• Home
  • Blogs
  • CISSP Exam Practice Questions prepared by ISC Professionals [Q563-Q581]

CISSP Exam Practice Questions prepared by ISC Professionals [Q563-Q581]

Share

CISSP Exam Practice Questions prepared by ISC Professionals

Use Valid New CISSP Questions - Top choice Help You Gain Success


The CISSP exam covers a wide range of topics, including access control, cryptography, network security, security operations, and software development security. CISSP exam consists of 250 multiple-choice questions and is administered over six hours. Candidates must achieve a passing score of 700 or higher to become certified. CISSP exam is challenging, and it requires a significant amount of preparation and study.

 

NEW QUESTION # 563
Which of the following could cause a Denial of Service (DoS) against an authentication system?

  • A. Encryption of audit logs
  • B. Hashing of audit logs
  • C. Remote access audit logs
  • D. No archiving of audit logs

Answer: C

Explanation:
Remote access audit logs could cause a Denial of Service (DoS) against an authentication system. A DoS attack is a type of attack that aims to disrupt or degrade the availability or performance of a system or a network by overwhelming it with excessive or malicious traffic or requests. An authentication system is a system that verifies the identity and credentials of the users or entities that want to access the system or network resources or services. An authentication system can use various methods or factors to authenticate the users or entities, such as passwords, tokens, certificates, biometrics, or behavioral patterns.
Remote access audit logs are records that capture and store the information about the events and activities that occur when the users or entities access the system or network remotely, such as via the internet, VPN, or dial-up. Remote access audit logs can provide a reactive and detective layer of security by enabling the monitoring and analysis of the remote access behavior, and facilitating the investigation and response of the incidents.
Remote access audit logs could cause a DoS against an authentication system, because they could consume a large amount of disk space, memory, or bandwidth on the authentication system, especially if the remote access is frequent, intensive, or malicious. This could affect the performance or functionality of the authentication system, and prevent or delay the legitimate users or entities from accessing the system or network resources or services. For example, an attacker could launch a DoS attack against an authentication system by sending a large number of fake or invalid remote access requests, and generating a large amount of remote access audit logs that fill up the disk space or memory of the authentication system, and cause it to crash or slow down.
The other options are not the factors that could cause a DoS against an authentication system, but rather the factors that could improve or protect the authentication system. Encryption of audit logs is a technique that involves using a cryptographic algorithm and a key to transform the audit logs into an unreadable or unintelligible format, that can only be reversed or decrypted by authorized parties. Encryption of audit logs can enhance the security and confidentiality of the audit logs by preventing unauthorized access or disclosure of the sensitive information in the audit logs. However, encryption of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the integrity or privacy of the audit logs. No archiving of audit logs is a practice that involves not storing or transferring the audit logs to a separate or external storage device or location, such as a tape, disk, or cloud. No archiving of audit logs can reduce the security and availability of the audit logs by increasing the risk of loss or damage of the audit logs, and limiting the access or retrieval of the audit logs.
However, no archiving of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the availability or preservation of the audit logs. Hashing of audit logs is a technique that involves using a hash function, such as MD5 or SHA, to generate a fixed-length and unique value, called a hash or a digest, that represents the audit logs. Hashing of audit logs can improve the security and integrity of the audit logs by verifying the authenticity or consistency of the audit logs, and detecting any modification or tampering of the audit logs.
However, hashing of audit logs could not cause a DoS against an authentication system, because it does not affect the availability or performance of the authentication system, but rather the integrity or verification of the audit logs.


NEW QUESTION # 564
Which of the following biometric devices offers the LOWEST CER?

  • A. Iris scan
  • B. Voice verification
  • C. Keystroke dynamics
  • D. Fingerprint

Answer: A

Explanation:
From most effective (lowest CER) to least effective (highest CER) are:
Iris scan, fingerprint, voice verification, keystroke dynamics.
Reference : Shon Harris Aio v3 , Chapter-4 : Access Control , Page : 131
Also see: http://www.sans.org/reading_room/whitepapers/authentication/biometric-selection-body-
parts-online_139


NEW QUESTION # 565
Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what?

  • A. Authenticity
  • B. Non-Repudiation
  • C. Availability
  • D. Authorization

Answer: A

Explanation:
Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine or not corrupted from the original.
The following answers are incorrect:
Authorization is wrong because this refers to a users ability to access data based upon a set of credentials.
Availability is wrong because this refers to systems which deliver data are accessible when and where required by users.
Non-Repudiation is wrong because this is where a user cannot deny their actions on data they processed. Classic example is a legal document you signed either manually with a pen or digitally with a signing certificate. If it is signed then you cannot proclaim you did not send the document or do a transaction.
The following reference(s) were/was used to create this question:
2011 EC-COUNCIL Official Curriculum, Ethical Hacking and Countermeasures, Volume 1,
Module 1, Page. 11


NEW QUESTION # 566
Which TCP/IP protocol operates at the OSI Network layer?

  • A. IP
  • B. UDP
  • C. FTP
  • D. TCP

Answer: A

Explanation:
The correct answer is IP. IP operates at the network layer of the OSI model and at the Internet layer of the TCP/IP model. FTP operates at the application layer of the TCP/IP model, which is roughly similar to the top three layers of the OSI model: the Application, Presentation, and Session layers. TCP and UDP both operate at the OSI Transport layer, which is similar to the TCP/IP Host-to-host layer.


NEW QUESTION # 567
A Packet Filtering Firewall system is considered a:

  • A. second generation firewall.
  • B. third generation firewall.
  • C. fourth generation firewall.
  • D. first generation firewall.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies.
Incorrect Answers:
B: Packet filtering is a first generation firewall, not a second generation firewall. Application -level gateways are known as second generation firewalls.
C: Packet filtering is a first generation firewall, not a third generation firewall.
D: Packet filtering is a first generation firewall, not a fourth generation firewall.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630


NEW QUESTION # 568
Which of the following is NOT a common integrity goal?

  • A. Prevent authorized users from making improper modifications.
  • B. Maintain internal and external consistency.
  • C. Prevent paths that could lead to inappropriate disclosure.
  • D. Prevent unauthorized users from making modifications.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Integrity does not prevent paths that could lead to inappropriate disclosure.
Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. Environments that enforce and provide this attribute of security ensure that attackers, or mistakes by users, do not compromise the integrity of systems or data.
Users usually affect a system or its data's integrity by mistake (although internal users may also commit malicious deeds). For example, a user may insert incorrect values into a data processing application that ends up charging a customer $3,000 instead of $300.
Incorrect Answers:
A: A goal of integrity is to prevent unauthorized users from making modifications.
B. A goal of integrity is to maintain internal and external consistency.
C. A goal of integrity is to prevent authorized users from making improper modifications.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23


NEW QUESTION # 569
In terms of the order of effectiveness, which of the following technologies is the least effective?

  • A. Voice pattern
  • B. Signature
  • C. Hand geometry
  • D. Keystroke pattern

Answer: B

Explanation:
The order of effectiveness has not changed for a few years. It is still the same today as it was three years ago. The list below present them from most effective to list effective: Iris scan Retina scan Fingerprint Hand geometry Voice pattern Keystroke pattern Signature


NEW QUESTION # 570
Which of the following is a detective control?

  • A. Back-up procedures
  • B. Segregation of duties
  • C. Physical access control
  • D. Audit trails

Answer: D


NEW QUESTION # 571
An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

  • A. Discretionary Access Control (DAC)
  • B. Role Based Access Control (RBAC)
  • C. Mandatory Access Control (MAC)
  • D. Media Access Control (MAC)

Answer: A


NEW QUESTION # 572
Which of the following is NOT an advantage that TACACS+ has over TACACS?

  • A. Event logging
  • B. Ability for security tokens to be resynchronized
  • C. User has the ability to change his password
  • D. Use of two-factor password authentication

Answer: A

Explanation:
Although TACACS+ provides better audit trails, event logging is a service that is provided with TACACS.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 121).


NEW QUESTION # 573
Which of the following is the BEST reason to apply patches manually instead of automated patch management?

  • A. The target systems reside within isolated networks.
  • B. The cost required to install patches will be reduced.
  • C. The time during which systems will remain vulnerable to an exploit will be decreased.
  • D. The ability to cover large geographic areas is increased.

Answer: A

Explanation:
Section: Mixed questions


NEW QUESTION # 574
Which of the following is the primary security feature of a proxy server?

  • A. Content filtering
  • B. URL blocking
  • C. Virus Detection
  • D. Route blocking

Answer: A

Explanation:
In many organizations, the HTTP proxy is used as a means to implement content filtering, for instance, by logging or blocking traffic that has been defined as, or is assumed to be nonbusiness related for some reason. Although filtering on a proxy server or firewall as part of a layered defense can be quite effective to prevent, for instance, virus infections (though it should never be the only protection against viruses), it will be only moderately effective in preventing access to unauthorized services (such as certain remote-access services or file sharing), as well as preventing the download of unwanted content. HTTP Tunneling. HTTP tunneling is technically a misuse of the protocol on the part of the designer of such tunneling applications. It has become a popular feature with the rise of the first streaming video and audio applications and has been implemented into many applications that have a market need to bypass user policy restrictions. Usually, HTTP tunneling is applied by encapsulating outgoing traffic from an application in an HTTP request and incoming traffic in a response. This is usually not done to circumvent security, but rather, to be compatible with existing firewall rules and allow an application to function through a firewall without the need to apply special rules, or additional configurations.
The following are incorrect choices:
Virus Detection A proxy is not best at detection malware and viruses within content. A antivirus
product would be use for that purpose.
URL blocking This would be a subset of Proxying, based on the content some URL's may be
blocked by the proxy but it is not doing filtering based on URL addresses only. This is not the
BEST answer.
Route blocking This is a function that would be done by Intrusion Detection and Intrusion
prevention system and not the proxy. This could be done by filtering devices such as Firewalls and
Routers as well. Again, not the best choice.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 6195-6201). Auerbach Publications. Kindle Edition.


NEW QUESTION # 575
Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?

  • A. Rlogin
  • B. SSL
  • C. SSH
  • D. S-Telnet

Answer: C

Explanation:
SSH is a protocol for secure remote login and other secure network services over an insecure network. It consists of three major components: a transport layer protocol (providing server authentication, confidentiality, and integrity), a user authentication protocol (authenticating the client-side user to the server) and a connection protocol (multiplexing the encrypted tunnel into several logical channels). It should be used instead of Telnet, FTP, rlogin, rexec and rsh. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. And: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 8).


NEW QUESTION # 576
Which of the following Is the PRIMARY role of a security architect?

  • A. Determine the organizations preferred approach for protecting personnel.
  • B. Define security solutions for key assets based on organizations mission requirements.
  • C. Test the validity of competing designs submitted by security engineers.
  • D. Implement countermeasures to block malware and Denial of Service (DoS) attacks.

Answer: B


NEW QUESTION # 577
What can best be defined as high-level statements, beliefs, goals and objectives?

  • A. Procedures
  • B. Guidelines
  • C. Policies
  • D. Standards

Answer: C

Explanation:
Explanation/Reference:
Explanation:
A policy is defined as a high-level document that outlines senior management's security directives.
A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A security policy can be an organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy, management establishes how a security program will be set up, lays out the program's goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out.
Incorrect Answers:
A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They are not defined as high- level statements, beliefs, goals and objectives.
C: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They are not defined as high-level statements, beliefs, goals and objectives.
D: Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal.
Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. They are not defined as high-level statements, beliefs, goals and objectives.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107


NEW QUESTION # 578
What algorithm was DES derived from?

  • A. Twofish.
  • B. Brooks-Aldeman.
  • C. Lucifer.
  • D. Skipjack.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Lucifer was adopted and modified by the U.S. National Security Agency (NSA) to establish the U.S. Data Encryption Standard (DES) in 1976.
Incorrect Answers:
A: Twofish is a symmetric block cipher, which was a candidate for being the basis of the Advanced Encryption Standard (AES).
B: Skipjack is an algorithm that was used by Clipper Chip, which was used in the Escrowed Encryption Standard (EES).
C: Brooks-Aldeman is not a valid algorithm.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 764, 809 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 250


NEW QUESTION # 579
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?

  • A. Network layer
  • B. Transport layer
  • C. Physical layer
  • D. Application layer

Answer: B

Explanation:
Connection-oriented protocols such as TCP provides reliability.
It is the responsibility of such protocols in the transport layer to ensure every byte is accounted for.
The network layer does not provide reliability. It only privides the best route to get the traffic to the
final destination address.
For your exam you should know the information below about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and
standardizes the internal functions of a communication system by partitioning it into abstraction
layers. The model is a product of the Open Systems Interconnection project at the International
Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer
above it and is served by the layer below it. For example, a layer that provides error-free
communications across a network provides the path needed by applications above it, while it calls
the next lower layer to send and receive packets that make up the contents of that path. Two
instances at one layer are connected by a horizontal.
OSI Model
Image source: http://www.petri.co.il/images/osi_model.JPG
PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and
reception of the unstructured raw bit stream over a physical medium. It describes the
electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the
signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better
accommodate the characteristics of the physical medium, and to aid in bit and frame
synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the
physical layer, allowing layers above it to assume virtually error-free transmission over the link. To
do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two
nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from
errors that occur in the physical layer by retransmitting non-acknowledged frames and handling
duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical
medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data
should take based on network conditions, priority of service, and other factors. It provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station
to "throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit
(MTU) size is less than the frame size, a router can fragment a frame for transmission and re-
assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical
addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet
intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the
subnet intermediate systems can recognize them and use them to route data to the destination
address.
This layer relieves the upper layers of the need to know anything about the data transmission and
intermediate switching technologies used to connect systems. It establishes, maintains and
terminates connections across the intervening communications facility (one or several
intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate
neighbor, but the neighbor may be a node through which data is routed, not the destination
station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no
losses or duplications. It relieves the higher layer protocols from any concern with the transfer of
data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the
network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is
required. If the network layer is unreliable and/or only supports datagrams, the transport protocol
should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message
into smaller units (if not already small enough), and passes the smaller units down to the network
layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to "back-off" when no message buffers are
available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and
keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message
size limits imposed by the network (or lower) layer. Consequently, the transport layer must break
up the messages into smaller units, or frames, prepending a header to each frame.
The transport layer header information must then include control information, such as message
start and message end flags, to enable the transport layer on the other end to recognize message
boundaries. In addition, if the lower layers do not maintain sequence, the transport header must
contain sequence information to enable the transport layer on the receiving end to get the pieces
back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the
transport layer and the layers above are true "source to destination" or end-to-end layers, and are
not concerned with the details of the underlying communications facility. Transport layer software
(and software above it) on the source station carries on a conversation with similar software on the
destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations.
It provides:
Session establishment, maintenance and termination: allows two application processes on
different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the
network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed
as the translator for the network. This layer may translate data from a format used by the
application layer into a common format at the sending station, then translate the common format to
a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network
services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection
Remote file access
Remote printer access
Inter-process communication Network management Directory services Electronic messaging (such as mail) Network virtual terminals
The following were incorrect answers: Application Layer - The application layer serves as the window for users and application processes to access network services. Network layer - The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. Physical Layer - The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 260 and Official ISC2 guide to CISSP CBK 3rd Edition Page number 287 and http://en.wikipedia.org/wiki/Tcp_protocol


NEW QUESTION # 580
IT security measures should:

  • A. not be developed in a layered fashion.
  • B. be complex.
  • C. make sure that every asset of the organization is well protected.
  • D. be tailored to meet organizational security goals.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The National Institute of Standards and Technology (NIST) defines 33 IT Security principles.
Principle 8 states:
"Implement tailored system security measures to meet organizational security goals." In general, IT security measures are tailored according to an organization's unique needs. While numerous factors, such as the overriding mission requirements, and guidance, are to be considered, the fundamental issue is the protection of the mission or business from IT security-related, negative impacts. Because IT security needs are not uniform, system designers and security practitioners should consider the level of trust when connecting to other external networks and internal sub-domains. Recognizing the uniqueness of each system allows a layered security strategy to be used - implementing lower assurance solutions with lower costs to protect less critical systems and higher assurance solutions only at the most critical areas.
Incorrect Answers:
A: According to the NIST IT security principles, IT security measures should strive for simplicity not be complex.
C: According to the NIST IT security principles, you should not implement unnecessary security mechanisms. Protecting 'every' asset may be unnecessary.
D: According to the NIST IT security principles, IT security measures should be developed in a layered fashion.
References:
http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf, p.10


NEW QUESTION # 581
......

CISSP Exam Practice Materials Collection: https://actual4test.exam4labs.com/CISSP-practice-torrent.html

Related Blogs

more
ISC CISSP Certification Practice Exam

Copyright © 2026 EXAM4LABS.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.