Daily CISSP certification common mistakes (April 15, 2022)

CISSP Certification is often wrong （ From Mingxue online test platform ：https://www.maxstu.com/page/1773704）

【 The answer is analyzed after the question 】

subject 1
Q： Which of the following fire extinguishing systems has the greatest accidental risk , It may damage the equipment in the data center ？
Which one of the following fire suppression systems poses the greatest risk of accidental discharge that damages equipment in a data center?
A、 Wet pipe  
Wet pipe 
B、 Main pipe  
Dry pipe
C、 Water spray
Deluge
D、 Pretreatment system
Preaction

subject 2
Q： During software testing ,Jack Suppose a scene ： A hacker wants to access the application he is reviewing .Jack Considering where hackers might start , Then he tests the system for the possible behavior of the attacker , Excuse me, Jack What kind of tests are being carried out ？
During software testing, Jack diagrams how a hacker might approach the application he is reviewing and determines what requirements the hacker might have. He then tests how the system would respond to the attacker's likely behavior. What type of testing is Jack conducting?
A、 Misuse case testing
Misuse case testing
B、 Use case testing  
Use case testing
C、Hacker Use case testing
Hacker use case testing 
D、 Static code analysis
Static code analysis

subject 3
Q：James Decided to implement a NAC Solution , Use the post admission principle to control the network connection . What kind of problems can't the post access principle solve ？
James has opted to implement a NAC solution that uses a post-admission philosophy for its control of network connectivity. What type of issues can't a strictly post-admission policy handle?
A、 Out of band monitoring
Out-of-band monitoring
B、 Prevent unconnected laptops from being used immediately after connecting to the network
Preventing an unpatched laptop from being exploited immediately after connecting to the network
C、 When the user behavior does not match the authorization matrix , Deny user access
Denying access when user behavior don’t match an authorization matrix
D、 When the user behavior satisfies the authorization based matrix , Allow users to access specific objects
Allowing a user access to a specific object when user behavior is allowed based on an authorization matrix
---------------

There are more free online security certification test questions and wechat learning discussion groups , You can add Mingxue online assistant vx：maxstu_com, Get and join .

---------------
subject 1
answer ：A
analysis ： Main pipe 、 The pipes used in the water spray and pretreatment system are normally empty , Once signs of fire are detected , The pipe is filled with water . The pipes used for wet pipes are always filled with water , If the pipe is damaged , May damage the equipment .
Dry pipe, deluge, and preaction systems all use pipes that remain empty until the system detects signs of a fire. Wet pipe systems use pipes filled with water that may damage equipment if there is damage to a pipe.

subject 2
answer ：A
analysis ：Jack Performing misuse case test , This test method focuses on the misuse of software . The purpose of static code testing is to check whether the code itself has defects , Instead of testing the software at runtime .Hacker Use case testing is a false word .
Jack is performing misuse case analysis, a process that tests code based on how it would perform if it was misused instead of used properly. Use case testing tests valid use cases, whereas static code analysis involves reviewing the code itself for flaws rather than testing the live software. Hacker use case testing not an industry term for a type of testing.

subject 3
answer ：B
analysis ： The post admission principle allows or denies access according to the user activities after connection . Since this does not check the state of the machine before connecting , Therefore, it is impossible to prevent the system from being used immediately after connection . This does not preclude out of band or in band monitoring , But it does mean ： Before the system is allowed to enter the network , Strict post admission policies do not handle system checks .
A post-admission philosophy allows or denies access based on user activity after connection. Since this don’t check the status of a machine before it connects, it can't prevent the exploit of the system immediately after connection. This doesn't preclude out-of-band or in-band monitoring, but it does mean that a strictly post-admission policy won't handle system checks before the systems are admitted to the network.