STUDENTS SUCCESS
Revision Examination Tests
“Come all for this Greatness”
... 100% Correct Ans ...
CISSP OFFICIAL ISC2 PRACTICE TESTS (ALL DOMAINS) ACTUAL EXAM
COMPLETE ASSIGNMENTS 2024-2025
[USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Triangle
Quiz 70. Which letters should be associated with data at rest?
A. A, B, and C
B. C and E
C. A and E
D. B, D, and F
Ans: C. A and E can both be expected to have data at rest. C, the Internet, is an
unknown,
and the data can't be guaranteed to be at rest. B, D, and F are all data in transit
across
network links.
Quiz [USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Triangle
71. What would be the best way to secure data at points B, D, and F?
A. AES256
B. SSL
C. TLS
D. 3DES
Ans: C. B, D, and F all show network links. Of the answers provided, Transport Layer
Security (TLS) provides the best security for data in motion. AES256 and 3DES are
both symmetric ciphers and are more likely to be used for data at rest. SSL has been
replaced with TLS and should not be a preferred solution.
,Quiz [USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Trianlge
72. What is the best way to secure files that are sent from workstation A via the
Internet service (C) to remote server E?
A. Use AES at rest at point A, and TLS in transit via B and D.
B. Encrypt the data files and send them.
C. Use 3DES and TLS to provide double security.
D. Use full disk encryption at A and E, and use SSL at B and D.
Ans: B. Sending a file that is encrypted before it leaves means that exposure of the
file in transit will not result in a confidentiality breach and the file will remain secure
until decrypted at location E. Since answers A, C, and D do not provide any
information about what happens at point C, they should be considered insecure, as
the file may be at rest at point C in an unencrypted form.
Quiz 1. Angela is an information security architect at a bank and has been assigned
to ensure that transactions are secure as they traverse the network. She
recommends that all transactions use TLS. What threat is she most likely attempting
to stop, and what method is she using to protect against it?
A. Man-in-the-middle, VPN
B. Packet injection, encryption
C. Sniffing, encryption
D. Sniffing, TEMPEST
Ans: C. Encryption is often used to protect traffic like bank transactions from sniffing.
While packet injection and man-in-the-middle attacks are possible, they are far less
likely to occur, and if a VPN were used, it would be used to provide encryption.
TEMPEST is a specification for techniques used to prevent spying using
electromagnetic emissions and wouldn't be used to stop attacks at any normal bank.
Quiz 1. During a port scan, Susan discovers a system running services on TCP and
UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely
to find if she connects to the machine?
A. A Linux email server
B. A Windows SQL server
C. A Linux file server
D. A Windows workstation
Ans: B. TCP and UDP ports 137-139 are used for NetBIOS services, whereas 445 is
used for Active Directory. TCP 1433 is the default port for Microsoft SQL, indicating
that this is probably a Windows server providing SQL services.
Quiz 1. Matthew is the security administrator for a consulting firm and must enforce
access controls that restrict users' access based upon their previous activity. For
example, once a consultant accesses data belonging to Acme Cola, a consulting
,client, they may no longer access data belonging to any of Acme's competitors. What
security model best fits Matthew's needs?
A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash
Ans: D. The Brewer-Nash model allows access controls to change dynamically
based upon a user's actions. It is often used in environments like Matthew's to
implement a "Chinese wall" between data belonging to different clients.
Quiz 1. Referring to the figure below, what technology is shown that provides fault
tolerance for the database servers?
A. Failover cluster
B. UPS
C. Tape backup
D. Cold site
Ans: A. The illustration shows an example of a failover cluster, where DB1 and DB2
are both configured as database servers. At any given time, only one will function as
the active database server, while the other remains ready to assume responsibility if
the first one fails. While the environment may use UPS, tape backup, and cold sites
as disaster recovery and business continuity controls, they are not shown in the
diagram.
Quiz 1. What important factor listed below differentiates Frame Relay from X.25?
A. Frame Relay supports multiple PVCs over a single WAN carrier connection.
B. Frame Relay is a cell-switching technology instead of a packet-switching
technology like X.25.
C. Frame Relay does not provide a Committed Information Rate (CIR).
D. Frame Relay only requires a DTE on the provider side.
Ans: A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It
is a packet-switching technology that provides a Committed Information Rate (CIR),
which is a minimum bandwidth guarantee provided by the service provider to
customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with
the DTE providing access to the Frame Relay network, and a provider-supplied
DCE, which transmits the data over the network.
Quiz 1. What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost. Benefit analysis.
Ans: D.
, The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organisation should implement proposed countermeasure(s).
Quiz 1. When designing an object-oriented model, which of the following situations is
ideal?
A. High cohesion, high coupling
B. High cohesion, low coupling
C. Low cohesion, low coupling
D. Low cohesion, high coupling
Ans: B.
Coupling is a description of the level of interaction between objects. Cohesion is the
strength of the relationship between the purposes of methods within the same class.
When you are developing an object-oriented model, it is desirable to have high
cohesion and low coupling.
Quiz 1. Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can access?
A. An access control list
B. An implicit denial list
C. A capability table
D. A rights management matrix
Ans: C. Capability tables list the privileges assigned to subjects and identify the
objects that subjects can access. Access control lists are object-focused rather than
subjectfocused. Implicit deny is a principle that states that anything that is not
explicitly allowed is denied, and a rights management matrix is not an access control
model.
Quiz 10. Callback to a home phone number is an example of what type of factor?
A. Type 1
B. Somewhere you are
C. Type 3
D. Geographic
Ans: B. A callback to a home phone number is an example of a "somewhere you
are" factor. This could potentially be spoofed by call forwarding or using a VoIP
system. Type 1 factors are "something you know," Type 3 factors are biometric, and
geographic factors are typically based on IP addresses or access to a GPS.
Quiz 10. In a response to a Request for Proposal, Susan receives a SAS-70 Type 1
report. If she wants a report that includes operating effectiveness detail, what should
Susan ask for as follow up and why?
A. An SAS-70 Type II, because Type I only covers a single point in time
B. An SOC Type 1, because Type II does not cover operating effectiveness
C. An SOC Type 2, because Type I does not cover operating effectiveness
Revision Examination Tests
“Come all for this Greatness”
... 100% Correct Ans ...
CISSP OFFICIAL ISC2 PRACTICE TESTS (ALL DOMAINS) ACTUAL EXAM
COMPLETE ASSIGNMENTS 2024-2025
[USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Triangle
Quiz 70. Which letters should be associated with data at rest?
A. A, B, and C
B. C and E
C. A and E
D. B, D, and F
Ans: C. A and E can both be expected to have data at rest. C, the Internet, is an
unknown,
and the data can't be guaranteed to be at rest. B, D, and F are all data in transit
across
network links.
Quiz [USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Triangle
71. What would be the best way to secure data at points B, D, and F?
A. AES256
B. SSL
C. TLS
D. 3DES
Ans: C. B, D, and F all show network links. Of the answers provided, Transport Layer
Security (TLS) provides the best security for data in motion. AES256 and 3DES are
both symmetric ciphers and are more likely to be used for data at rest. SSL has been
replaced with TLS and should not be a preferred solution.
,Quiz [USER WORKSTATION -A- COMMUNICATES TO INTERNET -C- VIA -B-
CONNECTS TO SERVER -E- VIA -F- INTERNET AND SERVER COMMUNICATED
VIA -D-] Trianlge
72. What is the best way to secure files that are sent from workstation A via the
Internet service (C) to remote server E?
A. Use AES at rest at point A, and TLS in transit via B and D.
B. Encrypt the data files and send them.
C. Use 3DES and TLS to provide double security.
D. Use full disk encryption at A and E, and use SSL at B and D.
Ans: B. Sending a file that is encrypted before it leaves means that exposure of the
file in transit will not result in a confidentiality breach and the file will remain secure
until decrypted at location E. Since answers A, C, and D do not provide any
information about what happens at point C, they should be considered insecure, as
the file may be at rest at point C in an unencrypted form.
Quiz 1. Angela is an information security architect at a bank and has been assigned
to ensure that transactions are secure as they traverse the network. She
recommends that all transactions use TLS. What threat is she most likely attempting
to stop, and what method is she using to protect against it?
A. Man-in-the-middle, VPN
B. Packet injection, encryption
C. Sniffing, encryption
D. Sniffing, TEMPEST
Ans: C. Encryption is often used to protect traffic like bank transactions from sniffing.
While packet injection and man-in-the-middle attacks are possible, they are far less
likely to occur, and if a VPN were used, it would be used to provide encryption.
TEMPEST is a specification for techniques used to prevent spying using
electromagnetic emissions and wouldn't be used to stop attacks at any normal bank.
Quiz 1. During a port scan, Susan discovers a system running services on TCP and
UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely
to find if she connects to the machine?
A. A Linux email server
B. A Windows SQL server
C. A Linux file server
D. A Windows workstation
Ans: B. TCP and UDP ports 137-139 are used for NetBIOS services, whereas 445 is
used for Active Directory. TCP 1433 is the default port for Microsoft SQL, indicating
that this is probably a Windows server providing SQL services.
Quiz 1. Matthew is the security administrator for a consulting firm and must enforce
access controls that restrict users' access based upon their previous activity. For
example, once a consultant accesses data belonging to Acme Cola, a consulting
,client, they may no longer access data belonging to any of Acme's competitors. What
security model best fits Matthew's needs?
A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash
Ans: D. The Brewer-Nash model allows access controls to change dynamically
based upon a user's actions. It is often used in environments like Matthew's to
implement a "Chinese wall" between data belonging to different clients.
Quiz 1. Referring to the figure below, what technology is shown that provides fault
tolerance for the database servers?
A. Failover cluster
B. UPS
C. Tape backup
D. Cold site
Ans: A. The illustration shows an example of a failover cluster, where DB1 and DB2
are both configured as database servers. At any given time, only one will function as
the active database server, while the other remains ready to assume responsibility if
the first one fails. While the environment may use UPS, tape backup, and cold sites
as disaster recovery and business continuity controls, they are not shown in the
diagram.
Quiz 1. What important factor listed below differentiates Frame Relay from X.25?
A. Frame Relay supports multiple PVCs over a single WAN carrier connection.
B. Frame Relay is a cell-switching technology instead of a packet-switching
technology like X.25.
C. Frame Relay does not provide a Committed Information Rate (CIR).
D. Frame Relay only requires a DTE on the provider side.
Ans: A. Frame Relay supports multiple private virtual circuits (PVCs), unlike X.25. It
is a packet-switching technology that provides a Committed Information Rate (CIR),
which is a minimum bandwidth guarantee provided by the service provider to
customers. Finally, Frame Relay requires a DTE/DCE at each connection point, with
the DTE providing access to the Frame Relay network, and a provider-supplied
DCE, which transmits the data over the network.
Quiz 1. What is the final step of a quantitative risk analysis?
A. Determine asset value.
B. Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost. Benefit analysis.
Ans: D.
, The final step of a quantitative risk analysis is conducting a cost/benefit analysis to
determine whether the organisation should implement proposed countermeasure(s).
Quiz 1. When designing an object-oriented model, which of the following situations is
ideal?
A. High cohesion, high coupling
B. High cohesion, low coupling
C. Low cohesion, low coupling
D. Low cohesion, high coupling
Ans: B.
Coupling is a description of the level of interaction between objects. Cohesion is the
strength of the relationship between the purposes of methods within the same class.
When you are developing an object-oriented model, it is desirable to have high
cohesion and low coupling.
Quiz 1. Which of the following is best described as an access control model that
focuses on subjects and identifies the objects that each subject can access?
A. An access control list
B. An implicit denial list
C. A capability table
D. A rights management matrix
Ans: C. Capability tables list the privileges assigned to subjects and identify the
objects that subjects can access. Access control lists are object-focused rather than
subjectfocused. Implicit deny is a principle that states that anything that is not
explicitly allowed is denied, and a rights management matrix is not an access control
model.
Quiz 10. Callback to a home phone number is an example of what type of factor?
A. Type 1
B. Somewhere you are
C. Type 3
D. Geographic
Ans: B. A callback to a home phone number is an example of a "somewhere you
are" factor. This could potentially be spoofed by call forwarding or using a VoIP
system. Type 1 factors are "something you know," Type 3 factors are biometric, and
geographic factors are typically based on IP addresses or access to a GPS.
Quiz 10. In a response to a Request for Proposal, Susan receives a SAS-70 Type 1
report. If she wants a report that includes operating effectiveness detail, what should
Susan ask for as follow up and why?
A. An SAS-70 Type II, because Type I only covers a single point in time
B. An SOC Type 1, because Type II does not cover operating effectiveness
C. An SOC Type 2, because Type I does not cover operating effectiveness
