Right.
For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them.
I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.
So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.
For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.
I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.
Which of the following proxies does NOT examine service commands (e.g. FTP, GET, & PUTs)?
a. Application
b. Stateful
c. Circuit
d. Generic
Answer: c.
(Reference: Siyan, Karabjit, and Hare, Chris, Internet Firewalls and Network Security, New Riders Publishing, 1995, pg 301)
Discussion:
Answer a - wrong - application layer is where FTP command resides.
Answer b - wrong - stateful processes packets up to the application layer to determine forwarding.
Answer c - correct - circuit proxy only processes to the network layer.
Answer d - wrong - not an industry recognized term for a proxy.
Which one of the following accurately describes Ethernet transmissions?
a. Traffic is broadcast to all computers on the network segment.
b. Traffic originates from one location and is sent to a single destination.
c. Traffic is sent directly to the gateway router for forwarding.
d. Traffic is routed based on the system network communications architecture.
Answer: a.
Reference: IEEE 802.3 Standard
Network Security; Simmons; McGraw-Hill; 1997; pg 154.
Discussion:
Answer a - correct.
Answer b - wrong - would only be true if there were only 2 stations on the segment, otherwise all stations will see the traffic.
Answer c - wrong - a gateway router is not required to complete a transmission between two stations on the same segment.
Answer d - nonsensical.
Came across this question on a practice test that someone else recommended, and was curious of your opinion on the answer and explanation it gives:
Why do buffers overflow?
(a) Because buffers can only hold so much data.
(b) Because input data is not checked for appropriate length at time of input.
(c) Because they are an easy weakness to exploit.
(d) Because of insufficient system memory.
Answer: (d) Buffer overflows are the most common type of DoS attack. Here, an attacker sends more data than the application's buffer can hold. When the amount of data exceeds the buffer size, the extra data overflows under the stack, often causing the application or the whole system to crash. In some cases, the data can be carefully crafted to include machine code that will execute when it overflows onto the stack.
########################
While agree with it technically, if the data processed is validated correctly and size limits are enforced, the amount of memory shouldn't be the cause (or the Why?). Thoughts?
B was my choice, if that wasn't clear from my original comment.
Thanks, rslade. It wasn't a "friend;" but it is someone that I may have to work with in the future. So I will be very suspect of their decision making abilities and future recommendations. I've pretty much run through all the paid study material I have twice already, so I have been spending spare time doing any free practice tests that I come across, for my own benefit and to find things to share with colleagues.
I'm taking CISSP on the 12th and this thread has been really helpful in getting me out of my own head and into the right mindset for the test. You rock!
@Startzc wrote:Came across this question on a practice test that someone else recommended, and was curious of your opinion on the answer and explanation it gives:
Why do buffers overflow?
(a) Because buffers can only hold so much data.
(b) Because input data is not checked for appropriate length at time of input.
(c) Because they are an easy weakness to exploit.
(d) Because of insufficient system memory.
Answer: (d) Buffer overflows are the most common type of DoS attack. Here, an attacker sends more data than the application's buffer can hold. When the amount of data exceeds the buffer size, the extra data overflows under the stack, often causing the application or the whole system to crash. In some cases, the data can be carefully crafted to include machine code that will execute when it overflows onto the stack.
########################
While agree with it technically, if the data processed is validated correctly and size limits are enforced, the amount of memory shouldn't be the cause (or the Why?). Thoughts?
So if we can define a buffer and buffer overflow as:
Buffers are areas of memory set aside to hold data, often while moving it from one section of a program to another, or between programs. Buffer overflows can often be triggered by malformed inputs; if one assumes all inputs will be smaller than a certain size and the buffer is created to be that size, then an anomalous transaction that produces more data could cause it to write past the end of the buffer. If this overwrites adjacent data or executable code, this may result in erratic program behavior, including memory access errors, incorrect results, and crashes.
Then D is incorrect because it is not the cause of the buffer overflow. It might be A cause, but not always THE cause. If we are just looking for a cause then A (per the answer provided and highlighted in bold above) and B are correct also.
C would be incorrect because it is not why a buffer overflows, just a possible attack vector. Even if it is a very popular attack vector it is not why a buffer overflows.
B is correct but it is not why the buffer overflows. Yes checking input length can prevent buffer overflows, but it is not why the buffer overflowed. Chicken and egg theory.
A is the most correct answer to me, even if poorly worded. The correct statement would be because buffers can only hold the amount of data they are allocated to hold.
So technically buffers overflow because more data is input than was allocated for, and answer a is the only answer that is 100% true. Answer B is a preventative measure and can eliminate A but per definition, A is still more correct. C is incorrect and D might cause an overflow but is not the cause of 100% of an overflow.
I agree with others that it is a horrible question.