Question 1

Which of the following heights of fence deters only casual trespassers?

Accepted Answer

B

Explanation: A fence that is 3 to 4 feet (approximately 1 meter) high serves primarily as a psychological and demarcation barrier. Its main purpose is to define a property boundary and discourage casual or opportunistic entry. This height is easily surmounted by a determined individual but is generally sufficient to deter someone who is not actively seeking to trespass. It effectively communicates that an area is private property without providing a significant physical obstacle, thus deterring only casual trespassers.

Question 2

Your customer is concerned about security. He wants to make certain no one in the outside world can see the IP addresses inside his network. What feature of a router would accomplish this?

Accepted Answer

B

Explanation: Network Address Translation (NAT) is a method used by routers to map multiple private, non-routable IP addresses (e.g., from the 192.168.0.0/16 range) to a single, public, routable IP address. When a device on the internal network sends a packet to the internet, the NAT router replaces the private source IP address with its own public IP address. To any external observer, all traffic appears to originate from the router itself, effectively hiding the internal network's structure and specific IP addresses. This is a fundamental function of NAT and directly addresses the customer's requirement.

Question 3

Which of the following layers of the OSI model provides non-repudiation services?

Accepted Answer

A

Explanation: Non-repudiation is a security service that provides proof of the integrity and origin of data, preventing an entity from denying having performed a particular action. This is typically achieved using digital signatures, which are created and verified by application-level protocols. The OSI Security Architecture (ISO/IEC 7498-2) explicitly places the non-repudiation service at the Application Layer (Layer 7). This is because the Application Layer is closest to the user and manages the specific data (e.g., an email, a transaction) whose origin needs to be proven. Protocols like Secure/Multipurpose Internet Mail Extensions (S/MIME) operate here to provide this service.

Question 4

Which of the following plans is a comprehensive statement of consistent actions to be taken before,
during, and after a disruptive event that causes a significant loss of information systems resources?

Accepted Answer

A

Explanation: A Disaster Recovery Plan (DRP) is the specific, technical plan focused on the actions required to recover and restore information systems, data, and IT infrastructure following a disruptive event. The question's key phrase, "significant loss of information systems resources," directly aligns with the primary purpose of a DRP. While a DRP is a component of broader continuity efforts, it is the principal document that addresses the detailed procedures for responding to a technology-centric disaster before, during, and after the event to restore system functionality.

Question 5

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH- 2 protocol? Each correct answer represents a complete solution. Choose all that apply.

Accepted Answer

A, B, C

Explanation: The SSH-2 protocol was a complete redesign of SSH-1 to address security flaws and improve modularity. As part of this redesign, several authentication methods supported in SSH-1 were deprecated and removed or replaced with more secure and flexible alternatives in SSH-2. Specifically, Rhosts (rsh-style) authentication was removed due to its inherent insecurities related to IP and DNS spoofing. TIS authentication, an early challenge-response mechanism, was superseded by the more generic 'keyboard-interactive' method. The direct Kerberos authentication method in SSH-1 was replaced in SSH-2 by the more extensible Generic Security Service Application Program Interface (GSSAPI), which can support Kerberos 5 and other mechanisms. Password-based authentication remains a core method in both protocol versions.

Question 6

Which of the following is a correct sequence of different layers of Open System Interconnection (OSI) model?

Accepted Answer

D

Explanation: The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven distinct abstraction layers. The correct sequence, starting from the lowest layer (Layer 1) which deals with the physical hardware, to the highest layer (Layer 7) which interacts with the user application, is: Physical, Data Link, Network, Transport, Session, Presentation, and Application. This order ensures a structured flow of data, where each layer serves the layer above it and is served by the layer below it. Option D correctly lists these seven layers in ascending order.

Question 7

You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network.
You want to use a firewall that can track the state of active connections of the network and then
determine which network packets are allowed to enter through the firewall. Which of the following
firewalls has this feature?

Accepted Answer

A

Explanation: The critical factor in the scenario is the room's environment: "totally in darkness." A photoelectric motion detector is an active sensor that operates by transmitting a beam of light, typically infrared (IR), from an emitter to a receiver. An alarm is triggered when an object passes through and interrupts the beam. Because this device generates its own light source (the IR beam), its functionality is completely independent of ambient light conditions, making it the most suitable and effective choice for a completely dark room.

Question 8

Which of the following is a network service that stores and organizes information about a network users and network resources and that allows administrators to manage users' access to the resources?

Accepted Answer

C

Explanation: A directory service is a software system that stores, organizes, and provides access to information in a computer network's directory. Its primary function is to act as a central repository for information about network resources, including users, groups, computers, printers, and shared folders. It provides a structured, hierarchical view of this information and includes services for locating resources and managing access control. Administrators use the directory service to centrally manage user authentication and authorization, thereby controlling access to all integrated network resources. Prominent examples include Microsoft's Active Directory and services based on the Lightweight Directory Access Protocol (LDAP).

Question 9

Which of the following life cycle modeling activities establishes service relationships and message exchange paths?

Accepted Answer

A

Explanation: Service-oriented logical design modeling is the phase in the Service-Oriented Architecture (SOA) lifecycle where abstract business requirements are translated into a detailed, technology-agnostic blueprint for services. This activity explicitly defines the service contracts (interfaces), message structures (data exchange formats), and interaction protocols. By defining these elements, this phase formally establishes the functional relationships between services and the specific paths through which they will exchange messages to fulfill their roles within the architecture. It is the crucial step that bridges high-level conceptual models with the concrete details needed for implementation.

Question 10

You work as an Incident handling manager for a company. The public relations process of the
company includes an event that responds to the e-mails queries. But since few days, it is identified
that this process is providing a way to spammers to perform different types of e-mail attacks. Which
of the following phases of the Incident handling process will now be involved in resolving this
process and find a solution? Each correct answer represents a part of the solution. Choose all that
apply.

Accepted Answer

B, C, D

Explanation: Based on the standard incident handling lifecycle, such as the one defined in NIST SP 800-61, the phases following Identification are Containment, Eradication, and Recovery. In this scenario: Containment (represented by the non-standard term 'Contamination') is the immediate step to limit the damage, such as by implementing temporary filters or blocking the source of the spam. Eradication involves removing the root cause of the incident, which means fixing the vulnerability in the public relations e-mail process that allows spammers to exploit it. Recovery is the final step in the resolution, where the corrected e-mail process is restored to full, secure operation and monitored to ensure the solution is effective.

Question 11

You work as an Incident handling manager for a company. The public relations process of the
company includes an event that responds to the e-mails queries. But since few days, it is identified
that this process is providing a way to spammers to perform different types of e-mail attacks. Which
of the following phases of the Incident handling process will now be involved in resolving this
process and find a solution? Each correct answer represents a part of the solution. Choose all that
apply.

Accepted Answer

A

Explanation: The Eradication phase of the incident handling process focuses on the complete removal of the incident's components from the affected systems. After a virus is identified and the incident is contained, a signature is developed to be used by security tools, such as antivirus or endpoint detection and response (EDR) systems. These tools then scan all hosts to find and eliminate every instance of the malicious code, thereby eradicating the threat from the environment. This action directly aligns with the primary goal of the Eradication phase, which is to remove the root cause of the incident.

Question 12

Which of the following electrical events shows a sudden drop of power source that can cause a wide variety of problems on a PC or a network?

Accepted Answer

C

Explanation: A power sag, also known as a dip, is a short-term reduction in the RMS (root mean square) voltage of the power source, typically lasting from half a cycle to one minute. This "sudden drop" forces electronic components in a PC or network device to operate below their specified voltage tolerance. This can lead to a wide variety of unpredictable problems, including system reboots, memory errors, data corruption, logic faults, and cumulative stress on hardware that can cause premature failure. Unlike a blackout, which causes a complete and predictable shutdown, the effects of a sag are more varied and often harder to diagnose.

Question 13

Kerberos is a computer network authentication protocol that allows individuals communicating over
a non-secure network to prove their identity to one another in a secure manner. Which of the
following statements are true about the Kerberos authentication scheme? Each correct answer
represents a complete solution. Choose all that apply.

Accepted Answer

A, D, B

Explanation: Kerberos is a centralized authentication protocol that relies on a trusted third party, the Key Distribution Center (KDC). The KDC is a single point of failure; if it is unavailable, no new authentication tickets can be issued, making its continuous availability a requirement (A). The protocol's defense against replay attacks is based on timestamps embedded within authenticators. For this mechanism to work, the clocks of all participating systems (client, server, and KDC) must be synchronized within a pre-configured tolerance (known as clock skew) (D). A significant vulnerability exists in the initial exchange where the Authentication Service (AS) reply is encrypted with a key derived from the user's password. This allows an attacker to capture this message and perform an offline dictionary or brute-force attack to recover the password. Option (B) correctly identifies this vulnerability, although it imprecisely refers to the TGS response instead of the AS response, which is the actual target of this attack.

Question 14

Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

Accepted Answer

A

Explanation: A cipher is a cryptographic algorithm that defines the steps for both encryption and decryption. Encryption is the process of transforming a plaintext message into a masked, unreadable form called ciphertext. Decryption is the corresponding process of using a key to reverse the transformation, recovering the original plaintext from the ciphertext. This two-part process of masking and unmasking is the fundamental definition of a cipher.

Question 15

You work as a Chief Security Officer for Tech Perfect Inc. The company has a TCP/IP based network.
You want to use a firewall that can track the state of active connections of the network and then
determine which network packets are allowed to enter through the firewall. Which of the following
firewalls has this feature?

Accepted Answer

A, C

Explanation: The question describes a firewall that tracks the state of active connections to make filtering decisions. This is the defining characteristic of a stateful inspection firewall. This type of firewall maintains a state table of all active connections, allowing it to make more intelligent decisions than a stateless filter by understanding the context of network traffic. For example, it can dynamically permit return traffic for a connection initiated from inside the network without a specific inbound rule. The term "Dynamic packet-filtering firewall" is a recognized synonym for a stateful inspection firewall, as it highlights the dynamic nature of the rule set, which is modified based on the connection state.

Free ISC2 CISSP-ISSAP Actual Exam Questions