Practice Questions - Page 7

rslade · ‎02-03-2019

Right.

For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"

The answer is, none of them.

I have looked at an awful lot of practice question sets, and they are uniformly awful. Most try to be "hard" by bringing in trivia: that is not representative of the exam. Most concentrate on a bunch of facts: that is not representative of the exam.

So, from my own stash, collected and developed over the decades, I'm going to give you some samples that do represent the types of questions that you will probably see on the exam. Note that none of these questions will appear on the exam. You can't pass the CISSP exam by memorizing a brain dump. These will just give you a feel.

For each question I'll give the answer, what type of question this represents, and possibly ways to approach this type of question.

I'll be doing this over time, "replying" to this post to add questions. Others are free to add sample questions if they wish, but be ready to be (possibly severely) critiqued.

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

dcontesti · ‎01-21-2020

@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

In an exam situation, I probably would pick either a or b.

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

Did you feedback to (ISC)2 that the question may be problematic?

Regards

d

Vigenere · ‎01-22-2020

@dcontesti
What is the reasoning that would ultimately lead you to deem Availability as the least important?

I totally agree on the question not being framed properly. My concern is, how many such badly posed questions will I find in the exam?

"I have no special talent. I am only passionately curious."

dcontesti · ‎01-22-2020

@dcontesti wrote:
@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?
WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

In an exam situation, I probably would pick either a or b.

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

Did you feedback to (ISC)2 that the question may be problematic?

Regards

d

@Vigenere

You asked why I would choose Availability as my answer.

As the question is worded in MHO, I chose Availability.

Rationale:

Non-repudiation - even though it is about ensuring the signature (sender) is really about integrity

Message Integrity - goes without saying is also about integrity

Access restriction - again (in my mind) is another form of integrity. Ensuring that admins can restrict access to emails based on either IDs or IPs.

As stated, when I looked at the options, I was left with non-repudiation and availability. Given the question to me (again MHO) seemed to about integrity I chose Availability.

I did not mean to imply that I think it is the right answer but in an exam situation, given less than a minute to read and choose, that is the answer that I would pick.......

Hope that explains why I chose the way I did.

d

Vigenere · ‎01-22-2020

@dcontesti

Pardon me, what do you mean by MHO?

To me this question is equivalent to

When choosing a new car, which of the following is least important?

- Engine
- The car actually functioning
- Transmission
- Fuel consumption

"I have no special talent. I am only passionately curious."

dcontesti · ‎01-22-2020

@Vigenere

Sorry MHO = my humble opinion

Never meant to imply it was a good question.

As you said this was the Official CISSP app let's ask @AndreaMoore to pass to the appropriate internal department for their comment on the question. Is that possible?

Regards

AndreaMoore · ‎01-23-2020

I have passed this along to our education department. I will let you know if I receive a response.

Thanks,

Andrea

ISC2 Community Manager

rslade · ‎01-24-2020

OK, an easy one to get back on track:

The act of validating a user with a unique identifier is called

a. identification
b. authorization
c. authentication
d. registration

Answer: c.

(Reference: Gasser, Morrie, Building a Secure Computer System, New York: Nostrand Reinhold, 1988, pg 23)

The key word here is "validating."

Answer a - identification is the process of telling the system the alleged identity of a subject.
Answer b - authorization is the process of granting rights to a subject.
Answer c - authentication is the process of validating a subject.
Answer d - registration of a subject does not, necessarily, validate an identity claimed.

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

AndreaMoore · ‎01-24-2020

@dcontesti wrote:

@Vigenere wrote:
Hello, today in the official CISSP app I have encountered the following question

Q: When you're designing a security system for Internet-delivered email, which of the following is least important?

- Nonrepudiation
- Availability
- Message Integrity
- Access restriction

How would you answer?

WOW, I would say all four of them as important and would be hard pressed to choose one over the other.

In an exam situation, I probably would pick either a or b.

And given some consideration, non-repudiation on internet mail is also critical (I need some guarantee that the authenticity of the signature). So in my case, I probably would answer B.

I am going to suggest that this is just a bad question that 1) is not framed properly for the reader to choose, 2) may or may not have a valid reference and 3) may be subjective on the part of the reader.

Did you feedback to (ISC)2 that the question may be problematic?

Regards

d

The Education department has received this commentary and provided this:

In the future, you can submit errata on various products by going to the links below.

ISC2 Community Manager

dcontesti · ‎01-24-2020

@AndreaMoore Thank you for passing along to the appropriate department and the response.

@Vigenere You now have a venue to report the question as being incorrect.

Hope this helps

d

Vigenere · ‎01-26-2020

Thank you @AndreaMoore. Does this mean that they acknowledge the question being badly posed or the answer incorrect?

"I have no special talent. I am only passionately curious."