Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz. Show
The following quiz is excerpted from the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition, ©2015 John Wiley & Sons, All Rights Reserved. For IT professionals whose background may be more focused on hardware and software, the world of cybersecurity, risk management and compliance can be new, and sometimes challenging, territory. As opposed to the muscle-memory tasks like firewall configuration or patch deployment, the skills needed to navigate the shifting, strategic concepts of risk and compliance uses a different part of your brain. But these areas are critical for building a security program in any organization, from small businesses to global enterprises. The importance of these disciplines is not lost on the (ISC)2, which administers the Certified Information Systems Security Professional (CISSP) exam. Domain 1 of the certification exam, Security and Risk Management, is one of the most heavily weighted sections of the test. It accounts for 16% of the final score -- the largest amount assigned to the exam’s eight domains. Only other section of the test, Domain 7: Security Operations, shares the same weight. At a high level, Domain 1 covers cybersecurity, risk management, compliance, law, regulations and business continuity. According to (ISC)2, more specific concepts tested in Domain 1 include:
Planning to take the CISSP exam and obtain certification? Test your knowledge of Domain 1 with this practice quiz, comprising five multiple-choice questions and 10 true/false questions on key concepts, vocabulary and principles of cybersecurity, risk management, compliance and more. CISSP® is a registered mark of (ISC)². This was last published in July 2017 Dig Deeper on Careers and certifications
Indicate whether the statement is true or false. Indicate whether the statement is true or false. If false, change the identified word or phrase to make the statement
true. ____ 7. The Secure template requires NTLM v5. _________________________ ____ 8. Group policy is passed down from child to parent object within the domain. _________________________ ____ 9. Desktop configurations, Internet Explorer settings, and security settings can all be configured using Group Policy. _________________________ ____ 10. The most common threats to DCs are those that attempt to gain access to the security database on a DC. _________________________ Multiple Choice Identify the choice that best completes the statement or answers the question.
____ 12. If you want to apply the securews.inf security template to a client computer, you must ensure that all DCs that contain user accounts that might be accessed through the client computer are running _____ or later.
____ 13. If a server is configured to use the hisec*.inf template, all clients must use _____ packet signing.
____ 14. What is the recommended way to customize security templates?
____ 15. What is the order of precedence for application of group policies?
____ 16. The _____ Policies in the predefined security templates allows the administrator to modify settings related to system services such as startup, shutdown, indexing, license logging, and many more.
____ 17. Which of the following groups of nodes is listed under each GPO in the Active Directory Users and Computers console?
____ 18. Which MMC snap-in would you use to compare the current security configuration on a computer with another configuration?
____ 19. Which switch to the secedit command is used to create a snapshot of the current configuration values that can later be used to undo changes?
____ 20. The ____.exe is used to refresh Group Policy settings, including security settings.
____ 21. Which server role typically authenticates domain logons and maintains the security policy as well as the master database for the domain?
____ 22. Which version of the IP security protocol should be installed on POP3 servers?
____ 23. A _____ attack occurs when someone captures DNS zone data in order to reverse engineer your DNS structure.
____ 24. Securing file, print, and member servers is simplified in Windows Server 2003 because _____ is no longer installed by default on these computers.
____ 25. A server with the _____ role typically runs the Indexing Service and Remote Storage.
____ 26. Which security templates should be applied to servers with infrastructure services roles?
Yes/No Indicate whether you agree with the statement. Complete each statement.
____ 37. software and hardware interface that prevents unauthorized access to internal networks from external locations by means of filtering and routing ____ 38. command-line tool used to analyze, configure, and export system security settings ____ 39. service that provides the means for computers, users, and applications to resolve names to IP addresses ____ 40. default security template ____ 41. server that controls activities on the domain ____ 42. used to define security configurations for various users, groups, or computers within a GPO ____ 43. allows you to see the results of the policies applied to a particular computer ____ 44. secure security template ____ 45. command-line tool that analyzes Windows computers and reports any missing security updates Short Answer 46. If a strong password policy is set, what are the criteria that user passwords must meet? 47. Describe the function of the Restricted Groups node of the security templates. 48. Describe the use of the analyze switch to secedit. 49. List at least six of the server roles identified by Microsoft Windows Server 2003. 50. What are some of the steps you can take to secure an IIS server? ch02 Answer Section PTS: 1 REF: 59 8. ANS: F, parent to child PTS: 1 REF: 70 9. ANS: T PTS: 1 REF: 76 10. ANS: T PTS: 1 REF: 107 MULTIPLE CHOICE 11. ANS: C PTS: 1 REF: 52 12. ANS: B PTS: 1 REF: 58 13. ANS: A PTS: 1 REF: 61 14. ANS: B PTS: 1 REF: 67 15. ANS: D PTS: 1 REF: 70 16. ANS: A PTS: 1 REF: 72 17. ANS: B PTS: 1 REF: 81 18. ANS: B PTS: 1 REF: 86 19. ANS: C PTS: 1 REF: 93 20. ANS: A PTS: 1 REF: 95 21. ANS: C PTS: 1 REF: 107 22. ANS: B PTS: 1 REF: 117 23. ANS: D PTS: 1 REF: 121 24. ANS: B PTS: 1 REF: 123 25. ANS: C PTS: 1 REF: 129 26. ANS: D PTS: 1 REF: 131 YES/NO 27. ANS: Y PTS: 1 REF: 128 28. ANS: N PTS: 1 REF: 129 29. ANS: Y PTS: 1 REF: 136 30. ANS: Y PTS: 1 REF: 57 31. ANS: N PTS: 1 REF: 66 COMPLETION 32. ANS: hisec*.inf PTS: 1 REF: 59 33. ANS: relaxed PTS: 1 REF: 63 34. ANS: Account PTS: 1 REF: 67 35. ANS: volume PTS: 1 REF: 114 36. ANS: scope PTS: 1 REF: 120 MATCHING 37. ANS: G PTS: 1 REF: 117 38. ANS: C PTS: 1 REF: 51 39. ANS: I PTS: 1 REF: 120 40. ANS: E PTS: 1 REF: 53 41. ANS: B PTS: 1 REF: 106 42. ANS: A PTS: 1 REF: 51 43. ANS: D PTS: 1 REF: 82 44. ANS: H PTS: 1 REF: 54 45. ANS: F PTS: 1 REF: 51 SHORT ANSWER 46. ANS: At least seven characters Does not contain username, real name, company name Does not contain complete dictionary word Is different from previous passwords Contains characters from four groups: Uppercase Lowercase Numerals Symbols PTS: 1 REF: 68 47. ANS: Restricted groups can be used to configure membership of sensitive groups, including the Administrator group. By using this feature, you can control who is and is not included in a group, and every time the policy is refreshed, group membership will be modified to include only the members specified in the Members list. PTS: 1 REF: 72 The analyzeswitch causes secedit to analyze security for whichever element is selected. This switch allows you to analyze current database settings against other settings (typically baseline settings) and store the results in a log file.You can view the results in the Security Configuration and Analysis snap-in.The result will show you the difference between the current settings and the baseline settings, allowing you to see and address any potential security holes.This can be very useful when troubleshooting or for analyzing a system whose exact settings might be unknown as compared to a standard security template.You can also use this switch to analyze the difference between a baseline template and a custom security template you create. PTS: 1 REF: 90 File server Print server Application server Mail server Terminal server Remote Access/VPN server Domain controller DHCP server DNS server WINS server Streaming Media server PTS: 1 REF: 100 Placing all IIS servers (if your firm is running more than one) into an IIS OU will help you manage GPOs related to securing and managing IIS servers across the organization. Remember to only install the necessary IIS components, including Web Service Extensions, that you’ll use. Another security measure you can take specific to IIS servers is to place content on a dedicated volume. You can also apply IPSec filters to block or permit specific IP traffic and secure sensitive IP traffic. PTS: 1 REF: 114 What is security configuration and analysis?The Security Configuration and Analysis is a stand-alone snap-in tool that users can use to import one or more saved configurations to a private security database. Importing configurations builds a machine-specific security database that stores a composite configuration.
Which of the following is true about Microsoft Baseline Security Analyzer MBSA?Which of the following is true about Microsoft Baseline Security Analyzer (MBSA)? The MBSA is a legacy tool, and each new version scans for fewer vulnerabilities.
Which of the following is an open source tool for scanning computers to identify vulnerabilities?Nmap is one of the well-known free and open-source network scanning tools among many security professionals. Nmap uses the probing technique to discover hosts in the network and for operating system discovery. This feature helps in detecting vulnerabilities in single or multiple networks.
Which of the following can be used to define which programs are allowed or disallowed in the system?The software restriction policies are used to define which programs are allowed or disallowed in the system.
|