CCT 045: CISSP Exam Questions (Domain 7)

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Hey, i'm Sean Gerber with CISSP Cyber Training and we are going to be going over some CISSP exam questions, do we are? this is domain 7 of Focus on the CISSP exam and we are going to get into some key questions. You may see on the CISSP exam. Like we talked about before, the CISSP exam is not about memorizing the questions. Those are not. It's not going to help you doing that. You want to understand the concepts behind it. So we are going to go over some of the concepts as it relates to the questions and this is tied in with, specifically, domain 7. Okay, so, before we get going, i want to also put a plug out there for my blueprint. I have a CISSP blueprint. That is one of the products that I offer at CISSP Cyber Training, part of my membership plan. You will get the blueprint. This blueprint will allow you access directly to understand what are the steps you need to do, and not just a study guide that walks you through. This is step one. This is step two. It's no kidding, a study guide is part of it, but it's also going to have in there where okay, the week one, this is what you do, complete these 35 things and you will go, and it's got the links on where to go, what you should do, how you should, what you should read, and then it walks you through specifically each individual step. I'm building this out even as we go, but right now it's really a really good product, but it's only going to get better over time. I highly recommend that you go check it out. It's pretty awesome, so, but we'll just go ahead and get started again. Check out my CISSP blueprint at CISSPcybertrainingcom. Okay, so which of the following is a not not again, focus on the not a primary purpose of logging and monitoring and information security? A detecting security incidents. B analyzing system performance. C reporting on regulatory compliance. Or D controlling access to network resources. So, again, which of the following is not a primary purpose of logging and monitoring in information security? So, again, what's the primary purpose? Detecting security incidents, analyzing system performance reporting, regulatory compliance We talked about all those in the previous podcast, right D controlling access to network resources. It is not a control. It provides the detecting, analyzing and reporting, but does not control access to network resources. Question two what is the primary purpose of a security information? and it's actually incident and event management system. Okay. So what is the primary purpose of a SIM? Provide centralized logging and monitoring of security events, enforce access control policies across the network, prevent malware infections from spreading or to perform penetration testing. So what is the purpose of a SIM? Provide centralized logging and monitoring, enforce access control policies, prevent malware infections and spreading, or perform network penetration testing. The answer is A centralized logging and monitoring of network resources and security events. Actually, not network resources, just security events. Okay, question three what is the difference between a security event and a security incident? A security event is a minor issue, while a security incident is a major problem. Next question A, or choice A B if event refers to a system activity, while a security incident is a confirmed security breach. B or C a security event is generated by automated tools and a security incident is reported by a human user. Or D a security event is accidental, while a security incident is intentional Okay, so that one you might get a little confused on. But basically, what's the difference between an event and a security incident? And this is what I talk about with when you're dealing with reporting, especially to any sort of regulatory or legal folks? Again, you need to follow what are the requirements around reporting and monitoring of your systems. If there are requirements that you must report these systems, you must report them. You must do that. However, how you define what is a security incident or a security event is really an important factor, and because they do have different kinds of consequences behind them. But the answer of this is B, right. A security event refers to a system activity, whereas security incident is a confirmed security breach. I would say the confirmed is probably a little bit squishy there, but you're going to have to break down which one does that mean when you're taking the test. What is the best right answer in that case, and what are they trying to get at when they're saying that? out of all of those answers, i would pick B, even though I'm a little bit squishy on the whole confirmed part. I would pick, still pick B. Which of the following is an example of a security control that can be implemented to protect log files from unauthorized access? A encrypting the files. B hiding the log files in an obscure directory. A or C renaming the log files periodically. Or D deleting the log files after a period of time. So again, which of the following is an example of security control that can be implemented to protect log files from unauthorized access? So if you look at all those choices from encrypting, hiding, renaming, deleting the hiding, renaming and deleting that was B, c and D that does not make any sense as it relates to protecting the log files. But encrypting the log files would be a protection that you would put in place. Potentially, which of the following is not a benefit of using log analysis tools for security monitoring? A improved incident response times. B identification of security policy violations. C reduction of network latency. Or D detection of anomalous network behavior Okay. So the question again is what? which of the following is not a benefit of using log analysis tools for security monitoring? A improved incident response Okay, so that is a benefit. B identification of security policy violations Yeah, that's a benefit. C reduction of network latency has nothing to do with network latency. And then D detection of anomalous network behavior Yes, it would help with that, so that would be a benefit. So the answer, the correct answer, which is the wrong right, is reduction of network latency. It is not a benefit of using log analysis tools for security monitoring. Which of the following is a limitation of using honeypots for security monitoring? A honeypots are expensive to implement. B honeypots can be detected by attackers. C honeypots can generate false positives. Or D honeypots are ineffective at detecting advanced, persistent threats. So which of the following is a limitation of using honeypots for security monitoring? A limitation So are they expensive? No, they're not expensive to operate, so that would be thrown out. Honeypots can be detected by attackers Yes, they can, but not not easily. Again, if you configure them correctly definitely not easily. Honeypots can generate false positives. Yes, they can definitely generate false positives. And then honeypots are ineffective at detecting APTs or advanced persistent threats. No, they're very good at detecting APTs. Now, if the APT is really good, it may determine it's a honeypot, but they can be very helpful in determining if someone is in your network. So the answer is C honeypots can generate false positives. All right, seven. Which of the following is the best practice for log retention policies? A retain logs indefinitely to ensure compliance. B set retention periods based on legal requirements only. C retain logs for a minimum of six months. Or D reset retention periods based on business and security requirements. Okay, so which of the following is the best practice for log retention policies? Retain logs indefinitely. Set retention periods based on legal requirements only. See only? no, that's not true. Retain logs for a minimum of six months. That may not be best in your company's interest. Or set retention periods based on business and security requirements. Yes, the answer is D. Do it based on your business and security requirements. Eight what is the primary purpose of log correlation and security monitoring? A to identify patterns of behavior that may indicate security incidents. B enforce access control policies across the network. C detect malware infections before they spread. Or D perform network penetration testing. So the primary purpose of log correlation, of security monitoring, is A identify patterns of behavior that may indicate a security incident. Again, you wanna make sure that you indicate what's going on within your environment. Number nine two more to go. What is the difference between network tap and a port mirror? Ooh, big, tough question there. K A a network tap is a physical device, while a port mirror is a software-based tool. Maybe? B? the network tap is used for network intrusion detection, while a port mirror is used to a network performance monitoring. Hmm, c, a network tap forwards all network traffic to a monitoring device Yes, that's true While a port mirror selectively copies network traffic. Yes, that is correct. And then D, a network tap is used for wireless networks while a port mirror is used for wired networks. That is not correct. So again, the difference is between a tap and a port mirror. A tap, again, you tap that into your network and it basically ends up forwarding all network traffic to a monitoring device. This is typically done when you don't wanna have what we call a bump in the wire, where you don't wanna have it going through a system so that if, in the event, there would be a failure of that device, then it would cause an outage. So you typically will tap your network and pull data from it, whereas a mirroring tool will collect specific copies of network traffic. I've never used a mirroring tool. I've heard of them but never used them on myself. But I have used a network tap on numerous occasions, especially for security tools. D or D 10,. What is the following is a common technique used to evade detection by logging, log monitoring tools. Okay. Last question Which of the following is a common technique used to evade detection by log monitoring tools A performing network scans during off peak hours. B using encrypted communications. C injecting false log entries or. D spoofing IP addresses. So which of the following is a common technique used to evade detection by log monitoring tools? The answer is C injecting false log entries into the system. Again, you wanna make sure that if you're trying to evade detection, putting false log entries into a system will cause people to be confused. However, again, if you're an attacker and you start putting false things in, it's gonna tell people specifically going well, okay, yeah, these are fake. They may cause them to be delayed a little bit in their reaction, but once they figure out they're fake, they know they have a problem. So you gotta be very careful if you're an attacker doing something Again, i'm saying that from a positive standpoint You wanna use your powers for good, not evil. By using messing with logs it can be a bit problematic. So you really do wanna avoid that. All right, i hope you all have a wonderful day. That's all I've got for you today, and it's again. Go to CIS's P-Cyber Training, check it out, look at my Blueprint, see if you can find that It's a really good product and I think you're gonna really enjoy it. All right, have a wonderful day. We'll catch you on the flip side, see ya.