CISSP - Question Bank 04

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start

Q1. Which of the following is not true?

A. Tunneling employs encapsulation.
B. All tunneling uses encryption.
C. Tunneling is used to transmit data over an intermediary network.
D. Tunneling can be used to bypass firewalls, gateways, proxies, or other traffic control devices.

View Answer
The Correct Answer is B.
Explanation: Tunneling does not always use encryption. It does, however, employ encapsulation, is used to transmit data over an intermediary network, and is able to bypass firewalls, gateways, proxies, or other traffic control devices.
Q2. Tunnel connections can be established over all except for which of the following?

A. WAN links
B. LAN pathways
C. Dial-up connections
D. Stand-alone systems

View Answer
The Correct Answer is D.
Explanation: A stand-alone system has no need for tunneling because no communications between systems are occurring and no intermediary network is present.
Q3. What do most VPNs use to protect transmitted data?

A. Obscurity
B. Encryption
C. Encapsulation
D. Transmission logging

View Answer
The Correct Answer is B.
Explanation: Most VPNs use encryption to protect transmitted data. In and of themselves, obscurity, encapsulation, and transmission logging do not protect data as it is transmitted.
Q4. Which of the following is not an essential element of a VPN link?

A. Tunneling
B. Encapsulation
C. Protocols
D. Encryption

View Answer
The Correct Answer is D.
Explanation: Encryption is not necessary for the connection to be considered a VPN, but it is recommended for the protection of that data.
Q5. Which of the following cannot be linked over a VPN?

A. Two distant LANs
B. Two systems on the same LAN
C. A system connected to the Internet and a LAN connected to the Internet
D. Two systems without an intermediary network connection

View Answer
The Correct Answer is D.
Explanation: An intermediary network connection is required for a VPN link to be established.
Q6. Which of the following is not a VPN protocol?

A. PPTP
B. L2F
C. SLIP
D. IPSec

View Answer
The Correct Answer is C.
Explanation: SLIP is a dial-up connection protocol, a forerunner of PPP. It is not a VPN protocol.
Q7. Which of the following VPN protocols do not offer encryption? (Choose all that apply.)

A. L2F
B. L2TP
C. IPSec
D. PPTP

View Answer
The Correct Answers are A and B.
Explanation: Layer 2 Forwarding (L2F) was developed by Cisco as a mutual authentication tunneling mechanism. However, L2F does not offer encryption. L2TP also lacks built-in encryption.
Q8. At which OSI model layer does the IPSec protocol function?

A. Data Link
B. Transport
C. Session
D. Network

View Answer
The Correct Answer is D.
Explanation: IPSec operates at the Network layer (layer 3).
Q9. Which of the following is not defined in RFC 1918 as one of the private IP address ranges that are not routed on the Internet?

A. 169.172.0.0–169.191.255.255
B. 192.168.0.0–192.168.255.255
C. 10.0.0.0–10.255.255.255
D. 172.16.0.0–172.31.255.255

View Answer
The Correct Answer is A.
Explanation: The address range 169.172.0.0–169.191.255.255 is not listed in RFC 1918 as a public IP address range.
Q10. Which of the following is not a benefit of NAT?

A. Hiding the internal IP addressing scheme
B. Sharing a few public Internet addresses with a large number of internal clients
C. Using the private IP addresses from RFC 1918 on an internal network
D. Filtering network traffic to prevent brute force attacks

View Answer
The Correct Answer is D.
Explanation: NAT does not protect against nor prevent brute force attacks.
Q11. A significant benefit of a security control is when it goes unnoticed by users. What is this called?

A. Invisibility
B. Transparency
C. Diversion
D. Hiding in plain sight

View Answer
The Correct Answer is B.
Explanation: When transparency is a characteristic of a service, security control, or access mechanism, it is unseen by users.
Q12. When you're designing a security system for Internet-delivered e-mail, which of the following is least important?

A. Nonrepudiation
B. Availability
C. Message integrity
D. Access restriction

View Answer
The Correct Answer is B.
Explanation: Although availability is a key aspect of security in general, it is the least important aspect of security systems for Internet-delivered e-mail.
Q13. Which of the following is typically not an element that must be discussed with end users in regard to e-mail retention policies?

A. Privacy
B. Auditor review
C. Length of retainer
D. Backup method

View Answer
The Correct Answer is D.
Explanation: The backup method is not an important factor to discuss with end users regarding e-mail retention.
Q14. What is it called when e-mail itself is used as an attack mechanism?

A. Masquerading
B. Mailbombing
C. Spoofing
D. Smurf attack

View Answer
The Correct Answer is B.
Explanation: Mailbombing is the use of e-mail as an attack mechanism. Flooding a system with messages causes a denial of service.
Q15. Why is spam so difficult to stop?

A. Filters are ineffective at blocking inbound messages.
B. The source address is usually spoofed.
C. It is an attack requiring little expertise.
D. Spam can cause denial of service attacks.

View Answer
The Correct Answer is B.
Explanation: It is often difficult to stop spam because the source of the messages is usually spoofed.
Q16. Which of the following security mechanisms for e-mail can provide two types of messages: signed and enveloped?

A. PEM
B. PGP
C. S/MIME
D. MOSS

View Answer
The Correct Answer is C.
Explanation: Two types of messages can be formed using S/MIME: signed messages and enveloped messages. A signed message provides integrity and sender authentication. An enveloped message provides integrity, sender authentication, and confidentiality.
Q17. In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse?

A. Encrypting communications
B. Changing default passwords
C. Using transmission logs
D. Taping and archiving all conversations

View Answer
The Correct Answer is B.
Explanation: Changing default passwords on PBX systems provides the most effective increase in security.
Q18. Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

A. Brute force attacks
B. Denial of service
C. Social engineering
D. Port scanning

View Answer
The Correct Answer is C.
Explanation: Social engineering can often be used to bypass even the most effective physical and logical controls. Whatever the actual activity is that the attacker convinces the victim to perform, it is usually directed toward opening a back door that the attacker can use to gain access to the network.
Q19. Which of the following is not a denial of service attack?

A. Exploiting a flaw in a program to consume 100 percent of the CPU
B. Sending malformed packets to a system, causing it to freeze
C. Performing a brute force attack against a known user account
D. Sending thousands of e-mails to a single address

View Answer
The Correct Answer is C.
Explanation: A brute force attack is not considered a DoS.
Q20. Which of the following is a digital end-to-end communications mechanism developed by telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry voice communications?

A. ISDN
B. Frame Relay
C. SMDS
D. ATM

View Answer
The Correct Answer is A.
Explanation: ISDN, or Integrated Services Digital Network, is a digital end-to-end communications mechanism. ISDN was developed by telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry voice communications.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com