cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Practice Questions

Right.

 

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions.  As in, "what's the best set of practice questions to use while studying for the exam?"

 

The answer is, none of them.

 

I have looked at an awful lot of practice question sets, and they are uniformly awful.  Most try to be "hard" by bringing in trivia: that is not representative of the exam.  Most concentrate on a bunch of facts: that is not representative of the exam.

 

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam.  Note that none of these questions will appear on the exam.  You can't pass the CISSP exam by memorizing a brain dump.  These will just give you a feel.

 

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

 

I'll be doing this over time, "replying" to this post to add questions.  Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
322 Replies
rslade
Influencer II

From an operations security standpoint, which one of the following dial-in access configurations is best?

 

a. Force the port to log out when the modem loses carrier.
b. Disable the port when the modem disconnects.
c. Reset the modem when the phone line disconnects.
d. Force a modem reset when the DTR line transitions.

 

Answer: a

Reference: Fites & Kratz, Information Systems Security: A Practitioner’s Reference; International Thomson Computer Press; 1996; pg 385.

 

Discussion:

a - correct, this is a control measure that will force the user to reauthenticate, and prevent someone from simply taking over a free line they come across
b - wrong, this allows for a good way to do a DOS on the dialup facility
c - wrong, once the phone line is disconnected it can’t be reset, and simply resetting the modem may leave a live session behind it
d - wrong, this is a normal occurrence (DTR - data terminal ready)

 

(Reference: Fites and Kratz, Information Systems Security: A Practitioner’s Reference, International Thomson Computer Press, 1996)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Which one of the following would NOT be considered a media control task?

 

a. Decompressing the storage medium.
b. Storing on-site backups in a protected area.
c. Maintaining a control log noting all media entries, removals, and returns.
d. Erasing volumes at the end of their retention period.


Answer: a

 

(Reference: Rita Summer - “Secure Computing: Threats and Safeguards”; McGraw-Hill; 1997; pg 585.

 

Decompression definitely is part of media management, but it isn't a control.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

In what way can violation clipping levels assist in violation tracking and analysis?

 

a. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.
b. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.
c. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status.
d. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations.

 

Answer: a

 

Discussion:
Answer a - correct, the clipping level establishes a normal error rate that can be ignored for violation analysis purposes.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Which of the following is permitted by an adequate separation of duties in a mainframe computer environment?

 

a. Computer users may reconcile control totals.
b. Computer users may access the system files.
c. Programmers may change production data.
d. Programmers may initiate transactions.

 

 

Answer: a


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Why are user IDs critical in the review of audit trails?

 

a. they show which files were altered.
b. they establish individual accountability.
c. they cannot be easily altered.
d. they trigger corrective controls.

 

Answer: b

 

(Reference: Fites and Kratz, Information Systems Security: A Practitioner’s Reference, International Thomson Computer Press, 1996, pg 127.

 

Discussion:

Answer a - wrong, the identification of a specific user does not in itself show the activities conducted under the user’s name.
Answer b - correct.
Answer c - wrong, audit trail information should be secured so it cannot be altered.
Answer d - wrong, user Ids by themselves do not trigger corrective controls - the activity conducted may trigger corrective action.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
LHablas
Newcomer I

Hi Rob...Just wanted to pop in and say "Thank you!" for this blog thread. It proved to be invaluable as I made final preps for my exam, that I passed at Q100 this past Friday. I read through every page of the thread, and found your questions and your responses to questions and comments extremely valuable. Thank you for taking time to share with the community!
rslade
Influencer II

> LHablas (Viewer II) posted a new reply in Exams on 07-11-2020 11:38 PM in the

> Hi Rob...Just wanted to pop in and say "Thank you!" for this blog thread. It
> proved to be invaluable as I made final preps for my exam, that I passed at Q100
> this past Friday. I read through every page of the thread, and found your
> questions and your responses to questions and comments extremely valuable. Thank
> you for taking time to share with the community!

Well, thank you for your thank you! Glad to be of service 🙂

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Q: If Socrates, Isaac Newton or Leonardo Da Vinci suddenly
reappeared, what would be the most difficult thing to explain to
them about life today?
A: I possess a device, small enough to carry in my pocket,
capable of accessing the entirety of information known to man.

I use it to look at pictures of cats and get into arguments with
strangers.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

OK, as a celebration of the fact that my account seems to have (as mysteriously as it died) revived, herewith:

 

At what stage of the applications development process should the security department become involved?

 

a. Prior to the implementation
b. Prior to systems testing
c. During unit testing
d. During requirements development


Answer: d.


Reference: Secure Computing(Threats & Safeguards); R. Summers; McGraw-Hill; 1997; pg 250.

 

Discussion:

 

This is an example of choosing the best answer from among those provided.  "Requirements" is probably not the phase to start thinking about security: you should probably start right at the initiation and concept phase.  But that isn't one of the options we are given.  So, choose the earliest possible phase from the options you are given:

 

Answer a - incorrect - prior to implementation is 7 steps down in the software development life cycle. At this point, security safeguards would be expensive to retrofit.

 

Answer b - incorrect - prior to system test is vague and several steps (5) required preceding it.

 

Answer c - incorrect - unit test is where you would want to test the security of the system. Security dept. should have been involved much earlier.

 

Answer d - correct - Security dept. should be involved at the beginning of the project. It is much easier than adding it later.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
aphelps52
Viewer II

Would an RSA token be an example of this? 

aphelps52
Viewer II

That reply was to the one-time password question where the answer was "something you have"