I personally don't like this question. it boggles my brain. I got this question from a WhatsApp group to which I have subscribed and they send me questions every day. so they have 3 levels, beginner, intermediate and advanced. I chose only advanced questions. perhaps I should just unsubscribe it. 

 

 

@kamalamalhotra Try to adopt a relaxed approach when preparing for an exam, with the CISSP exam it’s good to member that it’s “an inch deep and a mile wide”. You’ll be tested on you ability to interpreted, and apply judgement.

 

Read Security Engineering by Ross Anderson, plus select from https://www.isc2.org/certifications/References plus keeping your chin up - if you can go through the CBK and be really honest in your self assessment against the domains you can then direct your reading to cover you gaps, read, make notes, defocus for a while then look at your notes, what do you not understand? Drill into that and repeat.

 

 

In what way does the Rivest-Shamir-Adleman algorithm differ from the Data
Encryption standard?

a. It is based on a symmetric algorithm.
b. It uses a public key for encryption.
c. It eliminates the need for a key-distribution center.
d. It cannot produce a digital signature.

Answer: b.

Reference: Applied Cryptography; Bruce Schneter; pg 467, 270.

“a.” is wrong because it is based on an asymmetric algorithm.
“b” the RSA algorithm was the first full-fledged public-key algorithm that is used
for encryption and digital signatures.
“c.” is wrong because often a third party creates & distributes the key pairs;
thereby acting as a key distribution center.
“d.” is wrong because it can produce a digital signature.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

All,

 

Thank you for all the robust exchanges and discussions in this thread. We greatly appreciate your efforts to share your knowledge and your desire to help candidates seeking certification and (ISC)² membership. We need to be mindful that no community user commenting on this thread is privy to (ISC)² Exam Items. Any member attending Exam Writing Workshops agrees to not disclose contributions they make to the evolution of the exams. Moreover, any candidate taking an (ISC)² exam agrees to not disclose Exam Items with which they are evaluated. Sharing Exam Items on the Community is also a violation of Community Guidelines. 

 

Since this Community is an (ISC)² property, we want to stress that that the questions proposed here are the creation of our Community Users. They should not be viewed by candidates as endorsed official educational materials aligned to any of the (ISC)² CBKs. @rslade made this clear in his original post, but that was at the start of this very long thread. 

 

Please make this clear in all future posts about possible cybersecurity topics or challenge questions you – as a professional – feel candidates should be able to address. To assist, we have drafted a possible statement for you to use when posing challenge questions to other users.

 

This question should not be viewed as an official sample question or an example of any item you may experience on an (ISC)² exam. It is being shared as an example of subject matter I feel a candidate for (ISC)² certification should be comfortable addressing. 

 

Finally, to avoid any confusion or misrepresentation, we are changing the name of this discussion thread from “CISSP questions” to “Practice Questions.”

 

Thank you all for your cooperation and for this very popular discussion.

@rslade, I appreciate all these questions.  I am scheduled to take the exam next week and have been studying with the ISC2 Official Study Guide and Exam Prep, All-in-One CISSP, Boson, Pluralsight, Cybrary, etc.  I love how your question require thought rather than a vocab test.  Do you have any questions around SAML and SSO?

> Baller152 (Viewer II) mentioned you in a post! Join the conversation below:

> @rslade, I appreciate all these questions.

Kind of you to say so.

>  I am scheduled to take the exam
> next week and have been studying with the ISC2 Official Study Guide and Exam
> Prep, All-in-One CISSP, Boson, Pluralsight, Cybrary, etc.  I love how your
> question require thought rather than a vocab test.

The thing is, as you say, most of the so-called "practice" tests you see on the
market are, again, as you say, vocab or trivia tests. The CISSP exam is not. It
concentrates on your understanding of the concepts.

>  Do you have any questions
> around SAML and SSO?

Well, we could start off with:

Which of the following could be considered a single point of failure within single
sign-on?

a. The user’s workstation
b. The authentication server
c. The application server
d. The login script

Answer: b.

Reference: Mastering Network Security; Brenton; pg 393-394.

Discussion:

Answer a - the user could use any available workstation.
Answer b - the authentication server is a single point of failure.
Answer c - the application could reside on the application server or multiple
workstations.
Answer d - the logon script & configuration files can be backed up.

In terms of SAML, again, think of the basic concepts. You shouldn't have to
memorize every little detail of SAML: just know that it uses asymmetric
encyption, has an identity provider (aka KDC in Kerberos), and uses Assertion
Consumer Service (aka tickets).

(There's another SSO question earlier in this topic.)

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

The SAML & SSO related questions I got when I took in January were right in line with what rslade said, as were most others, know the process and the pieces involved at each step.

 

The Sybex guide's Practice Tests were the best for me; and, even if you didn't buy the separate Practice Tests book you can access 900 questions and 700 flashcards online through Wiley. I don't remember the exact site, but it is in your Study Guide. You just have to have your book handy because they may ask you to verify purchase by entering text from a certain page# & line#, unless you have a code for it. I spent the last week just taking those tests and then doing independent research on the areas I felt I was lacking. I also suggest using the advanced search tools/features of whatever search site you like to get results from within the last 1-2 years initially, then expand that if needed.

 

Good luck!