- Cryptography provides many different types of protections of information. When utilised correctly, which of the following represent thing that cryptography CAN do? (choose six)
(a) Detect if a spreadsheet has been changed in an unauthorised way
(b) Provide confidentiality for a Windows user accessing a Linux web server via a web browser
(c) Prevent a user from deleting a file they have no permissions to access
(d) Provide a high degree of assurance that a remote system is who it claims to be
(e) Recover data that was changed in an unauthorised manner
(f) Prevent a thief from adding a stolen hard drive to a different computer in order to access its data
(g) Check to make sure a script is unmodified before allowing it to be executed
(h) Reduce the effectiveness of ICMP-based Denial of Service (DoS)
(i) Prevent an authorised user from exfiltrating data from a protected network
(j) Assist with complying with regulatory data security requirements
Answers:
(a), (b), (d), (f), (g), (j)
- When making decisions about how to best secure user computers & servers, which of the following is the most important consideration?
(a) Security should not decrease the usability of the system
(b) Intangible risks should be mitigated first
(c) Should cover all regulatory requirements
(d) Cost must be managed and should make sense for the given risk
(e) All risk should be eliminated by mitigating mechanisms
Answer:
(d)
(a) is not achievable in most cases, any controls are going to reduce usability (or speed, convenience etc.) to some degree, even if neglible
(c) is too broad
(e) is generally not possible
- Which of the following are typically NOT allowed to pass outbound through a firewall that leads to the Internet? (choose five)
(a) HTTP
(b) FTP
(c) SNMP
(d) DNS
(e) EIGRP
(f) RADIUS
(g) OSPF
(h) SSH
(i) SMTP
(j) LDAP
Answers:
(c), (e), (f), (g), (j)
Caveats apply, e.g. you may only wish to allow SSH to/from specific hosts, and SMTP from authorised mail servers on your network, not all nodes, but these are the best answer. Note that (e) and (g) are interior routing protocols.
- Which of the following are characteristics of elliptic curve cryptography? (choose four)
(a) It is stronger than RSA using significantly smaller key lengths
(b) It has a large memory footprint
(c) It can help conserve battery life in mobile devices
(d) It has lower CPU overhead compared to RSA
(e) It is not supported by most modern web browsers
(f) ECC was introduced as an alternative to AES
(g) It can be used in a Diffie-Hellman key exchange
Answers:
(a), (c), (d), (g)
- PCI DSS is a mandated information security standard that applies to organisations that accept credit cards. The primary objectives of the standard are to protect credit card information & reduce fraud. The security requirements for compliance with PCI DSS allow merchants to only store & retain certain types of cardholder information. Of the items listed below, which ARE ALLOWED to be stored by a merchant? (Choose three)
(a) Cardholder’s PIN
(b) Cardholder’s account number in plain text
(c) Card expiration date
(d) Full magnetic stripe data
(e) CAV2/CVC2/CVV2/CID
(f) Cardholder’s name
(g) Cardholder’s account number in an unreadable (i.e. encrypted/truncated) format
(c), (f), (g)
- Which of the following would be considered an administrative control? (Choose three)
(a) Background checks
(b) Network firewall
(c) Audible alarms
(d) Security awareness training
(e) Security guards
(f) Risk management
(g) Encryption of personnel records
Answers:
(a), (d), (f)
- What is the risk to electrical equipment when humidity is too high? (Choose two)
(a) ESD (electrostatic discharge)
(b) Short circuits
(c) Crosstalk
(d) Corrosion
(e) Sediment build-up on connectors
(f) Overheating
(g) Unplanned system reset
Answers:
(b), (d)
Explanation:
(a) ESD is caused when humidity is too low!
- Which of the following is something a network-based IDS (intrusion detection system) CANNOT do? (choose six)
(a) Inspect encrypted traffic for evidence of attack
(b) Detect illegal variations in protocol rules
(c) Compensate for weak passwords
(d) Detect TCP or ICMP-based denial of service attacks
(e) Filter malicious attachments from email messages
(f) Rate-limit attack traffic to inhibit its effectiveness
(g) Detect malicious activity on local hosts
(h) Act as a log of evidence for a successful attack
(i) Remove need for human intervention
Answers:
(a), (c), (e), (f), (g), (i)
Explanation:
(a) NIDs cannot inspect encrypted traffic
- Which of these is true of an IP routing table? (choose four)
(a) It maps MAC addresses & destination IP addresses to remote networks
(b) It contains a list of destination IP networks
(c) It contains a mapping of IP addresses & services offered on TCP ports
(d) It is created automatically via SNMP exchanges between neighbouring routers
(e) Networks learned via OSPF or EIGRP are more trusted than standard static routes
(f) IPv6 and IPv4-enabled routers use two routing tables, one for each protocol
(g) Routers can route packets with encrypted payloads
(h) Routing protocols secure routing update packets using TLS
(i) Routing tables map IP addresses to MAC addresses
(j) Routing tables operate at the Network layer of the OSI model
Answers:
(b), (f), (g), (j)
Explanation:
(e) Static routes are usually much more trusted that learned routes
(g) Yes, the payload can be encrypted, as long as the IP header is unencrypted
- Which of the following are characteristics of RAID 1? (Choose two)
(a) Also called ‘striping’
(b) All parity data is spread across the included drives
(c) Only supported on SSDs
(d) All parity data is stored on a single drive
(e) Disk-level encryption is enabled by default and is independent of the file system
(f) Has a 1:1 drive ratio (100%)
(g) Provides dynamic data de-duplication
(h) Also called mirroring
(i) Has a 1:x drive ratio, where x is the total number of drives
(j) Fast write, slow read
(k) System can survive multiple drive failures
(l) Has a 1:2 drive ratio (50%)
Answers:
(f), (h)
Explanation:
(a) Striping is RAID 0
(b) & (d) RAID 1 does not use parity
(f) One drive + one mirror = 1:1
(k) System can only survive a single drive failure
- Comment
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
My CISSP Notes 