Re: CISSP Review Questions - Page 3

Rooks · ‎08-07-2024

Hello All,

I'm reviewing some questions for CISSP exam preparation. I found answers for some of the questions are questionable and would like to find your take on this. You feedback is very much appreciated.

I'm copied/mentioned some folks here that I encountered with or saw their feedbacks in other communities. Thank you all in advance.

@rslade @dcontesti @denbesten @funkychicken @Vigenere @Shannon @gidyn @alekos

Question 1.

Johny needs to provide a set of minimum security requirements for email. What steps should he recommend for his organization to ensure that the email remains secure?

A. All email should be encrypted

B. All email should be encrypted and labelled

C. Sensitive email should be encrypted and labelled

D. Only highly sensitive email should be encrypted

Answer: Given answer is C.

However, I think it should be A because the question is not mentioning anything to do with classification.

What do you think?

Rooks · ‎08-15-2024

Thank you @denbesten , for your feedback and insight.

CISSP Review Questions

Yes, this is very ambiguous question given the fact that the land line phone # is not a known factor.

Rooks · ‎08-15-2024

Here's another question that I'm having a hard time to agree with the given answer. I would appreciate your feedback and insight please. Thank you.

Question 5.

Tommy Boy recently completed leading the postmortem review of a security incident. What documentation should he prepare next?

A. A lessons learned document

B. A risk assessment

C. A remediation list

D. A mitigation checklist

Answer: Answer given is A. A lessons learned document.

However, I think the next document that needs to be created is D. A mitigation checklist. Because it is important that the incident gets mitigated first to control the incident, and then the lessons learned document.

Your thoughts please?

denbesten · ‎08-15-2024

@Rooks wrote:

Tommy Boy recently completed leading the postmortem review of a security incident. What documentation should he prepare next?

Map the answers into the SANS incident response steps, and you will have your answer.

SANS Incident Response Steps

Step #1: Preparation
Step #2: Identification
Step #3: Containment
Step #4: Eradication
Step #5: Recovery
Step #6: Lessons Learned

[definitive source, easy-to-read summary]

A --> Step 6

B --> Step 1

C --> step 5

D -- > step 3

Since Tommy Boy is doing a postmortem, he is in the early stages of step 6. B, C, and D are presumably already complete.

Rooks · ‎08-16-2024

Thank you @denbesten, for the info and for explanation - makes sense - much appreciated.

BTW - how do I reply to a post that automatically includes the post content that I'm responding to. I saw that @content option but that includes the very first post I created, not helpful when I'm replying to someone's reply. I seem can't find that and its super annoying to include manually. sad face 😢

Tommy Boy recently completed leading the postmortem review of a security incident. What documentation should he prepare next?

Map the answers into the SANS incident response steps, and you will have your answer.

SANS Incident Response Steps

Step #1: Preparation
Step #2: Identification
Step #3: Containment
Step #4: Eradication
Step #5: Recovery
Step #6: Lessons Learned

[definitive source, easy-to-read summary]

A --> Step 6

B --> Step 1

C --> step 5

D -- > step 3

Since Tommy Boy is doing a postmortem, he is in the early stages of step 6. B, C, and D are presumably already complete.

denbesten · ‎08-16-2024

@Rooks wrote:
BTW - how do I reply to a post that automatically includes the post content that I'm responding to.

After clicking "reply", In the editor click the quote button above where you are typing. This will put the entire message in. After that, I edit out the bits that are irrelevant to my reply.

Rooks · ‎08-17-2024

@denbesten wrote:
@Rooks wrote:
BTW - how do I reply to a post that automatically includes the post content that I'm responding to.
After clicking "reply", In the editor click the quote button above where you are typing. This will put the entire message in. After that, I edit out the bits that are irrelevant to my reply.

Excellent - thank you so much for the tip @denbesten - you rock ...👍

Rooks · ‎08-19-2024

Hi All, here is another question where I'm trying to figure out the best possible answer as how the question is given two answers could be equally right. Looking for your insight pls..

Question 6.

Jimmy recently built a new system as part of her organization's deception campaign. The system is configured in a manner that makes it vulnerable to attack and that conveys that it might contain highly sensitive information. What term best describes this system?

A. Honeynet

B. Darknet

C. Honeypot

D. Pseudoflaw

Answer: Given answer is C. Honeypot.

However, by definition answer D. Pseudoflaw does the same thing, so why I would choose C over D?

Note: I have been reading and reading and it says for pseudoflaw - A pseudoflaw is a false vulnerability (purposely added) that may attract an attacker. This is exactly how the system was built in this question.

Thanks

Rooks · ‎08-21-2024

Hi All, here is another question where I'm interested to find out your understanding of the of answers given. This is a simple question, but correct answer depends on your understanding.

Question 7.

Natalia is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Natalia allow to leave the network headed for the internet?

A. Packets with a source address from Natalia's public IP address block.

B. Packets with a destination address from Natalia's public IP address block.

C. Packets with a source address outside Natalia's address block

D. Packets with a source address from Natalia's private address block

Answer: I would like to find out what option you choose based on your understanding. I'll share the given answer later once I hear some answers from some. Thanks

denbesten · ‎08-22-2024

@Rooks wrote:
This is a simple question, but correct answer depends on your understanding.

There are two equally correct answers depending on the location of the monitoring device.

This provides an opportunity to explain why a "bad question" like this does not really matter on the real exams.

A good question is one that tends to be answered correctly by those who pass the exam and incorrectly by those who fail. This question would prove itself bad because those who otherwise pass the exam would mostly be split between two answers.

The real exams have a percentage of their questions that are worth zero points. No matter how you answer them, they will neither help nor hurt your score. These questions are ones that have recently been written and have not yet proven themselves. After enough people have taken the exam if the question proves itself good, it is moved to the "production" question pool and assigned a point value. This helps ensure that the graded questions are good.

Even after a question makes itself into the production pool, If it starts showing itself as bad, it will be sent off for a rewrite and then return to the "zero point" pool to see if it was successfully turned into a good question.

This (psychometric analysis) is a really cool test-development technique, but as a test-taker it does add to exam-day stress because you might recognize the question as "bad", but you have no way of telling if it is graded. You will tend to believe that you took damage and will become demoralized, whereas odds are that the bad question was in the zero point pool and did not affect your score.

The way to counter this while taking the real exam is to not waste brain power trying to keep score; just focus all your attention on reading carefully and selecting the most correct (or least wrong) answer. And to the extent that you can't get the score out of your mind, remind yourself that 70% is a pretty low bar to clear. If you truly know the material, you can afford a few hits.

While on the topic of test-taking tricks, do calculate how many seconds you have to answer each question on the real exam. And then during practice exams, time yourself so you develop an instinct for the required pace. Then while taking the real exam, ignore the clock. Instead, depend upon instinct to maintain the pace and keep the focus on answering questions.

Rooks · ‎08-22-2024

Thank you @denbesten for the valuable tips / advice.

@denbesten wrote:
@Rooks wrote:
This is a simple question, but correct answer depends on your understanding.

The real exams have a percentage of their questions that are worth zero points. No matter how you answer them, they will neither help nor hurt your score. These questions are ones that have recently been written and have not yet proven themselves. After enough people have taken the exam if the question proves itself good, it is moved to the "production" question pool and assigned a point value. This helps ensure that the graded questions are good.

The way to counter this while taking the real exam is to not waste brain power trying to keep score; just focus all your attention on reading carefully and selecting the most correct (or least wrong) answer. And to the extent that you can't get the score out of your mind, remind yourself that 70% is a pretty low bar to clear. If you truly know the material, you can afford a few hits.

While on the topic of test-taking tricks, do calculate how many seconds you have to answer each question on the real exam. And then during practice exams, time yourself so you develop an instinct for the required pace. Then while taking the real exam, ignore the clock. Instead, depend upon instinct to maintain the pace and keep the focus on answering questions.

I didn't know they would ask questions and not grade even I answer correctly - that's a bummer :-). oh well!

Thank you for the tips above. I'm sure there would be some questions that I'll ace and some that would be challenging, so overall this will help spend some time on the challenging ones. Thanks again!