Right.
For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.
I see this mistake often - if you know SMTP is Simple Mail Transport Protocol - the answers will fit. MIC - see you real soon, KEY, why because we like you MOUSE - spells Mickey Mouse from an old television show. LOL
What is the name of a malicious computer program that replicates itself by attaching to other programs?
a. Virus.
b. Worm.
c. Trap door.
d. Trojan horse.
Answer: a.
OK, hopefully the answer is obvious, but it points out the importance of not getting too buried in the details. First of all, we can discard trap door and trojan horse because neither of them has anything to do with replication. That leaves us with two replicating options, virus and worm. Now, some of you may know that not all viruses replicate by attaching to other programs. (And, in fact, these days relatively few do.) But worms definitely do not attach to other programs. So, of the options given, virus is still the correct answer.
Isn't "replicates itself" the definition of a worm?
@rslade wrote:What is the name of a malicious computer program that replicates itself by attaching to other programs?
a. Virus.
b. Worm.
c. Trap door.
d. Trojan horse.
Answer: a.
OK, hopefully the answer is obvious, but it points out the importance of not getting too buried in the details. First of all, we can discard trap door and trojan horse because neither of them has anything to do with replication. That leaves us with two replicating options, virus and worm. Now, some of you may know that not all viruses replicate by attaching to other programs. (And, in fact, these days relatively few do.) But worms definitely do not attach to other programs. So, of the options given, virus is still the correct answer.
Illegally accessing data, without recourse to malware, and then threatening to release it unless someone pays a ransom is called:
a) ransomware
b) extortion
c) breachstortion
d) I DON'T KNOW WHAT IT'S CALLED, BUT IT'S NOT RANSOMWARE!!!!
Answer: b or c, depending upon how "l33t" you want to sound.
Discussion:
IT'S NOT RANSOMWARE! RANSOMWARE INVOLVES SOFTWARE! RANSOMWARE INVOLVES MALWARE! JUST DOING A BREACH AND STEALING FILES IS NOT RANSOMWARE!!!!
(I'm sorry. I've go lie down, now ...)
“I’ll have a ‘B’ Rob...”
I would like to hope that everyone considers, virus, malware, ransomware questions this way. 1st course of action, restore from backup. We breach backups almost in every chapter of the CBK
What is the final step in the change control management process?
a. Inform the users of the change.
b. Test the functionality of the change.
c. Update the procedure manual.
d. Report the change to management.
Answer: d.
Reference: HISM, edited by Ruthberg & Tipton; Auerbach; 1993; pg 399-400.
Discussion:
Answer a - wrong - users often initiate the request for change. OK, yes, you should tell them you've done it, but generally that's part of the process, and you tell management last.
Answer b - wrong - changes must be tested prior to implementation.
Answer c - wrong - the procedure manual is updated to show the change.
Answer d - correct - management is notified that the change has been implemented. And they may want to accredit it. (Probably should.)
One of the security issues associated with the use of Internet based fax services is:
a. Fax is stored in plaintext at the service.
b. Group 2 fax does not support encryption.
c. The services verify fax content.
d. Fax transmissions are usually blocked by a firewall.
Answer: a