click below
click below
Normal Size Small Size show me how
cissp answers exam
cissp answers
Question | Answer |
---|---|
"A forensic examination should inspect slack space because it" | "Can be defeted to avoid detection." |
"Ensuring the integrity of business information is the PRIMARY concern of" | "Procedural Security" |
"Which one of the following actions should be taken FIRST after a fire has been detected?" | "Evacuate all personnel" |
"Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling?" | "X.400" |
"Which of the following is a weakness of both statistical anomaly detection and pattern matching?" | "Requirement to monitor every event" |
"Digital signature users register their public keys with a certification authority | which distributes a certificate containing the user's public key and digital signature of the certification authority. In create the certificate |
"Why are macro viruses easy to write?" | "Office templates are fully API compliant" |
"Tracing violations | or attempted violations of system security to the user responsible is a function of" |
"Which one of the following is concerned with masking the frequency | length |
"In which situation would TEMPEST risks and technologies be of MOST interest?" | "Where the consequences of disclose are very high." |
"In which state must a computer system operate to process input/output instructions?" | "Supervisor mode" |
"All of the following are basic components of a security policy EXCEPT the" | "statement of performance of characteristics and requirements" |
"What set of principles is the basis for information systems controls?" | "Need to know |
"Why do vendors publish MD5 hash values when they provide software patches for their customers to download from the Internet?" | "Recipients can verify the software's integrity after downloading" |
"Which one of the following is NOT a requirement before a search warrant can be issued?" | "There is a written document detailing the anticipated evidence" |
"The Trusted Computer Security Evaluation Criteria (TBSEC) provides" | "a basis for assessing the effectiveness of security controls built into automatic data-processing system products" |
"Which factor is critical in all systems to protect data integrity?" | "Data classification" |
"Audit trails based upon access and identification codes establish" | "individual accontabbility" |
"Which one of the following attacks is MOST effective against an Internet Protocol Security (IPSEC) based virtual private network (VPN)?" | "Man-in-the-middle" |
"Satellite communications are easily intercepted because__" | "a satellite footprint is very large." |
"A country that fails to legally protect personal data in order to attract companies engaged in collection of such data is referred to as a" | "data haven" |
"Management can expect penetration tests to provide all of the following EXCEPT" | "demonstration of the effects of the flaws" |
"The Common Criteria construct which allows prospective consumers or developers to create standardized sets of security requirements to meet there needs is" | "a Protection Profile (PP)." |
"Which one of the following security technologies provides safeguards for authentication before securely sending information to a web server?" | "Certificates" |
"Which one of the following traits alow macro viruses to spread more effectively than other types?" | "They can be transported between different operating systems." |
"After law enforcement is informed of a computer crime | the organization's investigators constraints are" |
"Which of the following are objectives of an information systems security program?" | "Integrity |
"Who is the individual permitted to add users or install trusted programs?" | "Operations Manager" |
"What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme?" | "Factorability" |
"In which one of the following documents is the assignment of individual roles and responsibilities MOST appropriately defined?" | "Acceptable use policy" |
"In addition to providing an audit trail required by auditors | logging can be used to" |
"Which one of the following tests determines whether the content of data within an application program falls within predetermined limits?" | "Reasonableness check" |
"The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security program is to" | "Increase guard visibility" |
"Which one of the following is a characteristic of a penetration testing project?" | "The project tasks are to break into a targeted system" |
"The intent of least privilege is to enforce the most restrictive user rights required" | "To execute authorized tasks" |
"In which way does a Secure Socket Layer (SSL) server prevent a “man-in-the-middle” attack?" | "It uses signed certificates to authenticate the server’s public key" |
"What is the PRIMARY advantage of using a separate authentication server (e.g. | Remote Access Dial- In User System |
"Which one of the following operations of a secure communication session cannot be protected?" | "Session termination" |
"Which one of the following is an example of electronic piggybacking?" | "Following an authorized user into the computer room." |
"Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?" | "Domain Name Server (DNS) poisoning" |
"When conducting a risk assessment | which one of the following is NOT an acceptable social engineering practice?" |
"In what way could the use of “cookies” violate a person’s privacy?" | "When they are used to tie together a set of unconnected requests for web pages to cause an electronic map of where one has been." |
"Which one of the following is a KEY responsibility for the “Custodian of Data”?" | "Integrity and security of data" |
"In a Secure Electronic Transaction (SET) | how many certificates are required for a payment gateway to support multiple acquires?" |
"Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?" | "The attacker must have write access to the password file" |
"Security measures that protect message traffic independently on each communication path are called" | "Link oriented" |
"Which security program exists if a user accessing low-level data is able to draw conclusions about high-level information?" | "Inference" |
"To mitigate the impact of a software vendor going out of business | a company that uses vendor software should require which one of the following?" |
"Which one of the following instigates a SYN flood attack?" | "Creating a high number of half-open connections." |
"What is the purpose of certification path validation?" | "Checks the legitimacy of the certificates in the certification path." |
"Which of the following is a means of restricting access to objects based on the identity of the subject to which they belong?" | "Mandatory access control" |
"Why is the investigation of computer crime involving malicious damage especially challenging?" | "Evidence may be destroyed in an attempt to restore the system." |
"Which one of the following properties of a transaction processing system ensures that once a transaction completes successfully (commits) | the update service even if there is a system failure?" |
"Which one of the following control steps is usually NOT performed in data warehousing applications?" | "Monitor summary tables for regular use." |
"The PRIMARY purpose of operations security is" | "Safeguard information assets that are resident in the system." |
"The auditing method that assesses the extent of the system testing | and identifies specific program logic that has not been tested is called" |
"Which one of the following describes Kerchoff’s Assumption for cryptoanalytic attack?" | "Key is secret; algorithm is known" |
"Which one of the following access control models associates every resource and every user of a resource with one of an ordered set of classes?" | "Lattice model" |
"The concept that all accesses must be meditated | protected from modification |
"Which one of the following could a company implement to help reduce PBX fraud?" | "Direct Inward System Access (DISA)" |
"A screening router can perform packet filtering based upon what data?" | "Source and destination port number." |
"A controlled light fixture mounted on a 5-meter pole can illuminate an area 30 meter in diameter. For security lighting purposes | what would be the proper distance between fixtures?" |
"Within the Open Systems Interconnection (OSI) Reference Model | authentication addresses the need for a network entity to verify both" |
"When block chaining cryptography is used | what type of code is calculated and appended to the data to ensure authenticity?" |
"What are the assurance designators used in the Common Criteria (CC)?" | "EAL 1 |
"Which option is NOT a benefit derived from the use of neural networks?" | "Fault Tolerance" |
"What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system?" | "Processing speed of the system executing the attack." |
"Evidence corroboration is achieved by" | "maintaining all evidence under the control of an independent source." |
"Which one of the following can be identified when exceptions occur using operations security detective controls?" | "Authorized operations people performing unauthorized functions." |
"Which one of the following threats does NOT rely on packet size or large volumes of data?" | "Macro virus" |
"Scheduled tests of application contingency plans should be based on the" | "Criticality of the application" |
"Data inference violations can be reduced using" | "Polyinstantiation technique." |
"A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?" | "Spoofing" |
"When continuous availability (24 hours-a-day processing) is required | which one of the following provides a good alternative to tape backups?" |
"Which one of the following | if embedded within the ciphertext |
"Program change controls must ensure that all changes are" | "Tested to ensure correctness." |
"A network of five nodes is using symmetrical keys to securely transmit data. How many new keys are required to re-establish secure communications to all nodes in the event there is a key compromise?" | "5" |
"Which one the following is the primary goal of Business Continuity Planning?" | "Sustain the organization." |
"What is the PRIMARY component of a Trusted Computer Base?" | "The reference monitor" |
"Which one of the following is a technical solution for the quality of service | speed |
"Once a decision is made to further investigate a computer crime incident | which one of the following is NOT employed?" |
"Which one of the following statements describes management controls that are instituted to implement a security policy?" | "They may be administrative |
"Why are hardware security features preferred over software security features?" | "They permit higher performance." |
"Which of the following is a potential problem when creating a message digest for forensic purposes?" | "One-way hashing technology invalidates message digest processing." |
"A feature deliberately implemented in an operating system as a trap for intruders is called a:" | "Pseudo flaw" |
"What is one issue NOT addressed by the Bell-LaPadula model?" | "Covert channels" |
"Which of the following is LEAST necessary when creating evidence tags detailing the chain of custody for electronic evidence?" | "Notifying the person who owns the information being sized." |
"From a legal perspective | which of the following rules must be addressed when investigating a computer crime?" |
"Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation?" | "Transport" |
"Which one of the following describes a reference monitor?" | "Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects." |
"Why must senior management endorse a security policy?" | "So that they will accept ownership for security within the organization." |
"Which one of the following is a good defense against worms?" | "Placing limits on sharing |
"What type of wiretapping involves injecting something into the communications?" | "Active" |
"Which one of the following is the reason why a hyperlink spoofing attack is usually successful?" | "Most users do not make a request to connect to a DNS names |
"Disaster Recover Plan emergency produces is a plan of action that commences immediately to prevent or minimize property damage and to" | "Prevent loss of life." |
"Which of the following business continuity stages ensures the continuity strategy remains visible?" | "Implementation |
"he concentric circle approach is used to" | "Assess the physical security facility |
"Which one of the following BEST describes a password cracker?" | "A program that performs comparative analysis." |
"In developing a security awareness program | it is MOST important to" |
"Which one of the following is the PRIMARY objective of penetration testing?" | "Assessment" |
"When combined with unique session values | message authentication can protect against which of the following?" |
"he concentric circle approach is used to" | "Assess the physical security facility" |
"Which one of the following BEST describes a password cracker?" | "A program that performs comparative analysis" |
"In developing a security awareness program | it is MOST important to" |
"Which one of the following is the PRIMARY objective of penetration testing?" | "Assessment" |
"When combined with unique session values | message authentication can protect against which of the following?" |
"Which risk management methodology uses the exposure factor multiplied by the asset value to determine its outcome?" | "Single Loss Expectancy" |
"The alternate processing strategy in a business continuity plan can provide for required backup computing capacity through a hot site | a cold site |
"Open box testing | in the Flow Hypothesis Methodology of Penetration Testing applies to the analysis of" |
"In a change control environment | which one of the following REDUCES the assurance of proper changes to source programs in production status?" |
"Under the standard of due care | failure to achieve the minimum standards would be considered" |
"Which one of the following is a security issue related to aggregation in a database?" | "Inference" |
"What is a PRIMARY reason for designing the security kernel to be as small as possible?" | "Due to its compactness |
"What methodology is commonly used in Business Continuity Program?" | "Business Impact Analysis" |
"Which one of the following processing alternatives involves a ready-to-use computing facility with telecommunications equipment | but not computers?" |
"emoving unnecessary processes | segregating inter-process communications |
"Forensic imaging of a workstation is initiated by" | "Directing the output of the forensic imaging software to the small computer system interface (SCSI)." |
"Which of the following was the first mathematical model of multilevel security policy?" | "Bell-La Padula" |
"A stack overflow attack that “crashes” a Transmission Control Protocol/Internet Protocol (TCP/IP) service daemon can result in a serious security breach because the" | "Daemon can be replaced by a trojan horse." |
"Which one of the following is NOT a characteristic of an Intrusion Detection System? (IDS)" | "Recognizes and report alterations to data files." |
"The design phase in a system development life cycle includes all of the following EXCEPT" | "Developing an operations and maintenance manual." |
"Which one of the following describes a covert timing channel?" | "Allows one process to signal information to another by modulating its own use of system resources." |
"In the public sector | as opposed to the private sector |
"Which set of principal tasks constitutes configuration management?" | "Identification |
"Which one of the following is the MOST solid defense against interception of a network transmission?" | "Encryption" |
"Which one of the following risk analysis terms characterizes the absence or weakness of a riskreducing safegaurd?" | "Vulnerability" |
"Which one of the following is the MOST critical characteristic of a biometrics system?" | "Accuracy" |
"The unauthorized mixing of data of one sensitivity level and need-to-know which data of a lower sensitivity level | or different need-to-know |
"Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology?" | "Ethernet is a broadcast technology." |
"A “critical application” is one that MUST" | "Remain operational for the organization to survive." |
"By far | the largest security exposure in application system development relates to" |
"Which one of the following is NOT a factor to consider when establishing a core incident response team?" | "The recovery capability" |
"What two factors should a backup program track to ensure the serviceability of backup tape media?" | "The physical characteristics and rotation cycle of the media." |
"Which one of the following describes a bastion host?" | "A computer which plays a critical role in a firewall configuration." |
"What is the MAIN purpose of a change control/management system?" | "Document the change for audit and management review." |
"What is the FIRST step that should be considered in a penetration test?" | "The formulation of specific management objectives." |
"Within the organizational environment | the security function should report to an organizational level that" |
"Which of the following are PRIMARY elements that are required when designing a Disaster Recovery Plan (DRP)?" | "Impact assessment |
"Risk is commonly expressed as a function of the" | "Likelihood that the harm will occur and its potential impact." |
"The relative security of a commercial cryptographic system can be measured by the" | "Size of the key space and the available computational power." |
"Firewalls can be used to" | "Enforce security policy." |
"In a typical firewall configuration | what is the central host in organization’s network security?" |
"An example of an individual point of verification in a computerized application is" | "A check digit." |
"What is the company benefit | in terms of risk |
"A backup of all files that are new or modified since the last full backup is" | "A differential backup" |
"Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?" | "Internet Security Association Key Management Protocol (ISAKMP)" |
"A common Limitation of information classification systems is the INABILITY to" | "Declassify information when appropriate." |
"Which one of the following protocols CANNOT be used for full duplex Wide Area Network (WAN) communications?" | "Synchronous Data Link Control (SDLC)" |
"Which of the following identifies the first phase of a Distributed Denial of Service attack?" | "Compromising as many machines as possible." |
"At what Trusted Computer Security Evaluation Criteria (TCSEC) or Information Technology Security Evaluation Criteria (ITSEC) security level are database elements FIRST required to have security labels?" | "B1/E3" |
"On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices?" | "Physica" |
"A disk image backup is used for forensic investigation because it" | "Creates a bit level copy of the entire disk." |
"The basic Electronic Access Control (EAC) components required for access doors are an electromagnetic lock | " |
"What is the act of willfully changing data | using fraudulent input or removal of controls called?" |
"An active content module | which attempts to monopolize and exploits system resources is called a" |
"In multi-processing systems | which one of the following lacks mandatory controls and is NORMALLY AVOIDED for communication?" |
"What access control methodology facilitates frequent changes to data permissions?" | "Rule-based" |
"In addition to ensuring that changes to the computer system take place in an identifiable and controlled environment | configuration management provides assurance that future changes:" |
"Which one of the following CANNOT be prevented by the Secure Shell (SSH) program?" | "Compromise of the source/destination host." |
"A computer program used to process the weekly payroll contains an instruction that the amount of the gross pay cannot exceed $2 | 500 for any one employee. This instruction is an example of a control that is referred to as a" |
"Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model?" | "They support components necessary to transmit network messages." |
"Which of the following implements the authorized access relationship between subjects and objects of a system?" | "Security kernel" |
"Which security model allows the data custodian to grant access privileges to other users?" | "Discretionary" |
"Which one of the following is an ethical consideration of computer technology?" | "Ownership of proprietary software." |
"Which one of the following is an important characteristic of an information security policy?" | "Identifies major functional areas of information." |
"Which one of the following is an example of hyperlink spoofing?" | "Connecting the user to a different web server." |
"Which of the following access control types gives “UPDATE” privileges on Structured Query Language (SQL) database objects to specific users or groups?" | "Mandatory" |
"Which access control model states that for integrity to be maintained data must now flow from a receptacle of given integrity to a receptacle of higher integrity?" | "Biba Model" |
"Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?" | "Record selected information about the item and delete the packet." |
"A security control should" | "Not rely on the security of its mechanism." |
"Which security measure BEST provides non-repudiation in electronic mail?" | "Digital signature" |
"Which of the following is the MOST secure network access control procedure to adopt when using a callback device?" | "The user enters a userid and PIN |
"Which one of the following is NOT a fundamental component of a Regulatory Security Policy?" | "Who is to do it." |
"Which is the MAIN advantage of having an application gateway?" | "To log and control incoming and outgoing traffic." |
"The INITIAL phase of the system development life cycle would normally include" | "Executive project approval" |
"Why are packet filtering routers NOT effective against mail bomb attacks?" | "Filters do not examine the data portion of a packet." |
"Who is responsible for the security and privacy of data during a transmission on a public communications link?" | "The sending party" |
"Employee involuntary termination processing should include" | "The surrender of any company identification." |
"In the context of computer security | “scavenging” refers to searching" |
"Covert channel analysis is required for" | "A Trusted Computer Base with a level of trust B2 or above." |
"Which one of the following addresses the protection of computers and components from electromagnetic emissions?" | "TEMPEST" |
"What is the function of a corporate information security policy?" | "Define the main security objectives which must be achieved and the security framework to Meet business objectives." |
"Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant advantage?" | "Undetectable active monitoring." |
"Which one of the following correctly identifies the components of a Distributed Denial of Service Attack?" | "Client |
"Which Open Systems Interconnect (OSI) layers provide Transport Control Protocol/Internet Protocol (TCP/IP) end-to-end security?" | "Presentation and session" |
"Which one of the following are examples of security and controls that would be found in a “trusted” application system?" | "File integrity routines and audit trail" |
"When establishing a violation tracking and analysis process | which one of the following parameters is used to keep the quantity of data to manageable levels?" |
"How is polyinstantiation used to secure a multilevel database?" | "It prevents low-level database users from inferring the existence of higher level data." |
"Which process on a firewall makes permit/deny forwarding decisions based solely on address and service port information?" | "Circuit Proxy" |
"What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services are made available only to properly designated parties?" | "Directory Service" |
"In a cryptographic key distribution system | the master key is used to exchange?" |
"Which one of the following devices might be used to commit telecommunications fraud using the “shoulder surfing” technique?" | "Tone recorder" |
"What security risk does a covert channel create?" | "A process can signal information to another process." |
"The repeated use of the algorithm to encipher a message consisting of many blocks is called" | "Cipher block chaining" |
"What is the purpose of the Encapsulation Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security?" | "To provide integrity and confidentiality for IP transmissions." |
"Which one of the following is an effective communications error-control technique usually implemented in software?" | "Packet checksum" |
"Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of occurrence and" | "Single loss expectancy." |
"For what reason would a network administrator leverage promiscuous mode?" | "To monitor the network to gain a complete statistical picture of activity." |
"One method to simplify the administration of access controls is to group" | "Objects and subjects" |
"Which step ensures the confidentiality of a facsimile transmission?" | "Encrypt the transmission." |
"Which one of the following is commonly used for retrofitting multilevel security to a Database Management System" | "Trusted front-end" |
"What should be the size of a Trusted Computer Base?" | "Small – in order to facilitate the detailed analysis necessary to prove that it meets design requirements." |
"Which one of the following is an asymmetric algorithm?" | "Knapsack" |
"Which one of the following attacks will pass through a network layer intrusion detection system undetected?" | "A test.cgi attack" |
"Which one of the following entails immediately transmitting copies of on-line transactions to a remote computer facility for backup?" | "Electronic vaulting" |
"Which one of the following should NOT be contained within a computer policy?" | "Responsibilities of individuals and groups for protected information." |
"Which one of the following data transmission technologies is NOT packet-switch based?" | "CSMA/CD (Carrier Sense Multiple Access/Collision Detection)" |
"How does the SOCKS protocol secure Internet Protocol (IP) connections?" | "By acting as a connection proxy." |
"Penetration testing will typically include" | "Social engineering |
"A forensic examination should inspect slack space because it" | "Can be defeted to avoid detection." |