CISSP - Question Bank 08

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start

Q1. What is the size of the Master Boot Record on a system installed with a typical configuration?

A. 256 bytes
B. 512 bytes
C. 1,024 bytes
D. 2,048 bytes

View Answer
The Correct Answer is B.
Explanation: The Master Boot Record is a single sector of a floppy disk or hard drive. Each sector is normally 512 bytes. The MBR contains only enough information to direct the proper loading of the operating system.
Q2. How many steps take place in the standard TCP/IP handshaking process?

A. One
B. Two
C. Three
D. Four

View Answer
The Correct Answer is C.
Explanation: The TCP/IP handshake consists of three phases: SYN, SYN/ACK, and ACK. Attacks like the SYN flood abuse this process by taking advantage of weaknesses in the handshaking protocol to mount a denial of service attack.
Q3. Which one of the following types of attacks relies upon the difference between the timing of two events?

A. Smurf
B. TOCTTOU
C. Land
D. Fraggle

View Answer
The Correct Answer is B.
Explanation: The time-of-check-to-time-of-use (TOCTTOU) attack relies upon the timing of the execution of two events.
Q4. What propagation technique does the Good Times virus use to spread infection?

A. File infection
B. Boot sector infection
C. Macro infection
D. None of the above

View Answer
The Correct Answer is D.
Explanation: The Good Times virus is a famous hoax that does not actually exist.
Q5. What advanced virus technique modifies the malicious code of a virus on each system it infects?

A. Polymorphism
B. Stealth
C. Encryption
D. Multipartitism

View Answer
The Correct Answer is A.
Explanation: In an attempt to avoid detection by signature-based antivirus software packages, polymorphic viruses modify their own code each time they infect a system.
Q6. Which one of the following files might be modified or created by a companion virus?

A. COMMAND.EXE
B. CONFIG.SYS
C. AUTOEXEC.BAT
D. WIN32.DLL

View Answer
The Correct Answer is A.
Explanation: Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. The virus file is executed when an unsuspecting user types the filename without the extension at the command prompt.
Q7. What is the best defensive action that system administrators can take against the threat posed by brand new malicious code objects that exploit known software vulnerabilities?

A. Update antivirus definitions monthly
B. Install anti-worm filters on the proxy server
C. Apply security patches as they are released
D. Prohibit Internet use on the corporate network

View Answer
The Correct Answer is C.
Explanation: The vast majority of new malicious code objects exploit known vulnerabilities that were already addressed by software manufacturers. The best action administrators can take against new threats is to maintain the patch level of their systems.
Q8. Which one of the following passwords is least likely to be compromised during a dictionary attack?

A. mike
B. elppa
C. dayorange
D. dlayna

View Answer
The Correct Answer is D.
Explanation: All of the other choices are forms of common words that might be found during a dictionary attack. mike is a name and would be easily detected. elppa is simply apple spelled backwards, and dayorange combines two dictionary words. Crack and other utilities can easily see through these "sneaky" techniques. dlayna is simply a random string of characters that a dictionary attack would not uncover.
Q9. What file is instrumental in preventing dictionary attacks against Unix systems?

A. /etc/passwd
B. /etc/shadow
C. /etc/security
D. /etc/pwlog

View Answer
The Correct Answer is B.
Explanation: Shadow password files move encrypted password information from the publicly readable / etc/passwd file to the protected /etc/shadow file.
Q10. Which one of the following tools can be used to launch a distributed denial of service attack against a system or network?

A. Satan
B. Saint
C. Trinoo
D. Nmap

View Answer
The Correct Answer is C.
Explanation: Trinoo and the Tribal Flood Network (TFN) are the two most commonly used distributed denial of service (DDoS) attack toolkits. The other three tools mentioned are reconnaissance techniques used to map networks and scan for known vulnerabilities.
Q11. Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

A. Teardrop
B. Smurf
C. Ping of death
D. SYN flood

View Answer
The Correct Answer is A.
Explanation: The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash.
Q12. What type of reconnaissance attack provides hackers with useful information about the services running on a system?

A. Session hijacking
B. Port scan
C. Dumpster diving
D. IP sweep

View Answer
The Correct Answer is B.
Explanation: Port scans reveal the ports associated with services running on a machine and available to the public.
Q13. A hacker located at IP address 12.8.0.1 wants to launch a Smurf attack on a victim machine located at IP address 129.74.15.12 utilizing a third-party network located at 141.190.0.0/16. What would be the source IP address on the single packet the hacker transmits?

A. 12.8.0.1
B. 129.74.15.12
C. 141.190.0.0
D. 141.190.255.255

View Answer
The Correct Answer is B.
Explanation: The single packet would be sent from the hacker to the third-party network. The source address of this packet would be the IP address of the victim (129.74.15.12), and the destination address would be the broadcast address of the third-party network (141.190.255.255).
Q14. What type of virus utilizes more than one propagation technique to maximize the number of penetrated systems?

A. Stealth virus
B. Companion virus
C. Polymorphic virus
D. Multipartite virus

View Answer
The Correct Answer is D.
Explanation: Multipartite viruses use two or more propagation techniques (e.g., file infection and boot sector infection) to maximize their reach.
Q15. What is the minimum size a packet can be to be used in a ping of death attack?

A. 2,049 bytes
B. 16,385 bytes
C. 32,769 bytes
D. 65,537 bytes

View Answer
The Correct Answer is D.
Explanation: The maximum allowed ping packet size is 65,536 bytes. To engage in a ping of death attack, an attacker must send a packet that exceeds this maximum. Therefore, the smallest packet that might result in a successful attack would be 65,537 bytes.
Q16. Jim recently downloaded an application from a website that ran within his browser and caused his system to crash by consuming all available resources. Of what type of malicious code was Jim most likely the victim of?

A. Virus
B. Worm
C. Trojan horse
D. Hostile applet

View Answer
The Correct Answer is D.
Explanation: Hostile applets are a type of malicious code that users download from a remote website and run within their browsers. These applets, written using technologies like ActiveX and Java, may then perform a variety of malicious actions.
Q17. Alan is the security administrator for a public network. In an attempt to detect hacking attempts, he installed a program on his production servers that imitates a well-known operating system vulnerability and reports exploitation attempts to the administrator. What is this type of technique called?

A. Honey pot
B. Pseudo-flaw
C. Firewall
D. Bear trap

View Answer
The Correct Answer is B.
Explanation: Alan has implemented pseudo-flaws in his production systems. Honey pots often use pseudoflaws, but they are not the technology used in this case because honey pots are stand-alone systems dedicated to detecting hackers.
Q18. What technology does the Java language use to minimize the threat posed by applets?

A. Confidentiality
B. Encryption
C. Stealth
D. Sandbox

View Answer
The Correct Answer is D.
Explanation: The Java sandbox isolates applets and allows them to run within a protected environment, limiting the effect they may have on the rest of the system.
Q19. Renee is the security administrator for a research network. She's attempting to convince her boss that they should disable two unused services-chargen and echo. What attack is the network more vulnerable to with these services running?

A. Smurf
B. Land
C. Fraggle
D. Ping of death

View Answer
The Correct Answer is C.
Explanation: The Fraggle attack utilizes the uncommonly used UDP services chargen and echo to implement a denial of service attack.
Q20. Which one of the following attacks uses a TCP packet with the SYN flag set and identical source/ destination IP addresses and ports?

A. Smurf
B. Land
C. Fraggle
D. Ping of death

View Answer
The Correct Answer is B.
Explanation: The Land attack uses a TCP packet constructed with the SYN flag set and identical source and destination sockets. It causes older operating systems to behave in an unpredictable manner.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com