cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Practice Questions

Right.

 

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions.  As in, "what's the best set of practice questions to use while studying for the exam?"

 

The answer is, none of them.

 

I have looked at an awful lot of practice question sets, and they are uniformly awful.  Most try to be "hard" by bringing in trivia: that is not representative of the exam.  Most concentrate on a bunch of facts: that is not representative of the exam.

 

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam.  Note that none of these questions will appear on the exam.  You can't pass the CISSP exam by memorizing a brain dump.  These will just give you a feel.

 

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

 

I'll be doing this over time, "replying" to this post to add questions.  Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
307 Replies
rslade
Influencer II

OK, an easy one:

Which of the following terms describes the phenomenon when two different
encryption keys can generate the same ciphertext from the same plaintext?

a. Weak keys.
b. Key clustering.
c. Digital signature.
d. MAC code.

Answer: b

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
MPAA calls the Internet going dark in protest of SOPA `An abuse
of power.' In related news, the Eye of Sauron accuses Hobbits of
terrorism. - twitter.com/#!/beach_fox/status/159579304647331840
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

What is the PRIMARY purpose for using one-way encryption of user passwords within the system?

 

a. It prevents anyone from reading passwords in plaintext.
b. It avoids the excessive processing time that would be required by a symmetric encryption algorithm.
c. It minimizes the amount of primary and secondary storage required to store user passwords.
d. It facilitates the security administrator's investigation in cases where unauthorized uses of a password are suspected.

 

answer: a


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Baller152
Newcomer I

@rslade , I just wanted to say thanks for posting these questions again.  I passed my CISSP this morning with 30 questions to spare.

Startzc
Newcomer III

Congratulations Baller152

rslade
Influencer II

> Baller152 (Newcomer I) mentioned you in a post! Join the conversation below:

> @rslade , I just wanted to say thanks for posting these questions again.  I
> passed my CISSP this morning with 30 questions to spare.

Congrats!

Quite welcome.

Which of the following describes a cryptographic one-way function?

a. A mathematical process that involves the transformation of data, usually with
encryption related routines, into a quantity that cannot then be used to recover
the original data.
b. An iterative process that computes a value from a particular data unit in a
manner that manipulation of the data is detectable.
c. A value computed on data to detect error or manipulation during transmission.
d. A mathematical process which scrambles cleartext so that ciphertext cannot
be decoded without knowledge of the key.

Answer: a.

(Reference: Schneier, Bruce, Applied Cryptography, New York: John Wiley &
Sons, 1994, pg 27)

“b.” describes a MAC plus DES
“c.” describes a MAC or digital signature
“d.” describes basic encryption and decryption.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
kamalamalhotra
Newcomer III

congratulations. 

kamalamalhotra
Newcomer III

I am finally taking the cissp exam on 20th March 2021. 

Tags (1)
rslade
Influencer II

Who developed the public key encryption system?

a. Martin Hellman
b. David Kahn
c. Fred Cohen
d. Adi Shamir

Answer: a.

(Reference: Understanding Computers: Computer Security, Alexandria, VA, Time-
Life Books, 1987, pg 99)

David Kahn is the author of ‘easy to read guides’ on encryption and "The
Codebreakers," which is an absoutely fascinating history of cryptography, and will
teach you nothing that you actually need on the exam.
Fred Cohen is most famous for his doctoral thesis on viruses and is sort of the
grandfather of all malware research.
Shamir is one of the developers of the RSA algorithm.

In reality, Ralph Merkle developed asymmetric encryption at about the same time
as Diffie and Hellman, but couldn't get it published because an editor thought it
wasn't "interesting." And both were pipped by the guys from the UK's GCHQ who
developed it five years earlier, weren't allowed to tell anyone--and couldn't figure
out what to use it for.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
A civilization flourishes when people plant trees under which
they will never sit.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
dcontesti
Community Champion

@rslade wrote:

 

Who developed the public key encryption system?

a. Martin Hellman
b. David Kahn
c. Fred Cohen
d. Adi Shamir

Answer: a.

 

Rob,

 

Not to be critical, this is great historical information but I don;t think a good exam question.  It is pure knowledge.

 

My nickel Canadiana

 

d

 

denbesten
Community Champion


@dcontesti wrote:

@rsladewrote:

 

Who developed the public key encryption system?

Not to be critical, this is great historical information but I don;t think a good exam question.  It is pure knowledge.


My initial reaction too.  I was somewhat "calmed down" when I realized that it plays into the importance of associating "Diffie-Hellman Key Exchange" with "Public Key Encryption".  That said, I concur that it probably would best be rewritten to not appear quite so much like trivia question.