cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Practice Questions

Right.

 

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions.  As in, "what's the best set of practice questions to use while studying for the exam?"

 

The answer is, none of them.

 

I have looked at an awful lot of practice question sets, and they are uniformly awful.  Most try to be "hard" by bringing in trivia: that is not representative of the exam.  Most concentrate on a bunch of facts: that is not representative of the exam.

 

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam.  Note that none of these questions will appear on the exam.  You can't pass the CISSP exam by memorizing a brain dump.  These will just give you a feel.

 

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

 

I'll be doing this over time, "replying" to this post to add questions.  Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
329 Replies
rslade
Influencer II

> Vigenere (Newcomer II) posted a new reply in Exams on 08-29-2020 12:44 PM in the

> What documents the intention of two entities to work together toward a common
> goal?
> a. Mutual agreement
> b. SLA
> c. MOU
> d. ISA

> Answer: c

> Reference: "(ISC)2
> Official Study Guide" - Applying Security Operations Concepts

OK, first off, all acronyms need to be spelled out in full, for a legitimate question.

Secondly, "study guides," official or otherwise, are not source security literature,
and therefore are not eligible as refernce material.

Final grade: D-

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
For many companies security is like salt, people just sprinkle it
on top.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
dcontesti
Community Champion

I agree with Rob, not a great question.  There is something missing in the stem.

 

In this case A and C could be equally correct.

 

My nickel

 

d

 

 

 

Vigenere
Newcomer III


@rslade wrote:
OK, first off, all acronyms need to be spelled out in full, for a legitimate question.

Secondly, "study guides," official or otherwise, are not source security literature,
and therefore are not eligible as refernce material.

Final grade: D-

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
For many companies security is like salt, people just sprinkle it
on top.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

The fact that acronyms need to be spelled out is reassuring. Does that happen in every question that contains them, in the exam?

Please note that you posted several questions containing acronyms that were not spelled out (page 2 of this thread for example).

 

On the Study Guide not usable as reference: sure, I understand. I don't think this makes the question and answer wrong, though. The concept is clearly explained.

 

 




"I have no special talent. I am only passionately curious."
Vigenere
Newcomer III

Thanks for your comment, but I don't think that A and C could be equally right.

C (Memorandum Of Understanding) is the MOST right.

 

Mutual assistance agreement (MAA) is an agreement where two organizations pledge to assist each other in the event of a disaster. Assist each other is slightly different than work together. In the case of a cold site, each organization may simply maintain some open space in its processing facilities for the other organization to use in the event of a disaster. This is clearly different than working together.

 


@dcontesti wrote:

I agree with Rob, not a great question.  There is something missing in the stem.

 

In this case A and C could be equally correct.

 

My nickel

 

d

 

 

 


 




"I have no special talent. I am only passionately curious."
gidyn
Contributor III


@rslade wrote:
Which of the following has the objective to control and manage data from a
central location?

a. Databases
b. Data dictionaries
c. Data access methods
d. Data storage

Answer: b.

Please pardon my ignorance, why b more than a?

dcontesti
Community Champion

@Vigenere  wrote:

 

> Thanks for your comment, but I don't think that A and C could be equally right.

> C (Memorandum Of Understanding) is the MOST right.

 

> Mutual assistance agreement (MAA) is an agreement where two organizations pledge to assist each other in > the event of a disaster. Assist each other is slightly different than work together. In the case of a cold site,      each organization may simply maintain some open space in its processing facilities for the other organization > to use in the event of a disaster. This is clearly different than working together.

___________________________________________________

 

So your question does not ask about a MAA it asks about a Mutual agreement.  When writing items, the item writer understands what they have in their mind however the test taker does not have the luxury of speaking with the item writer during the exam.

 

When entering into a legal transaction, a corporation or a person has two options available, i.e. an agreement or memorandum of understanding. An agreement refers to concordance between the legally competent parties, which is generally negotiated. Conversely, an MOU is a type of agreement between legally competent parties, which is non-binding in nature.  So both entities work together towards a common goal, one typically legal and the other not but they both work together toward a common goal.

 

An MoU typically leads to a mutual agreement.  So with out some additional guidance in the question, I still believe A and C could be correct.

 

This is why a study guide is a bad reference

 

Diana

 

 

 

 

 

 

CraginS
Defender I


@gidyn wrote:

@rslade wrote:
Which of the following has the objective to control and manage data from a
central location?

a. Databases
b. Data dictionaries
c. Data access methods
d. Data storage

Answer: b.

Please pardon my ignorance, why b more than a?


A database is simply an organized, searchable file of records containing data elements, each element configured for required and allowable values, including length, character content, embedded file types allowed, etc.

 

A data dictionary is a meta-document describing in great detail the parameters and uses for named data elements. Data dictionaries are essential to translating across similar, or perceived identical, data elements across databases.

For instance in the USA we have governmental subdivisions, States, some of which officially call themselves commonwealths. A data dictionary would describe the data element STATE as referring only to any one of the 50 States & Commonwealths; the 50 States & Commonwealths plus the District of Columbia; the 50 States & Commonwealths, District of Columbia, plus US territories; or the 50 States & Commonwealths, District of Columbia, US Territories, and US Protectorates; or the 50 States & Commonwealths, District of Columbia, US Territories, and US Protectorates, as well as all recognized Native American (Indian) reservations or territories. 

Further, the data dictionary would list the various allowed values for the data element field, with instructions for translation if a given database does not allow all of those options. For State, the sets of allowed values are the full spelled out name, e.g. Connecticut, New Mexico, Alaska; the  two-character US Postal System code, e.g. CT, NM, AK; the traditional abbreviations, e.g. Conn., N.M. or N. Mex., Alaska; ANSI 2-digit codes, e.g. 09, 35, 02. (https://en.wikipedia.org/wiki/List_of_U.S._state_and_territory_abbreviations)

 

Data dictionaries describing the various allowed or possible values for a given data element are essential for central management across multiple cross-linked or communicating databases, and affect both the DB-to-DB interfaces of code as well as influencing the human-computer interface design for optimum usability and utility of the overall system. For instance, the screen interface for the States field may be a dropdown pick-list displaying the fully spelled out names for human users to see, but a translation table would store the two-digit ANSI code in the record for each selection. 

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CraginS
Defender I


@rslade wrote:
...
Does anybody (except me) even remember what a data dictionary is?...

Grandpa Rob,

Of course, a few of us graybeards (greybeards?) do:

https://community.isc2.org/t5/Exams/CISSP-questions/m-p/38736#M1114

 

Historically, I had the pleasure of trying to deal with the U.S. Department of Defense Data Dictionary during the 1980's. Reconciling nominally identical data elements among personnel, geo-facilities, and operational planning data systems was, shall we say, challenging.

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
rslade
Influencer II

When a database error has been detected requiring a backing out process, a
mechanism that permits starting the process at designated places in the process is
called a

a. restarter.
b. reboot.
c. checkpoint.
d. journal.

Answer: c.

Reference: Hutt, Bosworth, & Hoyt; Computer Security Handbook; 3rd Edition;
John Wiley & Sons; 1995; pg G-5.

Discussion:

Answer a - wrong - restart begins the whole process again instead of at a designated
point.
Answer b - wrong - reboot is a method of restarting the entire computer system
instead of a specific application.
Answer c - correct - checkpoints facilitate restarts.
Answer d - wrong - a journal is a log of activities which is internal to automated
systems.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
The best way to predict the future is to invent it! - Alan Kay
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> gidyn (Newcomer I) posted a new reply in Exams on 08-30-2020 04:51 AM in the

> Which of the following has the objective to control and manage
> data from a central location?
> a. Databases
> b. Data dictionaries
> c. Data access methods
> d. Data storage
>
> Answer: b.
>
> Please pardon my ignorance, why b more than a?

"Database" simply covers the whole field. There are database systems where the
data, and even management of the data, is distributed. However, data dictionaries
specifically collect and provide metadata in a central location for overall control.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
A writer--and, I believe, generally all persons--must think that
whatever happens to him or her is a resource. - Jorge Luis Borges
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468