CISSP PRACTICE QUESTIONS – 20200930

Effective CISSP Questions

Alice, an administrator of a standalone web server, activated the login window by pressing the key combination Ctrl+Alt+Del and logged into the server using her local user account through challenge-response authentication protocol. To which of the following attack is the server most subject?
A. Side channel 
B. Kerberos exploitation
C. Pass the hash
D. Fault injection

Continue reading

CISSP PRACTICE QUESTIONS – 20200929

Effective CISSP Questions

After activating the login window and logging in your PC, you are visiting your bank’s website, https://BankOfEffectiveCISSP.com, and transferring funds from one bank account to the other. The transaction shall be authenticated and authorized by typing in the authentication code and swiping the ATM card. Which of the following does not happen in this scenario?
A. Side channel 
B. Covert channel
C. Trusted path
D. Trusted channel

Continue reading

CISSP PRACTICE QUESTIONS – 20200925

Effective CISSP Questions

Which of the following statements about user and entity behavior analytics (UEBA) is not true?
A. UEBA collects live data from various sources, as SIEM does.
B. UEBA analyzes user behavior only, while SIEM monitors network device activities.
C. UEBA detects potential insider threats and compromised accounts.
D. UEBA sends alerts and reduces false positives.

Continue reading

CISSP PRACTICE QUESTIONS – 20200924

Effective CISSP Questions

Threat feeds convey a large quantity of data, including Indicators of Compromise (IoCs), pieces of forensic data that identify potentially malicious activities. Security analysts analyze, enrich, and turn them into threat intelligence, and security teams use them to look for persistent threats and recently discovered or zero-day exploits. Which of the following indicators provided by threat feeds provides the most value?
A. Host Artifacts
B. Domain Names
C. Hash Values
D. Tools

Continue reading

CISSP PRACTICE QUESTIONS – 20200923

Effective CISSP Questions

Bob is suffering from allegations of sexual harassment by Alice. His company receives the complaint and is considering an investigation to determine if he is responsible. If so, disciplinary action will be taken. As an investigator, which of the following is least likely to happen in the investigation?
A. Dismiss the case
B. Determine powers of investigation
C. Ask for Bob’s legal representation
D. Gather evidence

Continue reading

CISSP PRACTICE QUESTIONS – 20200921

Effective CISSP Questions

Alice and Bob work together to develop a log parser using C++.  Alice is linking the main program with the modules in object code developed by Bob. The log parser loads all the dependent modules when it starts. Which of the following best describes the role of Bob’s modules?
A. Software Development Kit (SDK)
B. Runtime library
C. Static library
D. Application Programming Interface (API)

Continue reading