Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Hey all Sean Gerber , with CISSP cyber training and I hope you all are having a great week and having a wonderful day today . Today is exam question Thursday and we're going to go over questions that would be associated with domain 8.1 , and that's where we get into libraries , ides , compilers and object-oriented programming .
So these questions you may or may not see , but the bottom line , like we talk about with the CISSP and studying for the exam questions , is understanding the management thought process behind it .
Again , there's plenty of technical aspects out there where you want to learn these things , but when it comes right down to the CISSP , you want to be able to take understand the exam questions in a way that will allow you to understand how the manager thinks and then how should you react . So let's go ahead and get started right into them right now .
Question one Alice is a developer tasked with using libraries to enhance security . Why is it crucial for Alice to use well-vetted libraries ? A to ensure cohesion , b to avoid licensing issues . C to increase assurance levels or D to facilitate error handling . Again , alice is a developer used with libraries that are to enhance security .
Why is it crucial for Alice to use well-vetted libraries ? And the answer is C to increase your assurance level . By using well-vetted libraries , you can increase the assurance of the software that it's secure and it is reliable . Know that if you've got libraries from places that are not known , you don't know what might be in them .
So it is a risk that when you are a developer and you're utilizing libraries from third parties , make sure you're getting them from a trusted and reliable source . Question two Bob is deciding on a development tool set for his team . What should Bob primarily be considered with for ensuring security ?
A cost effectiveness , b user friendliness , c vendor reputation or D secure coding features . Again , bob is deciding on a development tool set for his team . What should be his primary consideration for ensuring security ? And it is D secure coding features . A tool set with secure coding features does help the development team produce more secure applications .
Question three Carol is a developer using object-oriented programming , otherwise called as OOP . What term describes the feature where subclass inherits methods and properties from a superclass ? So basically it's inheriting , right , a subclass is inheriting the methods and properties from a superclass .
If you don't really understand all the wording , again understand just what is the concept behind the overall question it inherits . It inherits . Focus on that key word . A is polymorphism , b is cohesion , c is inheritance or D is coupling and the answer is C inheritance . Right , because you see that word in the actual question itself .
But bottom line is you're trying to understand what are they getting by with the question ? You could say inherits , it could use a different word than inherits , but the ultimate goal is that it's following the same pattern and inheritance allows a subclass to inherit methods and properties from the superclass .
The vice facilitating code reuse and its overall modular design . Question four Dave has a responsibility for establishing assurance levels for a new application . What does a higher assurance level signify ? A a lower development cost . B greater confidence and security . C more features or D faster performance .
Dave's is responsible for establishing assurance levels for a new application . What does a higher assurance level signify ? You see this Answer is B greater confidence in the security . Again , assurance you want to think of that English word as providing better feeling about it . It's giving you a set of confidence about it . So it's again .
B is higher assurance levels will indicate greater confidence in the security and reliability of the application . Question five Emily is responsible for system reliability . What is her primary tool for avoiding system failures ? A frequent updates , b backup power supply , c redundancy or D strong authentication . Okay , so she's responsible for system reliability .
Focus on that word , right . And now you're gonna get into C redundancy . Redundancy can provide a safety net for all these systems in the event that they fail , and it's important to have that in place , especially when you're having backup systems that potentially could take over in case of total failure .
Question six Frank is implementing an authentication and session management for a web application . What should be Frank's top priority ? Okay , so Frank is implementing authentication and session management okay , for a web application . So he's putting those together for this specific web app A session timeout . B two-factor authentication .
C password complexity all of those are important for a web application or D all of the above ? Yes , it is D , all of the above . Each one of those is a crucial and effective part of a web application , so you should ensure that they're done . They're added to his overall plan . Question seven Grace is in charge of error handling in her application .
What should Grace avoid displaying in error messages to end users ? Okay , this is one of the security one-on-one things . Right , you want to avoid error messages ? A general information about the error , b stack traces , c contact details for support or D suggestions for resolving the error . Okay , so this is something that you may go .
Well , there's other questions in here that sound really good , but when it comes right down to it , what is it when we're dealing with error handling in the application ? What should be avoided when Grace does this ? And it should be stack traces B . These can reveal sensitive information about the system and it could be exploited .
Now , obviously , contact , support and suggestions for resolving the error and general information about the error . Yeah , those would be valuable , but a stack trace will give you much more detailed information than what you really want to display . So therefore , it's important that you consider that when you are having error messages displayed .
Question eight Henry is developing an object-oriented application . Which term describes the feature where objects can take on more than one form ? Harry is developing an object-oriented application , oop . Which term describes the feature where objects can take on more than one form . Okay , so think about the words .
And they can take on more than one form A polymorphism , b cohesion , c inheritance or D coupling . So if you look at those words as we talked about in the podcast , we talked about cohesion , inheritance and polymorphism . We didn't really talk about coupling , but that doesn't mean it's not part of it . So what one could it be ?
What is polymorphism that allows an object to be treated in instances of their parent class , so it allows them to take more than one form . This leads to simpler code and fewer errors , and so the answer would be A okay , polymorphism that can take on more than one form . Question nine Irene is reviewing her code for quality .
What quality should Irene aim for in terms of cohesion and coupling ? Irene review their code for quality . What quality should Irene aim for in terms of cohesion and coupling ?
So , when you're dealing with A high-cohesion , high-coupling , b low-cohesion , low-coupling , c high-cohesion , low-coupling , or D low-cohesion , high-coupling , okay , so it basically goes into all the various permutations of high and low . So which one is it ?
Well , when we're dealing with overall terms of cohesion and coupling , the answer would be C high-cohesion within the modules and low-coupling between the modules make the system easier to understand , modify and maintain . So break it down . High-cohesion what does that word mean ?
You're talking things connecting together and then as far as low-coupling would basically mean you have low barriers to that entry . So therefore , high-cohesion , low-coupling would be the answer . Question 10 . Jack is developing an object-oriented program that needs to be distributed tax amongst objects .
What term describes the act of an object in an OOP delegating a task to another object ? Okay , again , what is the key terms that you're trying to get out of that Delegating ? We talked about that in the podcast A inheritance , b delegating , c polymorphism or D coupling . And the answer obviously is D delegating .
Right , Delegating refers to the act of an object passing a task to another object , thereby distributing its responsibilities to that other object . Question 11 . Karen needs to produce a software component with a high level of assurance . What should Karen prioritize ? A quick development cycle , b thorough testing , c low-cost or D resource availability ?
Again , karen needs to produce a software component with a high level of assurance . What should she prioritize ? Well , if it's a high level of assurance , you want to make sure that it works . So , if you want to make sure that it works , you want to make sure you do thorough testing . This is important when you have high assurance levels .
If you didn't have to have that assurance level , you may want the quick development cycle just to get it done . Or you may have low cost , depending upon what your budget might be . But in reality , if you didn't have that high assurance , most likely you'd want to try to get it through as fast as you possibly can and then work out the bugs later .
Luke is learning about , as instances of object-oriented programming , what is an instance of OOP ? A a method within a class . B an individual object of a class . C a parent class . Or D a specialized form of a class . So this one here you'd be like I have no idea , right ? Well , the point of it is that you're trying to understand what would we talk about ?
We could talk about individual objects are an important factor of OOP and how they relate to a specific class . So just keep in mind that an instance of an OOP is an individual object created from the overall class . So we kind of talked about that briefly in the podcast itself .
But again , an individual object is created from a class , and that's when you're dealing with object-oriented programming . Okay , question 13 . Nancy is writing methods for her classes in object-oriented programming . What methods represent OOP ? A data held by an object , b behavior of an object , c relationship between objects or D object categories .
She's writing her classes in object-oriented programming . What methods represent OOP Behavior of an object ? Answer B methods define the behavior or functionality of an object that is within the specific class . So again , class object and then your overall behavior or functionality is the next Question 14 .
Olivia is tasked with ensuring secure session management for her application . What is crucial for secure session management ? A session fixation protection . B session timeout , c encryption of the session data or D all of the above . Okay , so she's ensuring secure session management .
So she needs to secure that overall session management of the application and that's the communication piece that it does when you open up the browser . That's the session . It wants to ensure that we have secure management of that and each one of those A , b and C are all an important factor when you're dealing with secure session management .
So it would be D all of the above , because they're very important when you're dealing with it and protecting against all the different types of a session type or related attacks . Question 15 and the last question , or the last melon . You probably don't get the reference because I'm really old . It's called Ice Age . Yeah , there was always the last melon .
All right , question 15 . Paul needs to mitigate the risk of system failure for critical applications . What should be the first step ? So he needs to mitigate the risk of system failure for a critical application . A implement a robust backup solution . B conduct a risk assessment . C introduce a failover system . Or . D purchase insurance for data loss .
So you need to understand is it really critical and how you would do that would be conducting a risk assessment . You conduct a risk assessment . This will help determine what types of failures are most likely and what would the impact be in the event that something bad were to happen . All right , that's all I've got for you today .
I hope you guys have a blessed day . It's a great day here in Wichita , kansas can't beat it at all and you hope , have a great day . We'll catch you next week . Catch you on the flip side , see ya .