CISSP PRACTICE QUESTIONS – 20200609

Effective CISSP Questions

You are the instructor conducting the security awareness training of your company. You are giving examples of social engineering attacks, which of the following is the best example of a user’s behavior that might lead to a threat scenario that the threat source has the lowest costs to collect information about system configurations?
A. Post job positions on online job portals
B. Share photos on social media
C. Explore an unknown USB dongle on computers
D. Share emails with colleagues


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Post job positions on online job portals.

Baiting and Phishing

Both creating phishing emails and leaving an infected USB dongle as a baiter take much effort and costs. Attackers typically have to create phishing emails and bogus servers for phishing and buy and prepare a USB dongle with malicious software and control and command servers.

Job Positions

Job Positions_Configurations

Source: indeed.com

Sharing Photos

Sharing photos, e.g., family, office, or school photos, disclose your privacy, biological characteristics, kids, office settings, surroundings, posters, and so forth. However, it may not disclose system configurations directly.

It may hinder physical security because of the disclosure of the office layout and surroundings. Your photo can be used to train AI models for facial recognition. In an Agile workspace, as the following photo shows, the situation is getting worse if photos are shared publicly.

TDDandPairingAtMenlo

Source: AgileForAll

Reference


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Leave a Reply