cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Practice Questions

Right.

 

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions.  As in, "what's the best set of practice questions to use while studying for the exam?"

 

The answer is, none of them.

 

I have looked at an awful lot of practice question sets, and they are uniformly awful.  Most try to be "hard" by bringing in trivia: that is not representative of the exam.  Most concentrate on a bunch of facts: that is not representative of the exam.

 

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam.  Note that none of these questions will appear on the exam.  You can't pass the CISSP exam by memorizing a brain dump.  These will just give you a feel.

 

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

 

I'll be doing this over time, "replying" to this post to add questions.  Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
329 Replies
rslade
Influencer II

Which of the following is the PRIMARY objective of a firewall?

a. Protect one network from another.
b. Prevent IP traffic from going out of the network.
c. Block SNA traffic.
d. Monitor network traffic.

Answer: a.
Reference: HISM 99; Krause/Tipton; Auerbach; 1998; pg 96-103.

Discussion:

Answer a - correct.
Answer b - wrong - a firewall may prevent some IP traffic but if it prevented all traffic, it would serve the same purpose as disconnecting.
Answer c - wrong - SNA traffic is to specific to be the primary purpose.
Answer d - wrong - this is a secondary result of processing data for the protected network.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
The books that the world calls immoral are the books that show
the world its own shame. - Oscar Wilde, `The Picture of Dorian Gray'
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Which of the following proxies does NOT examine service commands (e.g. FTP, GET, & PUTs)?

 

a. Application
b. Stateful
c. Circuit
d. Generic

 

Answer: c.
(Reference: Siyan, Karabjit, and Hare, Chris, Internet Firewalls and Network Security, New Riders Publishing, 1995, pg 301)

 

Discussion:
Answer a - wrong - application layer is where FTP command resides.
Answer b - wrong - stateful processes packets up to the application layer to determine forwarding.
Answer c - correct - circuit proxy only processes to the network layer.
Answer d - wrong - not an industry recognized term for a proxy.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> dcontesti (Community Champion) mentioned you in a post! Join the conversation below:

>   So I like where you are going by bringing
> Privacy to the forefront for Security folks, however should the question be
> changed to list the actual laws.

Probably true. I'm not sure if I was serious about that DP question: it was more
that Gloria challenged me about writing one, and, once I had done it for the
presentation as a kind of discussion starter, it did seem like it illustrated how you
need to approach questions on the exam, so ...

>  With recent changes in privacy not all
> laws in the US support differential privacy. I am specifically thinking
> about CCPA and CPRA (which a number of states are following or copying) and
> more akin to GDPR than anything.

Yeah. However, for most of the prior US stuff, it does follow a pattern of being
more about disclosure than actual privacy.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
If we do not plant knowledge when young, it will give us no shade
when we are old. - Lord Chesterfield
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Which one of the following accurately describes Ethernet transmissions?

 

a. Traffic is broadcast to all computers on the network segment.
b. Traffic originates from one location and is sent to a single destination.
c. Traffic is sent directly to the gateway router for forwarding.
d. Traffic is routed based on the system network communications architecture.

 

Answer: a.

 

Reference: IEEE 802.3 Standard
Network Security; Simmons; McGraw-Hill; 1997; pg 154.

 

Discussion:
Answer a - correct.
Answer b - wrong - would only be true if there were only 2 stations on the segment, otherwise all stations will see the traffic.
Answer c - wrong - a gateway router is not required to complete a transmission between two stations on the same segment.
Answer d - nonsensical.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Startzc
Newcomer III

Came across this question on a practice test that someone else recommended, and was curious of your opinion on the answer and explanation it gives:

 

Why do buffers overflow?

(a) Because buffers can only hold so much data.
(b) Because input data is not checked for appropriate length at time of input.
(c) Because they are an easy weakness to exploit.
(d) Because of insufficient system memory.

 

Answer: (d) Buffer overflows are the most common type of DoS attack. Here, an attacker sends more data than the application's buffer can hold. When the amount of data exceeds the buffer size, the extra data overflows under the stack, often causing the application or the whole system to crash. In some cases, the data can be carefully crafted to include machine code that will execute when it overflows onto the stack.

 

########################

While agree with it technically, if the data processed is validated correctly and size limits are enforced, the amount of memory shouldn't be the cause (or the Why?). Thoughts?

gidyn
Contributor III

(d). is wrong, the answer is (a) or (b).
rslade
Influencer II

> Startzc (Newcomer I) posted a new reply in Exams on 12-29-2020 02:46 PM in the

> Came across this question on a practice test that someone else recommended

With friends like that ...

> While agree with it
> technically, if the data processed is validated correctly and size limits are
> enforced, the amount of memory shouldn't be the cause (or the Why?). Thoughts?

First thought: it's a stupid and poorly written question.

Second thought: I'd go even further, and say that, technically, not even D is
correct. It isn't insufficient system memory, but insufficient memory allocation.

Third thought: I like your thought processes, and would say that you are
approaching questions correctly.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
If you can't explain it simply ... you don't understand it well
enough. - Albert Einstein
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Startzc
Newcomer III

B was my choice, if that wasn't clear from my original comment.

 

Thanks, rslade. It wasn't a "friend;" but it is someone that I may have to work with in the future. So I will be very suspect of their decision making abilities and future recommendations. I've pretty much run through all the paid study material I have twice already, so I have been spending spare time doing any free practice tests that I come across, for my own benefit and to find things to share with colleagues.

 

I'm taking CISSP on the 12th and this thread has been really helpful in getting me out of my own head and into the right mindset for the test. You rock!

CISOScott
Community Champion


@Startzc wrote:

Came across this question on a practice test that someone else recommended, and was curious of your opinion on the answer and explanation it gives:

 

Why do buffers overflow?

(a) Because buffers can only hold so much data.
(b) Because input data is not checked for appropriate length at time of input.
(c) Because they are an easy weakness to exploit.
(d) Because of insufficient system memory.

 

Answer: (d) Buffer overflows are the most common type of DoS attack. Here, an attacker sends more data than the application's buffer can hold. When the amount of data exceeds the buffer size, the extra data overflows under the stack, often causing the application or the whole system to crash. In some cases, the data can be carefully crafted to include machine code that will execute when it overflows onto the stack.

 

########################

While agree with it technically, if the data processed is validated correctly and size limits are enforced, the amount of memory shouldn't be the cause (or the Why?). Thoughts?


So if we can define a buffer and buffer overflow as:

Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes.

Then D is incorrect because it is not the cause of the buffer overflow. It might be A cause, but not always THE cause. If we are just looking for a cause then A (per the answer provided and highlighted in bold above) and B are correct also.

C would be incorrect because it is not why a buffer overflows, just a possible attack vector. Even if it is a very popular attack vector it is not why a buffer overflows.

B is correct but it is not why the buffer overflows. Yes checking input length can prevent buffer overflows, but it is not why the buffer overflowed. Chicken and egg theory.

A is the most correct answer to me, even if poorly worded. The correct statement would be because buffers can only hold the amount of data they are allocated to hold.

 

So technically buffers overflow because more data is input than was allocated for, and answer a is the only answer that is 100% true. Answer B is a preventative measure and can eliminate A but per definition, A is still more correct. C is incorrect and D might cause an overflow but is not the cause of 100% of an overflow.

 

I agree with others that it is a horrible question.

rslade
Influencer II

> Startzc (Newcomer I) posted a new reply in Exams on 12-29-2020 03:42 PM in the

> You rock!

We does our 'umble best ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
If it were not for quotations, conversation between gentlemen
would consist of an endless succession of `what-ho's!
- P. G. Wodehouse
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468