CISSP PRACTICE QUESTIONS – 20210107

Effective CISSP Questions

SAML and OIDC are commonly found in federated authentication. Which of the following statements about federated authentication is not true?
A. SAML assertions can be viewed as equivalent to OIDC claims.
B. The access token of a subject is trusted and passed across security domains.
C. A user registers only one account in the federated domains to fulfill single sign-on (SSO).
D. The relying party refers to the service provider in SAML or the OAuth2 client using OIDC.

Continue reading

CISSP PRACTICE QUESTIONS – 20210106

Effective CISSP Questions

Mandatory Access Control (MAC) and Discretionary Access Control (DAC) are well-known authorization mechanisms introduced in the Trusted Computer System Evaluation Criteria (TCSEC). Which of the following statements about the authorization mechanisms is not true?
A. MAC can exist alone without DAC
B. Privileges granted by the data owner can be reauthorized to others in DAC.
C. A subject with mere security clearance gets no access to objects.
D. MAC mediates the data flow between classification levels.

Continue reading

CISSP PRACTICE QUESTIONS – 20210104

Effective CISSP Questions

You are conducting the risk assessment and have identified several risks. Which of the following best describes the risk in your risk register?
A. Natural hazards like earthquakes, floods, etc.
B. Script kiddies using open source tools to play SQL injections against web sites
C. Employees carelessly attending training may result in frequent violations of security policy
D. Human life losses

Continue reading

CISSP PRACTICE QUESTIONS – 20210102

Effective CISSP Questions

You registered a new user account, activated through confirming a short message sent to your mobile phone on a website. Whenever you are signing in, the website will send an authentication code to your mobile phone after receiving the username and password and verify your response to complete the sign-in process. Which of the following best describes the authentication mechanism?
A. Zero-knowledge proof
B. One-factor authentication
C. Two-factor authentication
D. Challenge-Handshake Authentication Protocol (CHAP)

Continue reading

CISSP PRACTICE QUESTIONS – 20210101

Effective CISSP Questions

You are evaluating alternatives to the physical access control system of the computer room. Which of the following provides the highest level of security?
A. Press PIN code on the keypad
B. Input Employee ID and password to the keypad
C. Swipe a contact ID card and input the PIN code
D. Input Employee ID first, then scan the fingerprint

Continue reading

CISSP PRACTICE QUESTIONS – 20201231

Effective CISSP Questions

You are a member of the software development team following the waterfall model. The customer has signed off the user requirements specification. Your team has finished and is reviewing the architectural and detailed designs. To identify security flaws, which of the following is the best vehicle?
A. Common Weakness Enumeration (CWE)
B. Security Content Automation Protocol (SCAP)
C. Common Vulnerabilities and Exposures (CVE)
D. Common Vulnerability Scoring System (CVSS)

Continue reading

CISSP PRACTICE QUESTIONS – 20201230

Effective CISSP Questions

Your company has 400 employees. One-fourth of them are assembly workers; Alice is responsible for calculating their wages and storing them in the relational database table, Payrolls, which contains all the employees’ salaries. Alice learned that she received the lowest salary among all employees by submitting the SQL query, SELECT MIN(Salary) FROM Payrolls. She is complaining about this to her boss. Which of the following is the primary cause of the confidentiality issue?
A. Inference
B. Partitioning
C. Aggregation
D. Improper database normalization

Continue reading