- Which one of the following is NOT normally included in a security assessment?
(a) Vulnerability scan
(b) Risk assessment
(c) Mitigation of vulnerabilities
(d) Threat assessment
Answer:
(c)
- Who is the intended audience for a security assessment report?
(a) Management
(b) Security auditor
(c) Security professional
(d) Customers
Answer:
(a)
Explanation:
Security assessment reports should be addressed to the organisation’s management. For this reason, they should be written in plain English and avoid technical jargon.
- Beth would like to run an nmap scan against all of the systems on her organisation’s private network. These include systems in the 10.0.0.0 private address space. She would like to scan this entire private address space because she is not certain what subnets are used. What network address should Beth specify as the target of her scan?
(a) 10.0.0.0/0
(b) 10.0.0.0/8
(c) 10.0.0.0/16
(d) 10.0.0.0/24
Answer:
(b)
Explanation:
The use of an 8-bit subnet mask means that the first octet of the IP address represents the network address. In this case, that means 10.0.0.0/8 will scan any IP address beginning with “10.”
- What type of network discovery scan only follows the first two steps of the TCP handshake?
(a) TCP connect scan
(b) Xmas scan
(c) TCP SYN scan
(d) TCP ACK scan
Answer:
(c)
Explanation:
The TCP SYN scan sends a SYN packet and receives a SYN ACK packet in response, but it does not send the final ACK required to complete the three-way handshake.
- What information security management task ensures that the organisation’s data protection requirements are met effectively?
(a) Account management
(b) Backup verification
(c) Log review
(d) Key performance indicators
Answer:
(b)
Explanation:
The backup verification process ensures that backups are running properly and thus meeting the organisation’s data protection objectives.
- An organisation ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following?
(a) Principle of least permission
(b) Separation of duties
(c) Need-to-know
(d) Role Based Access Control
Answer:
(c)
Explanation:
Need-to-know is the requirement to have access to, knowledge about, or possession of data to perform specific work tasks, but no more. The principle of least privilege includes both rights & permissions, but the term principle of least permission is not valid within IT security. Separation of duties ensures that a single person doesn’t control all the elements of a process. Role Based Access Control (RBAC) grants access to resources based on a role.
- What is a primary benefit of job rotation & separation of duties policies?
(a) Preventing collusion
(b) Preventing fraud
(c) Encouraging collusion
(d) Correcting incidents
Answer:
(b)
Explanation:
Job rotation and separation of duties polices help prevent fraud. Collusion is an agreement among multiple persons to perform some unauthorised or illegal actions, and implementing these policies doesn’t prevent collusion, nor does it encourage employees to collude against an organisation. They help deter and prevent incidents, but they do not correct them.
- While troubleshooting a network problem, a technician realised the problem could be resolved by opening a port on a firewall. The technician opened the port and verified the system was now working. However, an attacker accessed this port and launched a successful attack. What could have prevented this problem?
(a) Patch management processes
(b) Vulnerability management processes
(c) Configuration management processes
(d) Change management processes
Answer:
(d)
- An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organisation?
(a) Read
(b) Modify
(c) Full access
(d) No access
Answer:
(d)
Explanation:
The default level of access should be no access. The principle of least privilege dictates that users should only be granted the level of access they need for their job, and the question doesn’t indicate that new users need any access to the database. Read, modify and full access all grant some user some level of access, which violates the principle of least privilege.
- Which of the following can be an effective method of configuration management using a baseline?
(a) Implementing change management
(b) Using images
(c) Implementing vulnerability management
(d) Implementing patch management
Answer:
(b)
Explanation:
Images can be an effective config mgmt method using a baseline. Imaging ensures that systems are deployed with the same, known config. Change mgmt processes help to identify vulnerabilities, and patch mgmt processes help to ensure that systems are kept up-to-date.
- Comment
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
My CISSP Notes 