Options
The best CISSP preparation question bank
gespenstern
Member Posts: 1,243 ■■■■■■■■□□
in CISSP
I've used multiple question banks for my (ISC)2 exams and can't say that they are good at preparing you to a real exam.
We all read here stories like "The actual exam blew my mind as no preparation questions I tried prepared me for what I experienced on the actual exam".
I'm thinking of my own question bank, that would resemble the actual exam questions as close as possible, not in their details, of course, but in a way that they are as convoluted and tricky as those on the actual exam with a heavy use of all those "BEST", "MOST" etc wordings.
So I've been working for a while on those questions and would like to run by you some of them. I'm thinking I may post them periodically just to assess how tough/weak they are as the goal is to make sure that getting 70% in my questions is as close to 700 of the actual exam as possible. But let's see how popular it gets first.
As a bonus I'll make sure to have an English major to verify all the grammar of my questions so they don't suck as much as the most recent offering from (ISC)2. But who knows, I may die or lose interest down the road so this project never sees the sunlight.
Anyways, here's the first question for which I'll post the correct answer, let's say, in a week. Meanwhile I suggest you try your best off the tops of your heads without consulting with any materials.
=============================
The company wants to implement an enterprise single sign-on (SSO) system to help its users to use multiple web-based applications over the network without having to authenticate to each one separately. The users authenticate themselves once and after that can access multiple applications until they log off. The company tries to assess if Kerberos would satisfy these requirements doing a "proof-of-concept" (PoC) rollout. All the participating computers and users, including remote ones, are made to be members of the Kerberos realm. During the PoC it was discovered that the single sign-on process works well in on-premises scenario, where the user, the server that hosts the application the user tries to access, and the authentication servers are on the same internal company network. However, remote users report that they cannot perform SSO. Upon researching the environment you discover that a Kerberos service isn't published to the Internet on the company firewall. You also discover that all web-based applications in question are published to the internet and are accessble both on the internal network and from the Internet to all authenticated users. You are asked to provide your expert opinion on what would be the BEST approach to resolve this discovered problem with the remote users.
=============================
A: Publish the Kerberos services (Authentication Server -- AS) on the company firewall to the Internet, so the Kerberos services can be accessed by the remote workforce.
B: Kerberos wasn't designed to be accessible from the Internet and publishing its services would pose an unacceptable risk. Therefore, SSO for remote workforce using Kerberos isn't feasible over the Internet and other approaches should be considered.
C: Make sure that the remote users have authenticated at least once while on-premises. This will ensure that they have Kerberos Ticket-Granting Tickets, so when they attempt to authenticate themselves to their web-based applications, these TGTs will be used to perform SSO while working remotely.
The reason the remote users can't authenticate is because Kerberos authentication exchanges over the Internet require stronger security, not enabled by default. In addition to publishing Kerberos Authentication Servers to the internet you have to ensure that strong cryptography, such as AES with 256 bit key length, is used to ensure confidentiality and Kerberos pre-authentication is enabled to protect it from DDoS attacks.
Your choice? Let's roll!
PS Also your opinions on how close it is to the actual exam questions in terms of convolutedness are welcome.
We all read here stories like "The actual exam blew my mind as no preparation questions I tried prepared me for what I experienced on the actual exam".
I'm thinking of my own question bank, that would resemble the actual exam questions as close as possible, not in their details, of course, but in a way that they are as convoluted and tricky as those on the actual exam with a heavy use of all those "BEST", "MOST" etc wordings.
So I've been working for a while on those questions and would like to run by you some of them. I'm thinking I may post them periodically just to assess how tough/weak they are as the goal is to make sure that getting 70% in my questions is as close to 700 of the actual exam as possible. But let's see how popular it gets first.
As a bonus I'll make sure to have an English major to verify all the grammar of my questions so they don't suck as much as the most recent offering from (ISC)2. But who knows, I may die or lose interest down the road so this project never sees the sunlight.
Anyways, here's the first question for which I'll post the correct answer, let's say, in a week. Meanwhile I suggest you try your best off the tops of your heads without consulting with any materials.
=============================
The company wants to implement an enterprise single sign-on (SSO) system to help its users to use multiple web-based applications over the network without having to authenticate to each one separately. The users authenticate themselves once and after that can access multiple applications until they log off. The company tries to assess if Kerberos would satisfy these requirements doing a "proof-of-concept" (PoC) rollout. All the participating computers and users, including remote ones, are made to be members of the Kerberos realm. During the PoC it was discovered that the single sign-on process works well in on-premises scenario, where the user, the server that hosts the application the user tries to access, and the authentication servers are on the same internal company network. However, remote users report that they cannot perform SSO. Upon researching the environment you discover that a Kerberos service isn't published to the Internet on the company firewall. You also discover that all web-based applications in question are published to the internet and are accessble both on the internal network and from the Internet to all authenticated users. You are asked to provide your expert opinion on what would be the BEST approach to resolve this discovered problem with the remote users.
=============================
A: Publish the Kerberos services (Authentication Server -- AS) on the company firewall to the Internet, so the Kerberos services can be accessed by the remote workforce.
B: Kerberos wasn't designed to be accessible from the Internet and publishing its services would pose an unacceptable risk. Therefore, SSO for remote workforce using Kerberos isn't feasible over the Internet and other approaches should be considered.
C: Make sure that the remote users have authenticated at least once while on-premises. This will ensure that they have Kerberos Ticket-Granting Tickets, so when they attempt to authenticate themselves to their web-based applications, these TGTs will be used to perform SSO while working remotely.
The reason the remote users can't authenticate is because Kerberos authentication exchanges over the Internet require stronger security, not enabled by default. In addition to publishing Kerberos Authentication Servers to the internet you have to ensure that strong cryptography, such as AES with 256 bit key length, is used to ensure confidentiality and Kerberos pre-authentication is enabled to protect it from DDoS attacks.Your choice? Let's roll!
PS Also your opinions on how close it is to the actual exam questions in terms of convolutedness are welcome.