DASHBOARD / CISSP (UPDATED) / ASSESSMENT / EXAM

Started on Wednesday, 9 February 2022, 9:13 PM

State Finished
Completed on Wednesday, 9 February 2022, 9:54 PM
Time taken 41 mins 40 secs
Feedback Thanks for taking the test! The results will be graded as soon as possible. Your result will not be visible here until
then to allow time for corrections and adjustments.

Question 1 How many layers are there in the official OSI model?
Complete
Select one:
Marked out of 1.00
a. 8
b. 4
c. 7
d. 10

Question 2 The TCP three-way handshake consists of SYN, SYN/ACK and what?
Complete
Select one:
Marked out of 1.00
a. ACK
b. FIN
c. EHLO
d. RST

Question 3 There are two types of risk analysis, what are they?
Complete

Marked out of 1.00 Select one or more:

a. Qualitative
b. Subjective
c. Quantitative
d. Cost-based

Question 4 What are attributes of IPv6? (Select all that apply)

Complete

Marked out of 1.00 Select one or more:

a. NAT often used

b. 4,294,967,296 addresses
c. 128-bit
d. No-NAT
Question 5 What are examples of physical security controls? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. CCTV cameras
b. Security guard
c. Bollards
d. MFA

Question 6 What are examples of risk management frameworks and standards? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. ISO 31000:2018
b. ISO 27018:2014
c. NIST Special Publication 800-37
d. ISO 27005:2018

Question 7 What are examples of risk treatment options?

Complete
Select one:
Marked out of 1.00
a. Mitigation, Assignment/Transfer, Acceptance, Avoidance
b. Mitigation, Tolerate, Assignment/Transfer, Evaluation
c. Mitigation, Destruction, Remediation, Avoidance
d. Mitigation, Assignment/Transfer, Controlling

Question 8 What are some different methods of data destruction? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. Erasure

b. Clearing
c. Degaussing
d. Purging

Question 9 What are some different types of cloud architecture? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. IaaS

b. PaaS
c. SaaS
d. XaaS
Question 10 What are some of the benefits of asymmetric encryption over symmetric? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. It’s slower
b. Increased security
c. It doesn’t require key exchange
d. It’s faster

Question 11 What are the different types of DLP? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. Network based DLP
b. Endpoint based DLP
c. User based DLP
d. Administrator based DLP

Question 12 What are the principles of the DAD triad?

Complete
Select one:
Marked out of 1.00
a. Disclosure, Alteration, Denial of Service

b. Disclosure, Alteration, Destruction

c. Disclosure, Access, Destruction
d. Disclosure, Availability, Data

Question 13 What are the three states of data?

Complete
Select one:
Marked out of 1.00
a. Data at rest, data in transit, data in use
b. Data at rest, data in transit, data in storage
c. Data at rest, encrypted data, data in transit
d. Data at rest, data on disk, data on network

Question 14 What are the three types of security test/assessment?

Complete
Select one:
Marked out of 1.00
a. White box, grey box, green box
b. White box, grey box, black box
c. White box, black box, purple box
d. White box, red box, blue box
Question 15 What are three different categories of law?
Complete
Select one:
Marked out of 1.00
a. Civil, Criminal, Cyberspace
b. Civil, Criminal, Jurisdictional
c. Civil, Criminal, Community
d. Civil, Criminal, Administrative

Question 16 What assessment is often the most useful assessment for assessing the control effectiveness within an
Complete organisation?

Marked out of 1.00

Select one:
a. SOC3
b. SOC2 Type I
c. Vulnerability Scan
d. SOC2 Type II

Question 17 What DNS record is used to identify where e-mail should be delivered to?
Complete
Select one:
Marked out of 1.00
a. CNAME
b. EML
c. MX
d. A

Question 18 What is the best practice method for permanent data destruction of cloud systems?
Complete
Select one:
Marked out of 1.00
a. Erasure
b. Degaussing
c. Cryptoshredding
d. Clearing

Question 19 What is the DAD triad?

Complete
Select one:
Marked out of 1.00
a. What occurs when the principles of the CIA triad fail

b. An encryption algorithm
c. Alternative labels of the CIA triad
d. The security principles used by the DoD
Question 20 What is true about security policies? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. Provide recommendations
b. Should not change often
c. High level
d. Top tier

Question 21 What is zero trust?

Complete
Select one:
Marked out of 1.00
a. Everything outside the firewall is untrusted, but everything behind it is
b. Considerations are made to ensure privacy is included in design
c. Nothing is trusted (inside the organisation or outside)
d. Security controls are all enabled by default

Question 22 What layer of the OSI model would include services such as FTP, HTTP, DNS most likely be found at?
Complete
Select one:
Marked out of 1.00
a. Layer 1

b. Layer 7
c. Layer 5
d. Layer 3

Question 23 What security model is most commonly associated with having an application layer where data isn’t interfaced
Complete with directly?

Marked out of 1.00

Select one:
a. Bell-LaPadula
b. Clark-Wilson
c. Brewer Nash
d. Biba

Question 24 What security model is no read-up and no write-down?

Complete
Select one:
Marked out of 1.00
a. Biba

b. Bell-LaPadula
c. Clark-Wilson
d. Brewer Nash
Question 25 What standard is used as an Information Security Management System and is certifiable?
Complete
Select one:
Marked out of 1.00
a. ISO 9001:2018
b. ISO/IEC 27001:2013
c. ISO 22301:2019
d. NIST Cyber Security Framework

Question 26 What TCP port is commonly associate with HTTPS?

Complete
Select one:
Marked out of 1.00
a. 53
b. 80
c. 21
d. 443

Question 27 What term is used to describe only providing the minimum level of access required to perform a function?
Complete
Select one:
Marked out of 1.00
a. Mandatory vacations

b. Job rotation
c. Least privilege
d. Separation of duties

Question 28 What type of access control is often used in the military based on sensitivity of information and requires formal
Complete authorisation such as security clearance?

Marked out of 1.00

Select one:
a. Mandatory access control

b. Role based access control

c. Discretionary access control
d. Sensitivity based access control

Question 29 What type of cloud is typically able to be consumed by anyone is managed by an external provider?
Complete
Select one:
Marked out of 1.00
a. Private
b. Joint
c. Public
d. Hybrid
Question 30 What type of social engineering attack leverages e-mail to attempt to solicit information?
Complete
Select one:
Marked out of 1.00
a. Phishing
b. Emishing
c. Smishing
d. Vishing

Question 31 What well-known framework is used to identify the security top risks to web applications?
Complete
Select one:
Marked out of 1.00
a. Cyber Killchain
b. NIST Cyber Security Framework
c. CIS Benchmarks
d. OWASP Top 10

Question 32 When sending messages using asymmetric encryption, what is used to encrypt the message?
Complete
Select one:
Marked out of 1.00
a. The recipient’s private key

b. The sender’s public key

c. The recipient’s public key
d. The sender’s private key

Question 33 When thinking about the three principles of the CIA triad, what are controls that can be used to help ensure
Complete integrity? (Select all that apply)
Marked out of 1.00
Select one or more:
a. Encryption

b. Secure coding
c. Fault tolerance
d. Login banners

Question 34 Which (US) government classification would be considered the most sensitive?
Complete
Select one:
Marked out of 1.00
a. Confidential

b. Highly Classified
c. Secret
d. Top Secret
Question 35 Which of the following controls helps to enforce nonrepudiation? (Select all that apply)
Complete

Marked out of 1.00 Select one or more:

a. Privacy screens
b. Digital Signatures
c. Tape backups
d. Audit logging

Question 36 Which specification can be used to help ensure proper data destruction?
Complete
Select one:
Marked out of 1.00
a. NIST SP 800-88
b. ISO/IEC 27001:2013
c. NIST SP 800-53
d. NIST SP 800-37

Question 37 Why is information classification important? (Select all that apply)

Complete

Marked out of 1.00 Select one or more:

a. It helps to determine the sensitivity of information

b. It helps to identify what security controls should be applied

c. It means you can put colourful labels on information
d. It assists in data leakage/loss prevention

Question 38 Why is it more secure to salt hashes?

Complete
Select one:
Marked out of 1.00
a. It makes hashing more efficient

b. They taste better

c. It allows easier identification of hashes
d. It helps to ensure unique hashes are created

Question 39 You have a username and password, what could be added that would meet the requirements of multi-factor
Complete authentication? (Select all that apply)
Marked out of 1.00
Select one or more:
a. Hardware token

b. PIN code
c. Authenticator app
d. Retina scan
Question 40 You have been tasked with reviewing the security of a password system, which method is the most appropriate for
Complete protecting user credentials?

Marked out of 1.00

Select one:
a. Encryption
b. Hashing + Salting
c. Auditing
d. Access Control Lists