, which of the following would be reduced? a) Exposure factor (EF) b) Single loss expectancy (SLE) c) Asset value d) Annualized Rate of Occurrence (ARO) - Answer- d) Annualized Rate of Occurrence The EF is the % of the asset's value that is lost if the vulnerability is exploited. If the vulnerability is exploited after the implementation of the countermeasure the loss would be the same (think if the countermeasure would not work). Therefore the EF would be the same and its SLE. A safeguard changes the ARO. In fact, the whole point of a safeguard is to reduce the ARO. In other words, a safeguard should reduce the number of times an attack is successful in causing damage to an asset. What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the Business Impact Assessment? a) Monetary b) Utility c) Importance d) Time - Answer- a) Monetary "Importance" is a qualitative metric *BCP Overview* 4 main steps: *1) Project scope and planning* *2) Business impact assessment* *3) Continuity planning