Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. FCoE, MPLS, iSCSI, and VoIP are common converged protocols. Which of the following is the protocol dealing with signaling in VoIP?
A. Real-time Transport Protocol (RTP)
B. Real-Time Streaming Protocol (RTSP)
C. Session Initiation Protocol (SIP)
D. Media Gateway Control Protocol (MGCP)
Monthly Archives: March 2020
CISSP PRACTICE QUESTIONS – 20200331
Which of the following is the best construct that reduces data redundancy in the relational database?
A. Foreign key constraints
B. Database normalization
C. Primary key constraints
D. Data types and domain restriction
CISSP PRACTICE QUESTIONS – 20200330
iSCSI is a standard for linking data storage facilities over an ordinary IP network to transport block-level data. A file server connects to a SAN (Storage Area Network) storage through iSCSI. Which of the following roles is the file server?
A. Initiator
B. Target
C. HBA (Host Bus Adapter)
D. NAS Client
CISSP PRACTICE QUESTIONS – 20200329
Buffer overflow is one of the most common attacks. Which of the following does the “buffer” mean?
A. Small memories on or close to the CPU, e.g., cache or registers
B. Areas of the main memory, e.g., stack or heap
C. The embedded memory in a hard disk drive
D. The memory reserved for DNS entries
CISSP PRACTICE QUESTIONS – 20200328
A desktop computer sends an IP packet to the destination, 192.168.1.15/28. Which of the following devices most likely ignores or drops the packet?
A. Bridge
B. Switch hub
C. Router
D. Firewall
CISSP PRACTICE QUESTIONS – 20200327
Your company decides to sell toys online and ships globally. An in-house software development team is responsible for developing the online shopping website, and a software testing strategy is under consideration. Which of the following statement about software testing is true?
A. Unit testing is an automated black-box testing technique
B. User interface testing is black-box testing that requires manual data input
C. Fuzzing testing is a passive automated testing technique
D. Synthetic testing is a dynamic automated testing technique
Continuity and Resilience
Continuity of activities and resilience to changes are two distinct levels of organization’s ability.
- Continuity is the capability to prevent, endure, and recover from disruptions to sustain activities.
- Resilience is the “ability to absorb and adapt in a changing environment.” (ISO 22300:2018) The DHS Risk Lexicon adds on, “resilience is the ability to quickly adapt and recover from any known or unknown changes to the environment.”
“Continuity management is essentially returning a business to ‘business as usual’, and nothing more. Resilience… not only enables organizations to continue with business as usual, but also to learn, progress and flourish… which will likely involve transformation.” (Bhamra, 2015)
“In short, business continuity returns us to where we were before an incident but a resilient organization will evolve and grow from the incident.” (Massie, 2018).
References
- Bhamra, R. (2015). Organisational Resilience: Concepts, Integration, and Practice. CRC Press.
- Massie, R. (2018, August 29). What is Organizational Resilience? Retrieved from The Business Continuity Institute: https://www.thebci.org/news/what-is-organizational-resilience.html
CISSP PRACTICE QUESTIONS – 20200326
You bought a new wireless display adapter plugged in a TV set to which you can project your laptop screen for presentation. Your laptop connects to the adapter via WIFI peer to peer without an access point. Which of the following modes is used for wireless transmission?
A. Stand-alone mode
B. Bridge mode
C. Ad-hoc mode
D. Wireless extension mode
CISSP PRACTICE QUESTIONS – 20200325
You bought a new mobile phone and tried to transfer contents from the old one using the transfer utility provided by the manufacturer. It transfers the contents via WIFI peer to peer without an access point. Which of the following is most likely used for wireless identification?
A. Automatic Private IP Addressing (APIPA)
B. Private IP addresses defined in RFC 1918
C. Media Access Control (MAC) Address
D. Manufacturing series number
CISSP PRACTICE QUESTIONS – 20200324
Your company, based in Taiwan and accredited with ISO 27001, sells toys online and ships globally. After conducting penetration testing, as part of the risk assessment, your company finished implementing honeypots solutions as security controls to deter and detect intruders. As a security professional, which of the following upcoming activities will you suggest your company do first?
A. Conduct risk assessment
B. Research applicable laws and regulations
C. Implement consent banners and harden the honeypots to avoid entrapment
D. Create policies that define and clarify the goal of the honeypot system