Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

91 What is a frequent concern for systems that require high-performing internet connectivity when satellite internet is the only available option?SecurityCompatibility with protocols like LiFiCompatibility with protocols like ZigbeeLatency

92 What layer of an SDN implementation uses programs to communicate needs for resources via APIs?The data planeThe control planeThe application planeThe monitoring plane

93 Which of the following is not a drawback of multilayer protocols?They can allow filters and rules to be bypassed.They can operate at higher OSI levels.They can allow covert channels.They can allow network segment boundaries to be bypassed.

94 Place the following layers of the TCP/IP model in order, starting with the Application layer and moving down the stack.Application layerNetwork Access layerInternet layerTransport layer1, 2, 3, 41, 4, 2, 31, 4, 3, 24, 1, 3, 2

95 What is the maximum speed that Category 5e cable is rated for?5 Mbps10 Mbps100 Mbps1000 Mbps

96 What are two primary advantages that 5G networks have over 4G networks? (Select all that apply.)Anti-jamming featuresEnhanced subscriber identity protectionMutual authentication capabilitiesMultifactor authentication

97 What function does VXLAN perform in a data center environment?It removes limitations due to maximum distance for Ethernet cables.It allows multiple subnets to exist in the same IP space with hosts using the same IP addresses.It tunnels layer 2 connections over a layer 3 network, stretching them across the underlying layer 3 network.All of the above

98 Chris is setting up a hotel network and needs to ensure that systems in each room or suite can connect to each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the internet. What solution should he recommend as the most effective business solution?Per-room VPNsVLANsPort securityFirewalls

99 During a forensic investigation, Charles is able to determine the Media Access Control (MAC) address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?The Application layerThe Session layerThe Physical layerThe Data Link layer

100 Mikayla is reviewing her organization's VoIP environment configuration and finds a diagram that shows the following design. What concern should she express?The voice connection is unencrypted and could be listened to.There are no security issues in this diagram.The session initialization connection is unencrypted and could be viewed.Both the session initialization and voice data connection are unencrypted and could be captured and analyzed.

SUBDOMAINS:

5.1 Control physical and logical access to assets

5.2 Manage identification and authentication of people, devices, and services

5.3 Federated identity with a third-party service

5.4 Implement and manage authorization mechanisms

5.5 Manage the identity and access provisioning lifecycle

5.6 Implement authentication systems

1 Which of the following is best described as an access control model that focuses on subjects and identifies the objects that each subject can access?An access control listAn implicit denial listA capability tableA rights management matrix

2 Jim's organization-wide implementation of IDaaS offers broad support for cloud-based applications. Jim's company does not have internal identity management staff and does not use centralized identity services. Instead, they rely upon Active Directory for AAA services. Which of the following options should Jim recommend to best handle the company's on-site identity needs?Integrate on-site systems using OAuth.Use an on-premises third-party identity service.Integrate on-site systems using SAML.Design an internal solution to handle the organization's unique needs.

3 Which of the following is not a weakness in Kerberos?The KDC is a single point of failure.Compromise of the KDC would allow attackers to impersonate any user.Authentication information is not encrypted.It is susceptible to password guessing.

4 Voice pattern recognition is what type of authentication factor?Something you knowSomething you haveSomething you areSomewhere you are

5 If Susan's organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct authentication factor types has she used?OneTwoThreeFour

6 Charles wants to deploy a credential management system (CMS). He wants to keep the keys as secure as possible. Which of the following is the best design option for his CMS implementation?Use AES-256 instead of 3DES.Use long keys. Use an HSM.Change passphrases regularly.

7 Brian is a researcher at a major university. As part of his research, he logs into a computing cluster hosted at another institution using his own university's credentials. Once logged in, he is able to access the cluster and use resources based on his role in a research project, as well as using resources and services in his home organization. What has Brian's home university implemented to make this happen?Domain stackingFederated identity managementDomain nestingHybrid login

8 Place the following steps in the order in which they occur during the Kerberos authentication process.Client/server ticket generatedTGT generatedClient/TGS key generatedUser accesses serviceUser provides authentication credentials5, 3, 2, 1, 45, 4, 2, 1, 33, 5, 2, 1, 45, 3, 1, 2, 4

9 What major issue often results from decentralized access control?Access outages may occur.Control is not consistent.Control is too granular.Training costs are high.

10 Callback to a landline phone number is an example of what type of factor?Something you knowSomewhere you areSomething you haveSomething you are

11 Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create?A shortcut trustA forest trustAn external trustA realm trust

12 Which of the following AAA protocols is the most commonly used?TACACSTACACS+XTACACSSuper TACACS

13 Which of the following is not a single sign-on implementation?KerberosADFSCASRADIUS

14 As shown in the following image, a user on a Windows system is not able to use the Send Message functionality. What access control model best describes this type of limitation?Least privilegeNeed to know Constrained interfaceSeparation of duties

15 What type of access controls allow the owner of a file to grant other users access to it using an access control list?Role-basedNondiscretionaryRule-basedDiscretionary

16 Alex's job requires him to see protected health information (PHI) to ensure proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control?Separation of dutiesConstrained interfacesContext-dependent controlNeed to knowFor questions 17–19, please use your knowledge of the Kerberos logon process and refer to the following diagram:

17 At point A in the diagram, the client sends the username and password to the KDC. How is the username and password protected?3DES encryptionTLS encryption SSL encryptionAES encryption

18 At point B in the diagram, what two important elements does the KDC send to the client after verifying that the username is valid?An encrypted TGT and a public keyAn access ticket and a public keyAn encrypted, time-stamped TGT and a symmetric key encrypted with a hash of the user's passwordAn encrypted, time-stamped TGT and an access token

19 What tasks must the client perform before it can use the TGT?It must generate a hash of the TGT and decrypt the symmetric key.It must accept the TGT and decrypt the symmetric key.It must decrypt the TGT and the symmetric key.It must send a valid response using the symmetric key to the KDC and must install the TGT.