RCR 076: CISSP Exam Questions on Encryption-CISSP Training and Study

Description: 

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.   

In this episode, Shon will provide CISSP training for Domain 6 (Security Assessment and Testing) of the CISSP Exam.  His extensive training will cover all of the CISSP domains. 

BTW - Get access to all my CISSP Training Courses here at:  https://shongerber.com/ 

CISSP Exam Questions 

Question:  110 

Tom would like to test system that lie within his network for vulnerabilities that could be exploited by the most recent set of ransomware variants.  Which one of the following tools would be best suited to accomplish this task? 

1. Network discovery scanner 
2. Network vulnerability scanner 
3. Web vulnerability scanner 
4. Ping sweep 

Explanation [b] A network vulnerability scanner would be the best tool for discovering what vulnerabilities reside within your network. 

------------------------------------ 

Question:  111 

1. When trying to gain the most detailed information about a system from a scan, what is the best scan to meet that objective? 
   1. Port Scan 
   2. Authenticated Scan 
   3. Vulnerability Scan 
   4. Unauthenticated Scan 

Explanation: [b] An authenticated scan allows you to use credentials which will provide you the most detailed information.   An unauthenticated scan will only provide you a view that is available from the outside and may not be an adequate or fair assessment of the system.   

------------------------------------ 

Question:  112 

What is the most common port used to communicated encrypted traffic on a web server? 

1. 22 
2. 143 
3. 80 
4. 443 

Explanation: [d] 443 is the common standard where encrypted communications use for transmitting data.  However, any port can be used for encrypted data, but 443 is considered the common standard.   

------------------------------------ 

Want to find Shon elsewhere on the internet? 

LinkedIn – www.linkedin.com/in/shongerber 

Facebook - https://www.facebook.com/CyberRiskReduced/ 

LINKS:  

• ISC2 Training Study Guide 
  • https://www.isc2.org/Training/Self-Study-Resources 

TRANSCRIPT:

Welcome to do Subarus podcast episode 76 practice cissp exam questions reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam spell Sean Gerber with Sean gerber.com and reduce Everest podcast hope you all are having a great week today and today we are going to be going over practice cissp questions a few of those to give you as you are probably as on a Saturday you are enjoying your beautiful Saturday listening to my wonderful voice listening to cissp questions as you're falling asleep actually fall asleep cuz you hear my voice he would go to sleep that's actually really good sleep aid listen to this before you go to bed very good idea what the day we had a wonderful and situation that happened with me I've got some friends of mine that I'm working out a cybersecurity Penn testing group and they were just working through some developers on how to implement some really cool tools so I can introduce them was a few developer friends of that I know and it's an amazing product that they're coming up with so hopefully they'll be hitting the market here soon to do some cybersecurity red team pentesting for people's foundry.com they're starting up a startup out of Wichita Kansas so pretty exciting stuff for that they taking the skills they learned through the military and now we're going to be parlaying those into Corporate America which is pretty pretty cool alright so let's roll into our exam questions they'll get a few more questions than normal so we'll just kind of put along with those okay so which AES finalist makes use of pre whitening and post whitening techniques a region doll two fish sea blowfish skipjack so a virgin doll that's not a fish two fish sea Blowfish and D skipjack so which as finalist makes you Supreme whitening techniques and answer is 2fish the two fish algorithm develop by Bruce schneier uses pre whitening and post whitening to make it be what kind of attack makes the Caesar Cipher virtually unusable all right so what kind of attack makes the Caesar Cipher virtually unusable a meet in the middle attack it's not like meat like any 80s me e t asgrow attack C frequency analysis attack and d-transposition attack queso what kind of attack makes the Caesar Cipher virtually unusable a meet the middle attack escrow attack is b c is a frequency analysis attack and he's a transposition attack and the answer is frequency analysis attack I was going to say because like going out. For whatever reason that was it but it no it is C frequency analysis attack was really strange and kept thinking in my mind Abby Abby Abby Caesar Cipher and other simple substitution ciphers are vulnerable to frequency analysis attacks that analyze the rate at which the specific letters appear in the ciphertext that is a freak attack question what type of Cipher relies upon changing the location of characters within a message to achieve confidentiality what type of Cipher relies upon changing the location of characters with age to achieve confidentiality a stream Cipher transposition Cipher C Block Cipher or d a substitution all right so what type of Cipher relies upon changing the location of characters within a message to achieve confidentiality a stream be transposition see blocked the substitution case if you know the word and you're moving stuff around and you're changing location it would be Transportation. Transportation transposition Cipher that is B transposition Cipher is a using a variety of techniques to reorder the characters within a message that is a transposition cipher next question which one of the following Cipher types operates on large pieces of a message rather than individual characters or bits of a message Pollock Cipher types operates on large pieces of a mess individual characters or bits of a message a stream Cipher Caesar Cipher. The salad decipher block Cipher or D3 Cipher rot3 answer is which of the following Cipher type operates a large pieces of a message rather than individual characters or bits of the message Caesar Cipher C block Cipher or d-roc free Cipher what is the block Cipher it is BRC Cipher block ciphers operate on a message chunks rather than the individual characters orbis other Cypress mentioned are all types of stream ciphers that operate an individual bits or characters of a message so the answer is C block not be but see all right the last and final question Richard wants to digitally sign a message he is sending to suit so that Sue can be sure the message came from him without modification while in transit which key should be used to encrypt the message digest the MD message Richard wants to digitally sign a message that he's sending to sue case you can be sure that the message came from him without modification cuz she's want Brad reading her message which key should be used to encrypt the message digest a public key Richard's private key Sue's Palicki prodigy which one is a Richard public-key B Richards private Key C Seuss public key or D sus private key and answer is yes Richard shooting grip the message digest with his own private key that's when Sue receives a message she will decrypt digest with Richard public key compute the message digest herself to make sure that it was not the Modified by Brad who's been trying to spy on her if it do dishes match then she can be sure the message was truly from Richard and not brat okay I hope you all have a wonderful day go to champs.com check me out all money subscribers you sign up get 35% before you there is a cissp mini course free cissp exam questions podcast and so much more it's all available to my email subscriber so sign up if you want my personalized cissp training purchase my training courses and I'll be there to help you with your cissp need so you can pass the test the first time thanks so much for listening will catch you on the flip side