CISSP Practice Questions: Notes
CISSP Practice Questions – Notes Please explain the first 6 practice questions on pages 1 &2 with respect to wrong answers, most are highlighted in red. Please explain the correct answer and why my choices are not correct. Thank you, Bonnie M.
[1]
[2]
[3] I answered “C”, a MAC address; however, the correct answer is “B”, an IPv6 address. Please explain.
[4] An IT Manager has requested that specific files stored on the company SAN containing data which is not protected by patent law, but is classified as trade secret encrypted with a block cipher which is both secure and fast. Which of the following BEST satisfies the request?
a) Blowfish
b) MD5
c) Triple-DES
d) RC4
[5] An administrator uses an iSCSI unencrypted connection over the corporate network. Which of the following vulnerabilities would be present in regards to iSCSI authentication?
a) Authentication uses the older TACACS protocol and is vulnerable to a botnet attack.
b) Authentication is vulnerable to a dictionary attack.
c) iSCSI uses LDAP authentication in plain text, which can be easily compromised.
d) Kerberos authentication would not be supported on Linux hosts.
[6] Given this list of 4 firewall rules: what firewall rule protects from a distributed denial of service attack? Please explain the correct answer, choice “4” is wrong.
1. Allow echo reply outbound
2. Allow echo request outbound
3. Drop echo request inbound
4. Allow echo reply inbound
IP Sec & Layer 2 tunneling protocol operate at layers 2 & 3. SSL & TLS operate at layers 4&5. SSL xqt layer 7; X.509 is a certificate protocol.
Data in transit requires protection.
FW control traffic & the VPN concentrator supports secure remote sessions.
UDP has a protocol ID of 17; ICMP has 1; ESP is 50. AH has a value of 51 in the IP hdr protocol field. TCP has a value of 6 for the protocol field in an IP hdr. Port # for HTTP over SSL = 443;
HTTP port = 80; SSH port = 22;
[1]
[2]
[3] I answered “C”, a MAC address; however, the correct answer is “B”, an IPv6 address. Please explain.
[4] An IT Manager has requested that specific files stored on the company SAN containing data which is not protected by patent law, but is classified as trade secret encrypted with a block cipher which is both secure and fast. Which of the following BEST satisfies the request?
a) Blowfish
b) MD5
c) Triple-DES
d) RC4
[5] An administrator uses an iSCSI unencrypted connection over the corporate network. Which of the following vulnerabilities would be present in regards to iSCSI authentication?
a) Authentication uses the older TACACS protocol and is vulnerable to a botnet attack.
b) Authentication is vulnerable to a dictionary attack.
c) iSCSI uses LDAP authentication in plain text, which can be easily compromised.
d) Kerberos authentication would not be supported on Linux hosts.
[6] Given this list of 4 firewall rules: what firewall rule protects from a distributed denial of service attack? Please explain the correct answer, choice “4” is wrong.
1. Allow echo reply outbound
2. Allow echo request outbound
3. Drop echo request inbound
4. Allow echo reply inbound
IP Sec & Layer 2 tunneling protocol operate at layers 2 & 3. SSL & TLS operate at layers 4&5. SSL xqt layer 7; X.509 is a certificate protocol.
Data in transit requires protection.
FW control traffic & the VPN concentrator supports secure remote sessions.
UDP has a protocol ID of 17; ICMP has 1; ESP is 50. AH has a value of 51 in the IP hdr protocol field. TCP has a value of 6 for the protocol field in an IP hdr. Port # for HTTP over SSL = 443;
HTTP port = 80; SSH port = 22;