CISSP Mock Exam Quiz: MCQ!

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Vercimd
V
Vercimd
Community Contributor
Quizzes Created: 1 | Total Attempts: 2,018
Questions: 11 | Attempts: 2,025

SettingsSettingsSettings
CISSP Mock Exam Quiz: MCQ! - Quiz


Do you know what CISSP is? The CISSP test helps you to identify all aspects of security and evaluate your performance to pay more attention to the areas you are not accustomed to. This quiz is a practive test with a series of potential problems, and your job is to figure out how to solve them. This quiz will help you to obtain a passing grade on your CISSP exam.


Questions and Answers
  • 1. 

    A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented?

    • A.

      DMZ (Demilitarized Zone)

    • B.

      A honey pot

    • C.

      A firewall

    • D.

      A new subnet

    Correct Answer
    B. A honey pot
    Explanation
    For -> ( A deception active response fools the attacker into thinking the attack is succeeding while monitoring the activity and potentially redirecting the attacker to a system that is designed to be broken. This allows the operator or administrator to gather data about how the attack is unfolding and what techniques are being used in the attack. This process is referred to as sending them to the honey pot.)
    For -> ( Reference: Security + (SYBEX) page 183)

    Rate this question:

  • 2. 

    You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources. Which of the following types of cabling provides the best protection from interference in this area?

    • A.

      STP

    • B.

      UTP

    • C.

      Coaxial

    • D.

      Fiber-optic

    Correct Answer
    D. Fiber-optic
    Explanation
    For -> ( Fiber, as a media, is relatively secure because it cannot be easily tapped. It is the strongest to defeat against EMI and RFI in my opinion.)
    For -> ( Reference: Security + (SYBEX) page 147 )

    Rate this question:

  • 3. 

    In order for a user to obtain a certificate from a trusted CA Certificate Authority), the user must present proof of identity and a? A. Private key B. Public key C. Password D. Kerberos key

    • A.

      Private Key

    • B.

      Public Key

    • C.

      Password

    • D.

      Kerberos Key

    Correct Answer
    B. Public Key
    Explanation
    For -> ( A certificate is really nothing more than a mechanism that associates the public key with an individual.)
    For -> ( Reference: Security + (SYBEX) page 332)

    Rate this question:

  • 4. 

    While performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you just become a victim of?

    • A.

      Piggybacking

    • B.

      Masquerading

    • C.

      Man-in-da-middle attack

    • D.

      Social Engineering

    Correct Answer
    D. Social Engineering
    Explanation
    For -> ( Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, be e-mail, or by a visit.)
    For -> ( Reference: Security + (SYBEX) page 87 )

    Rate this question:

  • 5. 

    When visiting an office adjacent to the server room, you discover the lock to the window is broken. Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the windows was actually repaired. What affect will this have on the likelihood of a threat associated with the vulnerability actually occurring?   If the window is repaired, the likelihood of the threat occurring will increase. B. If the window is repaired, the likelihood of the threat occurring will remain constant. C. If the window is not repaired the, the likelihood of the threat occurring will decrease. D. If the window is not repaired, the likelihood of the threat occurring will increase.

    • A.

      If the window is repaired, the likelihood of the threat occurring will increase.

    • B.

      If the window is repaired, the likelihood of the threat occurring will remain constant.

    • C.

      If the window is not repaired the, the likelihood of the threat occurring will decrease.

    • D.

      If the window is not repaired, the likelihood of the threat occurring will increase.

    Correct Answer
    D. If the window is not repaired, the likelihood of the threat occurring will increase.
    Explanation
    In this scenario, the broken window serves as a vulnerability that could potentially be exploited by a threat. If the window is not repaired, the vulnerability remains, and the likelihood of the threat occurring increases because there is still an avenue for unauthorized access or security breaches. Failure to address and mitigate known vulnerabilities can lead to an increased risk of threats being realized. For -> ( Reference: Security + (SYBEX) page 87 )

    Rate this question:

  • 6. 

    A company consists of the main building with two smaller branch offices at opposite ends of the city. The main building and branch offices are connected with fast links so that all employees have good connectivity to the network. Each of the buildings has security measures that require visitors to sign in, and all employees are required to wear identification badges at all times. You want to protect servers and other vital equipment so that the company has the best level of security at the lowest possible cost. Which of the following will you do to achieve this objective?

    • A.

      Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected.

    • B.

      Centralize most servers and other vital components in a single room of the main building, and place servers at each of the branch offices. Add security measures to areas where the servers and other components are located.

    • C.

      Decentralize servers and other vital components, and add security measures to areas where the servers and other components are located.

    • D.

      main building. Because the building prevents unauthorized access to visitors and other persons, there is no need to implement physical security in the server room.

    Correct Answer
    A. Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected.
    Explanation
    For -> ( Keep in mind that cost and best level of security is asked for. To keep all the servers in one room along with the vital components with a security measure added to the room will provide what is asked for.)

    Rate this question:

  • 7. 

    You are explaining SSL to a junior administrator and come up with the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process?

    • A.

      Five

    • B.

      Six

    • C.

      Seven

    • D.

      Eight

    Correct Answer
    B. Six
    Explanation
    For -> ( Graphical explanation of 6 steps to Digital Handshake for SSL ) For -> ( Note: The handshake begins when a browser connects to an SSL-enabled server and asks the server to send back its identification, a digital certificate that usually contains the server name, the trusted certifying authority, and the server public encryption key. The browser can contact the server of the trusted certifying authority and confirm that the certificate is authentic before proceeding. The browser then presents a list of encryption algorithms and hashing functions (used to generate a number from another); the server picks the strongest encryption that it also supports and notifies the client of the decision. In order to generate the session keys used for the secure connection, the browser uses the server public key from the certificate to encrypt a random number and send it to the server. The client can encrypt this data, but only the server can decrypt it: this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The server replies with more random data (which doesn’t have to be encrypted), and then both parities use the selected hash functions on the random data to generate the session keys. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session keys. The SSL handshake allows the establishment of a secured connection over an insecure channel. Even if a third party were to listen to the conversation, it would not be able to obtain the session keys. The process of creating good random numbers and applying hash functions can be quite slow, but usually the session keys are cached, so the handshake occurs only on the first connection between the parties. This process works on top of HTTP, so it's portable to any platform that supports it and is in principle applicable to other protocols as well (Welling 2001, p.334). The process described is part of SSL version 2.0, but version 3.0 is supposed to replace it soon. Another standard, Transport Layer Security (TSL) is still in draft and is supposed to replace SSL in the future.)

    Rate this question:

  • 8. 

    You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. What type of threat does this represent? A. DDos B. Back Door C. Spoofing D. Man in the Middle

    • A.

      DDos

    • B.

      Trojan Horse

    • C.

      Logic Bomb

    • D.

      Man-in-the-middle

    Correct Answer
    D. Man-in-the-middle
    Explanation
    For -> ( The method used in these attacks place a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.) 

    Rate this question:

  • 9. 

    A problem with air conditioning is causing fluctuations in temperature in the server room. The temperature is rising to 90 degrees when the air conditioner stops working and then drops to 60 degrees when it starts working again. The problem keeps occurring over the next two days. What problem may result from these fluctuations?

    • A.

      Electrostatic discharge

    • B.

      Power outages

    • C.

      Chip creep

    • D.

      Poor air quality

    Correct Answer
    C. Chip creep
    Explanation
    For -> ( The expansion and contraction that occurs during the normal heating and cooling cycles of your system can cause chips and cards, over time, to inch lose from sockets or slots.)

    Rate this question:

  • 10. 

    While connected from home to an ISP (Internet Service Provider), a network administrator performs a port scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports: 25, 110, 143, and 389. Corporate users in the organization must be able to connect from home, send and receive messages on the Internet, read e-mail by beams of the IMAPv.4 (Internet Message Access Protocol version 4) protocol, and search into a directory services database for user e-mail addresses, and digital certificates. All the e-mail relates services, as well as the directory server, run on the scanned server. Which of the above ports can be filtered out to decrease unnecessary exposure without affecting functionality?

    • A.

      25

    • B.

      110

    • C.

      143

    • D.

      389

    Correct Answer
    B. 110
    Explanation
    For -> ( Internet Message Access Protocol v4 uses port 143 and TCP for connections. POP3 uses port 110 and TCP for connections and therefore can be filtered out to decrease unnecessary exposure.) 

    Rate this question:

  • 11. 

    A piece of malicious code that can replicate itself has no productive purpose and exist only to damage computer systems or create further vulnerabilities is called a?

    • A.

      Logic Bomb

    • B.

      Worm

    • C.

      Trojan Horse

    • D.

      Virus

    Correct Answer
    B. Worm
    Explanation
    For -> ( A virus is a piece of software designed to infect a computer system. The virus may do nothing more than reside on the computer. A virus may also damage the data on your hard disk, destroy your operating system, and possibly spread to other systems.) 

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Sep 07, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Nov 18, 2008
    Quiz Created by
    Vercimd
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.