CISSP – Practice Test Questions – 2024 – Set 8 (53 Questions)

CISSP Part 8

Elevate your CISSP exam readiness with this comprehensive series of practice tests tailored to cover all domains of information security. Delve into the complexities of identity and access management, explore the intricacies of security governance, and sharpen your risk management skills as you progress through each article.

1. Which of the following is a type of cable that utilizes light pulses to represent 0s and 1s?

A. Twisted pair
B. Coaxial
C. Fiber optic
D. Radio frequency

Correct Answer: C

2. What is the primary purpose of the Internet Control Message Protocol (ICMP)?

A. Encrypting data
B. Providing feedback about problems in the network communication environment
C. Managing wireless signals
D. Handling collisions

Correct Answer: B

3. Which of the following security solutions for the 802.11 wireless protocol family is the most updated?

A. WEP
B. WPA
C. WPA2
D. WPA3

Correct Answer: D

4. What is the main difference between a denial-of- service (DoS) attack and a distributed denial-of-service (DDoS) attack?

A. DoS involves multiple machines, while DDoS involves a single machine.
B. DoS involves a single machine, while DDoS involves multiple machines.
C. DoS encrypts data, while DDoS decrypts data.
D. DoS and DDoS are the same and have no differences.

Correct Answer: B

5. Which of the following is NOT a layer in the OSI model?

A. Application
B. Session
C. Transport
D. Fragmentation

Correct Answer: D

6. Which of the following protocols is responsible for securely transmitting data over the Internet?

A. HTTPS
B. ICMP
C. ARP
D. OSPF

Correct Answer: A

7. What is the primary function of the Data Link Layer in the OSI model?

A. Routing data between networks
B. Encrypting data
C. Providing error detection and correction at the physical level
D. Managing sessions between applications

Correct Answer: C

8. Which of the following is a common method used to prevent unauthorized access to a wireless network?

A. Data fragmentation
B. MAC address filtering
C. ICMP feedback
D. OSPF routing

Correct Answer: B

9. What type of attack involves intercepting and altering communications between two parties without their knowledge?

A. Denial-of-service attack
B. Man-in-the-middle attack
C. Distributed denial-of-service attack
D. Brute-force attack

Correct Answer: B

10. Which protocol places a tag in front of the Layer 2 header of a frame to help its transmission through the protocol-compliant cloud?

A. Multiprotocol Label Switching (MPLS)
B. Network Address Translation (NAT)
C. Open Shortest Path First (OSPF)
D. Dynamic Host Configuration Protocol (DHCP)

Correct Answer: A

11. Which of the following options enables systems to utilize various existing and future mechanisms for authenticating user identities?

A. Zero-knowledge proof
B. Extensible Authentication Protocol (EAP)
C. Challenge Handshake Authentication Protocol (CHAP)
D. Synchronous Optical Network (SONET)

Correct Answer: B

12. Which IEEE specification refers to a wireless access point employing multiple transmitters, receivers, and antenna?

A. 802.11h
B. 802.11j
C. 802.11b
D. 802.11n

Correct Answer: D

13. Which attack from the following options utilizes a collection of compromised computers, known as zombies?

A. Ping of death
B. DDoS attack
C. LAND attack
D. SYN flood

Correct Answer: B

14. On which layer of the OSI reference model is Ethernet (IEEE 802.3) positioned?

A. Layer 1 – Physical Layer
B. Layer 2 – Data Link Layer
C. Layer 3 – Network Layer
D. Layer 4 – Transport Layer

Correct Answer: B

15. What would be considered the BEST proactive network defense strategy?

A. Redundant firewalls
B. Business continuity planning
C. Disallowing P2P traffic
D. Perimeter surveillance and intelligence gathering

Correct Answer: D

16. In which scenario is the network not the direct target of the attack?

A. A denial-of-service attack on servers on a network
B. Hacking into a router
C. A virus outbreak saturating network capacity
D. A man-in-the-middle attack

Correct Answer: D

17. What is the MOST effective countermeasure against a distributed denial-of-service (DDoS) attack?

A. Secret fully qualified domain names (FQDNs)
B. Redundant network layout
C. Traffic filtering
D. Network Address Translation (NAT)

Correct Answer: C

18. Where is the optimal location for network-based intrusion detection systems (NIDS)?

A. On the network perimeter, to alert the network administrator of all suspicious traffic
B. On network segments with business-critical systems
C. At the network operations center (NOC)
D. At an external service provider

Correct Answer: A

19. Which combination of endpoint devices would MOST likely be included in a converged IP network?

A. File server, IP phone, security camera
B. IP phone, thermostat, cypher lock
C. Security camera, cypher lock, IP phone
D. Thermostat, file server, cypher lock

Correct Answer: A

20. What security advantage does fiber-optic cable offer over copper cables?

A. Fiber optics provides higher bandwidth.
B. Fiber optics are more difficult to wiretap.
C. Fiber optics are immune to wiretap.
D. None – the two are equivalent; network security is independent of the Physical Layer.

Correct Answer: B

21. What devices are best to be included in a robust network perimeter defense strategy?

A. A boundary router, a firewall, a proxy server
B. A firewall, a proxy server, a host-based intrusion detection system (HIDS)
C. A proxy server, a host-based intrusion detection system (HIDS), a firewall
D. A host-based intrusion detection system (HIDS), a firewall, a boundary router

Correct Answer: A

22. What is the principal security risk associated with wireless LANs?

A. Lack of physical access control
B. Demonstrably insecure standards
C. Implementation weaknesses
D. War driving

Correct Answer: A

23. Which configuration related to a WLAN’s SSID provides adequate security protection?

A. Using an obscure SSID to confuse and distract an attacker
B. Not using any SSID at all to prevent an attacker from connecting to the network
C. Not broadcasting an SSID to make it harder to detect the WLAN
D. An SSID does not provide protection

Correct Answer: D

24. What is true about IPSec?

A. It provides mechanisms for authentication and encryption.
B. It provides mechanisms for non-repudiation.
C. It will only be deployed with IPv6.
D. It only authenticates clients against a server.

Correct Answer: A

25. What is the function of a security event management (SEM) service?

A. Gathers firewall logs for archiving
B. Aggregates logs from security devices and application servers looking for suspicious activity
C. Reviews access control logs on servers and physical entry points to match user system authorization with physical access permissions
D. Coordination software for security conferences and seminars

Correct Answer: B

26. What is the principal weakness of the Domain Name System (DNS)?

A. Lack of authentication of servers and thereby authenticity of records
B. Its latency, which enables insertion of records between the time when a record has expired and when it is refreshed
C. The fact that it is a simple, distributed, hierarchical database instead of a singular, relational one, thereby giving rise to the possibility of inconsistencies going undetected for a certain amount of time
D. The fact that addresses in email can be spoofed without checking their validity in DNS, caused by the fact that DNS addresses are not digitally signed

Correct Answer: A

27. Which statement about open email relays is incorrect?

A. An open email relay is a server that forwards email from domains other than the ones it serves.
B. Open email relays are a principal tool for distribution of spam.
C. Using a denylist of open email relays provides a secure way for an email administrator to identify open mail relays and filter spam.
D. An open email relay is widely considered a sign of bad system administration.

Correct Answer: C

28. How can a botnet be characterized?

A. A network used solely for internal communications
B. An automatic security alerting tool for corporate networks
C. A group of dispersed, compromised machines controlled remotely for illicit reasons
D. A type of virus

Correct Answer: C

29. Why is a mesh network topology rarely implemented in modern networks?

A. Cost
B. Poor redundancy
C. Throughput
D. Optical fiber limits

Correct Answer: A

30. What offers the strongest wireless encryption when installing an 801.11n wireless access point?

A. WPA
B. WEP
C. PKI
D. WPA2

Correct Answer: D

31. What media is best suited in a heavy manufacturing area with substantial electromagnetic radiation and power fluctuations if little traffic degradation is tolerated?

A. Coax cable
B. Wireless
C. Shielded twisted pair
D. Fiber

Correct Answer: D

32. What is true about multilayer protocols like Modbus used in industrial control systems?

A. Often have their own encryption and security like IPv6
B. Are used in modern routers as a routing interface control
C. Are often insecure by their very nature as they were not designed to natively operate over today’s IP networks
D. Have largely been retired and replaced with newer protocols such as IPv6 and NetBIOS

Correct Answer: C

33. For a security professional needing to administer a server remotely, assuming they can access the server from their location, what is the BEST approach for access?

A. TELNET
B. SSHv2
C. FTP
D. TFTP

Correct Answer: B

34. As a security consultant for a company that requires a secure connection for online financial transactions, what Extensible Authentication Protocol would you recommend that’s the most secure but also the most costly?

A. EAP-LEAP
B. EAP-MD5
C. EAP-TLS
D. EAP-SIM

Correct Answer: C

35. If two people are discussing stealing electronic serial numbers (ESNs), what type of attack is being planned?

A. Bank card hacking
B. Modem hacking
C. PBX hacking
D. Cell phone hacking

Correct Answer: D

36. What is the BEST protocol if a company needs link- to-link communications supporting encryption and authentication compatible with IPv6 and using L2TP at Layer 3 of the OSI model?

A. IPSec Transport mode
B. IPSec Tunnel mode
C. PPTP
D. L2F

Correct Answer: B

37. Which mechanism converts internal IP addresses found in IP headers into public addresses for transmission over the Internet?

A. ARP
B. DNS
C. DHCP
D. NAT

Correct Answer: D

38. If you need to implement IPv6 on an existing IPv4 network without a native connection to an IPv6 network, what technology should you use?

A. VRRP
B. Teredo
C. 802.1AE
D. 6to4

Correct Answer: D

39. What is the term for a situation where a path is no longer available and shows an infinite hop count?

A. Loopback
B. Split horizon
C. Classless Inter-Domain Routing
D. Poison reverse

Correct Answer: D

40. What is a current updated standard to the WEP protocol?

A. WPA2
B. SMLI
C. PGP
D. POP

Correct Answer: A

41. What closely resembles a packet filtering device, making decisions based on addresses, ports, and protocols?

A. Stateless firewall
B. Circuit-level proxy
C. Application proxy
D. Stateful firewall

Correct Answer: A

42. What protocol is a forerunner to Frame Relay and works over POTS lines?

A. SMDS
B. ATM
C. X.25
D. T-carriers

Correct Answer: C

43. What does RADIUS provide?

A. Authentication and accountability
B. Authorization and accountability
C. Authentication and authorization
D. Authentication, authorization, and accountability

Correct Answer: D

44. Which cell-switched WAN technology is the most suitable to use in rural areas considering that you don’t want to use circuit-switched tech?

A. DSL
B. T1
C. ISDN
D. ATM

Correct Answer: D

45. What is considered a third-generation firewall?

A. Packet filter
B. Circuit proxy
C. Application proxy
D. Stateful firewall

Correct Answer: D

46. Identify the protocols corresponding to OSI Layers 2, 6, 3, 4, and 7, respectively.

A. ARP, SQL, ICMP, SMB, and SNMP
B. L2TP, SMB, IP, SQL, and HTTP
C. WEP, ASCII, IPX, TCP, and BootP
D. PPP, ZIP, SPX, UDP, and TFTP

Correct Answer: D

47. Which wireless standard operates in the frequency range of 5.15–5.35 GHz to 5.725–5.825 GHz and has a range of approximately 60 feet?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Correct Answer: A

48. What is the BEST description of ISAKMP (Internet Security Association and Key Management Protocol)?

A. Defines procedures for managing Security Associations, utilizes IKE, etc.
B. Enables authentication of parties in a secure transition and contains certificate details
C. Manages private keys and certificates and follows X.509 standard
D. Defines protection of keys, establishes key lifetimes, and includes elements of business continuity

Correct Answer: A

49. What is the OSI model in the context of network communication?

A. A seven-layer architecture for open systems interconnection
B. A five-layer architecture for closed systems interconnection
C. A protocol for data encryption
D. A type of firewall technology

Correct Answer: A

50. Which of the following is NOT a method to handle collisions in network topologies?

A. Token-based collision avoidance
B. Polling
C. Carrier Sense Multiple Access (CSMA)
D. Data fragmentation

Correct Answer: D

51. What is the primary function of the Address Resolution Protocol (ARP)?

A. Mapping IP addresses to MAC addresses
B. Encrypting data packets
C. Managing wireless signals
D. Detecting network intrusions

Correct Answer: A

52. Which of the following is a security feature of the Open Shortest Path First (OSPF) routing protocol?

A. Data fragmentation
B. IP mapping
C. Encryption
D. Voice over IP

Correct Answer: C

53. What is the purpose of a Virtual Local Area Network (VLAN)?

A. To increase the speed of data transmission
B. To create virtual tunnels through physical networks to connect devices
C. To detect and prevent network attacks
D. To encrypt wireless communication

Correct Answer: B

You may also like:

Related Posts

Leave a Reply