RCR 075: Practice CISSP Exam Questions for Pen Testing - CISSP Training and Study!

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains.

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/

CISSP Exam Questions

Question:  108

What are the various phases associated with completing a Penetration Test for an organization.

1. Planning, Reporting, Vulnerability Management, Exploiting, Information Gathering
2. Production, Registration, Vulnerability Management, Exploiting, Information Gathering
3. Planning, Reporting, Vulnerability Scanning, Exploiting, Information Gathering
4. Production, Reporting, Vulnerability Management, Exploiting, Information Gathering

Explanation: [c] Planning, Reporting, Vulnerability Scanning, Exploiting, and Information Gathering (not in order) are the phases of completing a penetration test for an organization.

------------------------------------

Question:  109

When creating metrics for your leadership, what are first items you should focus first on and what should be your level of complexity for the report?

1. Very complex metrics focused on all systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
2. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues
3. Very simple metrics focused on critical systems; Management processes, Closed vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance issues
4. Very simple metrics focused on critical systems; Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues

Explanation:  [b] Starting off with simple metrics focused on critical systems with the following metrics:  Open vulnerabilities, Time to resolve, Outdated systems, Uploaded data, Legal/Compliance Issues is the best method to get started.  Obviously, you organization may be different and you will have to modify to meet your needs, but it is good place to get started….keep it simple.  

------------------------------------

Question:  110

When completing a Penetration Test of your organization who needs to be involved in the discussion and decision?

1. No one; informing people that the penetration test will occur will taint the results resulting in waste
2. Everyone; it is important that people don't feel duped that this test was designed to trick them
3. Key personnel; it is important to focus on only telling the decision makers/influencers (CEO/CIO, Legal, Public Affairs, Compliance) as it relates to a penetration test.
4. None of the above

Explanation: [c] It is important the right people are involved in the decision making process as a Pen Test can have significant impact on an organization and cause a disruption within a company.

------------------------------------

Want to find Shon elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

• ISC2 Training Study Guide
• • https://www.isc2.org/Training/Self-Study-Resources

TRANSCRIPT

welcome to the reduce cyber risk podcast episode 75 practice cissp exam questions welcome to the reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam all right hey good morning everybody hope everybody's doing well as beautiful day and so I've this is a day that I could include in that conclusion that the right word compilation Nazi I can't use $10 words very well practice exam questions for those of you who are studying for your cissp and hopefully you are having a good weekend studying for that and this is one mortal bit to help you during that process so today we're going to talk about cissp exam questions so let's get started with the first question list or otherwise known as CR else major disadvantage for using revocation lists crl's Key Management B latency record-keeping or D2 Brute Force attacks so what is it key a disadvantage for using a certificate revocation lists Key Management latency record-keeping or vulnerability to Brute Force attacks okay so if you'd go and go through this little bit you'll understand a little bit but vulnerable to brute-force attack probably not once you to throw that out record-keeping probably not wanted to throw that one out so then you start getting into too and are A&B my which one is it because it could be either you're mine but a certificate revocation lists would be a challenge a disadvantage of it would be a latency okay cuz basically certificate certificate expiration process due to the time lag between the distributions it basically they're their input on that list and then when is it happening is it takes time sometimes for if you put a certificate on the list that's pushed out to a computer then it may not always be on there so there is a latency issue that takes from it being updated so that is what the crl 10 disadvantages is latency question how many encryption keys are required to fully Implement and asymmetric algorithm with A10 participant's so how many cookies are required to fully Implement an asymmetric algorithm with ten10 participant's queso again focused on asymmetric algorithms and then there's 10 people is 10 vs 20 45 and he's 100 but you got to start thinking about that which one is it how many keys encryption keys are required to fully Implement in a semi rhythm with 10 participants A10 B20 c-45 D100 each participant requires two keys write your public and your private key will be the person has to have two keys then that would be 20 alright next question when correctly implemented what is the only cryptographic system known to be unbreakable unbreakable a transposition cipher substitution Cipher Advanced encryption it was known as a es or is a one-time pad the correctly implemented what is the only cryptographic system known to be unbreakable a transposition cipher be a substitution Cipher seeing an advanced encryption standard AES or D one-time pad and answer is keypad as soon as properly installed and utilized a one-time pad is the only known cryptographic system that is not vulnerable to attacks why cuz it's one time and that you can't really do anything to it since it's a one-time Pad but are the ones that you can consider yourself with is the only known only crippled system known that is unbreakable one-time pad all right hope everybody is doing well this beautiful day and you know what is everything else that goes on in Rashawn gerber.com Andrews cyber-risk you can check me out at Shawn Garber s h o n g e r b e r and I can get you all the stuff you need to pass the cissp exam have a wonderful day and we will catch you Flipside see you thanks so much for joining me today on my podcast head over to shown gerber.com and look at all the free content that I have available for you there is a cissp mini course free cissp exam questions podcast and so much more it's all available to my email subscriber so sign up if you want my personalized cissp training you with your cissp need so you can pass the test