CISSP Exam Questions for Self-Study (Domain 3)

Note:  Pardon the messiness of the questions.  These questions come from my podcast and will be cleaning the questions up over the coming weeks.

Question:  001

Pick the best possible answer:

  • Open networks are much more secure than closed networks because you can ensure all patches and vulnerabilities are updated and secure.
  • Closed networks are much more secure than open networks because they are separated/segregated from all network security risks.
  • Open networks are mostly more secure than closed networks because there still may be risk, but they are better maintained than the closed network.
  • Closed networks are mostly more secure than open networks because the ability of the attacker to circumvent the separated/segregated systems is more complex and difficult. 

Answer:  [d] Closed networks, when properly configured, do offer somewhat better security due to the separation/segregation from the business network.  This benefit can be quickly lost, if proper security protocols and mechanisms are not enforced and maintained. 

Source:  ShonGerber Training Courses

 

------------------------------------

Pick the best possible answer:

  • Open networks are much more secure than closed networks because you can ensure all patches and vulnerabilities are updated and secure.
  • Closed networks are much more secure than open networks because they are separated/segregated from all network security risks.
  • Open networks are mostly more secure than closed networks because there still may be risk, but they are better maintained than the closed network.
  • Closed networks are mostly more secure than open networks because the ability of the attacker to circumvent the separated/segregated systems is more complex and difficult

[d] Closed networks are mostly more secure than open networks because the ability of the attacker to circumvent the separated/segregated systems is more complex and difficult.

Explanation: Closed networks, when properly configured, do offer somewhat better security due to the separation/segregation from the business network.  This benefit can be quickly lost, if proper security protocols and mechanisms are not enforced and maintained. 

 

-------------

 The Trusted Computing Base (TCB) is:

  1. A set of rules that all software/hardware/controls developers should use, but it is only a suggestion.
  2. The foundation for creating secure code in your software / hardware / controls and is part of the Rainbow series of books designed to create consistent standard for computing.
  3. It was created by the Department of Homeland Security and is not always the most trustworthy
  4. The Trusted Computing Based was designed to only control and/restrict access inside TCB components.

[b] The Trusted Computing Based was designed to only control and/restrict access inside TCB components.

Explanation: The TCB is considered the foundation for created secure code for both software and hardware developers. It was designed by the US Department of Defense as the Orange Book/Trusted Computer System Evaluation Criteria (TCSEC).  It is designed so that systems will meet design specifications when created and developed.

----------

 

What is the most advanced cryptographic key length used in the Advanced Encryption Standard?

  • 56 bits
  • 128 bits
  • 192 bits
  • 256 bits

[d] 256 bits

  1. Explanation: The most advanced AES encryption cipher used is 256 bits.  

 ---------

Fred recently received an email from Bill in his inbox. What goal would need to be achieved to ensure Fred that the email is legitimate and has not been spoofed.

  1. Confidentiality
  2. Nonrepudiation
  3. Integrity
  4. Availability

[b] Nonrepudiation

  1. Explanation: [b] Nonrepudiation does not allow the sender to transmit a message and then to deny that it was sent by them.

 ---------

What of the following as it relates to the Trusted Platform Module are true:

  1. The TPM installed within hardware is much slower than the software variant
  2. The TPM does not store the crypto keys for the system
  3. The TPM is responsible for storing and processing the crypto keys for the system and can be in software and hardware systems
  4. All of the above

 

[c] The TPM is responsible for storing and processing the crypto keys for the system and can be in software and hardware systems

Explanation: The TPM sole purpose is considered the Trusted source within the computing system and will store and process the cryptographic security keys.   Full-Disk Encryption will store the encryption keys in this location.  

---------

Select the most correct statement about the majority of Industrial Controls Systems (ICS)  

  1. ICS systems are not very significant to business operations and thus they are not well protected
  2. ICS systems are considered critical in most businesses and thus most of the security resources are dedicated to its protection
  3. ICS systems are considered critical in most businesses, but unfortunately they tend to lack the resources/controls needed to ensure they are properly protected.
  4. ICS systems are as important as any networked business system and should not get additional resources and/or attention from security professionals.

[c] ICS systems are considered critical in most businesses unfortunately, they tend to lack the resources/controls needed to ensure they are properly protected.

Explanation: Industrial Control Systems and their associated networks are considered to be vital to most organizations.  However, most companies cannot or do not commit enough resources to these systems protection

---------

 

Is it requirement for a company to pay thousands of dollars to companies that provide vulnerability scanning products or are there open source products that are just as useful?

  1. Yes - Open source vulnerability scanning products can provide significant level of value to companies, especially if there are limited resources available.
  2. No - Open source products are only as good as the developer and there is a high probability of false positives and inaccurate results.

[a] Yes - Open source vulnerability scanning products can provide significant level of value to companies, especially if there are limited resources available.

Explanation: Open source products especially vulnerability scanning products provide significant value and should be considered, especially for small networks.  

 ----------

When deploying a Mobile Device Management Solution what are some key aspects to consider?

  1. Lockout - Remote capability to unlock devices
  2. Storage Location Limitation - The ability to reduce the locations where data can be stored on the mobile device
  3. Remote Wiping - Remotely erasing/deleting all data within the mobile device
  4. All of the above

 [d] All of the above

Explanation: All of these options are critical with the proper deployment of a Mobile Device Management solution. 

 ---------

If your organization is using the Data Encryption Standard, what is the worst key length to use and why?

    1. 128 bits - This amount of bits is significantly too small and it is better to make the key length as long as possible
    2. 56 bits - This amount of bits is too small and is able to be cracked in less than 24 hours

 

[b] 56 bits - This number of bits is too small and is able to be cracked in less than 24 hours

Explanation: In 1999, the 56-bit DES key was cracked in 22 hours using technology from the era.  It can be assumed that if the 56-bit DES key could be cracked even faster today.  

----------

What is the most common types of devices used to protect the perimeter of a facility.

  1. Security Dogs
  2. Video Surveillance (CCTV)
  3. Fences
  4. Lighting

[d] Lighting

Explanation: Lighting is the most common type of device used to protect the perimeter of a facility or building.   The lighting allows for quick identification of individuals who may be attempting to gain access to your location.  

 

 

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .