CISSP All-in-One Exam Guide Part 4 - 6
Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3?
A. Data link, session, application, transport, and network
Which of the following is true of management reviews? A. They happen periodically and include results of audits as a key input. B. They happen in an ad hoc manner as the needs of the organization dictate. C. They are normally conducted by mid-level managers, but their reports are presented to the key business leaders. D. They are focused on assessing the management of the information systems.
A. Management reviews work best when they are regularly scheduled events involving the key organizational leaders, because this allows the subordinate leaders to plan and conduct the assessments, such as audits that provide inputs to the review.
Which item is not part of a Kerberos authentication implementation? A. Message authentication code B. Ticket granting service C. Authentication service D. Users, applications, and services
A. Message authentication code (MAC) is a cryptographic function and is not a key component of Kerberos. Kerberos is made up of a Key Distribution Center (KDC), a realm of principals (users, applications, services), an authentication service, tickets, and a ticket granting service.
Which of the following is an assessment that affords the auditor detailed knowledge of the system's architecture before conducting the test? A. White box testing B. Gray box testing C. Black box testing D. Zero knowledge testing
A. White box testing gives the tester detailed information about the internal workings of the system under study. Gray box testing provides some information, so it is not the best answer to this question.
How is a challenge/response protocol utilized with token device implementations? A. This type of protocol is not used; cryptography is used. B. An authentication service generates a challenge, and the smart token generates a response based on the challenge. C. The token challenges the user for a username and password. D. The token challenges the user's password against a database of stored credentials.
B. An asynchronous token device is based on challenge/response mechanisms. The authentication service sends the user a challenge value, which the user enters into the token. The token encrypts or hashes this value, and the user uses this as her one-time password.
Which of the following is not a characteristic of Li-Fi networks? A. Support for high client densities B. High latency C. Constrained coverage area D. Can work on the infrared spectrum
B. Latency is the delay in data transfers, which is extremely low in Li-Fi networks.
Alice wants to send a message to Bob, who is several network hops away from her. What is the best approach to protecting the confidentiality of the message? A. PPTP B. S/MIME C. Link encryption D. SSH
B. Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions using public key infrastructure (PKI).
During a recent review of your enterprise architecture, you realize that many of your mission-critical systems rely on Remote Procedure Call (RPC). What measures should you take to ensure remote procedure calls are secured? A. Implement ITU standard H.323 B. Tunnel RPC through Transport Layer Security (TLS) C. Use the Password Authentication Protocol (PAP) for authentication D. Enforce client-side authentication
B. Since many implementations of RPC lack security controls, many organizations require TLS for authenticating hosts and encrypting RPC traffic.
Which technology would best provide confidentiality to a RESTful web service? A. Web Services Security (WS-Security) B. Transport Layer Security (TLS) C. HTTP Secure (HTTPS) D. Simple Object Access Protocol (SOAP)
C. Either TLS or HTTPS would be a correct answer, but since web services in general and RESTful ones in particular require HTTP, HTTPS is the best choice. Keep in mind that you are likely to come across similar questions where multiple answers are correct but only one is best. SOAP is an alternative way to deliver web services and uses WS-Security for confidentiality.
Choose the term that describes an audit performed to demonstrate that an organization is complying with its contractual obligations to another organization. A. Internal audit B. Third-party audit C. External audit D. Compliance audit
C. External audits are used to ensure that contractors are meeting their contractual obligations, so that is the best answer. A compliance audit would apply to regulatory or industry standards and would almost certainly be a thirdparty audit, which makes answer D a poor fit in most cases.
Which of the following is not a disadvantage of satellite networks compared to terrestrial ones? A. Latency B. Cost C. Bandwidth D. Video conferencing
C. If you have the budget for it, data rates on satellite networks are comparable with other modes of communication. These systems, however, are typically more expensive and have high latencies, which means they are not well suited for time-sensitive applications, such as voice and video conferencing.
Interface testing could involve which of the following? A. The application programming interface (API) B. The graphical user interface (GUI) C. Both of the above D. None of the above
C. Interface testing covers the exchange points within different components of the system. The API is the exchange point between the system and the libraries it leverages, while the GUI is the exchange point between the system and the users. Testing either of these would constitute an interface test.
What is a key performance indicator (KPI)? A. A value for a factor that denotes that some condition is met B. The result of comparing multiple measurements C. A significant indicator that shows the performance of an ISMS D. A quantitative observation of a factor of an ISMS at a point in time
C. Key performance indicators (KPIs) are indicators that are particularly significant in showing the performance of an ISMS compared to its stated goals. Because every KPI is a metric, answer B (the partial definition of a metric) would also be correct but would not be
You are planning an upgrade for the wireless network at one of your manufacturing sites and want to use this as an opportunity to improve network security. The current system is based on 10-year-old wireless access points (WAPs) that implement 802.11g. You're using WPA2 in Personal mode because you have multiple Industrial Internet of Things (IIoT) devices. You can update the firmware on the WAPs, but you really think it's time for an upgrade. What is the best technology to which you should consider upgrading? A. IEEE 802.16 B. IEEE 802.11w C. IEEE 802.11f D. IEEE 802.11ax
D. 802.11ax is the only standard describing a WLAN among the list of options. 802.16 is used in metropolitan area networks (MANs). 802.11w covers Management Frame Protection (MFP) in wireless networks. 802.11f deals with users roaming among access points.
What does the IEEE 802.1X standard cover? A. A Management Frame Protection (MFP) that prevents replay and denial-ofservice (DoS) attacks B. Wi-Fi Protected Access 2 (WPA2) C. Security extensions to the physical layer (PHY) and Media Access Control (MAC) sublayer of the data link layer in the OSI model D. An access control protocol for user authentication and key distribution
D. 802.1X is an access control protocol that can be implemented on both wired and wireless networks for user authentication and key distribution. MFP is covered in 802.11w, WPA2 is covered in 802.11i, and the other option (security extensions) was a distracter.
In discretionary access control security, who has delegation authority to grant access to data? A. User B. Security officer C. Security policy D. Owner
D. Although user might seem to be the correct choice, only the data owner can decide who can access the resources she owns. She may or may not be a user. A user is not necessarily the owner of the resource. Only the actual owner of the resource can dictate what subjects can actually access the resource.
Which of the following would not be considered an endpoint? A. Point of sale (POS) terminal B. Industrial control system (ICS) C. Internet of Things (IoT) device D. Multiprotocol Label Switching (MPLS) system
D. An endpoint is any computing device that communicates through a network and whose principal function is not to mediate communications for other devices on that network. MPLS functionality is built into networking devices to help them move packets between endpoints more efficiently.
What problem is inevitable as the length of a cable run increases? A. Thermal noise B. Line noise C. Crosstalk D. Attenuation
D. Attenuation is the loss of signal strength as it travels. Regardless of which type of cabling is used, attenuation is inevitable given a long enough distance, which is why repeaters were invented.
Which of the following is true about vulnerability remediation after an organizational security assessment? A. All vulnerabilities uncovered must be remediated as soon as possible. B. It entails applying patches to all vulnerable software systems. C. Properly done, it should never impact the business. D. It requires the support of everyone from the very top of the organization.
D. Because most remediations will have some impact on the business, they require the support of everyone. This is particularly true of organizational (as opposed to system-specific) assessments because not all vulnerabilities will involve just a software patch.
Which standard specifically addresses issues in network access control? A. IEEE 802.1Q B. IEEE 802.1aq C. IEEE 802.AE D. IEEE 802.1X
D. The 802.1X protocol allows devices to connect in a very limited manner (i.e., only to the network authenticator) until the device and/or user can be authenticated. The other standards listed all pertain to layer 2 bridging and security.
1. Which of the following protocols is considered connection-oriented?
TCP
Which of the following is not considered a best practice for securing multimedia collaboration platforms? A. Don't record meetings unless necessary B. Use consumer-grade products C. Use AES 256-bit encryption D. Restrict participants' sharing of their screens or cameras as appropriate
B. Consumer-grade products almost always lack the security controls and management features that we need to properly secure multimedia collaboration platforms.
Which approach provides the best protection against e-mail spoofing? A. Internet Message Access Protocol (IMAP) B. Domain-based Message Authentication, Reporting and Conformance (DMARC) C. Sender Policy Framework (SPF) D. DomainKeys Identified Mail (DKIM)
B. Domain-based Message Authentication, Reporting and Conformance (DMARC) systems incorporate both SPF and DKIM to protect e-mail. IMAP does not have any built-in protections against e-mail spoofing.
All of the following are normally legitimate reasons to suspend rather than delete user accounts except A. Regulatory compliance B. Protection of the user's privacy C. Investigation of a subsequently discovered event D. Data retention policy
B. If the organization was intentionally attempting to protect the privacy of its user, suspension of the account would be a poor privacy measure compared to outright deletion.
Suppose you work at a large cloud service provider that has thousands of customers around the world. What technology would best support segmentation of your customers' environments? A. Virtual local area network (VLAN) B. Virtual eXtensible Local Area Network (VxLAN) C. Software-defined wide area networking (SD-WAN) D. Layer 2 Tunneling Protocol (L2TP)
B. Since there are thousands of customers to support, VxLAN is the best choice because it can support over 16 million subnetworks. Traditional VLANs are capped at just over 4,000 subnetworks, which would not be able to provide more than a few segments to each customer.
An assessment whose goal is to assess the susceptibility of an organization to social engineering attacks is best classified as A. Physical testing B. Personnel testing C. Vulnerability testing D. Network testing
B. Social engineering is focused on people, so personnel testing is the best answer.
Which of the following is not part of user provisioning? A. Creation and deactivation of user accounts B. Business process implementation C. Maintenance and deactivation of user objects and attributes D. Delegating user administration
B. User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. User provisioning software may include one or more of the following components: change propagation, self-service workflow, consolidated user administration, delegated user administration, and federated change control. User objects may represent employees, contractors, vendors, partners, customers, or other recipients of a service. Services may include e-mail, access to a database, access to a file server or mainframe, and so on.
Which of the following can take place if an attacker is able to insert tagging values into network- and switch-based protocols with the goal of manipulating traffic at the data link layer? A. Open relay manipulation B. VLAN hopping attack C. Hypervisor denial-of-service attack D. DNS tunneling
B. VLAN hopping attacks allow attackers to gain access to traffic in various VLAN segments. An attacker can have a system act as though it is a switch. The system understands the tagging values being used in the network and the trunking protocols and can insert itself between other VLAN devices and gain access to the traffic going back and forth. Attackers can also insert tagging values to manipulate the control of traffic at this data link layer.
Vulnerability scans normally involve all the following except A. The identification of active hosts on the network B. The identification of malware on all hosts C. The identification of misconfigured settings D. The identification of operating systems
B. Vulnerability testing does not normally include scanning hosts for malware. Instead, it focuses on finding flaws that malware could potentially exploit.
You are planning an upgrade for the wireless network at one of your manufacturing sites and want to use this as an opportunity to improve network security. The current system is based on 10-year-old wireless access points (WAPs) that implement 802.11g. You're using WPA2 in Personal mode because you have multiple Industrial Internet of Things (IIoT) devices. You can update the firmware on the WAPs, but you really think it's time for an upgrade. The existing wireless network has recently become unusable, and you suspect you may be the target of a persistent Wi-Fi deauthentication attack. How can you best mitigate this threat? A. Deploy WPA3 access points across the facility B. Perform MAC address filtering to keep the rogue stations off the network C. Immediately update the firmware on the access points to support 802.11w D. Change the channel used by the WAPs
C. 802.11w provides Management Frame Protection (MFP) capabilities that would mitigate this type of attack. This is included in WPA3, so either answer would generally work. However, it is probably faster, cheaper, and safer to roll out 802.11w upgrades first, which would likely have no negative effects on the networks, while research and planning continue on how to best implement a WPA3 solution across the enterprise. This is a good example of the types of ambiguous questions you'll see on the CISSP exam.
Systems that are built on the OSI model are considered open systems. What does this mean? A. They do not have authentication mechanisms configured by default. B. They have interoperability issues. C. They are built with internationally accepted protocols and standards so they can easily communicate with other systems. D. They are built with international protocols and standards so they can choose what types of systems they will communicate with.
C. An open system is a system that has been developed based on standardized protocols and interfaces. Following these standards allows the systems to interoperate more effectively with other systems that follow the same standards.
Which of the following is true of asynchronous transmission signals? A. Used for high-speed, high-volume transmissions B. Robust error checking C. Used for irregular transmission patterns D. More complex, costly implementation
C. Asynchronous communications are typically used when data transfers happen at lower volumes and with unpredictable intervals. All other answers describe synchronous signaling, which is best suited for regular, high-volume traffic.
What role does biometrics play in access control? A. Authorization B. Authenticity C. Authentication D. Accountability
C. Biometrics is a technology that validates an individual's identity by reading a physical attribute. In some cases, biometrics can be used for identification, but that was not listed as an answer choice.
Which of the following issues would be likeliest to cause problems in a cable tray where large numbers of cables run in parallel and close proximity? A. Thermal noise B. Line noise C. Crosstalk D. Attenuation
C. Crosstalk is a phenomenon that occurs when electrical signals of one wire spill over to the signals of another wire. The more cables you have in close proximity, the worse this issue can be unless you use shielded cables.
What is the term for the maximum amount of data that actually traverses a given network link? A. Latency B. Bandwidth C. Throughput D. Maximum transmission unit (MTU)
C. Data throughput is the actual amount of data that can be carried over a real link. Bandwidth, on the other hand, is the amount of information that can theoretically be transmitted over a link within a second.
Which of the following protocols work in the following layers: application, data link, network, and transport? A. FTP, ARP, TCP, and UDP B. FTP, ICMP, IP, and UDP C. TFTP, ARP, IP, and UDP D. TFTP, RARP, IP, and ICMP
C. Different protocols have different functionalities. The OSI model is an attempt to describe conceptually where these different functionalities take place in a networking stack. The model attempts to draw boxes around reality to help people better understand the stack. Each layer has a specific functionality and has several different protocols that can live at that layer and carry out that specific functionality. These listed protocols work at these associated layers: TFTP (application), ARP (data link), IP (network), and UDP (transport).
The graphic shown here illustrates how which of the following works? A. Rainbow tables B. Dictionary attack C. One-time password D. Strong authentication
C. Different types of one-time passwords are used for authentication. This graphic illustrates a synchronous token device, which synchronizes with the authentication service by using time or a counter as the core piece of the authentication process.
Which of the following protections are provided by Domain Name System Security Extensions (DNSSEC)? A. Confidentiality and integrity B. Integrity and availability C. Integrity and authentication D. Confidentiality and authentication
C. Domain Name System Security Extensions (DNSSEC) is a set of IETF standards that ensures the integrity and authenticity of DNS records but not their confidentiality or availability.
You are the CISO of a research and development company that is transitioning to a 100 percent remote workforce, so your entire staff will be working from home. You don't have enough laptops for all your staff, so those without one will be using their personal computers and printers for work. Your VPN concentrators are sufficient to support the entire workforce, and you will be requiring all staff members to connect to the VPN. Which authentication protocol would be best for your VPN connections? A. Password Authentication Protocol (PAP) B. Challenge Handshake Authentication Protocol (CHAP) C. Extensible Authentication Protocol (EAP) D. Session Initiation Protocol (SIP)
C. EAP is considered much more secure than both PAP (which is not secure at all) and CHAP. SIP does not provide authentication mechanisms at all.
Which of the following is true about key risk indicators (KRIs)? A. They tell managers where an organization stands with regard to its goals. B. They are inputs to the calculation of single loss expectancy (SLE). C. They tell managers where an organization stands with regard to its risk appetite. D. They represent an interpretation of one or more metrics that describes the effectiveness of the ISMS.
C. Key risk indicators (KRIs) allow managers to understand when specific activities of the organization are moving it toward a higher level of risk. They are useful to understanding changes and managing the overall risk.
Which of the following statements correctly describes the use of passwords for authentication? A. They are the least expensive and most secure. B. They are the most expensive and least secure. C. They are the least expensive and least secure. D. They are the most expensive and most secure.
C. Passwords provide the least amount of protection, but are the cheapest because they do not require extra readers (as with smart cards and memory cards), do not require devices (as do biometrics), and do not require a lot of overhead in processing (as in cryptography). Passwords are the most common type of authentication method used today.
Which of the following is not a characteristic of the IEEE 802.11a standard? A. It works in the 5-GHz range. B. It uses the OFDM spread-spectrum technology. C. It provides 52 Mbps in bandwidth. D. It covers a smaller distance than 802.11b.
C. The IEEE standard 802.11a uses the OFDM spread-spectrum technology, works in the 5-GHz frequency band, and provides bandwidth of up to 54 Mbps. The operating range is smaller because it works at a higher frequency.
What takes place at the data link layer? A. End-to-end connection B. Dialog control C. Framing D. Data syntax
C. The data link layer, in most cases, is the only layer that understands the environment in which the system is working, whether it be Ethernet, Token Ring, wireless, or a connection to a WAN link. This layer adds the necessary headers and trailers to the frame. Other systems on the same type of network using the same technology understand only the specific header and trailer format used in their data link technology.
Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. Which of the following best describes the types of languages and/or protocols that Harry needs to ensure are implemented? A. Security Assertion Markup Language, Extensible Access Control Markup Language, Service Provisioning Markup Language B. Service Provisioning Markup Language, Simple Object Access Protocol, Extensible Access Control Markup Language C. Extensible Access Control Markup Language, Security Assertion Markup Language, Simple Object Access Protocol D. Service Provisioning Markup Language, Security Association Markup Language
C. The most appropriate languages and protocols for the purpose laid out in the scenario are Extensible Access Control Markup Language, Security Assertion Markup Language, and Simple Object Access Protocol. Harry's group is not necessarily overseeing account provisioning, so the Service Provisioning Markup Language is not necessary, and there is no language called "Security Association Markup Language."
Internal audits are the preferred approach when which of the following is true? A. The organization lacks the organic expertise to conduct them. B. Regulatory requirements dictate the use of a third-party auditor. C. The budget for security testing is limited or nonexistent. D. There is concern over the spillage of proprietary or confidential information.
C. Third-party auditors are almost always fairly expensive, so if the organization's budget does not support their use, it may be necessary to use internal assets to conduct the audit.
Security event logs can best be protected from tampering by which of the following? A. Encrypting the contents using asymmetric key encryption B. Ensuring every user has administrative rights on their own workstations C. Using remote logging over simplex communications media D. Storing the event logs on DVD-RW
C. Using a remote logging host raises the bar for attackers because if they are able to compromise one host, they would have to compromise the remote logger in order to tamper with the logs. The use of a simplex channel further hinders the attackers.
You are the CISO of a research and development company that is transitioning to a 100 percent remote workforce, so your entire staff will be working from home. You don't have enough laptops for all your staff, so those without one will be using their personal computers and printers for work. Your VPN concentrators are sufficient to support the entire workforce, and you will be requiring all staff members to connect to the VPN. Which of the following will best protect the confidentiality of your sensitive research data? A. Secure Shell (SSH) B. Virtualized networks C. Virtual desktop infrastructure (VDI) D. Remote Procedure Calls (RPC)
C. VDI allows your sensitive data to remain in your protected network even as users are able to work with it over a virtual desktop. Properly configured, this infrastructure prevents any sensitive research data from being stored on the remote user's computer.
Which of the following is not an advantage of virtual desktops? A. Reduced user downtime during incident response B. Support for both persistent and nonpersistent sessions C. Support for both physical and remote logins D. Better implementation of data retention standards
C. VDI is particularly helpful in regulated environments because of the ease with which it supports data retention, configuration management, and incident response through persistent and nonpersistent sessions. However, since VDI relies on VMs in a data center, there is not a computer at which a user could physically log in.
Which of the following best describes what role-based access control offers organizations in terms of reducing administrative burdens? A. It allows entities closer to the resources to make decisions about who can and cannot access resources. B. It provides a centralized approach for access control, which frees up department managers. C. User membership in roles can be easily revoked and new ones established as job assignments dictate. D. It enforces enterprise-wide security policies, standards, and guidelines.
C. With role-based access control, an administrator does not need to revoke and reassign permissions to individual users as they change jobs. Instead, the administrator assigns permissions and rights to a role, and users are plugged into those roles.
Which of the following provides an incorrect definition of the specific component or protocol that makes up IPSec? A. Authentication Header protocol provides data integrity, data origin authentication, and protection from replay attacks. B. Encapsulating Security Payload protocol provides confidentiality, data origin authentication, and data integrity. C. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange. D. Internet Key Exchange provides authenticated keying material for use with encryption algorithms.
D. Authentication Header protocol provides data integrity, data origin authentication, and protection from replay attacks. Encapsulating Security Payload protocol provides confidentiality, data origin authentication, and data integrity. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange. Internet Key Exchange provides authenticated keying material for use with ISAKMP.
Which of the following is a Bluetooth-specific attack that allows unauthorized read/write access from a wireless device? A. Bluejacking B. Replay attack C. Smurf attack D. Bluesnarfing
D. Bluesnarfing could allow an attacker to read, modify, or delete calendar events, contacts, e-mails, text messages, and so on. Bluejacking is the only other Bluetooth attack option, but this refers to someone sending an unsolicited message to a device.
What type of cabling would you use if you needed inexpensive networking in an environment prone to electromagnetic interference? A. Fiber-optic B. Unshielded twisted pair (UTP) C. Plenum D. Coaxial
D. Coaxial cable has a copper core that is surrounded by a shielding layer and grounding wire, which makes it more resistant to electromagnetic interference (EMI). It is significantly cheaper than fiber-optic cable, which is the other EMI-resistant answer listed, while still allowing higher bandwidths.
Which of the following statements correctly describes biometric methods of authentication? A. They are the least expensive and provide the most protection. B. They are the most expensive and provide the least protection. C. They are the least expensive and provide the least protection. D. They are the most expensive and provide the most protection.
D. Compared with the other available authentication mechanisms, biometric methods provide the highest level of protection and are the most expensive.
Which of the following is a multilayer protocol developed for use in supervisory control and data acquisition (SCADA) systems? A. Controller Area Network (CAN) bus B. Simple Authentication and Security Layer (SASL) C. Control Plane Protocol (CPP) D. Distributed Network Protocol 3 (DNP3)
D. DNP3 is a multilayer communications protocol designed for use in SCADA systems, particularly those within the power sector.
Code reviews include all of the following except A. Ensuring the code conforms to applicable coding standards B. Discussing bugs, design issues, and anything else that comes up about the code C. Agreeing on a "disposition" for the code D. Fuzzing the code
D. Fuzzing is a technique for detecting flaws in the code by bombarding it with massive amounts of random data. This is not part of a code review, which focuses on analyzing the source code, not its response to random data.
You are planning an upgrade for the wireless network at one of your manufacturing sites and want to use this as an opportunity to improve network security. The current system is based on 10-year-old wireless access points (WAPs) that implement 802.11g. You're using WPA2 in Personal mode because you have multiple Industrial Internet of Things (IIoT) devices. You can update the firmware on the WAPs, but you really think it's time for an upgrade. What could make it harder for you to switch from WPA2 Personal mode to Enterprise mode? A. Enterprise mode requires licenses that can be costly. B. The WAPs may not support Enterprise mode. C. IIoT devices may not support Enterprise mode. D. The return on investment is insufficient.
D. If a WAP supports WPA2, it would do so in either Personal or Enterprise mode as long as it can be connected to the needed backend services (e.g., a RADIUS server), with no need for additional licensing. Thus, the change would not typically be expected to have ROI issues. However, many embedded devices, including IIoT, do not support this mode and would have to be replaced.
When assessing the performance of your organization during a disaster recovery drill, which is the highest priority? A. Safeguarding sensitive assets B. Notifying the appropriate authorities C. Preventing looting and vandalism D. Protection of life
D. In any situation where loss or harm to human lives is a possible outcome, protection of life is the top priority. The other options are all part of a disaster recovery process, but are never the top priority.
What is a technology that allows a user to remember just one password? A. Password generation B. Password dictionaries C. Password rainbow tables D. Password synchronization
D. Password synchronization technologies can allow a user to maintain just one password across multiple systems. The product synchronizes the password to other systems and applications, which happens transparently to the user.
Which of the following is true about the Session Initiation Protocol (SIP)? A. Used to establish virtual private network (VPN) sessions B. Framework for authenticating network connections C. Session layer protocol for out-of-band statistics D. Application layer protocol used in online gaming communications
D. SIP is an application layer protocol used for call setup and teardown in IP telephony, video and multimedia conferencing, instant messaging, and online gaming.
How could you best protect a unified communications (UC) platform? A. Protect it as you would any other systems B. Enable Password Authentication Protocol (PAP) C. Use the Session Initiation Protocol (SIP) for every new session D. Ensure the hub is protected against physical and logical threats
D. Securing UC involves similar security controls that we would apply to any other communications platform, but with a couple of important caveats. Unified communications rely on a central hub that integrates, coordinates, and synchronizes the various technologies. You want to ensure that this hub is adequately protected against physical and logical threats.
Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. The company's partners need to integrate compatible authentication functionality into their web portals to allow for interoperability across the different company boundaries. Which of the following will deal with this issue? A. Service Provisioning Markup Language B. Simple Object Access Protocol C. Extensible Access Control Markup Language D. Security Assertion Markup Language
D. Security Assertion Markup Language allows the exchange of authentication and authorization data to be shared between security domains. It is one of the most commonly used approaches to allow for single sign-on capabilities within a web-based environment.
Which protocol ensures that frames being forwarded by switches do not circle networks forever? A. Open Shortest Path First (OSPF) B. Border Gateway Protocol (BGP) C. Intermediate System-to-Intermediate System (IS-IS) D. Spanning Tree Protocol (STP)
D. Spanning Tree Protocol (STP) ensures that forwarded frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these bridges, and calculates path costs. The other answers are all routing (layer 3) protocols.
Synthetic transactions are best described as A. Real user monitoring (RUM) B. Transactions that fall outside the normal purpose of a system C. Transactions that are synthesized from multiple users' interactions with the system D. A way to test the behavior and performance of critical services
D. Synthetic transactions are those that simulate the behavior of real users, but are not the result of real user interactions with the system. They allow an organization to ensure that services are behaving properly without having to rely on user complaints to detect problems.
In which type of networks is the Signaling System 7 (SS7) protocol used? A. Integrated Services Digital Network (ISDN) B. IP telephony network C. Real-time Transport Protocol (RTP) network D. Public switched telephone network (PSTN)
D. The SS7 protocol is used in a PSTN to set up, control, and disconnect calls.
Metro Ethernet is a MAN protocol that can work in network infrastructures made up of access, aggregation, metro, and core layers. Which of the following best describes these network infrastructure layers? A. The access layer connects the customer's equipment to a service provider's aggregation network. Aggregation occurs on a core network. The metro layer is the metropolitan area network. The core connects different metro networks. B. The access layer connects the customer's equipment to a service provider's core network. Aggregation occurs on a distribution network at the core. The metro layer is the metropolitan area network. C. The access layer connects the customer's equipment to a service provider's aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different access layers. D. The access layer connects the customer's equipment to a service provider's aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks.
D. The access layer connects the customer's equipment to a service provider's aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks.
Which access control method is considered user directed? A. Nondiscretionary B. Mandatory C. Identity-based D. Discretionary
D. The discretionary access control (DAC) model allows users, or data owners, the discretion of letting other users access their resources. DAC is implemented by ACLs, which the data owner can configure.
Wireless LAN technologies have gone through different versions over the years to address some of the inherent security issues within the original IEEE 802.11 standard. Which of the following provides the correct characteristics of WPA2 in Enterprise mode? A. IEEE 802.1X, WEP, MAC B. IEEE 802.1X, EAP, TKIP C. IEEE 802.1X, EAP, WEP D. IEEE 802.1X, EAP, CCMP
D. Wi-Fi Protected Access 2 requires IEEE 802.1X or preshared keys for access control, Extensible Authentication Protocol (EAP) or preshared keys for authentication, and the Advanced Encryption Standard (AES) algorithm in counter mode with CBC-MAC Protocol (CCMP) for encryption.
Tanya is working with the company's internal software development team. Before a user of an application can access files located on the company's centralized server, the user must present a valid one-time password, which is generated through a challenge/response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each file. The company is looking to Tanya and her team for solutions to better protect the data that has been classified and deemed critical to the company's missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following best describes what is currently in place? A. Capability-based access system B. Synchronous tokens that generate one-time passwords C. RADIUS D. Kerberos
A. A capability-based access control system means that the subject (user) has to present something, which outlines what it can access. The item can be a ticket, token, or key. A capability is tied to the subject for access control purposes. A synchronous token is not being used, because the scenario specifically states that a challenge\response mechanism is being used, which indicates an asynchronous token.
If a company has a high turnover rate, which access control structure is best? A. Role-based B. Decentralized C. Rule-based D. Discretionary
A. A role-based structure is easier on the administrator because she only has to create one role, assign all of the necessary rights and permissions to that role, and plug a user into that role when needed. Otherwise, she would need to assign and extract permissions and rights on all systems as each individual joined the company and left the company.
Which of the following is an advantage of using third-party auditors? A. They may have knowledge that an organization wouldn't otherwise be able to leverage. B. Their cost. C. The requirement for NDAs and supervision. D. Their use of automated scanners and reports.
A. Because they perform audits in multiple other organizations, and since their knowledge is constantly refreshed, third-party auditors almost always have knowledge and insights that would otherwise be unavailable to the organization.
You are the CISO of a research and development company that is transitioning to a 100 percent remote workforce, so your entire staff will be working from home. You don't have enough laptops for all your staff, so those without one will be using their personal computers and printers for work. Your VPN concentrators are sufficient to support the entire workforce, and you will be requiring all staff members to connect to the VPN. Which of the following additional VPN configurations should you also enable? A. Split tunneling B. Full tunneling C. VPN kill switch D. Hybrid tunneling
A. Because your staff will be using printers on their home networks, you will have to enable split tunneling, which allows some traffic to be sent over the VPN and other traffic to go to the local network or to the Internet directly.
An effective method to shield networks from unauthenticated DHCP clients is through the use of __________ on network switches. A. DHCP snooping B. DHCP protection C. DHCP shielding D. DHCP caching
A. DHCP snooping ensures that DHCP servers can assign IP addresses to only selected systems, identified by their MAC addresses. Also, advance network switches now have the capability to direct clients toward legitimate DHCP servers to get IP addresses and to restrict rogue systems from becoming DHCP servers on the network.
All of the following statements are true of converged protocols except which one? A. Distributed Network Protocol 3 (DNP3) is a converged protocol. B. Fibre Channel over Ethernet (FCoE) is a converged protocol. C. IP convergence addresses a specific type of converged protocols. D. The term includes certain protocols that are encapsulated within each other.
A. DNP3 is a multilayer communications protocol that was designed for use in SCADA systems and has not converged with other protocols. All other statements are descriptive of converged protocols.
Suppose you want to study the actions an adversary may attempt against your system and test the effectiveness of the controls you have emplaced to mitigate the associated risks. Which of the following approaches would best allow you to accomplish this goal? A. Misuse case testing B. Use case testing C. Real user monitoring (RUM) D. Fuzzing
A. Misuse case testing allows us to document both an adversary's desired actions on a system and the controls that are meant to thwart that adversary. It is similar to developing use cases, but with a malicious user's actions in mind instead of those of legitimate users.
Which of the following is the best description of directories that are used in identity management technology? A. Most are hierarchical and follow the X.500 standard. B. Most have a flat architecture and follow the X.400 standard. C. Most have moved away from LDAP. D. Most use RADIUS.
A. Most organizations have some type of directory service that contains information pertaining to the organization's network resources and users. Most directories follow a hierarchical database format, based on the X.500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory. Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a specific resource by using a similar request.
The process of mutual authentication involves _______________. A. a user authenticating to a system and the system authenticating to the user B. a user authenticating to two systems at the same time C. a user authenticating to a server and then to a process D. a user authenticating, receiving a ticket, and then authenticating to a service
A. Mutual authentication means it is happening in both directions. Instead of just the user having to authenticate to the server, the server also must authenticate to the user.
Which of the following is true of a vulnerability assessment? A. The aim is to identify as many vulnerabilities as possible. B. It is not concerned with the effects of the assessment on other systems. C. It is a predictive test aimed at assessing the future performance of a system. D. Ideally it is fully automated, with no human involvement.
A. One of the principal goals of a vulnerability assessment is to identify as many security flaws as possible within a given system, while being careful not to disrupt other systems.
What is the difference between security training and security awareness training? A. Security training is focused on skills, while security awareness training is focused on recognizing and responding to issues. B. Security training must be performed, while security awareness training is an aspirational goal. C. Security awareness training is focused on security personnel, while security training is geared toward all users. D. There is no difference. These terms refer to the same process.
A. Security training is the process of teaching a skill or set of skills that will enable people to perform specific functions better. Security awareness training, on the other hand, is the process of exposing people to security issues so that they are able to recognize and respond to them better. Security training is typically provided to security personnel, while security awareness training should be provided to every member of the organization.
Which of the following provides secure end-to-end encryption? A. Transport Layer Security (TLS) B. Secure Sockets Layer (SSL) C. Layer 2 Tunneling Protocol (L2TP) D. Domain Name System Security Extensions (DNSSEC)
A. TLS and SSL are the only two answers that provide end-to-end encryption, but SSL is insecure, so it's not a good answer.
What takes place at the session layer? A. Dialog control B. Routing C. Packet sequencing D. Addressing
A. The session layer is responsible for controlling how applications communicate, not how computers communicate. Not all applications use protocols that work at the session layer, so this layer is not always used in networking functions. A session layer protocol sets up the connection to the other application logically and controls the dialog going back and forth. Session layer protocols allow applications to keep track of the dialog.
The diagram shown here explains which of the following concepts? A. Crossover error rate. B. Type III errors. C. FAR equals FRR in systems that have a high crossover error rate. D. Biometrics is a high acceptance technology.
A. This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining a biometric system's accuracy. • Type I error, false rejection rate (FRR) Rejects authorized individual • Type II error, false acceptance rate (FAR) Accepts impostor
How would you best ensure the security of a ZigBee system? A. Ensure a coordinator acts as a Trust Center B. Use 256-bit encryption keys C. Deploy in a ring topology with preassigned slots for each device D. Use the Symmetric-Key Key Establishment (SKKE) protocol to derive keys
A. Using a Trust Center provides a way to centrally authenticate devices and securely manage encryption keys, which are 128 bits (not 256). Without a Trust Center, the SKKE protocol can be used to derive keys, but this approach is not as secure. ZigBee does not support ring topologies.
Which of the following technologies divides a communication channel into individual and independent subchannels? A. Baseband B. Broadband C. Circuit-switched D. Crosstalk
B. A broadband technology divides the communication channel into individual and independent subchannels so that different types of data can be transmitted simultaneously. A baseband technology, on the other hand, uses the entire communication channel for its transmission.
All of the following are good reasons to implement a content distribution network except for which one? A. Reduced latency B. Reduced total cost of ownership (TCO) C. Protection against distributed denial-of-service (DDoS) attacks D. Tailoring content to users around the world
B. A content distribution network (CDN) consists of multiple servers distributed across a large region, each of which provides content that is optimized for users closest to it. This improves latency and localization. The very distributed nature of the CDN also provides DDoS protections. It all comes at significant costs and increases the complexity of deploying systems and content, which may require additional organizational resources apart from the service itself.
Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. Which of the following best describes the type of environment Harry's team needs to set up? A. RADIUS B. Service-oriented architecture C. Public key infrastructure D. Web services
B. A service-oriented architecture (SOA) will allow Harry's team to create a centralized web portal and offer the various services needed by internal and external entities.
Tanya is working with the company's internal software development team. Before a user of an application can access files located on the company's centralized server, the user must present a valid one-time password, which is generated through a challenge/response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each file. The company is looking to Tanya and her team for solutions to better protect the data that has been classified and deemed critical to the company's missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following is one of the easiest and best solutions Tanya can consider for proper data protection? A. Implementation of mandatory access control B. Implementation of access control lists C. Implementation of digital signatures D. Implementation of multilevel security
B. Systems that provide mandatory access control (MAC) and multilevel security are very specialized, require extensive administration, are expensive, and reduce user functionality. Implementing these types of systems is not the easiest approach out of the list. Since there is no budget for a PKI, digital signatures cannot be used because they require a PKI. In most environments, access control lists (ACLs) are in place and can be modified to provide tighter access control. ACLs are bound to objects and outline what operations specific subjects can carry out on them.
Which best describes the IP protocol? A. A connectionless protocol that deals with dialog establishment, maintenance, and destruction B. A connectionless protocol that deals with the addressing and routing of packets C. A connection-oriented protocol that deals with the addressing and routing of packets D. A connection-oriented protocol that deals with sequencing, error detection, and flow control
B. The IP protocol is connectionless and works at the network layer. It adds source and destination addresses to a packet as it goes through its data encapsulation process. IP can also make routing decisions based on the destination address.
Which of the following is not a form of social engineering? A. Pretexting B. Fishing C. Whaling D. Blackmailing
B. The correct term for social engineering conducted over digital communications means is phishing, not fishing.
Which of the following is not one of the messages exchanged during the DHCP lease process? i. Discover ii. Offer iii. Request iv. Acknowledgment A. All of them are exchanged B. None of them are exchanged C. i, ii D. ii, iii
B. The four-step DHCP lease process is 1. DHCPDISCOVER message: This message is used to request an IP address lease from a DHCP server. 2. DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers. 3. DHCPREQUEST message: The client sends this message to the initial DHCP server that responded to its request. 4. DHCPACK message: This message is sent by the DHCP server to the DHCP client and is the process whereby the DHCP server assigns the IP address lease to the DHCP client.
All of the following are steps in the security audit process except A. Document the results. B. Convene a management review. C. Involve the right business unit leaders. D. Determine the scope.
B. The management review is not a part of any audit. Instead, this review typically uses the results of one or more audits in order to make strategic decisions.
Tanya is working with the company's internal software development team. Before a user of an application can access files located on the company's centralized server, the user must present a valid one-time password, which is generated through a challenge/response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each file. The company is looking to Tanya and her team for solutions to better protect the data that has been classified and deemed critical to the company's missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following is the best single sign-on technology for this situation? A. PKI B. Kerberos C. RADIUS D. TACACS+
B. The scenario specifies that PKI cannot be used, so the first option is not correct. Kerberos is based upon symmetric cryptography; thus, it does not need a PKI. RADIUS and TACACS+ are remote centralized access control protocols.
Who or what determines if an organization is going to operate under a discretionary, mandatory, or nondiscretionary access control model? A. Administrator B. Security policy C. Culture D. Security levels
B. The security policy sets the tone for the whole security program. It dictates the level of risk that management and the company are willing to accept. This in turn dictates the type of controls and mechanisms to put in place to ensure this level of risk is not exceeded.
Data backup verification efforts should A. Have the smallest scope possible B. Be based on the threats to the organization C. Maximize impact on business D. Focus on user data
B. The verification of data backups should focus on assessing the organization's ability to respond to the threats identified during the threat modeling and risk management processes. If the organization can't respond to these threats, then its backups may be useless.
This graphic covers which of the following? A. Crossover error rate B. Identity verification C. Authorization rates D. Authentication error rates
B. These steps are taken to convert the biometric input for identity verification: i. A software application identifies specific points of data as match points. ii. An algorithm is used to process the match points and translate that information into a numeric value. iii. Authentication is approved or denied when the database value is compared with the end user input entered into the scanner.
