38 What is parity check?
Involves 0 and 1. a method for detecting errors in data communications or within a computer system by counting the number of ones or zeros per byte or per word, including a special check bit (parity bit), to see if the value is even or odd.
44 What does directive control mean?
you want a specific outcome.
45 what is a data controller?
data owner>data controller>data steward.
The data controller decides how and why personal data is processed
5-75 Hard#2 47 Which is more secure? 2 factor or Biometric?
2FA
57 what is a squatting attack?
known as cybersquatting or domain squatting, is the act of registering, trafficking in, or using a domain name that is confusingly similar to a trademark or personal name with the intention to profit from the goodwill associated with that trademark or name. This can involve registering variations of a popular website’s domain name, often with minor misspellings or subtle changes, and then using those domains for malicious purposes.
57 what is Time of Check/ Time of Use (TOCTOU) attack?
TOCTOU attacks exploit the time gap between when a system checks a condition (the time of check) and when it uses the results of that check (the time of use). By making the transaction atomic, the system ensures that the state of the system cannot change between the check and the use, thus preventing this type of race condition attack.
58 Which is more important in data storage and retrieval? a) condition of the harddrive or b) how often you need to back up the data
b) how often you need to back up the data
While the age of backup tapes can affect their reliability, the frequency of backup usage and testing is a higher priority to ensure that data can be restored when needed
61 What is more management work ? a) verify accuracy of data or b) categorize data
B. categorize data. Data Owners are responsible for determining the sensitivity and classification of the data to ensure that it is handled according to the appropriate security protocols. the verification of data accuracy is a day-to-day operational task that is often the responsibility of the individuals who enter or manage the data on a regular basis, such as data entry personnel or data custodians.
62 How do you provide authentication for hashing data?
You use HMAC or digital signatures which combine hashing with secret keys. Hashing provides integrity. No confidentialy since it is one way. You should use encryption of confidentity but it doesn’t provide integrity or authentication
68 chmod commands?
owner, group, others. read=4, write=2, execute=1. so 777 is all available.
70 what is difference between ldap and ad?
LDAP is a protocol, while Active Directory is a specific implementation of a directory service that uses LDAP as one of its communication protocols. port 389 for unsecure and port 636 for secure ssl
71 If you have logging or verify accuracy, then what is most likely to be the answer?
classification and categorization is the answer
72 If the question that ask for requirements, then what is most likely the answer?
policy
76 If the question involves staffs, what kind of access control is it?
it will be role based. RBAC.
79 What is DHCP?
DHCP, or Dynamic Host Configuration Protocol, is a network protocol that automatically assigns IP addresses and other network configuration information to devices connected to a network. This process eliminates the need for manual configuration of each device, making network management much easier, especially on large networks.
79 How many host per network are there for the se ipv4 configurations? a) /8 b) /16 c) /24
a) 16,777,214 b) 65,534 c) 254
79 What is a PAT? How is a NAT? Difference between PAT and NAT?
PAT technique used to translate private IP addresses to public IP addresses, allowing multiple devices on a private network to share a single public IP address for internet access
NAT translates the private IP addresses of devices on a local network to a public IP address when communicating with the internet.
PAT can be considered an extension of NAT, as it uses similar translation principles but with the addition of port number translation. Used to have more IP addresses
89 What is weakness of RDP? What is VDI (virtual desktop infastructure)
RDP is vulernable to MitM attacks. VDI is cheaper, secure. zero client>thin client
92 How many tapes do you need for a differential backup?
only 2. The full one and the last differential one.
93 What is difference between ssh and sftp? and what port do they use?
sftp is a subset of ssh and used port 22. ssh is general, it might use port 22 or something else
98 What port is 50 and 51? Port 1? Port 6?
port 50 is ESP and port 51 is AH
Port 1 is ICMP. Port 6 is TCP
101 What is a smurf attack? What is a salami attack?
Smurf send IP and ICMP packets to overwhelm (DDOS). source IP address is victims. Salami attack, small amounts are stolen from victim before they notice
104 What scrum?
Framework built on principles of transparency, inspection, and adaptation, allowing teams to learn and adjust based on experience
109 internal IP addresses in the range 192.168.0.0-192.168.7.255 means you can use ipv6 or ipv4? And which one should you use?
Eventhough the internal ip address is ipv4, you can use ipv6 to route the internet. ipv6 is better since it is more cost effective. ipv4 is expensive.
-
CISSP Easy/Mid Domain134
-
CISSP Hard #1 All Domains 125Q50
-
CISSP Easy Section 330
-
CISSP Section 234
-
CISSP Stone River Asset Security2
-
CISSP Section 546
-
CISSP Section 736
-
Domain 449
-
Domain 839
-
Domain 6 Security Assessment & Testing35
-
General questions17
-
Technical Institute of America 50 CISSP Practice Questions21
-
Inside Cloud & Security11
-
Thor Hard #228
-
Thor Easy 113
-
Thor Easy 1 Part 224
-
Thor Easy 2 part 135
-
Quantum Exam0
