CISSP - Question Bank 02

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start
Q1. What is used to keep subjects accountable for their actions while they are authenticated to a system?

A. Access controls
B. Monitoring
C. Account lockout
D. Performance reviews

View Answer
The Correct Answer is B.
Explanation: Accountability is maintained by monitoring the activities of subject and objects as well as of core system functions that maintain the operating environment and the security mechanisms.
Q2. Which of the following tools is the most useful in sorting through large log files when searching for intrusion-related events?

A. Text editor
B. Vulnerability scanner
C. Password cracker
D. IDS

View Answer
The Correct Answer is D.
Explanation: In most cases, when sufficient logging and auditing is enabled to monitor a system, so much data is collected that the important details get lost in the bulk. For automation and real-time analysis of events, an intrusion detection system (IDS) is required.
Q3. An intrusion detection system (IDS) is primarily designed to perform what function?

A. Detect abnormal activity
B. Detect system failures
C. Rate system performance
D. Test a system for vulnerabilities

View Answer
The Correct Answer is A.
Explanation: An IDS automates the inspection of audit logs and real-time system events to detect abnormal activity. IDSs are generally used to detect intrusion attempts, but they can also be employed to detect system failures or rate overall performance.
Q4. IDSs are capable of detecting which type of abnormal or unauthorized activities? (Choose all that apply.)

A. External connection attempts
B. Execution of malicious code
C. Unauthorized access attempts to controlled objects
D. None of the above

View Answer
The Correct Answers are A, B and C.
Explanation: IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.
Q5. Which of the following is true for a host-based IDS?

A. It monitors an entire network.
B. It monitors a single system.
C. It’s invisible to attackers and authorized users.
D. It’s ineffective on switched networks.

View Answer
The Correct Answer is B.
Explanation: A host-based IDS watches for questionable activity on a single computer system. A networkbased IDS watches for questionable activity being performed over the network medium, can be made invisible to users, and is ineffective on switched networks.
Q6. Which of the following types of IDS is effective only against known attack methods?

A. Host-based
B. Network-based
C. Knowledge-based
D. Behavior-based

View Answer
The Correct Answer is C.
Explanation: A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.
Q7. Which type of IDS can be considered an expert system?

A. Host-based
B. Network-based
C. Knowledge-based
D. Behavior-based

View Answer
The Correct Answer is D.
Explanation: A behavior-based IDS can be labeled an expert system or a pseudo artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events.
Q8. Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data?

A. IDS
B. Honey pot
C. Padded cell
D. Vulnerability scanner

View Answer
The Correct Answer is B.
Explanation: Honey pots are individual computers or entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honey pots tempt intruders with unpatched and unprotected security vulnerabilities as well as attractive and tantalizingbut faux data.
Q9. When a padded cell is used by a network for protection from intruders, which of the following is true?

A. The data offered by the padded cell is what originally attracts the attacker.
B. Padded cells are a form of entrapment.
C. The intruder is seamlessly transitioned into the padded cell once they are detected.
D. Padded cells are used to test a system for known vulnerabilities.

View Answer
The Correct Answer is C.
Explanation: When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.
Q10. Which of the following is true regarding vulnerability scanners?

A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.

View Answer
The Correct Answer is C.
Explanation: Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.
Q11. When using penetration testing to verify the strength of your security policy, which of the following is not recommended?

A. Mimicking attacks previously perpetrated against your system
B. Performing the attacks without managements consent
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

View Answer
The Correct Answer is B.
Explanation: Penetration testing should be performed only with the knowledge and consent of the management staff. Unapproved security testing could result in productivity loss or trigger emergency response teams. It could even cost you your job.
Q12. Which of the following attacks is an attempt to test every possible combination against a security feature in order to bypass it?

A. Brute force attack
B. Spoofing attack
C. Man-in-the-middle attack
D. Denial of service attack

View Answer
The Correct Answer is A.
Explanation: A brute force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols.
Q13. Which of the following is not a valid measure to take to improve protection against brute force and dictionary attacks?

A. Enforce strong passwords through a security policy.
B. Maintain strict control over physical access.
C. Require all users to log in remotely.
D. Use two-factor authentication.

View Answer
The Correct Answer is C.
Explanation: Strong password policies, physical access control, and two-factor authentication all improve the protection against brute force and dictionary password attacks. Requiring remote logons has no direct affect on password attack protection; in fact, it may offer sniffers more opportunities to grab password packets from the data stream.
Q14. Which of the following is not considered a denial of service attack?

A. Teardrop
B. Smurf
C. Ping of death
D. Spoofing

View Answer
The Correct Answer is D.
Explanation: Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Teardrop, Smurf, and ping of death are all DoS attacks.
Q15. A SYN flood attack works by what mechanism?

A. Exploiting a packet processing glitch in Windows 95
B. Using an amplification network to flood a victim with packets
C. Exploiting the three-way handshake used by TCP/IP
D. Sending oversized ping packets to a victim

View Answer
The Correct Answer is C.
Explanation: A SYN flood attack is waged by breaking the standard three-way handshake used by TCP/IP to initiate communication sessions. Exploiting a packet processing glitch in Windows 95 is a Win-Nuke attack. The use of an amplification network is a Smurf attack. Oversized ping packets are used in a ping of death attack.
Q16. Which of the following attacks sends packets with the victim’s IP address as both the source and destination?

A. Land
B. Spamming
C. Teardrop
D. Stream

View Answer
The Correct Answer is A.
Explanation: In a land attack, the attacker sends a victim numerous SYN packets that have been spoofed to use the same source and destination IP address and port number as the victim’s. The victim then thinks it sent a TCP/IP session-opening a packet to itself.
Q17. In what type of attack are packets sent to a victim using invalid resequencing numbers?

A. Stream
B. Spamming
C. Distributed denial of service
D. Teardrop

View Answer
The Correct Answer is D.
Explanation: In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (i.e., resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.
Q18. Spoofing is primarily used to perform what activity?

A. Send large amounts of data to a victim.
B. Cause a buffer overflow.
C. Hide the identity of an attacker through misdirection.
D. Steal user accounts and passwords.

View Answer
The Correct Answer is C.
Explanation: Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.
Q19. Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because enough data is sent to the victim to prevent legitimate activity, it is also known as what?

A. Sniffing
B. Denial of service
C. Brute force attack
D. Buffer overflow attack

View Answer
The Correct Answer is B.
Explanation: A spamming attack is a type of denial of service attack. Spam is the term describing unwanted e-mail, newsgroup, or discussion forum messages. It can be an advertisement from a well-meaning vendor or a floods of unrequested messages with viruses or Trojan horses attached.
Q20. What type of attack occurs when malicious users position themselves between a client and server and then interrupt the session and takes it over?

A. Man-in-the-middle
B. Spoofing
C. Hijack
D. Cracking

View Answer
The Correct Answer is C.
Explanation: In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.
Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com