CISSP Missed Questions

Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which of these technologies should she replace because it is no longer considered secure?. PGP. AES. WPA3. MD5.

What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?. shielding cabling. Copper-infused windows. Faraday cage. White noise.

How can a data retention policy reduce liabilities?. By limiting the number of data classifications. By reducing the amount of storage in use. By reducing the amount of data that may need to be produced for lawsuits. By reducing the legal penalties for noncompliance.

Elle is planning her organization's asset retention efforts and wants to establish when the company will remove assets from use. Which of the following is typically the last event in a manufacture or software provider's life cycle?. End of life. End of support. End of sales. General availability.

Chris is worried that the laptops that his organization has recently acquired were modified by a third party to include keyloggers before they were delivered. Where should he focus his efforts to prevent this?. His supply chain. His post-purchase build process. His vendor contracts. The orginal equipment manufacture (OEM).

Chas recently completed the development of his organization's business continutity plan (BCP). Who is the ideal person to approve an organization's business continuity plan?. Chief operating office. Chief information security officer. Chief information officer. Chief executive officer.

Alan is performing threat modeling and decides that it would be useful to decompose the system into the core elements shown here. What tool is he using?. Reduction analysis. Data modeling. Vulnerability assessment. Fuzzing.

Greg's company recently experienced a significant data breach involving the personal data of many of their customers. The company operates only in the United States and has facilities in several different states. The personal information relates only to residents of the United States. Which breach law should they review to ensure that they are taking appropriate action?. Breach laws only cover government agencies, not private businesses. The breach laws of states they do business in or where their customers reside along with federal breach laws. Only federal breach laws. The breach laws in the state where they are headquarted along with federal breach laws.

Brenda's organization recently completed the aquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be of the organizational processes addressed during the acquistion?. Documentation of security policies. Integration of security. Protection of intellectual property. Consolidation of security functions.

Joan is seeking to protect a piece of computer software that she developed under intellectual property law. Which one of the following avenues of protection would NOT apply to a piece of software?. Trademark. Patent. Copyright. Trade secret.

Chuck is in charge of a commercial data center that handles many customers who host their servers there. He wants to be able to configure his data center network to adjust to traffic pattern changes and to manage bandwidth and other options. What technology should he implement to allow central, programmatic control of his network?. Agile networking. SDN. Proxy Routing. SD-WAN.

Jake wants to describe traffic sent between servers in his data center. What common terminology should he use to describe this?. Privilege/Unprivledged. North/South. Store/Forward. East/West.

The company that Kathleen works for has moved to remote work for most employees and wants to ensure that the multimedia collaboration platform that they use for voice, video, and text-based collaboration is secure. Which of the following security options will provide the best user experience while providing appropriate security for communications?. Require the use of SIPS and SRTP for all communications. Deploy secure VPN endpoints to each remote location and use a point-to-point VPN for communications. Use TLS for all traffic for the collaboration platform. Require software-based VPN to the corporate network for a ll use of the collaboration platform.

Frank is responisble for ensuring that his organization has reliable, supported network hardware. Which of the following is not a common concern for network administrators as they work to ensure their network continues to be operational?. If the devices have vendor support. If the devices are under warranty. If major devices support redundant power supplies. If all devices support redundant power supplies.

Valerie enables port security on the switches on her network. What type of attack is she most likely trying to prevent?. CAM table flooding. MAC aggregation. VLAN hopping. IP spoofing.

Issac wants to ensure that his VoIP session initialized is secure. What protocol should he ensure is enabled and required?. SVOIP. SIPS. PBSX. SRTP.

What type of address is 127.0.0.1. An APIPA address. A loopback address. A public IP address. An RFC 1918 address.

What is the purpose of a virtual domain (VDOM)?. They create a virtual domain controller. They divide a firewall device or appliance into two or more virtual firewalls. They allow the hosting of multiple domain names for a single host. They combine multiple virtual instances into a single domain.

Wayne wants to deploy a secure voice communication network. Which of the following techniques should he consider?. Require the use of SIPS and SRTP. Require the use of VPN for all remote VoIP devices. Implement a VoIP IPS. Use a dedicated VLAN for VOIP phones and devices.

Joanna wants to deploy 4G LTE as an out-of-band management solution for devices at remote sites. Which of the following security capabilities is not commonly available from 4G service providers?. Encryption capabilities. Device-base authentication. SIM-based authentication. Dedicated towers and antennas for secure service subscribers.

Joanna leads her organization's idenity management team and wants to ensure that roles are properly updated when staff members change to new positions. What issue should she focus on for those staff members to avoid future issues with role definition?. Deprovisioning. Registration. Privledge creep. Accountability.

Geoff wants to prevent privledge escalation attacks in his organization. Which of the following practices is most likely to prevent horizontal privledge escalation?. Multifactor Authentication. Sanitizing user inputs to applications. Disabling unused ports and services. Limiting permissions for groups and accounts.

What common behavior drives the NIST recommendation that passwords should not expire?. Users often make minimal chanages to passwords to handle change requirements. Attackers would not have enough time to compromise passwords. Password expiration leads to too little support overhead. Re-hasing passwords when changes are required is computationally intensive.

Which of the following is a client-server protocol designed to allow network access servers to authenticate remote users by sending access request messages to a central server?. OAuth. RADIUS. EAP. Kerberos.

When Sally attempts to authenticate to her organization's services, she know that the organization uses a mobile device management tool to check her location and whether she's loggin in from her company-issued mobile device. What type of authentication is this ?. Zero Trust. Knowledge-based. Context-aware. Identify factoring.