Categories Top Downloads
Login Register Upload

CISSP

January 16, 2018 | Author: Amir Alizadeh | Category: Threat (Computer), Vulnerability (Computing), Information Security, Online Safety & Privacy, Computer Security
Share Embed Donate
Report this link


Short Description

CISSP Certified Information Systems Security Professional Version 17.4 CISSP.examcollection.premium.exam.1238q...

Description

CISSP.examcollection.premium.exam.1238q Number: CISSP Passing Score: 800 Time Limit: 120 min File Version: 17.4

CISSP Certified Information Systems Security Professional Version 17.4

Sections 1. Security and Risk Management 2. Asset Security 3. Security Engineering 4. Communication and Network Security 5. Identity and Access Management 6. Security Assessment and Testing 7. Security Operations 8. Software Development Security

CISSP

Exam A QUESTION 1 Which of the following issues is NOT addressed by Kerberos? A. B. C. D.

Availability Confidentiality Integrity Authentication

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the confidentiality and integrity of information. It does not address availability. Incorrect Answers: B: Kerberos does address confidentiality. C: Kerberos does address integrity. D: Kerberos does address authentication. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 78 QUESTION 2 Which of the following statements is not listed within the 4 canons of the (ISC)2 Code of Ethics? A. All information systems security professionals who are certified by (ISC)2 shall observe all contracts and agreements, express or implied. B. All information systems security professionals who are certified by (ISC)2 shall render only those services for which they are fully competent and qualified. C. All information systems security professionals who are certified by (ISC)2 shall promote and preserve public trust and confidence in information and systems. D. All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write. Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The social consequences of the programs that are written are not included in the ISC Code of Ethics Canon. Note: The ISC Code of Ethics Canon includes: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect the profession. Incorrect Answers:

CISSP

A: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should observe all contracts and agreements. B: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should render only those services for which you are fully competent and qualified. C: The ISC Code of Ethics Canon states that you should protect the necessary public trust and the infrastructure/systems. References: https://www.isc2.org/ethics/default.aspx?terms=code of ethics QUESTION 3 Regarding codes of ethics covered within the ISC2 CBK, within which of them is the phrase "Discourage unsafe practice" found? A. B. C. D.

Computer Ethics Institute commandments (ISC)2 Code of Ethics Internet Activities Board's Ethics and the Internet (RFC1087) CIAC Guidelines

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The (ISC)2 Code of Ethics include the phrase Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures. Incorrect Answers: A: The phrase "Discourage unsafe practice" is not included in the Computer Ethics Institute commandments. It is included in the (ISC)2 Code of Ethics. C: The phrase "Discourage unsafe practice" is not included in RFC1087. It is included in the (ISC)2 Code of Ethics. D: The phrase "Discourage unsafe practice" is not included in CIAC Guidelines. It is included in the (ISC)2 Code of Ethics. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1064 QUESTION 4 Which of the following is NOT a factor related to Access Control? A. B. C. D.

integrity authenticity confidentiality availability

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Authenticity is not a factor related to Access Control. Access controls are security features that control how users and systems communicate and interact with other systems and resources. Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality. CISSP

Incorrect Answers: A: Integrity is a factor related to Access Control. C: Confidentiality is a factor related to Access Control. D: Availability is a factor related to Access Control. References: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems QUESTION 5 Which of the following is the correct set of assurance requirements for EAL 5? A. B. C. D.

Semiformally verified design and tested Semiformally tested and checked Semiformally designed and tested Semiformally verified tested and checked

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The EAL 5 requirement is: Semiformally designed and tested; this is sought when developing specialized Target of Evaluations for high-risk situations. Incorrect Answers: A: Semiformally verified design and tested is EAL 7, not EAL 5. B: EAL 5 is not semiformally tested and checked. EAL 5 is semiformally designed and tested. D: Semiformally verified tested and checked is similar to EAL 7, but it is not EAL 5. References: Tipton, Harold F. (Ed), Official (ISC)2 Guide to the CISSP CBK, 2nd Edition, CRC Press, New York, 2009, p. 668 QUESTION 6 Which of the following is needed for System Accountability? A. B. C. D.

Audit mechanisms. Documented design as laid out in the Common Criteria. Authorization. Formal verification of system design.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Accountability is the ability to identify users and to be able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Incorrect Answers: B: Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. C: Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. CISSP

D: Formal verification involves Validating and testing highly trusted systems. It does not, however, involve System Accountability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 203, 248-250, 402. QUESTION 7 The major objective of system configuration management is which of the following? A. B. C. D.

System System System System

maintenance. stability. operations. tracking.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Configuration Management is defined as the identification, control, accounting, and documentation of all changes that take place to system hardware, software, firmware, supporting documentation, and test results throughout the lifespan of the system. A system should have baselines set pertaining to the system’s hardware, software, and firmware configuration. The configuration baseline will be tried and tested and known to be stable. Modifying the configuration settings of a system could lead to system instability. System configuration management will help to ensure system stability by ensuring a consistent configuration across the systems. Incorrect Answers: A: System configuration management could aid system maintenance. However, this is not a major objective of system configuration management. C: System configuration management will help to ensure system stability which will help in system operations. However, system operations are not a major objective of system configuration management. D: System tracking is not an objective of system configuration management. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 4 QUESTION 8 The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users? A. B. C. D.

Writing computer viruses. Monitoring data traffic. Wasting computer resources. Concealing unauthorized accesses.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: IAB considers wasting resources (people, capacity, and computers) through purposeful actions unethical. Note: The IAB considers the following acts unethical and unacceptable behavior: Purposely seeking to gain unauthorized access to Internet resources CISSP

Disrupting the intended use of the Internet Wasting resources (people, capacity, and computers) through purposeful actions Destroying the integrity of computer-based information Compromising the privacy of others Negligence in the conduct of Internet-wide experiments Incorrect Answers: A: The IAB list of unethical behavior for Internet users does not include writing computer viruses. B: IAB does not consider monitoring data traffic unethical. D: The IAB list of unethical behavior for Internet users does not include concealing unauthorized accesses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1076 QUESTION 9 A deviation from an organization-wide security policy requires which of the following? A. B. C. D.

Risk Acceptance Risk Assignment Risk Reduction Risk Containment

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A deviation from an organization-wide security policy is a ‘risk’. Once a company knows the risk it is faced with, it must decide how to handle it. Risk can be dealt with in four basic ways: transfer it, avoid it, reduce it, or accept it. One approach is to accept the risk, which means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept risk when the cost/benefit ratio indicates that the cost of the countermeasure outweighs the potential loss value. In this question, if the deviation from an organization-wide security policy will remain, that is an example of risk acceptance. Incorrect Answers: B: Risk Assignment would be to transfer the risk. An example of this would be insurance where the risk is transferred to the insurance company. A deviation from an organization-wide security policy does not require risk assignment. C: Risk reduction would be to reduce the deviation from the organization-wide security policy. A deviation from an organization-wide security policy does not require risk reduction. D: A deviation from an organization-wide security policy does not require risk containment; it requires acceptance of the risk posed by the deviation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 10 Which of the following is the most important ISC2 Code of Ethics Canons? A. B. C. D.

Act honorably, honestly, justly, responsibly, and legally Advance and protect the profession Protect society, the commonwealth, and the infrastructure Provide diligent and competent service to principals

Correct Answer: C CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The first and most important statement of ISC2 Code of Ethics Canon is to protect society, the common good, necessary public trust and confidence, and the infrastructure. Incorrect Answers: A: Act honorably, honestly, justly, responsibly, and legally is the second canon of the ISC2 Code of Ethics and less important that the first canon. B: Advance and protect the profession is the fourth canon of the ISC2 Code of Ethics and less important that the first canon. D: Provide diligent and competent service to principals is the third canon of the ISC2 Code of Ethics and less important that the first canon. References: https://www.isc2.org/ethics/default.aspx?terms=code of ethics QUESTION 11 Within the realm of IT security, which of the following combinations best defines risk? A. B. C. D.

Threat coupled with a breach. Threat coupled with a vulnerability. Vulnerability coupled with an attack. Threat coupled with a breach of security.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk is defined as “the probability of a threat agent exploiting a vulnerability and the associated impact”. The industry has different standardized methodologies when it comes to carrying out risk assessments. Each of the individual methodologies has the same basic core components (identify vulnerabilities, associate threats, calculate risk values), but each has a specific focus. As a security professional it is your responsibility to know which is the best approach for your organization and its needs. NIST developed a risk methodology, which is specific to IT threats and how they relate to information security risks. It lays out the following steps: System characterization Threat identification Vulnerability identification Control analysis Likelihood determination Impact analysis Risk determination Control recommendations Results documentation Incorrect Answers: A: Threat coupled with a breach is not the definition of risk. C: Vulnerability coupled with an attack is not the definition of risk. D: Threat coupled with a breach of security is not the definition of risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 77-79

CISSP

QUESTION 12 Which of the following is considered the weakest link in a security system? A. B. C. D.

People Software Communications Hardware

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Although society has evolved to be extremely dependent upon technology in the workplace, people are still the key ingredient to a successful company. But in security circles, people are often the weakest link. Either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel causes more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment failure. Although the future actions of individuals cannot be predicted, it is possible to minimize the risks by implementing preventive measures. These include hiring the most qualified individuals, performing background checks, using detailed job descriptions, providing necessary training, enforcing strict access controls, and terminating individuals in a way that protects all parties involved. Incorrect Answers: B: Software generally does what it is configured to do. It is not considered the weakest link in a security system. C: It is easy to configure secure communications where they are required. Communications are not considered the weakest link in a security system. D: Hardware generally does what it is configured to do. It is not considered the weakest link in a security system. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 126 QUESTION 13 Which one of the following represents an ALE calculation? A. B. C. D.

Single loss expectancy x annualized rate of occurrence. Gross loss expectancy x loss frequency. Actual replacement cost - proceeds of salvage. Asset value x loss expectancy.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The Annualized Loss Expectancy (ALE) is the monetary loss that can be expected for an asset due to a risk over a one year period. It is defined as: ALE = SLE * ARO where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence. Single loss expectancy is one instance of an expected loss if a specific vulnerability is exploited and how it affects a single asset. Asset Value × Exposure Factor = SLE. The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific threat taking place within a 12-month timeframe. Incorrect Answers: CISSP

B: Gross loss expectancy and loss frequency are not terms used for calculations in Quantitative Risk Analysis. C: Actual replacement cost and proceeds of salvage are not terms used for calculations in Quantitative Risk Analysis. D: Asset value x loss expectancy is not the correct formula to calculate the Annualized Loss Expectancy (ALE). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 14 Which of the following is the best reason for the use of an automated risk analysis tool? A. B. C. D.

Much of the data gathered during the review cannot be reused for subsequent analysis. Automated methodologies require minimal training and knowledge of risk analysis. Most software tools have user interfaces that are easy to use and do not require any training. Information gathering would be minimized and expedited due to the amount of information already built into the tool.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Collecting all the necessary data that needs to be plugged into risk analysis equations and properly interpreting the results can be overwhelming if done manually. Several automated risk analysis tools on the market can make this task much less painful and, hopefully, more accurate. The gathered data can be reused, greatly reducing the time required to perform subsequent analyses. The objective of these tools is to reduce the manual effort of these tasks, perform calculations quickly, estimate future expected losses, and determine the effectiveness and benefits of the security countermeasures chosen. Incorrect Answers: A: The gathered data can be reused, greatly reducing the time required to perform subsequent analyses. B: Training and knowledge of risk analysis is still required when using automated risk analysis tools. C: Training is still required when using automated risk analysis tools even if the user interface is easy to use. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 86 QUESTION 15 How is Annualized Loss Expectancy (ALE) derived from a threat? A. B. C. D.

ARO x (SLE - EF) SLE x ARO SLE/EF AV x EF

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The Annualized Loss Expectancy (ALE) is the monetary loss that can be expected for an asset due to a risk over a one year period. It is defined as: ALE = SLE * ARO where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence. Single loss expectancy is one instance of an expected loss if a specific vulnerability is exploited and how it CISSP

affects a single asset. Asset Value × Exposure Factor = SLE. The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific threat taking place within a 12-month timeframe. Incorrect Answers: A: ARO x (SLE - EF) is not the correct formula for calculating the Annualized Loss Expectancy (ALE). C: SLE/EF is not the correct formula for calculating the Annualized Loss Expectancy (ALE). D: AV x EF is not the correct formula for calculating the Annualized Loss Expectancy (ALE). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 16 What does "residual risk" mean? A. B. C. D.

The security risk that remains after controls have been implemented Weakness of an asset which can be exploited by a threat Risk that remains after risk assessment has been performed A security risk intrinsic to an asset being audited, where no mitigation has taken place.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The reason a company implements countermeasures is to reduce its overall risk to an acceptable level. No system or environment is 100 percent secure, which means there is always some risk left over to deal with. This is called residual risk. Residual risk is different from total risk, which is the risk a company faces if it chooses not to implement any type of safeguard. There is an important difference between total risk and residual risk and which type of risk a company is willing to accept. The following are conceptual formulas: threats × vulnerability × asset value = total risk (threats × vulnerability × asset value) × controls gap = residual risk You may also see these concepts illustrated as the following: total risk – countermeasures = residual risk Incorrect Answers: B: The weakness of an asset which can be exploited by a threat is not the definition of residual risk. C: Risk that remains after risk assessment has been performed (with no countermeasures in place) is total risk, not residual risk. D: A security risk intrinsic to an asset being audited, where no mitigation has taken place) is total risk of the asset, not residual risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 17 Preservation of confidentiality within information systems requires that the information is not disclosed to: A. B. C. D.

Authorized persons Unauthorized persons or processes. Unauthorized persons. Authorized persons and processes

Correct Answer: B CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Incorrect Answers: A: Authorized persons are allowed to access the information. C: Unauthorized processes should be included in the answer, not just unauthorized persons. D: Authorized persons and processes are allowed to access the information. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 160 QUESTION 18 Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model? A. B. C. D.

Prevention of the modification of information by unauthorized users. Prevention of the unauthorized or unintentional modification of information by authorized users. Preservation of the internal and external consistency. Prevention of the modification of information by authorized users.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Prevention of the modification of information by authorized users is not one of the three goals of integrity addressed by the Clark-Wilson model. Clark-Wilson addresses the following three goals of integrity in its model: Prevent unauthorized users from making modifications Prevent authorized users from making improper modifications (separation of duties) Maintain internal and external consistency (well-formed transaction) The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. Incorrect Answers: A: Prevention of the modification of information by unauthorized users is one of the three goals of integrity addressed by the Clark-Wilson model. B: Prevention of the unauthorized or unintentional modification of information by authorized users is one of the three goals of integrity addressed by the Clark-Wilson model. C: Preservation of the internal and external consistency is one of the three goals of integrity addressed by the Clark-Wilson model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 374 QUESTION 19 What is called an event or activity that has the potential to cause harm to the information systems or networks? CISSP

A. B. C. D.

Vulnerability Threat agent Weakness Threat

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A threat is any potential danger that is associated with the exploitation of a vulnerability. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual. The entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information. Incorrect Answers: A: Vulnerability is what can be exploited by a threat agent. It is not an event or activity that has the potential to cause harm to the information systems or networks. B: Threat agent is what can exploit a vulnerability. It is not an event or activity that has the potential to cause harm to the information systems or networks. C: A weakness is another work for vulnerability. It is not an event or activity that has the potential to cause harm to the information systems or networks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 20 A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called: A. B. C. D.

a vulnerability. a risk. a threat. an overflow.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A vulnerability is defined as “the absence or weakness of a safeguard that could be exploited”. A vulnerability is a lack of a countermeasure or a weakness in a countermeasure that is in place. It can be a software, hardware, procedural, or human weakness that can be exploited. A vulnerability may be a service running on a server, unpatched applications or operating systems, an unrestricted wireless access point, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations. Incorrect Answers: B: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. C: A threat is any potential danger that is associated with the exploitation of a vulnerability. D: An overflow is not what is described in this question. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 21 What is called the probability that a threat to an information system will materialize? A. B. C. D.

Threat Risk Vulnerability Hole

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an unintentional mistake that may destroy data. If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late. Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact. Incorrect Answers: A: A threat is any potential danger that is associated with the exploitation of a vulnerability. C: A vulnerability is the absence or weakness of a safeguard that could be exploited. D: A hole is not the probability that a threat to an information system will materialize. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 22 Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? A. B. C. D.

Preventive, corrective, and administrative. Detective, corrective, and physical. Physical, technical, and administrative. Administrative, operational, and logical.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Neither preventive nor corrective are one of the three main categories of risk reduction controls. B: Neither detective nor corrective are one of the three main categories of risk reduction controls.

CISSP

D: Operational is not one of the three main categories of risk reduction controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 23 Which of the following would be best suited to oversee the development of an information security policy? A. B. C. D.

System Administrators End User Security Officers Security administrators

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The chief security officer (CSO) is responsible for understanding the risks that the company faces and for mitigating these risks to an acceptable level. This role is responsible for understanding the organization’s business drivers and for creating and maintaining a security program that facilitates these drivers, along with providing security, compliance with a long list of regulations and laws, and any customer expectations or contractual obligations. Incorrect Answers: A: System Administrators work in the IT department and manage the IT infrastructure from a technical perspective. They do not specialize in security and are therefore not best suited to oversee the development of an information security policy. B: End users are the least qualified to oversee the development of an information security policy. D: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. Security administrators are not best suited to oversee the development of an information security policy. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 119-122 QUESTION 24 Which of the following is the MOST important aspect relating to employee termination? A. B. C. D.

The details of employee have been removed from active payroll files. Company property provided to the employee has been returned. User ID and passwords of the employee have been deleted. The appropriate company staff is notified about the termination.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Because terminations can happen for a variety of reasons, and terminated people have different reactions, companies should have a specific set of procedures to follow with every termination. For example: The employee must leave the facility immediately under the supervision of a manager or security guard. The employee must surrender any identification badges or keys, complete an exit interview, and return company supplies. That user’s accounts and passwords should be disabled or changed immediately.

CISSP

It seems harsh and cold when this actually takes place, but too many companies have been hurt by vengeful employees who have lashed out at the company when their positions were revoked for one reason or another. If an employee is disgruntled in any way, or the termination is unfriendly, that employee’s accounts should be disabled right away, and all passwords on all systems changed. To ensure that the termination procedures are carried out properly, you need to ensure that the appropriate people (the people who will carry out the procedures) are notified about the termination. Incorrect Answers: A: Removing the details of the employee from active payroll files is not the MOST important aspect relating to employee termination. B: Ensuring company property provided to the employee has been returned should be part of the termination procedure. However, this is not the MOST important aspect relating to employee termination; company security is more important. C: The user ID and passwords of the employee should be disabled, not deleted. Furthermore, notifying the appropriate staff of the termination will ensure the accounts get disabled. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 129 QUESTION 25 Making sure that only those who are supposed to access the data can access is which of the following? A. B. C. D.

confidentiality capability integrity availability

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Control mechanisms need to be in place to dictate who can access data and what the subject can do with it once they have accessed it. These activities need to be controlled, audited, and monitored. Examples of information that could be considered confidential are health records, financial account information, criminal records, source code, trade secrets, and military tactical plans. Some security mechanisms that would provide confidentiality are encryption, logical and physical access controls, transmission protocols, database views, and controlled traffic flow. Incorrect Answers: B: Capability is the functions that a system or user is able to perform. With reference to a user, it is defined by the access a user is granted. However, making sure that only those who are supposed to access the data can access is best defined by the term confidentiality. C: Integrity refers to ensuring that the information and systems are the accuracy and reliable and has not been modified by unauthorized entities. D: Availability refers to ensuring that authorized users have reliable and timeous access to data and resources. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 160, 229-230 QUESTION 26 Related to information security, confidentiality is the opposite of which of the following? A. closure

CISSP

B. disclosure C. disposal D. disaster Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Confidentiality prevents disclosure of information. The opposite of confidentiality is the disclosure of the information. Incorrect Answers: A: Closure is not the opposite of confidentiality. C: Disposal is not the opposite of confidentiality. D: Disaster is not the opposite of confidentiality. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 24 QUESTION 27 Related to information security, integrity is the opposite of which of the following? A. B. C. D.

abstraction alteration accreditation application

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. Hardware, software, and communication mechanisms must work in concert to maintain and process data correctly and to move data to intended destinations without unexpected alteration. The systems and network should be protected from outside interference and contamination. The opposite of integrity is alteration. Incorrect Answers: A: Abstraction is not the opposite of integrity. C: Accreditation is not the opposite of integrity. D: Application is not the opposite of integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 28 Making sure that the data is accessible when and where it is needed is which of the following? A. confidentiality

CISSP

B. integrity C. acceptability D. availability Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Availability protection ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers, and applications should provide adequate functionality to perform in a predictable manner with an acceptable level of performance. They should be able to recover from disruptions in a secure and quick fashion so productivity is not negatively affected. Necessary protection mechanisms must be in place to protect against inside and outside threats that could affect the availability and productivity of all businessprocessing components. Incorrect Answers: A: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This is not what is described in the question. B: Integrity ensures that data is unaltered. This is not what is described in the question. C: Making sure that the data is accessible when and where it is needed is not the definition of acceptability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 29 Related to information security, availability is the opposite of which of the following? A. B. C. D.

delegation distribution documentation destruction

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Availability ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers, and applications should provide adequate functionality to perform in a predictable manner with an acceptable level of performance. They should be able to recover from disruptions in a secure and quick fashion so productivity is not negatively affected. Necessary protection mechanisms must be in place to protect against inside and outside threats that could affect the availability and productivity of all business-processing components. The opposite of availability is destruction. The destruction of data makes it unavailable. Incorrect Answers: A: Delegation is not the opposite of availability. B: Distribution is not the opposite of availability. C: Documentation is not the opposite of availability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 30 Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of CISSP

contents is which of the following? A. B. C. D.

Confidentiality Integrity Availability capability

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Incorrect Answers: B: Integrity ensures that data is unaltered. This is not what is described in the question. C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question. D: Capability is not the prevention of the intentional or unintentional unauthorized disclosure of contents. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 31 Good security is built on which of the following concept? A. B. C. D.

The concept of a pass-through device that only allows certain traffic in and out. The concept of defense in depth. The concept of preventative controls. The concept of defensive controls.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Defense-in-depth is the coordinated use of multiple security controls in a layered approach. A multilayered defense system minimizes the probability of successful penetration and compromise because an attacker would have to get through several different types of protection mechanisms before she gained access to the critical assets. Incorrect Answers: A: Pass-through devices are not the central concept in building good security. C: Preventative controls are not the central concept in building good security. D: Defensive Controls is not the central concept in building good security. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28 QUESTION 32 The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: CISSP

A. B. C. D.

Honesty Ethical behavior Legality Control

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: ISC2 code of Ethics does not refer to control. To follow the ISC2 code of Ethics you should act honorably, honestly, justly, responsibly, and legally, and protect society. Incorrect Answers: A: To follow the ISC2 code of Ethics you should act honestly. B: To follow the ISC2 code of Ethics you should use ethical behavior as you should act honorably, honestly, justly, responsibly, and legally, and protect society. C: To follow the ISC2 code of Ethics you should act legally. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1062 QUESTION 33 One of these statements about the key elements of a good configuration process is NOT true A. B. C. D.

Accommodate the reuse of proven standards and best practices Ensure that all requirements remain clear, concise, and valid Control modifications to system hardware in order to prevent resource changes Ensure changes, standards, and requirements are communicated promptly and precisely

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Configuration management should not be designed to prevent resource changes. Incorrect Answers: A: Standards and best practices need to be developed that outline proper configuration management processes. B: Configuration requirements should be developed to be clear, concise, and valid. D: Standards need to be developed that outline proper configuration management processes. Once these standards are developed and put into place these standards are developed and put into place, then employees can be trained on these issues and how to implement and maintain what is outlined in the standards. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 156 QUESTION 34 Which of the following is NOT part of user provisioning? A. Creation and deactivation of user accounts B. Business process implementation C. Maintenance and deactivation of user objects and attributes CISSP

D. Delegating user administration Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: User provisioning involves the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. Business process implementation is not part of this. Incorrect Answers: A: User provisioning involves creating, maintaining, and deactivating accounts as necessary according to business requirements. C: User provisioning involves the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. D: Delegated user administration is a component of user provisioning software. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 179 QUESTION 35 Which of the following is MOST appropriate to notify an internal user that session monitoring is being conducted? A. B. C. D.

Logon Banners Wall poster Employee Handbook Written agreement

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: In this question, the user is an internal user. There is another version of this question where the user is in external user so you need to read the questions carefully. With an internal user, as opposed to an external user, you will be able to meet the user face-to-face. Therefore, you can ask the user to sign a written agreement to acknowledge that the user has been informed that session monitoring is being conducted. Incorrect Answers: A: Logon Banners are a good way of notifying users that session monitoring is being conducted. However, with the user signing a written agreement, you have legal proof that the user knows that session monitoring is being conducted which makes a written agreement a better answer. B: A wall poster is not the most appropriate way to notify an internal user that session monitoring is being conducted. You have no guarantee that the user has read the wall poster so you cannot prove that the user knows that session monitoring is being conducted. C: An employee handbook is not the most appropriate way to notify an internal user that session monitoring is being conducted. You have no guarantee that the user has read the employee handbook so you cannot prove that the user knows that session monitoring is being conducted. QUESTION 36 What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?

CISSP

A. B. C. D.

100 120 1 1200

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific threat taking place within a 12-month timeframe. In this question, the ARO of the threat "user input error" is the number of "user input errors" in a year. We have 100 employees each making one user input error each month. That’s 100 errors per month. In a year, that is 1200 errors (100 errors per month x 12 months). Therefore, the annualized rate of occurrence (ARO) is 1200. Incorrect Answers: A: The annualized rate of occurrence (ARO) is not 100. B: The annualized rate of occurrence (ARO) is not 120. C: The annualized rate of occurrence (ARO) is not 1. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 37 Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087) as unacceptable and unethical activity? A. B. C. D.

uses a computer to steal destroys the integrity of computer-based information wastes resources such as people, capacity and computers through such actions involves negligence in the conduct of Internet-wide experiments

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Stealing using a computer is not addressed in RFC 1087. Note: The IAB, through RFC 1087, considers the following acts as unethical and unacceptable behavior: Purposely seeking to gain unauthorized access to Internet resources Disrupting the intended use of the Internet Wasting resources (people, capacity, and computers) through purposeful actions Destroying the integrity of computer-based information Compromising the privacy of others Conducting Internet-wide experiments in a negligent manner Incorrect Answers: B: Destroying the integrity of computer-based information is included in RFC 1087. C: Wasting resources (people, capacity, and computers) through purposeful actions is included in RFC 1087. D: Conducting Internet-wide experiments in a negligent manner is addressed in RFC 1087. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1063

CISSP

QUESTION 38 Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC)2 Code of Ethics is NOT true? A. All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained. B. All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals. C. All information systems security professionals who are certified by (ISC)2 shall forbid behavior such as associating or appearing to associate with criminals or criminal behavior. D. All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures. Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The ISC Code of Ethics does not explicitly state that an individual who are certified by (ISC)2 should not associate with criminals or with criminal behavior. Incorrect Answers: A: According to the (ISC)2 Code Of Ethics all information security professionals who are certified by (ISC)2 recognize that such certification is a privilege that must be both earned and maintained. B: The ICS code of Ethics states that you should provide competent service to your employers and clients, and should avoid any conflicts of interest. D: The ICS code of Ethics states that you should support efforts to promote the understanding and acceptance of prudent information security measures throughout the public, private and academic sectors of our global information society. References: https://www.isc2.org/ethics/default.aspx?terms=code of ethics QUESTION 39 Which approach to a security program ensures people responsible for protecting the company's assets are driving the program? A. B. C. D.

The Delphi approach. The top-down approach. The bottom-up approach. The technology approach.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A security program should use a top-down approach, meaning that the initiation, support, and direction come from top management; work their way through middle management; and then reach staff members. In contrast, a bottom-up approach refers to a situation in which staff members (usually IT) try to develop a security program without getting proper management support and direction. A bottom-up approach is commonly less effective, not broad enough to address all security risks, and doomed to fail. A top-down approach makes sure the people actually responsible for protecting the company’s assets (senior management) are driving the program. Senior management are not only ultimately responsible for the protection of the organization, but also hold the purse strings for the necessary funding, have the authority to assign needed resources, and are the only ones CISSP

who can ensure true enforcement of the stated security rules and policies. Incorrect Answers: A: Delphi is a group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company’s risks. C: The bottom-up approach is the opposite to the top-down approach. The bottom-up approach refers to a situation in which staff members (usually IT) try to develop a security program without getting proper management support and direction. D: The technology approach is not a defined security program approach. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 63 QUESTION 40 Which of the following is NOT a part of a risk analysis? A. Identify risks B. Quantify the impact of potential threats C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure D. Choose the best countermeasure Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk assessment is a method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls. A risk assessment is carried out, and the results are analyzed. Risk analysis is used to ensure that security is cost-effective, relevant, timely, and responsive to threats. Security can be quite complex, even for well-versed security professionals, and it is easy to apply too much security, not enough security, or the wrong security controls, and to spend too much money in the process without attaining the necessary objectives. Risk analysis helps companies prioritize their risks and shows management the amount of resources that should be applied to protecting against those risks in a sensible manner. A risk analysis has four main goals: Identify assets and their value to the organization. Identify vulnerabilities and threats. Quantify the probability and business impact of these potential threats. Provide an economic balance between the impact of the threat and the cost of the countermeasure. Choosing the best countermeasure is not part of risk analysis. Choosing the best countermeasure would be part of risk mitigation. Incorrect Answers: A: Identifying risks is part of risk analysis. B: Quantifying the impact of potential threats is part of risk analysis. C: Providing an economic balance between the impact of the risk and the cost of the associated countermeasure is part of risk analysis. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 74 QUESTION 41 How should a risk be handled when the cost of the countermeasure outweighs the cost of the risk? A. Reject the risk.

CISSP

B. Perform another risk analysis. C. Accept the risk. D. Reduce the risk. Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Once a company knows the risk it is faced with, it must decide how to handle it. Risk can be dealt with in four basic ways: transfer it, avoid it, reduce it, or accept it. One approach is to accept the risk, which means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept risk when the cost/benefit ratio indicates that the cost of the countermeasure outweighs the potential loss value. Incorrect Answers: A: Rejecting a risk is not a valid method of dealing with risk. B: Performing another risk analysis will not help. It will most likely return the same results as the previous risk analysis. D: Reducing the risk would require a countermeasure. In this question, the countermeasure outweighs the cost of the risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 42 Which one of these statements about the key elements of a good configuration process is NOT true? A. B. C. D.

Accommodate the reuse of proven standards and best practices Ensure that all requirements remain clear, concise, and valid Control modifications to system hardware in order to prevent resource changes Ensure changes, standards, and requirements are communicated promptly and precisely

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Standards are developed to outline proper configuration management processes and approved baseline configuration settings. Systems can be tested against what is laid out in the standards, and systems can be monitored to detect if there are configurations that do not meet the requirements outlined in the standards. A good configuration process will follow proven standards and best practices. Requirements must remain clear, concise, and valid. Changes, standards, and requirements must be communicated promptly and precisely. The statement “Control modifications to system hardware in order to prevent resource changes” is not a key element of a good configuration process. Modifications to system hardware should be controlled by a change control procedure. Incorrect Answers: A: Accommodating the reuse of proven standards and best practices is one of the key elements of a good configuration process. B: Ensuring that all requirements remain clear, concise, and valid is one of the key elements of a good configuration process. D: Ensuring changes, standards, and requirements are communicated promptly and precisely is one of the key elements of a good configuration process.

CISSP

QUESTION 43 Which of the following is NOT an administrative control? A. B. C. D.

Logical access control mechanisms Screening of personnel Development of policies, standards, procedures and guidelines Change control procedures

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Administrative controls are security mechanisms that are management’s responsibility and referred to as “soft” controls. These controls include the development and publication of policies, standards, procedures, and guidelines; the screening of personnel; security-awareness training; the monitoring of system activity; and change control procedures. Logical access control mechanisms are not an example of administrative controls. They are an example of a “Logical control” also known as a “Technical control”. Incorrect Answers: B: Screening of personnel is an example of an administrative control. C: Development of policies, standards, procedures and guidelines is an example of an administrative control. D: Change control procedures are an example of an administrative control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28 QUESTION 44 Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations? A. B. C. D.

The Computer Security Act of 1987. The Federal Sentencing Guidelines of 1991. The Economic Espionage Act of 1996. The Computer Fraud and Abuse Act of 1986.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Senior management could be responsible for monetary damages up to $10 million or twice the gain of the offender for nonperformance of due diligence in accordance with the U.S. Federal Sentencing Guidelines of 1991. Incorrect Answers: A: The Computer Security Law of 1987 is not addressing senior management responsibility. The purpose is to improve the security and privacy of sensitive information in federal computer systems and to establish a minimum acceptable security practices for such systems. C: The Economic Espionage Act of 1996 does not address senior management responsibility. Deals with a wide range of issues, including not only industrial espionage, but the insanity defense, the Boys & Girls Clubs of America, requirements for presentence investigation reports, and the United States Sentencing Commission reports regarding encryption or scrambling technology, and other technical and minor amendments. D: Computer Fraud and Abuse Act of 1986 concerns acts where computers of the federal government or CISSP

certain financial institutions are involved. It does not address senior management responsibility. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 548 QUESTION 45 What are the three FUNDAMENTAL principles of security? A. B. C. D.

Accountability, confidentiality and integrity Confidentiality, integrity and availability Integrity, availability and accountability Availability, accountability and confidentiality

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The three principles of security, which are to provide availability, integrity, and confidentiality (AIC triad) protection for critical assets. Availability protection ensures reliability and timely access to data and resources to authorized individuals. Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. Incorrect Answers: A: Accountability is not one of the three principles of security. C: Accountability is not one of the three principles of security. D: Accountability is not one of the three principles of security. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23-24 QUESTION 46 What would BEST define risk management? A. B. C. D.

The process of eliminating the risk The process of assessing the risks The process of reducing risk to an acceptable level The process of transferring risk

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk management is defined the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. However, the process of identifying and assessing risk is also defined as risk assessment. This leaves reducing risk to an acceptable level as the BEST definition of risk management as required in this question. Incorrect Answers: A: The process of eliminating the risk is not the definition or risk management. Risk management is said to

CISSP

‘reduce’ risk rather than eliminate risk because you can never fully eliminate risk. B: The process of assessing the risks is defined by the phrase risk assessment which means this is not the BEST answer as required in this question. D: The process of transferring risk can be a method of reducing risk. However, this is not the BEST definition of risk management. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 70-73 QUESTION 47 Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment? A. B. C. D.

A baseline A standard A procedure A guideline

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The term baseline refers to a point in time that is used as a comparison for future changes. Once risks have been mitigated and security put in place, a baseline is formally reviewed and agreed upon, after which all further comparisons and development are measured against it. A baseline results in a consistent reference point. Baselines are also used to define the minimum level of protection required. In security, specific baselines can be defined per system type, which indicates the necessary settings and the level of protection being provided. For example, a company may stipulate that all accounting systems must meet an Evaluation Assurance Level (EAL) 4 baseline. This means that only systems that have gone through the Common Criteria process and achieved this rating can be used in this department. Once the systems are properly configured, this is the necessary baseline. Incorrect Answers: B: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They do not provide a minimum level of security acceptable for an environment. C: A procedure provides detailed step-by-step instructions to achieve a certain task, which are used by users, IT staff, operations staff, security members, and others. It does not provide a minimum level of security acceptable for an environment. D: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They do not provide a minimum level of security acceptable for an environment. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 106 QUESTION 48 Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. Integrity B. Confidentiality C. Availability

CISSP

D. Identity Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Information must be accurate, complete, and protected from unauthorized modification. When a security mechanism provides integrity, it protects data, or a resource, from being altered in an unauthorized fashion. If any type of illegitimate modification does occur, the security mechanism must alert the user or administrator in some manner. Hashing can be used in emails to guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered. Incorrect Answers: B: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. This is not what is described in the question. C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question. D: Identity would be the sender or recipient of the email message. It does not guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 159 QUESTION 49 Which of the following is NOT a technical control? A. B. C. D.

Password and resource management Identification and authentication methods Monitoring for physical intrusion Intrusion Detection Systems

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Technical controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network. Physical controls are controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls. Monitoring for physical intrusion is an example of a physical control, not a technical control. Incorrect Answers: A: Password and resource management is an example of a technical control. B: Identification and authentication methods are an example of a technical control. D: Intrusion Detection Systems are an example of a technical control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28 QUESTION 50 Which of the following would NOT violate the Due Diligence concept?

CISSP

A. B. C. D.

Security policy being outdated Data owners not laying out the foundation of data protection Network administrator not taking mandatory two-week vacation as planned Latest security patches for servers being installed as per the Patch Management process

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Due diligence is the act of gathering the necessary information so the best decision-making activities can take place. Before a company purchases another company, it should carry out due diligence activities so that the purchasing company does not have any “surprises” down the road. The purchasing company should investigate all relevant aspects of the past, present, and predictable future of the business of the target company. If this does not take place and the purchase of the new company hurts the original company financially or legally, the decision makers could be found liable (responsible) and negligent by the shareholders. In information security, similar data gathering should take place so that there are no “surprises” down the road and the risks are fully understood before they are accepted. Latest security patches for servers being installed as per the Patch Management process is a good security measure that should take place. This measure would not violate Due Diligence. Incorrect Answers: A: Security policy being outdated is a security risk that would violate due diligence. B: Data owners not laying out the foundation of data protection is a security risk that would violate due diligence. C: A network administrator not taking mandatory two-week vacation as planned protection is a security risk that would violate due diligence. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1023 QUESTION 51 Ensuring least privilege does NOT require: A. B. C. D.

Identifying what the user's job is. Ensuring that the user alone does not have sufficient rights to subvert an important process. Determining the minimum set of privileges required for a user to perform their duties. Restricting the user to required privileges and nothing more.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. If an individual has excessive permissions and rights, it could open the door to abuse of access and put the company at more risk than is necessary. Ensuring least privilege requires the following: Identifying what the user's job is (and therefore what he needs to do). Determining the minimum set of privileges required for a user to perform their duties. Restricting the user to required privileges and nothing more. Ensuring that the user alone does not have sufficient rights to subvert an important process is not a requirement for least privilege. This is an example of separation of duties where it would take collusion between two or more people to subvert the process. CISSP

Incorrect Answers: A: Ensuring least privilege does require identifying what the user's job is to determine what he needs to do and what permissions he needs to do it. C: Determining the minimum set of privileges required for a user to perform their duties is a requirement for ensuring least privilege. D: Restricting the user to required privileges and nothing more is the definition of least privilege. This is obviously a requirement for ensuring least privilege. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1236 QUESTION 52 Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A. B. C. D.

Information systems security professionals Data owners Data custodians Information systems auditors

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The auditor is responsible for providing reports to the senior management on the effectiveness of the security controls. The function of the auditor is to come around periodically and make sure you are doing what you are supposed to be doing. They ensure the correct controls are in place and are being maintained securely. The goal of the auditor is to make sure the organization complies with its own policies and the applicable laws and regulations. Organizations can have internal auditors and/or external auditors. The external auditors commonly work on behalf of a regulatory body to make sure compliance is being met. Incorrect Answers: A: Information systems security professionals implement security controls. They do not report on their effectiveness. B: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner does not report on the effectiveness of security controls. C: The data custodian (information custodian) is responsible for maintaining and protecting the data. The data custodian does not report on the effectiveness of security controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 122-125 QUESTION 53 What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? A. B. C. D.

$300,000 $150,000 $60,000 $1,500

Correct Answer: C CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The exposure factor (EF) represents the percentage of loss a realized threat could have on a certain asset. The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific threat taking place within a 12-month timeframe. The range can be from 0.0 (never) to 1.0 (once a year) to greater than 1 (several times a year) and anywhere in between. For example, if the probability of a fire taking place and damaging our data warehouse is once every ten years, the ARO value is 0.1. In this question, the EF is $1,000,000 x 30% = $300,000. The ARO is once every five years which equals 0.2 (1 / 5). Therefore, the highest amount a company should spend annually on countermeasures is $300,000 x 0.2 = $60,000. Incorrect Answers: A: The highest amount a company should spend annually on countermeasures is $60,000 not $300,000. B: The highest amount a company should spend annually on countermeasures is $60,000 not $150,000. D: The highest amount a company should spend annually on countermeasures is $60,000 not $1,500. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 54 Which of the following statements pertaining to quantitative risk analysis is NOT true? A. B. C. D.

Portion of it can be automated It involves complex calculations It requires a high volume of information It requires little experience to apply

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative. Quantitative risk analysis does require knowledge and experience to perform. Therefore, the statement “It requires little experience to apply” is false. Incorrect Answers: A: A portion of the quantitative risk analysis process can be automated by using quantitative risk analysis tools. B: Quantitative risk analysis does involve complex calculations. C: Quantitative risk analysis does require a high volume of information. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 86 QUESTION 55 Which property ensures that only the intended recipient can access the data and nobody else? A. Confidentiality

CISSP

B. Capability C. Integrity D. Availability Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination. Incorrect Answers: B: Capability is not what ensures that only the intended recipient can access the data and nobody else. C: Integrity ensures that data is unaltered. This is not what is described in the question. D: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 159 QUESTION 56 Making sure that the data has not been changed unintentionally, due to an accident or malice is: A. B. C. D.

Integrity. Confidentiality. Availability. Auditability.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. Hardware, software, and communication mechanisms must work in concert to maintain and process data correctly and to move data to intended destinations without unexpected alteration. The systems and network should be protected from outside interference and contamination. Incorrect Answers: B: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. This is not what is described in the question. C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question. D: Auditability is the ability of something to be audited. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 159 QUESTION 57 Which of the following are the steps usually followed in the development of documents such as security policy, CISSP

standards and procedures? A. B. C. D.

design, development, publication, coding, and testing design, evaluation, approval, publication, and implementation initiation, evaluation, development, approval, publication, implementation, and maintenance feasibility, development, approval, implementation, and integration

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A project management style approach is used the development of documents such as security policy, standards and procedures. In the initiation and evaluation stage, a written proposal is submitted to management stating the objectives of the particular document. In the development phase, a team is assembled for the creation of the document. In the approval phase, the document is presented to the appropriate body within the organization for approval. In the publication phase, the document is published within the organization. In the implementation phase, the various groups affected by the new document commence its implementation. In the maintenance phase, the document is reviewed on the review date agreed in the development phase. Incorrect Answers: A: Design, coding and testing are not phases in the development of documents such as security policy, standards and procedures. B: Design and implementation are not phases in the development of documents such as security policy, standards and procedures. D: Feasibility and integration are not phases in the development of documents such as security policy, standards and procedures. References: Information Security Management Handbook, Fourth Edition, Volume 3 by Harold. F. Tipton. Page 380-382. QUESTION 58 What is the goal of the Maintenance phase in a common development process of a security policy? A. B. C. D.

to review the document on the specified review date publication within the organization to write a proposal to management that states the objectives of the policy to present the document to an approving body

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: It is decided during the development phase that the security policy will be reviewed on the review date. The purpose of the maintenance phase is to review the document on the specified review date. During this review, the continuing viability of the document is decided. If the document is no longer required, then it is withdrawn or cancelled. If viability is determined and changes are needed, the team jumps into the development cycle at Phase Two and the cycle begins again. Incorrect Answers: B: Publication within the organization is performed in the publication phase, not the maintenance phase. C: Writing a proposal to management that states the objectives of the policy is performed in the Initiating and Evaluation phase. CISSP

D: Presenting the document to an approving body is performed in the Approval phase. References: Information Security Management Handbook, Fourth Edition, Volume 3. Harold F. Tipton. Page: 380-382. QUESTION 59 What is the difference between Advisory and Regulatory security policies? A. B. C. D.

there is no difference between them regulatory policies are high level policy, while advisory policies are very detailed Advisory policies are not mandated. Regulatory policies must be implemented. Advisory policies are mandated while Regulatory policies are not

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Regulatory policy is not often something that an organization can work around. Rather, they must work with them. Governments and regulatory and governing bodies that regulate certain professions, such as medicine and law typically create this type of policy. In general, organizations that operate in the public interest, such as safety or the management of public assets, or that are frequently held accountable to the public for their actions, are users of regulatory policy. This type of policy consists of a series of legal statements that describe in detail what must be done, when it must be done, who does it, and can provide insight as to why it is important to do it. An advisory policy provides recommendations often written in very strong terms about the action to be taken in a certain situation or a method to be used. While this appears to be a contradiction of the definition of policy, advisory policy provides recommendations. It is aimed at knowledgeable individuals with information to allow them to make decisions regarding the situation and how to act. Because it is an advisory policy, the enforcement of this policy is not applied with much effort. However, the policy will state the impact for not following the advice that is provided within the policy. Incorrect Answers: A: There is a difference between Advisory and Regulatory security policies. B: Advisory policies are not very detailed. D: Advisory policies are not mandated and Regulatory policies are. References: http://www.ittoday.info/AIMS/DSM/82-10-85.pdf QUESTION 60 Risk analysis is MOST useful when applied during which phase of the system development process? A. B. C. D.

Project initiation and Planning Functional Requirements definition System Design Specification Development and Implementation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The Systems Development Life Cycle (SDLC), also called the Software Development Life Cycle or simply the System Life Cycle, is a system development model. There are many variants of the SDLC, but most follow (or are based on) the National Institute of Standards and Technology (NIST) SDLC process. CISSP

NIST Special Publication 800-14 states: “Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle but most contain five basic phases: initiation, development/acquisition, implementation, operation, and disposal.” Additional steps are often added, most critically the security plan, which is the first step of any SDLC. The following overview is summarized from the NIST document, in which the first two steps relate to Risk analysis: 1. Prepare a Security Plan—Ensure that security is considered during all phases of the IT system life cycle, and that security activities are accomplished during each of the phases. 2. Initiation—The need for a system is expressed and the purpose of the system is documented. 3. Conduct a Sensitivity Assessment—Look at the security sensitivity of the system and the information to be processed. 4. Development/Acquisition 5. Implementation 6. Operation/Maintenance Incorrect Answers: B: Risk analysis is not a critical part of the Functional Requirements definition. C: Risk analysis is not a critical part of the System Design Specification. D: Risk analysis is not a critical part of Development and Implementation. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 182-183 QUESTION 61 What is the main purpose of Corporate Security Policy? A. B. C. D.

To transfer the responsibility for the information security to all users of the organization To communicate management's intentions in regards to information security To provide detailed steps for performing specific actions To provide a common framework for all development activities

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. Incorrect Answers: A: It is not the main purpose of Corporate Security Policy to transfer the responsibility for the information security to all users of the organization. C: It is not the main purpose of Corporate Security Policy to provide detailed steps for performing specific actions. D: It is not the main purpose of Corporate Security Policy to provide a common framework for all development activities. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102 QUESTION 62 Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)? A. Access to and use of the Internet is a privilege and should be treated as such by all users of the systems. B. Users should execute responsibilities in a manner consistent with the highest standards of their profession. C. There must not be personal data record-keeping systems whose very existence is secret.

CISSP

D. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent. Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: RFC 1087 is called “Ethics and the Internet.” This RFC outlines the concepts pertaining to what the IAB considers unethical and unacceptable behavior. Incorrect Answers: B: RFC 1087 is not related to profession conduct. It concerns Ethics and the Internet. C: RFC 1087 does not address personal data record keeping. D: RFC 1087 does not concern consent of use of private data. It is related to Ethics and the Internet. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1064 QUESTION 63 Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)? A. B. C. D.

Alternate site selection Create data-gathering techniques Identify the company’s critical business functions Select individuals to interview for data gathering

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Alternate site selection is among the eight BIA steps. Note: The eight BIA Steps are listed below: 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the company’s critical business functions. 4. Identify the resources these functions depend upon. 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management. Incorrect Answers: B: Creating data-gathering techniques is the second out of the eight BIA steps. C: To identify the company’s critical business functions is the third out of the eight BIA steps. D: Selecting individuals to interview for data gathering is the first out of the eight BIA steps. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 908 QUESTION 64 In the CIA triad, what does the letter A stand for?

CISSP

A. B. C. D.

Auditability Accountability Availability Authentication

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity and confidentiality) to avoid confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. Incorrect Answers: A: The letter A in the CIA/AIC triad stands for Availability, not Auditability. B: The letter A in the CIA/AIC triad stands for Availability, not Accountability. D: The letter A in the CIA/AIC triad stands for Availability, not Authentication. References: http://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA QUESTION 65 Controls are implemented to: A. B. C. D.

eliminate risk and reduce the potential for loss. mitigate risk and eliminate the potential for loss. mitigate risk and reduce the potential for loss. eliminate risk and eliminate the potential for loss.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A countermeasure is defined as a control, method, technique, or procedure that is put into place to prevent a threat agent from exploiting a vulnerability. A countermeasure is put into place to mitigate risk. A countermeasure is also called a safeguard or control. Incorrect Answers: A: You can reduce risk but you can never completely eliminate it. B: You can reduce the potential for loss but you can never completely eliminate it. D: You can reduce risk or the potential for loss but you can never completely eliminate them. QUESTION 66 What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. B. C. D.

Probability Exposure factor Vulnerability Threat

Correct Answer: B

CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The Exposure Factor (EF) is a measure of the magnitude of loss or impact (usually as a percentage) on the value of an asset. It is used for calculating the Single Loss Expectancy (SLE) which in turn is used to calculate the Annual Loss Expectancy (ALE). The Single Loss Expectancy (SLE) is a dollar amount that is assigned to a single event that represents the company’s potential loss amount if a specific threat were to take place. The equation is laid out as follows: Asset Value × Exposure Factor (EF) = SLE The exposure factor (EF) represents the percentage of loss a realized threat could have on a certain asset. For example, if a data warehouse has the asset value of $150,000, it can be estimated that if a fire were to occur, 25 percent of the warehouse would be damaged, in which case the SLE would be $37,500: Asset Value ($150,000) × Exposure Factor (25%) = $37,500 Incorrect Answers: A: Probability is the likelihood of something happening. This is not what is described in the question. C: A vulnerability is the absence or weakness of a safeguard that could be exploited. This is not what is described in the question. D: A threat is any potential danger that is associated with the exploitation of a vulnerability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 67 The scope and focus of the Business continuity plan development depends most on: A. B. C. D.

Directives of Senior Management Business Impact Analysis (BIA) Scope and Plan Initiation Skills of BCP committee

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A BIA is performed at the beginning of business continuity planning to identify the areas that would suffer the greatest financial or operational loss in the event of a disaster or disruption. It identifies the company’s critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of a disaster or disruption. Incorrect Answers: A: The Business continuity plan depends on the BIA, not on directives from Senior Management. C: The Business continuity plan depends on the BIA, not on Scope and Plan Initiation. D: The Business continuity plan depends on the BIA, not on Skills of BCP committee. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 909 QUESTION 68 Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis

CISSP

D. Threat identification Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk management often must rely on speculation, best guesses, incomplete data, and many unproven assumptions. The uncertainty analysis attempts to document this so that the risk management results can be used knowledgeably. There are two primary sources of uncertainty in the risk management process: (1) a lack of confidence or precision in the risk management model or methodology and (2) a lack of sufficient information to determine the exact value of the elements of the risk model, such as threat frequency, safeguard effectiveness, or consequences. References: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf, p. 21 QUESTION 69 Which of the following control pairings include: organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks? A. B. C. D.

Preventive/Administrative Pairing Preventive/Technical Pairing Preventive/Physical Pairing Detective/Administrative Pairing

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Preventive administrative controls are management policies and procedures designed to protect against unwanted employee behavior. This includes separation of duties, business continuity and DR planning/testing, proper hiring practices, and proper processing of terminations. It also includes security policy, information classification, personnel procedures, and security-awareness training. Incorrect Answers: B: Technical controls, which are also known as logical controls, are software or hardware components, such as firewalls, IDS, encryption, identification and authentication mechanisms. C: Physical controls are items put into place to protect facility, personnel, and resources. These include guards, locks, fencing, and lighting. D: Detective/Administrative controls include monitoring and supervising, job rotation, and investigations. References: http://www.brighthub.com/computing/smb-security/articles/2388.aspx Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-33 QUESTION 70 What can best be defined as high-level statements, beliefs, goals and objectives? A. Standards B. Policies C. Guidelines

CISSP

D. Procedures Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A policy is defined as a high-level document that outlines senior management’s security directives. A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A security policy can be an organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy, management establishes how a security program will be set up, lays out the program’s goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out. Incorrect Answers: A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They are not defined as high-level statements, beliefs, goals and objectives. C: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They are not defined as high-level statements, beliefs, goals and objectives. D: Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. They are not defined as high-level statements, beliefs, goals and objectives. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107 QUESTION 71 In an organization, an Information Technology security function should: A. B. C. D.

Be a function within the information systems function of an organization. Report directly to a specialized business unit such as legal, corporate security or insurance. Be led by a Chief Security Officer and report directly to the CEO. Be independent but report to the Information Systems function.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A Chief Security Officer (CSO) reports directly to the Chief Executive Officer (CEO). IT Security should be led by a CSO. The chief security officer (CSO) is responsible for understanding the risks that the company faces and for mitigating these risks to an acceptable level. This role is responsible for understanding the organization’s business drivers and for creating and maintaining a security program that facilitates these drivers, along with providing security, compliance with a long list of regulations and laws, and any customer expectations or contractual obligations. Incorrect Answers: A: The IT security function should not be a function within the information systems function of an organization. B: The IT security function should not report directly to a specialized business unit such as legal, corporate security or insurance. D: The IT security function should be independent but should not report to the Information Systems function.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 119 QUESTION 72 Qualitative loss resulting from the business interruption does NOT usually include: A. B. C. D.

Loss of revenue Loss of competitive advantage or market share Loss of public confidence and credibility Loss of market leadership

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Loss of revenue is a quantitative loss, A Qualitative loss. The quantitative impact can be determined by evaluating financial losses such as lost revenue, assets or production units, and salary paid to an idled workforce. Qualitative impact includes such factors as reputation, goodwill, value of the brand and lost opportunity, among others. Incorrect Answers: B: Loss of market share is qualitative loss. C: Qualitative impact can lead eventually to financial losses over time, for example due to loss of customer confidence. D: Loss of market leadership is qualitative loss. References: http://searchdisasterrecovery.techtarget.com/answer/Debating-quantitative-impact-vs-qualitative-impact QUESTION 73 Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)? A. B. C. D.

Calculate the risk for each different business function. Identify the company’s critical business functions. Calculate how long these functions can survive without these resources. Develop a mission statement.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: To develop a mission statement is not part of the BIA process. The eight BIA Steps are listed below: 1. Select individuals to interview for data gathering. 2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches). 3. Identify the company’s critical business functions. 4. Identify the resources these functions depend upon. 5. Calculate how long these functions can survive without these resources. 6. Identify vulnerabilities and threats to these functions. 7. Calculate the risk for each different business function. 8. Document findings and report them to management. CISSP

Incorrect Answers: A: To calculate the risk for each different business function is step seven in the BIA process. B: Identifying the company’s critical business functions is step three in the BIA process. C: To calculate how long these functions can survive without these resources is step five in the BIA process. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 908 QUESTION 74 Which of the following is NOT a common integrity goal? A. B. C. D.

Prevent unauthorized users from making modifications. Maintain internal and external consistency. Prevent authorized users from making improper modifications. Prevent paths that could lead to inappropriate disclosure.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Integrity does not prevent paths that could lead to inappropriate disclosure. Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. Environments that enforce and provide this attribute of security ensure that attackers, or mistakes by users, do not compromise the integrity of systems or data. Users usually affect a system or its data’s integrity by mistake (although internal users may also commit malicious deeds). For example, a user may insert incorrect values into a data processing application that ends up charging a customer $3,000 instead of $300. Incorrect Answers: A: A goal of integrity is to prevent unauthorized users from making modifications. B. A goal of integrity is to maintain internal and external consistency. C. A goal of integrity is to prevent authorized users from making improper modifications. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 75 At what Orange Book evaluation levels are design specification and verification FIRST required? A. B. C. D.

C1 and above. C2 and above. B1 and above. B2 and above.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: B1: Labeled Security: Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subject’s and object’s security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement, and the design specifications are reviewed and verified. CISSP

This security rating is intended for environments that require systems to handle classified data. Incorrect Answers: A: Design specification and verification are not required at level C1. B: Design specification and verification are not required at level C2. D: B2 is not the lowest level that requires design specification and verification. Level B1 requires design specification and verification. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 395 QUESTION 76 Which of the following is an advantage of a qualitative over a quantitative risk analysis? A. B. C. D.

It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. It provides specific quantifiable measurements of the magnitude of the impacts. It makes a cost-benefit analysis of recommended controls easier. It can easily be automated.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Qualitative risk assessments quantify the level of risk whereas quantitative risk assessments place a monetary value on the effect of risk. For example, a qualitative risk assessment may use a scale such as low risk, medium risk and high risk or a 1 to 10 scale. One risk assessment methodology is called FRAP, which stands for Facilitated Risk Analysis Process. The crux of this qualitative methodology is to focus only on the systems that really need assessing to reduce costs and time obligations. It stresses prescreening activities so that the risk assessment steps are only carried out on the item(s) that needs it the most. It is to be used to analyze one system, application, or business process at a time. Data is gathered and threats to business operations are prioritized based upon their criticality. The risk assessment team documents the controls that need to be put into place to reduce the identified risks along with action plans for control implementation efforts. Incorrect Answers: B: Quantitative, not qualitative risk assessments provide specific quantifiable measurements of the magnitude of the impacts. C: Quantitative, not qualitative risk assessments make a cost-benefit analysis of recommended controls easier. D: Quantitative, not qualitative risk assessments can easily be automated or at least partially automated. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 79 QUESTION 77 An effective information security policy should NOT have which of the following characteristic? A. B. C. D.

Include separation of duties Be designed with a short- to mid-term focus Be understandable and supported by all stakeholders Specify areas of responsibility and authority

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: CISSP

Explanation: An information security policy should not be designed with a short to mid-term focus. It should be created with the intention of having the policies in place for several years at a time. This will help ensure policies are forward-thinking enough to deal with potential changes that may arise. It should also be reviewed and modified as a company changes, such as through adoption of a new business model, a merger with another company, or change of ownership. Incorrect Answers: A: An information security policy should include separation of duties. C: An information security policy should be understandable and supported by all stakeholders. D: An information security policy should specify areas of responsibility and authority. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102 QUESTION 78 Which of the following choices is NOT normally part of the questions that would be asked in regards to an organization's information security policy? A. B. C. D.

Who is involved in establishing the security policy? Where is the organization's security policy defined? What are the actions that need to be performed in case of a disaster? Who is responsible for monitoring compliance to the organization's security policy?

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The actions that need to be performed in case of a disaster are defined in the risk management policy, not the information security policy. An information security policy should determine who is involved in establishing the security policy, where the organization's security policy is defined and who is responsible for monitoring compliance to the organization's security policy. Incorrect Answers: A: An information security policy should determine who is involved in establishing the security policy. B: An information security policy should determine where the organization's security policy is defined. D: An information security policy should determine who is responsible for monitoring compliance to the organization's security policy. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102 QUESTION 79 The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? A. B. C. D.

Confidentiality Availability Integrity Reliability

Correct Answer: B Section: Security and Risk Management Explanation

CISSP

Explanation/Reference: Explanation: Availability ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers, and applications should provide adequate functionality to perform in a predictable manner with an acceptable level of performance. They should be able to recover from disruptions in a secure and quick fashion so productivity is not negatively affected. Necessary protection mechanisms must be in place to protect against inside and outside threats that could affect the availability and productivity of all business-processing components. Incorrect Answers: A: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This is not what is described in the question. C: Integrity ensures that data is unaltered. This is not what is described in the question. D: Reliability could be used to describe the ability of system to serve data. However, data being accessible when required is described as availability, not reliability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23 QUESTION 80 Which of the following would BEST classify as a management control? A. B. C. D.

Review of security controls Personnel security Physical and environmental protection Documentation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Management controls are largely procedural in nature and in general deal with the business processes used by an organization to manage the security of the information systems. The Management Control class includes five families of security controls: Risk Assessment, Security Planning, Acquisition of Information Systems and Services, Review of Security Controls and Security Accreditation. Incorrect Answers: B: Personnel security is not one of the five defined families of security controls in the Management Control Class. C: Physical and environmental protection is not one of the five defined families of security controls in the Management Control Class. D: Documentation is not one of the five defined families of security controls in the Management Control Class. References: Pohlman, Martin B., Oracle Identity Management: Governance, Risk, and Compliance Architecture, 3rd Edition, Auerbach Publications, Boca Raton, 2008, p. 476 QUESTION 81 Valuable paper insurance coverage does cover damage to which of the following? A. B. C. D.

Inscribed, printed and Written documents Manuscripts Records Money and Securities

Correct Answer: D CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Valuable paper insurance coverage provides protection for inscribed, printed, and written documents and manuscripts and other printed business records. However, it does Cover damage to paper money and printed security certificates. Incorrect Answers: A: Valuable paper insurance coverage provides protection for inscribed, printed, and written documents. B: Valuable paper insurance coverage provides protection for manuscripts. C: Valuable paper insurance coverage provides protection for printed business records. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 653 QUESTION 82 Which of the following statements pertaining to a security policy is NOT true? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D. It must be flexible to the changing environment. Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The attributes of a security policy include the following: Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. It must be flexible to the changing environment. A security policy does not specify how hardware and software should be used throughout the organization. This is the purpose of an Acceptable Use Policy. Incorrect Answers: A: The main purpose of a security policy is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. C: A security policy does to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D: A security policy must be flexible to the changing environment. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102 QUESTION 83 If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:

CISSP

A. B. C. D.

Value of item on the date of loss Replacement with a new item for the old one regardless of condition of lost item Value of item one month before the loss Value of item on the date of loss plus 10 percent

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: In the property and casualty insurance industry, Actual Cash Value (ACV) is a method of valuing insured property, or the value computed by that method. ACV is computed by subtracting depreciation from replacement cost on the date of the loss. The depreciation is usually calculated by establishing a useful life of the item determining what percentage of that life remains. This percentage multiplied by the replacement cost equals the ACV. Incorrect Answers: B: Using Actual Cash Valuation you would not receive a new item as a replacement for the old damaged item. C: You would receive the calculated value of item on the exact date of the loss, not of the value one month before the loss. D: You would receive the calculated value of item on the date of loss only. You would not receive an additional 10%. References: https://en.wikipedia.org/wiki/Actual_cash_value QUESTION 84 The preliminary steps to security planning include all of the following EXCEPT which of the following? A. B. C. D.

Establish objectives. List planning assumptions. Establish a security audit function. Determine alternate courses of action

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A security policy can be an organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy, management establishes how a security program will be set up, lays out the program’s goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out. Security planning should include establishing objectives, listing assumptions and determining alternate courses of action. Security planning does not include establishing a security audit function. Auditing security is performed to ensure that the security measures implemented as described in the security plan are effective. Incorrect Answers: A: Security planning should include establishing objectives. B: Security planning should include listing assumptions. D: Security planning should include determining alternate courses of action. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 102 QUESTION 85 Step-by-step instructions used to satisfy control requirements are called a: A. B. C. D.

policy. standard. guideline. procedure.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can apply to users, IT staff, operations staff, security members, and others who may need to carry out specific tasks. Many organizations have written procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues. Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. Incorrect Answers: A: A policy is defined as a high-level document that outlines senior management’s security directives. This is not what is described in the question. B: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. This is not what is described in the question. C: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107 QUESTION 86 One purpose of a security awareness program is to modify: A. B. C. D.

employee's attitudes and behaviors towards enterprise's security posture. management's approach towards enterprise's security posture. attitudes of employees with sensitive data. corporate attitudes about safeguarding data.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: For an organization to achieve the desired results of its security program, it must communicate the what, how, and why of security to its employees. Security-awareness training should be comprehensive, tailored for specific groups, and organization-wide. The goal is for each employee to understand the importance of security to the company as a whole and to each individual. Expected responsibilities and acceptable behaviors must be clarified, and noncompliance repercussions, which could range from a warning to dismissal, must be explained before being invoked. Security-awareness training is performed to modify employees’ behavior and attitude toward security. This can CISSP

best be achieved through a formalized process of security-awareness training. Incorrect Answers: B: It is not the purpose of security awareness training to modify management's approach towards enterprise's security posture. C: It is not the purpose of security awareness training to modify attitudes of employees with sensitive data only. It should apply to all employees. D: It is not the purpose of security awareness training to modify corporate attitudes about safeguarding data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 130 QUESTION 87 What is a security policy? A. High level statements on management's expectations that must be met in regards to security B. A policy that defines authentication to the network. C. A policy that focuses on ensuring a secure posture and expresses management approval. It explains in detail how to implement the requirements. D. A statement that focuses on the authorization process for a system Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. Fundamentally important to any security program’s success is the senior management’s high-level statement of commitment to the information security policy process, and a senior management’s understanding of how important security controls and protections are to the enterprise’s continuity. Senior management must be aware of the importance of security implementation to preserve the organization’s viability (and for their own “Due Care” protection), and must publicly support that process throughout the enterprise. Incorrect Answers: B: A security policy is not policy that defines authentication to the network. A security policy is not that specific. C: A security policy does not explain in detail how to implement the requirements; it is a high-level statement. D: A security policy is not a statement that focuses on the authorization process for a system. A security policy is not that specific. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 102 Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 21 QUESTION 88 The end result of implementing the principle of least privilege means which of the following? A. B. C. D.

Users would get access to only the info for which they have a need to know Users can access all systems. Users get new privileges added when they change positions. Authorization creep.

Correct Answer: A Section: Security and Risk Management Explanation

CISSP

Explanation/Reference: Explanation: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. Incorrect Answers: B Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. Not all users in an organization requires access to all systems. C: The principle of least privilege would require that the rights required for the position be closely evaluated and where possible rights revoked. D: Authorization creep occurs when users are given additional rights with new positions and responsibilities. The principle of least privilege should actually prevent authorization creep. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 281, 1236 https://en.wikipedia.org/wiki/Principle_of_least_privilege QUESTION 89 Which of the following exemplifies proper separation of duties? A. B. C. D.

Operators are not permitted modify the system time. Programmers are permitted to use the system console. Console operators are permitted to mount tapes and disks. Tape operators are permitted to use the system console.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Changing the system time would cause logged events to have the wrong time. An operator could commit fraud and cover his tracks by changing the system time to make it appear as the events happened at a different time. Ensuring that operators are not permitted modify the system time (another person would be required to modify the system time) is an example of separation of duties. The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way. High-risk activities should be broken up into different parts and distributed to different individuals or departments. That way, the company does not need to put a dangerously high level of trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. Incorrect Answers: B: Programmers being permitted to use the system console is not an example of separation of duties. Separation of duties requires that another person is required to do something thus reducing the chance of fraud. C: Console operators being permitted to mount tapes and disks is not an example of separation of duties. Separation of duties requires that another person is required to do something thus reducing the chance of fraud. D: Tape operators being permitted to use the system console is not an example of separation of duties. Separation of duties requires that another person is required to do something thus reducing the chance of fraud. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1235-1236 QUESTION 90 An access control policy for a bank teller is an example of the implementation of which of the following?

CISSP

A. B. C. D.

Rule-based policy Identity-based policy User-based policy Role-based policy

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Role-based access control is a model where access to resources is determined by job role rather than by user account. In this question, a bank teller is a job role. Therefore, an access control policy for a bank teller is a role-based policy. Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computersystem functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. Incorrect Answers: A: With Rule-Based Access Control, access is allowed or denied to resources based on a set of rules. The rules could be membership of a group, time of day etc. This model is not used to provide access to resources to someone performing a job role such as a bank teller. B: Bank Teller is a job role, not an identity. In an identity-based policy, access to resources is determined by the identity of the user, not the role of the user. C: A user-based policy would be similar to an identity-based policy whereby access to resources is determined by who the user is, not what role the user performs. References: http://en.wikipedia.org/wiki/Role-based_access_control QUESTION 91 At which of the Orange Book evaluation levels is configuration management required? A. B. C. D.

C1 and above. C2 and above. B1 and above. B2 and above.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to a particular system or equipment during its life cycle. In particular, as related to equipment used to process classified information, equipment can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). The Trusted Computer System Evaluation Criteria (TCSEC) requires all changes to the TCB for classes B2 through A1 be controlled by configuration management. Incorrect Answers: A: Configuration management is not required at level C1. B: Configuration management is not required at level C2. C: Configuration management is not required at level B1. CISSP

References: http://surflibrary.org/ses/TEMPBOOK/CH6CONFGMGT.pdf QUESTION 92 Which type of security control is also known as "Logical" control? A. B. C. D.

Physical Technical Administrative Risk

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Technical controls, which are also known as logical controls, are software or hardware components such as firewalls, IDS, encryption, identification and authentication mechanisms. Incorrect Answers: A: Physical controls are not known as logical controls, they are objects put into place to protect facility, personnel, and resources. C: Administrative controls are usually referred to as soft controls, not logical controls. D: Risk is not a valid security control type. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28 QUESTION 93 Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes— Oxley Section 404 compliance? A. B. C. D.

Committee of Sponsoring Organizations of the Treadway Commission (COSO) BIBA National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66) CCTA Risk Analysis and Management Method (CRAMM)

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them. There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the Sarbanes–Oxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure. CISSP

Incorrect Answers: B: BIBA is not required by organizations working towards Sarbanes—Oxley Section 404 compliance. C: National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66) is not required by organizations working towards Sarbanes—Oxley Section 404 compliance. D: CCTA Risk Analysis and Management Method (CRAMM) is not required by organizations working towards Sarbanes—Oxley Section 404 compliance. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 59 QUESTION 94 The Widget Company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their company. As part of the external audit they brought in a technology expert, who incidentally was a new CISSP. The auditor's expert asked to see their last risk analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assessment that was signed by both the Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and nowhere else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. Who owns the risk with regards to the data that is being backed up and where it is stored? A. B. C. D.

Only the Chief Financial Officer Only the most Senior Management such as the Chief Executive Officer Both the Chief Financial Officer and Technology Manager Only The Technology Manager

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The chief financial officer (CFO) is a member of the board. The board members are responsible for setting the organization’s strategy and risk appetite (how much risk the company should take on). In this question, the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. The Chief Financial Officer therefore owns the risk. Incorrect Answers: B: The most Senior Management such as the Chief Executive Officer does not own the risk. The Chief Financial Officer is responsible for company finances and accepted the risk. This means that the CFO owns the risk, not the CEO. C: The Technology Manager signed the risk assessment but he did not accept the risk. D: The Technology Manager signed the risk assessment but he did not accept the risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 98 QUESTION 95 The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. B. C. D.

preventive/physical. detective/technical. detective/physical. detective/administrative.

CISSP

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The detective/technical controls helps to identify an incident’s activities and potentially an intruder using software or hardware components, which include Audit logs and IDS. Incorrect Answers: A: Preventive/physical controls are meant to discourage a potential attacker using items put into place to protect facility, personnel, and resources. These items include locks, badge systems, security guards, biometric system, and mantrap doors. C: The detective/physical controls helps to identify an incident’s activities and potentially an intruder using items put into place to protect facility, personnel, and resources. These items include motion detectors and closedcircuit TVs. D: The detective/administrative controls helps to identify an incident’s activities and potentially an intruder using management-oriented controls, which include monitoring and supervising, job rotation, and investigations. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-34 QUESTION 96 Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA)? A. B. C. D.

Notifying senior management of the start of the assessment. Creating data gathering techniques. Identifying critical business functions. Calculating the risk for each different business function.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Notifying senior management of the start of the assessment is not one of the eight steps in the BIA process. Note: The steps of a Business Impact Assessment are: Step 1: Determine information gathering techniques. Step 2: Select interviewees (i.e. stakeholders.) Step 3: Customize questionnaire to gather economic and operational impact information. Step 4: Analyze collected impact information. Step 5: Determine time-critical business systems. Step 6: Determine maximum tolerable downtimes (MTD). Step 7: Prioritize critical business systems based on MTD. Step 8: Document findings and report recommendations. Incorrect Answers: B: Creating data gathering techniques is the first step in the BIA process. C: Identifying critical business functions is the fifth step in the BIA process. D: Calculating the risk for each different business function is the sixth step in the BIA process. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 908 QUESTION 97 Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components CISSP

of the enterprise that support those processes? A. B. C. D.

Business Impact Assessment Current State Assessment Risk Mitigation Assessment. Business Risk Assessment.

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A Business Impact Assessment (BIA) is an analysis that identifies the resources that are critical to an organization’s ongoing viability and the threats posed to those resources. It also assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business. Identification of priorities is the first step of the business impact assessment process. Incorrect Answers: B: Current State Assessment is related to future business planning needs. It is concerned with recovery time of critical business processes. C: Risk Mitigation Assessment is concerned with recovery time objectives. The Business Impact Assessment addresses the recovery time. D: Business Risk Assessment is concerned with recovery time objectives. The Business Impact Assessment addresses the recovery time. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 825 QUESTION 98 Which of the following answers is the BEST example of Risk Transference? A. B. C. D.

Insurance Results of Cost Benefit Analysis Acceptance Not hosting the services at all

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Once a company knows the amount of total and residual risk it is faced with, it must decide how to handle it. Risk can be dealt with in four basic ways: transfer it, avoid it, reduce it, or accept it. Many types of insurance are available to companies to protect their assets. If a company decides the total risk is too high to gamble with, it can purchase insurance, which would transfer the risk to the insurance company. Incorrect Answers: B: Cost/benefit analysis is an assessment that is performed to ensure that the cost of protecting an asset does not outweigh the benefit of the protection or the value of the asset. It is not an example of risk transference. C: Risk acceptance is when a company understands the level of risk it is faced with, as well as the potential cost of the risk but does not implement any countermeasure because cost of the countermeasure outweighs the potential loss value. This is determined by the Cost/benefit analysis. Acceptance is not an example of risk transference. D: Risk avoidance is when a company decides not to implement and activity or to terminate and activity that is introducing the risk, and in so doing avoids the risk. Not hosting the services at all is not an example of risk CISSP

transference; it is an example of risk avoidance. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 96-97, 97, 97-98 QUESTION 99 Which of the following answer BEST relates to the type of risk analysis that involves committees, interviews, opinions and subjective input from staff? A. B. C. D.

Qualitative Risk Analysis Quantitative Risk Analysis Interview Approach to Risk Analysis Managerial Risk Assessment

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Qualitative risk analysis methods walk through different scenarios of risk possibilities and rank the seriousness of the threats and the validity of the different possible countermeasures based on opinions. (A wide sweeping analysis can include hundreds of scenarios.) Qualitative analysis techniques include judgment, best practices, intuition, and experience. Examples of qualitative techniques to gather data are Delphi, brainstorming, storyboarding, focus groups, surveys, questionnaires, checklists, one-on-one meetings, and interviews. The risk analysis team will determine the best technique for the threats that need to be assessed, as well as the culture of the company and individuals involved with the analysis. The team that is performing the risk analysis gathers personnel who have experience and education on the threats being evaluated. When this group is presented with a scenario that describes threats and loss potential, each member responds with their gut feeling and experience on the likelihood of the threat and the extent of damage that may result. Incorrect Answers: B: Quantitative Risk Analysis assigns a monetary value to impact of a risk. This is not what is described in the question. C: Interview Approach to Risk Analysis is not one of the defined risk analysis types. D: Managerial Risk Assessment is not the best type of risk analysis that involves committees, interviews, opinions and subjective input from staff. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 89 QUESTION 100 Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions? A. B. C. D.

Least Privilege Principle Minimum Privilege Principle Mandatory Privilege Requirement Implicit Information Principle

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. If an individual has excessive permissions and rights, it could open the door to abuse of CISSP

access and put the company at more risk than is necessary. For example, if Dusty is a technical writer for a company, he does not necessarily need to have access to the company’s source code. So, the mechanisms that control Dusty’s access to resources should not let him access source code. This would properly fulfill operations security controls that are in place to protect resources. Incorrect Answers: B: Minimum Privilege Principle is not the term defined by the process of giving only just enough access to information necessary for them to perform their job functions. C: Mandatory Privilege Requirement is not the term defined by the process of giving only just enough access to information necessary for them to perform their job functions. D: Implicit Information Principle is not the term defined by the process of giving only just enough access to information necessary for them to perform their job functions. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1236 QUESTION 101 Which term BEST describes a practice used to detect fraud for users or a user by forcing them to be away from the workplace for a while? A. B. C. D.

Mandatory Vacations Least Privilege Principle Obligatory Separation Job Rotation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Employees in sensitive areas should be forced to take their vacations, which is known as a mandatory vacation. While they are on vacation, other individuals fill their positions and thus can usually detect any fraudulent errors or activities. Two of the many ways to detect fraud or inappropriate activities would be the discovery of activity on someone’s user account while they’re supposed to be away on vacation, or if a specific problem stopped while someone was away and not active on the network. These anomalies are worthy of investigation. Employees who carry out fraudulent activities commonly do not take vacations because they do not want anyone to figure out what they are doing behind the scenes. This is why they must be forced to be away from the organization for a period of time, usually two weeks. Incorrect Answers: B: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. This is not what is described in the question. C: Obligatory Separation is not a term for the process used to detect fraud for users or a user by forcing them to be away from the workplace for a while. D: Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. This could be used to detect fraud for users or a user by forcing them to be away from the workplace for a while. However, this question is asking for the BEST answer and Mandatory Vacations are for this specific purpose. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 127, 1235-1236 QUESTION 102 Which of the following is a fraud detection method whereby employees are moved from position to position? A. Job Rotation B. Mandatory Rotation

CISSP

C. Mandatory Vacations D. Mandatory Job Duties Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Job rotation is a detective administrative control to detect fraud. Job rotation means that, over time, more than one person fulfills the tasks of one position within the company. This enables the company to have more than one person who understands the tasks and responsibilities of a specific job title, which provides backup and redundancy if a person leaves the company or is absent. Job rotation also helps identify fraudulent activities, and therefore can be considered a detective type of control. If Keith has performed David’s position, Keith knows the regular tasks and routines that must be completed to fulfill the responsibilities of that job. Thus, Keith is better able to identify whether David does something out of the ordinary and suspicious. Incorrect Answers: B: Job Rotation, not Mandatory Rotation is the fraud detection method whereby employees are moved from position to position. C: Mandatory vacations are a way of detecting fraud. If a fraudulent activity stops while an employee is on vacation, it is easy to determine who was committing the fraud. Mandatory vacations force employees to take vacations rather than move them to another position. D: Mandatory Job Duties would describe duties that must be performed as part of a role. It does not describe a fraud detection method whereby employees are moved from position to position. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 127, 1235-1236 QUESTION 103 The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: A. B. C. D.

preventive/physical. detective/technical. detective/physical. detective/administrative.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The detective/physical controls helps to identify an incident’s activities and potentially an intruder using items put into place to protect facility, personnel, and resources. These items include motion detectors and closedcircuit TVs. Closed-circuit TVs are normally monitored by security guards to detect intruders. Incorrect Answers: A: Preventive/physical controls are meant to discourage a potential attacker using items put into place to protect facility, personnel, and resources. Sensors or cameras are not included in these items. B: The detective/technical controls helps to identify an incident’s activities and potentially an intruder using software or hardware components, which include Audit logs and IDS. Sensors or cameras are not included. D: The detective/administrative controls helps to identify an incident’s activities and potentially an intruder using management-oriented controls, which include monitoring and supervising, job rotation, and investigations. Sensors or cameras are not included.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-34 QUESTION 104 Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with: A. B. C. D.

preventive/physical. detective/technical. detective/physical. detective/administrative.

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Examples of detective administrative controls include monitoring and supervising, job rotation, and investigations. Incorrect Answers: A: Examples of preventive/physical controls include locks, badge systems, security guards, biometric system, and mantrap doors. B: Examples of detective/technical controls include audit logs and IDS. C: Examples of detective/physical controls include motion detectors and closed-circuit TVs. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-34 QUESTION 105 In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated? A. B. C. D.

Avoidance Acceptance Transference Mitigation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance. By avoiding the risk, we can eliminate involvement with the risk. Incorrect Answers: B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not eliminate involvement with the risk. C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not eliminate involvement with the risk. D: Risk mitigation is to implement a countermeasure to protect against the risk. This does not eliminate involvement with the risk. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 106 Of the multiple methods of handling risks which we must undertake to carry out business operations, which one involves using controls to reduce the risk? A. B. C. D.

Mitigation Avoidance Acceptance Transference

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk mitigation is where the risk is reduced to a level considered acceptable enough to continue conducting business. The implementation of firewalls, training, and intrusion/detection protection systems or other control types represent types of risk mitigation efforts. Incorrect Answers: B: Risk avoidance is where a company removes the risk. For example, by disabling a service or removing an application deemed to be a risk. This is not the process of reducing risk by implementing controls. C: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This is not the process of reducing risk by implementing controls. D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This is not the process of reducing risk by implementing controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 107 There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to conduct business operations. What is this this approach to risk management called? A. B. C. D.

Risk Acceptance Risk Avoidance Risk Transference Risk Mitigation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk Acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept risk when the cost/benefit ratio indicates that the cost of the countermeasure outweighs the potential loss value. Risk acceptance should be based on several factors. For example, is the potential loss lower than the countermeasure? Can the organization deal with the “pain” that will come with accepting this risk? This second consideration is not purely a cost decision, but may entail noncost issues surrounding the decision. For CISSP

example, if we accept this risk, we must add three more steps in our production process. Does that make sense for us? Or if we accept this risk, more security incidents may arise from it, and are we prepared to handle those? Incorrect Answers: B: Risk avoidance is where a company removes the risk. For example, by disabling a service or removing an application deemed to be a risk. This does not refer to the accepting of known risks. C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not to the accepting of known risks. D: Risk mitigation is to implement countermeasures to protect against the risk. This does not refer to the accepting of known risks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 108 John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS auditor? A. B. C. D.

Risk Mitigation Risk Acceptance Risk Avoidance Risk transfer

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk mitigation is where the risk is reduced to a level considered acceptable enough to continue conducting business. The implementation of firewalls, training, and intrusion/detection protection systems or other control types represent types of risk mitigation efforts. Incorrect Answers: B: C: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This is not the process of reducing risk by implementing controls. C: Risk avoidance is where a company removes the risk. For example, by disabling a service or removing an application deemed to be a risk. This is not the process of reducing risk by implementing controls. D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This is not the process of reducing risk by implementing controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 109 Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks? A. Risk Mitigation B. Risk Acceptance

CISSP

C. Risk Avoidance D. Risk transfer Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Risk Acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept risk when the cost/benefit ratio indicates that the cost of the countermeasure outweighs the potential loss value. Risk acceptance should be based on several factors. For example, is the potential loss lower than the countermeasure? Can the organization deal with the “pain” that will come with accepting this risk? This second consideration is not purely a cost decision, but may entail noncost issues surrounding the decision. For example, if we accept this risk, we must add three more steps in our production process. Does that make sense for us? Or if we accept this risk, more security incidents may arise from it, and are we prepared to handle those? Incorrect Answers: A: Risk mitigation is to implement countermeasures to protect against the risk. This does not refer to the accepting of known risks because the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. C: Risk avoidance is where a company removes the risk. For example, by disabling a service or removing an application deemed to be a risk. This does not refer to the accepting of known risks because the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not to the accepting of known risks because the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 110 Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized? A. B. C. D.

Risk Mitigation Risk Acceptance Risk Avoidance Risk transfer

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance. By being proactive and removing the vulnerability causing the risk, we are avoiding the risk. Incorrect Answers: A: Risk mitigation is to implement a countermeasure to protect against the risk. Implementing controls is being

CISSP

proactive and would ‘reduce’ a risk, however, only risk avoidance ‘removes’ the risk or prevents the risk being realized in the first place. B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not describe being proactive to remove the risk. D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company. This does not describe being proactive to remove the risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 111 Which of the following risk handling technique involves the practice of passing on the risk to another entity, such as an insurance company? A. B. C. D.

Risk Mitigation Risk Acceptance Risk Avoidance Risk transfer

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Many types of insurance are available to companies to protect their assets. If a company decides the total risk is too high to gamble with, it can purchase insurance, which would transfer the risk to the insurance company. Incorrect Answers: A: Risk mitigation is where controls or countermeasures are implemented to ensure the risk is reduced to a level considered acceptable enough to continue conducting business. This is not the practice of passing on the risk to another entity, such as an insurance company. B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This is not the practice of passing on the risk to another entity, such as an insurance company. C: Risk avoidance is where a company removes a risk or does not implement something that could introduce a risk. For example, by disabling a service or removing an application deemed to be a risk or not implementing them in the first place. This is not the practice of passing on the risk to another entity, such as an insurance company. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 QUESTION 112 Which of the following pairings uses technology to enforce access control policies? A. B. C. D.

Preventive/Administrative Preventive/Technical Preventive/Physical Detective/Administrative

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: CISSP

Controls are implemented to mitigate risk and reduce the potential for loss. Controls can be preventive, detective, or corrective. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; corrective controls are used to restore systems that are victims of harmful attacks. Technical controls are the software tools used to restrict subjects’ access to objects. They are core components of operating systems, add-on security packages, applications, network hardware devices, protocols, encryption mechanisms, and access control matrices. These controls work at different layers within a network or system and need to maintain a synergistic relationship to ensure there is no unauthorized access to resources and that the resources’ availability, integrity, and confidentiality are guaranteed. Technical controls protect the integrity and availability of resources by limiting the number of subjects that can access them and protecting the confidentiality of resources by preventing disclosure to unauthorized subjects. Incorrect Answers: A: Administrative controls are commonly referred to as “soft controls” because they are more managementoriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Administrative controls do not use technology to enforce access control policies. C: Physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Physical controls do not use technology to enforce access control policies. D: Detective controls are established to discover harmful occurrences after they have happened. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Detective controls and administrative controls do not use technology to enforce access control policies. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28, 245 QUESTION 113 Which type of risk assessment is the formula ALE = ARO x SLE used for? A. B. C. D.

Quantitative Analysis Qualitative Analysis Objective Analysis Expected Loss Analysis

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. The most commonly used equations used in quantitative risk analysis are the single loss expectancy (SLE) and the annual loss expectancy (ALE). The SLE is a dollar amount that is assigned to a single event that represents the company’s potential loss amount if a specific threat were to take place. The annualized rate of occurrence (ARO) is the value that represents the estimated frequency of a specific threat taking place within a 12-month timeframe. Incorrect Answers: B: Qualitative risk analysis quantifies the risk rather than assigning a monetary value to the impact of a risk. It does not use the ALE = ARO x SLE formula. C: Objective Analysis is not one of the defined risk assessment methods and does not use the ALE = ARO x SLE formula. D: Expected Loss Analysis is not one of the defined risk assessment methods. Expected loss is calculated using the quantitative risk analysis method.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 114 Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users? A. B. C. D.

Confidentiality Integrity Availability Accuracy

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. We can keep data ‘confidential’ by providing access to information only to authorized and intended users. Incorrect Answers: B: Integrity ensures that data is unaltered. It does not restrict access to information only to authorized and intended users. C: Availability ensures reliability and timely access to data and resources to authorized individuals. It does not restrict access to information only to authorized and intended users. D: Accuracy is not one of the three CIA/AIC attributes (Confidentiality, Integrity, Availability) and does not restrict access to information only to authorized and intended users. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 22-23 QUESTION 115 You are a manager for a large international bank and periodically move employees between positions in your department. What is this process called? A. B. C. D.

Job Rotation Separation of Duties Mandatory Vacation Dual Control

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Job rotation ensures that more than one person fulfills the tasks of one position within the company, over time. It, therefore, provides backup and redundancy if a person leaves the company or is absent. Incorrect Answers: B: Separation of Duties is a preventive administrative control that is used to make sure one person is unable to carry out a critical task alone. C: Mandatory Vacation is when employees in sensitive areas are forced to take their vacations, allowing other CISSP

individuals to fill their positions for the purpose of detecting any fraudulent errors or activities. D: Dual Control is a variation of Separation of Duties. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 126-127 QUESTION 116 Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. B. C. D.

DSS is aimed at solving highly structured problems. DSS emphasizes flexibility in the decision making approach of users. DSS supports only structured decision-making tasks. DSS combines the use of models with non-traditional data access and retrieval functions.

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: A Decision Support System (DSS) is a computer-based information system that supports business or organizational decision-making activities. DSSs serve the management, operations, and planning levels of an organization (usually mid and higher management) and help people make decisions about problems that may be rapidly changing and not easily specified in advance - i.e. Unstructured and Semi-Structured decision problems. DSS emphasizes flexibility and adaptability to accommodate changes in the environment and the decision making approach of the user. DSS tends to be aimed at the less well structured, underspecified problem that upper level managers typically face. DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions. DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions. Incorrect Answers: A: DSS is aimed at solving unstructured and semi-structured decision problems, not highly structured problems. C: DSS does not support only structured decision-making tasks; it supports unstructured and semi-structured decision-making tasks. D: DSS attempts to combine the use of models or analytic techniques with traditional (not non-traditional) data access and retrieval functions. References: https://en.wikipedia.org/wiki/Decision_support_system QUESTION 117 Which of the following is covered under Crime Insurance Policy Coverage? A. B. C. D.

Inscribed, printed and Written documents Manuscripts Accounts Receivable Money and Securities

Correct Answer: D Section: Security and Risk Management Explanation

CISSP

Explanation/Reference: Explanation: Crime Insurance policy protects organizations from loss of money, securities, or inventory resulting from crime. Incorrect Answers: A: Crime Insurance Policy does not protect Inscribed, printed and written documents. You would need Valuable paper insurance for that. B: Crime Insurance Policy does not protect manuscripts. You would need Valuable paper insurance for that. C: Crime Insurance Policy does not protect business records such as Accounts Receivable. You would need Valuable paper insurance for that. References: http://www.insurecast.com/html/crime_insurance.asp QUESTION 118 It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. B. C. D.

security administrator security analyst systems auditor systems programmer

Correct Answer: D Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems. Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organization’s change management control system. Because the security administrator’s job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities. Incorrect Answers: A: The security administrator needs to access the software on systems implementing security to perform his job function. B: The security analyst needs to access the software on systems implementing security to perform his job function. C: The systems auditor needs to access the software on systems implementing security to perform his job function. QUESTION 119 The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? A. B. C. D.

Clipping level Acceptance level Forgiveness level Logging level

CISSP

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The correct answer is "clipping level". This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. In order to limit the amount of audit information flagged and reported by automated violation analysis and reporting mechanisms, clipping levels can be set. Using clipping levels refers to setting allowable thresholds on a reported activity. For example, a clipping level of three can be set for reporting failed log-on attempts at a workstation. Thus, three or fewer log-on attempts by an individual at a workstation will not be reported as a violation, thus eliminating the need for reviewing normal log-on entry errors. Incorrect Answers: B: Acceptance level is not the correct term for the number of violations that will be accepted or forgiven before a violation record is produced. C: Forgiveness level is not the correct term for the number of violations that will be accepted or forgiven before a violation record is produced. D: Logging level is a term used to describe what types of events are logged. It is not the correct term for the number of violations that will be accepted or forgiven before a violation record is produced. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 50 QUESTION 120 Which of the following ensures that security is NOT breached when a system crash or other system failure occurs? A. B. C. D.

Trusted recovery Hot swappable Redundancy Secure boot

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Trusted recovery ensures that security is not breached when a system crash or other system failure (sometimes called a “discontinuity”) occurs. It must ensure that the system is restarted without compromising its required protection scheme, and that it can recover and rollback without being compromised after the failure. Trusted recovery is required only for B3 and A1 level systems. A system failure represents a serious security risk because the security controls may be bypassed when the system is not functioning normally. For example, if a system crashes while sensitive data is being written to a disk (where it would normally be protected by controls), the data may be left unprotected in memory and may be accessible by unauthorized personnel. Trusted recovery has two primary activities — preparing for a system failure and recovering the system. Incorrect Answers: B: Hot swappable refers to computer components that can be swapped while the computer is running. This is not what is described in the question. C: Redundancy refers to multiple instances of computer or network components to ensure that the system can remain online in the event of a component failure. This is not what is described in the question. D: Secure Boot refers to a security standard that ensures that a computer boots using only software that is trusted. This is not what is described in the question.

CISSP

References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 310 QUESTION 121 Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system's life cycle? A. B. C. D.

Life cycle assurance Operational assurance Covert timing assurance Covert storage assurance

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The Orange Book defines two types of assurance — operational assurance and life cycle assurance. Life cycle assurance ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system’s life cycle. Configuration management, which carefully monitors and protects all changes to a system’s resources, is a type of life cycle assurance. The life cycle assurance requirements specified in the Orange Book are as follows: Security testing Design specification and testing Configuration management Trusted distribution Incorrect Answers: B: Operational assurance focuses on the basic features and architecture of a system. An example of an operational assurance would be a feature that separates a security-sensitive code from a user code in a system’s memory. Operational assurance is not what is described in the question. C: Covert timing assurance is not one of the two defined types of assurance. D: Covert storage assurance is not one of the two defined types of assurance. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, pp. 305-306 QUESTION 122 What is the MAIN objective of proper separation of duties? A. B. C. D.

To prevent employees from disclosing sensitive information. To ensure access controls are in place. To ensure that no single individual can compromise a system. To ensure that audit trails are not tampered with.

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way. High-risk activities should be broken up into different parts and distributed to different individuals or departments. That way, the company does not need to put a dangerously high level of trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where CISSP

employees work at several jobs in a business, performing each job for a relatively short period of time. Incorrect Answers: A: Separation of duties does not prevent employees from disclosing sensitive information. B: Separation of duties does not ensure access controls are in place. D: Separation of duties does not ensure that audit trails are not tampered with. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1235-1236 QUESTION 123 This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. B. C. D.

Checkpoint level Ceiling level Clipping level Threshold level

Correct Answer: C Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of such data. To make a violation listing effective, a clipping level must be established. The clipping level establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. This solution is particularly effective for small- to mediumsized installations. Organizations with large-scale computing facilities often track all violations and use statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times). If the number of violations being tracked becomes unmanageable, the first step in correcting the problems should be to analyze why the condition has occurred. Do users understand how they are to interact with the computer resource? Are the rules too difficult to follow? Violation tracking and analysis can be valuable tools in assisting an organization to develop thorough but useable controls. Once these are in place and records are produced that accurately reflect serious violations, tracking and analysis become the first line of defense. With this procedure, intrusions are discovered before major damage occurs and sometimes early enough to catch the perpetrator. In addition, business protection and preservation are strengthened. Incorrect Answers: A: Checkpoint level is not the correct term for the baseline described in the question. B: Ceiling level is not the correct term for the baseline described in the question. D: Threshold level is not the correct term for the baseline described in the question. QUESTION 124 In order to enable users to perform tasks and duties without having to go through extra steps, it is important that the security controls and mechanisms that are in place have a degree of? A. B. C. D.

Complexity Non-transparency Transparency Simplicity

Correct Answer: C CISSP

Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The security controls and mechanisms that are in place must have a degree of transparency. This enables the user to perform tasks and duties without having to go through extra steps because of the presence of the security controls. Transparency also does not let the user know too much about the controls, which helps prevent him from figuring out how to circumvent them. If the controls are too obvious, an attacker can figure out how to compromise them more easily. Security (more specifically, the implementation of most security controls) has long been a sore point with users who are subject to security controls. Historically, security controls have been very intrusive to users, forcing them to interrupt their work flow and remember arcane codes or processes (like long passwords or access codes), and have generally been seen as an obstacle to getting work done. In recent years, much work has been done to remove that stigma of security controls as a detractor from the work process adding nothing but time and money. When developing access control, the system must be as transparent as possible to the end user. The users should be required to interact with the system as little as possible, and the process around using the control should be engineered so as to involve little effort on the part of the user. For example, requiring a user to swipe an access card through a reader is an effective way to ensure a person is authorized to enter a room. However, implementing a technology (such as RFID) that will automatically scan the badge as the user approaches the door is more transparent to the user and will do less to impede the movement of personnel in a busy area. In another example, asking a user to understand what applications and data sets will be required when requesting a system ID and then specifically requesting access to those resources may allow for a great deal of granularity when provisioning access, but it can hardly be seen as transparent. A more transparent process would be for the access provisioning system to have a role-based structure, where the user would simply specify the role he or she has in the organization and the system would know the specific resources that user needs to access based on that role. This requires less work and interaction on the part of the user and will lead to more accurate and secure access control decisions because access will be based on predefined need, not user preference. When developing and implementing an access control system special care should be taken to ensure that the control is as transparent to the end user as possible and interrupts his work flow as little as possible. Incorrect Answers: A: The complexity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps. B: Non-transparent security controls do not enable users to perform tasks and duties without having to go through extra steps; this would be the opposite in that it would require the extra steps. D: The simplicity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1239-1240 QUESTION 125 Which of the following rules is LEAST likely to support the concept of least privilege? A. B. C. D.

The number of administrative accounts should be kept to a minimum. Administrators should use regular accounts when performing routine operations like reading mail. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. Only data to and from critical systems and applications should be allowed through the firewall.

Correct Answer: D Section: Security and Risk Management Explanation

CISSP

Explanation/Reference: Explanation: Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall. Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this. Incorrect Answers: A: The number of administrative accounts should be kept to a minimum: this is good practice and supports the concept of least privilege. B: Administrators should use regular accounts when performing routine operations like reading mail: this is good practice and supports the concept of least privilege. C: Permissions on tools that are likely to be used by hackers should be as restrictive as possible: this is good practice and supports the concept of least privilege. QUESTION 126 Complete the following sentence. A message can be encrypted, which provides: A. B. C. D.

Confidentiality Non-Repudiation Authentication Integrity

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Confidentiality ensures that a message can only be read by the intended recipient. Encrypting a message provides confidentiality. Different steps and algorithms provide different types of security services: A message can be encrypted, which provides confidentiality. A message can be hashed, which provides integrity A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity Incorrect Answers: B: A digital signature is required to provide non-repudiation for a message. Encryption alone does not provide non-repudiation. C: A digital signature is required to provide authentication for a message. Encryption alone does not provide authentication. D: A hash is required to provide integrity for a message. Encryption alone does not provide integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 829-830 QUESTION 127 A message can be encrypted and digitally signed, which provides: A. B. C. D.

Confidentiality, Authentication, Non-repudiation, and Integrity. Confidentiality and Authentication Confidentiality and Non-repudiation Confidentiality and Integrity.

CISSP

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Confidentiality ensures that a message can only be read by the intended recipient. Encrypting a message provides confidentiality. A digital signature provides Authentication, Non-repudiation, and Integrity. The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. Different steps and algorithms provide different types of security services: A message can be encrypted, which provides confidentiality. A message can be hashed, which provides integrity A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity Incorrect Answers: B: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Authentication. C: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Non-repudiation. D: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 829-830 Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 151 QUESTION 128 There are basic goals of Cryptography. Which of the following most benefits from the process of encryption? A. B. C. D.

Confidentiality Authentication Integrity Non-Repudiation

Correct Answer: A Section: Security and Risk Management Explanation Explanation/Reference: Explanation: Confidentiality makes sure that the required level of secrecy is applied at each junction of data processing and prevents unauthorized disclosure. Encrypting data as it is stored and transmitted, enforcing strict access control and data classification, and teaching employees on the correct data protection procedures are ways in which Confidentiality can be provided. Incorrect Answers: B: Authentication refers to the verification of the identity of a user who is requesting the use of a system and/or access to network resources. C: Integrity is upheld by providing assurance of the accuracy and reliability of information and systems and

CISSP

preventing any unauthorized modification. D: Non-Repudiation makes sure that a sender is unable to deny sending a message. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 23-25, 162, 398 QUESTION 129 If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated: A. B. C. D.

Based on the value of item on the date of loss Based on new, comparable, or identical item for old regardless of condition of lost item Based on value of item one month before the loss Based on the value listed on the Ebay auction web site

Correct Answer: B Section: Security and Risk Management Explanation Explanation/Reference: Explanation: The term replacement value refers to the amount that an entity would have to pay to replace an asset at the present time, according to its current worth. The replacement value coverage is designed so the policyholder will not have to spend more money to get a similar new item. For example: when a television is covered by a replacement cost value policy, the cost of a similar television which can be purchased today determines the compensation amount for that item. Incorrect Answers: A: The Replacement Cost Value is not the value of the item on the data of loss. The value on the date of loss is called Actual Cash value. C: The Replacement Cost Value is not the value of the item one month ago. Replacement Cost Valuation is the cost to replace the damaged item. D: Replacement Cost Valuation has no reference to any value on Ebay. Replacement Cost Valuation is the cost to replace the damaged item. References: https://en.wikipedia.org/wiki/Replacement_value QUESTION 130 In Mandatory Access Control, sensitivity labels attached to objects contain what information? A. B. C. D.

The item's classification The item's classification and category set The item's category The items' need to know

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc.) and a category (which is essentially an indication of the management level, department or project to which the object is available). Similarly, each user account on the system also has classification and category properties from the same set of properties applied to the resource objects. When a user attempts to access a resource under Mandatory CISSP

Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. If the user's credentials match the MAC security label properties of the object access is allowed. It is important to note that both the classification and categories must match. A user with top secret classification, for example, cannot access a resource if they are not also a member of one of the required categories for that object. Incorrect Answers: A: In Mandatory Access Control, the sensitivity labels attached to objects contain a category set as well as the item's classification. C: In Mandatory Access Control, the sensitivity labels attached to objects contain the item's classification as well as a category. D: An item’s need to know is not something that is included in the sensitivity label. The categories portion of the label is used to enforce need-to-know rules. References: http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control QUESTION 131 The Orange Book describes four hierarchical levels to categorize security systems. Which of the following levels require mandatory protection? A. B. C. D.

A and B. B and C. A, B, and C. B and D.

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Level B is the lowest level that requires mandatory protection. Level A, being a higher level also requires mandatory protection. Incorrect Answers: B: Mandatory protection is not required for level C. Level C is Discretionary protection. C: Mandatory protection is not required for level C. Level C is Discretionary protection. D: Mandatory protection is not required for level D. Level D is Minimal security. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393 QUESTION 132 What mechanism does a system use to compare the security labels of a subject and an object? A. Validation Module.

CISSP

B. Reference Monitor. C. Clearance Check. D. Security Module. Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The reference monitor is an abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification. For a system to achieve a higher level of trust, it must require subjects (programs, users, processes) to be fully authorized prior to accessing an object (file, program, resource). A subject must not be allowed to use a requested resource until the subject has proven it has been granted access privileges to use the requested object. The reference monitor is an access control concept, not an actual physical component, which is why it is normally referred to as the “reference monitor concept” or an “abstract machine.” Incorrect Answers: A: A Validation Module is not what the system uses to compare the security labels of a subject and an object. C: A Clearance Check is not what the system uses to compare the security labels of a subject and an object. D: A Security Module is not what the system uses to compare the security labels of a subject and an object. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 362 QUESTION 133 What are the components of an object's sensitivity label? A. B. C. D.

A Classification Set and a single Compartment. A single classification and a single compartment. A Classification Set and user credentials. A single classification and a Compartment Set.

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: An object's sensitivity label contains one classification and multiple categories which represent compartments of information within a system. When the MAC model is being used, every subject and object must have a sensitivity label, also called a security label. It contains a classification and different categories. The classification indicates the sensitivity level, and the categories enforce need-to-know rules. The classifications follow a hierarchical structure, with one level being more trusted than another. However, the categories do not follow a hierarchical scheme, because they represent compartments of information within a system. The categories can correspond to departments (UN, Information Warfare, Treasury), projects (CRM, AirportSecurity, 2011Budget), or management levels. In a military environment, the classifications could be top secret, secret, confidential, and unclassified. Each classification is more trusted than the one below it. A commercial organization might use confidential, proprietary, corporate, and sensitive. The definition of the classification is up to the organization and should make sense for the environment in which it is used. Incorrect Answers: A: An object's sensitivity label contains a single classification, not a classification set and multiple categories (compartments), not a single compartment. B: An object's sensitivity label contains multiple categories (compartments), not a single compartment. C: An object's sensitivity label contains a single classification, not a classification set. Furthermore, an object's

CISSP

sensitivity label does not contain user credentials. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 223 QUESTION 134 What does it mean to say that sensitivity labels are "incomparable"? A. B. C. D.

The number of classifications in the two labels is different. Neither label contains all the classifications of the other. the number of categories in the two labels are different. Neither label contains all the categories of the other.

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Sensitivity labels are "incomparable" with neither label contains all the categories of the other. Comparability: The label: “TOP SECRET [VENUS ALPHA]” is higher than either than either of the following labels: “SECRET [VENUS ALPHA]” or “TOP SECRET [VENUS]” or “TOP SECRET [ALPHA]” However, you cannot say that the label “TOP SECRET [VENUS]” is higher than the label: “TOP SECRET [ALPHA]” because the categories are different. Because neither label contains all the categories of the other, the labels cannot be compared; they are said to be incomparable. In this case, you would be denied access. Incorrect Answers: A: A sensitivity label can only have one classification. B: Sensitivity labels are "incomparable" with neither label contains all the ‘categories’, not the classifications of the other. C: The number of categories in the two labels being different does not necessarily mean they are incomparable. They can still be comparable as long as the label with more categories contains all the categories of the other. QUESTION 135 As per the Orange Book, what are two types of system assurance? A. B. C. D.

Operational Assurance and Architectural Assurance. Design Assurance and Implementation Assurance. Architectural Assurance and Implementation Assurance. Operational Assurance and Life-Cycle Assurance.

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: When products are evaluated for the level of trust and assurance they provide, many times operational assurance and life-cycle assurance are part of the evaluation process. Operational assurance concentrates on the product’s architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product. Examples of operational assurances examined in the evaluation process are access control mechanisms, the separation of privileged and user program code, auditing and monitoring capabilities, covert channel analysis, and trusted recovery when the product experiences unexpected circumstances.

CISSP

Life-cycle assurance pertains to how the product was developed and maintained. Each stage of the product’s life cycle has standards and expectations it must fulfill before it can be deemed a highly trusted product. Examples of life-cycle assurance standards are design specifications, clipping-level configurations, unit and integration testing, configuration management, and trusted distribution. Vendors looking to achieve one of the higher security ratings for their products will have each of these issues evaluated and tested. Incorrect Answers: A: Architectural Assurance is not one of the two types of system assurance defined in the Orange Book. B: Design Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book. C: Architectural Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1240 QUESTION 136 Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD? A. B. C. D.

Probabilistic Oriented Deviation Classification

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Oriented is not a KDD approach. The following are three approaches used in KDD systems to uncover these patterns: Classification - Data are grouped together according to shared similarities. Probabilistic - Data interdependencies are identified and probabilities are applied to their relationships. Statistical - Identifies relationships between data elements and uses rule discovery. Another fourth data mining technique is deviation detection: find the record(s) that is (are) the most different from the other records, i.e., find all outliers. These may be thrown away as noise or may be the “interesting” ones. Incorrect Answers: A: Probabilistic is a KDD approach where data interdependencies are identified and probabilities are applied to their relationships. C: deviation detection is a KDD approach where the records that are the most different from the other records, i.e., find all outliers, are found. D: Classification is a KDD approach which identifies relationships between data elements and uses rule discovery. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1368 https://en.wikipedia.org/wiki/Data_mining QUESTION 137 Whose role is it to assign classification level to information? A. Security Administrator CISSP

B. User C. Owner D. Auditor Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. Incorrect Answers: A: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. It is not the role of the security administrator to assign classification level to information. B: The user is any individual who routinely uses the data for work-related tasks. It is not the role of the user to assign classification level to information. D: The auditor ensures that the correct controls are in place and are being maintained securely. It is not the role of the auditor to assign classification level to information. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 121-125 QUESTION 138 Which of the following would be the BEST criterion to consider in determining the classification of an information asset? A. B. C. D.

Value Age Useful life Personal association

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The ‘value’ of an information asset should be used to classify the information asset. The rationale behind assigning values to different types of data is that it enables a company to gauge the amount of funds and resources that should go toward protecting each type of data, because not all data has the same value to a company. After identifying all important information, it should be properly classified. A company has a lot of information that is created and maintained. The reason to classify data is to organize it according to its sensitivity to loss, disclosure, or unavailability. Once data is segmented according to its sensitivity level, the company can decide what security controls are necessary to protect different types of data. This ensures that information assets receive the appropriate level of protection, and classifications indicate the priority of that security protection. Incorrect Answers:

CISSP

B: The age of an information asset is not the best criterion to consider in determining the classification of the information asset. C: The useful life of an information asset is not the best criterion to consider in determining the classification of the information asset. D: The personal association of an information asset is not the best criterion to consider in determining the classification of the information asset. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 109 QUESTION 139 You have been tasked to develop an effective information classification program. Which one of the following steps should be performed FIRST? A. B. C. D.

Establish procedures for periodically reviewing the classification and ownership Specify the security controls required for each classification level Identify the data custodian who will be responsible for maintaining the security level of data Specify the criteria that will determine how data is classified

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: The following outlines the first three necessary steps for a proper classification program: 1. Define classification levels. 2. Specify the criteria that will determine how data are classified. 3. Identify data owners who will be responsible for classifying data Steps 4-10 omitted. Incorrect Answers: A: Establishing procedures for periodically reviewing the classification and ownership is not one of the first steps in the classification program. It is one of the last steps (step 8 out of 10). B: Specifying the security controls required for each classification level is not one of the first steps in the classification program. It is step 5 out of 10. C: Identifying the responsible data custodian level is not one of the first steps in the classification program. It is step 4 out of 10. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 114 QUESTION 140 What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? A. B. C. D.

Object Reuse Covert Channel Security domain Data Transfer

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information CISSP

flow that is not controlled by a security mechanism. Incorrect Answers: A: Object reuse does not refer to transfer of security classification of different levels. Object Reuse is related to data remanence. Data remanence is the residual physical representation of information that was saved and then erased in some fashion. This remanence may be enough to enable the data to be reconstructed and restored to a readable form. This can pose a security threat to a company that thinks it has properly erased confidential data from its media. If the media is reassigned (object reuse), then an unauthorized individual could gain access to your sensitive data. C: A security domain is the determining factor in the classification of an enclave of servers/computers and is not related to security classification of data D: A Data transfers is just the transfer of information through a transmission media. At this level of abstraction security is not addressed. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 378 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 253-254 QUESTION 141 According to private sector data classification levels, how would salary levels and medical information be classified? A. B. C. D.

Public. Internal Use Only. Restricted. Confidential.

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Data such as salary levels and medical information would be classified as confidential according to private sector data classification levels. The following shows the common levels of sensitivity from the highest to the lowest for commercial business (public sector): Confidential Private Sensitive Public Incorrect Answers: A: Salary levels and medical information are confidential data which would not fall under the Public classification. B: Internal Use Only is not typically used as classification level in the private sector. Internal Use Only falls under the Confidential classification. C: Restricted is not used as classification level in the private sector; it is more commonly used in military or governmental classifications. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 111 QUESTION 142 What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels?

CISSP

A. B. C. D.

Object Reuse Covert Channel Security domain Data Transfer

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the system’s security policy. The channel to transfer this unauthorized data is the result of one of the following conditions: Improper oversight in the development of the product Improper implementation of access controls within the software Existence of a shared resource between the two entities which are not properly controlled Incorrect Answers: A: Object reuse is where media is given to someone without first deleting any existing data. This is not what is described in the question. C: The term security describes a logical structure (domain) where resources are working under the same security policy and managed by the same group. This is not what is described in the question. D: Data transfer describes all types and methods of transferring data whether it is authorized or not. It does not describe the specific type of transfer in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 378 QUESTION 143 Which of the following is given the responsibility of the maintenance and protection of the data? A. B. C. D.

Data owner Data custodian User Security administrator

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the company’s security policy, standards, and guidelines that pertain to information security and data protection. Incorrect Answers: A: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner is not is given the responsibility of the maintenance and protection of the data. C: The user is any individual who routinely uses the data for work-related tasks. The user is not given the responsibility of the maintenance and protection of the data. CISSP

D: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. The security administrator is not is given the responsibility of the maintenance and protection of the data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 122 QUESTION 144 In discretionary access environments, which of the following entities is authorized to grant information access to other people? A. B. C. D.

Manager Group Leader Security Manager Data Owner

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. Incorrect Answers: A: While the data owner is usually a member of management, this is not always the case. Therefore, the person authorized to grant information access to other people is not always the manager so this answer is incorrect. B: A Group Leader is not the person authorized to grant information access to other people (unless the group leader is also the data owner). C: The role of Security Manager does not give you the authority to grant information access to other people. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121 QUESTION 145 Who is ultimately responsible for the security of computer based information systems within an organization? A. B. C. D.

The tech support team The Operation Team. The management team. The training team.

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: The data owner (information owner) is usually a member of management who is in charge of a specific CISSP

business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. And the data owner will deal with security violations pertaining to the data she is responsible for protecting. The data owner, who obviously has enough on her plate, delegates responsibility of the day-to-day maintenance of the data protection mechanisms to the data custodian. Incorrect Answers: A: The tech support team often performs the role of data custodian which includes the day-to-day maintenance of the data protection mechanisms. However, the tech support team is not ultimately responsible for the security of the computer based information systems. B: The Operation team is not responsible for the security of the computer based information systems. D: The training team is not responsible for the security of the computer based information systems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121 QUESTION 146 Which of the following embodies all the detailed actions that personnel are required to follow? A. B. C. D.

Standards Guidelines Procedures Baselines

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can apply to users, IT staff, operations staff, security members, and others who may need to carry out specific tasks. Many organizations have written procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues. Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. Incorrect Answers: A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They do not contain all the detailed actions that personnel are required to follow. B: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They do not contain all the detailed actions that personnel are required to follow. D: A Baseline is the minimum level of security necessary to support and enforce a security policy. It does not contain all the detailed actions that personnel are required to follow. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107

CISSP

QUESTION 147 Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level? A. B. C. D.

System Auditor Data or Information Owner System Manager Data or Information user

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The data or information owner is ultimately responsible for the protection of the information and can decide what security controls would be required to protect the Databased on the sensitivity and criticality of the data. Incorrect Answers: A: The auditor is responsible for ensuring that the correct controls are in place and are being maintained securely, and that the organization complies with its own policies and the applicable laws and regulations. C: The system manager is responsible for managing and maintaining a system, and ensuring that the system operates as expected. The system manager is not responsible for determining which security measures should be implemented. D: The user is an individual who uses the data for work-related tasks. The user must have the necessary level of access to the data to perform the duties within their position. The user is not responsible for determining which security measures should be implemented. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 114, 121-122, 125 QUESTION 148 Which of the following is NOT a responsibility of an information (data) owner? A. B. C. D.

Determine what level of classification the information requires. Periodically review the classification assignments against business needs. Delegate the responsibility of data protection to data custodians. Running regular backups and periodically testing the validity of the backup data.

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: The data owner defines the backup requirements. However, the data owner does not run the backups. This is performed by the data custodian. The data owner is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data CISSP

from backup media; retaining records of activity; and fulfilling the requirements specified in the company’s security policy, standards, and guidelines that pertain to information security and data protection. Incorrect Answers: A: Determining what level of classification the information requires is the responsibility of the data owner. B: Periodically reviewing the classification assignments against business needs is the responsibility of the data owner. C: Delegating the responsibility of data protection to data custodians is the responsibility of the data owner. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121 QUESTION 149 In regards to information classification what is the main responsibility of information (data) owner? A. B. C. D.

determining the data sensitivity or classification level running regular data backups audit the data users periodically check the validity and accuracy of the data

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. Incorrect Answers: B: Running regular data backups is the job of the data custodian, not the data owner. C: It is not the job of the data owner to audit the data users. D: Periodically checking the validity and accuracy of the data is the job of the data custodian, not the data owner. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121 QUESTION 150 The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as: A. B. C. D.

Integrity Accountability Assurance Availability

Correct Answer: C Section: Asset Security Explanation

CISSP

Explanation/Reference: Explanation: In a trusted system, all protection mechanisms work together to process sensitive data for many types of uses, and will provide the necessary level of protection per classification level. Assurance looks at the same issues but in more depth and detail. Systems that provide higher levels of assurance have been tested extensively and have had their designs thoroughly inspected, their development stages reviewed, and their technical specifications and test plans evaluated. In the Trusted Computer System Evaluation Criteria (TCSEC), commonly known as the Orange Book, the lower assurance level ratings look at a system’s protection mechanisms and testing results to produce an assurance rating, but the higher assurance level ratings look more at the system design, specifications, development procedures, supporting documentation, and testing results. The protection mechanisms in the higher assurance level systems may not necessarily be much different from those in the lower assurance level systems, but the way they were designed and built is under much more scrutiny. With this extra scrutiny comes higher levels of assurance of the trust that can be put into a system. Incorrect Answers: A: Integrity ensures that data is unaltered. This is not what is described in the question. B: Accountability is a security principle indicating that individuals must be identifiable and must be held responsible for their actions. This is not what is described in the question. D: Availability ensures reliability and timely access to data and resources to authorized individuals. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 390-391 QUESTION 151 The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect? A. There must be a way for a person to find out what information about them exists and how it is used. B. There must be a personal data record-keeping system whose very existence shall be kept secret. C. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent. D. Any organization creating, maintaining, using, or disseminating records of personal identifiable information must ensure reliability of the data for their intended use and must make precautions to prevent misuses of that data. Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Fair Information Practice was first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). T Fair Information Practice does not state that there the personal data recordkeeping system must be secret. Incorrect Answers: A: HEW Fair Information Practices include that there should be mechanisms for individuals to review data about them, to ensure accuracy. C: HEW Fair Information Practices include For all data collected there should be a stated purpose Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual D: HEW Fair Information Practices include Records kept on an individual should be accurate and up to date Data should be deleted when it is no longer needed for the stated purpose References:

CISSP

https://en.wikipedia.org/wiki/Information_privacy_law QUESTION 152 Who should DECIDE how a company should approach security and what security measures should be implemented? A. B. C. D.

Senior management Data owner Auditor The information security specialist

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Computers and the information processed on them usually have a direct relationship with a company’s critical missions and objectives. Because of this level of importance, senior management should make protecting these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible. For a company’s security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent. Incorrect Answers: B: The data owner can grant access to the data. However, the data owner should not decide how a company should approach security and what security measures should be implemented. C: Systems Auditors ensure the appropriate security controls are in place. However, they should not decide how a company should approach security and what security measures should be implemented. D: The information security specialist may be the ones who implement the security measures. However, they should not decide how a company should approach security and what security measures should be implemented. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 101 QUESTION 153 The US-EU Safe Harbor process has been created to address which of the following? A. B. C. D.

Integrity of data transferred between U.S. and European companies Confidentiality of data transferred between U.S and European companies Protection of personal data transferred between U.S and European companies Confidentiality of data transferred between European and international companies

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: US-EU Safe Harbor process relates to privacy, that is protection of personal data. The Safe Harbor is a construct that outlines how U.S.-based companies can comply with the EU privacy. The Safe Harbor Privacy Principles states that if a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes Incorrect Answers: CISSP

A: The US-EU Safe Harbor process does not relate to the integrity of the data. It concerns the privacy of the data. B: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data. D: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 992 QUESTION 154 What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. B. C. D.

Level 1/Class 1 Level 2/Class 2 Level 3/Class 3 Level 4/Class 4

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Users can obtain certificates with various levels of assurance. Level 1/Class 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if you send an email to that name or email address. Class 2/Level 2 verify a user’s name, address, social security number, and other information against a credit bureau database. Class 3/Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate. Incorrect Answers: A: Level 1/Class 1 certificates verify electronic mail addresses. They do not verify a user's name, address, social security number, and other information against a credit bureau database. C: Level 3/Class 3 certificates provide photo identification to accompany the other items of information provided by a level 2 certificate. They do not verify a user's name, address, social security number, and other information against a credit bureau database. D: Level 4/Class 4 certificates do not verify a user's name, address, social security number, and other information against a credit bureau database. QUESTION 155 According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) there is a requirement to “protect stored cardholder data.” Which of the following items cannot be stored by the merchant? A. B. C. D.

Primary Account Number Cardholder Name Expiration Date The Card Validation Code (CVV2)

Correct Answer: D Section: Asset Security CISSP

Explanation Explanation/Reference: Explanation: Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to “protect stored cardholder data.” The public assumes merchants and financial institutions will protect data on payment cards to thwart theft and prevent unauthorized use. Requirement 3 applies only if cardholder data is stored. Merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves. For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data. To prevent unauthorized storage, only council certified PIN entry devices and payment applications may be used. PCI DSS compliance is enforced by the major payment card brands who established the PCI DSS and the PCI Security Standards Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS Requirement 3 It details technical guidelines for protecting stored cardholder data. Merchants should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal, and/or regulatory purposes. Sensitive authentication data must never be stored after authorization – even if this data is encrypted. Never store full contents of any track from the card’s magnetic stripe or chip (referred to as full track, track, track 1, track 2, or magnetic stripe data). If required for business purposes, the cardholder’s name, PAN, expiration date, and service code may be stored as long as they are protected in accordance with PCI DSS requirements. Never store the card-validation code (CVV) or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not-present transactions). Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is displayed. The first six and last four digits are the maximum number of digits that may be displayed. This requirement does not apply to those authorized with a specific need to see the full PAN, nor does it supersede stricter requirements in place for displays of cardholder data such as in a point-of-sale receipt. Incorrect Answers: A: The Primary Account Number can be stored by the merchant according to the PCI Data Storage Guidelines. B: The Cardholder Name can be stored by the merchant according to the PCI Data Storage Guidelines. C: The Expiration Date can be stored by the merchant according to the PCI Data Storage Guidelines. References: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf QUESTION 156 Which of the following is NOT a proper component of Media Viability Controls? A. B. C. D.

Storage Writing Handling Marking

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Writing is not a component of media viability controls. Media viability controls are implemented to preserve the proper working state of the media, particularly to facilitate the timely and accurate restoration of the system after a failure. Many physical controls should be used to protect the viability of the data storage media. The goal is to protect the media from damage during handling and transportation, or during short-term or long-term storage. Proper CISSP

marking and labeling of the media is required in the event of a system recovery process: Marking. All data storage media should be accurately marked or labeled. The labels can be used to identify media with special handling instructions, or to log serial numbers or bar codes for retrieval during a system recovery. Handling. Proper handling of the media is important. Some issues with the handling of media include cleanliness of the media and the protection from physical damage to the media during transportation to the archive sites. Storage. Storage of the media is very important for both security and environmental reasons. A proper heatand humidity-free, clean storage environment should be provided for the media. Data media is sensitive to temperature, liquids, magnetism, smoke, and dust. Incorrect Answers: A: Storage is a media viability control used to protect the viability of data storage media. C: Handling is a media viability control used to protect the viability of data storage media. D: Marking is a media viability control used to protect the viability of data storage media. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 324 QUESTION 157 Degaussing is used to clear data from all of the following media except: A. B. C. D.

Floppy Disks Read-Only Media Video Tapes Magnetic Hard Disks

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Atoms and Data Shon Harris says: "A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). " Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal. Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, "read-only media" includes items such as paper printouts and CDROM which do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them. Not all clearing/ purging methods are applicable to all media— for example, optical media is not susceptible to degaussing, and overwriting may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards. Incorrect Answers: A: Floppy Disks can be erased by degaussing. C: Video Tapes can be erased by degaussing. D: Magnetic Hard Disks can be erased by degaussing.

CISSP

References: http://www.degausser.co.uk/degauss/degabout.htm http://www.degaussing.net/ http://www.cerberussystems.com/INFOSEC/stds/ncsctg25.htm QUESTION 158 What is the main issue with media reuse? A. B. C. D.

Degaussing Data remanence Media destruction Purging

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The main issue with media reuse is data remanence, where residual information still resides on the media. Data Remanence is the problem of residual information remaining on the media after erasure, which may be subject to restoration by another user, thereby resulting in a loss of confidentiality. Diskettes, hard drives, tapes, and any magnetic or writable media are susceptible to data remanence. Retrieving the bits and pieces of data that have not been thoroughly removed from storage media is a common method of computer forensics, and is often used by law enforcement personnel to preserve evidence and to construct a trail of misuse. Anytime a storage medium is reused (and also when it is discarded), there is the potential for the media’s information to be retrieved. Methods must be employed to properly destroy the existing data to ensure that no residual data is available to new users. The “Orange Book” standard recommends that magnetic media be formatted seven times before discard or reuse. Incorrect Answers: A: Degaussing is a method used to ensure that there is no residual data left on the media. This is not the main issue with media reuse. C: Media destruction as the name suggests is the destruction of media. This is not the main issue with media reuse. D: Purging is another method used to ensure that there is no residual data left on the media. This is not the main issue with media reuse. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 477 QUESTION 159 Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? A. B. C. D.

Degaussing Parity Bit Manipulation Zeroization Buffer overflow

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: A "Degausser (Otherwise known as a Bulk Eraser) has the main function of reducing to near zero the magnetic CISSP

flux stored in the magnetized medium. Flux density is measured in Gauss or Tesla. The operation is speedier than overwriting and done in one short operation. This is achieved by subjecting the subject in bulk to a series of fields of alternating polarity and gradually decreasing strength. Incorrect Answers: B: Parity has to do with disk error detection, not data removal. A bit or series of bits appended to a character or block of characters to ensure that the information received is the same as the information that was sent. C: Zeroization involves overwriting data to sanitize it. There is a drawback to this method. During normal write operations with magnetic media, the head of the drive moves back-and-forth across the media as data is written. The track of the head does not usually follow the exact path each time. The result is a miniscule amount of data remanence with each pass. With specialized equipment, it is possible to read data that has been overwritten. Degaussing is more effective than overwriting the sectors. D: This is a detractor. Although many Operating Systems use a disk buffer to temporarily hold data read from disk, its primary purpose has no connection to data removal. An overflow goes outside the constraints defined for the buffer and is a method used by an attacker to attempt access to a system. QUESTION 160 Which of the following is NOT a media viability control used to protect the viability of data storage media? A. B. C. D.

clearing marking handling storage

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Clearing is not an example of a media viability control used to protect the viability of data storage media. Media viability controls are implemented to preserve the proper working state of the media, particularly to facilitate the timely and accurate restoration of the system after a failure. Many physical controls should be used to protect the viability of the data storage media. The goal is to protect the media from damage during handling and transportation, or during short-term or long-term storage. Proper marking and labeling of the media is required in the event of a system recovery process: Marking. All data storage media should be accurately marked or labeled. The labels can be used to identify media with special handling instructions, or to log serial numbers or bar codes for retrieval during a system recovery. Handling. Proper handling of the media is important. Some issues with the handling of media include cleanliness of the media and the protection from physical damage to the media during transportation to the archive sites. Storage. Storage of the media is very important for both security and environmental reasons. A proper heatand humidity-free, clean storage environment should be provided for the media. Data media is sensitive to temperature, liquids, magnetism, smoke, and dust. Incorrect Answers: B: Marking is a media viability control used to protect the viability of data storage media. C: Handling is a media viability control used to protect the viability of data storage media. D: Storage is a media viability control used to protect the viability of data storage media. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 324 QUESTION 161 An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:

CISSP

A. B. C. D.

a magnetic field. a degausser. magnetic remanence. magnetic saturation.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). Incorrect Answers: A: A magnetic field is not the electrical device described in the question. C: Magnetic remanence is not the electrical device described in the question. D: Magnetic saturation is not the electrical device described in the question. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 1282 QUESTION 162 What is the most secure way to dispose of information on a CD-ROM? A. B. C. D.

Sanitizing Physical damage Degaussing Physical destruction

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: The information stored on a CDROM is not in electro-magnetic format, so a degausser would be ineffective. The only way to dispose of information on a CD-ROM is to physically destroy the CD-ROM. Incorrect Answers: A: You cannot sanitize read-only media such as a CDROM. B: Physical damage is not the MOST secure way to dispose of information on a CD-ROM. Data could still be recovered from the undamaged part of the CD-ROM. Only complete destruction of the CD-ROM will suffice. C: Degaussing does not work on read-only media such as a CDROM. QUESTION 163 Which of the following refers to the data left on the media after the media has been erased? A. B. C. D.

remanence recovery sticky bits semi-hidden

CISSP

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Data Remanence is the problem of residual information remaining on the media after erasure, which may be subject to restoration by another user, thereby resulting in a loss of confidentiality. Diskettes, hard drives, tapes, and any magnetic or writable media are susceptible to data remanence. Retrieving the bits and pieces of data that have not been thoroughly removed from storage media is a common method of computer forensics, and is often used by law enforcement personnel to preserve evidence and to construct a trail of misuse. Anytime a storage medium is reused (and also when it is discarded), there is the potential for the media’s information to be retrieved. Methods must be employed to properly destroy the existing data to ensure that no residual data is available to new users. The “Orange Book” standard recommends that magnetic media be formatted seven times before discard or reuse. Incorrect Answers: B: Recovery is not the term that refers to the data left on the media after the media has been erased. C: Sticky bits is not the term that refers to the data left on the media after the media has been erased. D: Semi-hidden is not the term that refers to the data left on the media after the media has been erased. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 477 QUESTION 164 What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. B. C. D.

Data fiddling Data diddling Salami techniques Trojan horses

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. In this case, the employee has been shaving off pennies from multiple accounts in the hope that no one notices. Shaving pennies from an account is the small crime in this example. However, the cumulative effect of the multiple ‘small crimes’ is that a larger amount of money is stolen in total. Incorrect Answers: A: Data fiddling is not a defined attack type. The term could refer to entering incorrect data in a similar way to data diddling. However, it is not the term used to describe a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account. B: Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customer’s loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. This is not what is described in the question. D: A Trojan Horse is a program that is disguised as another program. This is not what is described in the question.

CISSP

References: S Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059 QUESTION 165 Which of the following logical access exposures involvers changing data before, or as it is entered into the computer? A. B. C. D.

Data diddling Salami techniques Trojan horses Viruses

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customer’s loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed. Incorrect Answers: B: Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. This is not what is described in the question. C: A Trojan Horse is a program that is disguised as another program. This is not what is described in the question. D: A Virus is a small application or a string of code that infects applications. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059 QUESTION 166 When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack. Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide CISSP

different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing, and destruction. There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS. Incorrect Answers: A: It is not true that clearing completely erases the media or that purging only removes file headers, allowing the recovery of files. C: Clearing does not involve rewriting the media. D: It is not true that clearing renders information unrecoverable against a laboratory attack or purging renders information unrecoverable to a keyboard attack. QUESTION 167 Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media? A. B. C. D.

Degaussing Overwrite every sector of magnetic media with pattern of 1's and 0's Format magnetic media Delete File allocation table

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Degaussing is the most effective method out of all the provided choices to erase sensitive data on magnetic media. A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). Simply deleting files or formatting the media does not actually remove the information. File deletion and media formatting often simply remove the pointers to the information. Specialized hardware devices known as degaussers can be used to erase data saved to magnetic media. The measure of the amount of energy needed to reduce the magnetic field on the media to zero is known as coercivity. It is important to make sure that the coercivity of the degausser is of sufficient strength to meet object reuse requirements when erasing data. If a degausser is used with insufficient coercivity, then a remanence of the data will exist. Remanence is the measure of the existing magnetic field on the media; it is the residue that remains after an object is degaussed or written over. Data is still recoverable even when the remanence is small. While data remanence exists, there is no assurance of safe object reuse. Some degaussers can destroy drives. The security professional should exercise caution when recommending or using degaussers on media for reuse. Incorrect Answers: B: Software tools also exist that can provide object reuse assurance. These tools overwrite every sector of magnetic media with a random or predetermined bit pattern. Overwrite methods are effective for all forms of electronic media with the exception of read-only optical media. There is a drawback to using overwrite software. During normal write operations with magnetic media, the head of the drive moves back-and-forth across the

CISSP

media as data is written. The track of the head does not usually follow the exact path each time. The result is a miniscule amount of data remanence with each pass. With specialized equipment, it is possible to read data that has been overwritten. Degaussing is more effective than overwriting the sectors. C: Simply deleting files or formatting the media does not actually remove the information. File deletion and media formatting often simply removes the pointers to the information. D: Deleting the File allocation table will not erase all data. The data can be recoverable using software tools. QUESTION 168 Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. B. C. D.

SSH (Secure Shell) S/MIME (Secure MIME) SET (Secure Electronic Transaction) SSL (Secure Sockets Layer)

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method. SET is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet. The following entities would be involved with a SET transaction, which would require each of them to upgrade their software, and possibly their hardware: Issuer (cardholder’s bank) The financial institution that provides a credit card to the individual. Cardholder The individual authorized to use a credit card. Merchant The entity providing goods. Acquirer (merchant’s bank) The financial institution that processes payment cards. Payment gateway This processes the merchant payment. It may be an acquirer. Incorrect Answers: A: SSH is a network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods. This is not what is described in the question. B: S/MIME stands for Secure/Multipurpose Internet Mail Extensions, which outlines how public key cryptography can be used to secure MIME data types. This is not what is described in the question. D: SSL (Secure Sockets Layer) is most commonly used to Internet connections and e-commerce transactions. It is used instead of SET but is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 856 QUESTION 169 In Mandatory Access Control, sensitivity labels attached to object contain what information? A. B. C. D.

The item's classification The item's classification and category set The item's category The item's need to know

Correct Answer: B Section: Asset Security CISSP

Explanation Explanation/Reference: Explanation: A sensitivity label is required for every subject and object when using the Mandatory Access Control (MAC) model. The sensitivity label is made up of a classification and different categories. Incorrect Answers: A: The item's classification on its own is incorrect. It has to have a category as well. C: The item's category on its own is incorrect. It has to have a classification as well. D: Need-to-know rules are applied by the categories section of the label. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 223 http://en.wikipedia.org/wiki/Mandatory_Access_Control QUESTION 170 Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect? A. Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected. B. Individuals have the right to correct errors contained in their personal data. C. Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited. D. Records kept on an individual should be accurate and up to date. Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: EU’s Data Protection Data Integrity states that Data must be relevant and reliable for the purpose it was collected for. Incorrect Answers: B: EU’s Data Protection Directive includes the access directive which states that individuals must be able to access information held about them, and correct or delete it if it is inaccurate. C: EU’s Data Protection Directive includes the Onward Transfer directive which states that transfers of data to third parties may only occur to other organizations that follow adequate data protection principles. D: EU’s Data Protection Directive includes the Data Integrity directive which states that Data must be relevant and reliable for the purpose it was collected for. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1064-1065 QUESTION 171 Who should DECIDE how a company should approach security and what security measures should be implemented? A. B. C. D.

Senior management Data owner Auditor The information security specialist

Correct Answer: A Section: Asset Security CISSP

Explanation Explanation/Reference: Explanation: Computers and the information processed on them usually have a direct relationship with a company’s critical missions and objectives. Because of this level of importance, senior management should make protecting these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible. For a company’s security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent. Incorrect Answers: B: The data owner can grant access to the data. However, the data owner should not decide how a company should approach security and what security measures should be implemented. C: Systems Auditors ensure the appropriate security controls are in place. However, they should not decide how a company should approach security and what security measures should be implemented. D: The information security specialist may be the ones who implement the security measures. However, they should not decide how a company should approach security and what security measures should be implemented. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 101 QUESTION 172 The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: A. B. C. D.

Confidentiality, Integrity, and Entity (C.I.E.). Confidentiality, Integrity, and Authenticity (C.I.A.). Confidentiality, Integrity, and Availability (C.I.A.). Confidentiality, Integrity, and Liability (C.I.L.).

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Fundamental Principles of Security which are to provide confidentiality, availability, and integrity, and Confidentiality (the CIA triad). Incorrect Answers: A: The three tenets do not include Entity. B: The three tenets do not include Authenticity. D: The three tenets do not include Liability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 22 QUESTION 173 Controlling access to information systems and associated networks is necessary for the preservation of their: A. B. C. D.

Authenticity, confidentiality and availability Confidentiality, integrity, and availability. Integrity and availability. Authenticity, confidentiality, integrity and availability.

CISSP

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Information security is made up of the following main attributes: Availability - Prevention of loss of, or loss of access to, data and resources Integrity - Prevention of unauthorized modification of data and resources Confidentiality - Prevention of unauthorized disclosure of data and resources Incorrect Answers: A: Authenticity is an attribute that stems from the three main attributes. C: Information security is made up of three main attributes, which includes confidentiality. D: Authenticity is an attribute that stems from the three main attributes. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 298, 299 QUESTION 174 What security model is dependent on security labels? A. B. C. D.

Discretionary access control Label-based access control Mandatory access control Non-discretionary access control

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc.) and a category (which is essentially an indication of the management level, department or project to which the object is available). Similarly, each user account on the system also has classification and category properties from the same set of properties applied to the resource objects. When a user attempts to access a resource under Mandatory Access Control the operating system checks the user's classification and categories and compares them to the properties of the object's security label. If the user's credentials match the MAC security label properties of the object access is allowed. It is important to note that both the classification and categories must match. A user with top secret classification, for example, cannot access a resource if they are not also a member of one of the required categories for that object. Incorrect Answers: A: Discretionary access control is not dependent on security labels. B: Label-based access control is not one of the defined access control types. D: Non-discretionary access control is not dependent on security labels. References: http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control QUESTION 175 At which temperature does damage start occurring to magnetic media? A. 100 degrees Fahrenheit or 37.7 degrees Celsius B. 125 degrees Fahrenheit or 51.66 degrees Celsius

CISSP

C. 150 degrees Fahrenheit or 65.5 degrees Celsius D. 175 degrees Fahrenheit or 79.4 degrees Celsius Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down. Damage can start to occur on magnetic media at 100 degrees Fahrenheit or 37'7º Celsius. Incorrect Answers: B: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 125 degrees Fahrenheit. Therefore, this answer is incorrect. C: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 150 degrees Fahrenheit. Therefore, this answer is incorrect. D: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 175 degrees Fahrenheit. Damage can start to occur in computer systems and peripheral devices at 175 degrees Fahrenheit. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 466 QUESTION 176 Which of the following access control models requires defining classification for objects? A. B. C. D.

Role-based access control Discretionary access control Identity-based access control Mandatory access control

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. Incorrect Answers: A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. B: Access in a DAC model is restricted based on the authorization granted to the users. C: Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 177 In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

CISSP

A. B. C. D.

Bell-LaPadula model Biba model Access Matrix model Take-Grant model

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’s classification and then specific rules are applied to control how subject-toobject interactions can take place. This model uses subjects, objects, access operations (read, write, and read/write), and security levels. Subjects and objects can reside at different security levels and will have relationships and rules dictating the acceptable activities between them. Incorrect Answers: B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. This is not what is described in the question. C: An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. This is not what is described in the question. D: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 229 QUESTION 178 Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? A. B. C. D.

B A C D

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal protection

CISSP

Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Level B: Mandatory Protection: Mandatory access control is enforced by the use of security labels. The architecture is based on the Bell-LaPadula security model, and evidence of reference monitor enforcement must be available. Incorrect Answers: B: Level A is defined as verified protection, not mandatory protection. C: Level C is defined as discretionary protection, not mandatory protection. D: Level D is defined as minimal security, not mandatory protection. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 395 QUESTION 179 Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? A. B. C. D.

C B A D

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal protection Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Level C: Discretionary Protection: The C rating category has two individual assurance ratings within it. The higher the number of the assurance rating, the greater the protection. Incorrect Answers: B: Level B is defined as mandatory protection, not discretionary protection. C: Level A is defined as verified protection, not discretionary protection. D: Level D is defined as minimal security, not discretionary protection. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 394 QUESTION 180 Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? A. Division D B. Division C C. Division B

CISSP

D. Division A Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal protection Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Division D: Minimal Protection: There is only one class in Division D. It is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions. Incorrect Answers: B: Level C is defined as discretionary protection, not minimal protection. C: Level B is defined as mandatory protection, not minimal protection. D: Level A is defined as verified protection, not mandatory minimal. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 395 QUESTION 181 Which of the following establishes the minimal national standards for certifying and accrediting national security systems? A. B. C. D.

NIACAP DIACAP HIPAA TCSEC

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: National Information Assurance Certification and Accreditation Process (NIACAP), establishes the minimum national standards for certifying and accrediting national security systems. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of a system or site. This process focuses on an enterprisewide view of the information system (IS) in relation to the organization’s mission and the IS business case. Incorrect Answers: B: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question. C: HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare

CISSP

information and help the healthcare industry control administrative costs. This is not what is described in the question. D: Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. This is not what is described in the question. References: http://infohost.nmt.edu/~sfs/Regs/nstissi_1000.pdf QUESTION 182 Which of the following places the Orange Book classifications in order from MOST secure to LEAST secure? A. B. C. D.

A, B, C, D D, C, B, A D, B, A, C C, D, B, A

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Incorrect Answers: B: Classification A represents the highest level of assurance, and D represents the lowest level of assurance. C: Classification A represents the highest level of assurance, and D represents the lowest level of assurance. D: Classification A represents the highest level of assurance, and D represents the lowest level of assurance. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393 QUESTION 183 What would BEST define a covert channel? A. An undocumented backdoor that has been left by a programmer in an operating system B. An open system port that should be closed. C. A communication channel that allows transfer of information in a manner that violates the system's security policy. D. A Trojan horse. Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: CISSP

A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. This type of information path was not developed for communication; thus, the system does not properly protect this path, because the developers never envisioned information being passed in this way. Receiving information in this manner clearly violates the system’s security policy. The channel to transfer this unauthorized data is the result of one of the following conditions: Improper oversight in the development of the product Improper implementation of access controls within the software Existence of a shared resource between the two entities which are not properly controlled Incorrect Answers: A: An undocumented backdoor that has been left by a programmer in an operating system could be used in a covert channel. However, this is not the BEST definition of a covert channel. B: An open system port that should be closed could be used in a covert channel. However, an open port is not the definition of a covert channel. D: A Trojan horse could be used in a covert channel. However, a Trojan horse is not the definition of a covert channel. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 378-379 QUESTION 184 Which of the following Orange Book ratings represents the highest level of trust? A. B. C. D.

B1 B2 F6 C2

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. The classes with higher numbers offer a greater degree of trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1. Incorrect Answers: A: B1 has a lower level of trust than B2. C: F6 is not a valid rating. D: Division C has a lower level of trust than division B. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393 QUESTION 185

CISSP

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. B. C. D.

A D E F

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. There is only one class in Division D. It is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions. Incorrect Answers: A: Division A is the highest level. C: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not E. D: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not F. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393 QUESTION 186 Which division of the Orange Book deals with discretionary protection (need-to-know)? A. B. C. D.

D C B A

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book. TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels: CISSP

A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security C1: Discretionary Security Protection: Discretionary access control is based on individuals and/or groups. It requires a separation of users and information, and identification and authentication of individual entities. Some type of access control is necessary so users can ensure their data will not be accessed and corrupted by others. The system architecture must supply a protected execution domain so privileged system processes are not adversely affected by lower-privileged processes. There must be specific ways of validating the system’s operational integrity. The documentation requirements include design documentation, which shows that the system was built to include protection mechanisms, test documentation (test plan and results), a facility manual (so companies know how to install and configure the system correctly), and user manuals. Incorrect Answers: A: Division C, not D deals with discretionary protection. C: Division C, not B deals with discretionary protection. D: Division C, not A deals with discretionary protection. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-394 QUESTION 187 Which of the following computer crime is MORE often associated with INSIDERS? A. B. C. D.

IP spoofing Password sniffing Data diddling Denial of service (DoS)

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customer’s loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20. This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed. Incorrect Answers: A: IP Spoofing attacks are more commonly performed by outsiders. B: Password sniffing can be performed by insiders or outsiders. However, Data Diddling is MORE commonly performed by insiders. D: Most Denial of service attacks occur over the internet and are performed by outsiders. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059 QUESTION 188 Which of the following groups represents the leading source of computer crime losses?

CISSP

A. B. C. D.

Hackers Industrial saboteurs Foreign intelligence officers Employees

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Employees represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services. Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands. Incorrect Answers: A: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by employees. B: Losses caused by industrial saboteurs can be high. However, this is very rare in comparison to losses caused by employees. C: Foreign intelligence officers are not a cause of computer crime losses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 457 QUESTION 189 Which of the following term BEST describes a weakness that could potentially be exploited? A. B. C. D.

Vulnerability Risk Threat Target of evaluation (TOE)

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: A vulnerability is the absence of a countermeasure or a weakness in an in-place countermeasure, and can therefore be exploited. Incorrect Answers: B: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. C: A threat is any potential danger that is associated with the exploitation of a vulnerability. D: Target Of Evaluation (TOE) refers to the product or system that is the subject of the evaluation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 26 https://en.wikipedia.org/wiki/Common_Criteria QUESTION 190 Which of the following BEST describes an exploit? A. An intentional hidden message or feature in an object such as a piece of software or a movie.

CISSP

B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software. C. An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. D. A condition where a program (either an application or part of the operating system) stops performing its expected function and also stops responding to other parts of the system. Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: An exploit refers to a piece of software or data, or a sequence of commands that takes advantage of a bug or vulnerability with the aim of causing unplanned or unexpected behavior to take place on computerized hardware, or its software. Incorrect Answers: A: An intentional hidden message, in-joke, or feature in a work such as a computer program, web page, video game, movie, book, or crossword is known as a virtual Easter egg. C: The anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer is known as buffer overflow. D: In computing, a condition where a program (either an application or part of the operating system) stops performing its expected function and also stops responding to other parts of the system is known as a crash. References: https://en.wikipedia.org/wiki/Exploit_%28computer_security%29 https://www.quora.com/topic/Easter-Eggs-media https://en.wikipedia.org/wiki/Buffer_overflow http://www.article-buzz.com/Article/Avoiding-Data-Loss---A-Guide-To-The-Best-Online-Data-StorageWebsites/328757#.Vjc757crKHu QUESTION 191 Virus scanning and content inspection of S/MIME encrypted e-mail without doing any further processing is: A. B. C. D.

Not possible Only possible with key recovery scheme of all user keys It is possible only if X509 Version 3 certificates are used It is possible only by "brute force" decryption

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: E-mail encryption solutions such as S/MIME have been available for a long time. These encryption solutions have seen varying degrees of adoption in organizations of different types. However, such solutions present some challenges: Inability to apply messaging policies: Organizations also face compliance requirements that require inspection of messaging content to make sure it adheres to messaging policies. However, messages encrypted with most client-based encryption solutions, including S/MIME, prevent content inspection on the server. Without content inspection, an organization can't validate that all messages sent or received by its users comply with messaging policies. Decreased security: Antivirus software is unable to scan encrypted message content, further exposing an organization to risk from malicious content such as viruses and worms. Encrypted messages are generally considered to be trusted by most users, thereby increasing the likelihood of a virus spreading throughout your organization. CISSP

Incorrect Answers: B: Virus scanning and content inspection of SMIME encrypted e-mail is not possible even with a key recovery scheme of all user keys. C: Virus scanning and content inspection of SMIME encrypted e-mail is not possible even if X509 Version 3 certificates are used. D: Using "brute force" decryption on SMIME encrypted e-mail for the purpose of virus scanning and content inspection is not practical and unlikely to be successful. References: https://technet.microsoft.com/en-us/library/dd638122(v=exchg.150).aspx QUESTION 192 What can be defined as secret communications where the very existence of the message is hidden? A. B. C. D.

Clustering Steganography Cryptology Vernam cipher

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Only the sender and receiver are supposed to be able to see the message because it is secretly hidden in a graphic, wave file, document, or other type of media. The message is not encrypted, just hidden. Encrypted messages can draw attention because it tells the bad guy, “This is something sensitive.” A message hidden in a picture of your grandmother would not attract this type of attention, even though the same secret message can be embedded into this image. Steganography is a type of security through obscurity. Incorrect Answers: A: Clustering describes multiple instances of a component working together as a single unit. This is not what is described in the question. C: Cryptology is the study of cryptography and cryptanalysis. This is not what is described in the question. D: Vernam cipher is another name for one-time pad because one-time pad was invented by Gilbert Vernam. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 774-775 QUESTION 193 Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. B. C. D.

Steganography ADS - Alternate Data Streams Encryption NTFS ADS

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: CISSP

Explanation: Steganography allows you to hide data in another media type, concealing the very existence of the data. Incorrect Answers: B, D: Alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that includes metadata for locating a specific file by author or title. C: Encryption is a method of transforming readable data into a form that appears to be random and unreadable. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 774 http://searchsecurity.techtarget.com/definition/alternate-data-stream QUESTION 194 Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. B. C. D.

Steganography Digital watermarking Digital enveloping Digital signature

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Digital watermarking is defined as “Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data -- text, graphics, images, video, or audio -- and for detecting or extracting the marks later.” A "digital watermark", i.e., the set of embedded bits, is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. Depending on the particular technique that is used, digital watermarking can assist in proving ownership, controlling duplication, tracing distribution, ensuring data integrity, and performing other functions to protect intellectual property rights. Incorrect Answers: A: Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Digital Watermarking is considered to be a type of steganography. However, steganography is not what is described in the question. C: A digital envelope is another term used to describe hybrid cryptography where a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. This is not what is described in the question. D: A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. This is not what is described in the question. References: http://tools.ietf.org/html/rfc4949 QUESTION 195 What is Dumpster Diving? A. Going through dust bin B. Running through another person's garbage for discarded document, information and other various items that could be used against that person or company C. Performing media analysis D. performing forensics on the deleted items Correct Answer: B CISSP

Section: Asset Security Explanation Explanation/Reference: Explanation: Dumpster diving refers to the concept of rummaging through a company or individual’s garbage for discarded documents, information, and other precious items that could then be used in an attack against that company or person. Incorrect Answers: A: Dumpster Diving is more specific than going through dust bins. C: Dumpster Diving does not refer to media analysis. D: Dumpster Diving does not refer to forensics on deleted items. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1060 QUESTION 196 The control of communications test equipment should be clearly addressed by security policy for which of the following reasons? A. B. C. D.

Test equipment is easily damaged. Test equipment can be used to browse information passing on a network. Test equipment is difficult to replace if lost or stolen. Test equipment must always be available for the maintenance personnel.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A Protocol Analyzer (also known as a packet sniffer) is a useful tool for testing or troubleshooting network communications. A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. The ability to browse information passing on a network is a security risk which means access to a protocol analyzer should be carefully managed and therefore addressed by security policy. Incorrect Answers: A: Damage to test equipment is not a ‘security’ risk so does not need to be addressed by security policy. C: Test equipment is generally not difficult to replace if lost or stolen. Even if it was, that would not constitute a ‘security’ risk so it would not need to be addressed by security policy. D: The need for test equipment to always be available for the maintenance personnel would not constitute a ‘security’ risk so it would not need to be addressed by security policy. QUESTION 197 Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited? A. B. C. D.

A threat. A vulnerability. A risk. An exposure.

Correct Answer: B

CISSP

Section: Asset Security Explanation Explanation/Reference: Explanation: A vulnerability is defined as “the absence or weakness of a safeguard that could be exploited”. A vulnerability is a lack of a countermeasure or a weakness in a countermeasure that is in place. It can be a software, hardware, procedural, or human weakness that can be exploited. A vulnerability may be a service running on a server, unpatched applications or operating systems, an unrestricted wireless access point, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations. Incorrect Answers: A: A threat is any potential danger that is associated with the exploitation of a vulnerability. C: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. D: An exposure is an instance of being exposed to losses. A vulnerability exposes an organization to possible damages. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 198 Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A. B. C. D.

A risk. A residual risk. An exposure. A countermeasure.

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an unintentional mistake that may destroy data. If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late. Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact. Incorrect Answers: B: Residual risk is the risk that remains after countermeasures have been implemented. C: An exposure is an instance of being exposed to losses. A vulnerability exposes an organization to possible damages. D: A countermeasure is a step taken to mitigate a risk. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 199 Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel

CISSP

D. Equipment failure Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Personnel represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services. Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands. Incorrect Answers: A: Losses caused by industrial outside espionage can be high. However, this is very rare in comparison to losses caused by personnel. B: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by personnel. D: Equipment failure can be a cause of security issues. However, security issues caused by personnel are more common. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 457 QUESTION 200 Passwords can be required to change monthly, quarterly, or at other intervals: A. B. C. D.

depending on the criticality of the information needing protection. depending on the criticality of the information needing protection and the password's frequency of use. depending on the password's frequency of use. not depending on the criticality of the information needing protection but depending on the password's frequency of use.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A password that is the same for each log-on is called a static password. A password that changes with each log-on is termed a dynamic password. The changing of passwords can also fall between these two extremes. Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password’s frequency of use. Obviously, the more times a password is used, the more chance there is of it being compromised. Incorrect Answers: A: This answer is not complete. Passwords can also be required to change depending on the password's frequency of use. C: This answer is not complete. Passwords can also be required to change depending on the criticality of the information needing protection. D: Passwords CAN be required to change depending on the criticality of the information needing protection. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 57 QUESTION 201

CISSP

Computer security should be first and foremost which of the following? A. B. C. D.

Cover all identified risks Be cost-effective. Be examined in both monetary and non-monetary terms. Be proportionate to the value of IT systems.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Each organization is different in its size, security posture, threat profile, and security budget. One organization may have one individual responsible for information risk management (IRM) or a team that works in a coordinated manner. The overall goal of the team is to ensure the company is protected in the most costeffective manner. Incorrect Answers: A: Not all identified risks are mitigated. Some risks are accepted. C: It is not true that computer security should be first and foremost examined in both monetary and nonmonetary terms. D: It is not true that computer security should be first and foremost proportionate to the value of IT systems. The value of IT systems does not necessarily mean that more or less security is required. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 87 QUESTION 202 IT security measures should: A. B. C. D.

be complex. be tailored to meet organizational security goals. make sure that every asset of the organization is well protected. not be developed in a layered fashion.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The National Institute of Standards and Technology (NIST) defines 33 IT Security principles. Principle 8 states: “Implement tailored system security measures to meet organizational security goals.” In general, IT security measures are tailored according to an organization’s unique needs. While numerous factors, such as the overriding mission requirements, and guidance, are to be considered, the fundamental issue is the protection of the mission or business from IT security-related, negative impacts. Because IT security needs are not uniform, system designers and security practitioners should consider the level of trust when connecting to other external networks and internal sub-domains. Recognizing the uniqueness of each system allows a layered security strategy to be used – implementing lower assurance solutions with lower costs to protect less critical systems and higher assurance solutions only at the most critical areas. Incorrect Answers: A: According to the NIST IT security principles, IT security measures should strive for simplicity not be complex. C: According to the NIST IT security principles, you should not implement unnecessary security mechanisms. Protecting ‘every’ asset may be unnecessary. D: According to the NIST IT security principles, IT security measures should be developed in a layered fashion. CISSP

References: http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf, p.10 QUESTION 203 The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)? A. B. C. D.

Threat Exposure Vulnerability Risk

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: A vulnerability is defined as “the absence or weakness of a safeguard that could be exploited”. A vulnerability is a lack of a countermeasure or a weakness in a countermeasure that is in place. It can be a software, hardware, procedural, or human weakness that can be exploited. A vulnerability may be a service running on a server, unpatched applications or operating systems, an unrestricted wireless access point, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations. Incorrect Answers: A: A threat is any potential danger that is associated with the exploitation of a vulnerability. B: An exposure is an instance of being exposed to losses. A vulnerability exposes an organization to possible damages. D: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 204 What can be defined as an event that could cause harm to the information systems? A. B. C. D.

A risk A threat A vulnerability A weakness

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: A threat is any potential danger that is associated with the exploitation of a vulnerability. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual. The entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information. Incorrect Answers: A: A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. C: A vulnerability is the absence or weakness of a safeguard that could be exploited. CISSP

D: A weakness is the state of something being weak. For example, a weak security measure would be a vulnerability. A weakness is not what is described in this question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 26 QUESTION 205 Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. B. C. D.

Business and functional managers IT Security practitioners System and information owners Chief information officer

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Both the system owner and the information owner (data owner) are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. The system owner is responsible for one or more systems, each of which may hold and process data owned by different data owners. A system owner is responsible for integrating security considerations into application and system purchasing decisions and development projects. The system owner is responsible for ensuring that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on. This role must ensure the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner. The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner approves access requests or may choose to delegate this function to business unit managers. Incorrect Answers: A: Business and functional managers are not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. B: IT Security practitioners implement the security controls. However, they are not ultimately responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. D: The Chief Information Officer (CIO) is responsible for the strategic use and management of information systems and technology within the organization. The CIO is not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 121 QUESTION 206 Which of the following BEST defines add-on security? A. Physical security complementing logical security measures. B. Protection mechanisms implemented as an integral part of an information system. C. Layer security.

CISSP

D. Protection mechanisms implemented after an information system has become operational. Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Add-on security is defined as “Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level.” Incorrect Answers: A: Add-on security can be physical security (hardware) but it is often software as well. B: An add-on is something ‘added’ to an existing system; it is not an integral part of a system. C: Add-on security can be a layer of security. However, layered security does not refer specifically to security add-ons. QUESTION 207 Which of the following is BEST practice to employ in order to reduce the risk of collusion? A. B. C. D.

Least Privilege Job Rotation Separation of Duties Mandatory Vacations

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: The objective of separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way. High-risk activities should be broken up into different parts and distributed to different individuals or departments. That way, the company does not need to put a dangerously high level of trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. By moving people willing to collude to commit fraud, we can reduce the risk of collusion. Incorrect Answers: A: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. It is not the best control for reducing collusion. C: Separation of Duties prevents one person being able to commit fraud. With separation of duties, collusion between two or more people would be required to commit the fraud. However, separation of duties does not prevent the collusion. D: Mandatory vacations are a way of detecting fraud. If a fraudulent activity stops while an employee is on vacation, it is easy to determine who was committing the fraud. Mandatory vacations do not prevent the collusion. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1235-1236 QUESTION 208 What are the four domains that make up CobiT? A. Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate

CISSP

B. Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate C. Acquire and Implement, Deliver and Support, Monitor, and Evaluate D. Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT is broken down into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Incorrect Answers: A: Maintain and Implement is not one of the four domains; it should be Acquire and Implement. B: Support and Purchase is not one of the four domains; it should be Deliver and Support. C: This answer is missing the first domain, Plan and Organize. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 55 QUESTION 209 CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose? A. B. C. D.

COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization COSO main purpose is to define a sound risk management approach within financial companies. COSO addresses corporate culture and policy development. COSO is risk management system used for the protection of federal systems.

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them. There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the Sarbanes–Oxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure. Incorrect Answers: B: It is not the main purpose of COSO to define a sound risk management approach within financial companies. C: It is not the main purpose of COSO to address corporate culture and policy development. D: COSO is not a risk management system used for the protection of federal systems.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 59 QUESTION 210 What are the three MOST important functions that Digital Signatures perform? A. B. C. D.

Integrity, Confidentiality and Authorization Integrity, Authentication and Nonrepudiation Authorization, Authentication and Nonrepudiation Authorization, Detection and Accountability

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Digital Signatures can be used to provide Integrity, Authentication and Nonrepudiation. A digital signature is a hash value that has been encrypted with the sender’s private key. If Kevin wants to ensure that the message he sends to Maureen is not modified and he wants her to be sure it came only from him, he can digitally sign the message. This means that a one-way hashing function would be run on the message, and then Kevin would encrypt that hash value with his private key. When Maureen receives the message, she will perform the hashing function on the message and come up with her own hash value. Then she will decrypt the sent hash value (digital signature) with Kevin’s public key. She then compares the two values, and if they are the same, she can be sure the message was not altered during transmission. She is also sure the message came from Kevin because the value was encrypted with his private key. The hashing function ensures the integrity of the message, and the signing of the hash value provides authentication and nonrepudiation. Incorrect Answers: A: Digital signatures do not provide Confidentiality or Authorization. C: Digital signatures do not provide Authorization. D: Digital signatures do not provide Authorization, Detection or Accountability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 829 QUESTION 211 Which of the following results in the most devastating business interruptions? A. B. C. D.

Loss of Hardware/Software Loss of Data Loss of Communication Links Loss of Applications

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Data loss often lead to business failure. Data loss has the most negative impact on business functions. Incorrect Answers: A: Software can be reinstalled and hardware can replaced, and are therefore less critical compared to loss of data. CISSP

C: Communication links can quite easily put back again, compared to loss of data. D: Loss of applications is Critical as they can be reinstalled. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 957 QUESTION 212 Which one of the following is used to provide authentication and confidentiality for e-mail messages? A. B. C. D.

Digital signature PGP IPSEC AH MD4

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Incorrect Answers: A: Digital signature is used only to ensure the origin, but cannot do any authentication. C: IPSec can provide encryption and authentication, but work on packets not on email messages. D: MD4 is an algorithm used to verify data integrity, but it cannot be used to provide authentication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 850-851 QUESTION 213 Which of the following access control models is based on sensitivity labels? A. B. C. D.

Discretionary access control Mandatory access control Rule-based access control Role-based access control

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Mandatory Access control is considered nondiscretionary and is based on a security label system Incorrect Answers: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. C: Rule-based access control is considered nondiscretionary because the users cannot make access decisions based upon their own discretion. D: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. References:

CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 214 Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity? A. B. C. D.

Discretionary Access Control Mandatory Access Control Sensitive Access Control Role-based Access Control

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. Incorrect Answers: B: Mandatory Access control is considered nondiscretionary and is based on a security label system C: Sensitive access control is not a valid access control. D: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 215 Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks? A. B. C. D.

Monitoring and auditing for such activity Require user authentication Making sure only necessary phone numbers are made public Using completely different numbers for voice and data accesses

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers - malicious hackers who specialize in computer security - for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network. To prevent possible intrusion or damage from wardialing attacks, you should configure the system to require authentication before a network connection can be established. This will ensure that an attacker cannot gain access to the network without knowing a username and password. Incorrect Answers: A: Monitoring wardialing attacks would not prevent an attacker gaining access to the network. It would just tell you that at attack has happened. CISSP

C: Making sure only necessary phone numbers are made public will not protect against intrusion. An attacker would still be able to gain access through one of the ‘necessary’ phone numbers. D: Using completely different numbers for voice and data accesses will not protect against intrusion. An attacker would still be able to gain access through one of the data access phone numbers. References: http://en.wikipedia.org/wiki/War_dialing QUESTION 216 Which of the following access control models introduces user security clearance and data classification? A. B. C. D.

Role-based access control Discretionary access control Non-discretionary access control Mandatory access control

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. Incorrect Answers: A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. B: Access in a DAC model is restricted based on the authorization granted to the users. C: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 http://www.answers.com/Q/What_is_Non_discretionary_access_control QUESTION 217 Kerberos can prevent which one of the following attacks? A. B. C. D.

Tunneling attack. Playback (replay) attack. Destructive attack. Process attack.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: In a Kerberos implementation that is configured to use an authenticator, the user sends to the server her identification information, a timestamp, as well as sequence number encrypted with the session key that they share. The server then decrypts this information and compares it with the identification data the KDC sent to it regarding this requesting user. The server will allow the user access if the data is the same. The timestamp is used to help fight against replay attacks. Incorrect Answers: A: Tunneling attack is not a valid type of attack with regards to Kerberos. CISSP

C: Destructive attack is not a valid type of attack with regards to Kerberos. D: Process attack is not a valid type of attack with regards to Kerberos. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 212 QUESTION 218 Which of the following attacks could capture network user passwords? A. B. C. D.

Data diddling Sniffing IP Spoofing Smurfing

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Password sniffing sniffs network traffic with the hope of capturing passwords being sent between computers. Incorrect Answers: A: Data diddling refers to the alteration of existing data. C: Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication - or causing a system to respond to the wrong address. D: Smurfing would refer to the smurf attack, where an attacker sends spoofed packets to the broadcast address on a gateway in order to cause a denial of service. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 599, 1059, 1060 QUESTION 219 An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n): A. B. C. D.

active attack. outside attack. inside attack. passive attack.

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: An attack by an authorized user is known as an inside attack. An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access. Insiders that perform attacks have a distinct advantage over external attackers because they have authorized system access and also may be familiar with network architecture and system policies/procedures. In addition, there may be less security against insider attacks because many organizations focus on protection from external attacks. An insider attack is also known as an insider threat. Incorrect Answers: A: In an active attack, the attacker attempts to make changes to data on the target or data as it is transmitted to the target. An attack by an authorized user could be an active type of attack but it is not known as an active attack. CISSP

B: An attack by an authorized user is not known as an outside attack. D: In a passive attack, the attacker attempts to learn information but does not affect resources. An attack by an authorized user could be passive in nature but it is not known as a passive attack. References: https://www.techopedia.com/definition/26217/insider-attack QUESTION 220 MOST access violations are: A. B. C. D.

Accidental Caused by internal hackers Caused by external hackers Related to Internet

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: In security circles, people are often the weakest link. Either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel cause more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment failure. A common accidental access violation is a user discovering a feature of an application that they should not be accessing. Incorrect Answers: B: Most access violations are not caused by internal hackers. C: Most access violations are not caused by external hackers. D: Most access violations are not related to Internet. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 129 QUESTION 221 Which of the following tools is less likely to be used by a hacker? A. B. C. D.

l0phtcrack Tripwire OphCrack John the Ripper

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Tripwire is a tool that detects when files have been altered by regularly recalculating hashes of them and storing the hashes in a secure location. The product triggers when changes to the files have been detected. By using cryptographic hashes, tripwire is often able to detect subtle changes. Contrast: The simplistic form of tripwire is to check file size and last modification time. l0phtcrack, OphCrack and John the Ripper are password cracking tools and are therefore more likely to be used by hackers than Tripwire. Incorrect Answers: A: l0phtcrack is used to test password strength and sometimes to recover lost Microsoft Windows passwords, CISSP

by using dictionary, brute-force, hybrid attacks, and rainbow tables. It is more likely to be used by a hacker than Tripwire. C: Ophcrack is a free Windows password cracker based on rainbow tables. It is more likely to be used by a hacker than Tripwire. D: John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. It is more likely to be used by a hacker than Tripwire. References: http://linux.about.com/cs/linux101/g/tripwire.htm QUESTION 222 What refers to legitimate users accessing networked services that would normally be restricted to them? A. B. C. D.

Spoofing Piggybacking Eavesdropping Logon abuse

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Logon abuse refers to legitimate users accessing networked services that would normally be restricted to them. Unlike network intrusion, this type of abuse focuses primarily on those users who may be internal to the network, legitimate users of a different system, or users who have a lower security classification. Incorrect Answers: A: Spoofing refers to an attacker deliberately inducing a user (subject) or device (object) into taking an incorrect action by giving it incorrect information. This is not what is described in the question. B: Piggy-backing refers to an attacker gaining unauthorized access to a system by using a legitimate user’s connection. A user leaves a session open or incorrectly logs off, enabling an attacker to resume the session. This is not what is described in the question. C: Eavesdropping is the unauthorized interception of network traffic. This is not what is described in the question. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 173 QUESTION 223 This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What BEST describes this scenario? A. B. C. D.

Excessive Rights Excessive Access Excessive Permissions Excessive Privileges

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Privilege is a term used to describe what a user can do on a computer or system. It covers rights, access and CISSP

permissions. A user who has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill is said to have ‘excessive privileges’. Incorrect Answers: A: Rights are just one aspect of what a user can do with a computer or system. Access and permissions are other aspects. Privileges cover all three. B: Access is just one aspect of what a user can do with a computer or system. Rights and permissions are other aspects. Privileges cover all three. C: Permissions are just one aspect of what a user can do with a computer or system. Access and rights are other aspects. Privileges cover all three. QUESTION 224 Which answer BEST describes information access permissions where, unless the user is specifically given access to certain data they are denied any access by default? A. B. C. D.

Implicit Deny Explicit Deny Implied Permissions Explicit Permit

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Implicit Deny means that a user is denied access by default. To be given access, the user must (explicitly) be permitted access to the resource. Incorrect Answers: B: Explicit Deny means the user has been denied access to the data. It does not mean the user is denied by default. C: Implied Permissions does not describe information access permissions where, unless the user is specifically given access to certain data they are denied any access by default. D: Explicit Permit means that a user is specifically given access to the data. However, it does not mean that the user is denied by default. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 205 QUESTION 225 Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating? A. B. C. D.

Security administrators Operators Data owners Data custodians

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Typical security administrator functions may include the following: Setting user clearances, initial passwords, and other security characteristics for new users Changing security profiles for existing users CISSP

Setting or changing file sensitivity labels Setting the security characteristics of devices and communications channels Reviewing audit data Incorrect Answers: B: System operators provide day-to-day operations of computer systems. They do not perform the tasks listed in the question. C: Data owners are primarily responsible for determining the data’s sensitivity or classification levels. They can also be responsible for maintaining the information’s accuracy and integrity. They do not perform the tasks listed in the question. D: Data custodians are delegated the responsibility of protecting data by its owner. They do not perform the tasks listed in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 211 QUESTION 226 Which of the following should NOT be performed by an operator? A. B. C. D.

Implementing the initial program load Monitoring execution of the system Data entry Controlling job flow

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel. System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system administrators. If misused, these privileges may be used to circumvent the system’s security policy. As such, use of these privileges should be monitored through audit logs. Incorrect Answers: A: Implementing the initial program load is a function that should be performed by an operator. B: Monitoring execution of the system is a function that should be performed by an operator. D: Controlling job flow is a function that should be performed by an operator. QUESTION 227 Which of the following should be performed by an operator? A. B. C. D.

Changing profiles Approving changes Adding and removal of users Installing system software

Correct Answer: D Section: Asset Security Explanation

CISSP

Explanation/Reference: Explanation: Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment. Incorrect Answers: A: Changing profiles should not be performed by an operator; this should be performed by a security administrator. B: Approving changes should not be performed by an operator; this should be performed by a change control analyst or panel. C: Adding and removal of users should not be performed by an operator; this should be performed by a security administrator. QUESTION 228 Which of the following is NOT appropriate in addressing object reuse? A. B. C. D.

Degaussing magnetic tapes when they're no longer needed. Deleting files on disk before reusing the space. Clearing memory blocks before they are allocated to a program or data. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Object reuse requirements, applying to systems rated TCSEC C2 and above, are used to protect files, memory, and other objects in a trusted system from being accidentally accessed by users who are not authorized to access them. Deleting files on disk before reusing the space does not meet this requirement and is therefore not appropriate in addressing object reuse. Deleting files on disk merely erases file headers in a directory structure. It does not clear data from the disk surface, thus making files still recoverable. All other options involve clearing used space, preventing any unauthorized access. Incorrect Answers: A: Degaussing magnetic tapes when they're no longer needed protects files from unauthorized access by destroying the data on the tapes. This is a valid method of addressing object reuse. C: Clearing memory blocks before they are allocated to a program or data removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse. D: Clearing buffered pages, documents, or screens from the local memory of a terminal or printer removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse. QUESTION 229 If an operating system permits shared resources such as memory to be used sequentially by multiple users/ application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. B. C. D.

Disclosure of residual data. Unauthorized obtaining of a privileged execution state. Data leakage through covert channels. Denial of service through a deadly embrace.

Correct Answer: A Section: Asset Security Explanation CISSP

Explanation/Reference: Explanation: Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data. Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an application or process. Applications and services on a computer system may create or use objects in memory and in storage to perform programmatic functions. In some cases, it is necessary to share these resources between various system applications. However, some objects may be employed by an application to perform privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the data in those objects is not erased after use, they may become available to unauthorized users or processes. Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the user to step on somebody's session if the security token/identify was maintained in that space. This is generally more malicious and intentional than accidental though. The MOST common issue would be Disclosure of residual data. Incorrect Answers: B: Unauthorized obtaining of a privileged execution state is not a problem with Object Reuse. C: A covert channel is a communication path. Data leakage would not be a problem created by Object Reuse. In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Lampson is defined as "(channels) not intended for information transfer at all, such as the service program's effect on system load." to distinguish it from Legitimate channels that are subjected to access controls by COMPUSEC. D: Denial of service through a deadly embrace is not a problem with Object Reuse. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 424 https://www.fas.org/irp/nsa/rainbow/tg018.htm http://en.wikipedia.org/wiki/Covert_channel QUESTION 230 Which of the following categories of hackers poses the greatest threat? A. B. C. D.

Disgruntled employees Student hackers Criminal hackers Corporate spies

Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Employee sabotage can become an issue if an employee is knowledgeable enough about the IT infrastructure of an organization, has sufficient access. Incorrect Answers: B: Student hackers are a lesser threat as a disgruntled employee already has access to the system. C: A disgruntled employee is a larger threat compared to a criminal hacker as the employee already has access to the system. D: A disgruntled employee is a larger threat compared to a corporate spy as the employee already has access to the system. References: CISSP

Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 602 QUESTION 231 Which of the following groups represents the leading source of computer crime losses? A. B. C. D.

Hackers Industrial saboteurs Foreign intelligence officers Employees

Correct Answer: D Section: Asset Security Explanation Explanation/Reference: Explanation: Most computer crimes are not committed by hackers but by trusted employees--programmers, managers, clerks, and consultants--who turn against their employers, using company computers for extortion, theft, and sabotage. Incorrect Answers: A: Hackers commit computer crimes, but employees are the main threat. B: Industrial saboteur is a rare computer crime occurrence. Most often the crime is made by an employee. C: Foreign intelligence officers do commit computer crimes, but it is rare. Most often the crime is made by an employee. References: https://en.wikipedia.org/wiki/Cybercrime QUESTION 232 Which of the following is biggest factor that makes Computer Crimes possible? A. B. C. D.

The fraudster obtaining advanced training & special knowledge. Victim carelessness. Collusion with others in information processing. System design flaws.

Correct Answer: B Section: Asset Security Explanation Explanation/Reference: Explanation: Human-unintentional threats represent the most common source of disasters. Examples of human unintentional threats are primarily those that involve inadvertent errors and omissions, in which the person, through lack of knowledge, laziness, or carelessness, serves as a source of disruption. Incorrect Answers: A: A more knowledgeable fraudster would increase the risk of Computer Crimes, but it is less of a factor compared to human carelessness. C: Collusion makes computer crimes possible, but human carelessness is the main factor. D: System design flaws makes computer crimes possible, but human carelessness is the main factor. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 347

CISSP

QUESTION 233 The typical computer fraudsters are usually persons with which of the following characteristics? A. B. C. D.

They have had previous contact with law enforcement They conspire with others They hold a position of trust They deviate from the accepted norms of society

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: It is easy for people who are placed in position of trust to commit fraud, as they are considered to be trustworthy. Incorrect Answers: A: A fraudster might very well have a clean legal record. This in conjunction with a position of trust make him/ her hard to detect. B: It is most typical that a fraudster conspires with other persons as the fraudster usually acts alone. D: A fraudster can very well follow the accepted norms of society, and this makes him/her harder to detect. References: http://www.justice4you.org/fraud-fraudster.php QUESTION 234 The copyright law ("original works of authorship") protects the right of the owner in all of the following except? A. B. C. D.

The public distribution of the idea Reproduction of the idea The idea itself Display of the idea

Correct Answer: C Section: Asset Security Explanation Explanation/Reference: Explanation: Copyright law does not product the idea itself. Copyright law protects the right of an author to control the public distribution, reproduction, display, and adaptation of his original work. Incorrect Answers: A: Copyright law protects the right of an author to control the public distribution of his original work. B: Copyright law protects the right of an author to control the reproduction of his original work. D: Copyright law protects the right of an author to control the display of his original work. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1000 QUESTION 235 Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack

CISSP

C. Financial attack D. Grudge attack Correct Answer: A Section: Asset Security Explanation Explanation/Reference: Explanation: Competitive intelligence is the action of defining, gathering, analyzing, and distributing intelligence about a business including intelligence on products, customers, competitors, and any aspect of the environment needed to support executives and managers making strategic decisions for an organization. A competitive intelligence attack is therefore best classified as a business attack. Incorrect Answers: B: A competitive intelligence attack concerns intelligence about a business, not just intelligence in general. C: A competitive intelligence attack concerns intelligence about a business as a whole, not just the financial dimension. D: A competitive intelligence is not a grudge attack. It is an attack against a business. References: https://en.wikipedia.org/wiki/Competitive_intelligence QUESTION 236 Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled? Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information are technical controls, not physical controls. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Locks and access control systems are examples of physical controls. Asking about the entry codes of an access control system will help in assessing physical and environmental protection. Therefore, this answer is incorrect. B: Fire suppression and prevention devices are examples of physical controls. Asking if they are installed and working will help in assessing physical and environmental protection. Therefore, this answer is incorrect. D: Physical access to data transmission lines is an example of physical control. Asking if this is physical access is controlled will help in assessing physical and environmental protection. Therefore, this answer is incorrect.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 237 Which of the following would MOST likely ensure that a system development project meets business objectives? A. B. C. D.

Development and tests are run by different individuals User involvement in system specification and acceptance Development of a project plan identifying all development activities Strict deadlines and budgets

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Early in a system development project, there is a requirements gathering phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails. During this phase, the team examines the software’s requirements and proposed functionality, brainstorming sessions take place, and obvious restrictions are reviewed. As end users will be the people using the system, they are most likely to have the most valuable input into the system requirements definition. When the requirements are determined and the system is developed, user testing will ensure the system meets the requirements defined in the early project stages. Incorrect Answers: A: This question is asking for the answer that will MOST likely ensure that a system development project meets business objectives. Tests run by different individuals will provide a better test to ensure system meets the requirements. However, user involvement in system requirements and specification stage will make it more likely that the system is developed to meet the requirements. C: Development of a project plan identifying all development activities will not ensure the system meets business objectives if the initial design of the system is not what is required. D: Strict deadlines and budgets will ensure the project is completed on time and within budget. However, it will have no effect on whether the system meets business objectives. QUESTION 238 In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. B. C. D.

Functional Requirements Phase Testing and evaluation control Acceptance Phase Postinstallation Phase

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Within the SDLC framework Security Accreditation is obtained during the Implementation Phase, more specifically during Testing and evaluation control. Incorrect Answers: A: Security Accreditation is not used during the Functional Requirements Phase. It is used later during the Implementation phase. C: Security Accreditation is not used during the Acceptance Phase. It is used earlier during the Implementation CISSP

phase. D: Security Accreditation is not used during the Postinstallation Phase. It is used earlier during the Implementation phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1088 QUESTION 239 Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. B. C. D.

The project will be completed late. The project will exceed the cost estimates. The project will be incompatible with existing systems. The project will fail to meet business and user needs.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The systems development life cycle (SDLC), also referred to as the application development life-cycle, is a term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system. The systems development life-cycle concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both. The most important stages of the systems development life cycle are the early requirement gathering and design phases. If the system requirements are not correctly determined, the system will not meet the needs of the business and users. A: This question is asking for the MOST serious risk. A project completed late is inconvenient but a system that fails to meet business and user needs is a more serious risk. B: This question is asking for the MOST serious risk. A project that exceeds cost estimates is a pain but a system that fails to meet business and user needs is a more serious risk. C: This question is asking for the MOST serious risk. A project that is incompatible with existing systems is not good but new systems could be deployed. However, a system that fails to meet business and user needs is no good to anyone. References: https://en.wikipedia.org/wiki/Systems_development_life_cycle QUESTION 240 In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. B. C. D.

Initiation Development/acquisition Implementation Operation/maintenance

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: CISSP

The system development life cycle (SDLC) is the process of developing an information system. The SDLC includes the Initiation, Development and Acquisition, Implementation, Operation and Maintenance and Disposal phases. The initiation phase includes determining the system’s goals and feasibility. The systems feasibility includes its system requirements and how well they match with operational processes. The requirements of a contingency plan should be analyzed based on the system’s requirements and design. Incorrect Answers: B: Contingency planning is most important in the initiation phase, not the Development/acquisition phase. It is important to create a contingency plan in the earliest possible stage of a project. C: Contingency planning is most important in the initiation phase, not the Implementation phase. The contingency plan should be created before the system is implemented. D: Contingency planning is most important in the initiation phase, not the operation/maintenance phase. It is important to create a contingency plan in the earliest possible stage of a project, not after the system has been deployed. References: EC-Council, Disaster Recovery, Cengage Learning, Andover, 2010, pp 4-11 QUESTION 241 Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. B. C. D.

Development/acquisition Implementation Operation/Maintenance Initiation

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: In the Operation/maintenance phase the system is used and cared for. Proper authentication of the users and processes must be developed in this phase. Incorrect Answers: A: In the Acquisition/development the new system is either created or purchased. The main concern of this phase is not the authentication of users and processes. B: In the implementation phase the new system is installed into production environment. The main concern of this phase is not the authentication of users and processes. D: In the Initiation phase the need for a new system is defined. Authentication of users and processes is not a major concern of this phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1087 QUESTION 242 What can be defined as: It confirms that users’ needs have been met by the supplied solution? A. B. C. D.

Accreditation Certification Assurance Acceptance

Correct Answer: D CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: Acceptance testing is used to ensure that the code meets customer requirements. If this testing is passed the user's needs have been met. Incorrect Answers: A: The final stage is accreditation, which is management’s, but not the users', formal approval. B: Certification involves testing the newly purchased product within the company’s environment. Certification does not confirm that the users' need have been met. C: Assurance is a measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1105 QUESTION 243 What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. B. C. D.

Clark and Wilson Model Harrison-Ruzzo-Ullman Model Rivest and Shamir Model Bell-LaPadula Model

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model was developed to address the security concerns of time-sharing mainframe systems and leakage of classified information. It was the first mathematical model of a multilevel security policy employed to define the concept of a secure state machine and modes of access, and outlined rules of access. Incorrect Answers: A: The Clark-Wilson model was developed after the Biba model, which was developed after the Bell-LaPadula model. B: The Harrison-Ruzzo-Ullman (HRU) model was NOT the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access C: Ron Rivest, Adi Shamir, and Leonard Adleman invented RSA, which is a public key algorithm that is the most popular when it comes to asymmetric algorithms. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 369, 372-374, 815 QUESTION 244 A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: A. B. C. D.

Concern that the laser beam may cause eye damage. The iris pattern changes as a person grows older. There is a relatively high rate of false accepts. The optical unit must be positioned so that the sun does not shine into the aperture.

CISSP

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The optical unit of the iris pattern biometric system must be positioned so that the sun does not shine into the aperture. Incorrect Answers: A: Iris recognition systems do not use laser like beams. B: With iris scans, the kind of errors that can occur during the authentication process is reduced because the iris remains constant through adulthood. C: Extreme resistance to false matching is an advantage of iris recognition. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 191 https://en.wikipedia.org/wiki/Iris_recognition QUESTION 245 Which of the following is not classified as "Security and Audit Frameworks and Methodologies"? A. B. C. D.

Bell LaPadula Committee of Sponsoring Organizations of the Treadway Commission (COSO) IT Infrastructure Library (ITIL) Control Objectives for Information and related Technology (COBIT)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model is a security model, not a Security and Audit Frameworks and Methodology. The BellLaPadula model is a subject-to-object model. An example would be how you (subject) could read a data element (object) from a specific database and write data into that database. The Bell-LaPadula model focuses on ensuring that subjects are properly authenticated—by having the necessary security clearance, need to know, and formal access approval—before accessing an object. The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT was derived from the COSO framework, developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting. The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. ITIL is a customizable framework that is provided in a set of books or in an online format. Incorrect Answers: B: Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a Security and Audit Frameworks and Methodology. C: IT Infrastructure Library (ITIL) is a Security and Audit Frameworks and Methodology. D: Control Objectives for Information and related Technology (COBIT) is a Security and Audit Frameworks and Methodology. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 55-60, 369 QUESTION 246 At which of the basic phases of the System Development Life Cycle are security requirements formalized? CISSP

A. B. C. D.

Disposal System Design Specifications Development and Implementation Functional Requirements Definition

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Requirements, including security requirements, are formalized in the Functional Requirements Definition phase. Incorrect Answers: A: Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. Security requirements are not formalized at the disposal phase. B: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the System Design Specifications phase, transforms requirements, including the security requirements, into a complete System Design Document. C: In the implementation phase the system is implemented into a product production environment. The security requirements have already been developed long before this phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1095 QUESTION 247 During which phase of an IT system life cycle are security requirements developed? A. B. C. D.

Operation Initiation Functional design analysis and Planning Implementation

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the security requirement phase, transforms requirements, including the security requirements, into a complete System Design Document. Incorrect Answers: A: The operation phase describes tasks to operate in a production environment, and is not concerned with development of security requirements. B: The initiation phase starts when a sponsor identifies a need or an opportunity. During this phase a Concept Proposal, but no security requirements, is created. D: In the implementation phase the system is implemented into a product production environment. The security requirements have already been developed long before this phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1095 QUESTION 248 Which of the following phases of a system development life-cycle is most concerned with establishing a good CISSP

security policy as the foundation for design? A. B. C. D.

Development/acquisition Implementation Initiation Maintenance

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Within the SDLC model during the initiation phase the need for a new system is defined. The initiation phase includes security categorization and preliminary risk assessment including a security policy. The security policy is a documentation that describes senior management’s directives toward the role that security plays within the organization. It provides a framework within which an organization establishes needed levels of information security to achieve the desired confidentiality, availability, and integrity goals. Incorrect Answers: A: The Development/acquisition phase does not establish a good security policy; instead it includes risk assessment and risk analysis. B: The implementation phase includes security certification and security accreditation. Establishing a good security policy is not included in the implementation phase. D: The maintenance phase include continuous monitoring, and configuration management and control. It does include creation of a security policy. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 1088, 1422 QUESTION 249 When considering an IT System Development Life-cycle, security should be: A. B. C. D.

Mostly considered during the initiation phase. Mostly considered during the development phase. Treated as an integral part of the overall system design. Added once the design is completed.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Within the System Development Life-cycle (SDLC) model, security is critical in each phase of the life cycle. Incorrect Answers: A: Security is critical to each phase of the SDLC model, not only the initiation phase. B: Security is critical to each phase of the SDLC model, not only the development phase. D: Security is critical to each phase of the SDLC model, and is not added when the design is completed. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1087 QUESTION 250 Risk reduction in a system development life-cycle should be applied: CISSP

A. B. C. D.

Mostly to the initiation phase. Mostly to the development phase. Mostly to the disposal phase. Equally to all phases.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Risk reduction should be applied equally to the initiation phase, the development phase, and to the disposal phase. Within the initiation phase a preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system. The development phase include formal risk assessment which identifies vulnerabilities and threats in the proposed system and the potential risk levels as they pertain to confidentiality, integrity, and availability. This builds upon the initial risk assessment carried out in the previous phase (the initiation phase). The results of this assessment help the team build the system’s security plan. Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. The storage medium of the system may need to be degaussed, put through a zeroization process, or physically destroyed. Incorrect Answers: A: Risk reduction should be applied to all phases equally, not mostly to the initiation phase. B: Risk reduction should be applied to all phases equally, not mostly to the development phase. C: Risk reduction should be applied to all phases equally, not mostly to the disposal phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 1091-1093 QUESTION 251 Who developed one of the first mathematical models of a multilevel-security computer system? A. B. C. D.

Diffie and Hellman. Clark and Wilson. Bell and LaPadula. Gasser and Lipner.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Incorrect Answers: A: Diffie and Hellman developed the first asymmetric key agreement algorithm, not the first multilevel security policy computer system. B: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Clark and Wilson. D: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Gasser and Lipner. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 369, 812 QUESTION 252 What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. B. C. D.

Central station alarm Proprietary alarm A remote station alarm An auxiliary station alarm

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters is known as an auxiliary station alarm. Alarm systems may have auxiliary alarms that ring at the local fire or police stations. Most central station systems include this feature, which requires permission form the local authorities before implementation. Incorrect Answers; A: Central Station Systems are operated and monitored around the clock by private security firms. The central stations are signaled by detectors over leased lines. Most central station systems include auxiliary alarms that ring at the local fire or police stations. However, the name of the alarm system that rings at the local fire or police stations is ‘auxiliary alarm’. Therefore, this answer is incorrect. B: Proprietary Systems are similar to the central station systems, except that the monitoring system is owned and operated by the customer. Proprietary alarm is not name of the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect. C: A remote station alarm is not the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 474 QUESTION 253 Which security model introduces access to objects only through programs? A. B. C. D.

The Biba model The Bell-LaPadula model The Clark-Wilson model The information flow model

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: With the Clark–Wilson model, users are unable to modify critical data (CDI) directly. Users have to be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. Incorrect Answers: CISSP

A: The Biba model allows access to sensitive data based on a lattice of integrity levels. B: The Bell-LaPadula model allows access to sensitive data based on a lattice of security levels. D: The information flow model, on which both the Bell-LaPadula and Biba models are based, allows direct access to data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 369-378 https://en.wikipedia.org/wiki/Clark-Wilson_model QUESTION 254 What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects? A. B. C. D.

Flow Model Discretionary access control Mandatory access control Non-discretionary access control

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization (role-based) or the subject’s responsibilities and duties (task-based). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual’s role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Another type of non-discretionary access control is lattice-based access control. In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object. Incorrect Answers: A: A flow model does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. B: Discretionary access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. C: Mandatory access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 48 QUESTION 255 Which of the following is not a physical control for physical security? A. B. C. D.

lighting fences training facility construction materials

Correct Answer: C Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: Training is an administrative control, not a physical control. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Lighting is an example of a physical control. Therefore, this answer is incorrect. B: Fences are an example of a physical control. Therefore, this answer is incorrect. D: Facility construction materials are an example of a physical control. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 256 Which access control model would a lattice-based access control model be an example of? A. B. C. D.

Mandatory access control. Discretionary access control. Non-discretionary access control. Rule-based access control.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A lattice-based access control model, which is a type of label-based mandatory access control model, is used to define the levels of security that an object may have and that a subject may have access to. Incorrect Answers: B: Access in a DAC model is restricted based on the authorization granted to the users, not on their security labels. C: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network, not on their security labels. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object, not on their security labels. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control QUESTION 257 Which of the following is an example of discretionary access control? A. B. C. D.

Identity-based access control Task-based access control Role-based access control Rule-based access control

Correct Answer: A CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject. Incorrect Answers: B: Task-based access control is a non-discretionary access control model, which is based on the tasks each subject must perform. C: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object, not on their security labels. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 258 Which of the following would be used to implement Mandatory Access Control (MAC)? A. B. C. D.

Clark-Wilson Access Control Role-based access control Lattice-based access control User dictated access control

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the lattice model is “a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.” Two methods are commonly used for applying mandatory access control: Rule-based (or label-based) access control: This type of control further defines specific conditions for access to a requested object. A Mandatory Access Control system implements a simple form of rule-based access control to determine whether access should be granted or denied by matching: - An object's sensitivity label - A subject's sensitivity label Lattice-based access control: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. Incorrect Answers: A: Clark-Wilson Access Control is not used to implement Mandatory Access Control (MAC). B: Role-based Access Control is not used to implement Mandatory Access Control (MAC). D: User dictated Access Control is not used to implement Mandatory Access Control (MAC). References: https://en.wikipedia.org/wiki/Computer_access_control QUESTION 259 Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is NOT being used)?

CISSP

A. B. C. D.

A subject is not allowed to read up. The *- property restriction can be escaped by temporarily downgrading a high level subject. A subject is not allowed to read down. It is restricted to confidentiality.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell LaPadula model does not include a rule that prevents a subject from reading down. Incorrect Answers: A: A subject is not allowed to read up is a property of the 'simple security rule' of Bell LaPadula model. B: The *- property restriction can be escaped by temporarily downgrading a high level subject can be escaped by temporarily downgrading a high level subject or by identifying a set of trusted objects which are permitted to violate the *-property as long as it is not in the middle of an operation. D: It is restricted to confidentiality as it is a state machine model that enforces the confidentiality aspects of access control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 369-372 QUESTION 260 The Orange Book is founded upon which security policy model? A. B. C. D.

The Biba Model The Bell LaPadula Model Clark-Wilson Model TEMPEST

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-La Padula (BLP) model is a model of computer security that focuses on mandatory and discretionary access control. It was spelled out in an influential paper by David E Bell and Leonard J. La Padula. The Bell-La Padula paper formed the basis of the "Orange Book" security classifications, the system that the US military used to evaluate computer security for decades. Incorrect Answers: A: The Orange Book is not founded upon the Biba model. C: The Orange Book is not founded upon the Clark-Wilson model. D: The Orange Book is not founded upon the TEMPEST model. References: https://sites.google.com/site/cacsolin/bell-lapadula QUESTION 261 Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU) C. Storage Devices

CISSP

D. Peripherals (input/output devices) Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The system architecture aspect of security architecture includes the following: CPU – Central Processing Unit Storage devices – includes both long and short-term storage, such as memory and disk Peripherals – includes both input and output devices, such as keyboards and printer The components and devices connect to the motherboard. However, the motherboard is not considered a basic component of security architecture. Incorrect Answers: B: The Central Processing Unit (CPU) is a basic component of security architecture. C: Storage Devices are a basic component of security architecture. D: Peripherals (input/output devices) are a basic component of security architecture. QUESTION 262 Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B. C. D.

B2 B1 A1 A2

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: B: Separate operator and system administrator roles are not required at level B1. C: Separate operator and system administrator roles are required at level A1. However, they are also required at the lower level of B2. D: Separate operator and system administrator roles are required at level A2. However, they are also required at the lower level of B2. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 396

CISSP

http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt QUESTION 263 In which of the following models are Subjects and Objects identified and the permissions applied to each subject/object combination are specified? Such a model can be used to quickly summarize what permissions a subject has for various system objects. A. B. C. D.

Access Control Matrix model Take-Grant model Bell-LaPadula model Biba model

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system. This type of access control is usually an attribute of DAC models. The access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs). Incorrect Answers: B: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. C: The Bell–LaPadula Model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question. D: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 229 QUESTION 264 Which of the following is NOT a precaution you can take to reduce static electricity? A. B. C. D.

power line conditioning anti-static sprays maintain proper humidity levels anti-static flooring

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Power line conditioning is not a precaution you can take to reduce static electricity. Some precautions you can take to reduce static electricity damage are: Use anti-static sprays where possible. Operations or computer centers should have anti-static flooring. Building and computer rooms should be grounded properly. Anti-static table or floor mats may be used. HVAC should maintain the proper level of relative humidity in computer rooms. Fire Detection and Suppression

CISSP

Incorrect Answers: B: Anti-static sprays are a precaution you can take to reduce static electricity. Therefore, this answer is incorrect. C: Maintaining proper humidity levels is a precaution you can take to reduce static electricity. Therefore, this answer is incorrect. D: Anti-static flooring is a precaution you can take to reduce static electricity. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 460 QUESTION 265 Which of the following is currently the most recommended water system for a computer room? A. B. C. D.

preaction wet pipe dry pipe deluge

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems. Incorrect Answers: B: Wet pipe systems always contain water in the pipes and are usually discharged by temperature control–level sensors. This type is not the most recommended water system for a computer room. Therefore, this answer is incorrect. C: In dry pipe systems, the water is not actually held in the pipes. The water is contained in a “holding tank” until it is released. This type is not the MOST recommended water system for a computer room. Therefore, this answer is incorrect. D: A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments. This type is not the most recommended water system for a computer room. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 474-475 QUESTION 266 Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. B. C. D.

traverse-mode noise common-mode noise crossover-mode noise transversal-mode noise

Correct Answer: B CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: Noise in power systems refers to the presence of electrical radiation in the system that is unintentional and interferes with the transmission of clean power. There are several types of noise, the most common being Electromagnetic Interference (EMI ) and Radio Frequency Interference (RFI ). EMI is noise that is caused by the generation of radiation due to the charge difference between the three electrical wires — the hot, neutral, and ground wires. Two common types of EMI generated by electrical systems are: 1. Common-mode noise. Noise from the radiation generated by the difference between the hot and ground wires. 2. Traverse-mode noise. Noise from the radiation generated by the difference between the hot and neutral wires. Incorrect Answers: A: Traverse-mode noise is noise from the radiation generated by the difference between the hot and neutral wires, not between the hot and ground wires. Therefore, this answer is incorrect. C: Crossover-mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect. D: Transversal -mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 458 QUESTION 267 The "vulnerability of a facility" to damage or attack may be assessed by all of the following EXCEPT: A. B. C. D.

Inspection History of losses Security controls security budget

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: There are many types of tests that can be performed to assess the vulnerability of a facility. These include inspection, history of losses and security controls. Inspection covers many aspects of vulnerability testing ranging from checking the perimeter fencing to penetration testing of systems. History of losses (losses from previous attacks or security breaches) is a good way of assessing the vulnerability of a facility. Examining how previous breaches occurred can help determine whether the facility is protected against another similar breach. Testing the security controls in place to ensure they are sufficient is an obvious way of assessing the vulnerability of a facility. Security controls cover everything from the locks on the doors to intrusion detection systems. One thing that cannot be used to assess the vulnerability of a facility is the security budget. The amount of money spent on security is irrelevant. A large security budget does not guarantee that a facility is secure and a small budget does not mean it is insecure. Incorrect Answers: A: Inspection of the security systems can be used to assess the vulnerability of a facility. Therefore, this answer CISSP

is incorrect. B: History of losses (losses from previous attacks or security breaches) can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect. C: Examining the security controls can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect. QUESTION 268 Which of the following is not an EPA-approved replacement for Halon? A. B. C. D.

Bromine Inergen FM-200 FE-13

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: At one time, Halon was considered the perfect fire suppression method in computer operations centers, due to the fact that it is not harmful to the equipment, mixes thoroughly with the air, and spreads extremely fast. The benefits of using Halons are that they do not leave liquid or solid residues when discharged. Therefore, they are preferred for sensitive areas, such as computer rooms and data storage areas. However, several issues arose with its deployment, such as that it cannot be breathed safely in concentrations greater than 10 percent, and when deployed on fires with temperatures greater than 900°, it degrades into seriously toxic chemicals — hydrogen fluoride, hydrogen bromide, and bromine. Some common EPA-acceptable Halon replacements are FM-200 (HFC-227ea) CEA-410 or CEA-308 NAF-S-III (HCFC Blend A) FE-13 (HFC-23) Argon (IG55) or Argonite (IG01) Inergen (IG541) Low pressure water mists Incorrect Answers: B: Inergen is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. C: FM-200 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. D: FE-13 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 464-465 QUESTION 269 Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense? A. B. C. D.

TCSEC ITSEC DIACAP NIACAP

Correct Answer: A Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Initially issued in 1983 by the National Computer Security Center (NCSC), an arm of the National Security Agency, and then updated in 1985. TCSEC was replaced by the Common Criteria international standard originally published in 2005. Incorrect Answers: B: The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries. This is not what is described in the question. C: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question. D: The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimumstandard process for the certification and accreditation of computer and telecommunications systems that handle U.S. This is not what is described in the question. References: https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 399 QUESTION 270 The Computer Security Policy Model the Orange Book is based on is which of the following? A. B. C. D.

Bell-LaPadula Data Encryption Standard Kerberos Tempest

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The Orange Book used the Bell-LaPadula Computer Security Policy model as a comparative evaluation for all systems. Incorrect Answers: B: The Data Encryption Standard (DES) is a cryptographic algorithm, not a Computer Security Policy model. C: Kerberos is an authentication protocol, not a Computer Security Policy model. D: TEMPEST is related to limiting the electromagnetic emanations from electronic equipment. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209, 254, 402, 800 QUESTION 271 The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality B. confidentiality and availability

CISSP

C. integrity and availability D. none of the above Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A difference between ITSEC and TCSEC is that TCSEC bundles functionality and assurance into one rating, whereas ITSEC evaluates these two attributes separately. The other differences are that ITSEC was developed to provide more flexibility than TCSEC, and ITSEC addresses integrity, availability, and confidentiality, whereas TCSEC addresses only confidentiality. ITSEC also addresses networked systems, whereas TCSEC deals with stand-alone systems. Incorrect Answers: A: Both ITSEC and TCSEC address confidentiality. B: Both ITSEC and TCSEC address confidentiality. D: One of the answers given is correct. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 401 QUESTION 272 Which of the following is NOT a type of motion detector? A. B. C. D.

Photoelectric sensor Passive infrared sensors Microwave Sensor. Ultrasonic Sensor.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A photoelectric sensor does not detect motion; it detects a break in a beam of light. A photoelectric system, or photometric system, detects the change in a light beam. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted by the photoelectric cell can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver. Incorrect Answers: B: A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles’ temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded. A PIR is a type of motion detector. Therefore, this answer is incorrect. C: Wave-pattern motion detectors differ in the frequency of the waves they monitor. The different frequencies are microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds. A Microwave Sensor is a type of motion detector. Therefore, this answer is incorrect. D: An Ultrasonic Sensor is an example of a wave-pattern motion detector. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 495

CISSP

QUESTION 273 What is the minimum static charge able to cause disk drive data loss? A. B. C. D.

550 volts 1000 volts 1500 volts 2000 volts

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Low humidity of less than 40 percent increases the static electricity damage potential. A static charge of 4000 volts is possible under normal humidity conditions on a hardwood or vinyl floor, and charges up to 20,000 volts or more are possible under conditions of very low humidity with non-static—free carpeting. Although you cannot control the weather, you certainly can control your relative humidity level in the computer room through your HVAC systems. The list below lists the damage various static electricity charges can do to computer hardware: 40 volts: Sensitive circuits and transistors 1,000 volts: Scramble monitor display 1,500 volts: Disk drive data loss 2,000 volts: System shutdown 4,000 volts: Printer Jam 17,000 volts: Permanent chip damage Incorrect Answers: A: 550 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect. B: 1000 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect. D: Only 1500 volts is enough to cause disk drive data loss, not 2000 volts. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 460 QUESTION 274 Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)? A. B. C. D.

A subject is not allowed to read up. The *- property restriction can be escaped by temporarily downgrading a high level subject. A subject is not allowed to read down. It is restricted to confidentiality.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The statement that a subject is not allowed to read down in the Bell-LaPadula security model is FALSE. The Bell-LaPadula model was developed to make sure secrets stay secret; thus, it provides and addresses confidentiality only. The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a CISSP

data element (object) from a specific database and write data into that database. Three main rules are used and enforced in the Bell-LaPadula model: the simple security rule, the *-property (star property) rule, and the strong star property rule. The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. For example, if Bob is given the security clearance of secret, this rule states he cannot read data classified as top secret. If the organization wanted Bob to be able to read top-secret data, it would have given him that clearance in the first place. The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down” rule. The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. Incorrect Answers: A: It is true that a subject is not allowed to read up in the Bell-LaPadula model. B: It is true that the *- property restriction in the Bell-LaPadula model can be escaped by temporarily downgrading a high level subject. D: It is true that the Bell-LaPadula model is restricted to confidentiality. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-372 QUESTION 275 Which of the following is a class A fire? A. B. C. D.

common combustibles liquid electrical Halon

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Class A fires involve “common combustibles”; these are ordinary combustible materials, such as cloth, wood, paper, rubber, and many plastics. Incorrect Answers: B: A flammable liquid fire (such as gasoline, oil, lacquers) is a Class B fire. Therefore, this answer is incorrect. C: Electrical fires are Class C fires. Therefore, this answer is incorrect. D: Halon is not flammable; it is a gas used to suppress fires. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 276 Which of the following statements relating to the Biba security model is FALSE? A. B. C. D.

It is a state machine model. A subject is not allowed to write up. Integrity levels are assigned to subjects and objects. Programs serve as an intermediate layer between subjects and objects.

Correct Answer: D Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: The statement, “Programs serve as an intermediate layer between subjects and objects” in the Biba model is FALSE. The Clark–Wilson model uses programs as an intermediate layer between subjects and objects. The Biba model was developed after the Bell-LaPadula model. It is a state machine model similar to the BellLaPadula model. Biba addresses the integrity of data within applications. The Bell-LaPadula model uses a lattice of security levels (top secret, secret, sensitive, and so on). These security levels were developed mainly to ensure that sensitive data were only available to authorized individuals. The Biba model is not concerned with security levels and confidentiality, so it does not base access decisions upon this type of lattice. Instead, the Biba model uses a lattice of integrity levels. If implemented and enforced properly, the Biba model prevents data from any integrity level from flowing to a higher integrity level. Biba has three main rules to provide this type of protection: *-integrity axiom A subject cannot write data to an object at a higher integrity level (referred to as “no write up”). Simple integrity axiom A subject cannot read data from a lower integrity level (referred to as “no read down”). Invocation property A subject cannot request service (invoke) of higher integrity. Incorrect Answers: A: The Biba model is a state machine model. B: It is true that a subject is not allowed to write up in the Biba model. C: It is true that integrity levels are assigned to subjects and objects in the Biba model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 372 QUESTION 277 Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)? A. B. C. D.

The National Computer Security Center (NCSC) The National Institute of Standards and Technology (NIST) The National Security Agency (NSA) The American National Standards Institute (ANSI)

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Federal Information Processing Standards (FIPS) is a standard for adoption and use by United States Federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology (NIST), a part of the U.S. Department of Commerce. FIPS describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. The standards cover a specific topic in information technology (IT) and strive to achieve a common level of quality or interoperability. Incorrect Answers: A: The National Computer Security Center (NCSC) does not produce or publish the Federal Information Processing Standards (FIPS). C: The National Security Agency (NSA) does not produce or publish the Federal Information Processing Standards (FIPS). D: The American National Standards Institute (ANSI) does not produce or publish the Federal Information Processing Standards (FIPS). References” CISSP

http://whatis.techtarget.com/definition/Federal-Information-Processing-Standards-FIPS QUESTION 278 What is the main focus of the Bell-LaPadula security model? A. B. C. D.

Accountability Integrity Confidentiality Availability

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model was developed to ensure that secrets stay secret. Therefore, it provides and addresses confidentiality only. Incorrect Answers: A: The main focus of the Bell- LaPadula security model is confidentiality, not accountability. B: The main focus of the Bell- LaPadula security model is confidentiality, not integrity. The Biba model is focused on Integrity. D: The main focus of the Bell- LaPadula security model is confidentiality, not availability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 369-373 https://en.wikipedia.org/wiki/Bell-La_Padula_model QUESTION 279 Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. B. C. D.

Halon CO2 water soda acid

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms. It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans. Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until 1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone. Incorrect Answers: B: CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect. C: Water suppresses fire by lowering the temperature of the fuel to below its ignition point or by dispersing the fuel, not by disrupting a chemical reaction. Therefore, this answer is incorrect. CISSP

D: Soda acid fire extinguishers are CO2-based fire extinguishers. The soda and the acid react to produce CO2. CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 473 QUESTION 280 Which of the following is a class C fire? A. B. C. D.

electrical liquid common combustibles soda acid

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Class C fires are electrical fires. Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders as these extinguishing agents are non-conductive. Incorrect Answers: B: A flammable liquid fire (such as gasoline, oil, lacquers) is a Class B fire. Therefore, this answer is incorrect. C: A common combustibles fire (such as wood, paper, cloth) is a Class A fire. Therefore, this answer is incorrect. D: Soda acid is not a type of fire; it’s a type of fire extinguisher. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 281 Which of the following statements pertaining to the Bell-LaPadula model is TRUE if you are NOT making use of the strong star property? A. B. C. D.

It allows "read up." It addresses covert channels. It addresses management of access controls. It allows "write up."

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Three main rules are used and enforced in the Bell-LaPadula model: The simple security rule, the *-property (star property) rule, and the strong star property rule. The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down” rule. The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. CISSP

If you are NOT making use of the strong star property, then there is no rule preventing you from writing up. Incorrect Answers: A: The simple security rule, referred to as the “no read up” rule, will prevent you from reading up. B: The Bell-LaPadula model does not address covert channels. C: The Bell-LaPadula model does not address management of access controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-370 QUESTION 282 Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. B. C. D.

The Bell-LaPadula model The information flow model The noninterference model The Clark-Wilson model

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level. If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way. Incorrect Answers: A: The Bell–LaPadula model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question. B: The information flow model forms the basis of other models such as Bell–LaPadula or Biba. This is not what is described in the question. D: The Clark-Wilson model prevents unauthorized users from making modifications, prevents authorized users from making improper modifications, and maintains internal and external consistency through auditing. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 380 QUESTION 283 Which of the following security models does NOT concern itself with the flow of data? A. B. C. D.

The information flow model The Biba model The Bell-LaPadula model The noninterference model

Correct Answer: D CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level. If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way. Incorrect Answers: A: The information flow model does concern itself with the flow of data. B: The Biba model does concern itself with the flow of data. C: The Bell-LaPadula model does concern itself with the flow of data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 380 QUESTION 284 Which of the following is the preferred way to suppress an electrical fire in an information center? A. B. C. D.

CO2 CO2, soda acid, or Halon water or soda acid ABC Rated Dry Chemical

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Class C fire extinguishers are used for fires involving electrical equipment. Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders as these extinguishing agents are non-conductive. Of the answers given, CO2 is the preferred way to suppress an electrical fire in an information center. Incorrect Answers: B: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect. C: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Water is conductive which makes it unsuitable for electrical fires. Therefore, this answer is incorrect. D: ABC Rated Dry Chemical is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 https://en.wikipedia.org/wiki/ABC_dry_chemical QUESTION 285 What are the four basic elements of Fire?

CISSP

A. B. C. D.

Heat, Fuel, Oxygen, and Chain Reaction Heat, Fuel, CO2, and Chain Reaction Heat, Wood, Oxygen, and Chain Reaction Flame, Fuel, Oxygen, and Chain Reaction

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The fire triangle or combustion triangle is a simple model for understanding the necessary ingredients for most fires. The triangle illustrates the three elements a fire needs to ignite: heat, fuel, and an oxidizing agent (usually oxygen). A fire naturally occurs when the elements are present and combined in the right mixture, meaning that fire is actually an event rather than a thing. A fire can be prevented or extinguished by removing any one of the elements in the fire triangle. For example, covering a fire with a fire blanket removes the oxygen part of the triangle and can extinguish a fire. The fire tetrahedron represents the addition of a component, the chemical chain reaction, to the three already present in the fire triangle. Once a fire has started, the resulting exothermic chain reaction sustains the fire and allows it to continue until or unless at least one of the elements of the fire is blocked. Foam can be used to deny the fire the oxygen it needs. Water can be used to lower the temperature of the fuel below the ignition point or to remove or disperse the fuel. Halon can be used to remove free radicals and create a barrier of inert gas in a direct attack on the chemical reaction responsible for the fire. Incorrect Answers: B: CO2 is not one of the four basic elements of fire. CO2 is a fire suppressant. Therefore, this answer is incorrect. C: Wood is not one of the four basic elements of fire. Wood would be an example of the ‘fuel’ element of fire. Therefore, this answer is incorrect. D: Flame is not one of the four basic elements of fire. Flame is just another name for fire. Therefore, this answer is incorrect. References: https://en.wikipedia.org/wiki/Fire_triangle QUESTION 286 Which Orange book security rating introduces the object reuse protection? A. B. C. D.

C1 C2 B1 B2

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: C2: Controlled Access Protection: Users need to be identified individually to provide more precise access control and auditing functionality. Logical access control mechanisms are used to enforce authentication and the uniqueness of each individual’s identification. Security-relevant events are audited, and these records must be protected from unauthorized modification. The architecture must provide resource, or object, isolation so proper protection can be applied to the resource and any actions taken upon it can be properly audited. The object reuse concept must also be invoked, meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. If a subject uses a segment of memory, that memory space must not hold any information after the subject is done using it. The same is true for CISSP

storage media, objects being populated, and temporary files being created—all data must be efficiently erased once the subject is done with that medium. Incorrect Answers: A: Object reuse protection is not required at level C1. C: Object reuse protection is required at level B1; however, it was introduced at level C2. D: Object reuse protection is required at level B2; however, it was introduced at level C2. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-395 QUESTION 287 Which Orange book security rating introduces security labels? A. B. C. D.

C2 B1 B2 B3

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: B1: Labeled Security: Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subject’s and object’s security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement, and the design specifications are reviewed and verified. This security rating is intended for environments that require systems to handle classified data. Incorrect Answers: A: Security labels are not required at level C2. C: Security labels are required at level B2; however, they were introduced at level B1. D: Security labels are required at level B3; however, they were introduced at level B1. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 395 QUESTION 288 Which Orange book security rating is the FIRST to be concerned with covert channels? A. B. C. D.

A1 B3 B2 B1

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above because these are the systems that would be holding data sensitive enough for others to go through all the necessary trouble to access data in this fashion.

CISSP

B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: A: Level B2, not A1 is the FIRST to be concerned with covert channels. B: Level B2, not B3 is the FIRST to be concerned with covert channels. D: Level B2, not B1 is the FIRST to be concerned with covert channels. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 395-396 QUESTION 289 Which of the following is true about a "dry pipe" sprinkler system? A. B. C. D.

It is a substitute for carbon dioxide systems. It maximizes chances of accidental discharge of water. It reduces the likelihood of the sprinkler system pipes freezing. It uses less water than "wet pipe" systems.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: In dry pipe systems, the water is not actually held in the pipes. The water is contained in a “holding tank” until it is released. The pipes hold pressurized air, which is reduced when a fire or smoke alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is activated; then, the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These pipes are best used in colder climates because the pipes will not freeze. Incorrect Answers: A: A "dry pipe" sprinkler system is not a replacement for a carbon dioxide system. Dry pipe systems still use water which is not suitable for many fires. Therefore, this answer is incorrect. B: A "dry pipe" sprinkler system does not maximize the chances of accidental discharge of water. The chances are reduced as there is no water held in the pipes. Therefore, this answer is incorrect. D: A "dry pipe" sprinkler system uses no less water than "wet pipe" systems. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 474 QUESTION 290 According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?

CISSP

A. B. C. D.

A1 B3 B2 B1

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The TCSEC defines two kinds of covert channels: Storage channels - Communicate by modifying a "storage location" Timing channels - Perform operations that affect the "real response time observed" by the receiver The TCSEC, also known as the Orange Book, requires analysis of covert storage channels to be classified as a B2 system and analysis of covert timing channels is a requirement for class B3. Incorrect Answers: A: Level A1 requires a system to protect against covert timing channels. However, the lower level B3 also requires it. C: Level B2 does not require a system to protect against covert timing channels. D: Level B1 does not require a system to protect against covert timing channels. References: https://en.wikipedia.org/wiki/Covert_channel QUESTION 291 What does the Clark-Wilson security model focus on? A. B. C. D.

Confidentiality Integrity Accountability Availability

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model deals only with confidentiality, while the Biba and Clark-Wilson models deal only with integrity. The Clark-Wilson model addresses all three integrity goals: prevent unauthorized users from making modifications, prevent authorized users from making improper modifications, and maintain internal and external consistency. Incorrect Answers: A: The Clark-Wilson security model does not focus on confidentiality; it focuses on integrity. C: The Clark-Wilson security model does not focus on accountability; it focuses on integrity. D: The Clark-Wilson security model does not focus on availability; it focuses on integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 414, 416 QUESTION 292 What does the simple security (ss) property mean in the Bell-LaPadula model?

CISSP

A. B. C. D.

No read up No write down No read down No write up

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Three main rules are used and enforced in the Bell-LaPadula model: The simple security (SS) rule, the *-property (star property) rule, and the strong star property rule. The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down” rule. The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. Incorrect Answers: B: The simple security rule is referred to as the “no read up” rule, not the “no write down” rule. The *-property rule is referred to as the “no write down” rule. C: The simple security rule is referred to as the “no read up” rule, not the “no read down” rule. D: The simple security rule is referred to as the “no read up” rule, not the “no write up” rule. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-370 QUESTION 293 What does the * (star) property mean in the Bell-LaPadula model? A. B. C. D.

No write up No read up No write down No read down

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Three main rules are used and enforced in the Bell-LaPadula model: The simple security (SS) rule, the *-property (star property) rule, and the strong star property rule. The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down”rule. The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. Incorrect Answers: A: The *-property rule is referred to as the “no write down” rule, not the “no write up” rule. B: The *-property rule is referred to as the “no write down” rule, not the “no read up” rule. D: The *-property rule is referred to as the “no write down” rule, not the “no read down” rule. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-370 QUESTION 294 What does the * (star) integrity axiom mean in the Biba model? A. B. C. D.

No read up No write down No read down No write up

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The Biba model was developed after the Bell-LaPadula model. It is a state machine model similar to the BellLaPadula model. Biba addresses the integrity of data within applications. The Biba model uses a lattice of integrity levels. If implemented and enforced properly, the Biba model prevents data from any integrity level from flowing to a higher integrity level. Biba has three main rules to provide this type of protection: *-integrity axiom: A subject cannot write data to an object at a higher integrity level (referred to as “no write up”). Simple integrity axiom: A subject cannot read data from a lower integrity level (referred to as “no read down”). Invocation property: A subject cannot request service (invoke) of higher integrity. Incorrect Answers: A: The * (star) integrity axiom means “no write up”, not “no read up”. B: The * (star) integrity axiom means “no write up”, not “no write down”. C: The * (star) integrity axiom means “no write up”, not “no read down”. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 372 QUESTION 295 What does the simple integrity axiom mean in the Biba model? A. B. C. D.

No write down No read down No read up No write up

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The Biba model was developed after the Bell-LaPadula model. It is a state machine model similar to the BellLaPadula model. Biba addresses the integrity of data within applications. The Biba model uses a lattice of integrity levels. If implemented and enforced properly, the Biba model prevents data from any integrity level from flowing to a higher integrity level. Biba has three main rules to provide this type of protection: *-integrity axiom: A subject cannot write data to an object at a higher integrity level (referred to as “no write up”). CISSP

Simple integrity axiom: A subject cannot read data from a lower integrity level (referred to as “no read down”). Invocation property: A subject cannot request service (invoke) of higher integrity. Incorrect Answers: A: The * (star) integrity axiom means “no write up”, not “no read up”. B: The * (star) integrity axiom means “no write up”, not “no write down”. C: The * (star) integrity axiom means “no write up”, not “no read down”. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 372 QUESTION 296 What is the Biba security model concerned with? A. B. C. D.

Confidentiality Reliability Availability Integrity

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The Biba model was developed after the Bell-LaPadula model. It is a state machine model similar to the BellLaPadula model. Biba addresses the integrity of data within applications. The Bell-LaPadula model uses a lattice of security levels (top secret, secret, sensitive, and so on). These security levels were developed mainly to ensure that sensitive data were only available to authorized individuals. The Biba model is not concerned with security levels and confidentiality, so it does not base access decisions upon this type of lattice. Instead, the Biba model uses a lattice of integrity levels. Incorrect Answers: A: The Biba security model is not concerned with confidentiality; it is only concerned with integrity. B: The Biba security model is not concerned with reliability; it is only concerned with integrity. C: The Biba security model is not concerned with availability; it is only concerned with integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 372 QUESTION 297 Which security model uses division of operations into different parts and requires different users to perform each part? A. B. C. D.

Bell-LaPadula model Biba model Clark-Wilson model Non-interference model

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of Duties. CISSP

The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: A: The Bell-LaPadula model does not use division of operations into different parts and require different users to perform each part. B: The Biba model does not use division of operations into different parts and require different users to perform each part. D: The Non-interference model does not use division of operations into different parts and require different users to perform each part. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 376 QUESTION 298 What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. B. C. D.

Clark and Wilson Model Harrison-Ruzzo-Ullman Model Rivest and Shamir Model Bell-LaPadula Model

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the security of these systems and leakage of classified information. The Bell-LaPadula model was developed to address these concerns. It was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Its development was funded by the U.S. government to provide a framework for computer systems that would be used to store and process sensitive information. The model’s main goal was to prevent secret information from being accessed in an unauthorized manner. A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. Incorrect Answers: A: The Clark-Wilson Model is an integrity model. This is not what is described in the question. B: The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. This is not what is described in the question. C: Rivest and Shamir is not a model. They created RSA cryptography. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 369 QUESTION 299 Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula

CISSP

D. Brewer-Nash Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the security of these systems and leakage of classified information. The Bell-LaPadula model was developed to address these concerns. It was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. An important thing to note is that the Bell-LaPadula model was developed to make sure secrets stay secret; thus, it provides and addresses confidentiality only. This model does not address the integrity of the data the system maintains—only who can and cannot access the data and what operations can be carried out. Incorrect Answers: A: The Biba model deals with data integrity. B: The Clark-Wilson model deals with data integrity. D: The Brewer and Nash Model deals with conflict of interest. In this model, no information can flow between the subjects and objects in a way that would create a conflict of interest. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 370 QUESTION 300 Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. B. C. D.

The Take-Grant model The Biba integrity model The Clark Wilson integrity model The Bell-LaPadula integrity model

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (Transformation Procedures) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her company’s database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. Incorrect Answers: A: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question. B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. However, it does not define a constrained data item and a transformation procedure. C: The Bell-LaPadula model does not deal with integrity.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 374 QUESTION 301 The BIGGEST difference between System High Security Mode and Dedicated Security Mode is: A. B. C. D.

The clearance required Object classification Subjects cannot access all objects Need-to-know

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: A system is operating in a dedicated security mode if all users have a clearance for, and a formal need-to-know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements (NDAs) pertaining to this information. The system can handle a single classification level of information. A system is operating in system high-security mode when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system. So, unlike in the dedicated security mode, in which all users have a need-to-know pertaining to all data on the system, in system high-security mode, all users have a need-to-know pertaining to some of the data. This mode also requires all users to have the highest level of clearance required by any and all data on the system. However, even though a user has the necessary security clearance to access an object, the user may still be restricted if he does not have a need-to-know pertaining to that specific object. Incorrect Answers: A: The clearance required is not the difference between the two. All users have clearance in both systems. However, in high-security mode, access is further restricted by need-to-know. B: Object classification is not the difference between the two. The classification of objects can be the same or it can be different; however, high-security mode is further restricted by need-to-know. C: Subjects cannot access all objects is not the difference between the two. All subjects CAN access all objects providing they have the ‘need-to-know’. References: Harris, Shon, All In One CISSP Exam Guide, 4th Edition, McGraw-Hill, New York, 2007, p. 387 QUESTION 302 For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt CISSP

succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. B. C. D.

*-Property and Polymorphism Strong *-Property and Polyinstantiation Simple Security Property and Polymorphism Simple Security Property and Polyinstantiation

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. Simple Security Property is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information. The secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples is Polyinstantiation. Polyinstantiation enabled the false record to be created. Polyinstantiation enables a table that contains multiple tuples with the same primary keys, with each instance distinguished by a security level. When this information is inserted into a database, lower-level subjects must be restricted from it. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking the information actually means something else. Incorrect Answers: A: The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. This is not the access control model property that prevented APFEL from reading FIGCO's cargo information. Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question. B: The strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. This is not the access control model property that prevented APFEL from reading FIGCO's cargo information. C: Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question. References: Harris, Shon, All In One CISSP Exam Guide, 4th Edition, McGraw-Hill, New York, 2007, pp. 370, 1186 QUESTION 303 Which security model uses an access control triple and also requires separation of duty? A. B. C. D.

DAC Lattice Clark-Wilson Bell-LaPadula

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. CISSP

When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her company’s database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP. The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of Duties. The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: A: DAC (Discretionary Access Control) is not a security model that uses an access control triple and requires separation of duty. B: Lattice-based access control model A mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. It is not a security model that uses an access control triple and requires separation of duty. D: The Bell–LaPadula Model is a state machine model used for enforcing access control in government and military applications. It is not a security model that uses an access control triple and requires separation of duty. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 370-377 QUESTION 304 You have been approached by one of your clients. They are interested in doing some security re-engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client? A. B. C. D.

Information Flow Model combined with Bell LaPadula Bell LaPadula Biba Information Flow Model

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The Bell-LaPadula model focuses on preventing information from flowing from a high security level to a low security level. Information Flow Model deals with covert channels. Subjects can access files. Processes can access memory segments. When data are moved from the hard drive’s swap space into memory, information flows. Data are moved into and out of registers on a CPU. Data are moved into different cache memory storage devices. Data are written to the hard drive, thumb drive, CDROM drive, and so on. Properly controlling all of these ways of how information flows can be a very complex task. This is why the information flow model exists—to help architects and developers make sure their software does not allow information to flow in a way that can put the system or data in danger. One way that the information flow model provides this type of protection is by ensuring that covert channels do not exist in the code.

CISSP

Incorrect Answers: B: The Bell LaPadula model on its own is not sufficient because it does not deal with the identification of covert channels. C: The Biba model is an integrity model. It will not prevent information from flowing from a high security level to a low security level or identify covert channels. D: The Information Flow model on its own is not sufficient because it will not prevent information from flowing from a high security level to a low security level. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 377-378 QUESTION 305 Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions? A. B. C. D.

Biba Brewer & Nash Graham-Denning Clark-Wilson

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The Brewer and Nash model, also called the Chinese Wall model, was created to provide access controls that can change dynamically depending upon a user’s previous actions. The main goal of the model is to protect against conflicts of interest by users’ access attempts. Under the Brewer and Nash model, company sensitive information is categorized into mutually disjointed conflict-of-interest categories. If you have access to one set of data, you cannot access the other sets of data. Incorrect Answers: A: The Biba model deals with integrity. It does not use dynamically changing permissions. C: The Graham-Denning model shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It does not use dynamically changing permissions. D: The Clark-Wilson model deals with integrity. It does not use dynamically changing permissions. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 383 QUESTION 306 Which of the following was the FIRST mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access? A. B. C. D.

Biba Bell-LaPadula Clark-Wilson State machine

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the security of CISSP

these systems and leakage of classified information. The Bell-LaPadula model was developed to address these concerns. It was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Its development was funded by the U.S. government to provide a framework for computer systems that would be used to store and process sensitive information. The model’s main goal was to prevent secret information from being accessed in an unauthorized manner. A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. Incorrect Answers: A: The Biba Model is an integrity model. This is not what is described in the question. C: The Clark-Wilson Model is an integrity model. This is not what is described in the question. D: State machine is not a specific model; it is a type of model. For example, the Bell-LaPadula model is a state machine model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 369 QUESTION 307 Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information? A. B. C. D.

No read up and No write down No write up, no read down No read over and no write up No reading from higher classification levels

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Three main rules are used and enforced in the Bell-LaPadula model: The simple security (SS) rule, the *-property (star property) rule, and the strong star property rule. The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. The simple security rule is referred to as the “no read up” rule, and the *-property rule is referred to as the “no write down” rule. The third rule, the strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. Incorrect Answers: B: No write up, no read down is not the best description of the Bell-LaPadula model. C: No read over and no write up is not the best description of the Bell-LaPadula model. D: No reading from higher classification levels is not the best description of the Bell-LaPadula model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 369-370 QUESTION 308 Individual accountability does not include which of the following? A. B. C. D.

unique identifiers policies and procedures access rules audit trails

CISSP

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Accountability would not include policies & procedures because while important on an effective security program they cannot be used in determining accountability. References: A: Accountability would include unique identifiers so that you can identify the individual. C: Accountability would include access rules to define access violations. D: Accountability would include audit trails to be able to trace violations or attempted violations. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 248-250 QUESTION 309 Which of the following components are considered part of the Trusted Computing Base? A. B. C. D.

Trusted hardware and firmware. Trusted hardware and software. Trusted hardware, software and firmware. Trusted computer operators and system managers.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the system’s security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. Some components and mechanisms have direct responsibilities in supporting the security policy, such as firmware that will not let a user boot a computer from a USB drive, or the memory manager that will not let processes overwrite other processes’ data. Then there are components that do not enforce the security policy but must behave properly and not violate the trust of a system. Examples of the ways in which a component could violate the system’s security policy include an application that is allowed to make a direct call to a piece of hardware instead of using the proper system calls through the operating system, a process that is allowed to read data outside of its approved memory space, or a piece of software that does not properly release resources after use. To assist with the evaluation of secure products, TCSEC introduced the idea of the Trusted Computing Base (TCB) into product evaluation. In essence, TCSEC starts with the principle that there are some functions that simply must be working correctly for security to be possible and consistently enforced in a computing system. For example, the ability to define subjects and objects and the ability to distinguish between them is so fundamental that no system could be secure without it. The TCB then are these fundamental controls implemented in a given system, whether that is in hardware, software, or firmware. Each of the TCSEC levels describes a different set of fundamental functions that must be in place to be certified to that level. Incorrect Answers: A: Software is also considered part of the Trusted Computing Base. B: Firmware is also considered part of the Trusted Computing Base. D: Trusted computer operators and system managers are not considered part of the Trusted Computing Base.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 360 https://www.freepracticetests.org/documents/TCB.pdf QUESTION 310 The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. B. C. D.

Black hats White hats Script kiddies Phreakers

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Script kiddies are hackers who do not necessarily have the skill to carry out specific attacks without the tools provided for them on the Internet and through friends. Since these people do not necessarily understand how the attacks are actually carried out, they most likely do not understand the extent of damage they can cause. Incorrect Answers: A: Black hats are malicious, skilled hackers. Easy-to-use hacking tools have not brought a growth in black hats. B: White hats are security professionals; ethical hackers who hack systems to test their security. Easy-to-use hacking tools have not brought a growth in white hats. D: Phreakers are telephone/PBX (private branch exchange) hackers. Easy-to-use hacking tools have not brought a growth in Phreakers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 986 QUESTION 311 Which is the last line of defense in a physical security sense? A. B. C. D.

people interior barriers exterior barriers perimeter barriers

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: In terms of physical security, people are the last line of defense for your company’s assets. If an intruder gets past the perimeter barriers, then the external barriers and finally the internal barriers, there are no more physical defenses remaining other than people in the facility. Incorrect Answers: B: Interior barriers are behind external barriers and perimeter barriers in terms of physical security. However, internal barriers are not the last line of defense; people are. Therefore, this answer is incorrect. C: Exterior barriers are between perimeter barriers and internal barriers in terms of physical security. Therefore, they are not the last line of defense so this answer is incorrect. D: Perimeter barriers are the first line of defense; not the last line of defense. Therefore, this answer is incorrect. CISSP

QUESTION 312 What is an error called that causes a system to be vulnerable because of the environment in which it is installed? A. B. C. D.

Configuration error Environmental error Access validation error Exceptional condition handling error

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Environmental errors include utility failure, service outage, natural disasters, or neighboring hazards. Any issue with the environment in which a system is installed is known as an environmental error. Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. High humidity can cause corrosion, and low humidity can cause excessive static electricity. This static electricity can short out devices, cause the loss of information, or provide amusing entertainment for unsuspecting employees. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down. Incorrect Answers: A: A configuration error is a problem caused by the configuration of the settings in a system, not the environment in which the system is installed. C: An access validation error is a problem caused a user not having the correct permissions or access rights to the system. An access validation error is not caused by the environment in which the system is installed. D: An exceptional condition handling error is a problem caused by the software code of the system, not the environment in which the system is installed. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 466 QUESTION 313 Devices that supply power when the commercial utility power system fails are called which of the following? A. B. C. D.

power conditioners uninterruptible power supplies power filters power dividers

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: An uninterruptible power supply (UPS) is an electrical apparatus that provides emergency power to a load when the input power source, typically mains power, fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide near-instantaneous protection from input power interruptions, by supplying energy stored in batteries, supercapacitors, or flywheels. The on-battery runtime of most uninterruptible power sources is relatively short (often only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment. Incorrect Answers: CISSP

A: A power conditioner is a device intended to improve the quality of the power that is delivered to electrical equipment. It does not supply power when the commercial utility power system fails. Therefore, this answer is incorrect. C: A power filter is similar to a power conditioner in that it is intended to improve the quality of the power that is delivered to electrical equipment. It does not supply power when the commercial utility power system fails. Therefore, this answer is incorrect. D: Power dividers are used in radio technology. They do not supply power when the commercial utility power system fails. Therefore, this answer is incorrect. References: https://en.wikipedia.org/wiki/Uninterruptible_power_supply QUESTION 314 Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to: A. B. C. D.

specify what users can do. specify which resources they can access. specify how to restrain hackers. specify what operations they can perform on a system.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Access controls are security features that control how users and systems communicate and interact with other systems and resources. Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality. Access controls do not enable management to specify how to restrain hackers. Access controls can only prevent hackers accessing a system. Incorrect Answers: A: Access control does enable managers of a system to specify what users can do within the system. B: Access control does enable managers of a system to specify which resources they can access. D: Access control does enable managers of a system to specify what operations they can perform on a system. References: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems QUESTION 315 Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? A. B. C. D.

SESAME RADIUS KryptoKnight TACACS+

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and CISSP

provides additional access control support. Incorrect Answers: B: RADIUS is a network protocol that allows for client/server authentication and authorization, and audits remote users. It was not developed to address some of the weaknesses in Kerberos. C: KryptoKnight provides authentication and key distribution services to applications and communicating entities in a network environment. It was not developed to address some of the weaknesses in Kerberos. D: TACACS+ is a network protocol that allows for client/server authentication and authorization. It was not developed to address some of the weaknesses in Kerberos. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 214, 234-236 http://www.eurecom.fr/~nsteam/Papers/kryptoknight.pdf QUESTION 316 Which of the following is NOT a system-sensing wireless proximity card? A. B. C. D.

magnetically striped card passive device field-powered device transponder

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A system sensing device recognizes the presence of a card and communicates with it without the user needing to carry out any activity. A magnetically striped card is a card with a magnetic strip along one edge of the card. Credit cards today still have magnetic strips although they are rarely used for reading the card. To obtain information from the card by using the magnetic strip, the card needs to be ‘swiped’ through a card reader. The physical contact required between the card and the card reader means that a magnetically striped card is not a wireless proximity card. System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything. Incorrect Answers: B: A passive device is a wireless proximity card. Passive devices contain no battery or power on the card, but sense the electromagnetic field transmitted by the reader and transmit at different frequencies using the power field of the reader. Therefore, this answer is incorrect. C: A field-powered device is a wireless proximity card. They contain active electronics, a radio frequency transmitter, and a power supply circuit on the card. Therefore, this answer is incorrect. D: A transponder is a wireless proximity card. The reader and card communicate directly. The card and reader have a receiver, transmitter, and battery. The reader sends signals to the card to request information. The card sends the reader an access code. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 484 QUESTION 317 Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems

CISSP

D. Security Guards Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: One drawback of security guards is that the cost of maintaining a guard function either internally or through an external service is expensive. With common physical security risk countermeasures such as door entry control systems or perimeter fencing, there is typically a one-off cost when the countermeasure is implemented. With security guards, you have the ongoing cost of paying the salary of the security guard. Incorrect Answers: A: Procedural controls consist of approved written policies, procedures, standards and guidelines. The cost of implement procedural controls is not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect. B: Hardware Devices typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect. C: Electronic Systems typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more than the ongoing costs associated with security guards. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 535 QUESTION 318 Which one of the following authentication mechanisms creates a problem for mobile users? A. B. C. D.

Mechanisms based on IP addresses Mechanism with reusable passwords One-time password mechanism. Challenge response mechanism.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Authentication mechanisms based on IP addresses are useful if a user has a fixed IP address. This could be a fixed IP address at work or even a fixed IP address at home. With authentication mechanisms based on IP addresses, a user can access a resource only from a defined IP address. However, authentication mechanisms based on IP addresses are a problem for mobile users. This is because mobile users will connect to different networks on their travels such as different WiFi networks or different mobile networks. This means that the public IP address that the mobile user will be connecting from will change frequently. Incorrect Answers: B: Authentication mechanisms with reusable passwords are not a problem for mobile users. As long as the mobile user knows the password, he can access the resource. C: One-time password authentication mechanisms are not a problem for mobile users. The mobile user will have a token device that provides the one-time password which will enable the user to access the resource. D: Challenge response authentication mechanisms are not a problem for mobile users. As long as the user has network connectivity to the authenticating server (usually over the Internet) the challenge-response

CISSP

authentication will succeed. QUESTION 319 In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. B. C. D.

Known-plaintext attack Ciphertext-only attack Chosen-Ciphertext attack Plaintext-only attack

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: In this question, the attacker is trying to obtain the key from several “encrypted messages”. When the attacker has only encrypted messages to work from, this is known as a Ciphertext-only attack. Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at “cracking” the cipher is also known as an attack. The following are example of some common attacks: Chosen Ciphertext. Portions of the ciphertext are selected for trial decryption while having access to the corresponding decrypted plaintext Known Plaintext. The attacker has a copy of the plaintext corresponding to the ciphertext Chosen Plaintext. Chosen plaintext is encrypted and the output ciphertext is obtained Ciphertext Only. Only the ciphertext is available Incorrect Answers: A: With a Known Plaintext attack, the attacker has a copy of the plaintext corresponding to the ciphertext. This is not what is described in the question. C: With a Chosen-Ciphertext attack, the attacker has a copy of the plaintext corresponding to the ciphertext. This is not what is described in the question. D: With a Plaintext-only attack, the attacker does not have the encrypted messages as stated in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 154 QUESTION 320 The RSA algorithm is an example of what type of cryptography? A. B. C. D.

Asymmetric Key. Symmetric Key. Secret Key. Private Key.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: RSA is a public key algorithm that is an example of asymmetric key algorithms. RSA is used for encryption, digital signatures, and key distribution.

CISSP

Incorrect Answers: B: RSA is not an example of symmetric key algorithms. C: Secret Key cryptography is an encryption system where a common key is used to encrypt and decrypt the message. This is not the case in RSA. D: RSA uses Private Keys for decryption, but it is not an example of Private Key cryptography. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 815, 831 http://www.webopedia.com/TERM/S/symmetric_key_cryptography.html QUESTION 321 What algorithm was DES derived from? A. B. C. D.

Twofish. Skipjack. Brooks-Aldeman. Lucifer.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Lucifer was adopted and modified by the U.S. National Security Agency (NSA) to establish the U.S. Data Encryption Standard (DES) in 1976. Incorrect Answers: A: Twofish is a symmetric block cipher, which was a candidate for being the basis of the Advanced Encryption Standard (AES). B: Skipjack is an algorithm that was used by Clipper Chip, which was used in the Escrowed Encryption Standard (EES). C: Brooks-Aldeman is not a valid algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 764, 809 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 250 QUESTION 322 What is a characteristic of using the Electronic Code Book mode of DES encryption? A. B. C. D.

A given block of plaintext and a given key will always produce the same ciphertext. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. Individual characters are encoded by combining output from earlier encryption routines with plaintext. The previous DES output is used as input.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: With Electronic Code Book (ECB) Mode, a 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced. The same block of ciphertext will always result from a given block of plaintext and a given key. Incorrect Answers: CISSP

B: This option refers to Cipher Block Chaining (CBC). C: This option is not a characteristic of using the Electronic Code Book mode of DES encryption, as ECB allows for ciphertext to be produced from a given block of plaintext and a given key. D: This option refers to Cipher Block Chaining (CBC). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 800-807 QUESTION 323 Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean? A. B. C. D.

Use of public key encryption to secure a secret key, and message encryption using the secret key. Use of the recipient's public key for encryption and decryption based on the recipient's private key. Use of software encryption assisted by a hardware encryption accelerator. Use of elliptic curve encryption.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: For large quantities of sensitive information, symmetric key encryption (using a secret key) is more efficient. Public key cryptography uses two keys (public and private) generated by an asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption. Then there is a hybrid use of the two different algorithms: asymmetric and symmetric. Each algorithm has its pros and cons, so using them together can be the best of both worlds. In the hybrid approach, the two technologies are used in a complementary manner, with each performing a different function. A symmetric algorithm creates keys used for encrypting bulk data, and an asymmetric algorithm creates keys used for automated key distribution. When a symmetric key is used for bulk data encryption, this key is used to encrypt the message you want to send. When your friend gets the message you encrypted, you want him to be able to decrypt it, so you need to send him the necessary symmetric key to use to decrypt the message. You do not want this key to travel unprotected, because if the message were intercepted and the key were not protected, an evildoer could intercept the message that contains the necessary key to decrypt your message and read your information. If the symmetric key needed to decrypt your message is not protected, there is no use in encrypting the message in the first place. So we use an asymmetric algorithm to encrypt the symmetric key. Why do we use the symmetric key on the message and the asymmetric key on the symmetric key? The reason is that the asymmetric algorithm takes longer because the math is more complex. Because your message is most likely going to be longer than the length of the key, we use the faster algorithm (symmetric) on the message and the slower algorithm (asymmetric) on the key. Incorrect Answers: B: For large quantities of sensitive information, symmetric key encryption (using a secret key) is more efficient. Using public and private keys for encryption and decryption is asymmetric key encryption. C: Software encryption is not an answer on its own. We need to determine what type of software encryption to use. D: Elliptical curve cryptography (ECC) is a public key encryption technique. Symmetric key encryption is more efficient for large amounts of data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 793 QUESTION 324 Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: CISSP

A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key. Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: When information is encrypted using a public key, it can only be decrypted by using the associated private key. As the recipient is the only person with the private key, the recipient is the only person who can decrypt the message. This provides a form of authentication in that the recipient's identity can be positively verified by the sender. If the receiver replies to the message, the sender knows that the intended recipient received the message. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 784-785 QUESTION 325 Kerberos depends upon what encryption method? A. B. C. D.

Public Key cryptography. Secret Key cryptography. El Gamal cryptography. Blowfish cryptography.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: During the Kerberos Authentication Process, the user and the KDC share a secret key, while the service and the KDC share a different secret key. Kerberos is, therefore, dependent on Secret Key cryptography. Incorrect Answers: A: Kerberos is dependent on Secret Key cryptography, not Public Key cryptography. C: El Gamal is a public key algorithm that can be used for digital signatures, encryption, and key exchange. Kerberos is not, however, dependent on it. D: Blowfish is a block cipher that works on 64-bit blocks of data. Kerberos is not, however, dependent on it. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213, 810, 818 QUESTION 326 Which of the following statements is TRUE about data encryption as a method of protecting data? A. B. C. D.

It should sometimes be used for password files It is usually easily administered It makes few demands on system resources It requires careful key management

CISSP

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The main challenge brought by improved security is that introducing encryption software also introduces management complexity, and in particular this means dealing with encryption keys. An encryption key applies a set of complex algorithms to data and translates it into streams of seemingly random alphanumeric characters. There are two main types – private key (or symmetric) encryption and public key (or asymmetric) encryption. In symmetric encryption, all users have access to one private key, which is used to encrypt and decrypt data held in storage media such as backup tapes and disk drives. Although considered generally secure, the downside is that there is only one key, which has to be shared with others to perform its function. Asymmetric encryption comprises two elements: a public key to encrypt data and a private key to decrypt data. The public key is used by the owner to encrypt information and can be given to third parties running a compatible application to enable them to send encrypted messages back. Managing encryption keys effectively is vital. Unless the creation, secure storage, handling and deletion of encryption keys is carefully monitored, unauthorized parties can gain access to them and render them worthless. And if a key is lost, the data it protects becomes impossible to retrieve. Incorrect Answers: A: Data encryption should not ‘sometimes’ be used for password files; it should always be used. B: It is not true that data encryption is usually easily administered; it is complicated. C: It is not true that data encryption makes few demands on system resources; encrypting data requires significant processing power. References: http://www.computerweekly.com/feature/Encryption-key-management-is-vital-to-securing-enterprise-datastorage QUESTION 327 Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. B. C. D.

Rivest, Shamir, Adleman (RSA) El Gamal Elliptic Curve Cryptography (ECC) Advanced Encryption Standard (AES)

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. ECC is more efficient than RSA and any other asymmetric algorithm. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. Incorrect Answers: CISSP

A: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than RSA. B: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than El Gamal. D: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than AES. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 818-819 QUESTION 328 How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. B. C. D.

168 128 56 64

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Data Encryption Standard (DES) has had a long and rich history within the computer community. NIST invited vendors to submit data encryption algorithms to be used as a cryptographic standard. IBM had already been developing encryption algorithms to protect financial transactions. In 1974, IBM’s 128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm to use a key size of 64 bits (with 8 bits used for parity, resulting in an effective key length of 56 bits) instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). NOTE DEA is the algorithm that fulfills DES, which is really just a standard. So DES is the standard and DEA is the algorithm, but in the industry we usually just refer to it as DES. The CISSP exam may refer to the algorithm by either name, so remember both. Incorrect Answers: A: The Data Encryption Standard algorithm has an effective key length of 56 bits, not 168 bits. B: The Data Encryption Standard algorithm has an effective key length of 56 bits, not 128 bits. D: The Data Encryption Standard algorithm has an effective key length of 56 bits, not 64 bits. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 800 QUESTION 329 The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. B. C. D.

It prevents an unauthorized person from trying multiple passwords in one logon attempt. It prevents an unauthorized person from reading the password. It minimizes the amount of storage required for user passwords. It minimizes the amount of processing time used for encrypting passwords.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A one-way hash function performs a mathematical encryption operation on a password that cannot be reversed. This prevents an unauthorized person from reading the password. Some systems and applications send passwords over the network in cleartext, but a majority of them do not anymore. Instead, the software performs a one-way hashing function on the password and sends only the CISSP

resulting value to the authenticating system or service. The authenticating system has a file containing all users’ password hash values, not the passwords themselves, and when the authenticating system is asked to verify a user’s password, it compares the hashing value sent to what it has in its file. Incorrect Answers: A: One-way hashing of user passwords does not prevent an unauthorized person from trying multiple passwords in one logon attempt. This is not the purpose of one-way hashing. C: One-way hashing of user passwords does not minimize the amount of storage required for user passwords; it increases it because a hashed password is typically much longer than the password itself. D: One-way hashing of user passwords does not minimize the amount of processing time used for encrypting passwords. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1059 QUESTION 330 Which of the following issues is not addressed by digital signatures? A. B. C. D.

nonrepudiation authentication data integrity denial-of-service

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Digital signatures offer no protection against denial-of-service attacks. A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. The network or server will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network or server busy. A digital signature is a hash value that has been encrypted with the sender’s private key. If Kevin wants to ensure that the message he sends to Maureen is not modified and he wants her to be sure it came only from him, he can digitally sign the message. This means that a one-way hashing function would be run on the message, and then Kevin would encrypt that hash value with his private key. When Maureen receives the message, she will perform the hashing function on the message and come up with her own hash value. Then she will decrypt the sent hash value (digital signature) with Kevin’s public key. She then compares the two values, and if they are the same, she can be sure the message was not altered during transmission. She is also sure the message came from Kevin because the value was encrypted with his private key. The hashing function ensures the integrity of the message, and the signing of the hash value provides authentication and nonrepudiation. Incorrect Answers: A: Digital signatures can be used to address the issue of nonrepudiation. B: Digital signatures can be used to address the issue of authentication. D: Digital signatures can be used to address the issue of data integrity. References: https://www.techopedia.com/definition/24841/denial-of-service-attack-dos Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 829 QUESTION 331

CISSP

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. B. C. D.

The use of good key generators. The use of session keys. Nothing can defend you against a brute force crypto key attack. Algorithms that are immune to brute force key attacks.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A session key is a single-use symmetric key that is used to encrypt messages between two users during a communication session. If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this symmetric key would not be regenerated or changed. They would use the same key every time they communicated using encryption. However, using the same key repeatedly increases the chances of the key being captured and the secure communication being compromised. If, on the other hand, a new symmetric key were generated each time Lance and Tanya wanted to communicate, it would be used only during their one dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created and shared. A session key provides more protection than static symmetric keys because it is valid for only one session between two computers. If an attacker were able to capture the session key, she would have a very small window of time to use it to try to decrypt messages being passed back and forth. Incorrect Answers: A: A strong encryption key offers no protection against brute force attacks. If the same key is always used, once an attacker obtains the key, he would be able to decrypt the data. C: It is not true that nothing can defend you against a brute force crypto key attack. Using a different key every time is a good defense. D: There are no algorithms that are immune to brute force key attacks. This is why it is a good idea to use a different key every time. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 798-799 QUESTION 332 The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. B. C. D.

64 bits of data input results in 56 bits of encrypted output 128 bit key with 8 bits used for parity 64 bit blocks with a 64 bit total key length 56 bits of data input results in 56 bits of encrypted output

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity. When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution functions depend on the value of the key used with the algorithm. The result is CISSP

64-bit blocks of ciphertext Incorrect Answers: A: When 64-bit blocks of plaintext go in, 64-bit blocks of encrypted data come out. B: DES uses a 64-bit key (not 128-bit): 56 bits make up the true key, and 8 bits are used for parity. D: DES uses 64-bit blocks, not 56-bit. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 801 QUESTION 333 PGP uses which of the following to encrypt data? A. B. C. D.

An asymmetric encryption algorithm A symmetric encryption algorithm A symmetric key distribution system An X.509 digital certificate

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes. Incorrect Answers: A: PGP uses a symmetric encryption algorithm, not an asymmetric encryption algorithm to encrypt data. C: PGP does not use a symmetric ‘key distribution system’ to encrypt data. D: An X.509 digital certificate is used in asymmetric cryptography. PGP does not use asymmetric cryptography. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 850 QUESTION 334 A public key algorithm that does both encryption and digital signature is which of the following? A. B. C. D.

RSA DES IDEA Diffie-Hellman

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto standard and can be CISSP

used for digital signatures, key exchange, and encryption. It was developed in 1978 at MIT and provides authentication as well as key encryption. One advantage of using RSA is that it can be used for encryption and digital signatures. Using its one-way function, RSA provides encryption and signature verification, and the inverse direction performs decryption and signature generation. Incorrect Answers: B: DES is a symmetric block encryption algorithm. It is not a public key algorithm. C: IDEA is a symmetric block encryption algorithm. It is not a public key algorithm. D: Diffie-Hellman is used for key distribution. It is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 815 QUESTION 335 Which of the following is NOT true of Secure Sockets Layer (SSL)? A. B. C. D.

By convention it uses 's-http://' instead of 'http://'. Is the predecessor to the Transport Layer Security (TLS) protocol. It was developed by Netscape. It is used for transmitting private information, data, and documents over the Internet.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: By convention Secure Sockets Layer (SSL) uses “https://”. It does not use “s-http://”. Incorrect Answers: B: It is true that Secure Sockets Layer (SSL) is the predecessor to the Transport Layer Security (TLS) protocol. C: It is true that Secure Sockets Layer (SSL) was developed by Netscape. D: It is true that Secure Sockets Layer (SSL) is used for transmitting private information, data, and documents over the Internet. QUESTION 336 There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. B. C. D.

public keys private keys public-key certificates private-key certificates

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A Kerberos ticket is issued by a trusted third party. It is an encrypted data structure that includes the service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not the key. Incorrect Answers: A: Kerberos tickets are not shared out publicly, so they are not like a PKI public key. B: Although a Kerberos ticket is not shared publicly, it is not a private key. Private keys are associated with Asymmetric crypto system which is not used by Kerberos. Kerberos uses only the Symmetric crypto system. CISSP

D: There is no such thing as a private key certificate. QUESTION 337 Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard? A. B. C. D.

Twofish Serpent RC6 Rijndael

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: After DES was used as an encryption standard for over 20 years and it was cracked in a relatively short time once the necessary technology was available, NIST decided a new standard, the Advanced Encryption Standard (AES), needed to be put into place. In January 1997, NIST announced its request for AES candidates and outlined the requirements in FIPS PUB 197. AES was to be a symmetric block cipher supporting key sizes of 128, 192, and 256 bits. The following five algorithms were the finalists: MARS Developed by the IBM team that created Lucifer RC6 Developed by RSA Laboratories Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen Twofish Developed by Counterpane Systems Rijndael Developed by Joan Daemen and Vincent Rijmen Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192, and 256 bits. Rijndael works well when implemented in software and hardware in a wide range of products and environments. It has low memory requirements and has been constructed to easily defend against timing attacks. Rijndael was NIST’s choice to replace DES. It is now the algorithm required to protect sensitive but unclassified U.S. government information. Incorrect Answers: A: Twofish was a finalist; however, Rijndael was selected by NIST for the new Advanced Encryption Standard. B: Serpent was a finalist; however, Rijndael was selected by NIST for the new Advanced Encryption Standard. C: RC6 was a finalist; however, Rijndael was selected by NIST for the new Advanced Encryption Standard. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 809 QUESTION 338 Compared to RSA, which of the following is true of Elliptic Curve Cryptography (ECC)? A. B. C. D.

It has been mathematically proved to be more secure. It has been mathematically proved to be less secure. It is believed to require longer key for equivalent security. It is believed to require shorter keys for equivalent security.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: CISSP

Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. ECC is more efficient than RSA and any other asymmetric algorithm. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. Incorrect Answers: A: ECC is not more secure than RSA; it just requires a shorter key length to provide equivalent security. B: ECC is not less secure than RSA; it just requires a shorter key length to provide equivalent security. C: ECC requires a shorter key length to provide equivalent security. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 818-819 QUESTION 339 Which of the following algorithms does NOT provide hashing? A. B. C. D.

SHA-1 MD2 RC4 MD5

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: RC4 is a stream cipher; it does not provide hashing. RC4 is one of the most commonly implemented stream ciphers. It has a variable key size, is used in the SSL protocol, and was (improperly) implemented in the 802.11 WEP protocol standard. RC4 was developed in 1987 by Ron Rivest and was considered a trade secret of RSA Data Security, Inc., until someone posted the source code on a mailing list. Since the source code was released nefariously, the stolen algorithm is sometimes implemented and referred to as ArcFour or ARC4 because the title RC4 is trademarked. The algorithm is very simple, fast, and efficient, which is why it became so popular. But because it has a low diffusion rate, it is subject to modification attacks. This is one reason that the new wireless security standard (IEEE 802.11i) moved from the RC4 algorithm to the AES algorithm. Incorrect Answers: A: SHA (Secure Hash Algorithm) produces a 160-bit hash value, or message digest. SHA was improved upon and renamed SHA-1. B: MD2 (Message Digest 2) is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest value. D: MD5 (Message Digest 5) was also created by Ron Rivest and is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which makes it harder to break. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810 QUESTION 340 Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation in IPSec?

CISSP

A. B. C. D.

Authentication Header (AH) Encapsulating Security Payload (ESP) Secure Sockets Layer (SSL) Secure Shell (SSH-2)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: IPSec is a standard that provides encryption, access control, non-repudiation, and authentication of messages over an IP. The two main protocols of IPSec are the Authentication Header (AH) and the Encapsulating Security Payload (ESP.) The AH provides integrity, authentication, and non-repudiation. An ESP primarily provides encryption, but it can also provide limited authentication. Incorrect Answers: B: ESP provides encryption; it does not provide integrity, authentication or non-repudiation. C: Secure Sockets Layer (SSL) is not part of IPSec. D: Secure Shell (SSH-2) is not part of IPSec. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 161 QUESTION 341 Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. B. C. D.

Secure Electronic Transaction (SET) MONDEX Secure Shell (SSH-2) Secure Hypertext Transfer Protocol (S-HTTP)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method. SET is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet. The following entities would be involved with a SET transaction, which would require each of them to upgrade their software, and possibly their hardware: Issuer (cardholder’s bank) The financial institution that provides a credit card to the individual. Cardholder The individual authorized to use a credit card. Merchant The entity providing goods. Acquirer (merchant’s bank) The financial institution that processes payment cards. Payment gateway This processes the merchant payment. It may be an acquirer. Incorrect Answers: B: MONDEX is a payment system that uses currency stored on smart cards. This is not what is described in the CISSP

question. C: Secure Shell (SSH-2) was not developed to send encrypted credit card numbers over the Internet. D: Secure Hypertext Transfer Protocol (S-HTTP) is an early standard for encrypting HTTP documents. S-HTTP was overtaken by SSL. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 856 QUESTION 342 Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? A. B. C. D.

known plaintext brute force ciphertext only chosen plaintext

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at “cracking” the cipher is also known as an attack. The following are example of some common attacks: Brute Force. Trying every possible combination of key patterns — the longer the key length, the more difficult it is to find the key with this method Known Plaintext. The attacker has a copy of the plaintext corresponding to the ciphertext Chosen Plaintext. Chosen plaintext is encrypted and the output ciphertext is obtained Ciphertext Only. Only the ciphertext is available Incorrect Answers: B: A Brute Force attack involves trying every possible combination of key patterns. This is not what is described in the question. C: With a Ciphertext Only attack, only the ciphertext is available. The plaintext is not available. D: In a Chosen Plaintext attack, chosen plaintext is encrypted and the output ciphertext is obtained. This is not what is described in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 154 QUESTION 343 Which of the following is NOT a true statement regarding the implementation of the 3DES modes? A. B. C. D.

DES-EEE1 uses one key DES-EEE2 uses two keys DES-EEE3 uses three keys DES-EDE2 uses two keys

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference:

CISSP

Explanation: It is not true that DES-EEE1 uses one key. 3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out: DES-EEE3 uses three different keys for encryption, and the data are encrypted, encrypted, encrypted. DES-EDE3 uses three different keys for encryption, and the data are encrypted, decrypted, encrypted. DES-EEE2 is the same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key. DES-EDE2 is the same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key. Incorrect Answers: B: It is true that DES-EEE2 uses two keys. C: It is true that DES-EEE3 uses three keys. D: It is true that DES-EDE2 uses two keys. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 808 QUESTION 344 Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography. A. B. C. D.

RSA PKI Diffie_Hellmann 3DES

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Diffie–Hellman key exchange (D–H) is a specific method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle. D–H is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. Incorrect Answers: A: RSA is not the key agreement protocol described in the question. B: PKI is not the key agreement protocol described in the question. D: 3DES is not the key agreement protocol described in the question. References: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange QUESTION 345 Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks

CISSP

C. Enigma D. SIGABA Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Julius Caesar (100–44 B.C.) developed a simple method of shifting letters of the alphabet. He simply shifted the alphabet by three positions. Today, this technique seems too simplistic to be effective, but in the time of Julius Caesar, not very many people could read in the first place, so it provided a high level of protection. The Caesar cipher is an example of a monoalphabetic cipher. Once more people could read and reverse-engineer this type of encryption process, the cryptographers of that day increased the complexity by creating polyalphabetic ciphers. In the 16th century in France, Blaise de Vigenere developed a polyalphabetic substitution cipher for Henry III. This was based on the Caesar cipher, but it increased the difficulty of the encryption and decryption process Incorrect Answers: B: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not the Jefferson disks. C: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not Enigma. D: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not SIGABA. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 761-762 QUESTION 346 In a known plaintext attack, the cryptanalyst has knowledge of which of the following? A. B. C. D.

the ciphertext and the key the plaintext and the secret key both the plaintext and the associated ciphertext of several messages the plaintext and the algorithm

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at “cracking” the cipher is also known as an attack. In a Known Plaintext attack, the attacker has both the plaintext and the associated ciphertext of several messages. Incorrect Answers: A: In a known plaintext attack, the attacker does not have the key. B: In a known plaintext attack, the attacker does not have the secret key. D: In a known plaintext attack, the attacker does not have the algorithm. Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 154 QUESTION 347 What is the length of an MD5 message digest?

CISSP

A. B. C. D.

128 bits 160 bits 256 bits varies depending upon the message size.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: MD5 is a message digest algorithm that was developed by Ronald Rivest in 1991. MD5 takes a message of an arbitrary length and generates a 128-bit message digest. In MD5, the message is processed in 512-bit blocks in four distinct rounds. Incorrect Answers: B: MD5 generates a 128-bit message digest, not 160-bit. C: MD5 generates a 128-bit message digest, not 256-bit. D: MD5 generates a 128-bit message digest regardless of the message size. Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 153 QUESTION 348 The Secure Hash Algorithm (SHA-1) creates: A. B. C. D.

a fixed length message digest from a fixed length input message. a variable length message digest from a variable length input message. a fixed length message digest from a variable length input message. a variable length message digest from a fixed length input message.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: SHA-1 was designed by NSA and published by NIST to be used with the Digital Signature Standard (DSS). The Secure Hash Algorithm (SHA-1) computes a fixed length message digest from a variable length input message. This message digest is then processed by the DSA to either generate or verify the signature. SHA-1 produces a message digest of 160 bits when any message less than 264 bits is used as an input. SHA-1 has the following properties: It is computationally infeasible to find a message that corresponds to a given message digest. It is computationally infeasible to find two different messages that produce the same message digest. For SHA-1, the length of the message is the number of bits in a message. Padding bits are added to the message to make the total length of the message, including padding, a multiple of 512. Incorrect Answers: A: SHA-1 creates a fixed length message digest from a variable length input message, not from a fixed length input message. B: SHA-1 creates a fixed length message digest, not a variable length message digest. D: SHA-1 creates a fixed length message digest, not a variable length message digest. The fixed length message digest is created from a variable length input message, not from a fixed length input message. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 152 CISSP

QUESTION 349 The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. B. C. D.

Geometry 16-round ciphers PI (3.14159...) Two large prime numbers

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: RSA is derived from the last names of its inventors, Rivest, Shamir, and Addleman. This algorithm is based on the difficulty of factoring a number, N, which is the product of two large prime numbers. These numbers may be 200 digits each. Thus, the difficulty in obtaining the private key from the public key is a hard, one-way function that is equivalent to the difficulty of finding the prime factors of N. In RSA, public and private keys are generated as follows: Choose two large prime numbers, p and q, of equal length, compute p3q 5 n, which is the public modulus. Choose a random public key, e, so that e and (p – 1)(q – 1) are relatively prime. Compute e x d = 1 mod (p – 1)(q – 1), where d is the private key. Thus, d = e–1 mod [(p – 1)(q – 1)] From these calculations, (d, n) is the private key and (e, n) is the public key. Incorrect Answers: A: The RSA Algorithm does not use Geometry as the basis of its encryption. B: The RSA Algorithm does not use 16-round ciphers as the basis of its encryption. C: The RSA Algorithm does not use PI as the basis of its encryption. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 148 QUESTION 350 The Clipper Chip utilizes which concept in public key cryptography? A. B. C. D.

Substitution Key Escrow An undefined algorithm Super strong encryption

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device, with a built-in backdoor, intended to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct. The Clipper chip used a data encryption algorithm called Skipjack to transmit information and the Diffie-Hellman key exchange-algorithm to distribute the cryptokeys between the peers. At the heart of the concept was key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a cryptographic key, that would then be provided to the government in escrow. If government agencies "established their authority" to listen to a communication, then the key would be given to CISSP

those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed Electronic Frontier Foundation preferred the term "key surrender" to emphasize what they alleged was really occurring. Incorrect Answers: A: Substitution is not the concept used by the Clipper Chip. C: Clipper chip does not use an undefined algorithm although the Skipjack algorithm was initially classed as ‘Secret’ by the NSA. D: The Clipper chip does not use ‘Super Strong’ encryption. The encryption key was 80-bit. References: https://en.wikipedia.org/wiki/Clipper_chip QUESTION 351 Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. B. C. D.

S/MIME and SSH TLS and SSL IPsec and L2TP PKCS#10 and X.509

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Layer 2 Tunneling Protocol (L2TP) is a combination of PPTP and the earlier Layer 2 Forwarding Protocol (L2F) that works at the Data Link Layer like PPTP. It has become an accepted tunneling standard for VPNs. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels. IPSec has the functionality to encrypt and authenticate IP data. It is built into the new IPv6 standard, and is used as an add-on to the current IPv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on networkto-network connectivity. Incorrect Answers: A: S/MIME and SSH run in the application layer (layer 7) of the OSI model. This is the highest level, not a lower level. B: TLS runs in layer 6 of the OSI model and SSL runs in layer 4. L2TP and IPSEC run in layers 2 and 3 respectively. D: PKCS#10 and X.509 alone do not provide VPN connections; they are used by other protocols. QUESTION 352 What is the role of IKE within the IPsec protocol? A. B. C. D.

peer authentication and key exchange data encryption data signature enforcing quality of service

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The main protocols that make up the IPSec suite and their basic functionality are as follows: Authentication Header (AH) provides data integrity, data origin authentication, and protection from replay CISSP

attacks. Encapsulating Security Payload (ESP) provides confidentiality, data-origin authentication, and data integrity. Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP Incorrect Answers: B: The IPsec protocol uses Encapsulating Security Payload (ESP) for encryption, not IKE. C: The IPSec protocol uses data signatures to provide data integrity. IKE is not used for signing the data packets. D: The IPsec protocol does not enforce quality of service. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 705 QUESTION 353 In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. B. C. D.

Pre Initialization Phase Phase 1 Phase 2 No peer authentication is performed

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: When two computers (peers) use IPsec to communicate, they create two kinds of security associations. In the first, called main mode or phase one, the peers mutually authenticate themselves to each other, thus establishing trust between the computers. In the second, called quick mode or phase two, the peers will negotiate the particulars of the security association, including how they will digitally sign and encrypt traffic between them. Incorrect Answers: A: The phase in which peer authentication is performed is not known as the Pre Initialization Phase. C: Peer authentication is performed in phase 1, not phase 2. D: It is not true that no peer authentication is performed. References: https://technet.microsoft.com/en-us/library/cc512617.aspx QUESTION 354 What is NOT an authentication method within IKE and IPsec? A. B. C. D.

CHAP Pre shared key certificate based authentication Public key authentication

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: CHAP (Challenge Handshake Authentication Protocol) is not used within IKE and IPSec. CISSP

Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS and a Diffie–Hellman key exchange - to set up a shared session secret from which cryptographic keys are derived. IKE phase one's purpose is to establish a secure authenticated communication channel by using the Diffie– Hellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption. Incorrect Answers: B: Pre-shared key is an authentication method that can be used within IKE and IPsec. C: Certificate-based authentication is an authentication method that can be used within IKE and IPsec. D: Public key authentication is an authentication method that can be used within IKE and IPsec. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange QUESTION 355 What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. B. C. D.

Pre shared key authentication is normally based on simple passwords Needs a Public Key Infrastructure (PKI) to work IKE is used to setup Security Associations IKE builds upon the Oakley protocol and the ISAKMP protocol.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A pre-shared key is simply a string of characters known to both parties. When configuring a VPN using IPSec with pre-shared keys for authentication, the pre-shared key is entered into the configuration of the VPN device at each end of the VPN. IKE can use certificate-based authentication using certificates from a PKI or it can use pre-shared keys. When using pre-shared keys, you do not need a PKI. Incorrect Answers: A: It is true that pre-shared key authentication is normally based on simple passwords. C: It is true that IKE is used to setup Security Associations. D: It is true that IKE builds upon the Oakley protocol and the ISAKMP protocol. References: https://en.wikipedia.org/wiki/Internet_Key_Exchange QUESTION 356 In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. B. C. D.

Subordinate CA Top Level CA Big CA Master CA

Correct Answer: B Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard. Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). The certificate authority (CA) is the entity that issues the certificates. CA’s are often organized into hierarchies with the root CA at the top of the hierarchy and intermediate or subordinate CA’s below the root. As the root CA is ‘top of the tree’, it is often referred to as the Top-Level CA. Incorrect Answers: A: A Subordinate CA is below the root or top-level CA. C: A Root CA is not known as a Big CA. D: A Root CA is not known as a Master CA. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 833 QUESTION 357 What is the primary role of cross certification? A. B. C. D.

Creating trust between different PKIs Build an overall PKI hierarchy set up direct trust to a second root CA Prevent the nullification of user certificates by CA certificate revocation

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trust each other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each other’s digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa. Incorrect Answers: B: Building an overall PKI hierarchy is not the primary purpose of cross certification. Cross certification is used to create a trust between different PKIs or PKI hierarchies. C: Cross certification does not set up a direct trust to a second root CA; it creates trusts between two PKIs (this includes all CA’s in each hierarchy). D: Preventing the nullification of user certificates by CA certificate revocation is not the purpose of cross certification. Certificate revocation should nullify user certificates or at least render them untrusted. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 835 QUESTION 358 What kind of encryption is realized in the S/MIME-standard?

CISSP

A. B. C. D.

Asymmetric encryption scheme Password based encryption scheme Public key based, hybrid encryption scheme Elliptic curve based encryption

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests. A user that sends a message with confidential information can keep the contents private while it travels to its destination by using message encryption. For message encryption, a symmetric algorithm (DES, 3DES, or in older implementations RC2) is used to encrypt the message data. The key used for this process is a one-time bulk key generated at the email client. The recipient of the encrypted message needs the same symmetric key to decrypt the data, so the key needs to be communicated to the recipient in a secure manner. To accomplish that, an asymmetric key algorithm (RSA or Diffie-Hellman) is used to encrypt and securely exchange the symmetric key. The key used for this part of the message encryption process is the recipient’s public key. When the recipient receives the encrypted message, he will use his private key to decrypt the symmetric key, which in turn is used to decrypt the message data. As you can see, this type of message encryption uses a hybrid system, which means it uses both symmetric and asymmetric algorithms. The reason for not using the public key system to encrypt the data directly is that it requires a lot of CPU resources; symmetric encryption is much faster than asymmetric encryption. Only the content of a message is encrypted; the header of the message is not encrypted so mail gateways can read addressing information and forward the message accordingly. Incorrect Answers: A: The S/MIME-standard does not use asymmetric encryption to encrypt the message; for message encryption, a symmetric algorithm is used. Asymmetric encryption is used to encrypt the symmetric key. B: The S/MIME-standard does not use a password based encryption scheme. D: The S/MIME-standard does not use Elliptic curve based encryption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 850 http://www.techexams.net/technotes/securityplus/emailsecurity.shtml QUESTION 359 What is the main problem of the renewal of a root CA certificate? A. B. C. D.

It requires key recovery of all end user keys It requires the authentic distribution of the new root CA certificate to all PKI participants It requires the collection of the old root CA certificates from all the users It requires issuance of the new root CA certificate

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Every entity (user, computer, application, network device) that has a certificate from a PKI trusts other entities with certificates issued by the same PKI because they all trust the root Certificate Authority (CA). This trust is CISSP

ensured because every entity has a copy of the root CA’s public certificate. If you want to change or renew the root CA certificate, to maintain the trust, the new certificate must be distributed to every entity that has a certificate from the PKI. Incorrect Answers: A: Renewing a root CA certificate does not require key recovery of all end user keys. C: Renewing a root CA certificate does not require the collection of the old root CA certificates from all the users; the root certificates will just be invalid because they will be out-of-date. D: Issuance of the new root CA certificate is not a problem; it is not a difficult procedure. The distribution of the certificate to all PKI participants is more of a challenge. QUESTION 360 Critical areas should be lighted: A. B. C. D.

Eight feet high and two feet out. Eight feet high and four feet out. Ten feet high and four feet out. Ten feet high and six feet out.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Critical areas should be lighted eight feet high and two feet out. The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light. Incorrect Answers: A: Critical areas should be lighted eight feet high and two feet out, not eight feet high and four feet out. Therefore, this answer is incorrect. B: Critical areas should be lighted eight feet high and two feet out, not ten feet high and four feet out. Therefore, this answer is incorrect. D: Critical areas should be lighted eight feet high and two feet out, not ten feet high and six feet out. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1365 QUESTION 361 What attribute is included in a X.509-certificate? A. B. C. D.

Distinguished name of the subject Telephone number of the department secret key of the issuing CA the key pair of the certificate holder

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes: Version – which X.509 version applies to the certificate (which indicates what data the certificate must CISSP

include) Serial number – the identity creating the certificate must assign it a serial number that distinguishes it from other certificates Algorithm information – the algorithm used by the issuer to sign the certificate Issuer distinguished name – the name of the entity issuing the certificate Validity period of the certificate – start/end date and time Subject distinguished name – the name of the identity the certificate is issued to Subject public key information – the public key associated with the identity Extensions (optional) Incorrect Answers: B: The telephone number of the department is not included in an X509 certificate. C: The secret key of the issuing CA is not included in an X509 certificate. The secret key is the private key which is never distributed. D: The key pair of the certificate holder is not included in an X509 certificate. A key pair includes a private key which is kept private. References: http://searchsecurity.techtarget.com/definition/X509-certificate QUESTION 362 Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? A. B. C. D.

PKCS #17799 PKCS-RSA PKCS#1 PKCS#11

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations. Incorrect Answers: A: PKCS #17799 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. B: PKCS-RSA is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. D: PKCS#11 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA. References: https://en.wikipedia.org/wiki/PKCS_1 QUESTION 363 The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. B. C. D.

Critical-channel analysis Covert channel analysis Critical-path analysis Critical-conduit analysis

CISSP

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The value of items to be protected can be determined by a critical-path analysis. The critical-path analysis lists all pieces of an environment and how they interact. Incorrect Answers: A: Critical-channel analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect. B: A covert channel is a way for an entity to receive information in an unauthorized manner. Covert channel analysis is used to determine where covert channels exist. This is not the analysis described in the question. Therefore, this answer is incorrect. D: Critical-conduit analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect. QUESTION 364 The DES algorithm is an example of what type of cryptography? A. B. C. D.

Secret Key Two-key Asymmetric Key Public Key

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: DES is a symmetric algorithm. This means that the same key is used for encryption and decryption. This is also a definition for Secret Key cryptography. Incorrect Answers: B: This is not a valid cryptography term. C: DES is a symmetric algorithm, and can therefore not be an example of Asymmetric Key cryptography. D: Public Key cryptography makes use of asymmetric key algorithms, whereas DES is a symmetric algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 801, 831 QUESTION 365 Which of the following encryption methods is known to be unbreakable? A. B. C. D.

Symmetric ciphers. DES codebooks. One-time pads. Elliptic Curve Cryptography.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference:

CISSP

Explanation: The one-time pad encryption scheme is considered unbreakable only if: The pad is used only one time. The pad is as long as the message. The pad is securely distributed and protected at its destination. The pad is made up of truly random values. Incorrect Answers: A, B: Symmetric ciphers and DES electronic code books are part of symmetric encryption, which are susceptible to brute force and cryptanalysis attacks. D: Elliptic curve cryptography is not known to be unbreakable, as it is susceptible to a modified Shor's algorithm for solving the discrete logarithm problem on elliptic curves. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 771-773 http://www.encryptionanddecryption.com/encryption/symmetric_encryption.html https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#Security QUESTION 366 Which of the following offers confidentiality to an e-mail message? A. B. C. D.

The sender encrypting it with its private key. The sender encrypting it with its public key. The sender encrypting it with the receiver's public key. The sender encrypting it with the receiver's private key.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Public-key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality. Incorrect Answers: A: The sender must use the receiver's key. B: The sender must use the receiver's key. D: The receiver's public key, not the private key, must be used. References: https://en.wikipedia.org/wiki/Public-key_cryptography QUESTION 367 What kind of encryption is realized in the S/MIME-standard? A. B. C. D.

Asymmetric encryption scheme Password based encryption scheme Public key based, hybrid encryption scheme Elliptic curve based encryption

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: CISSP

S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME uses a hybrid message encryption system, which means it uses both symmetric and asymmetric algorithms. Incorrect Answers: A: S/MIME can use both asymmetric and symmetric encryption schemes. B: S/MIME uses a Public key based encryption scheme, not a password based encryption scheme. D: S/MIME does not use Elliptic curve based encryption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 850 QUESTION 368 Which of the following Kerberos components holds all users' and services' cryptographic keys? A. B. C. D.

The Key Distribution Service The Authentication Service The Key Distribution Center The Key Granting Service

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The Key Distribution Center (KDC) is the most important component within a Kerberos environment as it holds all users’ and services’ secret keys. Incorrect Answers: A: Key Distribution Service is not a valid Kerberos term. B: The authentication service is a part of the KDC that authenticates a principal. It does not hold all users' and services' cryptographic keys D: Key Granting Service is not a valid Kerberos term. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213 QUESTION 369 There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. B. C. D.

public keys private keys public-key certificates private-key certificates

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Public Key describes a system that uses certificates or the underlying public key cryptography on which the system is based. In the traditional public key model, clients are issued credentials or "certificates" by a Certificate Authority (CA). The CA is a trusted third party. Public key certificates contain the user's name, the expiration date of the certificate etc. The most common certificate format is X.509. Public key credentials in the form of certificates and public-private key pairs can provide a strong distributed authentication system. CISSP

The Kerberos and public key trust models are very similar. A Kerberos ticket is analogous to a public key certificate (a Kerberos ticket is supplied to provide access to resources). However, Kerberos tickets usually have lifetimes measured in days or hours rather than months or years. Incorrect Answers: A: Kerberos tickets do not actually contain public keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs. B: Kerberos tickets do not contain private keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs. D: Private-key certificates are always kept by the authentication provider; they are never distributed to subjects that require access to resources. The public key is given to the subject to provide access to a resource in a similar way to a Kerberos ticket. References: Tipton, Harold F. and Micki Krause, Information Security Management Handbook, 5th Edition, Auerbach Publications, Boca Raton, 2006, p. 1438 QUESTION 370 Kerberos depends upon what encryption method? A. B. C. D.

Public Key cryptography. Secret Key cryptography. El Gamal cryptography. Blowfish cryptography.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Kerberos makes use of symmetric key cryptography and offers end-to-end security. The majority Kerberos implementations works with shared secret keys. Incorrect Answers: A: Kerberos makes use of symmetric key cryptography, which does not include the use of public keys. C: El Gamal is a public key algorithm. D: Blowfish cryptography is a symmetric-key block cipher that is unpatented, and has a weak class of keys. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 782, 818 https://en.wikipedia.org/wiki/Kerberos_(protocol) http://en.wikipedia.org/wiki/Blowfish_(cipher) http://en.wikipedia.org/wiki/El_Gamal http://www.mrp3com/encrypt.html QUESTION 371 Which of the following is TRUE about digital certificate? A. B. C. D.

It is the same as digital signature proving Integrity and Authenticity of the data Electronic credential proving that the person the certificate was issued to is who they claim to be You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. Can't contain geography data such as country for example.

Correct Answer: B Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). When the CA signs the certificate, it binds the individual’s identity to the public key, and the CA takes liability for the authenticity of that individual. It is this trusted third party (the CA) that allows people who have never met to authenticate to each other and to communicate in a secure method. If Kevin has never met Dave but would like to communicate securely with him, and they both trust the same CA, then Kevin could retrieve Dave’s digital certificate and start the process. Incorrect Answers: A: A digital certificate is not the same as a digital signature proving Integrity and Authenticity of the data. A digital certificate binds a key to an identity. C: It is not true that you can only get a digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user; you can get a digital certificate from any CA. The CA needs to be trusted however for the certificate to be effective. The CA can be one of many ‘public’ CAs or it can be part of a private PKI. D: A digital certificate can contain geography data such as country for example. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 834 QUESTION 372 What kind of encryption technology does SSL utilize? A. B. C. D.

Secret or Symmetric key Hybrid (both Symmetric and Asymmetric) Public Key Private Key

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: SSL uses asymmetric encryption to securely share a key. That key is then used for symmetric encryption to encrypt the data. IPsec and SSL use asymmetric encryption to establish the encryption protocol when the session starts and then to securely exchange a private key used during the session. This private key is similar to the single secret key used in symmetric encryption. Asymmetric encryption uses a key pair -- both a public and a private one -- for encryption. The sender uses the receiver's public key to encrypt the data and the receiver uses their private key to decrypt it. The transmission is secure because the recipient always has the private key in their possession and never exposes it by sending it over a public connection, such as the Internet. There is a catch to using asymmetric encryption. It runs about 1,000 times slower than symmetric encryption and eats up just as much processing power, straining already overburdened servers. That means asymmetric encryption is only used (by IPsec and SSL) to create an initial and secure encrypted connection to exchange a private key. Then, that key is used to create a shared secret, or session key, that is only good during the session when the two hosts are connected. Incorrect Answers: A: SSL uses both symmetric and asymmetric encryption, not just symmetric encryption. C: SSL does not use only public key encryption; shared key (symmetric) encryption is also used. D: SSL does not use private key encryption. Initially, encryption is performed using public keys and decryption is performed using private keys (asymmetric). Then both encryption and decryption are performed using a shared key (symmetric).

CISSP

References: http://searchsecurity.techtarget.com/answer/How-IPsec-and-SSL-TLS-use-symmetric-and-asymmetricencryption QUESTION 373 What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed. A. B. C. D.

One-way hash DES Transposition Substitution

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. These one-way hash functions have been called "the workhorses of modern cryptography". The input data is often called the message, and the hash value is often called the message digest or simply the digest. The ideal cryptographic hash function has four main properties: it is easy to compute the hash value for any given message it is infeasible to generate a message from its hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash. Most cryptographic hash functions are designed to take a string of any length as input and produce a fixedlength hash value. Incorrect Answers: B: Data Encryption Standard (DES) is a symmetric block cipher. Data encrypted using DES can be decrypted using the symmetric key. C: A transposition cipher does not replace the original text with different text, but rather moves the original values around. This encryption can be reversed and does not produce a fixed length output. D: A substitution cipher replaces bits, characters, or blocks of characters with different bits, characters, or blocks. This encryption can be reversed and does not produce a fixed length output. References: https://en.wikipedia.org/wiki/Cryptographic_hash_function QUESTION 374 Which of the following is NOT an asymmetric key algorithm? A. B. C. D.

RSA Elliptic Curve Cryptosystem (ECC) El Gamal Data Encryption Standard (DES)

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Data Encryption Standard (DES) is not an asymmetric key algorithm; it’s a symmetric key algorithm. CISSP

DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity. When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution functions depend on the value of the key used with the algorithm. The result is 64-bit blocks of ciphertext. Incorrect Answers: A: RSA is an asymmetric key algorithm. B: Elliptic Curve Cryptosystem (ECC) is an asymmetric key algorithm. C: El Gamal is an asymmetric key algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 801 QUESTION 375 Which of the following is NOT a symmetric key algorithm? A. B. C. D.

Blowfish Digital Signature Standard (DSS) Triple DES (3DES) RC5

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Digital Signature Standard (DSS) is not a symmetric key algorithm; it is an asymmetric key algorithm. Because digital signatures are so important in proving who sent which messages, the U.S. government decided to establish standards pertaining to their functions and acceptable use. In 1991, NIST proposed a federal standard called the Digital Signature Standard (DSS). It was developed for federal departments and agencies, but most vendors also designed their products to meet these specifications. The federal government requires its departments to use DSA, RSA, or the elliptic curve digital signature algorithm (ECDSA) and SHA. SHA creates a 160-bit message digest output, which is then inputted into one of the three mentioned digital signature algorithms. SHA is used to ensure the integrity of the message, and the other algorithms are used to digitally sign the message. This is an example of how two different algorithms are combined to provide the right combination of security services. RSA and DSA are the best known and most widely used digital signature algorithms. DSA was developed by the NSA. Unlike RSA, DSA can be used only for digital signatures, and DSA is slower than RSA in signature verification. RSA can be used for digital signatures, encryption, and secure distribution of symmetric keys. Incorrect Answers: A: Blowfish is a block symmetric cipher that uses 64-bit block sizes and variable-length keys. C: Triple DES is a symmetric cipher that applies DES three times to each block of data during the encryption process. D: RC5 is a block symmetric cipher that uses variable block sizes (32, 64, 128) and variable-length key sizes (0–2040). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 832 QUESTION 376 Which of the following asymmetric encryption algorithms is based on the difficulty of factoring LARGE numbers? A. El Gamal

CISSP

B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA) Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: RSA is derived from the last names of its inventors, Rivest, Shamir, and Addleman. This algorithm is based on the difficulty of factoring a number, N, which is the product of two large prime numbers. These numbers may be 200 digits each. Thus, the difficulty in obtaining the private key from the public key is a hard, one-way function that is equivalent to the difficulty of finding the prime factors of N. In RSA, public and private keys are generated as follows: Choose two large prime numbers, p and q, of equal length, compute p3q 5 n, which is the public modulus. Choose a random public key, e, so that e and (p – 1)(q – 1) are relatively prime. Compute e x d = 1 mod (p – 1)(q – 1), where d is the private key. Thus, d = e–1 mod [(p – 1)(q – 1)] From these calculations, (d, n) is the private key and (e, n) is the public key. Incorrect Answers: A: El Gamal is based not on the difficulty of factoring large numbers but on calculating discrete logarithms in a finite field. B: Elliptic Curve Cryptosystems (ECCs) are not based on the difficulty of factoring large numbers. D: International Data Encryption Algorithm (IDEA) is not based on the difficulty of factoring large numbers. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 148 QUESTION 377 The Diffie-Hellman algorithm is primarily used to provide which of the following? A. B. C. D.

Confidentiality Key Agreement Integrity Non-repudiation

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Diffie–Hellman key exchange (D–H) is a specific method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle. D–H is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. Incorrect Answers: A: The Diffie-Hellman algorithm is not primarily used to provide confidentiality. C: The Diffie-Hellman algorithm is not primarily used to provide integrity.

CISSP

D: The Diffie-Hellman algorithm is not primarily used to provide non-repudiation. References: https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange QUESTION 378 FIPS-140 is a standard for the security of which of the following? A. B. C. D.

Cryptographic service providers Smartcards Hardware and software cryptographic modules Hardware security modules

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The National Institute of Standards and Technology (NIST) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code. Incorrect Answers: A: FIPS-140 is not a standard for cryptographic service providers. B: FIPS-140 is not a standard for smartcards. D: FIPS-140 is not a standard for hardware security modules. References: https://en.wikipedia.org/wiki/FIPS_140 QUESTION 379 Which of the following can best define the "revocation request grace period"? A. B. C. D.

The period of time allotted within which the user must make a revocation request upon a revocation reason Minimum response time for performing a revocation by the CA Maximum response time for performing a revocation by the CA Time period between the arrival of a revocation request and the publication of the revocation information

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Occasionally, a certificate authority needs to revoke a certificate. This might occur for one of the following reasons: The certificate was compromised. The certificate was erroneously issued. The details of the certificate changed. The security association changed. The revocation request grace period is the maximum response time within which a CA will perform any requested revocation. This is defined in the certificate practice statement (CPS). The CPS states the practices CISSP

a CA employs when issuing or managing certificates. Incorrect Answers: A: The revocation request grace period is not the period of time allotted within which the user must make a revocation request upon a revocation reason. B: The revocation request grace period is the maximum response time, not the minimum response time within which a CA will perform any requested revocation. D: The revocation request grace period is not the period of time between the arrival of a revocation request and the publication of the revocation information. Publication of a certificate revocation list does not always happen as soon as a certificate has been revoked. QUESTION 380 Which is NOT a suitable method for distributing certificate revocation information? A. B. C. D.

CA revocation mailing list Delta CRL OCSP (online certificate status protocol) Distribution point CRL

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A CA revocation mailing list is NOT a suitable method for distributing certificate revocation information. There are several mechanisms to represent revocation information; RFC 2459 defines one such method. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a time stamped list identifying revoked certificates, which is signed by a CA and made freely available in a public repository. There are several types of CRLs: full CRLs (also known as base CRLs), delta CRLs, and CRL Distribution Points (CDPs). Full CRLs contain the status of all certificates. Delta CRLs contain only the status of all certificates that have changed status between the issuance the last Base CRL. CRL Distribution Point (CDP) is a certificate extension that indicates where the certificate revocation list for a CA can be retrieved. This extension can contain multiple HTTP, FTP, File or LDAP URLs for the retrieval of the CRL. Online Certificate Status Protocol (OCSP) is a protocol that allows real-time validation of a certificate's status by having the CryptoAPI make a call to an OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate. Typically, the OCSP responder uses CRLs for retrieving certificate status information. Incorrect Answers: B: A Delta CRL is a suitable method for distributing certificate revocation information. C: OCSP (online certificate status protocol) is a suitable method for distributing certificate revocation information. D: Distribution point CRL is a suitable method for distributing certificate revocation information. References: https://technet.microsoft.com/en-us/library/cc700843.aspx QUESTION 381 Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. B. C. D.

ECC (Elliptic Curve Cryptosystem) RSA SHA RC4

CISSP

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. ECC is more efficient than RSA and any other asymmetric algorithm. Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device. Incorrect Answers: B: RSA is less efficient than ECC which makes RSA less suited for communication with handheld wireless devices. C: SHA is a hashing algorithm; it is not an encryption algorithm suited for communication with handheld wireless devices. D: RC4 is a symmetric algorithm whereas ECC is asymmetric which makes ECC more suited for communication with handheld wireless devices. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 818-819 QUESTION 382 Which of the following keys has the SHORTEST lifespan? A. B. C. D.

Secret key Public key Session key Private key

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A session key is a single-use symmetric key that is used to encrypt messages between two users during a single communication session. If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this symmetric key would not be regenerated or changed. They would use the same key every time they communicated using encryption. However, using the same key repeatedly increases the chances of the key being captured and the secure communication being compromised. If, on the other hand, a new symmetric key were generated each time Lance and Tanya wanted to communicate, it would be used only during their one dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created and shared. A session key provides more protection than static symmetric keys because it is valid for only one session between two computers. If an attacker were able to capture the session key, she would have a very small window of time to use it to try to decrypt messages being passed back and forth. Incorrect Answers: A: A secret key is static in nature. It has no fixed lifespan and is used until someone decides to change the key. Session keys are used for single communication sessions so they have a much shorter lifespan. CISSP

B: A public key is issued by a CA and typically has a lifespan of one or two years. Session keys are used for single communication sessions so they have a much shorter lifespan. D: A private key is issued by a CA and typically has a lifespan of one or two years. Session keys are used for single communication sessions so they have a much shorter lifespan. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 798-799 QUESTION 383 What is the RESULT of a hash algorithm being applied to a message? A. B. C. D.

A digital signature A ciphertext A message digest A plaintext

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. The input data is often called the message, and the hash value is often called the message digest or simply the digest. Incorrect Answers: A: To create a digital signature, a message digest is calculated (by the hash algorithm being applied to the message) then it is encrypted with the sender’s private key. However, the digital signature is not the direct output of the hash algorithm being applied to the message. B: A ciphertext is the output of an encryption algorithm, not a hash algorithm being applied to data. D: A plaintext is the message ‘before’ the hash algorithm is applied to the message; it is the input to the hash algorithm, not the output. References: https://en.wikipedia.org/wiki/Cryptographic_hash_function Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 151 QUESTION 384 Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. B. C. D.

Message non-repudiation. Message confidentiality. Message interleave checking. Message integrity.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols designed to provide communications security over a computer network.

CISSP

The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission. A message authentication code (MAC) is a short piece of information used to authenticate a message—in other words, to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message's origin. A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash function is only one of the possible ways to generate MACs), accepts as input a secret key and an arbitrarylength message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. Incorrect Answers: A: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message nonrepudiation. B: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message confidentiality; it uses symmetric cryptography for that. C: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message interleave checking. References: https://en.wikipedia.org/wiki/Transport_Layer_Security https://en.wikipedia.org/wiki/Message_authentication_code QUESTION 385 Which of the following services is NOT provided by the digital signature standard (DSS)? A. B. C. D.

Encryption Integrity Digital signature Authentication

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Digital signatures do not provide encryption. The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. Incorrect Answers: B: Digital signatures do provide integrity. C: The digital signature standard (DSS) as its name suggests is all about digital signatures. D: Digital signatures do provide authentication. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 151 QUESTION 386 What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? CISSP

A. B. C. D.

Key collision Key clustering Hashing Ciphertext collision

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: In cryptography, key clustering is said to occur when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext, irrespective of the key length. Incorrect Answers: A: Key collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext. C: Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. This is not what is described in the question. D: Ciphertext collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext. References: https://en.wikipedia.org/wiki/Key_clustering QUESTION 387 Which of the following is TRUE about link encryption? A. B. C. D.

Each entity has a common key with the destination node. Encrypted messages are only decrypted by the final node. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. Only secure nodes are used in this type of transmission.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: With Link Encryption each entity has keys in common with its two neighboring nodes in the transmission chain. Thus, a node receives the encrypted message from its predecessor (the neighboring node), decrypts it, and then re-encrypts it with another key that is common to the successor node. Then, the encrypted message is sent on to the successor node where the process is repeated until the final destination is reached. Obviously, this mode does not provide protection if the nodes along the transmission path can be compromised. Incorrect Answers: A: It is not true that each entity has a common key with the destination node. Each entity has keys in common with only its two neighboring nodes. B: It is not true that encrypted messages are only decrypted by the final node. Every node in the chain (except the original sending node) decrypts the message. D: It is not true that only secure nodes are used in this type of transmission. The data is encrypted for security; the nodes themselves can be insecure. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 126 CISSP

QUESTION 388 What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. B. C. D.

Running key cipher One-time pad Steganography Cipher block chaining

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is kept completely secret, then the resulting ciphertext will be impossible to decrypt or break. However, practical problems have prevented one-time pads from being widely used. The "pad" part of the name comes from early implementations where the key material was distributed as a pad of paper, so that the top sheet could be easily torn off and destroyed after use. The one-time pad has serious drawbacks in practice because it requires: Truly random (as opposed to pseudorandom) one-time pad values, which is a non-trivial requirement. Secure generation and exchange of the one-time pad values, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad exchange). Careful treatment to make sure that it continues to remain secret, and is disposed of correctly preventing any reuse in whole or part—hence "one time". Because the pad, like all shared secrets, must be passed and kept secure, and the pad has to be at least as long as the message, there is often no point in using one-time padding, as one can simply send the plain text instead of the pad (as both can be the same size and have to be sent securely). Distributing very long one-time pad keys is inconvenient and usually poses a significant security risk. The pad is essentially the encryption key, but unlike keys for modern ciphers, it must be extremely long and is much too difficult for humans to remember. Storage media such as thumb drives, DVD-Rs or personal digital audio players can be used to carry a very large one-time-pad from place to place in a non-suspicious way, but even so the need to transport the pad physically is a burden compared to the key negotiation protocols of a modern public-key cryptosystem, and such media cannot reliably be erased securely by any means short of physical destruction (e.g., incineration). The key material must be securely disposed of after use, to ensure the key material is never reused and to protect the messages sent. Because the key material must be transported from one endpoint to another, and persist until the message is sent or received, it can be more vulnerable to forensic recovery than the transient plaintext it protects. Incorrect Answers: A: Running key cipher does not use a key of the same length as the message. C: Steganography is a method of hiding data in another media type so the very existence of the data is concealed. This is not what is described in the question. D: Cipher block chaining is an encryption method where each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next block of text. This is not what is described in the question. References: https://en.wikipedia.org/wiki/One-time_pad

CISSP

QUESTION 389 Guards are appropriate whenever the function required by the security program involves which of the following? A. B. C. D.

The use of discriminating judgment The use of physical force The operation of access control devices The need to detect unauthorized access

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Guards are appropriate whenever immediate discriminating judgement is required by the security entity. Guards are the oldest form of security surveillance. Guards still have a very important primary function in the physical security process, particularly in perimeter control. Because of a human's ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment, a guard can make determinations that hardware or automated security devices cannot make. Incorrect Answers: B: The use of physical force is not the most appropriate reason to use security guards. Therefore, this answer is incorrect. C: The operation of access control devices typically does not require the use of security guards. Most access control devices are automatic electrical and mechanical devices that unlock and lock doors as required. Therefore, this answer is incorrect. D: Security guards are not required to detect unauthorized access. There are many systems that can detect unauthorized access such as motion sensors etc. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 535 QUESTION 390 What is the maximum number of different keys that can be used when encrypting with Triple DES? A. B. C. D.

1 2 3 4

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Triple DES (3DES) can use a maximum of three keys. 3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out: DES-EEE3 Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted. DES-EDE3 Uses three different keys for encryption, and the data are encrypted, decrypted, encrypted. DES-EEE2 The same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key. DES-EDE2 The same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key. CISSP

Incorrect Answers: A: A maximum of 3, not 1 different keys can be used when encrypting with Triple DES. B: A maximum of 3, not 2 different keys can be used when encrypting with Triple DES. D: A maximum of 3, not 4 different keys can be used when encrypting with Triple DES. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 808 QUESTION 391 What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. B. C. D.

RC6 Twofish Rijndael Blowfish

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: After DES was used as an encryption standard for over 20 years and it was cracked in a relatively short time once the necessary technology was available, NIST decided a new standard, the Advanced Encryption Standard (AES), needed to be put into place. In January 1997, NIST announced its request for AES candidates and outlined the requirements in FIPS PUB 197. AES was to be a symmetric block cipher supporting key sizes of 128, 192, and 256 bits. The following five algorithms were the finalists: MARS Developed by the IBM team that created Lucifer RC6 Developed by RSA Laboratories Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen Twofish Developed by Counterpane Systems Rijndael Developed by Joan Daemen and Vincent Rijmen Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192, and 256 bits. Rijndael works well when implemented in software and hardware in a wide range of products and environments. It has low memory requirements and has been constructed to easily defend against timing attacks. Rijndael was NIST’s choice to replace DES. It is now the algorithm required to protect sensitive but unclassified U.S. government information. Incorrect Answers: A: RC6 was a finalist; however, Rijndael was selected by NIST as the AES algorithm. B: Twofish was a finalist; however, Rijndael was selected by NIST as the AES algorithm. B: Blowfish was not selected by NIST as the AES algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 809 QUESTION 392 Which of the following is a symmetric encryption algorithm? A. B. C. D.

RSA Elliptic Curve RC5 El Gamal

CISSP

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: RC5 is a symmetric-key block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code". The Advanced Encryption Standard (AES) candidate RC6 was based on RC5. RC5 has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255. Incorrect Answers: A: RSA is an asymmetric key algorithm. B: Elliptic Curve Cryptosystem (ECC) is an asymmetric key algorithm. D: El Gamal is an asymmetric key algorithm. References: https://en.wikipedia.org/wiki/RC5 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810 QUESTION 393 Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? A. B. C. D.

SSL or TLS 802.1X ARP Cache Security SSH - Secure Shell

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: SSL and TLS encrypt web application traffic to mitigate threats of sniffing attacks. The SSL protocol was developed by Netscape in 1994 to secure Internet client-server transactions. The SSL protocol authenticates the server to the client using public key cryptography and digital certificates. In addition, this protocol also provides for optional client to server authentication. It supports the use of RSA public key algorithms, IDEA, DES and 3DES private key algorithms, and the MD5 hash function. Web pages using the SSL protocol start with HTTPs. SSL 3.0 and its successor, the Transaction Layer Security (TLS) 1.0 protocol are defacto standards. TLS implements confidentiality, authentication, and integrity above the Transport Layer, and it resides between the application and TCP layer. Thus, TLS, as with SSL, can be used with applications such as Telnet, FTP, HTTP, and email protocols. Both SSL and TLS use certificates for public key verification that are based on the X.509 standard. Incorrect Answers: B: The 802.1X standard is a port-based network access control that ensures a user cannot make a full network connection until he is properly authenticated. 802.1X is not used to encrypt web application traffic. C: ARP Cache Security can prevent ARP Cache poisoning attacks. However, it is not used to encrypt web application traffic. D: SSH (Secure Shell) is a set of protocols that are primarily used for remote access over a network by establishing an encrypted tunnel between an SSH client and an SSH server. SSH is not used to encrypt web application traffic. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer CISSP

Security, John Wiley & Sons, New York, 2001, p. 160 QUESTION 394 What type of key would you find within a browser's list of trusted root CAs? A. B. C. D.

Private key Symmetric key Recovery key Public key

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company which charges customers to issue certificates for them. If you trust the Root CA, you’ll trust all certificates issued by the CA. All web browsers come with an extensive built-in list of trusted root certificates, many of which are controlled by organizations that may be unfamiliar to the user. The built-in list of trusted root certificates is a collection of Public Key certificates from the CAs. Incorrect Answers: A: The private key is always retained by the owner (in this case, a CA); it is never distributed. B: You would not find a symmetric key within a browser's list of trusted root CAs. C: You would not find a recovery key within a browser's list of trusted root CAs. References: https://en.wikipedia.org/wiki/Public_key_certificate QUESTION 395 Where in a PKI infrastructure is a list of revoked certificates stored? A. B. C. D.

CRL Registration Authority Recovery Agent Key escrow

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: In a Public Key Infrastructure (PKI), the revocation of a certificate is dealt with by the certificate authority (CA). The revoked certificate information is stored on a certificate revocation list (CRL). Incorrect Answers: B: The registration authority (RA) executes the certification registration tasks. It does not, however, store a list of revoked certificates. C: Key recovery agent is one of the intended purposes of digital certificates. It does not, however, store a list of revoked certificates. D: Key escrow is a process or entity that can recover lost or corrupted cryptographic keys. It does not, however, CISSP

store a list of revoked certificates. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 833-836, 843 Miller, David R, Microsoft CISSP Training Kit, O’Reilly Media, 2013, California, p. 217 QUESTION 396 The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? A. B. C. D.

K(N – 1)/ 2 N(K – 1)/ 2 K(N + 1)/ 2 N(N – 1)/ 2

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The equation employed to determine the required number of symmetric keys is N(N – 1)/2. Incorrect Answers: A, B, C: These equations are not valid for calculating the required number of symmetric keys. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 782 QUESTION 397 In which mode of DES, will a block of plaintext and a key always give the same ciphertext? A. B. C. D.

Electronic Code Book (ECB) Output Feedback (OFB) Counter Mode (CTR) Cipher Feedback (CFB)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Electronic Code Book (ECB) is the “native” mode of DES and is a block cipher. ECB is best suited for use with small amounts of data. It is usually applied to encrypt initialization vectors or encrypting keys. ECB is applied to 64-bit blocks of plaintext, and it produces corresponding 64-bit blocks of ciphertext. Electronic Code Book (ECB) mode operates like a code book. A 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced. For a given block of plaintext and a given key, the same block of ciphertext is always produced. Incorrect Answers: B: The DES Output Feedback Mode (OFB) is also a stream cipher that generates the ciphertext key by XORing the plaintext with a key stream. OFB mode is not the mode described in the question. C: Counter Mode (CTR) is very similar to OFB mode, but instead of using a randomly unique IV value to generate the keystream values, this mode uses an IV counter that increments for each plaintext block that needs to be encrypted. CTR mode is not the mode described in the question. D: The Cipher Feedback Mode (CFB) of DES is a stream cipher where the ciphertext is used as feedback into

CISSP

the key generation source to develop the next key stream. CFB mode is not the mode described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 803 Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 143 QUESTION 398 Which of the following modes of DES is MOST likely used for Database Encryption? A. B. C. D.

Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Electronic Code Book (ECB) works with blocks of data independently. As a result, data within a file does not have to be encrypted in a specific order. This is extremely accommodating when making use of encryption in databases. Incorrect Answers: B: Cipher Block Chaining (CBC) is mostly used for encrypting message data. C: Cipher Feedback (CFB) is mostly used for encrypting message data. D: Output Feedback (OFB) is used for encrypting digitized video or voice signals. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 800-807 QUESTION 399 Which of the following is a Hashing Algorithm? A. B. C. D.

SHA RSA Diffie Hellman (DH) Elliptic Curve Cryptography (ECC)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: SHA was developed when a more secure hashing algorithm was needed for U.S. government applications. Incorrect Answers: B, C, & D: B. RSA, Diffie Hellman (DH), and Elliptic Curve Cryptography (ECC) are asymmetric key algorithms. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 786, 827 QUESTION 400

CISSP

Complete the following sentence. A digital signature is a: A. B. C. D.

hash value that has been encrypted with the sender’s private key hash value that has been encrypted with the sender’s public key hash value that has been encrypted with the senders Session key senders signature signed and scanned in a digital format

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A digital signature is a hash value that was encrypted with the sender’s private key. Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing. Incorrect Answers: B: The hash value is signed with the sender’s private key, not the public key to prove that the message came from the sender and has not been altered in transit. C: A session key is not used to encrypt the hash value in a digital signature. D: A digital signature is not a sender’s signature signed and scanned in a digital format. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 829 http://searchsecurity.techtarget.com/definition/digital-signature QUESTION 401 Which of the following is NOT an example of an asymmetric key algorithm? A. B. C. D.

Elliptic curve cryptosystem (ECC) Diffie-Hellman Advanced Encryption Standard (AES) Merkle-Hellman Knapsack

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Advanced Encryption Standard (AES) is a block symmetric cipher that makes use of 128-bit block sizes and various key lengths. Incorrect Answers: A, B, & D: Elliptic curve cryptosystem (ECC), Diffie-Hellman, and Merkle-Hellman Knapsack are asymmetric key algorithms. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 811, 815 QUESTION 402 Complete the following sentence. A message can be encrypted, which provides: CISSP

A. B. C. D.

confidentiality. non-repudiation. authentication. integrity.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Confidentiality ensures that a message can only be read by the intended recipient. Encrypting a message provides confidentiality. Different steps and algorithms provide different types of security services: A message can be encrypted, which provides confidentiality. A message can be hashed, which provides integrity A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity Incorrect Answers: B: A digital signature is required to provide non-repudiation for a message. Encryption alone does not provide non-repudiation. C: A digital signature is required to provide authentication for a message. Encryption alone does not provide authentication. D: A hash is required to provide integrity for a message. Encryption alone does not provide integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 829-830 QUESTION 403 Readable is to unreadable just as plain text is to: A. B. C. D.

Cipher Text Encryption Unplain Text Digitally Signed

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: This question is asking what the opposite of plain text is. In the context of information security, plain text means unencrypted text. The opposite of plain text is cipher text. Cipher text is another term for encrypted text. Encryption is a method of transforming readable data, called plaintext, into a form that appears to be random and unreadable, which is called ciphertext. Plaintext is in a form that can be understood either by a person (a document) or by a computer (executable code). Once it is transformed into ciphertext, neither human nor machine can properly process it until it is decrypted. This enables the transmission of confidential information over insecure channels without unauthorized disclosure. Incorrect Answers: B: This answer is close but incorrect. Plaintext is readable data. The opposite of that is encrypted data (known as ciphertext), not ‘encryption’. C: Unplain text is not a valid term. D: Digitally Signed is not the opposite of plaintext.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 765 QUESTION 404 Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. This infrastructure is based upon which of the following Standard? A. B. C. D.

X.509 X.500 X.400 X.25

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Public key infrastructure (PKI) is an ISO authentication framework that makes use of public key cryptography and the X.509 standard. Incorrect Answers: B: X.500 is a series of computer networking standards that cover electronic directory services. It is not, however, used by PKI. C: X.400 is a group of ITU-T Recommendations that define standards for Data Communication Networks for email. D: X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 833 https://en.wikipedia.org/wiki/X.500 https://en.wikipedia.org/wiki/X.400 https://en.wikipedia.org/wiki/X.25 QUESTION 405 What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. A. B. C. D.

Trusted Platform Module (TPM) Trusted BIOS Module (TBM) Central Processing Unit (CPU) Arithmetic Logical Unit (ALU)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. Incorrect Answers: CISSP

B: Trusted BIOS Module is not a valid term. C: A central processing unit (CPU) is the electronic circuitry within a computer that carries out the instructions of a computer program by executing the basic arithmetic, logical, control and input/output (I/O) operations detailed by the instructions. D: An arithmetic logic unit (ALU) refers to a digital electronic circuit that executes arithmetic and bitwise logical operations on integer binary numbers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 843 https://en.wikipedia.org/wiki/Central_processing_unit https://en.wikipedia.org/wiki/Arithmetic_logic_unit QUESTION 406 Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to digitally sign and encrypt emails in the PKI. What happens to the certificates contained on the smart card after the security officer takes appropriate action? A. B. C. D.

They are added to the CRL They are reissued to the user New certificates are issued to the user The user may no longer have certificates

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A certificate that is no longer trusted should be revoked. The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. A certificate may be revoked because the key holder’s private key was compromised or because the CA discovered the certificate was issued to the wrong person. An analogy for the use of a CRL is how a driver’s license is used by a police officer. If an officer pulls over Sean for speeding, the officer will ask to see Sean’s license. The officer will then run a check on the license to find out if Sean is wanted for any other infractions of the law and to verify the license has not expired. The same thing happens when a person compares a certificate to a CRL. If the certificate became invalid for some reason, the CRL is the mechanism for the CA to let others know this information. Incorrect Answers: B: The certificates contained on the smart card should be revoked to invalidate the certificates. They should not be reissued; new certificates (with a different key) should be issued. C: New certificates (containing new keys) should be issued to the user. However, this question is asking about the certificates stored on the lost smart card. The certificates contained on the smart card should be revoked. D: It is not true that the user may no longer have certificates. New certificates with different keys can be issued to the user and the old certificates (the ones on the smart card) can be revoked. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 836-837 QUESTION 407 You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another. You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary. You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat CISSP

says he didn't send the email in question. What concept of PKI - Public Key Infrastructure will implicate the sender? A. B. C. D.

Non-repudiation The digital signature of the recipient Authentication Integrity

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Non-Repudiation makes sure that a sender is unable to deny sending a message. Incorrect Answers: B: A digital signature guarantees the authenticity and integrity of a message by making use of hashing algorithms and asymmetric algorithms. It will not implicate the sender. C: Authentication refers to the verification of the identity of a user who is requesting the use of a system and/or access to network resources. D: Integrity is upheld by providing assurance of the accuracy and reliability of information and systems and preventing any unauthorized modification. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 23, 162, 398, 833 QUESTION 408 When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: 0101 0001 Plain text 0111 0011 Key stream 0010 0010 Output What is this cryptographic operation called? A. B. C. D.

Exclusive-OR Bit Swapping Logical-NOR Decryption

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A plaintext message that needs to be encrypted is converted into bits, and the one-time pad is made up of random bits. This encryption process makes use of a binary mathematic function called exclusive-OR (XOR). Incorrect Answers: B: Bit-swapping is the essential adaptive hand-shaking mechanism used by DMT modems to adapt to line changes. C: Logical-NOR is a truth-functional operator which produces a result that is the denial of Logical-Or. D: Decryption is the process of translating encrypted data back into its original form.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 771 http://web.stanford.edu/group/cioffi/documents/bit_swapping.pdf https://en.wikipedia.org/wiki/Logical_NOR http://searchsecurity.techtarget.com/definition/data-encryption-decryption-IC QUESTION 409 Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. B. C. D.

One Time Pad (OTP) One time Cryptopad (OTC) Cryptanalysis Pretty Good Privacy (PGP)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Explanation: The one-time pad encryption scheme is considered unbreakable only if: The pad is used only one time. The pad is as long as the message. The pad is securely distributed and protected at its destination. The pad is made up of truly random values. Incorrect Answers: B: One time Cryptopad (OTC) is not a valid encryption type. C: Cryptanalysis refers to the practice of discovering flaws within cryptosystems D: Pretty Good Privacy (PGP) is a cryptosystem that makes use of cryptographic protection to protect e-mail and files. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 770-773, 850 QUESTION 410 The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? A. B. C. D.

Static electricity Electro-plating Energy-plating Element-plating

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: It is important to maintain the proper temperature and humidity levels within data centers, which is why an HVAC system should be implemented specifically for this room. Too high a temperature can cause components to overheat and turn off; too low a temperature can cause the components to work more slowly. If the humidity is high, then corrosion of the computer parts can take place; if humidity is low, then static electricity can be introduced. This static electricity can short out devices and cause the loss of information. Because of this, the data center must have its own temperature and humidity controls, which are separate from the rest of CISSP

the building. Incorrect Answers: B: Electro-plating is not caused by low humidity. Therefore, this answer is incorrect. C: Energy-plating is not caused by low humidity. Therefore, this answer is incorrect. D: Element-plating is not caused by low humidity. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 456 QUESTION 411 Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. B. C. D.

Symmetric Key Cryptography PKI - Public Key Infrastructure Diffie-Hellman DSS - Digital Signature Standard

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A single secret key is used between entities when using symmetric key cryptography. Incorrect Answers: B: Public Key Infrastructure (PKI) is an ISO authentication framework that makes use of public key cryptography and the X.509 standard. C: Diffie-Hellman is the first asymmetric key agreement algorithm. D: The Digital Signature Standard (DSS) refers to the U.S. standard that defines the approved algorithms to be used for digital signatures for government authentication activities. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 782, 812, 833 QUESTION 412 Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. B. C. D.

Private / Public Public / Private Symmetric / Asymmetric Private / Symmetric

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A digital signature is a hash value that was encrypted with the sender’s private key. The recipient uses the sender’s public key to verify the digital signature. Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -CISSP

along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing. Incorrect Answers: B: A private key, not a public key is used in a digital signature. The sender is the only person in possession of the private key. The public key can be freely distributed. The recipient uses the public key to verify the digital signature which authenticates the sender. C: Symmetric / Asymmetric are two different types of encryption methods; they are not used together to encrypt or sign a message. D: A private key is used with a public key in asymmetric cryptography. A shared key is used in symmetric cryptography. Private and Symmetric keys are not used together to encrypt or sign a message. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 829 http://searchsecurity.techtarget.com/definition/digital-signature QUESTION 413 Which of the following is NOT a property of the Rijndael block cipher algorithm? A. B. C. D.

The key sizes must be a multiple of 32 bits Maximum block size is 256 bits Maximum key size is 512 bits The key size does not have to match the block size

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The maximum key size is 256 bits, not 512 bits. Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128bit block size and various key lengths (128, 192, 256). The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Incorrect Answers: A: It is true that the key sizes must be a multiple of 32 bits. B: It is true that the maximum block size is 256 bits. D: It is true that the key size does not have to match the block size. References: http://searchsecurity.techtarget.com/definition/Rijndael https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 145 QUESTION 414 Which of the following is not a property of the Rijndael block cipher algorithm? A. B. C. D.

It employs a round transformation that is comprised of three layers of distinct and invertible transformations. It is suited for high speed chips with no area restrictions. It operates on 64-bit plaintext blocks and uses a 128 bit key. It could be used on a smart card.

Correct Answer: C CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: This option is incorrect because the block sizes supported by Rijndael are 128, 192, and 256 bits. Incorrect Answers: A: Rijndael is a substitution linear transformation cipher that uses triple discreet invertible uniform transformations. B, D: The Advanced Encryption Standard (AES), also known as Rijndael, performs well on a wide variety of hardware. Hardware ranges from 8-bit smart cards to high-performance computers. References: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://searchsecurity.techtarget.com/definition/Rijndael QUESTION 415 What is the maximum allowable key size of the Rijndael encryption algorithm? A. B. C. D.

128 bits 192 bits 256 bits 512 bits

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: AES, which Rijndael was designed for, is a symmetric block cipher that supports key sizes of 128, 192, and 256 bits. 256 bits is the maximum key size. Incorrect Answers: A, B: 128 bit and 192 bit keys are supported, but it is not the maximum. D: Rijndael does not support 512 bit keys. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 809 QUESTION 416 An X.509 public key certificate with the key usage attribute "non-repudiation" can be used for which of the following? A. B. C. D.

encrypting messages signing messages verifying signed messages decrypting encrypted messages

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Support for two pairs of public-private keys is a fundamental requirement for some PKIs. One key pair is for

CISSP

data encryption and the other key pair is for digitally signing documents. When digitally signing a message for non-repudiation, the private key is used. The public key (with the key usage attribute "non-repudiation") associated with the private key is used to verify the signed messages. Incorrect Answers: A: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for encrypting messages. B: When digitally signing a message for non-repudiation, the private key is used, not the public key. D: An X.509 public key certificate with the key usage attribute "non-repudiation" cannot be used for decrypting messages. References: https://docs.oracle.com/cd/E13215_01/wlibc/docs81/admin/certificates.html QUESTION 417 Which of the following would best describe certificate path validation? A. B. C. D.

Verification of the validity of all certificates of the certificate chain to the root certificate Verification of the integrity of the associated root certificate Verification of the integrity of the concerned private key Verification of the revocation status of the concerned certificate

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The certification path validation algorithm is the algorithm which verifies that a given certificate path is valid under a given public key infrastructure (PKI). A path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted Certification Authority (CA). Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party's web browser. Incorrect Answers: B: Certificate path validation is not verification of the integrity of the associated root certificate. C: Certificate path validation is not verification of the integrity of the concerned private key. D: Certificate path validation is not verification of the revocation status of the concerned certificate; this is a Certificate Revocation Check. References: https://en.wikipedia.org/wiki/Certification_path_validation_algorithm QUESTION 418 What is the name for a substitution cipher that shifts the alphabet by 13 places? A. B. C. D.

Caesar cipher Polyalphabetic cipher ROT13 cipher Transposition cipher

Correct Answer: C Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: ROT13 was an encryption method that is similar to Caesar cipher, but instead of shifting 3 spaces in the alphabet it shifted 13 spaces. Incorrect Answers: A: Caesar cipher shifts three spaces. B: A polyalphabetic cipher makes use of more than one alphabet. D: Transposition cyphers moves the original values around. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 762, 774, 778 QUESTION 419 Which of the following standards concerns digital certificates? A. B. C. D.

X.400 X.25 X.509 X.75

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: X.509 specifies standard formats for public key certificates and attribute certificates, which are digital certificates. Incorrect Answers: A: X.400 is a group of ITU-T Recommendations that define standards for Data Communication Networks for email. B: X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication. C: X.75 is an International Telecommunication Union (ITU) standard that specifies the interface for interconnecting two X.25 networks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 833 https://en.wikipedia.org/wiki/X.509 https://en.wikipedia.org/wiki/X.400 https://en.wikipedia.org/wiki/X.25 https://en.wikipedia.org/wiki/X.75 QUESTION 420 Which fire class can water be most appropriate for? A. B. C. D.

Class A fires Class B fires Class C fires Class D fires

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference:

CISSP

Explanation: Class A fires can be extinguished with water. Class A fire extinguishers use water or foam. Class A fires involve “common combustibles”; these are ordinary combustible materials, such as cloth, wood, paper, and many plastics. Incorrect Answers: B: You cannot use water on a Class B fire. A Class B fire is a flammable liquid fire such as gasoline, oil or lacquers. Therefore, this answer is incorrect. C: You cannot use water on a Class C fire. Class C fires are Electrical fires. Therefore, this answer is incorrect. D: You cannot use water on a Class D fire. A Class D fire is combustible metals such as magnesium or potassium. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 421 What is the effective key size of DES? A. B. C. D.

56 bits 64 bits 128 bits 1024 bits

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: DES makes use of a 64-bit key, of which 56 bits represents the true key, and the remaining 8 bits are used for parity. Incorrect Answers: B: DES does make use of a 64-bit key, but the effective key size is 56 bits. C: International Data Encryption Algorithm (IDEA) produces key that is 128 bits long. D: RC5 support variable-length key sizes ranging from 0-2040. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 800, 809, 810 QUESTION 422 Which of the following offers confidentiality to an e-mail message? A. B. C. D.

The sender encrypting it with its private key. The sender encrypting it with its public key. The sender encrypting it with the receiver's public key. The sender encrypting it with the receiver's private key.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A message encrypted using a public key can only be decrypted using the corresponding private key. The receiver should be the only person in possession of the recipient’s private key. The recipient’s public key can be freely distributed. Therefore, if the sender encrypts a message with the recipient’s pubic key, the sender will know that the CISSP

recipient is the ONLY person who can decrypt the message. This ensures the confidentiality of the message. Incorrect Answers: A: A public key can be freely distributed. If the sender encrypts a message with his private key, ANYONE in possession of the sender’s public key could decrypt the message. This offers no confidentiality. B: A message encrypted using a public key can only be decrypted using the corresponding private key. If the sender encrypts a message with his public key, only the sender would be able to decrypt it as he is the only person in possession of the private key that corresponds to his public key. D: The receiver should be the only person in possession of the recipient’s private key. The sender should never be in possession of the receiver’s private key. QUESTION 423 Which of the following is not a DES mode of operation? A. B. C. D.

Cipher block chaining Electronic code book Input feedback Cipher feedback

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: DES modes include the following: Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter Mode (CTR) Input feedback is not a DES mode. Incorrect Answers: A, B, & D: Cipher block chaining, Electronic code book, and Cipher feedback are modes of DES. Reference: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 802-807 QUESTION 424 What size is an MD5 message digest (hash)? A. B. C. D.

128 bits 160 bits 256 bits 128 bytes

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: MD5 generates a 128-bit hash. Incorrect Options: B: SHA generates a 160-bit hash value. CISSP

C: SHA-256 generates a 256-bit value. D: MD5 generates a 128-bit, not a 128 byte, hash. Reference: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 826, 827 QUESTION 425 Which of the following service is not provided by a public key infrastructure (PKI)? A. B. C. D.

Access control Integrity Authentication Reliability

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: PKI provides the confidentiality, access control, integrity, authentication, and nonrepudiation security services. Reliability is not included. Incorrect Options: A, B, & C: Access control, integrity, and authentication are security services provided by public key infrastructure (PKI) Reference: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 840 QUESTION 426 In a Public Key Infrastructure, how are public keys published? A. B. C. D.

They are sent via e-mail. Through digital certificates. They are sent by owners. They are not published.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The main role of the CA is to digitally sign and publish the public key bound to a given user by issuing digital certificates which certifies the ownership of a public key by the named subject of the certificate. Incorrect Options: A: The main role of the CA is to digitally sign and publish the public key bound to a given user, so it is not sent via e-mail. C: The main role of the CA is to digitally sign and publish the public key bound to a given user, so they are not sent by owners. D: The main role of the CA is to digitally sign and publish the public key bound to a given user. Clearly they are published. Reference: https://en.wikipedia.org/wiki/Public_key_infrastructure https://en.wikipedia.org/wiki/Certificate_authority CISSP

QUESTION 427 Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. B. C. D.

Message Authentication Code - MAC PAM - Pluggable Authentication Module NAM - Negative Acknowledgement Message Digital Signature Certificate

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Message Authentication Code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication. Incorrect Answers: B: A pluggable authentication module (PAM) is used to integrate multiple low-level authentication schemes into a high-level application programming interface (API). C: A Negative Acknowledgement Message is a protocol message that is sent in many communications protocols to negatively acknowledge or reject a previously received message, or to show some kind of error. D: Digital Signature Certificate is an invalid term. Digital signatures and digital certificates are two different security measures. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 832 https://en.wikipedia.org/wiki/Pluggable_authentication_module https://en.wikipedia.org/wiki/NAK_(protocol_message) http://searchsecurity.techtarget.com/answer/The-difference-between-a-digital-signature-and-digital-certificate QUESTION 428 Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer? A. B. C. D.

TPM - Trusted Platform Module TPM - Trusted Procedure Module Smart Card Enigma Machine

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. Incorrect Answers: B: Trusted Procedure Module is not a valid term. C: A smart card is not located on the motherboard of a computer. D: The Enigma machines were a series of electro-mechanical rotor cipher machines developed and used to protect commercial, diplomatic and military communication.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 200, 201, 843 https://en.wikipedia.org/wiki/Enigma_machine QUESTION 429 Which of the following statements pertaining to stream ciphers is TRUE? A. B. C. D.

A stream cipher is a type of asymmetric encryption algorithm. A stream cipher generates what is called a keystream. A stream cipher is slower than a block cipher. A stream cipher is not appropriate for hardware-based encryption.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, so it is also known as state cipher. In practice, a digit is typically a bit and the combining operation an exclusive-or (XOR). The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly; in particular, the same starting state (seed) must never be used twice. Incorrect Answers: A: A stream cipher is not a type of asymmetric encryption algorithm; it is a symmetric key cipher. C: A stream cipher is not slower than a block cipher; it is faster. D: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. References: https://en.wikipedia.org/wiki/Stream_cipher QUESTION 430 Which of the following statements pertaining to block ciphers is NOT true? A. B. C. D.

It operates on fixed-size blocks of plaintext. It is more suitable for software than hardware implementations. Plain text is encrypted with a public key and decrypted with a private key. Some Block ciphers can operate internally as a stream.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: It is not true that plain text is encrypted with a public key and decrypted with a private key with a block cipher. Block ciphers use symmetric keys. In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important CISSP

elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data. Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher. Incorrect Answers: A: It is true that a block cipher operates on fixed-size blocks of plaintext. B: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. Because block ciphers do not require as much processing power, they can be easily implemented at the software level. D: It is true that some Block ciphers can operate internally as a stream. References: https://en.wikipedia.org/wiki/Block_cipher https://en.wikipedia.org/wiki/Stream_cipher QUESTION 431 Cryptography does NOT help in: A. B. C. D.

detecting fraudulent insertion. detecting fraudulent deletion. detecting fraudulent modification. detecting fraudulent disclosure.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptography can prevent unauthorized users from being able to read or modify the data. However, it cannot prevent someone deleting the encrypted data. Modern cryptography concerns itself with the following four objectives: 1. Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4. Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information. Incorrect Answers: A: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent insertion. C: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent modification. D: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. References: http://searchsoftwarequality.techtarget.com/definition/cryptography Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 24 QUESTION 432

CISSP

What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. B. The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard. C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorities. Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. Online Certificate Status Protocol (OCSP) is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process. Incorrect Answers: B: The OCSP (Online Certificate Status Protocol) is not a proprietary certificate mechanism developed by Microsoft; it is an open standard. C: The OCSP (Online Certificate Status Protocol) is not used only by Active Directory. D: The OCSP (Online Certificate Status Protocol) is not a way to check the attributes of a certificate; it is a way to check the revocation status of a certificate. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 836-837 QUESTION 433 Which of the following is BEST at defeating frequency analysis? A. B. C. D.

Substitution cipher Polyalphabetic cipher Transposition cipher Ceasar cipher

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A polyalphabetic cipher makes use of more than one alphabet to conquer frequency analysis. Incorrect Answers: A, C: Substitution and transposition ciphers are susceptible to attacks that perform frequency analysis. CISSP

D: The Ceasar Cipher is a type of substitution cipher. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 780, 781, 871 QUESTION 434 A code, as is pertains to cryptography: A. B. C. D.

is a generic term for encryption. is specific to substitution ciphers. deals with linguistic units. is specific to transposition ciphers.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. For example, the word “OCELOT” might be the ciphertext for the entire phrase “TURN LEFT 90 DEGREES,” the word “LOLLIPOP” might be the ciphertext for “TURN RIGHT 90 DEGREES”. Codes are only useful for specialized circumstances where the message to transmit has an already defined equivalent ciphertext word. Incorrect Answers: A: A code is not a generic term for encryption. B: A code is not specific to substitution ciphers. D: A code is not a specific to transposition ciphers. References: https://www.cs.duke.edu/courses/fall02/cps182s/readings/APPLYC1.pdf QUESTION 435 Which of the following is the MOST secure form of triple-DES encryption? A. B. C. D.

DES-EDE3 DES-EDE1 DES-EEE4 DES-EDE2

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: DES-EDE3 is the most secure form of triple-DES encryption as it uses three different keys for encryption. 3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out: DES-EEE3: Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted. DES-EDE3: Uses three different keys for encryption, and the data are encrypted, decrypted, encrypted. DES-EEE2: The same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key. DES-EDE2: The same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key. Incorrect Answers: CISSP

B: DES-EDE1 uses one encryption key and returns the algorithm (and strength) as DES. It is only provided for backwards compatibility. This is not the most secure form of triple-DES encryption. C: DES-EEE4 is not a valid form of 3DES encryption. D: DES-EDE2 uses only two keys and is not the most secure form of triple-DES encryption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 808 QUESTION 436 Which of the following is NOT a known type of Message Authentication Code (MAC)? A. B. C. D.

Keyed-hash message authentication code (HMAC) DES-CBC Signature-based MAC (SMAC) Universal Hashing Based MAC (UMAC)

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Signature-based MAC (SMAC) is not a known type of Message Authentication Code (MAC). Message authentication code is a cryptographic function that uses a hashing algorithm and symmetric key for data integrity and system origin functions. A keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. A cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block. A message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message. Incorrect Answers: A: Keyed-hash message authentication code (HMAC) is a known type of Message Authentication Code (MAC). B: DES-CBC is a known type of Message Authentication Code (MAC). D: Universal Hashing Based MAC (UMAC) is a known type of Message Authentication Code (MAC). References: https://en.wikipedia.org/wiki/UMAC https://en.wikipedia.org/wiki/Hash-based_message_authentication_code https://en.wikipedia.org/wiki/CBC-MAC QUESTION 437 What is the maximum key size for the RC5 algorithm? A. B. C. D.

128 bits 256 bits 1024 bits 2040 bits

Correct Answer: D Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: RC5 is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255. Incorrect Answers: A: The maximum key size for the RC5 algorithm is 2048 bits, not 128 bits. B: The maximum key size for the RC5 algorithm is 2048 bits, not 256 bits. C: The maximum key size for the RC5 algorithm is 2048 bits, not 1024 bits. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810 QUESTION 438 Which of the following algorithms is a stream cipher? A. B. C. D.

RC2 RC4 RC5 RC6

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: RC4 is one of the most commonly implemented stream ciphers. Incorrect Answers: A, C, & D: RC2, RC5and RC6 are block ciphers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810 https://en.wikipedia.org/wiki/RC2 QUESTION 439 In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. B. C. D.

Both client and server The client's browser The web server The merchant's Certificate Server

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: This is a tricky question. The client generates the “pre-master” secret. See step 4 of the process below. However, the master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server. See step 6 below.

CISSP

The steps involved in the SSL handshake are as follows (note that the following steps assume the use of the cipher suites listed in Cipher Suites with RSA Key Exchange: Triple DES, RC4, RC2, DES): 1. The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL. 2. The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client's certificate. 3. The client uses the information sent by the server to authenticate the server (see Server Authentication for details). If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to step 4. 4. Using all data generated in the handshake thus far, the client (with the cooperation of the server, depending on the cipher being used) creates the pre-master secret for the session, encrypts it with the server's public key (obtained from the server's certificate, sent in step 2), and then sends the encrypted pre-master secret to the server. 5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret. 6. If the server has requested client authentication, the server attempts to authenticate the client (see Client Authentication for details). If the client cannot be authenticated, the session ends. If the client can be successfully authenticated, the server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. 7. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). 8. The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. 9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 10. The SSL handshake is now complete and the session begins. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity. 11. This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself. Incorrect Answers: B: The client generates the “pre-master” secret, not the “master secret”. The master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server. C: The master certificate is not generated by the web server alone; the client also generates the master secret. D: The merchant's Certificate Server does not generate the master secret. References: https://support.microsoft.com/en-us/kb/257591 QUESTION 440 Which of the following was NOT designed to be a proprietary encryption algorithm? A. B. C. D.

RC2 RC4 Blowfish Skipjack

CISSP

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Blowfish is a block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 bits up to 448 bits, and the data blocks go through 16 rounds of cryptographic functions. It was intended as a replacement to the aging DES. While many of the other algorithms have been proprietary and thus encumbered by patents or kept as government secrets, this wasn’t the case with Blowfish. Bruce Schneier, the creator of Blowfish, has stated, “Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone.” Incorrect Answers: A: RC2 was designed to be a proprietary encryption algorithm. B: RC4 was designed to be a proprietary encryption algorithm. D: Skipjack was designed to be a proprietary encryption algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810 QUESTION 441 Which of the following is NOT an encryption algorithm? A. B. C. D.

Skipjack SHA-1 Twofish DEA

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: SHA-1 is a hashing algorithm. Incorrect Answers: A: Skipjack is an algorithm used for encryption. C: Twofish is a symmetric block cipher that is used for encryption. D: DEA is the algorithm that fulfills DES, which provides encryption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 800, 831 https://en.wikipedia.org/wiki/Skipjack_(cipher) Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 236 QUESTION 442 What key size is used by the Clipper Chip? A. B. C. D.

40 bits 56 bits 64 bits 80 bits

Correct Answer: D

CISSP

Section: Security Engineering Explanation Explanation/Reference: Explanation: The Clipper Chip made use of the Skipjack algorithm, which is a symmetric cipher that uses an 80-bit key. Incorrect Answers: A: RC4 is able to use key sizes ranging from 40 bits to 256 bits. B: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity. C: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 800-802, Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 250 QUESTION 443 Which of the following would BEST describe a Concealment cipher? A. B. C. D.

Permutation is used, meaning that letters are scrambled. Every X number of words within a text, is a part of the real message. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. Hiding data in another message so that the very existence of the data is concealed.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The concealment cipher is a symmetric key, transposition cipher where the words or characters of the plaintext message are embedded in a page of words or characters at a consistent interval. Incorrect Answers: A: Transposition cyphers moves the original values around. C: The substitution cipher substitutes bits, characters, or blocks of characters with different bits, characters, or blocks. D: Steganography is a technique used to hide data in another media type so that the presence of the data is masked. Reference: Miller, David R, Microsoft CISSP Training Kit, O’Reilly Media, 2013, California, p. 156 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 774, 777 QUESTION 444 Which of the following is BEST provided by symmetric cryptography? A. B. C. D.

Confidentiality Integrity Availability Non-repudiation

Correct Answer: A Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: Symmetric cryptosystems is able to provide confidentiality, but not authentication or nonrepudiation. Incorrect Answers: B: Hashing algorithms provide data integrity. C: Availability is an Access Control concern. It is not provided by symmetric cryptography. D: Symmetric cryptosystems is unable to provide authentication or nonrepudiation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 159, 783, 873 QUESTION 445 While using IPsec, the ESP and AH protocols both provide integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the MOST? A. B. C. D.

Key session exchange Packet Header Source or Destination address VPN cryptographic key size Crypotographic algorithm used

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: AH provides authentication and integrity, and ESP can provide those two functions and confidentiality. Why even bother with AH then? In most cases, the reason has to do with whether the environment is using network address translation (NAT). IPSec will generate an integrity check value (ICV), which is really the same thing as a MAC value, over a portion of the packet. Remember that the sender and receiver generate their own integrity values. In IPSec, it is called an ICV value. The receiver compares her ICV value with the one sent by the sender. If the values match, the receiver can be assured the packet has not been modified during transmission. If the values are different, the packet has been altered and the receiver discards the packet. The AH protocol calculates this ICV over the data payload, transport, and network headers. If the packet then goes through a NAT device, the NAT device changes the IP address of the packet. That is its job. This means a portion of the data (network header) that was included to calculate the ICV value has now changed, and the receiver will generate an ICV value that is different from the one sent with the packet, which means the packet will be discarded automatically. The ESP protocol follows similar steps, except it does not include the network header portion when calculating its ICV value. When the NAT device changes the IP address, it will not affect the receiver’s ICV value because it does not include the network header when calculating the ICV. Incorrect Answers: A: The key session exchange does not affect the use of AH and it´s Integrity Check Value. C: The VPN cryptographic key size does not affect the use of AH and it´s Integrity Check Value. D: The crypotographic algorithm used does not affect the use of AH and it´s Integrity Check Value. Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 862-863 QUESTION 446 Which of the following protocols offers native encryption? A. B. C. D.

IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP IPSEC, SSH, SSL, TFTP IPSEC, SSH, SSL, TLS IPSEC, SSH, PPTP, SSL, MPLS, and L2TP CISSP

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: IPSec (Internet Protocol Security) is a standard that provides encryption, access control, non-repudiation, and authentication of messages over an IP network. SSH (Secure Shell) is a set of protocols that are primarily used for remote access over a network by establishing an encrypted tunnel between an SSH client and an SSH server. SSL (Secure Sockets Layer) is an encryption technology that is used to provide secure transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. Similar to SSH, SSL uses symmetric encryption for private connections and asymmetric or public key cryptography for peer authentication. Incorrect Answers: A: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2F (Layer 2 Forwarding Protocol) is a tunneling protocol that does not provide encryption by itself. L2TP (Layer 2 Tunneling Protocol) is also a tunneling protocol that does not provide encryption by itself. B: TFTP (Trivial File Transfer Protocol) is used for transferring files. TFTP does not provide encryption. D: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that does not provide encryption by itself. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 86 QUESTION 447 Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric ciphers? A. B. C. D.

Provides Limited security services Has no built in Key distribution Speed Large number of keys are needed

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Symmetric cryptography is much faster than asymmetric systems, and is difficult to crack if a large key size is used. Incorrect Answers: A, B, D: Symmetric cryptography provides confidentiality, but not authenticity or nonrepudiation, and therefore deemed limited. It requires a secure mechanism to deliver keys correctly. Each pair of users needs a unique key. Therefore, as the number of individuals increase, so does the number of keys. These are all considered weaknesses of symmetric cryptography. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 783 QUESTION 448 Which of the following is more suitable for a hardware implementation?

CISSP

A. B. C. D.

Stream ciphers Block ciphers Cipher block chaining Electronic code book

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. Because block ciphers do not require as much processing power, they can be easily implemented at the software level. Incorrect Answers: B: Block ciphers can be easily implemented at the software level because they do not require as much processing power as stream ciphers. C: Cipher block chaining is a block encryption method where each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next block of text. Cipher block chaining is not more suitable for a hardware implementation. D: Electronic code book is a block encryption method. It is not more suitable for a hardware implementation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 791 QUESTION 449 How many rounds are used by DES? A. B. C. D.

16 32 64 48

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: DES uses a 64-bit key, of which 8 bits are used for parity, and 56 bits make up the true key. DES divides the message into blocks, which are put through 16 rounds of transposition and substitution functions, and operates on them one at a time. Incorrect Answers: B, C, & D: RC5 is a block cipher that has a selection of parameters that it can use for block size, key size, and the number of rounds used. The number of rounds can go from 0 up to 255. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 809, 810 QUESTION 450 What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits

CISSP

C. 160 bits D. 192 bits Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64-bit blocks of data, which is divided into 16 smaller blocks, with eight rounds of mathematical functions performed on each to produce a key that is 128 bits long. Incorrect Answers: A: The block of data that the International Data Encryption Algorithm (IDEA) operates on is 64 bit in size. C: SHA produces a 160-bit hash value. D: Tiger produces a hash size of 192 bits. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 809, 810, 826 QUESTION 451 Which of the following is NOT an example of a block cipher? A. B. C. D.

Skipjack IDEA Blowfish RC4

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: RC4 is one of the most commonly used stream ciphers. Incorrect Answers: A: Skipjack is a symmetric key block cipher. B: International Data Encryption Algorithm (IDEA) is a block cipher and runs on 64-bit blocks of data. C: Blowfish is a block cipher that works on 64-bit blocks of data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 809, 810 Miller, David R, Microsoft CISSP Training Kit, O’Reilly Media, 2013, California, p. 159 QUESTION 452 The Diffie-Hellman algorithm is used for: A. B. C. D.

Encryption Digital signature Key agreement Non-repudiation

Correct Answer: C Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: The Diffie-Hellman algorithm is the first asymmetric key agreement algorithm, which was developed by Whitfield Diffie and Martin Hellman. Incorrect Answers: A, B: The Diffie-Hellman algorithm does not offer encryption or digital signature functionality. D: Non-repudiation requires digital signature functionality, which the Diffie-Hellman algorithm does not offer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 812, 813, 830 QUESTION 453 A one-way hash provides which of the following? A. B. C. D.

Confidentiality Availability Integrity Authentication

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The verification of message integrity is an important application of secure hashes. Incorrect Answers: A, D: A hash function provides Integrity, not confidentiality or authentication. B: A hash function provides Integrity, not availability. References: https://en.wikipedia.org/wiki/Cryptographic_hash_function Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 825 QUESTION 454 Which of the following is not a one-way hashing algorithm? A. B. C. D.

MD2 RC4 SHA-1 HAVAL

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: RC4 is a Symmetric Key Algorithm. Incorrect Answers: A: MD2 is a one-way hashing algorithm. C: SHA-1 is a one-way hashing algorithm.

CISSP

D: HAVAL is a one-way hashing algorithm. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 831 QUESTION 455 Which of the following statements pertaining to key management is NOT true? A. B. C. D.

The more a key is used, the shorter its lifetime should be. When not using the full keyspace, the key should be extremely random. Keys should be backed up or escrowed in case of emergencies. A key's lifetime should correspond with the sensitivity of the data it is protecting.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The rules for keys and key management advise that the keys must be extremely random. It also states that the algorithm must make use of the full spectrum of the keyspace. Incorrect Answers: A, C, D: These options are included in the rules for keys and key management. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 842 QUESTION 456 Which of the following statements pertaining to link encryption is FALSE? A. B. C. D.

It encrypts all the data along a specific communication path. It provides protection against packet sniffers and eavesdroppers. Information stays encrypted from one end of its journey to the other. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods. Link encryption provides protection against packet sniffers and eavesdroppers. Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols. All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way. Incorrect Answers: A: It is true that link encryption encrypts all the data along a specific communication path. B: It is true that link encryption provides protection against packet sniffers and eavesdroppers. C: It is true that user information, header, trailers, addresses and routing data that are part of the packets are CISSP

encrypted. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 845-846 QUESTION 457 Which key agreement scheme uses implicit signatures? A. B. C. D.

MQV DH ECC RSA

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: MQV (Menezes-Qu-Vanstone) is an authentication key agreement cryptography function very similar to DiffieHellman. The users’ public keys are exchanged to create session keys. It provides protection from an attacker figuring out the session key because she would need to have both users’ private keys. The MQV elliptic curve key agreement method is used to establish a shared secret between parties who already possess trusted copies of each other’s static public keys. Both parties still generate dynamic public and private keys and then exchange public keys. However, upon receipt of the other party’s public key, each party calculates a quantity called an implicit signature using its own private key and the other party’s public key. The shared secret is then generated from the implicit signature. The term implicit signature is used to indicate that the shared secrets do not agree if the other party’s public key is not employed, thus giving implicit verification that the public secret is generated by the public party. An attempt at interception will fail as the shared secrets will not be the same shared secrets because the adversary’s private key is not linked to the trusted public key. Incorrect Answers: B: DH (Diffie-Hellman) does not use implicit signatures. C: ECC (Elliptic Curve Cryptosystem) does not use implicit signatures. D: RSA does not use implicit signatures. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 815 https://www.certicom.com/index.php/mqv QUESTION 458 Cryptography does NOT concern itself with which of the following choices? A. B. C. D.

Availability Integrity Confidentiality Validation

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptography ensures the integrity of data, the confidentiality of the data and the validation of the sender and receiver of the data. Cryptography does not ensure the availability of the data.

CISSP

Modern cryptography concerns itself with the following four objectives: 1. Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4. Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information. Incorrect Answers: B: Cryptography does concern itself with integrity of data. C: Cryptography does concern itself with confidentiality of data. D: Cryptography does concern itself validation (of the source and destination of the data). References: http://searchsoftwarequality.techtarget.com/definition/cryptography QUESTION 459 Which of the following does NOT concern itself with key management? A. B. C. D.

Internet Security Association Key Management Protocol (ISAKMP) Diffie-Hellman (DH) Cryptology (CRYPTO) Key Exchange Algorithm (KEA)

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptology involves ‘hiding’ data to make it unreadable by unauthorized parties. Keys are used to provide the encryption used in cryptology. However, cryptology itself is not concerned with the management of the keys used by the encryption algorithms. Modern cryptography concerns itself with the following four objectives: 1. Confidentiality (the information cannot be understood by anyone for whom it was unintended) 2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected) 3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information) 4. Authentication (the sender and receiver can confirm each other’s identity and the origin/destination of the information. Incorrect Answers: A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. B: The Diffie-Hellman protocol is a key agreement protocol. D: Key Exchange Algorithm as its name suggests is used for the exchange of keys. References: http://searchsoftwarequality.techtarget.com/definition/cryptography QUESTION 460 Which of the following encryption algorithms does NOT deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA

CISSP

D. Elliptic Curve Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: RSA does not deal with discrete logarithms. RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto standard and can be used for digital signatures, key exchange, and encryption. It was developed in 1978 at MIT and provides authentication as well as key encryption. The security of this algorithm comes from the difficulty of factoring large numbers into their original prime numbers. The public and private keys are functions of a pair of large prime numbers, and the necessary activity required to decrypt a message from ciphertext to plaintext using a private key is comparable to factoring a product into two prime numbers. Incorrect Answers: A: El Gamal is a public key algorithm that can be used for digital signatures, encryption, and key exchange. It is based not on the difficulty of factoring large numbers but on calculating discrete logarithms in a finite field. B: The Diffie-Hellman algorithm enables two systems to generate a symmetric key securely without requiring a previous relationship or prior arrangements. The algorithm allows for key distribution, but does not provide encryption or digital signature functionality. The algorithm is based on the difficulty of calculating discrete logarithms in a finite field. D: The Elliptic Curve algorithm computes discrete logarithms of elliptic curves, which is different from calculating discrete logarithms in a finite field. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 815, 818 QUESTION 461 Which of the following statements pertaining to message digests is NOT true? A. B. C. D.

The original file cannot be created from the message digest. Two different files should not have the same message digest. The message digest should be calculated using at least 128 bytes of the file. Message digests are usually of fixed size.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A message digest should be calculated using all of the original file’s data regardless of whether the original data is more or less than 128 bytes. The output of a hash function is called a message digest. The message digest is uniquely derived from the input file and, if the hash algorithm is strong, the message digest has the following characteristics: The hash function is considered one-way because the original file cannot be created from the message digest. Two files should not have the same message digest. Given a file and its corresponding message digest, it should not be feasible to find another file with the same message digest. The message digest should be calculated using all of the original file’s data. Incorrect Answers: A: It is true that the original file cannot be created from the message digest.

CISSP

B: It is true that two different files should not have the same message digest. D: It is true that message digests are usually of fixed size. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 151-152 QUESTION 462 Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. B. C. D.

Differential cryptanalysis Differential linear cryptanalysis Birthday attack Statistical attack

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Birthday Attack: Usually applied to the probability of two different messages using the same hash function that produces a common message digest; or given a message and its corresponding message digest, finding another message that when passed through the same hash function generates the same specific message digest. The term “birthday” comes from the fact that in a room with 23 people, the probability of two or more people having the same birthday is greater than 50%. Incorrect Answers: A: Differential Cryptanalysis is applied to private key cryptographic systems by looking at ciphertext pairs, which were generated through the encryption of plaintext pairs, with specific differences and analyzing the effect of these differences. This is not what is described in the question. B: Linear Cryptanalysis is using pairs of known plaintext and corresponding ciphertext to generate a linear approximation of a portion of the key. Differential Linear Cryptanalysis is using both differential and linear approaches. This is not what is described in the question. D: A statistical attack is exploiting the lack of randomness in key generation. This is not what is described in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 154-155 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 828 QUESTION 463 Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. B. C. D.

Timestamping Repository Certificate revocation Internet Key Exchange (IKE)

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation:

CISSP

Internet Key Exchange (IKE) is not included in a Public Key Infrastructure (PKI). IKE is a key management protocol used in IPSec. A PKI may be made up of the following entities and functions: Certification authority Registration authority Certificate repository Certificate revocation system Key backup and recovery system Automatic key update Management of key histories Timestamping Client-side software Incorrect Answers: A: Timestamping is included in a Public Key Infrastructure (PKI). B: Repository (certificate repository) is included in a Public Key Infrastructure (PKI). C: Certificate revocation is included in a Public Key Infrastructure (PKI). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 839 QUESTION 464 Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. B. C. D.

Secure Electronic Transaction (SET) Message Authentication Code (MAC) Cyclic Redundancy Check (CRC) Secure Hash Standard (SHS)

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: In order to protect against fraud in electronic fund transfers, the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC). A MAC is appended to the message before it is transmitted. At the receiving end, a MAC is generated from the received message and is compared to the MAC of an original message. A match indicates that the message was received without any modification occurring while en route. Incorrect Answers: A: A consortium including MasterCard and Visa developed SET in 1997 as a means of preventing fraud from occurring during electronic payments. SET provides confidentiality for purchases by encrypting the payment information. Thus, the seller cannot read this information. This is not what is described in the question. C: Cyclic redundancy checking is a method of checking for errors in data that has been transmitted on a communications link. A sending device applies a 16- or 32-bit polynomial to a block of data that is to be transmitted and appends the resulting cyclic redundancy code (CRC) to the block. This is not what is described in the question. D: The Secure Hash Standard (SHS) is a set of cryptographically secure hash algorithms specified by the National Institute of Standards and Technology (NIST). This is not what is described in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 160 https://en.wikipedia.org/wiki/Secure_Hash_Standard

CISSP

QUESTION 465 Which of the following statements pertaining to Secure Sockets Layer (SSL) is FALSE? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols. Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The SSL protocol was developed by Netscape in 1994 to secure Internet client-server transactions. The SSL protocol authenticates the server to the client using public key cryptography and digital certificates. In addition, this protocol also provides for optional client to server authentication. It supports the use of RSA public key algorithms, IDEA, DES and 3DES private key algorithms, and the MD5 hash function. Web pages using the SSL protocol start with HTTPs. SSL 3.0 and its successor, the Transaction Layer Security (TLS) 1.0 protocol are de-facto standards, but they do not provide the end-to-end capabilities of SET. TLS implements confidentiality, authentication, and integrity above the Transport Layer, and it resides between the application and TCP layer. Thus, TLS, as with SSL, can be used with applications such as Telnet, FTP, HTTP, and email protocols. Both SSL and TLS use certificates for public key verification that are based on the X.509 standard. Incorrect Answers: A: It is true that the SSL protocol was developed by Netscape to secure Internet client-server transactions. C: It is true that Web pages using the SSL protocol start with HTTPS. D: It is true that SSL can be used with applications such as Telnet, FTP and email protocols. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 160 QUESTION 466 What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. B. C. D.

Internet Key Exchange (IKE) Secure Key Exchange Mechanism Oakley Internet Security Association and Key Management Protocol

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Internet Key Exchange (IKE) is the protocol employed to establish a security association (SA) in the IPsec protocol suite. Incorrect Answers: B: Secure Key Exchange Mechanism allows different key distribution methods to be applied. C: OAKLEY is a key-agreement protocol that enables authenticated parties to exchange keying material via an insecure link by making use of the Diffie–Hellman key exchange algorithm. D: Internet Security Association and Key Management Protocol is a protocol defined for instituting Security Associations (SA) and cryptographic keys in an Internet environment.

CISSP

References: https://en.wikipedia.org/wiki/Internet_Key_Exchange Miller, David R, Microsoft CISSP Training Kit, O’Reilly Media, 2013, California, p. 226 https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol QUESTION 467 Which of the following binds a subject name to a public key value? A. B. C. D.

A public-key certificate A public key infrastructure A secret key infrastructure A private key certificate

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate. Incorrect Answers: A: A public-key certificate contains a public key. However, it is the PKI (in particular the certificate authority) that verifies the subject’s identity and binds the subject name to the public key value. C: A secret key infrastructure is not a valid answer. A secret key can refer to a private key or more commonly to a shared key used in symmetric encryption. D: A private key (and its corresponding public key) is usually generated by a user or application. The public key is then validated and signed by a CA. A private key does not bind a subject name to a public key value. References: http://searchsecurity.techtarget.com/definition/PKI QUESTION 468 What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. B. C. D.

A public-key certificate An attribute certificate A digital certificate A descriptive certificate

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The US American National Standards Institute (ANSI) X9 committee developed the concept of attribute certificate as a data structure that binds some attributes values with the identification information about its holder. According to RFC 2828 [24], an attribute certificate is “a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. One of the advantages of attribute certificate is that it can be used for various other purposes. It may contain group membership, role clearance, or any other form of authorization. CISSP

Incorrect Answers: A: An attribute certificate can be used to supplement a public-key certificate by storing additional information or attributes. However, an attribute certificate, not a public-key certificate is what is described in the question. C: A digital certificate is another name for a public key certificate. It is an electronic document used to prove ownership of a public key. This is not what is described in the question. D: A descriptive certificate is not a defined certificate type. QUESTION 469 What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. B. C. D.

Certificate revocation list Certificate revocation tree Authority revocation list Untrusted certificate list

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: An Authority Revocation List (ARL) is a list of serial numbers for public key certificates issued to certificate authorities that have been revoked, and therefore should not be relied upon. Incorrect Answers: A: A certificate revocation list (CRL) is a list of serial numbers for certificates that have been revoked, and should therefore, no longer trust entities presenting them. B: A certificate revocation tree is a mechanism for distributing notices of certificate revocations, but is not supported in X.509. D: A list of untrusted certificates is known as an untrusted CTL. It does not contain revoked certificates, but untrusted ones. References: https://en.wikipedia.org/wiki/Revocation_list http://zvon.org/comp/r/ref-Security_Glossary.html#Terms~certificate_revocation_tree https://technet.microsoft.com/en-us/library/dn265983.aspx QUESTION 470 Who vouches for the binding between the data items in a digital certificate? A. B. C. D.

Registration authority Certification authority Issuing authority Vouching authority

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A certification authority issues digital certificates that include a public key and the identity of the owner. The matching private key is not publicly available, but kept secret by the end user who created the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A certification authority’s duty in such schemes is to verify an applicant's credentials, so that users and relying parties are able to trust the information CISSP

in the CA's certificates. Incorrect Answers: A: A registration authority (RA) confirms user requests for a digital certificate and informs the certificate authority (CA) to distribute it. C: An issuing authority does not vouch for the binding between the data items in a digital certificate. D: A vouching authority does not vouch for the binding between the data items in a digital certificate. References: https://en.wikipedia.org/wiki/Certificate_authority http://searchsecurity.techtarget.com/definition/registration-authority QUESTION 471 What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. B. C. D.

Cross-certification Multiple certificates Redundant certification authorities Root certification authorities

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Cross certification allows entities in one public key infrastructure (PKI) to trust entities in another PKI. This mutual trust relationship is typically supported by a cross-certification agreement between the certification authorities (CAs) in each PKI. This agreement determines the responsibilities and liability of each party. A mutual trust relationship between two CAs requires that each CA issue a certificate to the other to establish the relationship in both directions. The path of trust is not hierarchal even though the separate PKIs may be certificate hierarchies. Incorrect Answers: B: Multiple certificates will not allow users to validate each other's certificate when they are certified under different certification hierarchies. C: Redundant certification authorities will not allow users to validate each other's certificate when they are certified under different certification hierarchies. D: A root certification authority is identified by a root certificate, which is an unsigned or a self-signed public key certificate. References: https://msdn.microsoft.com/en-us/library/windows/desktop/bb540800(v=vs.85).aspx https://en.wikipedia.org/wiki/Root_certificate QUESTION 472 Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key. Correct Answer: C Section: Security Engineering Explanation CISSP

Explanation/Reference: Explanation: Hybrid cryptography is the combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key. A digital envelope is another term used to describe hybrid cryptography. When a message is encrypted with a symmetric key (secret key) and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope. Incorrect Answers: A: A message that is encrypted and signed with a digital certificate is not the correct definition of a digital envelope. The message would have to be encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key to be a digital envelope. This answer does not specify what type of encryption is used. B: A message that is signed with a secret key and encrypted with the sender's private key is not the correct definition of a digital envelope. A private key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. D: A message that is encrypted with the recipient's public key and signed with the sender's private key is not the correct definition of a digital envelope. A public key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 811 QUESTION 473 What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. B. C. D.

A digital envelope A cryptographic hash A Message Authentication Code A digital signature

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: A digital signature is a hash value that is encrypted with the sender’s private key. The hashing function guarantees the integrity of the message, while the signing of the hash value offers authentication and nonrepudiation. Incorrect Answers: A: When a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope. B: A cryptographic hash can be used in digital signatures, but signatures are not part of the hash function. C: Message authentication code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication. It does not, however, require a signature. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 811, 829, 832 https://en.wikipedia.org/wiki/Cryptographic_hash_function QUESTION 474 The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illuminated at nine feet high with at least three foot-candles

CISSP

B. Illuminated at eight feet high with at least three foot-candles C. Illuminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A foot-candle (fc) is an illuminance measurement equal to one lumen per square foot. The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light. Incorrect Answers: A: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least three foot-candles. Therefore, this answer is incorrect. B: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not eight feet high with at least three foot-candles. Therefore, this answer is incorrect. D: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least two foot-candles. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1365 QUESTION 475 Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. B. C. D.

OAKLEY Internet Security Association and Key Management Protocol (ISAKMP) Simple Key-management for Internet Protocols (SKIP) IPsec Key exchange (IKE)

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: ISAKMP defines actions and packet formats to establish, negotiate, modify and delete Security Associations. It is distinct from key exchange protocols with the intention of cleanly separating the details of security association management and key management from the details of key exchange. Incorrect Answers: A: The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the Diffie–Hellman key exchange algorithm. C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.

CISSP

References: https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 863 QUESTION 476 Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. B. C. D.

Diffie-Hellman Key Exchange Protocol Internet Security Association and Key Management Protocol (ISAKMP) Simple Key-management for Internet Protocols (SKIP) OAKLEY

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the Diffie–Hellman key exchange algorithm. It formed the basis for the more widely used Internet key exchange protocol. Incorrect Answers: A: The Diffie-Hellman algorithm proposed for IPsec is the Diffie-Hellman Key Exchange Protocol. B: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. It has not superseded ISAKMP. C: SKIP is a distribution protocol, not a key establishment protocol. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol QUESTION 477 Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. B. C. D.

Internet Key exchange (IKE) Security Association Authentication Protocol (SAAP) Simple Key-management for Internet Protocols (SKIP) Key Exchange Algorithm (KEA)

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: With IPsec, Key management can be dealt with manually or automatically via a key management protocol. The genuine standard for IPSec is to make use of Internet Key Exchange (IKE), which is a permutation of the ISAKMP and OAKLEY protocols. Incorrect Answers: CISSP

B: Security Association Authentication Protocol(SAAP) is not a valid term. C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. D: Key Exchange Algorithm includes Diffie-Hellman and RSA, but is not based on OAKLEY. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://technet.microsoft.com/en-us/library/cc962035.aspx QUESTION 478 Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. B. C. D.

Internet Security Association and Key Management Protocol (ISAKMP) Simple Key-management for Internet Protocols (SKIP) Diffie-Hellman Key Distribution Protocol IPsec Key exchange (IKE)

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. It is a hybrid Key distribution protocol. Incorrect Answers: A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. C: Diffie–Hellman key exchange (D–H) is a specific method of securely exchanging cryptographic keys via a public channel D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 863 https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange QUESTION 479 Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties can perform the decryption operation to retrieve the stored key? A. B. C. D.

Key escrow Fair cryptography Key encapsulation Zero-knowledge recovery

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation:

CISSP

According to RFC 4949, key encapsulation is a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties called "recovery agents" can perform the decryption operation to retrieve the stored key. Key encapsulation typically permits direct retrieval of a secret key used to provide data confidentiality. Incorrect Answers: A: A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of one or more third parties called "escrow agents", so that the key can be recovered and used in specified circumstances. This is not what is described in the question. B: Fair cryptography is not a valid answer. D: Zero-knowledge recovery is not a valid answer. References: http://tools.ietf.org/html/rfc4949 QUESTION 480 Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. B. C. D.

A known-plaintext attack A known-algorithm attack A chosen-ciphertext attack A chosen-plaintext attack

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: In this question, the attacker is trying to obtain the key from several “some plaintext-ciphertext pairs”. When the attacker has a copy of the plaintext corresponding to the ciphertext, this is known as a known-plaintext attack. Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at “cracking” the cipher is also known as an attack. The following are example of some common attacks: Known Plaintext. The attacker has a copy of the plaintext corresponding to the ciphertext Chosen Ciphertext. Portions of the ciphertext are selected for trial decryption while having access to the corresponding decrypted plaintext Chosen Plaintext. Chosen plaintext is encrypted and the output ciphertext is obtained Ciphertext Only. Only the ciphertext is available Incorrect Answers: B: A known-algorithm attack is not a defined type of attack. C: With a Chosen-Ciphertext attack, the attacker has a copy of the plaintext corresponding to the ciphertext. This is not what is described in the question. D: With a chosen-plaintext attack, chosen plaintext is encrypted and the output ciphertext is obtained. This is not what is described in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 154 QUESTION 481 Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length.

CISSP

B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message. Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Cryptographic hash functions are designed to take a string of any length as input and produce a fixed-length message digest, not a message digest of arbitrary length. A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. These one-way hash functions have been called "the workhorses of modern cryptography". The input data is often called the message, and the hash value is often called the message digest or simply the digest. The ideal cryptographic hash function has four main properties: it is easy to compute the hash value for any given message it is infeasible to generate a message from its hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash. Incorrect Answers: B: It is true that it is computationally infeasible to construct two different messages with the same digest. C: It is true that it converts a message of arbitrary length into a message digest of a fixed length. D: It is true that given a digest value, it is computationally infeasible to find the corresponding message. References: https://en.wikipedia.org/wiki/Cryptographic_hash_function QUESTION 482 The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. B. C. D.

4 16 54 64

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64-bit blocks of data, which is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. Incorrect Answers: A: This is the size of one of the smaller blocks. C: This is not a valid block size for block ciphers. D: This is incorrect as it is the initial size of the block. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 809, 810 QUESTION 483 Which of the following statements is MOST accurate regarding a digital signature? CISSP

A. B. C. D.

It is a method used to encrypt confidential data. It is the art of transferring handwritten signature to electronic media. It allows the recipient of data to prove the source and integrity of data. It can be used as a signature system and a cryptosystem.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory. Incorrect Answers: A: Digital signatures do not provide encryption. B: A digital signature is not the art of transferring handwritten signature to electronic media. D: A digital signature cannot be used as a signature system and a cryptosystem. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 151 QUESTION 484 The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. B. C. D.

computing in Galois fields computing in Gladden fields computing in Gallipoli fields computing in Galbraith fields

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as computing in Galois fields, RSA is quite feasible for computer use. A Galois field is a finite field. Incorrect Answers: B: A finite field is not called a Gladden field. Gladden fields are not used in RSA. C: A finite field is not called a Gallipoli field. Gallipoli fields are not used in RSA. D: A finite field is not called a Galbraith field. Galbraith fields are not used in RSA. QUESTION 485 CISSP

Which of the following concerning the Rijndael block cipher algorithm is NOT true? A. B. C. D.

The design of Rijndael was strongly influenced by the design of the block cipher Square. A total of 25 combinations of key length and block length are possible Both block size and key length can be extended to multiples of 64 bits. The cipher has a variable block length and key length.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: It is false that both block size and key length can be extended to multiples of 64 bits; they can be extended in multiples of 32 bits. Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128bit block size and various key lengths (128, 192, 256). The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. Incorrect Answers: A: It is true that the design of Rijndael was strongly influenced by the design of the block cipher Square. B: It is true that a total of 25 combinations of key length and block length are possible. D: It is true that the cipher has a variable block length and key length. References: http://searchsecurity.techtarget.com/definition/Rijndael https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 145 QUESTION 486 This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? A. B. C. D.

Chosen-Ciphertext attack Ciphertext-only attack Plaintext Only Attack Adaptive-Chosen-Plaintext attack

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A chosen-ciphertext attack is one in which a cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems. Incorrect Answers: B: A Ciphertext-Only attack is one which the cryptanalyst obtains a sample of ciphertext without the plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a successful ciphertext-only attack is generally difficult and requires a very large ciphertext sample. This attack is not generally most applicable to public-key cryptosystems. C: Plaintext Only Attack it not a defined attack type. D: An Adaptive-Chosen-Plaintext attack is a special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically and alter his or her choices based on the results of previous CISSP

encryptions. This attack is not generally most applicable to public-key cryptosystems. QUESTION 487 What is NOT true about a one-way hashing function? A. B. C. D.

It provides authentication of the message A hash cannot be reverse to get the message used to create the hash The results of a one-way hash is a message digest It provides integrity of the message

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: One-way hashing does not provide confidentiality or authentication. Incorrect Answers: B: One-way hash functions are never used in reverse. C: With one-way hashing, the sender puts a message through a hashing algorithm that results in a message digest (MD) value. D: One-way hashing does not provide confidentiality or authentication, but it does provide integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 821, 825 QUESTION 488 You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by: A. B. C. D.

having the sender encrypt the message with his private key. having the sender encrypt the hash with his private key. having the sender encrypt the message with his symmetric key. having the sender encrypt the hash with his public key.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: A hash will ensure the integrity of the data being transferred. A private key will authenticate the source (sender). Only the sender has a copy of the private key. If the recipient is able to decrypt the hash with the public key, then the recipient will know that the hash was encrypted with the private key of the sender. A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. The input data is often called the message, and the hash value is often called the message digest or simply the digest. The ideal cryptographic hash function has four main properties: it is easy to compute the hash value for any given message it is infeasible to generate a message from its hash it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash. Incorrect Answers: A: Having the sender encrypt the message with his private key would authenticate the sender. However, is

CISSP

would not ensure the integrity of the message. A hash is required to ensure the integrity of the message. C: Having the sender encrypt the message with his symmetric key will not authenticate the sender or ensure the integrity of the message. A hash is required to ensure the integrity of the message and the hash should be encrypted with the sender’s private key. D: Having the sender encrypt the hash with his public key will not authenticate the sender. Anyone could have a copy of the sender’s public key. The hash should be encrypted with the sender’s private key as the sender is the only person in possession of the private key. References: https://en.wikipedia.org/wiki/Cryptographic_hash_function QUESTION 489 Which of the following type of lock uses a numeric keypad or dial to gain entry? A. B. C. D.

Bolting door locks Cipher lock Electronic door lock Biometric door lock

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level of security and control over who can access a facility. Incorrect Answers: A: A bolting door lock is not the name for the type of lock that uses a numeric keypad or dial to gain entry. Therefore, this answer is incorrect. C: Locks that use a numeric keypad or dial to gain entry are often electronic locks. However, they can also be mechanical (non-electronic) locks. Therefore, this answer is incorrect. D: Biometric door locks do not use a numeric keypad or dial to gain entry; they use biometric scanners such as fingerprint or retina scanners. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 480 QUESTION 490 In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? A. B. C. D.

Relief valve Emergency valve Release valve Clapper valve

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: In a dry pipe system, there is no water standing in the pipe — it is being held back by a clapper valve. In the CISSP

event of a fire, the valve opens, the air is blown out of the pipe, and the water flows. Incorrect Answers: A: The valve used in a dry pipe system is called a clapper valve, not a relief valve. Therefore, this answer is incorrect. B: The valve used in a dry pipe system is called a clapper valve, not an emergency valve. Therefore, this answer is incorrect. C: The valve used in a dry pipe system is called a clapper valve, not a release valve. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 463 QUESTION 491 The most prevalent cause of computer center fires is which of the following? A. B. C. D.

AC equipment Electrical distribution systems Heating systems Natural causes

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The most prevalent cause of computer center fires is electrical distribution systems. Most computer circuits use only two to five volts of direct current, which usually cannot start a fire. If a fire does happen in a computer room, it will most likely be an electrical fire caused by overheating of wire insulation or by overheating components that ignite surrounding plastics. Prolonged smoke usually occurs before combustion. Incorrect Answers: A: AC equipment is not the most prevalent cause of computer center fires. Therefore, this answer is incorrect. C: Heating systems are not the most prevalent cause of computer center fires. Computer centers use cooling systems, not heating systems. Therefore, this answer is incorrect. D: Natural causes are not the most prevalent cause of computer center fires. Computer centers are typically protected against natural causes. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 469 QUESTION 492 Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? A. B. C. D.

When the fire involves paper products When the fire is caused by flammable products When the fire involves electrical equipment When the fire is in an enclosed area

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Class C fire extinguishers are used for fires involving electrical equipment. CISSP

Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders. These extinguishing agents are non-conductive. Class A fire extinguishers use water or foam. Water or foam used on an electrical fire would conduct the electricity and make the fire worse. Therefore, for an electrical fire, a Class C fire extinguisher is preferable to a Class A fire extinguisher. Incorrect Answers: A: For a paper fire, a Class A fire extinguisher that uses water or foam is preferred. Therefore, this answer is incorrect. B: All products that are burning in a fire are ‘flammable’. The specific type of product needs to be determined to determine which fire extinguisher to use. Therefore, this answer is incorrect. D: For a fire in an enclosed area, a Class A fire extinguisher that uses water or foam is preferred (unless the elements of the fire require a different fire extinguisher). This is because other fire extinguishers can use gases that can be harmful to life. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 493 Examples of types of physical access controls include all EXCEPT which of the following? A. B. C. D.

badges locks guards passwords

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Access control needs to be enforced through physical and technical components when it comes to physical security. Physical access controls use mechanisms to identify individuals who are attempting to enter a facility or area. They make sure the right individuals get in and the wrong individuals stay out, and provide an audit trail of these actions. A physical security control is a physical item put into place to protect facility, personnel, and resources. Examples of physical access controls include badges, locks, guards, fences, barriers, RFID cards etc. A password is not a physical object; it is something you know. Therefore, a password is not an example of a physical access control. Incorrect Answers: A: A badge is a physical object. Therefore, this answer is incorrect. B: A lock is a physical object. Therefore, this answer is incorrect. C: A guard is a physical object; a person working as a guard counts as a physical access control. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 476 QUESTION 494 Which of the following statements pertaining to fire suppression systems is TRUE? A. Halon is today the most common choice as far as agents are concerned because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire. B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers. C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire.

CISSP

D. Water Based extinguishers are NOT an effective fire suppression method for class C (electrical) fires. Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders. These extinguishing agents are non-conductive. Class A fire extinguishers use water or foam. Water or foam used on an electrical fire would conduct the electricity and make the fire worse. Therefore, it is TRUE that water-based extinguishers are NOT an effective fire suppression method for class C (electrical) fires. Incorrect Answers: A: Halon is NOT the most common choice as far as agents are concerned. Halon is now known to be dangerous and no longer produced. Therefore, this answer is incorrect. B: Gas masks DO NOT provide an effective protection against use of CO2 systems. CO2 systems work by removing the oxygen from the air. Therefore, this answer is incorrect. C: CO2 systems ARE effective because they suppress the oxygen supply required to sustain the fire. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 495 How should a doorway of a manned facility with automatic locks be configured? A. B. C. D.

It should be configured to be fail-secure. It should be configured to be fail-safe. It should have a door delay cipher lock. It should not allow piggybacking.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Failsafe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings. Incorrect Answers: A: The doorway should be configured to be fail-safe, not fail-secure. A fail-secure configuration could lock people in the building if a power disruption occurs that affects the automated locking system. Therefore, this answer is incorrect. C: A door delay cipher lock will sound an alarm if the door is held open for too long. This is not a requirement for a doorway of a manned facility. Therefore, this answer is incorrect. D: Piggybacking is when an individual gains unauthorized access by using someone else’s legitimate credentials or access rights. Usually an individual just follows another person closely through a door without providing any credentials. It is not a requirement for a doorway of a manned facility to not allow piggybacking. Therefore, this answer is incorrect. References:

CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 451 QUESTION 496 Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. B. C. D.

A passive system sensing device A transponder A card swipe A magnetic card

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything. Incorrect Answers: A: A passive system sensing device contains no battery or power on the card, but senses the electromagnetic field transmitted by the reader and transmits at different frequencies using the power field of the reader. This device does not send an access code. Therefore, this answer is incorrect. C: A swipe card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect. D: A magnetic card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 484 Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 471 QUESTION 497 According to ISC2, what should be the fire rating for the internal walls of an information processing facility? A. All walls must have a one-hour minimum fire rating. B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. C. All walls must have a two-hour minimum fire rating. D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating. Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The internal walls of your processing facility must be a floor to ceiling slab with a one-hour minimum fire rating. Any adjacent walls where records such as paper, media, etc. must have a two-hour minimum fire rating. There are different regulations that exist for external walls from state to state. Incorrect Answers:

CISSP

A: Walls to adjacent rooms where records such as paper and media are stored should have a two-hour minimum fire rating, not a one-hour fire rating. Therefore, this answer is incorrect. C: It is not necessary for all walls to have a two-hour minimum fire rating. Therefore, this answer is incorrect. D: It is not necessary for the internal walls to have a two-hour fire rating and it is not necessary for walls to adjacent rooms where records such as paper and media are stored should have a three-hour minimum fire rating. Therefore, this answer is incorrect. QUESTION 498 Which of the following statements pertaining to air conditioning for an information processing facility is TRUE? A. The AC units must be controllable from outside the area. B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room. C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown. D. The AC units must be dedicated to the information processing facility. Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: The AC units used in an information processing facility must be dedicated and controllable from within the area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out of the room. Incorrect Answers: A: The AC units must be controllable from inside the area, not outside the area. Therefore, this answer is incorrect. B: The AC units must keep positive pressure in the room, not negative pressure so that smoke and other gases are forced out of the room. Therefore, this answer is incorrect. C: The AC units must be on a different power source as the equipment in the room to allow for easier shutdown. Therefore, this answer is incorrect. QUESTION 499 Which of the following statements pertaining to secure information processing facilities is NOT true? A. B. C. D.

Walls should have an acceptable fire rating. Windows should be protected with bars. Doors must resist forcible entry. Location and type of fire suppression systems should be known.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: The following statements pertaining to secure information processing facilities are correct: Walls should have an acceptable fire rating. Doors must resist forcible entry. Location and type of fire suppression systems should be known. Flooring in server rooms and wiring closets should be raised to help mitigate flooding damage. Separate AC units must be dedicated to the information processing facilities. Backup and alternate power sources should exist. The statement “windows should be protected with bars” is tricky. You could argue that they windows should be CISSP

protected with bars. However, in a ‘secure’ information processing facility, there should be no windows. Incorrect Answers: A: It is true that walls should have an acceptable fire rating. Therefore, this answer is incorrect. C: It is true that doors must resist forcible entry. Therefore, this answer is incorrect. D: It is true that the location and type of fire suppression systems should be known. Therefore, this answer is incorrect. QUESTION 500 What is a common problem when using vibration detection devices for perimeter control? A. B. C. D.

They are vulnerable to non-adversarial disturbances. They can be defeated by electronic means. Signal amplitude is affected by weather conditions. They must be buried below the frost line.

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A common problem when using vibration detection devices for perimeter control is false alarms. For example, someone could lean on the fence and trigger an alarm. Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms. Incorrect Answers: B: Vibration detection devices for perimeter control are not commonly defeated by electronic means. Therefore, this answer is incorrect. C: Signal amplitude being affected by weather conditions is not common problem when using vibration detection devices for perimeter control. Therefore, this answer is incorrect. D: It is not true that vibration detection devices for perimeter control must be buried below the frost line. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 487 QUESTION 501 Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher? A. B. C. D.

When the fire is in its incipient stage. When the fire involves electrical equipment. When the fire is located in an enclosed area. When the fire is caused by flammable products.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Class C fire extinguishers are used for fires involving electrical equipment. Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use non-conductive agents such as gas, CO2 or dry powders. CISSP

Class A fire extinguishers use water or foam. Water or foam used on an electrical fire would conduct the electricity and make the fire worse. Therefore, for an electrical fire, a Class C fire extinguisher is preferable to a Class A fire extinguisher. Incorrect Answers: A: A fire being in its incipient stage (just starting) is not a reason to use a Class C fire extinguisher. Therefore, this answer is incorrect. C: For a fire in an enclosed area, a Class A fire extinguisher that uses water or foam is preferred (unless the elements of the fire require a different fire extinguisher). This is because other fire extinguishers can use gases that are harmful to life. Therefore, this answer is incorrect. D: All products that are burning in a fire are ‘flammable’. The specific type of product needs to be determined to determine which fire extinguisher to use. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 502 To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? A. B. C. D.

Order an immediate refill with Halon 1201 from the manufacturer. Contact a Halon recycling bank to make arrangements for a refill. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer. Order an immediate refill with Halon 1301 from the manufacturer.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms. It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans. Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until 1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone. By law, companies that have halon extinguishers do not have to replace them, but the extinguishers cannot be refilled. So, companies that have halon extinguishers do not have to replace them right away, but when the extinguisher’s lifetime runs out, FM-200 extinguishers or other EPA-approved chemicals should be used. Incorrect Answers: A: You cannot refill a fire extinguisher with Halon 1201. Therefore, this answer is incorrect. B: You cannot refill a fire extinguisher with Halon. Therefore, this answer is incorrect. D: You cannot refill a fire extinguisher with Halon 1301. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 473 QUESTION 503 Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is BEST described as: A. ownership. B. protecting specific areas with different measures.

CISSP

C. localized emissions. D. compromise of the perimeter. Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Crime Prevention Through Environmental Design (“CPTED”) is the design, maintenance, and use of the built environment in order to enhance quality of life and to reduce both the incidence and fear of crime. Territoriality means providing clear designation between public, private, and semi-private areas and makes it easier for people to understand, and participate in, an area’s intended use. Territoriality communicates a sense of active “ownership” of an area that can discourage the perception that illegal acts may be committed in the area without notice or consequences. The use of see-through screening, low fencing, gates, signage, different pavement textures, or other landscaping elements that visually show the transition between areas intended for different uses are examples of the principle of territoriality. Incorrect Answers: B: Protecting specific areas with different measures is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. C: Localized emissions are not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. D: Compromise of the perimeter is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect. References: https://www.portlandoregon.gov/oni/article/320548 QUESTION 504 In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. B. C. D.

Fail Soft Fail Open Fail Safe Fail Secure

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Failsafe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings. Incorrect Answers: A: Doorways with automatic locks can be configured to be fail-safe or fail-secure. “Fail-soft” is not a valid term when talking about doorways with automatic locks. Therefore, this answer is incorrect. B: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. “Fail-open” is essentially the same as fail-safe although fail-safe is the more

CISSP

commonly used terminology. In a fail-safe or fail-open system, the doors do not remain locked. Therefore, this answer is incorrect. C: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked; the doors do not remain locked. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 451 QUESTION 505 An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against? A. B. C. D.

Emanation Attacks Social Engineering Object reuse Wiretapping

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Shielding is used to protect against electromagnetic emanation by reducing the size and strength of the propagated field. This makes shielding an effective method for decreasing or eliminating the interference and crosstalk. White noise is also used to protect against electromagnetic emanation. It achieves this by drowning out the small signal emanations that could normally be identified and used by unauthorized users to steal data. Incorrect Answers: B: Shielding and white noise are not countermeasures to Social Engineering. C: To protect against object reuse issues, you should wipe data from the subject media before reuse. D: Shielding and white noise are not countermeasures to Wiretapping. References: Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, pp. 261, 262, 689 https://en.wikipedia.org/wiki/Social_engineering_(security) http://people.howstuffworks.com/wiretapping.htm QUESTION 506 Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. B. C. D.

Transient Noise Faulty Ground Brownouts UPS

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: An uninterruptible power supply (UPS) helps to ensure the continued supply of clean, steady power; it does not threaten it. An uninterruptible power supply (UPS) is an electrical apparatus that provides emergency power to a load when the input power source, typically mains power, fails. A UPS differs from an auxiliary or emergency power CISSP

system or standby generator in that it will provide near-instantaneous protection from input power interruptions, by supplying energy stored in batteries, supercapacitors, or flywheels. The on-battery runtime of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment. Incorrect Answers: A: Transient Noise is an element that can threaten power systems. Therefore, this answer is incorrect. B: Faulty Ground is an element that can threaten power systems. Therefore, this answer is incorrect. C: A brownout is a prolonged period of lower than expected voltage; this an element that can threaten power systems. Therefore, this answer is incorrect. References: https://en.wikipedia.org/wiki/Uninterruptible_power_supply QUESTION 507 The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. B. C. D.

Static electricity Corrosion Energy-plating Element-plating

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: High humidity means extra water in the air. This extra water can cause corrosion to computer parts. It is important to maintain the proper temperature and humidity levels within data centers, which is why an HVAC system should be implemented specifically for this room. Too high a temperature can cause components to overheat and turn off; too low a temperature can cause the components to work more slowly. If the humidity is high, then corrosion of the computer parts can take place; if humidity is low, then static electricity can be introduced. Because of this, the data center must have its own temperature and humidity controls, which are separate from the rest of the building. Incorrect Answers: A: Static electricity is caused by low humidity, not high humidity. Therefore, this answer is incorrect. C: Energy-plating is not caused by high humidity. Therefore, this answer is incorrect. D: Element-plating is not caused by high humidity. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 456 QUESTION 508 Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat? A. B. C. D.

Business continuity plan Incident response plan Disaster recovery plan Occupant emergency plan

Correct Answer: D Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: The occupant emergency plan (OEP) provides the “response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency.” Incorrect Answers: A: A business continuity plan provides procedures for sustaining essential business operations while recovering from a significant disruption, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat. B: Incident response plan focuses on malware, hackers, intrusions, attacks, and other security issues. It outlines procedures for incident response. C: A Disaster recovery plan provides detailed procedures to facilitate recovery of capabilities at an alternate site, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 369-370 QUESTION 509 The main risks that physical security components combat are all of the following EXCEPT: A. B. C. D.

SYN flood Physical damage Theft Tailgating

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: A SYN flood is a type of software attack on system. The defense against a SYN flood is also software-based, not a physical component. If an attacker sends a target system SYN packets with a spoofed address, then the victim system replies to the spoofed address with SYN/ACK packets. Each time the victim system receives one of these SYN packets it sets aside resources to manage the new connection. If the attacker floods the victim system with SYN packets, eventually the victim system allocates all of its available TCP connection resources and can no longer process new requests. This is a type of DoS that is referred to as a SYN flood. To thwart this type of attack you can use SYN proxies, which limit the number of open and abandoned network connections. The SYN proxy is a piece of software that resides between the sender and receiver and only sends on TCP traffic to the receiving system if the TCP handshake process completes successfully. Incorrect Answers: B: Physical damage is carried out by a person or people. Physical security components can reduce the risk of physical damage. Therefore, this answer is incorrect. C: Theft is carried out by a person or people. Physical security components can reduce the risk of theft. Therefore, this answer is incorrect. D: Tailgating is carried out by a person or people. Physical security components can reduce the risk of tailgating. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 539 QUESTION 510 A momentary power outage is a:

CISSP

A. B. C. D.

spike blackout surge fault

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: Spike Momentary high voltage Surge Prolonged high voltage Power loss: Fault Momentary power outage Blackout Prolonged, complete loss of electric power Power degradation: Sag/dip Momentary low-voltage condition, from one cycle to a few seconds Brownout Prolonged power supply that is below normal voltage In-rush current Initial surge of current required to start a load Incorrect Answers: A: A spike is a momentary high voltage, not a momentary power outage. Therefore, this answer is incorrect. B: A blackout is a prolonged complete loss of power, not a momentary loss of power. Therefore, this answer is incorrect. C: A surge is prolonged high voltage, not a momentary power outage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 511 A momentary high voltage is a: A. B. C. D.

spike blackout surge fault

Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: Spike Momentary high voltage Surge Prolonged high voltage Power loss: CISSP

Fault Momentary power outage Blackout Prolonged, complete loss of electric power Power degradation: Sag/dip Momentary low-voltage condition, from one cycle to a few seconds Brownout Prolonged power supply that is below normal voltage In-rush current Initial surge of current required to start a load Incorrect Answers: B: A blackout is a prolonged complete loss of power, not a momentary high voltage. Therefore, this answer is incorrect. C: A surge is prolonged high voltage, not a momentary high voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a momentary high voltage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 512 A momentary low voltage, from 1 cycle to a few seconds, is a: A. B. C. D.

spike blackout sag fault

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: Spike Momentary high voltage Surge Prolonged high voltage Power loss: Fault Momentary power outage Blackout Prolonged, complete loss of electric power Power degradation: Sag/dip Momentary low-voltage condition, from one cycle to a few seconds Brownout Prolonged power supply that is below normal voltage In-rush current Initial surge of current required to start a load Incorrect Answers: A: A spike is a momentary high voltage, not a momentary low voltage. Therefore, this answer is incorrect. B: A blackout is a prolonged complete loss of power, not a momentary low voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a momentary low voltage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 513 A prolonged high voltage is a:

CISSP

A. B. C. D.

spike blackout surge fault

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: A surge is a prolonged rise in voltage from a power source. Surges can cause a lot of damage very quickly. A surge is one of the most common power problems and is controlled with surge protectors. These protectors use a device called a metal oxide varistor, which moves the excess voltage to ground when a surge occurs. Its source can be from a strong lightning strike, a power plant going online or offline, a shift in the commercial utility power grid, and electrical equipment within a business starting and stopping. Incorrect Answers: A: A spike is a momentary high voltage, not a prolonged high voltage. Therefore, this answer is incorrect. B: A blackout is a prolonged complete loss of power, not a prolonged high voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a prolonged high voltage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 514 A prolonged complete loss of electric power is a: A. B. C. D.

brownout blackout surge fault

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A blackout is when the voltage drops to zero. This can be caused by lightning, a car taking out a power line, storms, or failure to pay the power bill. It can last for seconds or days. This is when a backup power source is required for business continuity. Incorrect Answers: A: A brownout is a prolonged low voltage, not a prolonged complete loss of power. Therefore, this answer is incorrect. C: A surge is a prolonged high voltage, not a prolonged power outage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a prolonged power outage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 515 A prolonged electrical power supply that is below normal voltage is a: A. brownout

CISSP

B. blackout C. surge D. fault Correct Answer: A Section: Security Engineering Explanation Explanation/Reference: Explanation: When power companies are experiencing high demand, they frequently reduce the voltage in an electrical grid, which is referred to as a brownout. Constant voltage transformers can be used to regulate this fluctuation of power. They can use different ranges of voltage and only release the expected 120 volts of alternating current to devices. Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people. The following explains the different types of voltage fluctuations possible with electric power: Power excess: Spike Momentary high voltage Surge Prolonged high voltage Power loss: Fault Momentary power outage Blackout Prolonged, complete loss of electric power Power degradation: Sag/dip Momentary low-voltage condition, from one cycle to a few seconds Brownout Prolonged power supply that is below normal voltage In-rush current Initial surge of current required to start a load Incorrect Answers: B: A blackout is a prolonged complete loss of power, not a prolonged low voltage. Therefore, this answer is incorrect. C: A surge is a prolonged high voltage, not a prolonged low voltage. Therefore, this answer is incorrect. D: A fault is a momentary power outage, not a prolonged low voltage. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463 QUESTION 516 While referring to physical security, what does positive pressurization means? A. B. C. D.

The pressure inside your sprinkler system is greater than zero. The air goes out of a room when a door is opened and outside air does not go into the room. Causes the sprinkler system to go off. A series of measures that increase pressure on employees in order to make them more productive.

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Ventilation has several requirements that must be met to ensure a safe and comfortable environment. A closed-loop recirculating air-conditioning system should be installed to maintain air quality. “Closed-loop” means the air within the building is reused after it has been properly filtered, instead of bringing outside air in. Positive pressurization and ventilation should also be implemented to control contamination. Positive pressurization

CISSP

means that when an employee opens a door, the air goes out, and outside air does not come in. If a facility were on fire, you would want the smoke to go out the doors instead of being pushed back in when people are fleeing. Incorrect Answers: A: Positive pressurization does not mean the pressure inside your sprinkler system is greater than zero. Therefore, this answer is incorrect. C: Positive pressurization does not cause the sprinkler system to go off. Therefore, this answer is incorrect. D: Positive pressurization is not a series of measures that increase pressure on employees in order to make them more productive. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 467 QUESTION 517 Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: A. B. C. D.

smoke boundary area. fire detection area. plenum area. intergen area.

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors. Plenum areas should have fire detectors. Also, only plenumrated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns. Incorrect Answers: A: A smoke boundary area is not the area described in the question. Therefore, this answer is incorrect. B: A fire detection area is not the area described in the question. Therefore, this answer is incorrect. D: An Intergen area is not the area described in the question. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 473 QUESTION 518 Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. B. C. D.

administrative controls. logical controls. technical controls. physical controls.

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: CISSP

Explanation: Guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are examples of physical security controls. These are all items put into place to protect facility, personnel, and resources. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are examples of physical security controls, not administrative controls. Therefore, this answer is incorrect. B: Guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are examples of physical security controls, not logical controls. Therefore, this answer is incorrect. C: Guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are examples of physical security controls, not technical controls. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 519 To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it? A. B. C. D.

Rate-of-rise temperature sensor installed on the side wall Variable heat sensor installed above the suspended ceiling Fixed-temperature sensor installed in the air vent Rate-of-rise temperature sensor installed below the raised floors

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Heat-activated detectors provide the earliest warning possible of a fire outbreak. They should be placed below the raised floors as this is where the cabling most likely to cause an electrical fire is. Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable. It is not enough to have these fire and smoke detectors installed in a facility; they must be installed in the right places. Detectors should be installed both on and above suspended ceilings and raised floors, because companies run many types of wires in both places that could start an electrical fire. No one would know about the fire until it broke through the floor or dropped ceiling if detectors were not placed in these areas. Incorrect Answers: A: A side wall is not the best location for the sensor. If cabling under a raised floor starts a fire, it will be some time before the wall mounted heat sensor is triggered. Therefore, this answer is incorrect. B: A variable heat sensor is not the best type of sensor to provide the earliest warning possible of a fire outbreak. Therefore, this answer is incorrect.

CISSP

C: Fixed-temperature sensors are triggered when a defined temperature is reached. This is not the best type of sensor to provide the earliest warning possible of a fire outbreak. The air vent is also not the best location for the sensor. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 470 QUESTION 520 Which type of fire extinguisher is MOST appropriate for a digital information processing facility? A. B. C. D.

Type A Type B Type C Type D

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: The most likely type of fire in a digital information processing facility is an electrical fire. Class C fire extinguishers are used for fires involving electrical equipment. Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders as these extinguishing agents are non-conductive. Incorrect Answers: A: Type A fire extinguishers use water or foam. These should not be used on an electrical fire. Therefore, this answer is incorrect. B: Type B fires are liquid fires such as gasoline. Some Type B fire extinguishers use CO2 which could be used on an electrical fire. However, Type B fire extinguishers can also use foam which should not be used on electrical fires. Therefore, this answer is incorrect. D: Type D fires are combustible metals such as magnesium, sodium or potassium. Type D fire extinguishers use dry powders designed for combustible metals and should not be used on electrical fires. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 472 QUESTION 521 Which of the following controls related to physical security is NOT an administrative control? A. B. C. D.

Personnel controls Alarms Training Emergency response and procedures

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Alarms are an example of a physical control type, not an administrative control. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software CISSP

or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Personnel controls are an example of an administrative control. Therefore, this answer is incorrect. C: Training is an example of an administrative control. Therefore, this answer is incorrect. D: Emergency response and procedures are an example of an administrative control. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 522 Which of the following is related to physical security and is NOT considered a technical control? A. B. C. D.

Access control Mechanisms Intrusion Detection Systems Firewalls Locks

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Locks are an example of a physical control type, not a technical control. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Access control Mechanisms are an example of a technical control. Therefore, this answer is incorrect. B: Intrusion Detection Systems are an example of a technical control. Therefore, this answer is incorrect. C: Firewalls are an example of a technical control. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 523 Which of the following floors would be MOST appropriate to locate information processing facilities in a 6stories building? A. B. C. D.

Basement Ground floor Third floor Sixth floor

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: CISSP

Explanation: Because data centers usually hold expensive equipment and the company’s critical data, their protection should be thoroughly thought out before implementation. Data centers should not be located on the top floors because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. By the same token, data centers should not be located in basements where flooding can affect the systems. And if a facility is in a hilly area, the data center should be located well above ground level. Data centers should be located at the core of a building so if there is some type of attack on the building, the exterior walls and structures will absorb the hit and hopefully the data center will not be damaged. Incorrect Answers: A: The information processing facilities should not be in the basement because of the risk of flooding. Therefore, this answer is incorrect. B: The information processing facilities should not be on the ground floor because of the risk of flooding. Therefore, this answer is incorrect. D: The information processing facilities should not be on the top floor because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 454 QUESTION 524 Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? A. B. C. D.

Wet pipe Dry pipe Deluge Preaction

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced. Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems. Incorrect Answers: A: Wet pipe systems always contain water in the pipes and are usually discharged by temperature control–level sensors. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means. Therefore, this answer is incorrect. B: In dry pipe systems, the water is not actually held in the pipes. The water is contained in a “holding tank” until it is released. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means. Therefore, this answer is incorrect. C: A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments. This type is not the most recommended water system for a computer room. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 474-475

CISSP

QUESTION 525 For maximum security design, what type of fence is most effective and cost-effective method (Foot is being used as measurement unit below)? A. B. C. D.

3' to 4' high. 6' to 7' high. 8' high and above with strands of barbed wire. Double fencing

Correct Answer: C Section: Security Engineering Explanation Explanation/Reference: Explanation: Fences come in varying heights, and each height provides a different level of security: Fences three to four feet high only deter casual trespassers. Fences six to seven feet high are considered too high to climb easily. Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder. The barbed wire on top of fences can be tilted in or out, which also provides extra protection. If the organization is a prison, it would have the barbed wire on top of the fencing pointed in, which makes it harder for prisoners to climb and escape. If the organization is a military base, the barbed wire would be tilted out, making it harder for someone to climb over the fence and gain access to the premises. Critical areas should have fences at least eight feet high to provide the proper level of protection. The fencing should not sag in any areas and must be taut and securely connected to the posts. The fencing should not be easily circumvented by pulling up its posts. The posts should be buried sufficiently deep in the ground and should be secured with concrete to ensure the posts cannot be dug up or tied to vehicles and extracted. If the ground is soft or uneven, this might provide ways for intruders to slip or dig under the fence. In these situations, the fencing should actually extend into the dirt to thwart these types of attacks. Incorrect Answers: A: Fences three to four feet high only deter casual trespassers. They are not the most effective maximum security design. Therefore, this answer is incorrect. B: Fences six to seven feet high are considered too high to climb easily. They are not the most effective maximum security design. Therefore, this answer is incorrect. D: Double fencing is not the most cost effective maximum security design. Two fences would cost more than one good fence. Furthermore, this answer does not state how high the two fences are. Two 3’ to 4’ fences would not be very secure. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 486 QUESTION 526 Which of the following questions is LESS likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted? Correct Answer: B Section: Security Engineering Explanation

CISSP

Explanation/Reference: Explanation: Configuring an operating system to prevent circumvention of the security software and application controls is an example of configuring technical controls, not physical controls. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Physical access to facilities is a physical control. Asking about regularly reviews of the list of persons with physical access to sensitive facilities will help in assessing physical access controls. Therefore, this answer is incorrect. C: Keys and access devices are examples of physical controls. Asking if they are required to enter the computer room and media library will help in assessing physical access controls. Therefore, this answer is incorrect. D: Escorting a visitor is an example of a physical control. Asking if this is required to enter sensitive areas will help in assessing physical access controls. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 527 Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. B. C. D.

Wave pattern motion detectors Capacitance detectors Field-powered devices Audio detectors

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: A capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area. An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this balance in the electrostatic field, causing a capacitance change, and an alarm will sound. Incorrect Answers: A: Wave pattern motion detectors are used overall room security monitoring. Therefore, this answer is incorrect. C: Field-powered devices are not intrusion detection devices. Field-powered device refers to a type of systemsensing proximity card. Therefore, this answer is incorrect. D: Audio detectors are used overall room security monitoring. Therefore, this answer is incorrect. References:

CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 496 QUESTION 528 The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas? A. B. C. D.

Threats Countermeasures Vulnerabilities Risks

Correct Answer: D Section: Security Engineering Explanation Explanation/Reference: Explanation: “Risks” is not one of the three areas that the Physical Security domain focuses on. The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include personnel, the facility in which they work, and the data, equipment, support systems, and media with which they work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment. Incorrect Answers: A: Threats is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. B: Countermeasures is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. C: Vulnerabilities is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 451 QUESTION 529 Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is NOT a component that achieves this type of security? A. B. C. D.

Administrative control mechanisms Integrity control mechanisms Technical control mechanisms Physical control mechanisms

Correct Answer: B Section: Security Engineering Explanation Explanation/Reference: Explanation: Integrity controls are not one of the three defined security control types. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And CISSP

physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Security procedures are an example of administrative controls. Therefore, this answer is incorrect. C: An intrusion detection system is an example of technical controls. Therefore, this answer is incorrect. D: The facility construction, fire and water protection are examples of physical controls. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 QUESTION 530 Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. B. C. D.

ICMP TCP UDP IP

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The TCP protocol is stateful. In a TCP connection, the sender sends a SYN packet, the receiver sends a SYN/ ACK, and then the sender acknowledges that packet with an ACK packet. A stateful firewall understands these different steps and will not allow packets to go through that do not follow this sequence. So, if a stateful firewall receives a SYN/ACK and there was not a previous SYN packet that correlates with this connection, the firewall understands this is not right and disregards the packet. This is what stateful means—something that understands the necessary steps of a dialog session. And this is an example of context-dependent access control, where the firewall understands the context of what is going on and includes that as part of its access decision. Incorrect Answers: A: The ICMP protocol is stateless, not stateful. C: The UDP protocol is stateless, not stateful. D: The IP protocol is stateless, not stateful. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 232 QUESTION 531 When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what is the proper term to refer to a single unit of TCP data at the transport layer? A. B. C. D.

TCP segment. TCP datagram. TCP frame. TCP packet.

Correct Answer: A Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: In the OSI model layer 4 is the transport layer. In the TCP/IP model, Application Layer data is encapsulated in a Layer 4 TCP segment. That TCP segment is encapsulated in a Layer 3 IP packet. Data, segments, and packets are examples of Protocol Data Units (PDUs). Incorrect Answers: B: TCP datagrams is not a notion that is used in the TCP/IP model. C: The TCP frame is at the Layer 2 Ethernet layer, not at the transport level which is layer 4. D: A TCP packet is at the application layer, not at the transport level. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 70 QUESTION 532 How do you distinguish between a bridge and a router? A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. B. "Bridge" and "router" are synonyms for equipment used to join two networks. C. The bridge is a specific type of router used to connect a LAN to the global Internet. D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer. Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Bridges and routers both connect networks. While bridges works only up to the data link layer, routers work at the network layer. Incorrect Answers: A: Both bridges and routers connect multiple networks. A router examines each packet to determine which network to forward it, but bridges can also examine packets by using filters to determine if the data should be forwarded or not. B: Bridge and router are not synonyms as they work at different network layers. C: A bridge is not one type of router. A bridge cannot connect a LAN to the Internet as it only working at the data link layer, and you need to work at the network layer to connect a LAN to the Internet. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 615 QUESTION 533 ICMP and IGMP belong to which layer of the OSI model? A. B. C. D.

Datagram Layer. Network Layer. Transport Layer. Data Link Layer.

Correct Answer: B Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: ICMP and IGMP work at the network layer of the OSI model. Incorrect Answers: A: There is no Datagram Layer in the OSI model. C: ICMP and IGMP do not belong to the Transport layer of the OSI model. TCP and UDP are examples of protocols working at the transport layer. D: ICMP and IGMP do not belong to the Transport layer of the OSI model. ARP, OSOF, and MAC are examples of protocols workings at the data link layer. References: https://en.wikipedia.org/wiki/Network_layer QUESTION 534 What is a limitation of TCP Wrappers? A. B. C. D.

It cannot control access to running UDP services. It stops packets before they reach the application layer, thus confusing some proxy servers. The hosts.* access control system requires a complicated directory tree. They are too expensive.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TCP Wrappers allows you to restrict access to TCP services, but not to UDP services. A TCP wrapper is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. Using TCP wrappers is a form of port – based access control. Incorrect Answers: B: The problem with TCP wrappers is not that confuse proxy servers. The problem is that they do not filter UDP traffic. C: The hosts.* access control system does not require a complicated directory tree. In the simplest configuration, daemon connection policies are set to either permit or block, depending on the options in file /etc/ hosts.allow. The default configuration in FreeBSD is to allow all connections to the daemons started with inetd. D: In a UNIX/Linux system the TCP wrappers are included in the distribution and come at no cost. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 118 QUESTION 535 The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. B. C. D.

TCP. ICMP. UDP. IGMP.

Correct Answer: B Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: The IP header protocol field value for ICMP is 1. Incorrect Answers: A: The IP header protocol field value for TCP is 6, not 1. C: IP header protocol field value for UDP is 17, not 1. D: The IP header protocol field value for IGMP is 2, not 1. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 122 QUESTION 536 The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? A. B. C. D.

TCP. ICMP. UDP. IGMP.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The IP header protocol field value for IGMP is 2. Incorrect Answers: A: The IP header protocol field value for TCP is 6, not 2. B: The IP header protocol field value for ICMP is 1, not 2. C: IP header protocol field value for UDP is 17, not 2. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 123 QUESTION 537 What is the proper term to refer to a single unit of IP data? A. B. C. D.

IP segment. IP datagram. IP frame. IP fragment.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. The Internet Protocol is responsible for addressing hosts and for routing datagrams (packets) from a source host to a destination host across one or more IP networks.

CISSP

Incorrect Answers: A: There is nothing called IP segment within the OSI model. The TCP protocol uses segments, while the IP protocol uses datagrams. C: The network layer (layer 2) of the OSI model handles data link frames, but there are no IP frames in the OSI model. IP datagrams are the network layer (layer 3). D: There is nothing called IP fragment within the OSI model. References: https://en.wikipedia.org/wiki/Internet_Protocol QUESTION 538 Tim's day to day responsibilities include monitoring health of devices on the network. He uses a Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high traffic passing through the interfaces. Which of the protocols would be BEST to use if some of the requirements are to prevent easy disclosure of the SNMP strings and authentication of the source of the packets? A. B. C. D.

UDP SNMP V1 SNMP V3 SNMP V2

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Simple Network Management Protocol (SNMP) was released to the networking world in 1988 to help with the growing demand of managing network IP devices. Companies use many types of products that use SNMP to view the status of their network, traffic flows, and the hosts within the network. SNMP uses agents and managers. Agents collect and maintain device-oriented data, which are held in management information bases. Managers poll the agents using community string values for authentication purposes. SNMP versions 1 and 2 send their community string values in cleartext, but with SNMP version 3, cryptographic functionality has been added, which provides encryption, message integrity, and authentication security. So any sniffers that are installed on the network cannot sniff SNMP traffic. Incorrect Answers: A: UDP is not a protocol used to monitor network devices. B: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets. D: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 587 http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol QUESTION 539 In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network? A. B. C. D.

The first bit of the IP address would be set to zero. The first bit of the IP address would be set to one and the second bit set to zero. The first two bits of the IP address would be set to one, and the third bit set to zero. The first three bits of the IP address would be set to one.

CISSP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Class C was defined with the 3 high-order bits set to 1, 1, and 0, and designating the next 21 bits to number the networks. This translates to the IP address range of a class C network of 192.0.0.0 to 223.255.255.255. Incorrect Answers: A: Class C was defined with three fixed bits, not just one single bit. B: Class C was defined with three fixed bits, not just two bits. D: Class C was defined with the first bits set to 1, 1, and 0. Not to 1, 1, and 1. References: https://en.wikipedia.org/wiki/Classful_network QUESTION 540 Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. B. C. D.

192.168.42.5 192.166.42.5 192.175.42.5 192.1.42.5

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The IP address 192.168.42.5 is in the private Class C IP address range. The private IP address ranges are: 10.0.0.0–10.255.255.255 (Class A network) 172.16.0.0–172.31.255.255 (Class B networks) 192.168.0.0–192.168.255.255 (Class C networks) Incorrect Answers: B: 192.166.42.5 is not a private IP address. If the first octet is 192 then the second octet must be 168 for the address to be private. C: 192.175.42.5 is not a private IP address. If the first octet is 192 then the second octet must be 168 for the address to be private. D: 192.1.42.5 is not a private IP address. If the first octet is 192 then the second octet must be 168 for the address to be private. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 605 QUESTION 541 In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class A network? A. B. C. D.

The first bit of the IP address would be set to zero. The first bit of the IP address would be set to one and the second bit set to zero. The first two bits of the IP address would be set to one, and the third bit set to zero. The first three bits of the IP address would be set to one. CISSP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Class A contains all addresses in which the most significant bit is zero. The address range of Class A is 0.0.0.0 - 127.255.255.255. Incorrect Answers: B: Class A contains only one single fixed bit, not two. C: Class A contains only one single fixed bit, not three. D: Class A contains only one single fixed bit, not three. References: https://en.wikipedia.org/wiki/Classful_network QUESTION 542 Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. B. C. D.

10.0.42.5 11.0.42.5 12.0.42.5 13.0.42.5

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The IP address 10.0.42.5 is in the private Class A IP address range. The private IP address ranges are: 10.0.0.0–10.255.255.255 (Class A network) 172.16.0.0–172.31.255.255 (Class B networks) 192.168.0.0–192.168.255.255 (Class C networks) Incorrect Answers: B: 11.0.42.5 is not a private IP address. The first octet must be 10 (or 172, or 192), not 11. C: 12.0.42.5 is not a private IP address. The first octet must be 10 (or 172, or 192), not 12. D: 13.0.42.5 is not a private IP address. The first octet must be 10 (or 172, or 192), not 13. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 605 QUESTION 543 Which of the following is NOT a way to secure a wireless network? A. B. C. D.

Disable broadcast of SSID within AP`s configuration Change AP's default values Put the access points (AP) in a location protected by a firewall Give AP's descriptive names

Correct Answer: D Section: Communication and Network Security

CISSP

Explanation Explanation/Reference: Explanation: A descriptive name of the Access Point is at best security neutral, but could decrease security as it makes it easier for an intruder might to gain some hints how the AP is used. Incorrect Answers: A: The SSID should not be seen as a reliable security mechanism because many APs broadcast their SSIDs, which can be easily sniffed and used by attackers. It is therefore prudent to disable the broadcast of SSIDs. B: Keeping the default values, such as default passwords, for access points, could compromise the security. C: The security of the Access Point can be increased by putting it behind a firewall. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 717 QUESTION 544 Which of the following media is MOST resistant to tapping? A. B. C. D.

Microwave. Twisted pair. Coaxial cable. Fiber optic.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is very hard to wiretap. Incorrect Answers: A: As microwave signals passes through air, they are very easy to eavesdrop. B: It is much easier to wiretap a twisted pair cable compared to fiber optic cable. C: It is much easier to wiretap a coaxial cable compared to fiber optic cable. QUESTION 545 Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? A. B. C. D.

A firewall. Dial-up. Passwords. Fiber optics.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device. Similarly, ingress filtering is used to ensure that incoming packets are actually from the networks from which

CISSP

they claim to originate. Incorrect Answers: B: Egress and ingress filtering can be implemented on a firewall, but not through dial-up. C: Egress and ingress filtering can be implemented on a firewall, but not through passwords. D: Egress and ingress filtering can be implemented on a firewall, but not fiber optics. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 631 QUESTION 546 Which one of the following is usually not a benefit resulting from the use of firewalls? A. B. C. D.

Reduces the risks of external threats from malicious hackers. Prevents the spread of viruses. Reduces the threat level on internal system. Allows centralized management and control of services.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Firewalls can be useful in restricting the negative impacts of viruses, but an anti-virus program is the only way to prevent the spread of viruses. Incorrect Answers: A: Firewalls are used to restrict access to one network from another network. They reduce the risk of external threats such as hackers. C: Firewall increases the security on the internal network by restricting external access. D: Firewalls can be administered from a central location. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 628 QUESTION 547 Which of the following DoD Model layer provides non-repudiation services? A. B. C. D.

Network layer. Application layer. Transport layer. Data link layer.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Non-repudiation is provided by applications such as PGP (Pretty Good Privacy). It is implemented in software and therefore run in the application layer. Non-repudiation means that parties involved in a communication cannot deny having participated. It is a technique that assures genuine communication that cannot subsequently be refuted. Implementing security at the application layer simplifies the provision of services such as non-repudiation by giving complete access to the data the user wants to protect. Incorrect Answers: CISSP

A: Non-repudiation is implemented at application layer, not at the network layer. C: Non-repudiation is implemented at application layer, not at the transport layer. D: Non-repudiation is implemented at application layer, not at the data-link layer. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 249 QUESTION 548 What is the 802.11 standard related to? A. B. C. D.

Public Key Infrastructure (PKI) Wireless network communications Packet-switching technology The OSI/ISO model

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: 802.11 is a set specifications for implementing wireless local area network (WLAN) computer communication. Incorrect Answers: A: The 802.11 standard is not for PKI. It is a specification for wireless communication on a LAN. C: The 802.11 standard does not concern packet-switching. It is a specification for wireless communication on a LAN. D: The 802.11 standard is not related to the OSI model or the ISO model. The 802.11 standard relates to wireless communication on a LAN. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 715 QUESTION 549 Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented? A. B. C. D.

Session layer Transport layer Data link layer Network layer

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Session-layer services are commonly used in application environments that make use of remote procedure calls (RPCs). Incorrect Answers: B: RPC is implemented at the session layer, not at the transport layer. C: RPC is implemented at the session layer, not at the data link layer. D: RPC is implemented at the session layer, not at the network layer. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 524 QUESTION 550 Frame relay and X.25 networks are part of which of the following? A. B. C. D.

Circuit-switched services Cell-switched services Packet-switched services Dedicated digital services

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Some examples of packet-switching technologies are the Internet, X.25, and frame relay. Incorrect Answers: A: X.25, and frame relay are packet switching services, not circuit-switching services. B: X.25, and frame relay are packet switching services, not cell-switching services. D: X.25, and frame relay are packet switching services, not dedicated digital services. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 674 QUESTION 551 Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. B. C. D.

Data Link Transport Presentation Application

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: PPP (Point-to-Point Protocol) is a data link protocol used to establish a direct connection between two nodes. PPP has replaced the older SLIP and CSLIP protocols. Incorrect Answers: B: SLIP, CSLIP, and PPP all work at the data link layer, not at the transport layer. C: SLIP, CSLIP, and PPP all work at the data link layer, not at the presentation layer. D: SLIP, CSLIP, and PPP all work at the data link layer, not at the application layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 683 QUESTION 552 In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation CISSP

D. Application Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TCP and UDP are examples of protocols working at the transport layer. Incorrect Answers: B: TCP and UDP work at the transport layer, not at the network layer. C: TCP and UDP work at the transport layer, not at the presentation layer. D: TCP and UDP work at the transport layer, not at the application layer. References: https://en.wikipedia.org/wiki/Network_layer QUESTION 553 Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? A. B. C. D.

TCP is connection-oriented, UDP is not. UDP provides for Error Correction, TCP does not. UDP is useful for longer messages, rather than TCP. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TCP is a connection-oriented protocol, while UDP is a connectionless protocol. Incorrect Answers: B: TCP provides error corrections, while UDP does not. Not vice versa. C: As UDP is a connectionless protocol it is less useful for longer messages, compared to the connection oriented protocol TCP. D: As TCP is a connection-oriented protocol it guarantees delivery of data, while UDP does not guarantee data delivery as it is connectionless. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 525 QUESTION 554 The standard server port number for HTTP is which of the following? A. B. C. D.

81 80 8080 8180

Correct Answer: B Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: HTTP uses port 80. Incorrect Answers: A: HTTP uses port 80, not port 81. C: HTTP uses port 80, not port 8080. D: HTTP uses port 80, not port 8180. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 537 QUESTION 555 Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail? A. B. C. D.

PGP and S/MIME IPsec and IKE TLS and SSL SSH

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Incorrect Answers: B: IPSec is not used to protect e-mails. IPsec is used to secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPSec can be implemented with the help of the IKE security architecture. C: SSL and TLS are primarily used to protect HTTP traffic. D: SSH is not used to protect e-mails. SSH allows remote login and other network services to operate securely over an unsecured network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 850-851 QUESTION 556 Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. B. C. D.

S/MIME and SSH TLS and SSL IPsec and L2TP PKCS#10 and X.509

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation:

CISSP

L2TP integrates with IPSec to provide confidentiality, integrity, and authentication for VPN connections. Incorrect Answers: A: S/MIME and SSH are not used to secure VPN connections. S/MIME is used to encrypt email messages, while SSH allows remote login and other network services to operate securely over an unsecured network. B: SSL and TLS are primarily used to protect HTTP traffic. They are not used to secure VPN connections. D: PKCS#10 is certification request standard, while X.509 is standard for public key infrastructure (PKI). They are not used to secure VPN connections. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 703 QUESTION 557 What is the role of IKE within the IPsec protocol? A. B. C. D.

peer authentication and key exchange data encryption data signature enforcing quality of service

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Internet Key Exchange (IKE) provides authenticated keying material for use with the Internet Security Association and Key Management Protocol. Incorrect Answers: B: IKE by itself does not provide data encryption. IKE provides authentication and key exchange. C: IKE does not provide data signatures. IKE provides authentication and key exchange. D: IKE does not enforce quality of service. IKE provides authentication and key exchange. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 734 QUESTION 558 What is NOT an authentication method within IKE and IPSec? A. B. C. D.

CHAP Pre shared key certificate based authentication Public key authentication

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: CHAP is not an IKE authentication method. IKE authentication can be performed using either pre-shared key (shared secret), certificate based authentication (signatures), or public key encryption. Incorrect Answers: B: Pre shared key is an IKE authentication method. C: IKE authentication can be performed through certificate based authentication. D: Public key authentication is an IKE authentication method. CISSP

References: https://en.wikipedia.org/wiki/Internet_Key_Exchange QUESTION 559 What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. B. C. D.

Pre shared key authentication is normally based on simple passwords Needs a Public Key Infrastructure (PKI) to work IKE is used to setup Security Associations IKE builds upon the Oakley protocol and the ISAKMP protocol.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Most IPsec implementations consist of an IKE daemon that runs in user space and an IPsec stack in the kernel that processes the actual IP packets. No Public Key Infrastructure is required. Incorrect Answers: A: Pre shared key is an IKE authentication method. The Pre shared key is usually a simple password. C: Internet Key Exchange (IKE) provides authenticated keying material for use with the Internet Security Association and Key Management Protocol (ISAKMP). ISAKMP handles Security Associations. D: IKE is based on the Oakley and the ISAKMP protocols. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 754 QUESTION 560 In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server? A. B. C. D.

Peer-to-peer authentication Only server authentication (optional) Server authentication (mandatory) and client authentication (optional) Role based authentication scheme

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: SSL and TLS both support server authentication (mandatory) and client authentication (optional). Incorrect Answers: A: Peer-to-peer authentication is not support by SSL/TLS. B: Server authentication (optional) is not a supported SSL/TLS authentication mode. D: Role based authentication is not supported by SSL/TLS. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 3rd Edition, Wiley & Sons, Indianapolis, 2005, p. 353 QUESTION 561

CISSP

At which layer of ISO/OSI does the fiber optics work? A. B. C. D.

Network layer Transport layer Data link layer Physical layer

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The physical layer consists of the basic networking hardware transmission technologies, such as fiber optics, of a network. Incorrect Answers: A: The network layer is responsible for packet forwarding including routing through intermediate routers. B: The transport layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. C: The data link layer is responsible for media access control, flow control and error checking. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 530 QUESTION 562 Which of the following is TRUE of network security? A. B. C. D.

A firewall is a not a necessity in today's connected world. A firewall is a necessity in today's connected world. A whitewall is a necessity in today's connected world. A black firewall is a necessity in today's connected world.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Firewalls are used to restrict access to one network from another network. Most companies use firewalls to restrict access to their networks from the Internet. Using a firewall is today mandatory. Incorrect Answers: A: Today, as almost all computers are interconnected through the Internet, usage of firewall is necessary. C: Whitewall is not a concept used in the IT security domain. D: Black firewall is not a concept used in the IT security domain. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 628 QUESTION 563 Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789: C. ABCD:EF01:2345:6789::1

CISSP

D. 2001:DB8::8:800::417A Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as 4 hexadecimal digits and the groups are separated by colons (:).Consecutive sections of zeroes are replaced with a double colon (::).The double colon may only be used once in an address, as multiple use would render the address indeterminate. The address 2001:DB8::8:800::417A uses double colon twice, which is illegal. Incorrect Answers: A: 2001:0db8:0:0:0:0:1428:57ab is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers. B: ABCD:EF01:2345:6789:1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers. C: ABCD:EF01:2345:6789::1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers, and only one double colon. References: https://en.wikipedia.org/wiki/IPv6 QUESTION 564 Which layer deals with Media Access Control (MAC) addresses? A. B. C. D.

Data link layer Physical layer Transport layer Network layer

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The data link layer is divided into two functional sublayers: the Logical Link Control (LLC) and the Media Access Control (MAC). Incorrect Answers: B: Media Access Control layer is part of the Data Link Layer, not the Physical layer. C: Media Access Control layer is part of the Data Link Layer, not the Transport layer. D: Media Access Control layer is part of the Data Link Layer, not the Network layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 528 QUESTION 565 What is a decrease in amplitude as a signal propagates along a transmission medium BEST known as? A. B. C. D.

Crosstalk Noise Delay distortion Attenuation

Correct Answer: D Section: Communication and Network Security

CISSP

Explanation Explanation/Reference: Explanation: Attenuation is the loss of signal strength (amplitude) as it travels. The longer a cable, the more attenuation occurs, which causes the signal carrying the data to deteriorate. This Incorrect Answers: A: Crosstalk is not decrease in amplitude. Crosstalk is a phenomenon that occurs when electrical signals of one wire spill over to the signals of another wire. B: Loss in signal strength is called attenuation. Noise does not affect signal strength. C: Delay distortion does not affect signal strength. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 561 QUESTION 566 Which device acting as a translator is used to connect two networks or applications from Layer 4 up to Layer 7 of the ISO/OSI Model? A. B. C. D.

Bridge Repeater Router Gateway

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A gateway works at OSI Application layer, where it connects different types of networks; performs protocol and format translations. Incorrect Answers: A: A bridge works at the data link layer, not the application layer. B: A repeater works at the physical layer, not the application layer. C: A router works at the transport layer, not the application layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 623 QUESTION 567 In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. B. C. D.

Transport layer Application layer Physical layer Network layer

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: When two computers are going to communicate through a connection-oriented Protocol, such as TCP/IP, they

CISSP

will first agree on how much information each computer will send at a time, how to verify the integrity of the data once received, and how to determine whether a packet was lost along the way. The two computers agree on these parameters through a handshaking process at the transport layer, layer 4. Incorrect Answers: B: Connection-oriented protocols are located at transport layer, not at the Application layer. C: Connection-oriented protocols are located at transport layer, not at the Physical layer. D: Connection-oriented protocols are located at transport layer, not at the Network layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 525 QUESTION 568 Which of the following transmission media would NOT be affected by cross talk or interference? A. B. C. D.

Copper cable Radio System Satellite radiolink Fiber optic cables

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Fiber-optic cable uses a type of glass that carries light waves, which represent the data being transmitted. Light waves are not affected by cross talk or interference. Incorrect Answers: A: Copper cables suffer from cross talk and interference. B: Radio Systems suffer from cross talk and interference. C: Satellite radiolink suffers from cross talk and interference. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 559 QUESTION 569 What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. B. C. D.

SYN Flood attack Smurf attack Ping of Death attack Denial of Service (DoS) attack

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In a Smurf attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim’s network broadcast address. This means that each system on the victim’s subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packets—which is the victim’s address. Incorrect Answers: CISSP

A: A Syn flood attack does not involve spoofing and ICMP ECHO broadcasts. A SYN flood is a form of denialof-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. C: A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. It could cause a buffer overflow, but it does not involve ICMP ECHO broadcast packets D: A DoS attack does not use spoofing or ICMP ECHO broadcasts. In a DoS attack the attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 587 QUESTION 570 This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service? A. B. C. D.

Session Transport Presentation Application

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The presentation layer is not concerned with the meaning of data, but with the syntax and format of the data. It works as a translator, translating the format an application is using to a standard format used for passing messages over a network. Incorrect Answers: A: The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses that occur between applications. B: The transport layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. D: The application layer as the user interface responsible for displaying received information to the user. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 522 QUESTION 571 The International Organization for Standardization / Open Systems Interconnection (ISO/OSI) Layer 7 does NOT include which of the following? A. B. C. D.

SMTP (Simple Mail Transfer Protocol) TCP (Transmission Control Protocol) SNMP (Simple Network Management Protocol HTTP (Hypertext Transfer Protocol)

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: CISSP

Explanation: TCP is an OSI layer 4 (transport layer) protocol. Some examples of the protocols working at OSI layer 7, the application layer, are the Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP), Line Printer Daemon (LPD),File Transfer Protocol (FTP), Telnet, and Trivial File Transfer Protocol (TFTP). Incorrect Answers: A: SMTP is an OSI Layer 7 protocol. C: SNMP is an OSI Layer 7 protocol. D: HTTP is an OSI Layer 7 protocol. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 521 QUESTION 572 The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. B. C. D.

Standard model for network communications Used to gain information from network devices such as count of packets received and routing tables Enables dissimilar networks to communicate Defines 7 protocol layers (a.k.a. protocol stack)

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The OSI/ISO Layers are not designed for monitoring network devices. Incorrect Answers: A: The OSI model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology. C: The goal of the OSI model goal is the interoperability of diverse communication systems with standard protocols. D: The original version of the OSI model defined seven protocol layers, defining a protocol stack. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518 QUESTION 573 The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? A. B. C. D.

Application Layer Presentation Layer Data Link Layer Network Layer

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Presentation Layer is layer 6 in the OSI model.

CISSP

Incorrect Answers: A: The Application Layer is layer 7 in the OSI model. C: The Data Link Layer is layer 2 in the OSI model. D: The Network Layer is layer 3 in the OSI model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 522 QUESTION 574 In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. B. C. D.

new loop local loop loopback indigenous loop

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In telephony, the local loop is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the common carrier or telecommunications service provider's network. Incorrect Answers: A: New loop is not a type of connection. C: A loopback interface is a serial communications transceiver can use loopback for testing its functionality. D: Indigenous loop is not a type of connection. References: https://en.wikipedia.org/wiki/Local_loop QUESTION 575 Communications and network security relates to transmission of which of the following? A. B. C. D.

voice voice and multimedia data and multimedia voice, data and multimedia

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Security applies to all types of transmitted data whether it is voice, data or multimedia. Incorrect Answers: A: Not only voice transfer must be secure. Data and multimedia transmission must be secure as well. B: Not only voice and multimedia transfers must be secure. Data transmission must be secure as well. C: Not only data and multimedia transfers must be secure. Voice transmission must be secure as well. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 515

CISSP

QUESTION 576 One of the following assertions is NOT a characteristic of Internet Protocol Security (IPSec) A. B. C. D.

Data cannot be read by unauthorized parties The identity of all IPsec endpoints are confirmed by other endpoints Data is delivered in the exact order in which it is sent The number of packets being exchanged can be counted.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: IPSec uses the IP protocol to deliver packets. IP treats every packet independently, and the packets can arrive out of order. Incorrect Answers: A: The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure channel for protected data exchange between two devices. IPSec data cannot be read by unauthorized parties. B: IPSec, through the use of IKE (Internet Key Exchange), ensures the identity of each endpoint is confirmed by the other endpoints. D: An ESP packet, used by IPSec to transfer data, includes a Sequence Number which counts the packets that have been transmitted. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 860 QUESTION 577 Tim is a network administrator of Acme Inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue. This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure that no one can eavesdrop on the communication? A. B. C. D.

SSH SFTP SCP RSH

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Network devices are often configured by a command line interface such as Telnet. Telnet, however is insecure in that the data including login credentials is unencrypted as it passes over the network. A secure alternative is to use Secure Shell (SSH). Secure Shell (SSH) functions as a type of tunneling mechanism that provides terminal-like access to remote computers. SSH is a program and a protocol that can be used to log into another computer over a network. SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh, which provide the same type of functionality SSH offers but in a much less secure manner. SSH is a program and a set of protocols that work together to provide a secure tunnel between two computers. The two computers go through a handshaking process and exchange (via Diffie-Hellman) a session key that will be used during the session to encrypt and protect the data sent. CISSP

Incorrect Answers: B: SFTP (Secure File Transfer Protocol) is FTP over SSH. SFTP is secure but it is not used to configure network devices. C: SCP (Secure Copy) is an application used to copy files over a network using an SSH connection. SCP is secure but it is not used to configure network devices. D: RSH (Remote Shell) offers remote command line functionality. However, like Telnet, RSH is insecure. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 859-860 http://www.novell.com/documentation/suse91/suselinux-adminguide/html/ch19s02html http://en.wikipedia.org/wiki/Remote_Shell http://en.wikipedia.org/wiki/Secure_copy QUESTION 578 One of the following statements about the differences between PPTP and L2TP is NOT true A. B. C. D.

PPTP can run only on top of IP networks. PPTP is an encryption protocol and L2TP is not. L2TP works well with all firewalls and network devices that perform NAT. L2TP supports AAA servers

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: L2TP is not compatible with NAT. Incorrect Answers: A: PPTP was designed to provide a way to tunnel PPP connections through an IP network. B: PPTP uses PPP data packets that encrypted using Microsoft Point to Point Encryption (MPPE), while L2TP on the other hand does not provide any encryption or confidentiality by itself. D: Radius AAA servers can be configured to use L2TP tunnels. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 702-703 QUESTION 579 An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: A. B. C. D.

Netware availability Network availability Network acceptability Network accountability

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Network availability can be defined as an area of the of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability. Incorrect Answers: CISSP

A: Netware is a protocol family from the Novell Corporation, and not an area within the Network Security domain. C: Network acceptability is not an area in the Telecommunications and Network Security domain. D: Network accountability is not an area in the Telecommunications and Network Security domain. QUESTION 580 Which of the following are well known ports assigned by the IANA? A. B. C. D.

Ports 0 to 255 Ports 0 to 1024 Ports 0 to 1023 Ports 0 to 127

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The port numbers in the range from 0 to 1023 are the well-known ports or system ports. Incorrect Answers: A: The range of the well-known ports is from 0 to 1023, not from 0 to 255. B: The range of the well-known ports is from 0 to 1023, not from 0 to 1024. D: The range of the well-known ports is from 0 to 1023, not from 0 to 127. References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers QUESTION 581 What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. B. C. D.

80 meters 100 meters 185 meters 500 meters

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The maximum length of a Category 5 10Base-T cable is 100 meters. Incorrect Answers: A: The maximum length is 100 meters, not 80 meters. C: The maximum length is 100 meters, not 185 meters. D: The maximum length is 100 meters, not 500 meters. References: https://en.wikipedia.org/wiki/Ethernet_over_twisted_pair QUESTION 582 Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions.

CISSP

B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Secure Sockets Layer (SSL) protects mainly web-based traffic. Incorrect Answers: B: The Secure Sockets Layer (SSL) does not protect EDI transactions. It protects Web transactions. C: The Secure Sockets Layer (SSL) protects Web transactions, not Telnet transactions. D: The Secure Sockets Layer (SSL) protects Web transactions, not Electronic Payment transactions. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 708 QUESTION 583 Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the: A. B. C. D.

Transport Layer Security (TLS) Internet Protocol. Transport Layer Security (TLS) Data Protocol. Transport Layer Security (TLS) Link Protocol. Transport Layer Security (TLS) Handshake Protocol.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. Incorrect Answers: A: TLS Internet Protocol is not part of the Transport Layer Security (TLS) protocol. B: TLS Data Protocol is not part of the Transport Layer Security (TLS) protocol. C: TLS Link Protocol is not part of the Transport Layer Security (TLS) protocol. References: https://en.wikipedia.org/wiki/Transport_Layer_Security QUESTION 584 Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. B. C. D.

Peer Authentication Peer Identification Server Authentication Name Resolution

Correct Answer: A Section: Communication and Network Security Explanation CISSP

Explanation/Reference: Explanation: Peer authentication is an integral part of the SSL protocol. Peer authentication relies on the availability of trust anchors and authentication keys. Incorrect Answers: B: Peer authentication, not peer identification, is part of the SSL protocol. C: SSL uses Peer authentication, not Server Authentication, for encrypting data that is sent over a session. D: SSL uses Peer authentication, not Name Resolution, for encrypting data that is sent over a session. QUESTION 585 Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. B. C. D.

Message non-repudiation. Message confidentiality. Message interleave checking. Message integrity.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Message authentication code (MAC) is a keyed cryptographic hash function used for data integrity and data origin authentication. Incorrect Answers: A: Message authentication code (MAC) is not used for message non-repudiation. B: Message authentication code (MAC) is not used for message confidentiality. C: Message authentication code (MAC) is not used for message interleave checking. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 852 QUESTION 586 Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. B. C. D.

Fiber Optic cable Coaxial cable Twisted Pair cable Axial cable

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is immune to electromagnetic interference. Incorrect Answers: B: As an electromagnetic field carries the signal in the Coaxial cable, the signal can be affected by external inference.

CISSP

C: As an electromagnetic field carries the signal in the Twisted Pair cable, the signal can be affected by external inference. D: An axial cable is a coaxial cable with only one conductor instead of two conductors. Compared to a coaxial cable the axial cable is more vulnerable to electromagnetic interference. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 100 QUESTION 587 Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. B. C. D.

Alternative routing Diverse routing Long haul network diversity Last mile circuit protection

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Alternative routing provides two different cables from the local exchange to your site, so you can protect against cable failure as your service will be maintained on the alternative route. Incorrect Answers: B: With diverse routing, you can protect not only against cable failure but also against local exchange failure as there are two separate routes from two exchanges to your site. C: Lang-haul refers to circuits that span large distances, not between your site and the local exchange, such as interstate or international. D: Last mile circuit protection does not provide an extra connection. References: https://en.wikipedia.org/wiki/Routing_in_the_PSTN QUESTION 588 Which service usually runs on port 25? A. B. C. D.

File Transfer Protocol (FTP) Telnet Simple Mail Transfer Protocol (SMTP) Domain Name Service (DNS)

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: SMTP uses port 25. Incorrect Answers: A: FTP uses port 21. B: Telnet uses port 23. D: DNS uses port 53.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1289 QUESTION 589 Which port does the Post Office Protocol Version 3 (POP3) make use of? A. B. C. D.

110 109 139 119

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: POP3 uses port 110. Incorrect Answers: B: Port 109 is used by POP2. C: Port 139 is used by the NetBIOS Session Service. D: Port 119 is used by NNTP. References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers QUESTION 590 Behavioral-based systems are also known as? A. B. C. D.

Profile-based systems Pattern matching systems Misuse detective systems Rule-based IDS

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Behavioral-based IDSs are also known as profile-based systems. Incorrect Answers: B: A pattern matching IDS does not work in the same way as a Behavioral-based IDS. C: There is no Intrusion Detection System type called Misuse detective systems. D: A Rule-based IDS does not work in the same way as a Behavioral-based IDS. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 260 QUESTION 591 Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number? A. IP spoofing attack B. SYN flood attack

CISSP

C. TCP sequence number attack D. Smurf attack Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A TCP sequence prediction attack is an attempt to predict the sequence number used to identify the packets in a TCP connection, which can be used to counterfeit packets. Incorrect Answers: A: IP spoofing attacks do not use TCP sequence numbers. IP spoofing is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity. B: Syn flood attacks do not use TCP sequence numbers. A SYN flood DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic. D: A Smurf attack does not use TCP sequence numbers. In a smurf attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim’s network broadcast address. References: https://en.wikipedia.org/wiki/TCP_sequence_prediction_attack QUESTION 592 Which of the following media is MOST resistant to EMI interference? A. B. C. D.

microwave fiber optic twisted pair coaxial cable

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is resistant to Electromagnetic interference (EMI). Incorrect Answers: A: Microwaves are vulnerable to Electromagnetic interference (EMI). C: Twisted pair cables are vulnerable to Electromagnetic interference (EMI). D: Coaxial cables are vulnerable to Electromagnetic interference (EMI). QUESTION 593 Which OSI/ISO layer defines how to address the physical devices on the network? A. B. C. D.

Session layer Data Link layer Application layer Transport layer

Correct Answer: B Section: Communication and Network Security Explanation CISSP

Explanation/Reference: Explanation: The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. Incorrect Answers: A: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. C: The protocols at the application layer handle file transfer, virtual terminals, network management, and fulfilling networking requests of applications. D: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 528 QUESTION 594 Which layer defines how packets are routed between end systems? A. B. C. D.

Session layer Transport layer Network layer Data link layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The responsibilities of the network layer protocols include internetworking service, addressing, and routing. Incorrect Answers: A: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. B: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. D: The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 531 QUESTION 595 At which of the OSI/ISO model layer is IP implemented? A. B. C. D.

Session layer Transport layer Network layer Data link layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation:

CISSP

The Internet Protocol (IP) is implemented at the Network layer. Incorrect Answers: A: The session layer implements protocols such as NFS and NetBIOS, but not the IP protocol. B: The transport layer implements protocols such as TCP and UDP, but not the IP protocol. D: The Data link layer implements protocols such as ARP and ATM, but not the IP protocol. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 531 QUESTION 596 Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. B. C. D.

Transport layer Network layer Data link layer Physical layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The data link layer is responsible for proper communication within the network devices and for changing the data into the necessary format (electrical voltage) for the physical link or channel. Incorrect Answers: A: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream. B: The responsibilities of the network layer protocols include internetworking service, addressing, and routing. D: The physical layer include network interface cards and drivers that convert bits into electrical signals and control the physical aspects of data transmission References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 531 QUESTION 597 Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. B. C. D.

Transport layer Network layer Data link layer Physical layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Data link layer is divided into the Logical Link Control (LLC) and the Media Access Control (MAC) sublayers. Incorrect Answers: A: The MAC sublayer is part of the data link layer, not the transport layer. B: The MAC sublayer is part of the data link layer, not the network layer. D: The MAC sublayer is part of the data link layer, not the physical layer. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 531 QUESTION 598 Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces? A. B. C. D.

Transport layer Network layer Data link layer Physical layer

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: X.25, V.35, X21 and HSSI all work at the physical layer in the OSI model. X.25 is an older WAN protocol that defines how devices and networks establish and maintain connections. V.35 is the interface standard used by most routers and DSUs that connect to T-1 carriers. X21 is a physical and electrical interface. High-Speed Serial Interface (HSSI) is a short-distance communications interface. Incorrect Answers: A: X.25, V.35, X21 and HSSI all work at the physical layer, not the transport layer. B: X.25, V.35, X21 and HSSI all work at the physical layer, not the network layer. C: X.25, V.35, X21 and HSSI all work at the physical layer, not the data link layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 679 QUESTION 599 How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. B. C. D.

7 5 4 3

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The TCP/IP model includes the following four layers: application, host-to-host, Internet, and Network access. Incorrect Answers: A: The OSI have seven layers, while the TCP/IP model only has four layers. B: The TCP/IP model has four layers, not five. D: The TCP/IP model has four layers, not three. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518 QUESTION 600

CISSP

Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data across networks? A. B. C. D.

Application layer Host-to-host transport layer Internet layer Network access layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: The Internet layer of the TCP/IP protocol handles the IP packets, the IP datagrams, and routes them through the network. Incorrect Answers: A: The application layer includes protocols that support the applications. The application layer includes protocols such as SMTP, HTTP, and FTP, but not the IP protocol. B: The Host-to-host transport layer includes the TCP protocol, but not the IP protocol. The transport layer provides end-to-end data transport services and establishes the logical connection between two communicating computers. D: The Network Access Layer defines how to use the network to transmit an IP datagram, but it does not define or route the IP datagrams. The Network Access Layer is the lowest layer of the TCP/IP protocol hierarchy. The protocols in this layer provide the means for the system to deliver data to the other devices on a directly attached network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518 QUESTION 601 Which layer of the TCP/IP protocol model would BEST correspond to the OSI/ISO model's network layer? A. B. C. D.

Network access layer Application layer Host-to-host transport layer Internet layer

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The OSI model Network layer corresponds to the TCP/IP model Internet layer. Incorrect Answers: A: The Network access layer corresponds to the data link and physical layers of the OSI model. B: The Application layer corresponds to the Application, Presentation, and the Session layers of the OSI model. C: The Host-to-host transport layer corresponds to the Transport layer of the OSI model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518 QUESTION 602 Which layer of the DoD TCP/IP model controls the communication flow between hosts?

CISSP

A. B. C. D.

Internet layer Host-to-host transport layer Application layer Network access layer

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Host-to-host transport layer provides end-to-end data transport services and establishes the logical connection between two communicating hosts. Incorrect Answers: A: The internet layer has the responsibility of sending packets across potentially multiple networks. This process is called routing. C: The application layer includes the protocols used by most applications for providing user services or exchanging application data over the network connections established by the lower level protocols. D: The link layer (network access layer) is used to move packets between the Internet layer interfaces of two different hosts on the same link. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 525 QUESTION 603 How many bits compose an IPv6 address? A. B. C. D.

32 bits 64 bits 96 bits 128 bits

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: IPv6 uses 128 bits for its addresses. Incorrect Answers: A: IPv4 uses 32 bits for its addresses, while IPv6 uses 128 bits. B: IPv6 uses 128 bits, not 64 bits, for its addresses. C: IPv6 uses 128 bits, not 96 bits, for its addresses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 541 QUESTION 604 What protocol is used on the Local Area Network (LAN) to obtain an IP address from its known MAC address? A. B. C. D.

Reverse address resolution protocol (RARP) Address resolution protocol (ARP) Data link layer Network address translation (NAT)

CISSP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: RARP translates a MAC address into an IP address. Incorrect Answers: B: ARP translates the IP address into a MAC address, not the other way around. C: Network address translation (NAT) is a methodology of remapping one IP address space into another IP address space. NAT does handle MAC addresses. D: The data link layer does not use IP addresses. It transfers data between adjacent network nodes in a wide area network (WAN) or between nodes on the same local area network (LAN) segment. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 740 QUESTION 605 Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. B. C. D.

Secure HTTP (S-HTTP) FTP Secure (FTPS) Secure socket layer (SSL) Sequenced Packet Exchange (SPX)

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: S-HTTP provides application layer security, while the other protocols provide transport layer security. Incorrect Answers: B: FTPS can use SSL. FTPS (also known as FTPES, FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. C: SSL can be used by FTPS. SSL provides transport layer security. D: SPX is a transport layer protocol (layer 4 of the OSI Model). References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 856 QUESTION 606 Packet Filtering Firewalls can also enable access for: A. B. C. D.

only authorized application port or service numbers. only unauthorized application port or service numbers. only authorized application port or ex-service numbers. only authorized application port or service integers.

Correct Answer: A

CISSP

Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The filters can make access decisions based upon the following basic criteria: Source and destination port numbers (such as an application port or a service number) Protocol types Source and destination IP addresses Inbound and outbound traffic direction Incorrect Answers: B: Only authorized ports or service numbers, not unauthorized, would be granted access through the firewall. C: Packet Filtering Firewalls do not grant access through ex-service numbers. They use service numbers. D: Packet Filtering Firewalls do not grant access through service integers. A service has a number, not an integer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 607 Which of the following is NOT a VPN communications protocol standard? A. B. C. D.

Point-to-point tunneling protocol (PPTP) Challenge Handshake Authentication Protocol (CHAP) Layer 2 tunneling protocol (L2TP) IP Security

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Challenge Handshake Authentication Protocol (CHAP) is used for authentication only. It is not a VPN communications protocol. Incorrect Answers: A: The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. C: Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). D: IP Security, Internet Protocol Security (IPsec), can be used to setup secure VPN connections. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 683 QUESTION 608 What layer of the OSI/ISO model does Point-to-point tunneling protocol (PPTP) work at? A. B. C. D.

Data link layer Transport layer Session layer Network layer

Correct Answer: A Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: PPTP works at the data link layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 708 QUESTION 609 Which of the following statements pertaining to VPN protocol standards is false? A. B. C. D.

L2TP is a combination of PPTP and L2F. L2TP and PPTP were designed for single point-to-point client to server communication. L2TP operates at the network layer. PPTP uses native PPP authentication and encryption services.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: L2TP works at the data link layer, not at the network layer. Incorrect Answers: A: L2TP is a hybrid of PPTP and L2F B: Both L2TP and PPTP are designed for single point-to-point connections. D: PPTP extends and protects PPP connections. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 708 QUESTION 610 Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. B. C. D.

Authentication mode Tunnel mode Transport mode Safe mode

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: IPSec can work in one of two modes: transport mode, in which the payload of the message is protected, and tunnel mode, in which the payload and the routing and header information are protected. Incorrect Answers: A: IPsec does not have an Authentication mode C: In tunnel mode only the payload is protected. D: IPsec does not have a Safe mode. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 861

CISSP

QUESTION 611 Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards? A. B. C. D.

Category 5e UTP Category 2 UTP Category 3 UTP Category 1e UTP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Category 5 UTP cable provides performance of up to 100 MHz and is suitable for 10BASE-T, 100BASE-TX (Fast Ethernet), and 1000BASE-T (Gigabit Ethernet). Category 5 was superseded by the category 5e (enhanced) specification. Incorrect Answers: B: The maximum frequency suitable for transmission over Category 2 UTP cable is 4 MHz, and the maximum bandwidth is 4Mbit/s. C: Category 3 UTP was widely used in computer networking in the early 1990s for 10BASE-T Ethernet (and to a lesser extent for 100BaseVG Ethernet, token ring and 100BASE-T4), but from the early 2000s new structured cable installations were almost invariably built with the higher performing Cat 5e or Cat 6 cable required by 100BASE-TX. D: The maximum frequency suitable for transmission over Category 1 UTP cable is 1 MHz, but Category 1 is not considered adequate for data transmission. References: https://en.wikipedia.org/wiki/Category_5_cable QUESTION 612 In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network? A. B. C. D.

Overcast Unicast Multicast Broadcast

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: If the packet needs to go to a specific group of systems, the sending system uses the multicast method. Incorrect Answers: A: There is no LAN transmission method called Overcast. B: Unicast is a one-to-one transmission. D: If a system wants all computers on its subnet to receive a message, it will use the broadcast method. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 579

CISSP

QUESTION 613 Which of the following can prevent hijacking of a web session? A. B. C. D.

RSA SET SSL PPP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: One method to prevent web session hijacking is to encrypt the data traffic passed between the parties by using SSL/TLS. Incorrect Answers: A: RSA cannot be used to prevent web session hijacking. B: SET cannot be used to prevent web session hijacking. D: PPP cannot be used to prevent web session hijacking. References: https://en.wikipedia.org/wiki/Session_hijacking QUESTION 614 What is defined as the rules for communicating between computers on a Local Area Network (LAN)? A. B. C. D.

LAN Media Access methods LAN topologies LAN transmission methods Contention Access Control

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Media access technologies deal with how these systems communicate over the network media. LAN access technologies set up the rules of how computers will communicate on the Local Area Network. Incorrect Answers: B: Network topology is not defined by rules of communication. It is the arrangement of the various elements (links, nodes, etc.) of a computer network. C: The communications rules on a LAN is called Media Access rules, not transmissions methods. D: Contention Access Control is just used to avoid collisions. To communicate LAN Media Access methods are used. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 565 QUESTION 615 Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD)

CISSP

C. Token ring D. Fiber Distributed Data Interface (FDDI) Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Broadcast, unicast, and multicast are all LAN transmissions methods. Incorrect Answers: B: CSMA/CD is a media access method, not a LAN transmission method. C: Token ring is a media access methodology, not a LAN transmission method. D: FDDI is a media access methodology, not a LAN transmission method. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 579 QUESTION 616 In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations? A. B. C. D.

Bus topology Ring topology Star topology FDDI topology

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In a bus topology a linear, single cable for all computers attached is used. All traffic travels the full cable and can be viewed by all other computers. Incorrect Answers: B: In a ring topology all computers are connected by a unidirectional transmission link, and the cable is in a closed loop. C: In a star topology all computers are connected to a central device, which provides more resilience for the network. D: FDDI is a media access methodology, not a LAN topology. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 566 QUESTION 617 Which of the following IEEE standards defines the token ring media access method? A. B. C. D.

802.3 802.11 802.5 802.2

Correct Answer: C Section: Communication and Network Security

CISSP

Explanation Explanation/Reference: Explanation: The Token Ring technology is defined by the IEEE 802.5 standard. Incorrect Answers: A: IEEE 802.3 is the IEEE standard defining the physical layer and data link layer's media access control (MAC) of wired Ethernet. B: IEEE 802.11 is a set of media access control (MAC) and physical layer (PHY) specifications for implementing wireless local area network (WLAN) computer communication. D: IEEE 802.2 is the original name of the standard which defines Logical Link Control (LLC) as the upper portion of the data link layer of the OSI Model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 570 QUESTION 618 Which of the following LAN devices only operates at the physical layer of the OSI/ISO model? A. B. C. D.

Switch Bridge Hub Router

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A hub is a multiport repeater. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance. Incorrect Answers: A: Basic switches work at the data link layer. Layer 3, layer 4, and other layer switches have more enhanced functionality than layer 2 switches. B: A bridge is a LAN device used to connect LAN segments. It works at the data link layer. D: Routers work at the network layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 612 QUESTION 619 Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces? A. B. C. D.

ISDN SLIP xDSL T1

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference:

CISSP

Explanation: Serial Line Internet Protocol (SLIP) is an older technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial - up. Incorrect Answers: A: ISDN can be considered a suite of digital services existing on layers 1, 2, and 3 of the OSI model. ISDN is digital, not serial. C: xDSL is a digital technology. xDSL is the term for the Broadband Access technologies based on Digital Subscriber Line (DSL) technology D: The T1 carrier is the most commonly used digital, not serial, transmission service. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 138 QUESTION 620 Which xDSL flavor, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance? A. B. C. D.

VDSL SDSL ADSL HDSL

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Asymmetric DSL (ADSL) provides data travel downstream faster than upstream. Upstream speeds are 128 Kbps to 384 Kbps, and downstream speeds can be as fast as 768 Kbps. Generally used by residential users. ADSL is appropriate for small offices. Incorrect Answers: A: VDSL is basically ADSL at much higher data rates (13 Mbps downstream and 2 Mbps upstream). B: Symmetric DSL (SDSL) provides data travel upstream and downstream at the same rate. D: High-Bit-Rate DSL (HDSL) provides T1 (1.544 Mbps) speeds over regular copper phone wire without the use of repeaters. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 699 QUESTION 621 Another name for a VPN is a: A. B. C. D.

tunnel one-time password pipeline bypass

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation:

CISSP

A virtual private network (VPN) is a secure, private connection through an untrusted network. VPN technology requires a tunnel to work and it assumes encryption. Incorrect Answers: B: A one-time password is not the same as a VPN. C: Tunnel, not pipeline, can be used as a name for a VPN. D: Tunnel, not bypass, can be used as a name for a VPN. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 702 QUESTION 622 What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? A. B. C. D.

DS-0 DS-1 DS-2 DS-3

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Digital Signal Level 1 (DS - 1) provides 1.544 Mbps over a T1 line. Incorrect Answers: A: Digital Signal Level 0 (DS - 0) provides from 64 Kbps up to 1.544 Mbps on a Partial T1 line. C: There is no framing specification named DS-2. D: Digital Signal Level 3 (DS - 3) is a specification for T3, not for T1. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 165 QUESTION 623 Which of the following is the BIGGEST concern with firewall security? A. B. C. D.

Internal hackers Complex configuration rules leading to misconfiguration Buffer overflows Distributed denial of service (DDoS) attacks

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Firewalls filter traffic based on a defined set of rules. The rules must be configured correctly for the firewall to provide the intended security. Incorrect Answers: A: Firewalls main duty is to defend against external, not internal, threats. C: Firewalls do not product from buffer overflows attacks. D: Firewalls can help in defending from DDoS attacks, but the main concern with firewall is to configure them

CISSP

correctly. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 25 QUESTION 624 Which of the following is the SIMPLEST type of firewall? A. B. C. D.

Stateful packet filtering firewall Packet filtering firewall Dual-homed host firewall Application gateway

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. Incorrect Answers: A: A stateful packet filtering firewall is more complicated compared to the Packet filtering firewall, since the latter is stateless. C: Dual-homed is a firewall architecture, not a firewall type. A Dual-homed firewall refers to a device that has two interfaces: one facing the external network and the other facing the internal network. D: Application -level gateways are known as second generation firewalls, while packet filtering is a first generation firewall References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 625 Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? A. B. C. D.

Router Multiplexer Channel service unit/Data service unit (CSU/DSU) Wan switch

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: An electronic multiplexer makes it possible for several signals to share one device or resource. A multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. Incorrect Answers: A: A router forwards data packets. A router does not handle signals. C: A CSU/DSU is a digital-interface device used to connect a data terminal equipment (DTE), such as a router,

CISSP

to a digital circuit, such as a Digital Signal 1 (T1) line. D: A switch forwards traffic at the data link layer of the OSI model. It does operate with multiple signals. References: https://en.wikipedia.org/wiki/Multiplexer QUESTION 626 Which of the following is NOT an advantage that TACACS+ has over TACACS? A. B. C. D.

Event logging Use of two-factor password authentication User has the ability to change his password Ability for security tokens to be resynchronized

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Event logging is available in both TACACS and TACACS+. Incorrect Answers: B: TACACS+ is XTACACS with extended two-factor user authentication. C: TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (onetime) passwords, which provides more protection. D: TACACS+ features security tokes, which is not included in TACACS. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 234 QUESTION 627 Which of the following remote access authentication systems is the MOST robust? A. B. C. D.

TACACS+ RADIUS PAP TACACS

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TACACS+ is more secure compared to TACACS, RADIUS, and PAP. Incorrect Answers: B: TACACS+ encrypts all of this data between the client and server and thus does not have the vulnerabilities inherent in the RADIUS protocol. C: PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. D: TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (onetime) passwords, which provides more protection. TACACS+ is XTACACS with extended two-factor user authentication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 234

CISSP

QUESTION 628 Which of the following is TRUE about link encryption? A. B. C. D.

Each entity has a common key with the destination node. Encrypted messages are only decrypted by the final node. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. Only secure nodes are used in this type of transmission.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Link encryption is an approach to communications security that encrypts and decrypts all traffic at each end of a communications line. The mode is vulnerable to a third-party who access to a node in the transmission path. Incorrect Answers: A: With link encryption each link may use a different key or even a different algorithm for data encryption. B: Encrypted messages are decrypted at each node in the pathD: There is no way to enforce that only secure nodes are used. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 845 QUESTION 629 Which of the following protects Kerberos against replay attacks? A. B. C. D.

Tokens Passwords Cryptography Time stamps

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: To protect against replay attacks, the Kerberos authentication protocol uses the concept of an authenticator. The authenticator includes the user identification information, a sequence number, and a timestamp. The timestamp is used to help fight against replay attacks. Incorrect Answers: A: Kerberos uses time stamps, not tokens, to defend against replay attacks. B: Kerberos uses time stamps, not passwords, to defend against replay attacks. C: Kerberos uses time stamps, not cryptography, to defend against replay attacks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 212 QUESTION 630 Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP CISSP

D. WDP Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Wireless Transport Layer Security (WTLS) provides security connectivity services similar to those of SSL or TLS. Incorrect Answers: A: There is no protocol named S-WAP C: Wireless Session Protocol (WSP) does not provide security. D: Wireless Datagram Protocol (WDP) does not provide security. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 103 QUESTION 631 Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange? A. B. C. D.

The Internet. The Intranet. The extranet. The Ethernet.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Advanced Research Projects Agency Network (ARPANET), funded by the Department of Defense, was an early packet switching network and the first network to implement the protocol suite TCP/IP. Both technologies became the technical foundation of the Internet. Incorrect Answers: B: Intranets can use other protocols than TCP/IP. Intranet is not standard that was developed by the Department of Defense. C: Intranet can use other protocols than TCP/IP. Extraanet is not standard that was developed by the Department of Defense. D: Ethernet can use other protocols than TCP/IP. Ethernet is not standard that was developed by the Department of Defense. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 549 QUESTION 632 An intranet is an Internet-like logical network that uses: A. B. C. D.

a firm's internal, physical network infrastructure. a firm's external, physical network infrastructure. a firm's external, physical netBIOS infrastructure. a firm's internal, physical netBIOS infrastructure.

CISSP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: When a company uses web-based technologies inside its networks, it is using an intranet, a private network. The company's internal physical network structure is used. Incorrect Answers: B: The internal, not the external, network structure is used. C: The internal, not the external, network structure is used. D: The physical structure, not the NetBIOS structure. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 661 QUESTION 633 An intranet provides more security and control than which of the following: A. B. C. D.

private posting on the Internet. public posting on the Ethernet. public posting on the Internet. public posting on the Extranet.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A public posting on the internet is not secure. Compared to the internet, an intranet provides more control. Incorrect Answers: A: A private posting provides high security and control. B: Ethernet is a link layer protocol in the TCP/IP stack. An Intranet is defined on the physical layer. The data link layer provides more control compared to the physical layer. D: An extranet is a website that allows controlled access to partners, vendors and suppliers or an authorized set of customers - normally to a subset of the information accessible from an organization's intranet. As an extranet is a subset of an intranet is provides more security and control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 661 QUESTION 634 Which of the following Common Data Network Services is used to share data files and subdirectories on file servers? A. B. C. D.

File services. Mail services. Print services. Client/Server services.

Correct Answer: A Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: Files services, which are part of the Common Data Network Services, provides sharing of data files and subdirectories on file servers. Incorrect Answers: B: Mail services only provide sending and receiving email internally or externally through an email gateway device. C: Print services only provide printing documents to a shared printer or a print queue/spooler. D: Client/server services provide allocating computing power resources among workstations with some shared resources centralized in a file server. References: The CISSP and CAP Prep Guide: Mastering CISSP and CA (2007), page 138 QUESTION 635 Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device? A. B. C. D.

File services. Mail services. Print services. Client/Server services.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Mail services, which are part of the Common Data Network Services, sends and receives email internally or externally through an email gateway device. Incorrect Answers: A: Files services provide sharing of data files and subdirectories on file servers. C: Print services only prints documents to a shared printer or a print queue/spooler. D: Client/server services allocate computing power resources among workstations with some shared resources centralized in a file server. QUESTION 636 Asynchronous Communication transfers data by sending: A. B. C. D.

bits of data sequentially bits of data sequentially in irregular timing patterns bits of data in sync with a heartbeat or clock bits of data simultaneously

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Asynchronous communication is the transmission sequencing technology that uses start and stop bits or similar encoding mechanism. Used in environments that transmits a variable amount of data in a periodic fashion.

CISSP

Incorrect Answers: A: Both asynchronous and synchronous communication sends bits of data sequentially. C: Data bits transferred in sync with a heartbeat or clock is called synchronous communication. D: Asynchronous Communication transfers one bit at a time, not multiple bits of data simultaneously. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 566 QUESTION 637 Communications devices must operate: A. B. C. D.

at different speeds to communicate. at the same speed to communicate. at varying speeds to interact. at high speed to interact.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: It is preferable that both devices have the same speed when they are going to interoperate. Incorrect Answers: A: It is preferable that the devices have the same speed to interoperate well. C: Communication is easier if the speeds of the devices do not change. D: High speed is not a necessity for devices to be able to interact. QUESTION 638 The basic language of modems and dial-up remote access systems is: A. B. C. D.

Asynchronous Communication. Synchronous Communication. Asynchronous Interaction. Synchronous Interaction.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Asynchronous start-stop is the physical layer used to connect computers to modems for many dial-up Internet access applications, using a data link framing protocol. Incorrect Answers: B: Dial-up modems use Asynchronous, not synchronous, communication. C: Dial-up modems connect to a remote system using communication, not interaction. D: Dial-up modems connect to a remote system using communication, not interaction. References: https://en.wikipedia.org/wiki/Asynchronous_serial_communication QUESTION 639 Which of the following Common Data Network Services is used to print documents to a shared printer or a print queue/spooler?

CISSP

A. B. C. D.

Mail services. Print services. Client/Server services. Domain Name Service.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Print services, which are part of the Common Data Network Services, prints documents to a shared printer or a print queue/spooler. Incorrect Answers: A: Mail services only send and receive email internally or externally through an email gateway device. C: Client/server services allocate computing power resources among workstations with some shared resources centralized in a file server. D: Domain Name Service translates domain names into IP addresses. QUESTION 640 Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server? A. B. C. D.

Print services File services Client/Server services Domain Name Service

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Client/server services, which belongs to the Common Data Network Services, allocates computing power resources among workstations with some shared resources centralized in a file server. Incorrect Answers: A: Print services only print documents to a shared printer or a print queue/spooler. B: Files services provide sharing of data files and subdirectories on file servers. D: Domain Name Service translates domain names into IP addresses. QUESTION 641 Domain Name Service is a distributed database system that is used to map: A. B. C. D.

Domain Name to IP addresses. MAC addresses to domain names. MAC Address to IP addresses. IP addresses to MAC Addresses.

Correct Answer: A Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: Domain Name Service translates domain names into IP addresses. Incorrect Answers: B: DNS is not used to map MAC addresses to domain names. DNS maps domain names into IP addresses. C: The RARP protocol translates MAC Address to IP addresses. D: The ARP protocol translates IP addresses to MAC Addresses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 599 QUESTION 642 The Domain Name System (DNS) is a global network of: A. B. C. D.

servers that provide these Domain Name Services. clients that provide these Domain Name Services. hosts that provide these Domain Name Services. workstations that provide these Domain Name Services.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Domain Name System is lists of domain names and IP addresses that are distributed on Domain Name System (DNS) Servers throughout the Internet in a hierarchy of authority. Incorrect Answers: B: The global Domain Name System (DNS) system consists of DNS servers, not DNS clients. C: The global Domain Name System (DNS) system consists of DNS servers, not DNS hosts. D: The global Domain Name System (DNS) system consists of DNS servers, not DNS workstations. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 591 QUESTION 643 The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. B. C. D.

Netware Architecture. Network Architecture. WAN Architecture. Multiprotocol Architecture.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Network architecture is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, including protocols and access methods, as well as data formats used in its operation. Incorrect Answers:

CISSP

A: Novell Netware is specific to the vendor Novell. C: WAN Architecture is not used for the various components of a network. It used for components that enables different local network to communicate with other networks. D: The physical components must be included as well, not just the protocols. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 246 QUESTION 644 Unshielded Twisted Pair cabling is a: A. B. C. D.

four-pair wire medium that is used in a variety of networks. three-pair wire medium that is used in a variety of networks. two-pair wire medium that is used in a variety of networks. one-pair wire medium that is used in a variety of networks.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Unshielded Twisted Pair cabling consists of an outer jacket and four pairs of twisted wire medium. Incorrect Answers: B: There are four pairs, not three. C: There are four pairs, not two. D: There are four pairs, not one. References: https://en.wikipedia.org/wiki/Twisted_pair#Unshielded_twisted_pair_.28UTP.29 QUESTION 645 In the UTP category rating, the tighter the wind: A. B. C. D.

the higher the rating and its resistance against interference and crosstalk. the slower the rating and its resistance against interference and attenuation. the shorter the rating and its resistance against interference and attenuation. the longer the rating and its resistance against interference and attenuation.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: With Increased UTP category the better the signal is transmitted, that is the cable is more resistance against interference and crosstalk. The lowest category is 1 and the highest is 8.2. Incorrect Answers: B: The UTP categories are just numbers from 1 to 8.2. They do not represent speed. C: The UTP categories are just numbers. They do not represent length. D: The UTP categories are just numbers. They do not represent speed. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 559

CISSP

QUESTION 646 What works as an E-mail message transfer agent? A. B. C. D.

SMTP SNMP S-RPC S/MIME

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In e-mail clients SMTP works as a message transfer agent and moves the message from the user’s computer to the mail server when the user sends the e-mail message. Incorrect Answers: B: SNMP is used for monitoring the network, not for sending email messages. C: S-RPC is used for remote procedure not calls, and not for sending email messages. D: S/MIME is a standard for email encryption. It is not used to send email messages. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 599 QUESTION 647 Which of the following statements pertaining to packet switching is NOT true? A. B. C. D.

Most data sent today uses digital signals over network employing packet switching. Messages are divided into packets. All packets from a message travel through the same route. Each network node or point examines each packet for routing.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet switching does not set up a dedicated virtual link, and packets from one connection can pass through a number of different individual devices, instead of all of them following one another through the same devices. Incorrect Answers: A: Most traffic over the Internet uses packet switching and the Internet is basically a connectionless network. B: In a packet-switching network, the data are broken up into packets containing frame check sequence numbers. D: The packet switching packets go through different network nodes, and their paths can be dynamically altered by a router or switch that determines a better route for a specific packet to take. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 674 QUESTION 648 All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address.

CISSP

C. TCP address. D. Datagram address. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Each node on an IP network must have a unique IP address. Incorrect Answers: B: IP hosts use IP addresses, not MAC addresses. C: There is no such thing as a TCP address in the TCP/IP model. D: There is no such thing as a datagram address in the TCP/IP model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 541 QUESTION 649 An Ethernet address is composed of how many bits? A. B. C. D.

48-bit address 32-bit address. 64-bit address 128-bit address

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Ethernet is a common LAN media access technology standardized by IEEE 802.3. Ethernet uses 48-bit MAC addressing, works in contention-based networks, and has extended outside of just LAN environments. Incorrect Answers: B: An Ethernet address has 48 bits, not 32 bits. C: An Ethernet address has 48 bits, not 64 bits. D: An Ethernet address has 48 bits, not 128 bits. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 578 QUESTION 650 Address Resolution Protocol (ARP) interrogates the network by sending out a? A. B. C. D.

broadcast. multicast. unicast. semicast.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: CISSP

Explanation: ARP broadcasts a frame requesting the MAC address that corresponds with the destination IP address. Each computer on the subnet receives this broadcast frame, and all but the computer that has the requested IP address ignore it. The computer that has the destination IP address responds with its MAC address. Incorrect Answers: B: The ARP protocol uses broadcasts, not multicasts. C: The ARP protocol uses broadcasts, not unicast. D: The ARP protocol uses broadcasts, not semicast. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 581 QUESTION 651 When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. B. C. D.

Address Resolution Protocol (ARP). Reverse Address Resolution Protocol (RARP). Internet Control Message protocol (ICMP). User Datagram Protocol (UDP).

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The RARP protocol translates MAC (Ethernet) Address to IP addresses. Incorrect Answers: A: The ARP protocol translates IP addresses to MAC Addresses. It is the wrong direction. C: ICMP is not an address resolution protocol. D: UDP is not an address resolution protocol. It is a transport protocol. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 584 QUESTION 652 Which protocol's primary function is to facilitate file and directory transfer between two machines? A. B. C. D.

Telnet. File Transfer Protocol (FTP). Trivial File Transfer Protocol (TFTP). Simple Mail Transfer Protocol (SMTP)

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: FTP is a network application that supports an exchange of files between computers, and that requires anonymous or specific authentication. Incorrect Answers: A: Through Telnet users can access someone else's computer remotely. C: TFTP is less capable compared to FTP. TFTP is used where user authentication and directory visibility are CISSP

not required. D: SMTP is used only for sending email messages. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 125 QUESTION 653 What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)? A. B. C. D.

It is too complex to manage user access restrictions under TFTP Due to the inherent security risks It does not offer high level encryption like FTP It cannot support the Lightweight Directory Access Protocol (LDAP)

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TFTP is a network application that supports an exchange of fi les that does not require authentication. TFTP is not secure. Incorrect Answers: A: FTP is too insure, not too complex. C: The difference between FTP and TFTP is that TFTP does not offer authentication. D: Both FTP and TFTP support LDAP. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1276 QUESTION 654 Which protocol is used to send email? A. B. C. D.

File Transfer Protocol (FTP). Post Office Protocol (POP). Network File System (NFS). Simple Mail Transfer Protocol (SMTP).

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In e-mail clients SMTP works as a message transfer agent and moves the message from the user’s computer to the mail server when the user sends the e-mail message. Incorrect Answers: A: FTP is a network application that supports an exchange of files between computers. B: The Post Office Protocol (POP) is an application-layer Internet standard protocol used by local e-mail clients to retrieve, not to send, e-mail from a remote server over a TCP/IP connection. C: The Network File System (NFS) is a client/server application that lets a computer user view and optionally store and update file on a remote computer as though they were on the user's own computer. References:

CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 599 QUESTION 655 Which of the following best describes the Secure Electronic Transaction (SET) protocol? A. B. C. D.

Originated by VISA and MasterCard as an Internet credit card protocol using Message Authentication Code. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer. Originated by VISA and American Express as an Internet credit card protocol using SSL.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. With SET an entity verifies a digital signature of the sender and digitally signs the information before it is sent to the next entity involved in the process. Incorrect Answers: A: SET uses digital signatures, not Message Authentication Codes. C: SET uses digital signatures, not transport layer security. D: Visa and Mastercard, not American Express, has proposed the SET protocol. The current security solution in use for credit cards transfers use SSL, but SET uses digital signatures. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 857 QUESTION 656 Which of the following protocols is designed to send individual messages securely? A. B. C. D.

Kerberos Secure Electronic Transaction (SET). Secure Sockets Layer (SSL). Secure HTTP (S-HTTP).

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: S-HTTP provides protection for each message sent between two computers, but not the actual link. Incorrect Answers: A: Kerberos is a network authentication protocol. It is not used to secure messages. B: SET is designed to provide secure credit card transactions, not to provide secure transfer of messages. C: HTTPS protects the communication channel, not each individual message separately. HTTPS is HTTP that uses SSL for security purposes. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 873 QUESTION 657 Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?

CISSP

A. B. C. D.

Application Layer. Transport Layer. Session Layer. Network Layer.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Both SET and S-HTTP provides application layer security. Incorrect Answers: B: SET and S-HTTP work at the application layer, not at the transportation layer. C: SET and S-HTTP work at the session layer, not at the transportation layer. D: SET and S-HTTP work at the network layer, not at the transportation layer. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 856 QUESTION 658 Why does fiber optic communication technology have significant security advantage over other transmission technology? A. B. C. D.

Higher data rates can be transmitted. Interception of data traffic is more difficult. Traffic analysis is prevented by multiplexing. Single and double-bit errors are correctable.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is very hard to intercept or wiretap. Incorrect Answers: A: High data rates are an advantage of fiber options, but speed in itself does not significantly increase speed. C: Multiplexing would not prevent traffic analysis. It would just make it harder. D: Correctable bits are not an advantage of fiber optic communication. QUESTION 659 Which of the following statements pertaining to IPSec NOT true? A. IPSec can help in protecting networks from some of the IP network attacks. B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication. C. IPSec protects against man-in-the-middle attacks. D. IPSec protects against spoofing. Correct Answer: B

CISSP

Section: Communication and Network Security Explanation Explanation/Reference: Explanation: IPSec works at the network layer, not at the transport layer. Incorrect Answers: A: IPSec protects networks by authenticating and encrypting each IP packet of a communication session. C: IPSec protects against man-in-the-middle attacks by combining mutual authentication with shared, cryptography-based keys. D: IPSec uses cryptography-based keys, shared only by the sending and receiving computers, to create a cryptographic checksum for each IP packet. The cryptographic checksum ensures that only the computers that have knowledge of the keys could have sent each packet. This products against spoofing. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1360 QUESTION 660 Which of the following is NOT a characteristic or shortcoming of packet filtering gateways? A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network. B. They don't protect against IP or DNS address spoofing. C. They do not support strong user authentication. D. They are appropriate for medium-risk environment. Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. Packet filtering gateways/firewalls would be insufficient for a medium-risk environment. Incorrect Answers: A: Packet filtering gateways can make access decisions based upon the following basic criteria: Source and destination IP addresses Source and destination port numbers Protocol types Inbound and outbound traffic direction B: Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa). On the other hand packet filtering gateways would not be able to protect against DNS spoofing. A stateful firewall is needed to protect against DNS spoofing C: Packet filter gateways cannot ensure strong user authentication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 661 In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates

CISSP

C. An encrypted Virtual Private Network D. Encryption Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A virtual private network (VPN) is a secure, private connection through an untrusted Network. It is a private connection because the encryption and tunneling protocols are used to ensure the confidentiality and integrity of the data in transit. Incorrect Answers: A: The main purpose of a screened subnet it to set up a demilitarized zone, not to protect connections over an insecure network. B: A digital certificate provides identifying information. It is not used to protect connections over an insecure network. D: Encryption can be used to protect connections over an insecure network, but it cannot protect the integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 701 QUESTION 662 Which of the following protocols does not operate at the data link layer (layer 2)? A. B. C. D.

PPP RARP L2F ICMP

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: ICMP works at the network layer of the OSI model. Incorrect Answers: A: RARP is a data link layer protocol. B: L2F is a data link layer protocol. C: ICMP is a data link layer protocol. References: https://en.wikipedia.org/wiki/Network_layer QUESTION 663 Which of the following protocols operates at the session layer (layer 5)? A. B. C. D.

RPC IGMP LPD SPX

Correct Answer: A Section: Communication and Network Security

CISSP

Explanation Explanation/Reference: Explanation: Remote procedure call (RPC) works at the session layer of the OSI model. Incorrect Answers: B: ICMP works at the network layer of the OSI model. C: LPD (Line Printer Daemon Protocol) is an application layer protocol. D: SPX is a transport layer protocol. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 524 QUESTION 664 Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? A. B. C. D.

Host-to-host layer Internet layer Network access layer Session layer

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The network layer of the OSI model corresponds to the Internet layer of the TCP/IP model. Incorrect Answers: A: The host-to-host layer of the TCP/IP model corresponds to the Transport layer of the OSI model. C: The host-to-host layer of the TCP/IP model corresponds to the Data link layer of the OSI model. D: The TCP/IP model does not have any session layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518 QUESTION 665 Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. B. C. D.

Physical Data link Network Session

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer. It is concerned with local delivery of frames between devices on the same LAN.

CISSP

Incorrect Answers: A: The physical layer defines the means of transmitting raw bits rather than logical data packets over a physical link connecting network nodes. C: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel. D: The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 528 QUESTION 666 The Logical Link Control sub-layer is a part of which of the following? A. B. C. D.

The ISO/OSI Data Link layer. The Reference monitor. The Transport layer of the TCP/IP stack model. Change management control.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The ISO/OSI data link layer is divided into two functional sublayers: the Logical Link Control (LLC) and the Media Access Control (MAC). Incorrect Answers: B: Logical Link Control is a sublayer of the Data link layer, and not part of the Reference monitor. C: Logical Link Control is a sublayer of the Data link layer, and not part of the Transport layer. D: Logical Link Control is a sublayer of the Data link layer, and not part of the Change management control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 528 QUESTION 667 Which of the following services relies on UDP? A. B. C. D.

FTP Telnet DNS SMTP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: DNS primarily uses User Datagram Protocol (UDP) on port number 53 to serve requests.DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. Incorrect Answers: A: FTP uses the TCP protocol. B: Telnet uses the TCP protocol. C: SMTP uses the TCP protocol.

CISSP

References: https://en.wikipedia.org/wiki/Domain_Name_System QUESTION 668 Which of the following is NOT a common weakness of packet filtering firewalls? A. B. C. D.

Vulnerability to denial-of-service and related attacks. Vulnerability to IP spoofing. Limited logging functionality. No support for advanced user authentication schemes.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filters are useful in IP address spoofing attack prevention because they are capable of filtering out and blocking packets with conflicting source address information (packets from outside the network that show source addresses from inside the network and vice-versa). Incorrect Answers: A: Packet filtering firewalls, as they are stateless, are vulnerable to denial-of-service attacks. A stateful firewall would be able to handle these attacks better. C: Logging is no problem when using packet filtering firewalls. D: Packet filter gateways cannot ensure strong user authentication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 669 Which Network Address Translation (NAT) is the MOST convenient and secure solution? A. B. C. D.

Hiding Network Address Translation Port Address Translation Dedicated Address Translation Static Address Translation

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Port Address Translation (PAT) maps one internal IP address to an external IP address and port number combination. Thus, PAT can theoretically support 65,536 (2 16 ) simultaneous communications from internal clients over a single external leased IP address. A company can save a lot of money by using PAT, because the company needs to buy only a few public IP addresses, which are used by all systems in the network. Incorrect Answers: A: NAT maps one internal IP address to one external IP address. Compared to PAT this is pretty bad. C: There is no NAT implementation called Dedicated Address Translation. D: Static Address Translation is not convenient as it must be configured manually. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 606

CISSP

QUESTION 670 What is the primary difference between FTP and TFTP? A. B. C. D.

Speed of negotiation Authentication Ability to automate TFTP is used to transfer configuration files to and from network equipment.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TFTP is less capable compared to FTP. TFTP is used where user authentication and directory visibility are not required. Incorrect Answers: A: Both FTP and TFTP have ability to negotiate speedC: There is ability to automate both FTP and TFTP. D: TFTP can be used to transfer any files, not just configuration files between network equipment. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 125 QUESTION 671 Which of the following cable types is limited in length to 185 meters? A. B. C. D.

10BaseT RG8 RG58 10Base5

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: RG-58 was once widely used in "thin" Ethernet (10BASE2), where it provides a maximum segment length of 185 meters. Incorrect Answers: A: 10BaseT has a maximal distance of 100 meters. B: RG-8 has a maximal distance of 500 meters. D: 10Base5 has a maximal distance of 500 meters. References: https://en.wikipedia.org/wiki/RG-58 QUESTION 672 In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser

CISSP

C. The web server D. The merchant's Certificate Server Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: HTTP Secure (HTTPS) is HTTP running over SSL. The client browser generates a session key and encrypts it with the server’s public key. Incorrect Answers: A: Only the client generates the key. C: The client, not the server, generates the key. D: The client, not a certification server, generates the key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 855 QUESTION 673 Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is NOT true? A. B. C. D.

PPTP allows the tunnelling of any protocols that can be carried within PPP. PPTP does not provide strong encryption. PPTP does not support any token-based authentication method for users. PPTP is derived from L2TP.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Explanation: PPTP is an encapsulation protocol based on PPP that works at OSI layer 2 (Data Link) and that enables a single point-to-point connection, usually between a client and a server. While PPTP depends on IP to establish its connection. As currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI over IP networks. PPTP does have some limitations: It does not provide strong encryption for protecting data, nor does it support any token-based methods for authenticating users. L2TP is derived from L2F and PPTP, not the opposite. QUESTION 674 During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate? A. The firewall software shall run on a dedicated computer. B. Appropriate firewall documentation and a copy of the rulebase shall be maintained on offline storage at all times. C. The firewall shall be configured to deny all services not expressly permitted. D. The firewall should be tested online first to validate proper configuration. Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: CISSP

Explanation: For security reasons, the firewall should be tested offline. Incorrect Answers: A: A firewall may take the form of either software installed on a regular computer using a regular operating system or a dedicated hardware appliance that has its own operating system. The second choice is usually more secure. B: It is important to make a backup of the configuration of the firewall. C: All unneeded ports should be closed, and all unneeded services should be denied. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 643 QUESTION 675 SMTP can best be described as: A. B. C. D.

a host-to-host email protocol. an email retrieval protocol. a web-based e-mail reading protocol. a standard defining the format of e-mail messages.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In e-mail clients SMTP works as a message transfer agent and moves the message from the user’s computer to the mail server when the user sends the e-mail message. Incorrect Answers: B: SMTP is used only for sending, not retrieving, email messages. C: SMTP is used only for sending, not reading, email messages. D: SMTP is not a format of email messages. It is a protocol for sending email messages. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 599 QUESTION 676 Which of the following is not a security goal for remote access? A. B. C. D.

Reliable authentication of users and systems Protection of confidential data Easy to manage access control to systems and network resources Automated login for remote users

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Automated login is not a goal for remote access. Incorrect Answers: A: Secure remote access requires reliable authentication. B: Secure remote access requires protection of confidential data. C: Secure remote access requires an access control that is manageable. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1250 QUESTION 677 What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host? A. B. C. D.

Boink attack Land attack Teardrop attack Smurf attack

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A land (Local Area Network Denial) attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address to an open port as both source and destination. This causes the machine to reply to itself continuously. Incorrect Answers: A: The Boink attack manipulates a field in TCP/IP packets, called a fragment offset. This field tells a computer how to reconstruct a packet that was broken up (fragmented) because it was too big to transmit in a whole piece. By manipulating this number, the Boink attack causes the target machine to reassemble a packet that is much too big to be reassembled. This causes the target computer to crash. C: A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. D: The Smurf Attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 257 QUESTION 678 Which of the following is NOT a component of IPSec? A. B. C. D.

Authentication Header Encapsulating Security Payload Key Distribution Center Internet Key Exchange

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A Key Distribution Center (KDC) is not used by IPSec. Kerberos uses a KDC for authentication. Incorrect Answers: A: The Authentication Header (AH) security protocol is used by IPSec. B: The Encapsulating Security Payload (ESP) security protocol is used by IPSec. D: The Internet Key Exchange (IKE) is the first phase of IPSec authentication, which accomplishes key CISSP

management. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 861 QUESTION 679 Which of the following statements pertaining to IPSec is NOT true? A. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established. B. Integrity and authentication for IP datagrams are provided by AH. C. ESP provides for integrity, authentication and encryption to IP datagrams. D. In transport mode, ESP only encrypts the data payload of each packet. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: One security association (SA) is not enough to establish bi-directional communication. Each device will have at least one security association (SA) for each secure connection it uses, so two security associations would be required. Incorrect Answers: B: AH provides authentication and integrity for the IP datagrams. C: ESP provides authentication, integrity, and encryption for the IP datagrams. D: In IPSec transport mode the payload, but not the routing and header information, of the message is protected. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 862 QUESTION 680 Which of the following statements pertaining to packet filtering NOT true? A. B. C. D.

It is based on ACLs. It is not application dependent. It operates at the network layer. It keeps track of the state of a connection.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering firewalls are stateless. They do not keep track of the state of a connection. Incorrect Answers: A: The device that is carrying out packet filtering processes is configured with ACLs, which dictate the type of traffic that is allowed into and out of specific networks. B: Packet filtering firewalls are application dependent. C: Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. D: Packet filtering works at the network and transport layers, not at the application layer. It is not application dependent.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 681 Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? A. B. C. D.

Time-division multiplexing Asynchronous time-division multiplexing Statistical multiplexing Frequency division multiplexing

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Statistical time-division multiplexing (STDM) transmits several types of data simultaneously across a single transmission cable or line. The communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. Incorrect Answers: A: Time-division multiplexing (TDM) is less complex compared to Statistical multiplexing. In its primary form, TDM is used communication with a fixed number of channels and constant bandwidth per channel. B: Asynchronous time-division multiplexing (TDM) is similar to TDM. It uses a fixed number channels, not an arbitrary number of channels like STDM. D: Frequency-division multiplexing (FDM) uses an available wireless spectrum, not a communication channel, to move data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 672 QUESTION 682 If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet: A. It should be host-based and installed on the most critical system in the DMZ, between the external router and the firewall. B. It should be network-based and installed in the DMZ, between the external router and the firewall. C. It should be network-based and installed between the firewall to the DMZ and the intranet. D. It should be host-based and installed between the external router and the Internet. Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Network Intrusion Detection Systems (NIDS) are placed at a strategic point, such as between the internetfacing router and the firewall, within the network to monitor traffic to and from all devices on the network. Incorrect Answers: A: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities on that computer only. C: It is better to place the IDS between the DMZ and the internet. D: A host-based IDS is an IDS that is installed on a single computer and can monitor the activities on that CISSP

computer only. References: https://en.wikipedia.org/wiki/Intrusion_detection_system QUESTION 683 Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. B. C. D.

Because infrared eavesdropping requires more sophisticated equipment. Because infrared operates only over short distances. Because infrared requires direct line-of-sight paths. Because infrared operates at extra-low frequencies (ELF).

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Infrared communications require line-of-sight transmission. This makes infrared relative secure from electronic eavesdropping. Incorrect Answers: A: Infrared eavesdropping does not require more advanced transmissions. B: Infrared operates over short distances, but this is not the main reason it is hard to eavesdrop. Compared to multidirectional radio transmission a direct line of sight is necessary. D: Infrared operates at high frequencies around 430 THz. QUESTION 684 Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except: A. B. C. D.

Authentication Integrity Replay resistance and non-repudiations Confidentiality

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Integrity and authentication for IP datagrams are provided by AH, but AH does not provide Confidentiality. Incorrect Answers: A: Authentication is provided by AH. B: Integrity is provided by AH. C: Authentication Headers (AH) might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. With non-repudiations comes replay resistance. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 862 QUESTION 685 In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:

CISSP

A. B. C. D.

Tunnel mode of operation is required Only transport mode can be used Encapsulating Security Payload (ESP) authentication must be used Both tunnel and transport mode can be used

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In IPSec tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications. Incorrect Answers: B: Tunnel mode, not transport mode, must be used. C: Tunnel mode, not ESP authentication, must be used. D: Only tunnel mode can be used. References: https://en.wikipedia.org/wiki/IPsec#Tunnel_mode QUESTION 686 Which of the following is NOT true about IPSec Tunnel mode? A. B. C. D.

Fundamentally an IP tunnel with encryption and authentication Works at the Transport layer of the OSI model Have two sets of IP headers Established for gateway service

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: IPSec Tunnel mode works at the Internet layer, not at the Transport layer. Incorrect Answers: A: In IPSec tunnel mode, the entire IP packet is encrypted and/or authenticated. C: In tunnel mode, the entire IP packet is encrypted and/or authenticated. It is then encapsulated into a new IP packet with a new IP header. That is, in tunnel mode, there are two sets of IP headers. D: Tunnel mode is used to create virtual private networks for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access or for gateway services) and host-to-host communications. References: https://en.wikipedia.org/wiki/IPsec#Tunnel_mode QUESTION 687 Which of the following statements is NOT true of IPSec Transport mode? A. It is required for gateways providing access to internal systems B. Set-up when end-point is host or communications terminates at end-points

CISSP

C. If used in gateway-to-host communication, gateway must act as host D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Tunnel mode, not transport mode, is required for gateway services. Incorrect Answers: B: Transport mode is allowed between two end hosts only. C: As Transport mode only is allowed between two end hosts, the gateway must act as a host. D: ESP operates directly on top of IP. The encryption is only applied to the upper layer protocols contained in the packet. References: https://tools.ietf.org/html/rfc3884 QUESTION 688 Which of the following statements pertaining to firewalls NOT true? A. B. C. D.

Firewalls create bottlenecks between the internal and external network. Firewalls allow for centralization of security services in machines optimized and dedicated to the task. Firewalls protect a network at all layers of the OSI models. Firewalls are used to create security checkpoints at the boundaries of private networks.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering firewalls work at the network level of the OSI model. If you filter specific ports, you can say you're filtering at layer 4. If your firewall inspects specific protocol states or data, you can say it operates at layer 7. Firewalls do not work at layer 1, layer 2, or layer 3 of the OSI model. Incorrect Answers: A: Firewalls can create bottlenecks between the internal and external network. B: Firewalls can be administered from a central location. D: Firewall are most often placed at the boundaries of the private networks to implement a security checkpoint to restrict access from the Internet. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 628 QUESTION 689 Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address? A. B. C. D.

IP Spoofing IP subnetting Port address translation IP Distribution

CISSP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Port address translation (PAT) is an implementation of Network Address Translation. PAT is a mechanism for converting the internal private IP addresses found in packet headers into public IP addresses and port numbers for transmission over the Internet. PAT supports a many-to-one mapping of internal to external IP addresses by using ports. Incorrect Answers: A: IP Spoofing does not involve mapping of IP addresses. IP spoofing is the creation of Internet Protocol (IP) packets with a forged source IP address, with the purpose of concealing the identity of the sender or impersonating another computing system B: IP subnetting is the practice of dividing a network into two or more networks. D: The distribution of IP addresses does not involve mapping of IP addresses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 606 QUESTION 690 At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed? A. B. C. D.

Network layer Session layer Transport layer Data link layer

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Encrypted authentication is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network. Encrypted authentication is convenient because it happens at the transport layer between a client software and a firewall, allowing all normal application software to run without hindrance. Incorrect Answers: A: The firewall encrypted authentication feature is performed at the transport layer, not the network layer. B: The firewall encrypted authentication feature is performed at the transport layer, not the session layer. D: The firewall encrypted authentication feature is performed at the transport layer, not the data link layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1161 QUESTION 691 Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5.

CISSP

D. Only attaching modems to non-networked hosts. Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Containing the dial-up security problem is conceptually easy: Put your RAS server outside your firewall in the public security zone, and force legitimate users to authenticate with your firewall first to gain access to private network resources. Allow no device to answer a telephone line behind your firewall. This eliminates dial-up as a vector by forcing it to work like any other Internet connection. Incorrect Answers: A: Using a TACACS+ server would increase security, but using a firewall is a better solution. C: Increasing the modem ring count setting would just minimally increase security. D: To provide remote access the modems must be connected to the network. QUESTION 692 Which of the following was designed to support multiple network types over the same serial link? A. B. C. D.

Ethernet SLIP PPP PPTP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Point-to-Point Protocol (PPP) is a full - duplex protocol used for the transmission of TCP/IP packets over various non-LAN connections, such as modems, ISDN, VPNs, Frame Relay, and so on. PPP permits multiple network layer protocols to operate on the same communication link. Incorrect Answers: A: Ethernet is a link layer protocol in the TCP/IP stack, but Ethernet is not used for serial links. B: SLIP is a predecessor of PPP which do not support multiple network types over a single link. D: PPTP is a tunneling protocol which uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. PPTP tunnels do not handle network types. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 683 QUESTION 693 What is an IP routing table? A. B. C. D.

A list of IP addresses and corresponding MAC addresses. A list of station and network addresses with corresponding gateway IP address. A list of host names and corresponding IP addresses. A list of current network interfaces on which IP routing is enabled.

Correct Answer: B Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: A routing table is a set of rules, often viewed in table format that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. The routing table stores route information about directly connected and remote networks. Incorrect Answers: A: An IP Routing table does not contain MAC addresses. B: There are not host names in IP routing tables. D: A routing table does not include a list of network interface which are IP routing enabled. A routing table includes an Interface address, which is the outgoing network interface the device should use when forwarding the packet to the next hop or final destination. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 615 QUESTION 694 Which of the following should be allowed through a firewall to easy communication and usage by users? A. B. C. D.

RIP IGRP DNS OSPF

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: DNS translates domain names into IP addresses, which enables us to use domain names instead of IP addresses. Incorrect Answers: A: RIP is a routing protocol. A routing protocol forwards routing information between routers, but does make it easier for users to communicate. B: IGRP is a routing protocol. A routing protocol forwards routing information between routers, but does make it easier for users to communicate. D: OSPF is a routing protocol. A routing protocol forwards routing information between routers, but does make it easier for users to communicate. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 599 QUESTION 695 Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN? A. B. C. D.

DHCP BootP DNS ARP

Correct Answer: B Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: BOOTP has been used for Unix-like diskless workstations to obtain the network location of their boot image, in addition to the IP address assignment. Enterprises used it to roll out a pre-configured client (e.g., Windows) installation to newly installed PCs. Incorrect Answers: A: DHCP is a network protocol used on IP networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. C: DNS translates domain names into IP addresses, which enables us to use domain names instead of IP addresses. D: The ARP protocol translates IP addresses to MAC Addresses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 585 QUESTION 696 What is the greatest danger from DHCP? A. B. C. D.

An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. Having multiple clients on the same LAN having the same IP address. Having the wrong router used as the default gateway. Having the organization's mail server unreachable.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The main security risk concerning DHCP is that unauthorized (rogue) DHCP servers offering IP configuration to DHCP clients. Rogue DHCP servers are often used in man in the middle or denial of service attacks for malicious purposes. Incorrect Answers: B: IP address collisions are not a major security risk. C: Incorrect default gateway is not a major security problem compared to a rogue DHCP Server. D: An unreachable mail server is not a main security concern compared to the damage a rogue DHCP server can do. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 598 QUESTION 697 Which of the following allows two computers to coordinate in executing software? A. B. C. D.

RSH RPC NFS SNMP

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation:

CISSP

The programmer of a piece of software can write a function call that calls upon a subroutine. The subroutine could be local to the system or be on a remote system. If the subroutine is on a remote system, it is a Remote Procedure Call (RPC). The RPC request is carried over a session layer protocol. The result that the remote system provides is then returned to the requesting system over the same session layer protocol. With RPC a piece of software can execute components that reside on another system. Incorrect Answers: A: The remote shell (rsh) is a command line computer program that can execute shell commands as another user, and on another computer across a computer network. RSH is not used to remotely execute software. C: The Network File System (NFS) is not used to execute software remotely. NFS is a client/server application that lets a computer user view and optionally store and update file on a remote computer as though they were on the user's own computer. D: SNMP is used for monitoring the network, not for remote software execution. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 525 QUESTION 698 Which of the following should NOT normally be allowed through a firewall? A. B. C. D.

SNMP SMTP HTTP SSH

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: SNMP is used for monitoring network traffic. SNMP would monitor the traffic on a single segment and there would be no reason to allow SNMP traffic through a firewall. Incorrect Answers: B: Users must be allowed to send email messages, so SMTP traffic must be allowed. C: Users must be allowed to browse the internet, so HTTP traffic must be allowed. D: Users must be allowed to log into a remote machine and execute commands, so SSH traffic must be allowed. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 587 QUESTION 699 Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts? A. B. C. D.

Static translation Load balancing translation Network redundancy translation Dynamic translation

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: CISSP

Explanation: Port address translation (PAT) is a dynamic NAT translation. It maps one internal IP address to an external IP address and port number combination. Thus, PAT can theoretically support 65,536 (2 16) simultaneous communications from internal clients over a single external leased IP address. Incorrect Answers: A: With static translation each private address is statically mapped to a specific public address. B: There is no NAT implementation named Load balancing translation. C: There is no NAT implementation called Network redundancy translation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 606 QUESTION 700 Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality? A. B. C. D.

Network redundancy translation Load balancing translation Dynamic translation Static translation

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Static translation offers no protection against IP Spoofing. Incorrect Answers: A: There is no NAT firewall translation mode called Network redundancy translation. B: There is no NAT firewall translation mode called Load balancing translation. C: Port address translation (PAT) is a dynamic NAT translation. It maps one internal IP address to an external IP address and port number combination. With Dynamic NAT te internal IP address is hidden from external hackers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 606 QUESTION 701 Which of the following is the primary security feature of a proxy server? A. B. C. D.

Virus Detection URL blocking Route blocking Content filtering

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. The application-level proxy understands the packet as a whole and can make access decisions based on the content of the packets.

CISSP

Incorrect Answers: A: Firewalls does not detect viruses. B: A proxy server firewall does not use URL blocking. C: A proxy server firewall does not use route blocking. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 636 QUESTION 702 Which of the following is an advantage of proxies? A. B. C. D.

Proxies provide a single point of access, control, and logging. Proxies must exist for each service. Proxies create a single point of failure. Proxies do not protect the base operating system.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Proxies provide services through a single access point. Proxies can be installed in order to eavesdrop upon the data-flow between client machines and the web. All content sent or accessed – including passwords submitted and cookies used – can be captured and analyzed by the proxy operator. Incorrect Answers: B: A proxy can handle many services, not only a single service. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. C: Proxies does not create a single point of failure. D: Firewall proxies protect the base operating system. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 653 QUESTION 703 Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network? A. B. C. D.

Inbound packets with Source Routing option set Router information exchange protocols Inbound packets with an internal address as the source IP address Outbound packets with an external destination IP address

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Internal users access the internet will create outbound packets with external IP addresses. These legit packets should not be dropped. Incorrect Answers: A: Firewalls do not drop packet based on routing options. B: Firewalls do not drop packet based on routing protocol information. C: Inbound packets should have an external source address. If the inbound packet has an internal source CISSP

address it must be dropped. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 704 A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the: A. B. C. D.

desired service. dedicated service. delayed service. distributed service.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The filters can make access decisions based upon the following basic criteria: Source and destination port numbers (such as an application port or a service number) Protocol types Source and destination IP addresses Inbound and outbound traffic direction Incorrect Answers: B: A packet filtering firewall can grant access to desired services, not dedicated services, through source and destination numbers. C: A packet filtering firewall can grant access to desired services, not delayed services, through source and destination numbers. D: A packet filtering firewall can grant access to desired services, not distributed services, through source and destination numbers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 705 Frame relay uses a public switched network to provide: A. B. C. D.

Local Area Network (LAN) connectivity. Metropolitan Area Network (MAN) connectivity. Wide Area Network (WAN) connectivity. World Area Network (WAN) connectivity.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Frame relay is a Wide Area Network (WAN) technology. Incorrect Answers: A: Frame relay is not used in local area networks. It is a WAN technology. B: Frame relay is not used Metropolitan Area Network (MAN) networks. It is a WAN technology. D: There is no connectivity technology named World Area Network (WAN). CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 677 QUESTION 706 Which of the following is a drawback of fiber optic cables? A. B. C. D.

It is affected by electromagnetic interference (EMI). It can easily be tapped. The expertise needed to install it. The limited distance at high speeds.

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Fiber-optic cable is expensive and difficult to work with. Incorrect Answers: A: Fiber optic cables are not affected by electromagnetic interference (EMI). B: Fiber optic cables are hard to tap. D: Fiber-optic cabling has higher transmission speeds that allow signals to travel over longer distances. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 560 QUESTION 707 Which of the following is the MOST secure firewall implementation? A. B. C. D.

Dual-homed host firewalls Screened-subnet firewalls Screened-host firewalls Packet-filtering firewalls

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A screened-subnet architecture is the most secure solution as it adds another layer of security to the screenedhost architecture, which in turn is more secure than both Dual-homed host firewalls and Packet-filtering firewalls. Incorrect Answers: A: Dual-homed host firewalls are less secure compared to screened-host firewall. C: Screened-host firewalls are less secure compared to Screened-subnet firewalls, as the screened-subnet architecture is missing. A screened host is a firewall that communicates directly with a perimeter router and the internal network. D: A packet-filtering firewall is part of a screened-host firewall architecture, but is less secure as the screenedhost firewall is missing. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 646

CISSP

QUESTION 708 A Packet Filtering Firewall system is considered a: A. B. C. D.

first generation firewall. second generation firewall. third generation firewall. fourth generation firewall.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet filtering was the first generation of firewalls and it is the most rudimentary type of all of the firewall technologies. Incorrect Answers: B: Packet filtering is a first generation firewall, not a second generation firewall. Application -level gateways are known as second generation firewalls. C: Packet filtering is a first generation firewall, not a third generation firewall. D: Packet filtering is a first generation firewall, not a fourth generation firewall. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 630 QUESTION 709 Proxies work by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. B. C. D.

data's payload. data's details. data's owner. data's origin.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Proxy servers act as an intermediary between the clients that want access to certain services and the servers that provide those services. The proxy server sends an independent request to the destination on behalf of the user, thereby masking the origin of the data. Incorrect Answers: A: The proxy server transfer they payload data to the destination. B: The proxy server transfer they payload data (the details of the data) to the destination. C: The origin of the data, not the owner of the data, is masked by the proxy server. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 653 QUESTION 710 An application layer firewall is also called a: A. Proxy

CISSP

B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A network-based application layer firewall is a computer networking firewall operating at the application layer of a protocol stack, and is also known as a proxy-based or reverse-proxy firewall. Incorrect Answers: B: Application layer firewall works at the application layer, not at the presentation layer. C: Application layer firewall works at the application layer, not at the session layer. D: Application layer firewall works at the application layer, not at the transport layer. References: https://en.wikipedia.org/wiki/Application_firewall#Network-based_application_firewalls QUESTION 711 Application Layer Firewalls operate at the: A. B. C. D.

OSI protocol Layer seven, the Application Layer. OSI protocol Layer six, the Presentation Layer. OSI protocol Layer five, the Session Layer. OSI protocol Layer four, the Transport Layer.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Application layer firewall works at the application layer, which is layer 7 in the OSI model. Incorrect Answers: B: Application layer firewalls do not work at OSI layer 6, the presentation layer. They are at the Application layer, layer 7. C: Application layer firewalls do not work at OSI layer 5, the session layer. They are at the Application layer, layer 7. D: Application layer firewalls do not work at OSI layer 4, the session layer. They are at the Transport layer, layer 7. References: https://en.wikipedia.org/wiki/Application_firewall QUESTION 712 One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and: A. B. C. D.

decide what to do with each application. decide what to do with each user. decide what to do with each port. decide what to do with each packet.

CISSP

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. At the lowest level the application firewall can examine each data packet. This slows down the performance. Incorrect Answers: A: Making decisions at the application level would not slow down the firewall. B: An application firewall cannot make decisions based on the user. C: Making decisions at the port level would not slow down the firewall, especially compared deciding what to do with each packet. References: https://en.wikipedia.org/wiki/Application_firewall QUESTION 713 A circuit level proxy is ____________ when compared to an application level proxy. A. B. C. D.

lower in processing overhead. more difficult to maintain. more secure. slower.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A circuit level proxy works at the session layer of the OSI model and monitors traffic from a network-based view. This type of proxy cannot “look into” the contents of a packet like an application level proxy; thus, it does not carry out deep-packet inspection. This means that, compared to an application level proxy, A circuit level proxy is faster. Incorrect Answers: B: A circuit level proxy is easier to maintain as it is less flexible. C: A circuit level proxy is less secure since it only works at the session layer, and cannot inspect data packets. D: A circuit level proxy is faster, not slower. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 636 QUESTION 714 In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the: A. B. C. D.

Network or Transport Layer. Application Layer. Inspection Layer. Data Link Layer.

Correct Answer: A Section: Communication and Network Security Explanation

CISSP

Explanation/Reference: Explanation: A stateful firewall filters traffic based on OSI Layer 3 (Network layer) and Layer 4 (Transport layer). Incorrect Answers: B: A stateful firewall does not operate at the Application layer. It work at the Network or Transport Layer. C: There is no inspection layer in the OSI model. D: A stateful firewall does not operate at the Data link layer. It work at the Network or Transport Layer. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 63 QUESTION 715 When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass: A. B. C. D.

packet filtering Circuit level proxy Dynamic packet filtering Application level proxy

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Ports up to 1023 are called well-known ports and are reserved for server-side services. The sending system must choose a dynamic port higher than 1023 when it sets up a connection with another entity. The dynamic packet-filtering firewall then creates an Access Control List (ACL) that allows the external entity to communicate with the internal system. Incorrect Answers: A: A Packet filtering firewall makes access decisions based upon network-level protocol header values. It does not use port numbers. B: A Circuit level proxy works at the session layer and does not use ports. D: An Application level proxy works at the packet level, not at the port level. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 640 QUESTION 716 A demilitarized zone is: A. B. C. D.

a part of a network perfectly safe from hackers a militarized network segment a firewall the network segment between the Internet and a private network

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A demilitarized zone (DMZ) is a network segment located between the protected private network and

CISSP

unprotected public network (typically being the Internet). Incorrect Answers: A: A demilitarized zone is not safe from hackers as it connected to the Internet. B: It is a demilitarized, not a militarized, zone. C: A demilitarized zone is not a firewall. A demilitarized zone is shielded by two firewalls: one facing the Internet, and one facing the private network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 628 QUESTION 717 A DMZ is located: A. B. C. D.

right behind your first Internet facing firewall right in front of your first Internet facing firewall right behind your first network active firewall right behind your first network passive Internet http firewall

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A demilitarized zone is shielded by two firewalls: one right behind the first Internet facing the Internet, and one facing the private network. Incorrect Answers: B: A demilitarized zone is shielded by the Internet facing firewall. It is not placed outside this firewall. C: A demilitarized zone is placed behind the first Internet facing firewall, not behind the first network active firewall. D: A demilitarized zone does not need to be placed behind a network passive Internet http firewall. It just needs to be place behind the first Internet facing firewall. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 629 QUESTION 718 The DMZ does not normally contain: A. B. C. D.

encryption server web server external DNS server mail relay

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The DMZ usually contains web servers, mail servers, and external DNS servers. Incorrect Answers: B: A web server is usually located in the DMZ. C: An external web server is usually located in the DMZ. D: A mail server is usually located in the DMZ. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 629 QUESTION 719 A DMZ is also known as a: A. B. C. D.

screened subnet. three legged firewall. place to attract hackers. bastion host.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: With a screened subnet, two firewalls are used to create a DMZ. Incorrect Answers: B: The three legged model is just one way of implementing a DMZ. A DMZ can be implemented in different ways. C: A place to attract hackers is called a honeypot, not a DMZ. D: A bastion host is not a DMZ. It is a computer that is fully exposed to attack. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 646 QUESTION 720 Network-based Intrusion Detection systems: A. B. C. D.

commonly reside on a discrete network segment and monitor the traffic on that network segment. commonly will not reside on a discrete network segment and monitor the traffic on that network segment. commonly reside on a discrete network segment and does not monitor the traffic on that network segment. commonly reside on a host and monitor the traffic on that specific host.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A network - based IDS (Intrusion Detection systems) watches for questionable activity occurring on the network medium by inspecting packets and observing network traffic patterns. Incorrect Answers: B: The networked-based ISD must be present on the network segment it is monitoring. C: The purpose of an Intrusion Detection system is to monitor the traffic. D: A host-based, not a network-based, IDS watches for questionable activity on a single computer system. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 54 QUESTION 721 Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

CISSP

A. B. C. D.

Signature-based IDS and statistical anomaly-based IDS, respectively. Signature-based IDS and dynamic anomaly-based IDS, respectively. Anomaly-based IDS and statistical-based IDS, respectively. Signature-based IDS and motion anomaly-based IDS, respectively.

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Knowledge-based detection is also called signature-based detection. In this case the IDS use a signature database and attempts to match all monitored events to its contents. Behavior-based detection is also called statistical intrusion detection, anomaly detection, and heuristics-based detection. Incorrect Answers: B: Behavior-based IDS is not dynamical anomaly-based. Behavior-based IDS can be said to be statistical anomaly-based. C: A knowledge-based IDS uses signatures, not anomalies. D: Motion anomaly-based IDS is not a synonym for behavior-based IDS. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56 QUESTION 722 Knowledge-based Intrusion Detection Systems (IDS) are more common than: A. B. C. D.

Network-based IDS Host-based IDS Behavior-based IDS Application-Based IDS

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: An IDS can detect malicious behavior using two common methods. One way is to use knowledge-based detection which is more frequently used. The second detection type is behavior-based detection. Incorrect Answers: A: A Network-based IDS is not a type of Knowledge-based Intrusion Detection System. B: A host-based IDS is not a type of Knowledge-based Intrusion Detection System. D: An application-based IDS is not a type of Knowledge-based Intrusion Detection System. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56 QUESTION 723 Which cable technology refers to the CAT3 and CAT5 categories? A. Coaxial cables

CISSP

B. Fiber Optic cables C. Axial cables D. Twisted Pair cables Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Twisted-pair cables are categorized into UTP categories CAT1, CAT2, CAT3, CAT4, CAT5, etc. Incorrect Answers: A: Coaxial cables do not have categories named CAT3 or CAT5. B: Fiber optic cables do not have categories named CAT3 or CAT5. C: Axial cables do not have categories named CAT3 or CAT5. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 559 QUESTION 724 The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to work with, inexpensive, and also resistant to multiple host failure at once, especially when used in one of the following topology: A. B. C. D.

Token Passing Configuration. Star Configuration. Ring Configuration. Point to Point Configuration.

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In Star topologies twisted-pair cabling is the preferred cabling. Incorrect Answers: A: In a Token Passing configuration Coaxial cabling works fine. C: In a Ring configuration Coaxial cabling works fine. D: Twisted cable has not special advantage compared to other cabling in a point-to-point configuration. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 92 QUESTION 725 Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented? A. B. C. D.

Token Link. Token system. Token Ring. Duplicate ring.

Correct Answer: C CISSP

Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Token Ring has a built in management and recovery system which makes it very fault tolerant. Incorrect Answers: A: Token link is not a network topology. B: Token system is not a network topology. D: Duplicate ring is not a network topology. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 570 QUESTION 726 Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network? A. B. C. D.

S-Telnet SSL Rlogin SSH

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Secure Shell (SSH) works as a type of tunneling mechanism that delivers terminal like access to remote computers. SSH should be used instead of Telnet, FTP, rlogin, rexec, or rsh, because it is more secure. Incorrect Answers: A: S-Telnet is only used for IBM 5250 data streams. B: SSL is supported for Telnet implementations. C: Rlogin is a software utility for Unix-like computer operating systems that enables users to log in on another host via a network. It is, however, less secure that SSH. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 860 https://en.wikipedia.org/wiki/Telnet https://en.wikipedia.org/wiki/Rlogin QUESTION 727 Which of the following is LESS likely to be used today in creating a Virtual Private Network? A. B. C. D.

L2TP PPTP IPSec L2F

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference:

CISSP

Explanation: Layer 2 Forwarding Protocol (L2F) is rarely used today. The following are the three most common VPN communications protocol standards: Point-to-Point Tunneling Protocol (PPTP). PPTP works at the Data Link Layer of the OSI model. Designed for individual client to server connections, it enables only a single point-to-point connection per session. This standard is very common with asynchronous connections that use Win9x or NT clients. PPTP uses native Point-to-Point Protocol (PPP) authentication and encryption services. Layer 2 Tunneling Protocol (L2TP). L2TP is a combination of PPTP and the earlier Layer 2 Forwarding Protocol (L2F) that works at the Data Link Layer like PPTP. It has become an accepted tunneling standard for VPNs. In fact, dial-up VPNs use this standard quite frequently. Like PPTP, this standard was designed for single point-topoint client to server connections. Note that multiple protocols can be encapsulated within the L2TP tunnel. IPSec. IPSec operates at the Network Layer and it enables multiple and simultaneous tunnels, unlike the single connection of the previous standards. IPSec has the functionality to encrypt and authenticate IP data. It is built into the new IPv6 standard, and is used as an add-on to the current IPv4. While PPTP and L2TP are aimed more at dial-up VPNs, IPSec focuses more on network-to-network connectivity. Incorrect Answers: A: L2TP and IPSec are commonly used together for VPNs today. B: PPTP is not used as commonly as L2TP and IPSec but it is more common than L2F. C: L2TP and IPSec are commonly used together for VPNs today. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 92 QUESTION 728 Which of the following answers presents the MOST significant threat to network based IDS or IPS systems? A. B. C. D.

Encrypted Traffic Complex IDS/IPS Signature Syntax Digitally Signed Network Packets Segregated VLANs

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Encrypted network packets present the biggest threat to an effective IDS/IPS plan because the network traffic cannot easily be decoded and examined. Encrypted packets cannot be examined by the IDS to determine if there is a threat there so in most cases the traffic is just forwarded along with the potential threat. There is an industry where a company provides examination services for your network traffic, acting like a proxy server for all your network traffic. You simply send them copies of your certificates so they can decode the traffic. This is common in the financial industry where violating federal law or being sued by federal investigators for insider trading can lead to business collapse. The external company examines all the network traffic coming and going from your network for potential liabilities. Incorrect Answers: B: Complex IDS/IPS Signature syntax: IDS/IPS signatures can be complex but this is not the MOST significant threat to the functionality of an IDS/IPS system. C: Digitally Signed Network Packets: This is not threat to IDS/IPS systems looking for dangerous network traffic. D: Segregated VLANs are only a threat if the IDS/IPS system is not monitoring traffic on the segregated VLAN.

CISSP

VLANs can present barriers to IDS/IPS systems spotting dangerous traffic. There is an easy solution to VLANs and IDS/IPS systems and that would be simply placing an IDS/IPS sensor on that VLAN and set it up to send its traffic to the IDS/IPS management system. QUESTION 729 Which of the following is NOT a countermeasure to traffic analysis? A. B. C. D.

Padding messages. Eavesdropping. Sending noise. Faraday Cage

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Eavesdropping is not a countermeasure, it is a type of attack where you are collecting traffic and attempting to see what is being sent between entities communicating with each other. Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder. Countermeasures to traffic analysis are similar to the countermeasures to cryptoattacks: Padding messages. Creating all messages to be a uniform data size by filling empty space in the data. Sending noise. Transmitting non-informational data elements mixed in with real information to disguise the real message Faraday cage can also be used as a countermeasure to traffic analysis as it prevents intruders from being able to access information emitted via electrical signals from network devices Incorrect Answers: A: Padding messages (creating all messages to be a uniform data size by filling empty space in the data) is a countermeasure to traffic analysis. C: Sending noise (transmitting non-informational data elements mixed in with real information to disguise the real message) is a countermeasure to traffic analysis. D: Faraday cage (preventing intruders from being able to access information emitted via electrical signals from network devices) is a countermeasure to traffic analysis. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 334 QUESTION 730 Which of the following describes the sequence of steps required for a Kerberos session to be established between a user (Principal P1), and an application server (Principal P2)? A. Principals P1 and Principals P2 authenticate to the Key Distribution Center (KDC), B. Principal P1 receives a Ticket Granting Ticket (TGT), and then Principal P2 requests a service ticket from the KDC. C. Principal P1 authenticates to the Key Distribution Center (KDC), Principal P1 receives a Ticket Granting Ticket (TGT), and Principal P1 requests a service ticket from the Ticket Granting Service (TGS) in order to access the application server P2 D. Principal P1 authenticates to the Key Distribution Center (KDC), E. Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and then Principal P1 requests a service ticket from the application server P2 CISSP

F. Principals P1 and P2 authenticate to the Key Distribution Center (KDC), Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and application server P2 requests a service ticket from P1 Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In the following sequence, the user (Principle P1) is Emily and the server (Principal P2) is a print server: 1. Emily comes in to work and enters her username and password into her workstation at 8:00 A.M. The Kerberos software on Emily’s computer sends the username to the authentication service (AS) on the KDC, which in turn sends Emily a ticket granting ticket (TGT) that is encrypted with Emily’s password (secret key). 2. If Emily has entered her correct password, then this TGT is decrypted and Emily gains access to her local workstation desktop. 3. When Emily needs to send a print job to the print server, her system sends the TGT to the ticket granting service (TGS), which runs on the KDC, and a request to access the print server. (The TGT allows Emily to prove she has been authenticated and allows her to request access to the print server.) 4. The TGS creates and sends a second ticket to Emily, which she will use to authenticate to the print server. This second ticket contains two instances of the same session key, one encrypted with Emily’s secret key and the other encrypted with the print server’s secret key. The second ticket also contains an authenticator, which contains identification information on Emily, her system’s IP address, sequence number, and a timestamp. 5. Emily’s system receives the second ticket, decrypts and extracts the embedded session key, adds a second authenticator set of identification information to the ticket, and sends the ticket on to the print server. 6. The print server receives the ticket, decrypts and extracts the session key, and decrypts and extracts the two authenticators in the ticket. If the print server can decrypt and extract the session key, it knows the KDC created the ticket, because only the KDC has the secret key used to encrypt the session key. If the authenticator information that the KDC and the user put into the ticket matches, then the print server knows it received the ticket from the correct principal. 7. Once this is completed, it means Emily has been properly authenticated to the print server and the server prints her document. Incorrect Answers: A: Principal P2 does not need to authenticate to the Key Distribution Center (KDC). There are more steps required than there are listed in this answer. B: Principal P1 must authenticate first. Principal P2 does not request a service ticket from the KDC. There are more steps required than there are listed in this answer. D: There are more steps required than there are listed in this answer. E: Principal P1 must authenticate first. Principal P1 does not request a service ticket from the application server P2. There are more steps required than there are listed in this answer. F: Principal P2 does not need to authenticate to the Key Distribution Center (KDC). Principal P2 does not request a service ticket from Principal P1. There are more steps required than there are listed in this answer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 210 QUESTION 731 A packet containing a long string of NOP's followed by a command is usually indicative of what? A. B. C. D.

A syn scan. A half-port scan. A buffer overflow attack. A packet destined for the network's broadcast address.

Correct Answer: C Section: Communication and Network Security

CISSP

Explanation Explanation/Reference: Explanation: In a carefully crafted buffer overflow attack, the stack is filled properly so the return pointer can be overwritten and control is given to the malicious instructions that have been loaded onto the stack instead of back to the requesting application. This allows the malicious instructions to be executed in the security context of the requesting application. In this example the buffer is filled with NOP's (No Operation) commands followed by the instruction that the attacker wants to be executed. Incorrect Answers: A: Syn scanning is not done by sending a packet with a long string of instructions. Syn scanning s is done by sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to every port on the server. B: A port scan is not done by sending a single packet with long string of instructions. A port scan, such as a half-port scan, is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. D: The purpose of sending this packet filled of instructions is likely to be a buffer-overflow attack, not that the packet is destined for the network's broadcast address. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 335 QUESTION 732 Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. B. C. D.

Plan for implementing workstation locking mechanisms. Plan for protecting the modem pool. Plan for providing the user with his account usage information. Plan for considering proper authentication options.

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: LANs are typically protected from the Internet by firewalls. However, to allow external access to a LAN, you need to open ports on the firewall to allow the connections. With the firewall allowing external connections into the LAN, your last line of defense is authentication. You need to ensure that the remote user connecting to the LAN is who they say they are. Therefore, before allowing external access into a LAN, you should plan and implement proper authentication. Incorrect Answers: A: Workstation locking mechanisms are not the most important consideration when allowing external access to a LAN. Without the proper authentication mechanism in place, an intruder could connect to the LAN from an unlocked workstation. B: Protecting the modem pool (if a modem pool is used to provide the remote access) is not the most important consideration when allowing external access to a LAN. Without the proper authentication mechanism in place, an intruder could connect to the LAN. C: Providing the user with his account usage information is not the most important consideration when allowing external access to a LAN. Protecting LAN resources by ensuring only authorized people can connect to the LAN is far more important. QUESTION 733 Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exist.

CISSP

Which of the basic method is more prone to false positive? A. B. C. D.

Pattern Matching (also called signature analysis) Anomaly Detection Host-based intrusion detection Network-based intrusion detection

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Anomaly Detection IDS learns about the normal activities and events on your system by watching and tracking what it sees. Once it has accumulated enough data about normal activity, it can detect abnormal and possibly malicious activities or events. There is a small risk that some non-harmful activity is classified as anomaly by mistake – false positives can occur. Incorrect Answers: A: A Pattern Matching IDS uses a signature database and attempts to match all monitored events to its contents. Only activities present in the database will be detected. There will be no false positives. C: Host-based intrusion detection is not an IDS analysis method. It is a classification on information source. A host - based IDS watches for questionable activity on a single computer system, especially by watching audit trails, event logs, and application logs. D: Network-based intrusion detection is not an IDS analysis method. It is a classification on information course. Here the source is a network segment. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56 QUESTION 734 You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it concerns you because: A. This could be a sign of covert channeling in bank network communications and should be investigated. B. It could be a sign of a damaged network cable causing the issue. C. It could be a symptom of malfunctioning network card or drivers and the source system should be checked for the problem. D. It is normal traffic because sometimes the previous fields 16 bit checksum value can over run into the urgent pointer's 16 bit field causing the condition. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Some Intrusion Detection System (IDS) evasion techniques involve deliberately violating the TCP or IP protocols in a way the target computer will handle differently from the IDS. For example, the TCP Urgent Pointer is handled differently on different operating systems and may not be handled correctly by the IDS. Incorrect Answers: B: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a damaged network cable. C: It is very unlikely that a changed TCP Urgent pointer value is caused by a hardware problem, such as a damaged network card, or by a corrupt driver. CISSP

D: The TCP Urgent pointer field does not contain checksums. References: https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques QUESTION 735 What would you call the process that takes advantages of the security provided by a transmission protocol by carrying one protocol over another? A. B. C. D.

Piggy Backing Steganography Tunneling Concealing

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A tunneling protocol allows a network user to access or provide a network service that the underlying network does not support or provide directly. Because tunneling involves repackaging the traffic data into a different form, perhaps with encryption as standard, one use of tunneling is to hide the nature of the traffic that is run through the tunnels. Incorrect Answers: A: Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. B: Steganography uses files, not protocols. Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. D: One protocol carrying another is called tunneling, not concealing. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 702 QUESTION 736 At which OSI layer does SSL reside in? A. B. C. D.

Application Session Transport Network

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: SSL encryption takes place at the transport layer. Incorrect Answers: A: SSL resides at transport layer, not at the application layer. B: SSL resides at transport layer, not at the session layer. D: SSL resides at transport layer, not at the network layer. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 846 CISSP

QUESTION 737 What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model? A. The Session layer sets up communication between protocols, while the Transport layer sets up connections between computer systems. B. The Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications. C. The Session layer sets up communication between computer systems, while the Transport layer sets up connections between protocols. D. The Transport layer sets up communication between applications, while the Session layer sets up connections between computer systems. Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The transport layer provides host-to-host (for example, computer-to-computer) communication services. The session layer provides the mechanism for opening, closing and managing a session between end-user application processes. Incorrect Answers: A: The session layer sets up communication between applications, not between protocols. C: The session layer sets up communication between applications, not between computer systems. The transport layer provides host-to-host communication services, not protocol-to-protocol services. D: The session layers sets up communication between applications, while the Transport layer sets up connections between computer systems. Not vice versa. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 522 QUESTION 738 What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests? A. B. C. D.

Ping of death attack SYN attack Smurf attack Buffer overflow attack

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: A SYN flood DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic. Incorrect Answers: A: The Ping of Death attack is based upon the use of oversized ICMP packets. It is not based on flooding the system with connection requests. C: In a smurf attack the attacker sends an ICMP ECHO REQUEST packet, not a connection request, with a spoofed source address to a victim’s network broadcast address. D: In Buffer overflow attack is an anomaly where a program, while writing data to a buffer (not sending CISSP

connection requests), overruns the buffer's boundary and overwrites adjacent memory locations. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 549 QUESTION 739 Of the following, which multiple access method for computer networks does 802.11 Wireless Local Area Network use? A. B. C. D.

CSMA/CA CSMA/CD 802.11 does not support multiple access methods 802.11 RTS/CTS Exchange

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: 802.11 Wireless Local Area Network uses CSMA\CA. Note: Carrier sense multiple access with collision avoidance (CSMA/CA) is a network multiple access method in which carrier sensing is used, but nodes attempt to avoid collisions by transmitting only when the channel is sensed to be "idle". Incorrect Answers: B: While Ethernet uses CSMA/CD, 802.11 Wireless does not. In wireless networks the collision detection of the alternative CSMA/CD is unreliable due to the hidden node problem. C: 802.11 uses Carrier sense multiple access (CSMA/CA). D: Wireless network uses CSMA/CA, not 802.11 RTS/CTS Exchange. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 578 QUESTION 740 Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. B. C. D.

Reverse ARP Poisoning ARP cache ARP table poisoning Reverse ARP table poisoning

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: An attacker that can modify the address table for a network device can potentially compromise the network. Modifying the address table with fake entries can cause switches to send frames to wrong nodes. An attacker can compromise the ARP table and change the MAC address so that the IP address points to his own MAC address. This type of attack is called an ARP table poisoning attack or a man-in-the-middle attack. Incorrect Answers: A: There is no hacker attack method called Reverse ARP. B: ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. CISSP

D: There is no hacker attack method called Reverse ARP table poisoning. QUESTION 741 What is the three-way handshake sequence used to initiate TCP connections? A. B. C. D.

ACK, SYN/ACK, ACK SYN, SYN/ACK, ACK SYN, SYN, ACK/ACK ACK, SYN/ACK, SYN

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The three-step handshake a TCP connection goes through is SYN, SYN/ACK, and ACK. Incorrect Answers: A: The initiate a TCP connection the handshake must start with a SYN, not with an ACK. C: The initiate a TCP connection the handshake must start with a SYN, followed by a SYN/ACK. The second step in the handshake is not SYN. D: The initiate a TCP connection the handshake must start with a SYN, not with an ACK. QUESTION 742 You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order. You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer? A. B. C. D.

TFTP SFTP FTP SCP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: TFTP is a simple protocol for transferring files, implemented on top of the UDP/IP protocols using well-known port number 69. Incorrect Answers: B: SFTP runs over an SSH session, usually on TCP port 22. C: FTP uses port 21, not port 69. D: SCP is a variant of BSD rcp utility that transfers files over SSH session. SSH uses port 22, not port 69. References: https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol QUESTION 743 What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP address.

CISSP

A. B. C. D.

Smurf Attack Fraggle Attack LAND Attack Replay Attack

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: In a Smurf Attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim’s network broadcast address. This means that each system on the victim’s subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packets—which is the victim’s address. All of these response packets go to the victim system and overwhelm it because it is being bombarded with packets it does not necessarily know how to process. The victim system may freeze, crash, or reboot. Incorrect Answers: B: A fraggle attack is a variation of a Smurf attack where an attacker sends a large amount of UDP traffic to ports 7 (echo) and 19 (chargen) to an IP Broadcast Address, with the intended victim's spoofed source IP address. C: A LAND attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address to an open port as both source and destination. This causes the machine to reply to itself continuously. D: A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 587 QUESTION 744 View the image below and identify the attack

CISSP

A. B. C. D.

DDoS DoS TFN Reflection Attack

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: When a hacker has a collection of compromised systems, it is referred to as a botnet (network of bots). In the exhibit they are marked as zombies. The hacker can use all of these systems to carry out powerful distributeddenial-of-service (DDoS) attacks or even rent these systems to spammers. The owner of this botnet controls the systems remotely, usually through the Internet Relay Chat (IRC) protocol. Incorrect Answers: B: A DoS attack is similar to a DDoS attack, but in a DoS attack there is only one single source of the attack. C: The Tribe Flood Network or TFN is a set of computer programs to conduct various DDoS attacks such as ICMP flood, SYN flood, UDP flood and Smurf attack. From the exhibit we have no evidence of a TFN attack, just of a DDoS attack. D: A reflection attack is a method of attacking a challenge-response authentication system that uses the same protocol in both directions. That is, the same challenge-response protocol is used by each side to authenticate the other side. A reflection attack uses only a single computer as source, not a set of zombie computers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1204 QUESTION 745 How many bits is the address space reserved for the source IP address within an IPv6 header? A. B. C. D.

128 32 64 256

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Compared to IPv4, IPv6 increases the IP address size from 32 bits to 128 bits to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler autoconfiguration of addresses. Incorrect Answers: B: IPv4 uses 32 bits, but IPv6 uses 128 bits. C: IPv6 uses 128 bits, not 64 bits. D: IPv6 uses 128 bits, not 256 bits. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 544 QUESTION 746 Which of the following service is a distributed database that translate host name to IP address to IP address to host name? CISSP

A. B. C. D.

DNS FTP SSH SMTP

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The Domain Name System is lists of domain names and IP addresses that are distributed on Domain Name System (DNS) Servers throughout the Internet in a hierarchy of authority. The DNS service translates domain names into IP addresses. Incorrect Answers: A: FTP does not translate host names to IP addresses. FTP is a network application that supports an exchange of files between computers. C: SSH does not translate host names to IP addresses. SSH allows remote login and other network services to operate securely over an unsecured network. D: SMTP is used for sending email messages. SMTP does not translate host names to IP addresses. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 591 QUESTION 747 Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc? A. B. C. D.

Smurf attack Traffic analysis Pharming Interrupt attack

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. At the fake site the user can be fooled into providing identity information such as passwords. Incorrect Answers: A: The aim of a smurf attack is not to steal information. A smurf attack is an exploitation of the Internet Protocol (IP) broadcast addressing to create a denial of service. B: Traffic analysis is not mostly used to steal identity information. D: The aim of an Interrupt attack is not to steal information. Interrupt Attacks are aimed to disrupt services. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 272 QUESTION 748 Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

CISSP

A. B. C. D.

SSL FTP SSH S/MIME

Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: SSL is primarily used to protect HTTP traffic. SSL capabilities are already embedded into most web browsers. Incorrect Answers: B: FTP is used to transfer files, not to secure data that are transferred. C: S/MIME is not to protect data sent in web applications. S/MIME, more specifically, is used to secure email messages. D: SSH is not used in a web based application. SSH allows remote login and other network services to operate securely over an unsecured network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 846 QUESTION 749 Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? A. B. C. D.

LLC and MAC; IEEE 802.2 and 802.3 LLC and MAC; IEEE 802.1 and 802.3 Network and MAC; IEEE 802.1 and 802.3 LLC and MAC; IEEE 802.2 and 802.3

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: OSI layer is the data link layer. The data link layer is divided into two functional sublayers: the Logical Link Control (LLC) and the Media Access Control (MAC). The IEE LLC specification for Ethernet is defined in the IEEE 802.2 standard, while the IEEE MAC specification for Ethernet is 802.3 Incorrect Answers: A: LLC is not a sublayer of OSI layer 2. B: LLC is not a sublayer of OSI layer 2. C: Network is not a sublayer of OSI layer 2. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 528 http://en.wikipedia.org/wiki/OSI_model QUESTION 750 Which of the following is TRUE related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network.

CISSP

B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other. Correct Answer: A Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. Incorrect Answers: B: Sniffers do not alter the source address of a computer to disguise and exploit weak authentication methods. This describes IP spoofing. C: Sniffers do not take over network connections. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login. D: Sniffers do not send IP fragments to a system that overlap with each other. This describes a Malformed Packet attack. Malformed Packet attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets. References: http://www.techopedia.com/definition/4113/sniffer QUESTION 751 The Loki attack exploits a covert channel using which network protocol? A. B. C. D.

TCP PPP ICMP SMTP

Correct Answer: C Section: Communication and Network Security Explanation Explanation/Reference: Explanation: The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up back doors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion “listens” on a port, which is the back door an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a

CISSP

payload. Incorrect Answers: A: A Loki attack uses ICMP, not TCP. B: A Loki attack uses ICMP, not PPP. D: A Loki attack uses ICMP, not SMTP. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 585 QUESTION 752 In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the BEST choice below. A. B. C. D.

Network Address Translation Network Address Hijacking Network Address Supernetting Network Address Sniffing

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Network address hijacking allows an attacker to reroute data traffic from a network device to a personal computer. Also referred to as session hijacking, network address hijacking enables an attacker to capture and analyze the data addressed to a target system. This allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Session hijacking involves assuming control of an existing connection after the user has successfully created an authenticated session. Session hijacking is the act of unauthorized insertion of packets into a data stream. It is normally based on sequence number attacks, where sequence numbers are either guessed or intercepted. Incorrect Answers: A: Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. This is not what is described in the question. C: Network Address Supernetting is forming an Internet Protocol (IP) network from the combination of two or more networks (or subnets) with a common Classless Inter-Domain Routing (CIDR) prefix. The new routing prefix for the combined network aggregates the prefixes of the constituent networks. This is not what is described in the question. D: Network Address Sniffing: This is another bogus choice that sounds good but does not even exist. However, sniffing is a common attack to capture cleartext passwords and information unencrypted over the network. Sniffing is accomplished using a sniffer also called a Protocol Analyzer. A network sniffer monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming. Also sometimes called "network probes" or "snoops," sniffers examine network traffic, making a copy of the data but without redirecting or altering it. References: http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm http://wiki.answers.com/Q/What_is_network_address_hijacking Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 239 QUESTION 753

CISSP

Which of the following is most affected by denial-of-service (DoS) attacks? A. B. C. D.

Confidentiality Integrity Accountability Availability

Correct Answer: D Section: Communication and Network Security Explanation Explanation/Reference: Explanation: Denial-of-service (DoS) attacks are attacks that prevent a system from processing or responding to legitimate traffic or requests for resources and objects. This type of attack makes the system unavailable. Incorrect Answers: A: Denial-of-service (DoS) attack main effect is not confidentiality, it is availability. B: Denial-of-service (DoS) attack main effect is not integrity, it is availability. C: Denial-of-service (DoS) attack main effect is not integrity, it is accountability. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 64 QUESTION 754 Which conceptual approach to intrusion detection system is the MOST common? A. B. C. D.

Behavior-based intrusion detection Knowledge-based intrusion detection Statistical anomaly-based intrusion detection Host-based intrusion detection

Correct Answer: B Section: Communication and Network Security Explanation Explanation/Reference: Explanation: An IDS can detect malicious behavior using two common methods. One way is to use knowledge-based detection which is more frequently used. The second detection type is behavior-based detection. Incorrect Answers: A: behavior-based detection is less common compared to knowledge-based detection. C: A Statistical anomaly-based IDS is a behavioral-based system. D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional approaches are knowledge-based detection and behavior-based detection. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56 QUESTION 755 Which one of the following authentication mechanisms creates a problem for mobile users? A. Mechanisms based on IP addresses

CISSP

B. Mechanism with reusable passwords C. One-time password mechanism. D. Challenge response mechanism. Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Mobile users can receive different IP address as they connect to different internet access points. This causes authentication problems. The mobile IP technology addresses this problem. It allows a user to move from one network to another and still use the same IP address. Incorrect Answers: B: Reusable passwords present no problem for mobile users. C: One-time passwords work fine for mobile users. D: Challenge response authentication gives mobile users no specific problems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 238 QUESTION 756 Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what? A. B. C. D.

Authenticity Authorization Availability Non-Repudiation

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Authenticity is a close relative of authentication. Authenticity is the process of ensuring that a message received is the same message that was sent and has not been tampered with or altered. Lawyers, as a real-world case in point, are fanatical about ensuring that evidence is authentic and has not been tampered with or altered in any way to ensure a fair hearing for the accused. Incorrect Answers: B: Authorization is the rights and permissions granted to an individual (or process), which enable access to a computer resource. Once a user’s identity and authentication are established, authorization levels determine the extent of system rights that an operator can hold. This is not what is described in the question. C: Availability ensures the reliable and timely access to data or computing resources by the appropriate personnel. In other words, availability guarantees that the systems are up and running when they are needed. In addition, this concept guarantees that the security services needed by the security practitioner are in working order. This is not what is described in the question. D: Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. This is not what is described in the question. References: http://www.yourdictionary.com/authenticity QUESTION 757 CISSP

You wish to make use of "port knocking" technologies. How can you BEST explain this? A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. B. Port knocking is where the user calls the server operator to have him start the service he wants to connect to. C. This is where all the ports are open on the server and the connecting client scans the open port to which he wants to connect to see if it's open and running. D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the other key to decrypt the port sequence. Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Port knocking is an authentication method used by network administrators to control access to computers or other network devices behind a firewall. Port knocking takes advantage of firewall rules to allow a client who knows the "secret knock" to enter the network through a particular port by performing a sequence of connection attempts (called a knock sequence). The correct knock sequence for any given port is created for specific IP addresses by the network administrator. A small program called a daemon monitors the firewall log files for connection requests and determines whether or not a client seeking the network is on the list of approved IP addresses and has performed the correct knock sequence. If the answer is yes, it opens the associated port and allows access. Of course, if unauthorized personnel discover the knock sequence, then they, too, can gain access. Incorrect Answers: B: Port knocking is not where the user calls the server operator to have him start the service he wants to connect to. C: Port knocking is not where all the ports are open on the server and the connecting client scans the open port to which he wants to connect to see if it's open and running. D: Port knocking is not where the port sequence is encrypted with 3DES and only the server has the other key to decrypt the port sequence. References: http://whatis.techtarget.com/definition/port-knocking http://www.portknocking.org/ QUESTION 758 Of the seven types of Access Control Categories, which is described as such? Designed to specify rules of acceptable behavior in the organization. Example: Policy stating that employees may not spend time on social media websites A. B. C. D.

Directive Access Control Deterrent Access Control Preventive Access Control Detective Access Control

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A directive access control is deployed to direct the actions of subject to encourage compliance with security policies. CISSP

Policies stating rules of acceptable behavior in the organization are directives. Therefore, they are known as Directive Access Controls. Incorrect Answers: B: Deterrent Access Controls are intended to discourage a potential attacker. This is not what is described in the question. C: Preventive Access Controls are intended to prevent an incident from occurring. This is not what is described in the question. D: Detective Access Controls help identify an incident’s activities and potentially an intruder. This is not what is described in the question. QUESTION 759 Which access control method allows the data owner (the person who created the file) to control access to the information they own? A. B. C. D.

DAC - Discretionary Access Control MAC - Mandatory Access Control RBAC - Role-Based Access Control NDAC - Non-Discretionary Access Control

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Access in a DAC model is restricted based on the authorization granted to the users. Users are, therefore, allowed to identify the type of access that can occur to the objects they own. Incorrect Answers: B: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. C: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. D: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 http://www.answers.com/Q/What_is_Non_discretionary_access_control QUESTION 760 Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method would be BEST for this scenario? A. B. C. D.

RBAC - Role-Based Access Control MAC - Mandatory Access Control DAC - Discretionary Access Control RBAC - Rule-Based Access Control

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. CISSP

Incorrect Answers: B: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. C: Discretionary access control (DAC) is an access control model and policy that restricts access to objects according to the identity of the subjects and the groups to which those subjects belong. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 761 Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is TRUE? A. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision. B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols. C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision. Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Controls can be administrative, logical or technical, and physical. Administrative controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision. Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access control lists, and transmission protocols. Physical controls incorporate guards and building security in general, such as the locking of doors, securing of server rooms or laptops, the protection of cables, the separation of duties, and the backing up of files. Incorrect Answers: A: The controls listed in this answer are all administrative controls (including a review of vacation history). B: Technical controls DO include encryption, smart cards, access lists, and transmission protocols. D: The controls listed in this answer are all administrative controls. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 47 QUESTION 762 Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: A. through access control mechanisms that require identification and authentication and through the audit function. B. through logical or technical controls involving the restriction of access to systems and the protection of information. C. through logical or technical controls but not involving the restriction of access to systems and the protection

CISSP

of information. D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function. Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization’s security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. Incorrect Answers: B: This answer does not describe how accountability is accomplished. C: This answer does not describe how accountability is accomplished. D: This answer does not describe how accountability is accomplished. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 47 QUESTION 763 In the Bell-LaPadula model, the *-property is also called: A. B. C. D.

The simple security property The confidentiality property The confinement property The tranquility property

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The *-property ("star"-property) states that a subject in a specified security level cannot write information to a lower security level. This property is also known as the Confinement property. Incorrect Answers: A: The simple security property is only known as the simple security property. B: The *-property ("star"-property) is also known as the Confinement property, not the confidentiality property. D: The *-property ("star"-property) is also known as the Confinement property, not the tranquility property. References: http://cse.yeditepe.edu.tr/~odemir/fall2010/cse439/lecture11.pdf http://en.wikipedia.org/wiki/Biba_Model http://en.wikipedia.org/wiki/Mandatory_access_control http://en.wikipedia.org/wiki/Discretionary_access_control http://en.wikipedia.org/wiki/Clark-Wilson_model http://en.wikipedia.org/wiki/Brewer_and_Nash_model QUESTION 764 In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines

CISSP

what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on: A. B. C. D.

The society’s role in the organization The individual's role in the organization The group-dynamics as they relate to the individual's role in the organization The group-dynamics as they relate to the master-slave role in the organization

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: With Non-Discretionary Access Control, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization (role-based access control) or the subject’s responsibilities and duties (taskbased access control). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual’s role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Incorrect Answers: A: In RBAC, the access controls are based on the individual’s role in the organization, not the society’s role in the organization. C: In RBAC, the access controls are based on the individual’s role in the organization, not the group-dynamics as they relate to the individual's role in the organization. D: In RBAC, the access controls are based on the individual’s role in the organization, not the group-dynamics as they relate to the master-slave role in the organization. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 48 QUESTION 765 In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because: A. B. C. D.

people need not use discretion the access controls are based on the individual's role or title within the organization. the access controls are not based on the individual's role or title within the organization the access controls are often based on the individual's role or title within the organization

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: With Non-Discretionary Access Control, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization (role-based access control) or the subject’s responsibilities and duties (taskbased access control). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual’s role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Incorrect Answers: A: People not needing to use discretion is not the reason RBAC is useful in an organization where there are frequent personnel changes. CISSP

C: With RBAC, the access controls ARE based on the individual's role or title within the organization. D: With RBAC, the access controls are ALWAYS based on the individual's role or title within the organization. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 48 http://csrc.nist.gov/groups/SNS/rbac/ QUESTION 766 Which of the following are additional access control objectives? A. B. C. D.

Consistency and utility Reliability and utility Usefulness and utility Convenience and utility

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Controlling access to information systems and associated networks is necessary for the preservation of their confidentiality, integrity, and availability. Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Integrity ensures the consistency of data. Availability assures that a system’s authorized users have timely and uninterrupted access to the information in the system. The additional access control objectives are reliability and utility. Incorrect Answers: A: Consistency is not one of the defined additional access control objectives. C: Usefulness is not one of the defined additional access control objectives. D: Convenience is not one of the defined additional access control objectives. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 46 QUESTION 767 Which of the following access control techniques BEST gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure? A. B. C. D.

Access control lists Discretionary access control Role-based access control Non-mandatory access control

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Role-based access control (RBAC) is a model where access to resources is determines by job role rather than by user account. Hierarchical RBAC allows the administrator to set up an organizational RBAC model that maps to the organizational structures and functional delineations required in a specific environment. This is very useful since businesses are already set up in a personnel hierarchical structure. In most cases, the higher you are in CISSP

the chain of command, the more access you will most likely have. Role relation defines user membership and privilege inheritance. For example, the nurse role can access a certain amount of files, and the lab technician role can access another set of files. The doctor role inherits the permissions and access rights of these two roles and has more elevated rights already assigned to the doctor role. So hierarchical is an accumulation of rights and permissions of other roles. Reflects organizational structures and functional delineations. Incorrect Answers: A: Access control lists form the basis of access control; they determine who can access what. However, “access control lists” on its own is not a model that maps to the organizational structures and functional delineations required in a specific environment. B: Discretionary access control is a model where the subjects must have the discretion to specify what resources certain users are permitted to access. This is not a model that maps to the organizational structures and functional delineations required in a specific environment. D: Non-mandatory access control is not a defined access control model. It would imply any access model that is not mandatory access control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 224-226 QUESTION 768 Which access control model was proposed for enforcing access control in government and military applications? A. B. C. D.

Bell-LaPadula model Biba model Sutherland model Brewer-Nash model

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The Bell–LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g., "Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public"). Incorrect Answers: B: The Biba Model describes a set of access control rules designed to ensure data integrity. It is not used for enforcing access control in government and military applications. C: The Sutherland model is an information flow model. It is not used for enforcing access control in government and military applications. D: The Brewer and Nash Model deals with conflict of interest. It is not used for enforcing access control in government and military applications. References: https://en.wikipedia.org/wiki/Bell–LaPadula_model QUESTION 769 Which access control model achieves data integrity through well-formed transactions and separation of duties? A. Clark-Wilson model

CISSP

B. Biba model C. Non-interference model D. Sutherland model Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties. When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her company’s database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database. This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP. The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of Duties. The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures. Incorrect Answers: B: The Biba Model describes a set of access control rules designed to ensure data integrity. However, it does not achieve data integrity through well-formed transactions and separation of duties. C: The Non-interference model is not an integrity model. D: The Sutherland model is not an integrity model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 370-377 QUESTION 770 Which of the following statements pertaining to access control is FALSE? A. B. C. D.

Users should only access data on a need-to-know basis. If access is not explicitly denied, it should be implicitly allowed. Access rights should be granted based on the level of trust a company has on a subject. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: This answer is false as access control mechanisms should default to no access. The correct statement is that if access is not explicitly allowed, it should be implicitly denied. Incorrect Answers:

CISSP

A, C: Access rights should be granted to users based on their level of trust and their need-to-know. D: Using roles is an effective method of assigning rights to a certain user who executes a specific task. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 203-206 QUESTION 771 The steps of an access control model should follow which logical flow: A. B. C. D.

Authorization, Identification, authentication Identification, accountability, authorization Identification, authentication, authorization Authentication, Authorization, Identification

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: For a user to be able to access a resource, he first must prove he is who he claims to be, has the necessary credentials, and has been given the necessary rights or privileges to perform the actions he is requesting. Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to be. Identification can be provided with the use of a username or account number. To be properly authenticated, the subject is usually required to provide a second piece to the credential set. This piece could be a password, passphrase, cryptographic key, personal identification number (PIN), anatomical attribute, or token. These two credential items are compared to information that has been previously stored for this subject. If these credentials match the stored information, the subject is authenticated. But we are not done yet. Once the subject provides its credentials and is properly identified, the system it is trying to access needs to determine if this subject has been given the necessary rights and privileges to carry out the requested actions. The system will look at some type of access control matrix or compare security labels to verify that this subject may indeed access the requested resource and perform the actions it is attempting. If the system determines that the subject may access the resource, it authorizes the subject. Incorrect Answers: A: A user (or other entity) must be must be identified and authentication before he can be authorized. B: This answer does not include authentication which is key to access control. D: A user (or other entity) must be must be identified before he can be authenticated and then authorized. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 160 QUESTION 772 What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? A. B. C. D.

Mandatory model Discretionary model Lattice model Rule model

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the CISSP

lattice model is “a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.” Two methods are commonly used for applying mandatory access control: Rule-based (or label-based) access control: This type of control further defines specific conditions for access to a requested object. A Mandatory Access Control system implements a simple form of rule-based access control to determine whether access should be granted or denied by matching: - An object's sensitivity label - A subject's sensitivity label Lattice-based access control: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. Incorrect Answers: A: The model described in the question is a type of mandatory access control. However, the Lattice Model is specifically described in the question. B: A discretionary model is not what is described in the question. D: A rule model is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 381 https://en.wikipedia.org/wiki/Computer_access_control QUESTION 773 Which access control model is also called Non-Discretionary Access Control (NDAC)? A. B. C. D.

Lattice based access control Mandatory access control Role-based access control Label-based access control

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. This type of access control can be role based or rule based, as both of these prevents users from making access decisions based upon their own discretion. Incorrect Answers: A: Lattice-based Access control is known as a label-based access control, or rule-based access control restriction. B: Mandatory Access control is based on a security label system D: Label-based access control uses one or more security labels to control who has read access or write access to individual rows and columns in a table References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control http://www.drdobbs.com/understanding-label-based-access-control/199201852 QUESTION 774 Which access model is most appropriate for companies with a high employee turnover? A. Role-based access control B. Mandatory access control

CISSP

C. Lattice-based access control D. Discretionary access control Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Role-based access control (RBAC) model is the BEST system for a company whose staff renewal rate is high. For example, if an employee who is mapped to a certain role leaves the company, then his replacement can be easily mapped to this role. This results in the administrator not having to continually change the ACLs on the individual objects. Incorrect Answers: B: Mandatory Access control is considered nondiscretionary and is based on a security label system C: Lattice-based Access control is known as a label-based access control, or rule-based access control restriction. D: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control QUESTION 775 Which of the following is NOT part of the Kerberos authentication protocol? A. B. C. D.

Symmetric key cryptography Authentication service (AS) Principals Public Key

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is based on symmetric key cryptography, not asymmetric key cryptography, which is also called public and private keys. Incorrect Answers: A: Kerberos is based on symmetric key cryptography. B: The authentication service is the part of the KDC that authenticates a principal C: Principals can be users, applications, or network services that receive security services from the KDC. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213, 782 QUESTION 776 What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? A. A capability table B. An access control list C. An access control matrix

CISSP

D. A role-based matrix Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Access control lists defines subjects that are authorized to access a specific object, and includes the level of authorization that subjects are granted. Incorrect Answers: A: A capability table stipulates the access rights that a specified subject has in relation to detailed objects. C: An access control matrix is a table of subjects and objects that specifies the actions individual subjects can take upon individual objects. D: A role-based matrix is not a valid answer with regards to this question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 229-231 QUESTION 777 What is the difference between Access Control Lists (ACLs) and Capability Tables? A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object. B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject. C. Capability tables are used for objects whereas access control lists are used for users. D. They are basically the same. Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A capability table stipulates the access rights that a specified subject has in relation to detailed objects. Access control lists defines subjects that are authorized to access a specific object, and includes the level of authorization that subjects are granted. Therefore, the difference between the two is that the subject is bound to the capability table, while the object is bound to the ACL. Incorrect Answers: A: This is incorrect as access control lists are related/attached to an object, and capability tables are related/ attached to a subject. C: This is incorrect as access control lists are used for objects, and capability tables are for subjects. D: access control lists and capability tables are not basically the same because one is bound to objects, and the other is bound to subjects. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 229-231 QUESTION 778 What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects? A. A capacity table B. An access control list

CISSP

C. An access control matrix D. A capability table Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: An access control matrix is a table of subjects and objects that specifies the actions individual subjects can take upon individual objects. Incorrect Answers: A: A capacity table is not valid with regards to the context of this question. B: Access control lists define subjects that are authorized to access a specific object, and includes the level of authorization that subjects are granted. D: A capability table stipulates the access rights that a specified subject has in relation to detailed objects. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 229-231 QUESTION 779 Which access control model is BEST suited in an environment where a high security level is required and where it is desired that only the administrator grants access control? A. B. C. D.

DAC MAC Access control matrix TACACS

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: MAC systems are generally very specialized and are used to protect highly classified data. Users require the correct security clearance to access a specific classification of data. Incorrect Answers: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. C: An access control matrix is a table of subjects and objects indicating the actions individual subjects are allowed to take on individual objects. D: TACACS is a remote access protocol, not an access control model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-237 QUESTION 780 Which of the following questions is LESS likely to help in assessing identification and authentication controls? A. B. C. D.

Is a current list maintained and approved of authorized users and their access? Are passwords changed at least every ninety days or earlier if needed? Are inactive user identifications disabled after a specified period of time? Is there a process for reporting incidents?

CISSP

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational control) than to identification and authentication (technical control). QUESTION 781 Which access control model provides upper and lower bounds of access capabilities for a subject? A. B. C. D.

Role-based access control Lattice-based access control Biba access control Content-dependent access control

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Lattice-based access control is a mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. Every pair of elements has a highest lower bound and a lowest upper bound of access rights. Incorrect Answers: A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. C: Biba is a security model, rather than an access control model. It centers on preventing information from flowing from a low integrity level to a high integrity level D: Content-dependent access control is when the access decisions depend upon the value of an attribute of the object itself. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 224, 377, G-9 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.5365 QUESTION 782 What physical characteristic does a retinal scan biometric device measure? A. B. C. D.

The amount of light reaching the retina The amount of light reflected by the retina The pattern of light receptors at the back of the eye The pattern of blood vessels at the back of the eye

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A retinal scan is a biometric technique that uses the unique patterns on a person's retina blood vessels. The human retina is a thin tissue composed of neural cells that is located in the posterior portion of the eye.

CISSP

Because of the complex structure of the capillaries that supply the retina with blood, each person's retina is unique. The network of blood vessels in the retina is not entirely genetically determined and thus even identical twins do not share a similar pattern. Although retinal patterns may be altered in cases of diabetes, glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death. Due to its unique and unchanging nature, the retina appears to be the most precise and reliable biometric, aside from DNA. The National Center for State Courts estimate that retinal scanning has an error rate of one in ten million. A retinal scan is performed by casting an unperceived beam of low-energy infrared light into a person’s eye as they look through the scanner's eyepiece. This beam of light traces a standardized path on the retina. Because retinal blood vessels absorb light more readily than the surrounding tissue, the amount of reflection varies during the scan. The pattern of variations is digitized and stored in a database. Incorrect Answers: A: A retinal scan does not measure the amount of light reaching the retina. Therefore, this answer is incorrect. B: A retinal scan does not measure the amount of light reflected by the retina. Therefore, this answer is incorrect. C: A retinal scan does not measure the pattern of light receptors at the back of the eye. Therefore, this answer is incorrect. References: https://en.wikipedia.org/wiki/Retinal_scan QUESTION 783 What is the main concern with single sign-on? A. B. C. D.

Maximum unauthorized access would be possible if a password is disclosed. The security administrator's workload would increase. The users' password would be too hard to remember. User access rights would be increased.

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A major concern with Single Sign-On (SSO) is that if a user's ID and password are compromised, the intruder would have access to all the systems that the user was authorized for. Incorrect Answers: B: Since the security administrator would not be responsible for maintaining multiple user accounts just the one, the security administrator's workload would decrease and not increase. C: Since users would only have one password to remember, it would not be hard. D: User access rights would not be any different than if they had to log into systems manually. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 207-209 QUESTION 784 In the context of access control, locks, gates, guards are examples of which of the following? A. B. C. D.

Administrative controls Technical controls Physical controls Logical controls

Correct Answer: C Section: Identity and Access Management CISSP

Explanation Explanation/Reference: Explanation: Physical controls are items put into place to protect facility, personnel, and resources. These include guards, locks, fencing, and lighting. Incorrect Answers: A: Administrative controls include Security policy, Monitoring and Supervising, Separation of duties, Job rotation, Information Classification, Personnel Procedures, Testing, and Security-awareness training. B, D: Technical controls, which are also known as logical controls, are software or hardware components such as firewalls, IDS, encryption, identification and authentication mechanisms. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 32, 33 QUESTION 785 Access Control techniques do NOT include which of the following? A. B. C. D.

Relevant Access Controls Discretionary Access Control Mandatory Access Control Lattice Based Access Control

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Relevant Access Controls is not a valid Access Control model. Incorrect Answers: B: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. C: Mandatory Access control is considered nondiscretionary and is based on a security label system. D: Lattice-based Access control is known as a label-based access control, or rule-based access control restriction. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control https://en.wikipedia.org/wiki/Computer_access_control QUESTION 786 A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: A. B. C. D.

Mandatory Access Control Discretionary Access Control Non-Discretionary Access Control Rule-based Access control

Correct Answer: C Section: Identity and Access Management Explanation

CISSP

Explanation/Reference: Explanation: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. Incorrect Answers: A: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. B: Discretionary access control (DAC) is an access control model and policy that restricts access to objects according to the identity of the subjects and the groups to which those subjects belong. D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 787 Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A. B. C. D.

Preventive/Administrative Pairing Preventive/Technical Pairing Preventive/Physical Pairing Detective/Technical Pairing

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Technical controls, which are also known as logical controls, are software or hardware components, such as firewalls, IDS, encryption, identification and authentication mechanisms. Preventive/Technical controls include the following: Passwords, biometrics, smart cards Encryption, secure protocols, call-back systems, database views, constrained user interfaces Antimalware software, access control lists, firewalls, intrusion prevention Incorrect Answers: A: Technical controls are also known as logical controls, not Administrative controls. C: Technical controls are also known as logical controls, not Physical controls. D: Detective/Technical controls include Audit logs and IDS. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28-33 QUESTION 788 Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control? A. B. C. D.

Discretionary Access Control (DAC) Mandatory Access control (MAC) Non-Discretionary Access Control (NDAC) Lattice-based Access control

Correct Answer: C Section: Identity and Access Management CISSP

Explanation Explanation/Reference: Explanation: Rule-based access control is considered nondiscretionary because the users cannot make access decisions based upon their own discretion. Incorrect Answers: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. B: Mandatory Access control is considered nondiscretionary and is based on a security label system D: Lattice-based Access control is known as a label-based access control, or rule-based access control restriction. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control QUESTION 789 The type of discretionary access control (DAC) that is based on an individual's identity is also called: A. B. C. D.

Identity-based Access control Rule-based Access control Non-Discretionary Access Control Lattice-based Access control

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. Incorrect Answers: B: Rule-based Access control is based on rules. C: Non-Discretionary Access Control does not allow access based on discretion. D: Lattice-based Access control is a type of label-based mandatory access control model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 https://en.wikipedia.org/wiki/Lattice-based_access_control QUESTION 790 Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy? A. B. C. D.

Mandatory Access Control Discretionary Access Control Non-Discretionary Access Control Rule-based Access control

Correct Answer: C Section: Identity and Access Management Explanation

CISSP

Explanation/Reference: Explanation: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network. This type of access control can be role based or rule based, as both of these prevents users from making access decisions based upon their own discretion. Incorrect Answers: A: Mandatory Access Control is based on a security label system. B: Discretionary Access control is based on identity. D: Rule Based Access Control is based on rules. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 http://www.answers.com/Q/What_is_Non_discretionary_access_control https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/ Access_Control_Systems#Non_Discretionary_or_Role_Based_Access_Control QUESTION 791 A periodic review of user account management should NOT determine: A. B. C. D.

conformity with the concept of least privilege. whether active accounts are still being used. strength of user-chosen passwords. whether management authorizations are up-to-date.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Organizations should have a process for (1) requesting, establishing, issuing, and closing user accounts; (2) tracking users and their respective access authorizations; and (3) managing these functions. Reviews should examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up-to-date, whether required training has been completed, and so forth. These reviews can be conducted on at least two levels: (1) on an application-by-application basis, or (2) on a system wide basis. The strength of user passwords is beyond the scope of a simple user account management review, since it requires specific tools to try and crack the password file/database through either a dictionary or brute-force attack in order to check the strength of passwords. Incorrect Answers: A: A periodic review of user account management should determine conformity with the concept of least privilege. B: A periodic review of user account management should determine whether active accounts are still being used. D: A periodic review of user account management should determine whether management authorizations are up-to-date. QUESTION 792 Which of the following access control models requires security clearance for subjects? A. Identity-based access control B. Role-based access control C. Discretionary access control

CISSP

D. Mandatory access control Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object. Incorrect Answers: A: Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject. B: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned. C: Access in a DAC model is restricted based on the authorization granted to the users. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228 QUESTION 793 Which of the following statements pertaining to Kerberos is TRUE? A. B. C. D.

Kerberos uses public key cryptography. Kerberos uses X.509 certificates. Kerberos is a credential-based authentication system. Kerberos was developed by Microsoft.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos uses symmetric key cryptography and provides end-to-end security. Although it allows the use of passwords for authentication, it was designed specifically to eliminate the need to transmit passwords over the network. Most Kerberos implementations work with shared secret keys. Kerberos uses a credential-based mechanism as the basis for identification and authentication. Kerberos credentials are referred to as tickets. Incorrect Answers: A: Kerberos does not use public key cryptography (asymmetric); it uses symmetric key cryptography. B: Kerberos does not use X.509 certificates. X.509 certificates are used in public key cryptography. D: Kerberos was not developed by Microsoft; it was developed in the mid-1980s as part of MIT’s Project Athena. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 209 QUESTION 794 Which of the following statements pertaining to using Kerberos without any extension is FALSE? A. B. C. D.

A client can be impersonated by password-guessing. Kerberos is mostly a third-party authentication protocol. Kerberos uses public key cryptography. Kerberos provides robust authentication.

CISSP

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Because a client’s password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client. Kerberos does not use public key cryptography (asymmetric); it uses symmetric key cryptography. Incorrect Answers: A: It is true that a client can be impersonated by password-guessing. B: It is true that Kerberos is mostly a third-party authentication protocol. D: It is true that Kerberos provides robust authentication. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 64 http://www.ietf.org/rfc/rfc4556txt QUESTION 795 Which of the following services is provided by S-RPC? A. B. C. D.

Availability Accountability Integrity Authentication

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Secure Remote Procedure Call (S- RPC) is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems. Incorrect Answers: A: S-RPC provides authentication, not availability. B: S-RPC provides authentication, not accountability. C: S-RPC provides authentication, not integrity. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 1419 QUESTION 796 A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is called: A. B. C. D.

Contact Smart Cards Contactless Smart Cards Hybrid Cards Combi Cards

CISSP

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A smart Card that has two chips with the ability of utilizing both Contact and Contactless formats is called a combi card. Incorrect Answers: A: Contact Smart Cards are not configured for the Contactless format. B: Contactless Smart Cards are not configured for the Contact format C: The hybrid card makes use of two CPU chips for processing and includes both contact-oriented and contactless components. D: The combi-card is similar to the hybrid card, but it only uses a single CPU chip for the processing. References: Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, p. 82 http://www.smartcardalliance.org/pages/smart-cards-intro-primer QUESTION 797 The BEST technique to authenticate to a system is to: A. B. C. D.

establish biometric access through a secured server or Web site. ensure the person is authenticated by something he knows and something he has. maintain correct and accurate ACLs (access control lists) to allow access to applications. allow access only through user ID and password.

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: This is a tricky question. Normally, biometrics is the preferred answer as it is a more secure means of authentication than even multi-factor authentication. However, you would not establish biometric access through a secured server or Web site. Therefore, the answer must be “Ensure the person is authenticated by something he knows and something he has”. This is an example of two-factor authentication. Incorrect Answers: A: You would not establish biometric access through a secured server or Web site. C: Maintain correct and accurate ACLs is always a good idea. However, this provides no authentication solution as required by the question. D: A user ID and password is single-factor authentication. The user ID and the password are both “something you QUESTION 798 Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? A. B. C. D.

Palm Scan Hand Geometry Fingerprint Retina scan

Correct Answer: D Section: Identity and Access Management

CISSP

Explanation Explanation/Reference: Explanation: A system that reads a person’s retina scans the blood-vessel pattern of the retina on the backside of the eyeball. This pattern has shown to be extremely unique between different people. A camera is used to project a beam inside the eye and capture the pattern and compare it to a reference file recorded previously. Acceptability in terms of biometric systems refers to considerations of privacy, invasiveness, and psychological and physical comfort when using the system. For example, a concern with retina scanning systems may be the exchange of body fluids on the eyepiece or the feeling that a retinal scan could be harmful to the eye. Another concern would be the retinal pattern that could reveal changes in a person’s health, such as diabetes or high blood pressure. Incorrect Answers: A: While requiring contact with a surface shared by others, a palm scan is generally considered more acceptable than sharing a surface with other parts of the anatomy. Therefore, this answer is incorrect. B: A Hand Geometry scan is less accurate and more acceptable than a retina scan. Therefore, this answer is incorrect. C: A fingerprint scan is more acceptable to users than a retina scan. Users are much more likely to prefer placing their fingers on a fingerprint scanner than looking into a retina scanner. Therefore, this answer is incorrect. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 60 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 191 QUESTION 799 Identity Management solutions include such technologies as Directories services, Single Sign-On and Web Access management. There are many reasons for management to choose an identity management solution. Which of the following is a key management challenge regarding identity management solutions? A. B. C. D.

Increasing the number of points of failures. Users will no longer be able to “recycle” their password for different applications. Costs increase as identity management technologies require significant resources. It must be able to scale to support high volumes of data and peak transaction rates.

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Identity management is the combination of business process and technology used to manage data on IT systems and applications about users. Managed data includes user objects, identity attributes, security entitlements and authentication factors. Enterprises manage identity data about two broad kinds of users: Insiders: including employees and contractors. They often access multiple internal systems and their identity profiles are relatively complex. Outsiders: including customers, partners and vendors. There are normally many more outsiders than insiders. One of the challenges presented by Identity management is scalability. Enterprises manage user profile data for large numbers of people. There may be tens of thousands of insiders and hundreds of thousands of outsiders. Any identity management system used in this environment must scale to support the data volumes and peak transaction rates produced by large user populations.

CISSP

Incorrect Answers: A: Increasing the number of points of failures is not key management challenge regarding identity management solutions. There should be no single points of failure but this would be more of a concern for the IT department than management. B: Users not being able to “recycle” their password for different applications is not a concern for management. C: A working scalable identity management system is more important to management than the cost. The resource requirement for identity management technologies is not that much when compared to the cost of other systems. References: http://hitachi-id.com/password-manager/docs/defining-enterprise-identity-management.html QUESTION 800 When submitting a passphrase for authentication, the passphrase is converted into: A. B. C. D.

a virtual password by the system. a new passphrase by the system. a new passphrase by the encryption technology a real password by the system which can be used forever.

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A passphrase is a sequence of characters that is longer than a password. The user enters this phrase into an application, and the application transforms the value into a virtual password, making the passphrase the length and format that is required by the application. (For example, an application may require your virtual password to be 128 bits to be used as a key with the AES algorithm.) If a user wants to authenticate to an application, such as Pretty Good Privacy (PGP), he types in a passphrase, let’s say StickWithMeKidAndYouWillWearDiamonds. The application converts this phrase into a virtual password that is used for the actual authentication. A passphrase is more secure than a password because it is longer, and thus harder to obtain by an attacker. In many cases, the user is more likely to remember a passphrase than a password. Incorrect Answers: B: The passphrase is not converted into a new passphrase by the system. C: The passphrase is not converted into a new passphrase by the encryption technology. D: The passphrase is not converted into a real password by the system which can be used forever. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 199 http://www.itl.nist.gov/fipspubs/fip112htm QUESTION 801 Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences? A. B. C. D.

Extensible Authentication Protocol Challenge Handshake Authentication Protocol Remote Authentication Dial-In User Service Multilevel Authentication Protocol.

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: CISSP

Explanation: Extensible Authentication Protocol (EAP) is defined as: A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences. The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Incorrect Answers: B: The definition in the question does not describe Challenge Handshake Authentication Protocol. C: The definition in the question does not describe Remote Authentication Dial-In User Service. D: The definition in the question does not describe Multilevel Authentication Protocol. References: http://www.sans.org/security-resources/glossary-of-terms/?pass=e http://searchsecurity.techtarget.com/definition/Extensible-Authentication-Protocol-EAP QUESTION 802 The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the range of: A. B. C. D.

100 subjects per minute. 25 subjects per minute. 10 subjects per minute. 50 subjects per minute.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrollment time, the throughput rate, and acceptability. The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a system. Acceptable throughput rates are in the range of 10 subjects per minute. Incorrect Answers: A: 100 subjects per minute is just over half a second per user. This is way faster than is necessary. B: 25 subjects per minute is less than 3 seconds per user. This is faster than necessary as people using a biometric scanner would not use it that quickly. D: 50 subjects per minute is just over one second per user. This is faster than necessary as people using a biometric scanner would not use it that quickly. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 59 QUESTION 803 Which of the following biometric parameters are better suited for authentication use over a long period of time? A. B. C. D.

Iris pattern Voice pattern Signature dynamics Retina pattern

CISSP

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Of the answers given, the iris is the least likely to change over a long period of time which makes the iris pattern better suited for authentication use over a long period of time. The iris is the colored portion of the eye that surrounds the pupil. The iris has unique patterns, rifts, colors, rings, coronas, and furrows. The uniqueness of each of these characteristics within the iris is captured by a camera and compared with the information gathered during the enrollment phase. Of the biometric systems, iris scans are the most accurate. The iris remains constant through adulthood, which reduces the type of errors that can happen during the authentication process. Incorrect Answers: B: A person’s voice pattern is less suited for authentication use over a long period of time because the voice pattern can change over time. C: A person’s signature is less suited for authentication use over a long period of time because the signature can change over time. D: A person’s retina pattern is less suited for authentication use over a long period of time because the retina pattern can change over time and can be changed by illnesses such as Diabetes. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 191 QUESTION 804 Which of the following is NOT a disadvantage of Single Sign On (SSO)? A. B. C. D.

Support for all major operating system environment is difficult The cost associated with SSO development can be significant SSO could be single point of failure and total compromise of an organization asset SSO improves an administrator's ability to manage user's account and authorization to all associated system

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Single sign-on (SSO) gives the administrator the ability to streamline user accounts and better control access rights. It, therefore, improves an administrator's ability to manage users and user configurations to all associated systems. Incorrect Answers: A: A disadvantage of SSO is that insufficient software solutions accommodate all major operating system environments. A mix of solutions must, therefore, be adapted to the enterprise's IT architecture and strategic direction. B: A disadvantage of SSO is that considerable interface development and maintenance may be required, which could be costly. C: SSO could be single point of failure and total compromise of an organization asset. This means that that if an attacker uncovers a credential set, the attacker would have access to every resource within the environment that the compromised account has access to. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 207-209 QUESTION 805 Another type of access control is lattice-based access control. In this type of control a lattice model is applied. CISSP

How is this type of access control concept applied? A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed. B. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed. C. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice. D. The pair of elements is the subject and object, and the subject has no access rights in relation to an object. Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A lattice is a mathematical construct that is built upon the notion of a group. The most common definition of the lattice model is “a structure consisting of a finite partially ordered set together with least upper and greatest lower bound operators on the set.” Two methods are commonly used for applying mandatory access control: Rule-based (or label-based) access control: This type of control further defines specific conditions for access to a requested object. A Mandatory Access Control system implements a simple form of rule-based access control to determine whether access should be granted or denied by matching: - An object's sensitivity label - A subject's sensitivity label Lattice-based access control: These can be used for complex access control decisions involving multiple objects and/or subjects. A lattice model is a mathematical structure that defines greatest lower-bound and least upper-bound values for a pair of elements, such as a subject and an object. Incorrect Answers: B: The subject’s upper bound must be equal or higher, not lower than the upper bound of the object being accessed. C: The subject must have an upper bound. D: The subject must have access rights determined by an upper bound. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 381 https://en.wikipedia.org/wiki/Computer_access_control http://en.wikipedia.org/wiki/Lattice-based_access_control QUESTION 806 In the context of Biometric authentication, there is a quick way to compare the accuracy of devices. In general, the devices that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices? A. B. C. D.

the CER is used. the FRR is used the FAR is used the FER is used

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: There are three main performance measures in biometrics. These measures are as follows: False Rejection Rate (FRR) or Type I Error. The percentage of valid subjects that are falsely rejected. CISSP

False Acceptance Rate (FAR) or Type II Error. The percentage of invalid subjects that are falsely accepted. Crossover Error Rate (CER). The percent in which the False Rejection Rate equals the False Acceptance Rate. Almost all types of detection permit a system’s sensitivity to be increased or decreased during an inspection process. If the system’s sensitivity is increased, such as in an airport metal detector, the system becomes increasingly selective and has a higher FRR. Conversely, if the sensitivity is decreased, the FAR will increase. Thus, to have a valid measure of the system performance, the CER is used. Incorrect Answers: B: FRR is the percentage of valid subjects that are falsely rejected. It is not used to compare accuracy of biometric devices. C: FAR is the percentage of invalid subjects that are falsely accepted. It is not used to compare accuracy of biometric devices. D: FER is not used to compare accuracy of biometric devices. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 59 https://en.wikipedia.org/wiki/Biometrics QUESTION 807 Which of the following biometric devices has the lowest user acceptance level? A. B. C. D.

Retina Scan Fingerprint scan Hand geometry Signature recognition

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Acceptability in terms of biometric systems refers to considerations of privacy, invasiveness, and psychological and physical comfort when using the system. For example, a concern with retina scanning systems may be the exchange of body fluids on the eyepiece or the feeling that a retinal scan could be harmful to the eye. Another concern would be the retinal pattern that could reveal changes in a person’s health, such as diabetes or high blood pressure. Incorrect Answers: A: While requiring contact with a surface shared by others, a fingerprint scan is generally considered more acceptable than sharing a surface with other parts of the anatomy. B: While requiring contact with a surface shared by others, a hand geometry scan is generally considered more acceptable than sharing a surface with other parts of the anatomy. C: A signature does not involve contact with a surface shared by others and is therefore more acceptable than other biometric methods. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 60 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 191 https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy QUESTION 808 Which of the following would be an example of the BEST password? A. golf001 CISSP

B. Elizabeth C. T1me4g0lF D. password Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The following four rules apply to what can be contained in a password. The more rules that are met by a password, the stronger the password is. Passwords should contain uppercase characters Passwords should contain lowercase characters Passwords should contain base 10 digits (0 through 9) Passwords should contain nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"',.?/ Further to the list above, passwords should be at least eight characters long and not include names, usernames or dictionary words. The password T1me4g0lF meets three of the above rules. It contains uppercase characters, numeric characters and lowercase characters. This is the strongest password of the options given. Incorrect Answers: A: golf001 meets only two of the password rules. It contains lowercase and numeric characters. This is not the strongest password. B: Elizabeth meets only two of the password rules. It contains lowercase and numeric characters. Furthermore, the password is a name which makes it easier to guess. This is not the strongest password. D: ‘password’ is a very weak password. It meets only one password rule (it contains lowercase letters). It is also one of the most easily guessed passwords there is. References: http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password QUESTION 809 Which of the following does NOT apply to system-generated passwords? A. B. C. D.

Passwords are harder to remember for users. If the password-generating algorithm gets to be known, the entire system is in jeopardy. Passwords are more vulnerable to brute force and dictionary attacks. Passwords are harder to guess for attackers.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Passwords that are generated by a system or a password generation tool are robust passwords in that they will contain a mix of uppercase characters, lowercase characters, numbers and non-alphanumeric characters. One of the benefits of system-generated passwords is that they are LESS (not more) vulnerable to brute force and dictionary attacks. Incorrect Answers: A: It is true that system-generated passwords are harder to remember for users. This is due to the complexity of the password. B: It is true that if the password-generating algorithm gets to be known, the entire system is in jeopardy. This is because it would be possible to crack the passwords by using the algorithm used to create the passwords. D: It is true that system-generated passwords are harder to guess for attackers. This is due to the complexity of

CISSP

the password. QUESTION 810 What is the MOST critical characteristic of a biometric identifying system? A. B. C. D.

Perceived intrusiveness Storage requirements Accuracy Scalability

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Biometrics are based on the Type 3 authentication mechanism — something you are. Biometrics are defined as an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics. The most critical characteristic of a biometric identifying system (or any other identification and authentication system) is the accuracy of the system. The system needs to ensure that the identification of the person is correct. Incorrect Answers: A: The perceived intrusiveness of a biometric system is an important consideration. Users will not be happy to use a system which is perceived to be too intrusive. However, this is not as critical as the accuracy of the system. B: The storage requirement of a biometric system is not an important consideration. Storage is cheap nowadays and biometric data does not require much storage space. D: The scalability of a biometric system could be an important consideration if the company intends to expand in the future although most biometric systems are easily scalable. However, this is not as critical as the accuracy of the system. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 58 QUESTION 811 What is considered the MOST important type of error to avoid for a biometric access control system? A. B. C. D.

Type I Error Type II Error Combined Error Rate Crossover Error Rate

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Type II Error occurs when the system accepts impostors who should be rejected. This type of error is the most dangerous type, and therefore the most important to avoid. Incorrect Answers: A: A Type I Error is when a biometric system rejects an authorized individual. It is not as dangerous as a Type II Error, and therefore not the most important to avoid. C: Combined Error Rate is not a valid type of biometric error. CISSP

D: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. It is the most important measurement when determining the system’s accuracy. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 188 QUESTION 812 How can an individual/person BEST be identified or authenticated to prevent local masquerading attacks? A. B. C. D.

User Id and password Smart card and PIN code Two-factor authentication Biometrics

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Masquerading is the term used when one user pretends to be another user. Strong authentication is the best defense against this. Authentication is based on the following three factor types: Type 1. Something you know, such as a PIN or password Type 2. Something you have, such as an ATM card or smart card Type 3. Something you are (physically), such as a fingerprint or retina scan Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification. A biometric authentication such as a fingerprint cannot be imitated which makes biometrics the best defense against masquerading attacks. Incorrect Answers: A: A user Id and password can be guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. B: A smart card can be stolen and the PIN guessed by an attacker. This is not the best identification and authentication method to prevent local masquerading attacks. C: Two-factor authentication is more secure than other methods but still less secure than biometrics. Twofactor authentication could comprise of “something you have” and “something you know”. The “something you have” such as a smart card could be stolen by an attacker and the “something you know” such as a PIN could be guessed. This is not the best identification and authentication method to prevent local masquerading attacks. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 57 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 187 QUESTION 813 What are cognitive passwords? A. B. C. D.

Passwords that can be used only once. Fact or opinion-based information used to verify an individual's identity. Password generators that use a challenge response scheme. Passphrases.

Correct Answer: B CISSP

Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Cognitive passwords refer to fact-based or opinion-based information used to verify the identity of an individual. The cognitive password enrollment process requires the answering of some questions based on the user’s life experiences. Incorrect Answers: A: Passwords that can be used only once are known as one-time passwords (OTPs). C: Password generators that use a challenge response scheme are known as asynchronous token devices. D: A passphrase is a sequence of characters that is longer than a password. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 195-199 QUESTION 814 Which of the following biometrics devices has the highest Crossover Error Rate (CER)? A. B. C. D.

Iris scan Hand geometry Voice pattern Fingerprints

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: There are three main performance measures in biometrics. These measures are as follows: False Rejection Rate (FRR) or Type I Error. The percentage of valid subjects that are falsely rejected. False Acceptance Rate (FAR) or Type II Error. The percentage of invalid subjects that are falsely accepted. Crossover Error Rate (CER). The percent in which the False Rejection Rate equals the False Acceptance Rate. Voice pattern biometrics have the highest Crossover Error Rate (CER). This is because voice patterns tend to change with the individual’s mood and health. The common cold or flu, for instance, would alter the tone and pitch of a person’s voice. Incorrect Answers: A: Iris scan biometric devices do not have the highest Crossover Error Rate (CER) due to the accuracy of an iris scan and the fact that the iris rarely changes. B: Hand geometry biometric devices do not have the highest Crossover Error Rate (CER) due to the accuracy of a hand geometry scan the fact that the hand rarely changes. D: Fingerprint biometric devices do not have the highest Crossover Error Rate (CER) due to the accuracy of fingerprint scan the fact that the fingerprint rarely changes. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 59 QUESTION 815 What is the PRIMARY use of a password? A. Allow access to files. B. Identify the user.

CISSP

C. Authenticate the user. D. Segregate various users’ accesses. Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A protected string of characters, known as a password, is used to authenticate an individual. Incorrect Answers: A: The primary use of a password is not to allow access to files, it is to authenticate an individual. B: The primary use of a password is not to identify an individual, it is to authenticate an individual. D: The primary use of a password is not to divide various user's accesses, it is to authenticate an individual. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 192 QUESTION 816 The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something: A. B. C. D.

you need. you read. you are. you do.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: There are three common factors that can be used for authentication: Something a person knows. Something a person has. Something a person is. Incorrect Answers: A, B, D: These answers are not valid classic authentication factors. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 162 QUESTION 817 An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. B. C. D.

Discretionary Access Least Privilege Mandatory Access Separation of Duties

Correct Answer: B Section: Identity and Access Management Explanation CISSP

Explanation/Reference: Explanation: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. Incorrect Answers: A: A: Discretionary Access Control (DAC) allows data owners to dictate what subjects have access to the files and resources they own. C: Mandatory Access control is based on a security label system D: Separation of Duties is a preventive administrative control that is used to make sure one person is unable to carry out a critical task alone. References: https://en.wikipedia.org/wiki/Principle_of_least_privilege Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 126, 220-228 QUESTION 818 Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these items listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? A. B. C. D.

Multi-party authentication Two-factor authentication Mandatory authentication Discretionary authentication

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Two-factor authentication provides identification of users via the combination of two different components, which could be something that the user knows, something that the user possesses or something that is inseparable from the user. Incorrect Answers: A: Multi-party authentication is not a valid term. C: Mandatory authentication is not a valid term. D: Discretionary authentication is not a valid term. References: https://en.wikipedia.org/wiki/Two-factor_authentication QUESTION 819 Legacy single sign on (SSO) is: A. Technology to allow users to authenticate to every application by entering the same user ID and password each time, thus having to remember only a single password. B. Technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals. C. A mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications. D. Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de-facto industry standard single sign on mechanism. Correct Answer: C CISSP

Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Legacy single sign on (SSO) is a mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications. An SSO solution may provide a bottleneck or single point of failure. If the SSO server goes down, users are unable to access network resources. This is why it’s a good idea to have some type of redundancy or fail-over technology in place. Incorrect Answers: A: Legacy single sign on (SSO) enables users to sign on once; they do not have to sign on to every application. B: Legacy single sign on (SSO) is not technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals. This can be done with password synchronization. D: Legacy single sign on (SSO) is not another way of referring to SESAME and KryptoKnight. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 177 QUESTION 820 Which type of password token involves time synchronization? A. B. C. D.

Static password tokens Synchronous dynamic password tokens Asynchronous dynamic password tokens Challenge-response tokens

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Synchronous dynamic tokens make use of time or counters to synchronize a displayed token code with the code expected by the authentication server. Hence, the codes are synchronized. Incorrect Answers: A: Static passwords are reusable passwords that may or may not expire, and are normally user generated. C: Asynchronous dynamic tokens are not synchronized with a central server. D: Challenge-response tokens are asynchronous dynamic password tokens. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 30-36 QUESTION 821 Which of the following would describe a type of biometric error refers to as FASLE rejection rate? A. B. C. D.

Type I error Type II error Type III error CER error

Correct Answer: A Section: Identity and Access Management

CISSP

Explanation Explanation/Reference: Explanation: A Type I error, or false rejection rate, is when a biometric system rejects an authorized individual. Incorrect Answers: B: A Type II error, or false acceptance rate, is when the system accepts impostors who should be rejected. C: A Type III error does not exist in biometrics. D: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 188 http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=93 https://pciguru.wordpress.com/2010/05/01/one-two-and-three-factor-authentication/ QUESTION 822 Which of the following statements pertaining to biometrics is FALSE? A. B. C. D.

Increased system sensitivity can cause a higher false rejection rate The crossover error rate is the point at which false rejection rate equals the false acceptance rate. False acceptance rate is also known as Type II error. Biometrics are based on the Type 2 authentication mechanism.

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Type 2 authentication is based on something you have, like a token. Biometrics for part of Type 3 authentication, which is based on something you are. Something you are refers to an individual’s physical traits. Incorrect Answers: A, B, C: These options are all TRUE with regards to biometrics. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 35-37 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 187-189 QUESTION 823 Which of the following statements pertaining to Kerberos is TRUE? A. B. C. D.

Kerberos does not address availability Kerberos does not address integrity Kerberos does not make use of Symmetric Keys Kerberos cannot address confidentiality of information

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In

CISSP

Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the confidentiality and integrity of information. It does not address availability. Incorrect Answers: B: Kerberos does address integrity. C: Kerberos does make use of Symmetric Keys. D: Kerberos does address confidentiality of information. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 78 QUESTION 824 Which of the following BEST ensures accountability of users for the actions taken within a system or domain? A. B. C. D.

Identification Authentication Authorization Credentials

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Identification and authentication are the keystones of most access control systems. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time. To ‘ensure’ accountability, the user must prove that they are who they say they are. This is the function of authentication. Therefore, authentication best ensures accountability of users for the actions taken within a system or domain. Incorrect Answers: A: Identification is the user saying who they are. However, to ensure accountability, you need authentication to prove that they are who they say they are. C: Authorization is the rights and permissions granted to an individual which enable access to a computer resource. This does not ensure accountability because it does not ensure that the user accessing the system is who they say they are. D: Credentials are the user’s username and password combination. However, authentication is the process of validating the credentials. Credentials alone (without validation/authentication) do not ensure that the user accessing the system is who they say they are. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 57 QUESTION 825 Which of the following statements pertaining to biometrics is FALSE? A. B. C. D.

User can be authenticated based on behavior. User can be authenticated based on unique physical attributes. User can be authenticated by what he knows. A biometric system's accuracy is determined by its crossover error rate (CER).

CISSP

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Biometrics is based on “what you are” or “what you do”. It is not based on what you know. Incorrect Answers: A: Behavioral (what you do), is one of the two categories that biometrics are divided into. B: The physiological biometric category refers to traits that are physical attributes unique to a specific individual. D: When determining a biometric system’s accuracy, the CER metric is the most important measurement. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 187, 188 QUESTION 826 Which of the following biometric devices offers the LOWEST CER? A. B. C. D.

Keystroke dynamics Voice verification Iris scan Fingerprint

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: According to the SANS Institute, an Iris scan has a lower CER than keystroke dynamics, voice verification, and fingerprint. Incorrect Answers: A, B, D: According to the SANS Institute, keystroke dynamics, voice verification, and fingerprint has a higher CER than iris scan. References: https://www.sans.org/reading-room/whitepapers/authentication/biometric-selection-body-parts-online-139 QUESTION 827 Which of the following is the WEAKEST authentication mechanism? A. B. C. D.

Passphrases Passwords One-time passwords Token devices

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Passwords are considered one of the weakest security mechanisms available, because users generally select passwords that are easy to guess.

CISSP

Incorrect Answers: A: Because a passphrase is longer, it is said to be more secure than a password. C: Once a one-time password is used, it is no longer valid. It is, therefore, more secure than a normal password. D: Token devices generate a One-time password, which is more secure than a normal password. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 192, 196, 197, 199 QUESTION 828 When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? A. B. C. D.

Type I error Type II error Type III error Crossover error

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Type II error, or false acceptance rate, is when the system accepts impostors who should be rejected. Incorrect Answers: A: A Type I error, or false rejection rate, is when a biometric system rejects an authorized individual. C: A Type III error does not exist in biometrics. D: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 188 http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=93 QUESTION 829 Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access? A. B. C. D.

Smart cards Single Sign-On (SSO) Symmetric Ciphers Public Key Infrastructure (PKI)

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Single Sign-On (SSO) allows a user to enter credentials once to gain access to all resources in primary and secondary network domains. Thereby, minimizing the amount of time users spend authenticating to resources and enabling the administrator to streamline user accounts and better control access rights. Furthermore, security is improved by reducing the likelihood that users will record passwords and also lessens the administrator’s time spent on adding and removing user accounts and modifying access permissions. Because SSO requires a user to remember only one password, a but one of the goals is that if a user only has to remember one password, a more complicated and secure password policy can be enforced. CISSP

Incorrect Answers: A: Smart cards are used for authentication purposes in access control. Although it can provide extra protection in an SSO environment, it does not provide the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access. C: Symmetric Ciphers are used for encryption and decryption. It does not provide the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access. D: Public Key Infrastructure allows for people who are widely dispersed to communicate securely and predictably. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 200, 207, 208, 833 https://en.wikipedia.org/wiki/Symmetric-key_algorithm#Cryptographic_primitives_based_on_symmetric_ciphers QUESTION 830 Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations? A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to. B. The initial logon process is cumbersome to discourage potential intruders. C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A security issue to consider in an SSO environment is that If an attacker uncovers a credential set, the attacker would have access to every resource within the environment that the compromised account has access to. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 207, 2078 QUESTION 831 Which of the following is implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? A. B. C. D.

Single Sign-On Dynamic Sign-On Smart cards Kerberos

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Single Sign-On (SSO) addresses the cumbersome situation of logging on multiple times to access different resources. In SSO, a user provides one ID and password per work session and is automatically logged-on to all the required applications. SSO can be implemented by using scripts that replay the users’ multiple log-ins, or by using authentication servers to verify a user’s identity and encrypted authentication tickets to permit access to system services. Incorrect Answers: CISSP

B: Dynamic Sign-On is not the correct term to describe an authentication system that can be implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services. C: Smart cards provide static or dynamic passwords or certificates to authenticate a user. The authentication happens every time the smart card is presented and the login. This is not what is described in the question. D: Kerberos can be used to implement Single-Sign on. However, “single sign-on” is the term described in the question. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 40 QUESTION 832 Which of the following protects a password from eavesdroppers and supports the encryption of communication? A. B. C. D.

Challenge Handshake Authentication Protocol (CHAP) Challenge Handshake Identification Protocol (CHIP) Challenge Handshake Encryption Protocol (CHEP) Challenge Handshake Substitution Protocol (CHSP)

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: One approach to remote access security is the Challenge Handshake Authentication Protocol (CHAP). CHAP protects the password from eavesdroppers and supports the encryption of communication. Challenge Handshake Authentication Protocol (CHAP) addresses some of the vulnerabilities found in PAP. It uses a challenge/response mechanism to authenticate the user instead of sending a password. When a user wants to establish a PPP connection and both ends have agreed that CHAP will be used for authentication purposes, the user’s computer sends the authentication server a logon request. The server sends the user a challenge (nonce), which is a random value. This challenge is encrypted with the use of a predefined password as an encryption key, and the encrypted challenge value is returned to the server. The authentication server also uses the predefined password as an encryption key and decrypts the challenge value, comparing it to the original value sent. If the two results are the same, the authentication server deduces that the user must have entered the correct password, and authentication is granted. Incorrect Answers: B: The correct name for the protocol is Challenge Handshake Authentication Protocol (CHAP), not Challenge Handshake Identification Protocol (CHIP). C: The correct name for the protocol is Challenge Handshake Authentication Protocol (CHAP), not Challenge Handshake Encryption Protocol (CHEP). D: The correct name for the protocol is Challenge Handshake Authentication Protocol (CHAP), not Challenge Handshake Substitution Protocol (CHSP). References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 66 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 710 QUESTION 833 The act of requiring two of the three factors to be used in the authentication process refers to: A. Two-Factor Authentication B. One-Factor Authentication C. Bi-Factor Authentication

CISSP

D. Double Authentication Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Two-Factor Authentication, also known as strong authentication, must include two out of the three authentication types. Incorrect Answers: B: One-Factor Authentication would only include a single authentication type. C: Bi-Factor Authentication is not a valid authentication term. D: Double Authentication is not a valid authentication term. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 163 QUESTION 834 Which of the following would be true about Static password tokens? A. B. C. D.

The owner identity is authenticated by the token The owner will never be authenticated by the token. The owner will authenticate himself to the system. The token does not authenticates the token owner but the system.

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Static password token is a device that contains a password which is physically hidden, but which is transmitted for each authentication. The token authenticates the identity of the owner to the information system. Incorrect Answers: B: Static password tokens will authenticate the identity of the owner to the information system. C: Static password tokens do not allow the owner to authenticate himself to the system. It authenticates the identity of the owner to the information system. D: Static password tokens authenticate the identity of the owner to the information system, not the system. References: https://en.wikipedia.org/wiki/Security_token http://www.informit.com/guides/content.aspx?g=security&seqNum=146 QUESTION 835 In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). C. The unique password is not entered into a system or workstation along with an owner's PIN. D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

CISSP

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Synchronous dynamic password tokens generate new passwords at specific time intervals that are synched with the main system. Passwords are only valid for a specific time period. Incorrect Answers: B: With synchronous dynamic password tokens, a timer is used to rotate through various combinations produced by a cryptographic algorithm. Therefore the password will be unique. C: With synchronous dynamic password tokens, the user enters the generated value and a user ID (this could be a PIN) into the computer, which then passes them to the server running the authentication service. D: This is incorrect as the time value on the token device and a secret key is used to create the one-time password, which the authentication service decrypts and compares to the value it expected. References: http://www.informit.com/guides/content.aspx?g=security&seqNum=146 https://en.wikipedia.org/wiki/Security_token Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 196 QUESTION 836 In biometrics, "one-to-many" search against database of stored biometric images is done in: A. B. C. D.

Authentication Identification Identities Identity-based access control

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A biometric system executes a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown user in identification mode. If the comparison of the biometric sample to a template in the database falls within a threshold previously set, identifying the individual will succeed. Incorrect Answers: A: In authentication mode, the biometric system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to confirm the individual is the person they claim to be. C: Identities refer to who users are, not a mode used in biometrics. D: An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual's identity. References: https://en.wikipedia.org/wiki/Biometrics Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 220 QUESTION 837 Which of the following is true of biometrics? A. It is used for identification in physical controls and it is not used in logical controls. B. It is used for authentication in physical controls and for identification in logical controls. C. It is used for identification in physical controls and for authentication in logical controls.

CISSP

D. Biometrics has no role in logical controls. Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Biometrics is used for identification in physical controls and for authentication in logical controls. Physical controls are items put into place to protect facility, personnel, and resources. As a physical control, biometrics provides protection by identifying a person to see if that person is authorized to access a facility. When a user is identified and granted physical access to a facility, biometrics can be used for authentication in logical controls to provide access to resources. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Biometrics is used in logical controls. B: Biometrics is used for identification in physical controls and for authentication in logical controls, not the other way round. Biometrics is used first as a physical control to identify a person to grant access to a facility, and then as a logical control to authenticate the user to provide access to resources. D: Biometrics does have a role in logical controls. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28 Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 58 QUESTION 838 What is the percentage of valid subjects that are falsely rejected by a Biometric Authentication system called? A. B. C. D.

False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error Crossover Error Rate (CER) True Rejection Rate (TRR) or Type III Error

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Type I error, or false rejection rate, is when a biometric system rejects an authorized individual. Incorrect Answers: B: A Type II error, or false acceptance rate, is when the system accepts impostors who should be rejected. C: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. D: The true reject rate refers to the percentage of times a system correctly rejects a false claim of identity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 188 http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=93

CISSP

QUESTION 839 What is the percentage of invalid subjects that are falsely accepted by a Biometric authentication system called? A. B. C. D.

False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error Crossover Error Rate (CER) True Acceptance Rate (TAR) or Type III Error

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Type II error, or false acceptance rate, is when the system accepts impostors who should be rejected. Incorrect Answers: A: A Type I error, or false rejection rate, is when a biometric system rejects an authorized individual. C: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. D: The true accept rate is the percentage of times a system correctly verifies a true claim of identity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 188 http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=92 QUESTION 840 What is the percentage at which the False Rejection Rate equals the False Acceptance Rate called? A. B. C. D.

False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error Crossover Error Rate (CER) Failure to enroll rate (FTE or FER)

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The crossover error rate (CER) is a percentage that signifies the point at which the false rejection rate equals the false acceptance rate. Incorrect Answers: A: A Type I error, or false rejection rate, is when a biometric system rejects an authorized individual. B: A Type II error, or false acceptance rate, is when the system accepts impostors who should be rejected. D: The Failure to enroll rate is the rate at which attempts to create a template from an input is unsuccessful. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 188 https://en.wikipedia.org/wiki/Biometrics QUESTION 841 What is a password called that is the same for each log-on session?

CISSP

A. B. C. D.

one-time password two-time password static password dynamic password

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Static passwords are passwords that can be reused, but may or may not expire. They can, therefore, be used for each log-on session if password expiration has not been configured. Incorrect Answers: A: A one-time password is no longer valid and, if obtained by a hacker, cannot be reused after it has been used. B: A two-time password is not a valid password type. D: A dynamic password is no longer valid and, if obtained by a hacker, cannot be reused after it has been used. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 195, 196 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 30 QUESTION 842 What is a sequence of characters that is usually longer than the allotted number for a password called? A. B. C. D.

passphrase cognitive phrase anticipated phrase Real phrase

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A passphrase is a sequence of characters that is longer than a password and, in some cases, takes the place of a password during an authentication process. Passphrases are long static passwords, which is made up of words in a phrase or sentence. Incorrect Answers: B: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not a cognitive phrase. C: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not an anticipated phrase. D: A sequence of characters that is usually longer than the allotted number for a password is called a passphrase, not a real phrase. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 199 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 30 QUESTION 843 Which BEST describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic CISSP

passwords? A. B. C. D.

Tickets Tokens Token passing networks Coupons

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A security token (or sometimes a hardware token, authentication token, USB token, cryptographic token, software token, virtual token, or key fob) may be a physical device that an authorized user is given to ease authentication. Security tokens are used to prove one's identity electronically (as in the case of a customer trying to access their bank account). The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. Some may store cryptographic keys, such as a digital signature, or biometric data, such as fingerprint minutiae. Some designs feature tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. All tokens contain some secret information that is used to prove identity. There are different ways in which this information can be used. Examples include: Synchronous dynamic password token: A timer is used to rotate through various combinations produced by a cryptographic algorithm. The token and the authentication server must have synchronized clocks. Asynchronous password token: A one-time password is generated without the use of a clock, either from a one-time pad or cryptographic algorithm. Incorrect Answers: A: A tool such as a keyfob, calculator, memory card or smart card used to supply dynamic passwords is not known as a ticket. C: Token passing networks are computer networks such as Token Ring or FDDI networks. They do not supply dynamic passwords. D: A tool such as a keyfob, calculator, memory card or smart card used to supply dynamic passwords is not known as a coupon. References: https://en.wikipedia.org/wiki/Security_token QUESTION 844 Which one of the following factors is NOT one on which Authentication is based? A. Type 1 Something you know, such as a PIN or password B. Type 2 Something you have, such as an ATM card or smart card C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan D. Type 4 Something you are, such as a system administrator or security administrator Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: CISSP

Something you are, or authentication by characteristic, is based on a unique physical attribute, not what role you fulfill. Incorrect Answers: A: Something you know, or authentication by knowledge, can be a password, PIN, mother’s maiden name, or the combination to a lock. B: Something you have, or authentication by ownership, can be a key, swipe card, access card, or badge. C: Something you are, or authentication by characteristic, is based on a unique physical attribute, referred to as biometrics. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 163 QUESTION 845 What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources? A. B. C. D.

Micrometrics Macrometrics Biometrics MicroBiometrics

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Some biometric systems base authentication decisions on physical attributes such as iris, retina, or fingerprints. Incorrect Answers: A: Micrometrics is a business term used for measures that support the improvement and management of a particular project, program or initiative. B: Macrometrics is a business term used for the overall organization or cross-functional metrics used to drive strategy. D: MicroBiometrics is not a technology that uses fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 187 http://www.humanresourcesiq.com/hr-technology/columns/macro-vs-micro-metrics/ QUESTION 846 What is the access protection system that limits connections by calling back the number of a previously authorized location called? A. B. C. D.

Sendback systems Callback forward systems Callback systems Sendback forward systems

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Callback is when the host system disconnects the caller and then dials the authorized telephone number of the CISSP

remote terminal in order to reestablish the connection. Incorrect Answers: A: A sendback system is not a valid system type with regards to CISSP. B: A callback forward system is not a valid system type with regards to CISSP. D: A sendback forward system is not a valid system type with regards to CISSP. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. G-3 QUESTION 847 Which of the following is the most reliable authentication method for remote access? A. B. C. D.

Variable callback system Synchronous token Fixed callback system Combination of callback and caller ID

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: A Synchronous token generates a one-time password that is only valid for a short period of time. Once the password is used it is no longer valid, and it expires if not entered in the acceptable time frame. Incorrect Answers: A: Although variable callback systems are more flexible than fixed callback systems, the system assumes the identity of the individual unless two-factor authentication is also implemented. C: Callback systems authenticate a person, but anyone can pretend to be that person. They are tied to a specific place and phone number, which can be spoofed by implementing call-forwarding. D: The caller ID and callback functionality provides greater confidence and auditability of the caller's identity. However, unless combined with strong authentication, any individual at the location could obtain access. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 196, 696 https://technet.microsoft.com/en-us/library/cc778189(v=ws.10).aspx QUESTION 848 Which of the following is NOT a security characteristic we need to consider while choosing a biometric identification system? A. B. C. D.

data acquisition process cost enrollment process speed and user interface

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The cost of the biometric identification system is a financial consideration, not a security consideration. The data acquisition process refers to how a user’s biometric data will be acquired. Will you use a fingerprint scan, a retina scan, a palm scan etc. This is an obvious security characteristic to be considered while choosing a biometric identification system. CISSP

The enrollment process refers to how the user’s biometric data will be initially acquired and the data stored as a template for comparison for future identifications. This is also a security characteristic to be considered while choosing a biometric identification system. The speed and user interface are security characteristics to be considered while choosing a biometric identification system. You need a biometric identification system that does not keep the user waiting before being identified and authenticated. The user interface for a biometric identification system should include instructional and feedback aspects that would enable users to use the system effectively without assistance. Incorrect Answers: A: The data acquisition process refers to how a user’s biometric data will be acquired. This is a security characteristic to be considered while choosing a biometric identification system. C: The enrollment process is a security characteristic to be considered while choosing a biometric identification system. D: The speed and user interface are security characteristics to be considered while choosing a biometric identification system. QUESTION 849 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering two questions: A. B. C. D.

What was the sex of a person and his age? What part of body to be used and how to accomplish identification that is viable? What was the age of a person and his income level? What was the tone of the voice of a person and his habits?

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: When it became apparent that truly positive identification could only be based on physical attributes of a person, two questions had to be answered. First, what part of body could be used? Second, how could identification be accomplished with sufficient accuracy, reliability and speed so as to be viable? Because most identity authentication requirements take place when people are fully clothed (neck to feet and wrists), the parts of the body conveniently available for this purpose are the hands, face and eyes. Incorrect Answers: A: The sex of a person and his age are not considered in biometric identification systems. C: The age of a person and his income level are not considered in biometric identification systems. D: The tone of the voice of a person and his habits are not considered in biometric identification systems. References: Tipton, Harold F. and Micki Krause, Information Security Management Handbook, 5th Edition, Auerbach Publications, Boca Raton, 2006, p. 62 QUESTION 850 What is the primary role of smartcards in a PKI? A. B. C. D.

Transparent renewal of user keys Easy distribution of the certificates between the users Fast hardware encryption of the raw data Tamper resistant, mobile storage and application of private keys of the users

Correct Answer: D Section: Identity and Access Management Explanation

CISSP

Explanation/Reference: Explanation: A smart card, which includes the ability to process data stored on it, is also able to deliver a two-factor authentication method as the user may have to enter a PIN to unlock the smart card. The authentication can be completed by using an OTP, by utilizing a challenge/response value, or by presenting the user’s private key if it is used within a PKI environment. The fact that the memory of a smart card is not readable until the correct PIN is entered, as well as the complexity of the smart token makes these cards resistant to reverse-engineering and tampering methods. Incorrect Answers: A: Transparent renewal of user keys is not the primary role of smartcards in a PKI. B: Easy distribution of the certificates between the users is not the primary role of smartcards in a PKI. C: Fast hardware encryption of the raw data is not the primary role of smartcards in a PKI. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 200, 201 http://en.wikipedia.org/wiki/Tamper_resistance QUESTION 851 In biometric identification systems, the parts of the body conveniently available for identification are: A. B. C. D.

neck and mouth hands, face, and eyes feet and hair voice and neck

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Most identity authentication takes place when people are fully clothed (neck to feet and wrists), the parts of the body conveniently available for this purpose are hands, face, and eyes. Incorrect Answers: A: The neck is not convenient as it can be covered. C: The feet normally have shoes on, and therefore not convenient. D: The neck is not convenient as it can be covered. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 187-192 QUESTION 852 Which of the following is TRUE of two-factor authentication? A. B. C. D.

It uses the RSA public-key signature based on integers with large prime factors. It requires two measurements of hand geometry. It does not use single sign-on technology. It relies on two independent proofs of identity.

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation:

CISSP

There are three general factors that are used for authentication: Something a person knows. Something a person has. Something a person is. Two-factor authentication requires two of the three factors to be part of authentication process. Incorrect Answers: A: RSA encryption uses integers with exactly two prime factors, but the term "two-factor authentication" is not used in that context. B: Measuring hand geometry twice only provides one factor. C: Single sign-on (SSO) technology allows a user to enter their credentials once to gain access to multiple systems. Two-factor authentication could be used for SSO, not the other way around. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 162, 163, 207, 815 QUESTION 853 What kind of certificate is used to validate a user identity? A. B. C. D.

Public key certificate Attribute certificate Root certificate Code signing certificate

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. Incorrect Answers: B: In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. C: A root certificate is an unsigned or a self-signed public key certificate that identifies the Root Certificate Authority (CA). D: Code signing digitally signs executables and scripts to verify the software author and guarantee that the code has not been changed or tainted since it was signed by use of a cryptographic hash. References: http://en.wikipedia.org/wiki/Attribute_certificate http://en.wikipedia.org/wiki/Public_key_certificate https://en.wikipedia.org/wiki/Root_certificate https://en.wikipedia.org/wiki/Code_signing QUESTION 854 Single Sign-on (SSO) is characterized by which of the following advantages? A. B. C. D.

Convenience Convenience and centralized administration Convenience and centralized data administration Convenience and centralized network administration

CISSP

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Single sign-on allows users to type their passwords only once when they first log in to access all the network resources. This makes SSO convenient. Single Sign-on allows a single administrator to add and delete accounts across the entire network from one user interface, providing centralized administration. Incorrect Answers: A: Single Sign-on does offer convenience, but it also offers centralized administration, making option B a more suitable answer. C: Centralized data administration is not an advantage of Single Sign-on. D: Centralized network administration is not an advantage of Single Sign-on. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 42 QUESTION 855 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. B. C. D.

Authentication Identification Authorization Confidentiality

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Identification involves a user supplying identification information using a username, user ID, or account number. Incorrect Answers: A: Authentication involves verifying a user’s identification information using a passphrase, PIN value, biometric, one-time password, or password. C: Authorization is when a system establishes whether the user is authorized to access the particular resource and what actions he is permitted to perform on that resource. D: Confidentiality is used to make sure that the required level of secrecy is imposed at every junction of data processing and prevents unauthorized disclosure. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 24, 166, 203 QUESTION 856 What is the verification that the user's claimed identity is valid called and is usually implemented through a user password at log-on time? A. B. C. D.

Authentication Identification Integrity Confidentiality

CISSP

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Authentication involves verifying a user’s identification information using a passphrase, PIN value, biometric, one-time password, or password. Incorrect Answers: B: Identification involves a user supplying identification information using a username, user ID, or account number. C: Integrity is a security principle that ensures information and systems are not maliciously or accidentally modified. D: Confidentiality is used to make sure that the required level of secrecy is imposed at every junction of data processing and prevents unauthorized disclosure. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 23, 24, 166 QUESTION 857 Which of the following is TRUE about Kerberos? A. B. C. D.

It utilizes public key cryptography. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. It depends upon symmetric ciphers. It is a second party authentication system.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos makes use of symmetric key cryptography and offers end-to-end security. The majority Kerberos implementations works with shared secret keys. Incorrect Answers: A: Kerberos makes use of symmetric key cryptography, which does not include the use of public keys. B: Kerberos was specifically designed to remove the need to transmit passwords over the network. D: Kerberos is a trusted third-party service. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 782 https://en.wikipedia.org/wiki/Kerberos_(protocol) QUESTION 858 A confidential number used as an authentication factor to verify a user's identity is called a: A. B. C. D.

PIN User ID Password Challenge

Correct Answer: A Section: Identity and Access Management

CISSP

Explanation Explanation/Reference: Explanation: Personal Identification Number (PIN) is a numeric password shared between a user and a system, which can be used to authenticate the user to the system. Incorrect Answers: B: User ID is used for identification, not authentication. C: A password is a word or string of characters used for user authentication. D: Challenge-response authentication involves one party presenting a question ("challenge") and another party providing a valid answer ("response") to be authenticated. It does not specifically be a number sequence. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 162 https://en.wikipedia.org/wiki/Personal_identification_number https://en.wikipedia.org/wiki/Password https://en.wikipedia.org/wiki/Challenge-response_authentication#Cryptographic_techniques QUESTION 859 For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. B. C. D.

*-Property and Polymorphism Strong *-Property and Polyinstantiation Simple Security Property and Polymorphism Simple Security Property and Polyinstantiation

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The Simple Security Property is a Bell-LaPadula security model rule that stipulates that a subject cannot read data at a higher security level. Polyinstantiation is the process of allowing a table to have multiple rows with the same primary key. The different instances can be distinguished by their security levels or classifications. Incorrect Answers: A: In programming languages and type theory, polymorphism is the provision of a single interface to entities of different types. Polymorphism is not used to directly strengthen security. CISSP

B: Strong * property is a term that is used with some object oriented programming languages. It is not related to security. C: In programming languages and type theory, polymorphism is the provision of a single interface to entities of different types. Polymorphism is not used to directly strengthen security. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 14, 1218 QUESTION 860 The primary service provided by Kerberos is which of the following? A. B. C. D.

non-repudiation confidentiality authentication authorization

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is a third-party authentication service that can be used to support SSO. Incorrect Answers: A: Non-repudiation provides assurance that a specific user performed a specific transaction that did not change. It is not, however, the primary service provided by Kerberos. B: Confidentiality strives to prevent unauthorized read access to data. It is not, however, the primary service provided by Kerberos. D: Authorization refers to the actions you are allowed to carry out on a system after identification and authentication has taken place. It is not, however, the primary service provided by Kerberos. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 12, 14, 15, 43 QUESTION 861 Which of the following is NOT true of the Kerberos protocol? A. B. C. D.

Only a single login is required per session. The initial authentication steps are done using public key algorithm. The KDC is aware of all systems in the network and is trusted by all of them It performs mutual authentication

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos uses shared secret keys and tickets for the initial authentication, not a public key algorithm. Incorrect Answers: A: Kerberos is an example of a single sign-on system for distributed environments, and therefore only requires a single login per session. C: the foundation of Kerberos security is trust that clients and services have in the integrity of the KDC. D: Kerberos provides mutual authentication in that both the user and the server verify each other's identity. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213 https://en.wikipedia.org/wiki/Kerberos_(protocol) QUESTION 862 The authenticator within Kerberos provides a requested service to the client after validating which of the following? A. B. C. D.

timestamp client public key client private key server public key

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: In Kerberos implementations where the use of an authenticator is configured, the user sends their identification information and a timestamp and sequence number encrypted with the shared session key to the requested service, which then decrypts this information and compares it with the identification data the KDC sent to it about this requesting user. If the data matches, the user is allowed access to the requested service. Incorrect Answers: B: A requested service is provided to the client after validating a user’s identification information and a timestamp and encrypted sequence number, not a client public key. C: A requested service is provided to the client after validating a user’s identification information and a timestamp and encrypted sequence number, not a client private key. D: A requested service is provided to the client after validating a user’s identification information and a timestamp and encrypted sequence number, not a server public key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213 QUESTION 863 Which of the following is addressed by Kerberos? A. B. C. D.

Confidentiality and Integrity Authentication and Availability Validation and Integrity Auditability and Integrity

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis. Incorrect Answers: CISSP

B: Kerberos an authentication protocol. However, it does not address availability. C: Kerberos does address integrity but it does not address validation. D: Kerberos does address integrity but it does not address auditability. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 78 QUESTION 864 Kerberos is vulnerable to replay in which of the following circumstances? A. B. C. D.

When a private key is compromised within an allotted time window. When a public key is compromised within an allotted time window. When a ticket is compromised within an allotted time window. When the KSD is compromised within an allotted time window.

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis. Furthermore, because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to both physical attacks and attacks from malicious code. Replay can be accomplished on Kerberos if the compromised tickets are used within an allotted time window. Because a client’s password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client. Incorrect Answers: A: Kerberos does not use a private key like an asymmetric key cryptography system does. It uses symmetric key cryptography (shared key). B: Kerberos does not use a public key like an asymmetric key cryptography system does. It uses symmetric key cryptography (shared key). D: KSD being compromised is not a vulnerability of Kerberos. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 78 QUESTION 865 Like the Kerberos protocol, SESAME is also subject to which of the following? A. B. C. D.

timeslot replay password guessing symmetric key guessing asymmetric key guessing

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Just like Kerberos, SESAME depends on the initial user authentication. For that reason, SESAME has the same weakness to attacks on the user’s password as Kerberos does. Incorrect Answers: CISSP

A: SESAME is not susceptible to timeslot replay attacks. C: Symmetric key guessing is not a weakness of Kerberos. D: Asymmetric key guessing is not a weakness of Kerberos. References: Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, p. 101 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 46 QUESTION 866 RADIUS incorporates which of the following services? A. B. C. D.

Authentication server and PIN codes. Authentication of clients and static passwords generation. Authentication of clients and dynamic passwords generation. Authentication server as well as support for Static and Dynamic passwords.

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A central authentication service for dial-up users is the standard Remote Authentication and Dial-In User Service (RADIUS). RADIUS incorporates an authentication server and dynamic passwords. The RADIUS protocol is an open lightweight, UDP-based protocol that can be modified to work with a variety of security systems. It provides authentication, authorization and accounting services to routers, modem servers, and wireless applications. RADIUS is described in RFC 2865. Incorrect Answers: A: RADIUS does not incorporate PIN codes. B: Authentication of clients is provided by the authentication server which is incorporated into RADIUS. RADIUS does not incorporate static passwords ‘generation’. C: Authentication of clients is provided by the authentication server which is incorporated into RADIUS. RADIUS does not incorporate dynamic passwords ‘generation’. References: Cole, Eric, Network Security Bible, Wiley Publishing, Indianapolis, 2009, p. 124 QUESTION 867 Which of the following would constitute the BEST example of a password to use for access to a system by a network administrator? A. B. C. D.

holiday Christmas12 Jenny GyN19Za!

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A generally accepted minimum standard for password complexity is a minimum of eight characters, one uppercase alpha character, one lowercase alpha character, one number character, and one symbol character. Therefore, “GyN19Za!” is the best example.

CISSP

Incorrect Answers: A: This option does not satisfy the minimum complexity as it only has lowercase characters. B: This option does not satisfy minimum complexity as there are no alpha or symbol characters. C: This option does not satisfy the minimum complexity as it is less than eight characters, and has no alpha, number, or symbol characters. References: Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, California, p. 77 QUESTION 868 What physical characteristic does a retinal scan biometric device measure? A. B. C. D.

The amount of light reaching the retina The amount of light reflected by the retina The pattern of light receptors at the back of the eye The pattern of blood vessels at the back of the eye

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A Retina Scan is a biometric system that scans the blood-vessel pattern of the retina on the backside of the eyeball. Incorrect Answers: A: Retina Scans do not measure the amount of light reaching the retina, but scans the blood-vessel pattern of the retina on the backside of the eyeball. B: Retina Scans do not measure the amount of light reflected by the retina, but scans the blood-vessel pattern of the retina on the backside of the eyeball. C: Retina Scans do not measure the pattern of light receptors at the back of the eye, but scans the bloodvessel pattern of the retina on the backside of the eyeball. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 191 QUESTION 869 Smart cards are an example of which type of control? A. B. C. D.

Detective control Administrative control Technical control Physical control

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Smart cards are an example of a Preventive/Technical control. Incorrect Answers: A: Detective controls include Motion detectors, Closed-circuit TVs, Monitoring and Supervising, Job rotation, Investigations, Audit logs, and IDS. B: Administrative controls include Security policy, Monitoring and Supervising, Separation of duties, Job CISSP

rotation, Information Classification, Personnel Procedures, Testing, and Security-awareness training. D: Physical controls include Fences, Locks, Badge system, Security guard, Biometric system, Mantrap doors, Lighting, Motion detectors, and Closed-circuit TVs. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 32, 33 QUESTION 870 Which of the following is NOT a two-factor authentication mechanism? A. B. C. D.

Something you have and something you know. Something you do and a password. A smartcard and something you are. Something you know and a password.

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Two-factor authentication includes two of the following three factors: Something you know - Password Something you have - Token Something you are - Biometrics A password is something you know, and cannot be used together for two-factor authentication. Incorrect Answers: A, B, C: This answer satisfies the requirements for two-factor authentication. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 163 QUESTION 871 Which of following is NOT a service provided by AAA servers (Radius, TACACS and DIAMETER)? A. B. C. D.

Authentication Administration Accounting Authorization

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: The AAA term refers to authentication, authorization, and accounting/audit. Administration is not one of the options, therefore, the correct answer. Incorrect Answers: A, C, D: Authentication, Accounting, and Authorization are what the AAA term refers to. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 236

CISSP

QUESTION 872 Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers? A. B. C. D.

TCP SSL UDP SSH

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: TACACS has been through three generations: TACACS, Extended TACACS (XTACACS), and TACACS+. TACACS combines its authentication and authorization processes; XTACACS separates authentication, authorization, and auditing processes; and TACACS+ is XTACACS with extended two-factor user authentication. TACACS uses fixed passwords for authentication, while TACACS+ allows users to employ dynamic (one-time) passwords, which provides more protection. The original TACACS was developed during the days of ARPANET which is the basis for the Internet. TACACS uses UDP as its communication protocol. TACACS+ uses TCP as its communication protocol. Incorrect Answers: A: TACACS uses UDP as its communication protocol, not TCP. B: TACACS uses UDP as its communication protocol, not SSL. D: TACACS uses UDP as its communication protocol, not SSH. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 234 Jacobs, Josh, et al., SSCP Systems Security Certified Practitioner Study Guide and DVD Training System, Syngress, Rockland, 2003, p. 450 http://en.wikipedia.org/wiki/TACACS QUESTION 873 What is Kerberos? A. B. C. D.

A three-headed dog from the Egyptian mythology. A trusted third-party authentication protocol. A security model. A remote authentication dial-in user server.

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Kerberos is a third-party authentication service that can be used to support SSO. Kerberos (or Cerberus) was the name of the three-headed dog that guarded the entrance to Hades in Greek mythology. Incorrect Answers: A: Kerberos (or Cerberus) was the name of the three-headed dog that guarded the entrance to Hades in Greek mythology. We are, however, dealing with information systems, not mythology. C: Kerberos is an authentication protocol, not just a security model. D: A remote authentication dial in user server refers to RADIUS, not Kerberos.

CISSP

References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 22, 43 QUESTION 874 Which of the following can BEST eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5 D. Only attaching modems to non-networked hosts. Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: As client computers used to have built-in modems to allow for Internet connectivity, organizations commonly had a pool of modems to allow for remote access into and out of their networks. In some cases the modems were installed on individual servers here and there throughout the network or they were centrally located and managed. Most companies did not properly enforce access control through these modem connections, and they served as easy entry points for attackers. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall can best eliminate dial-up access through a Remote Access Server as a hacking vector. This solution would mean that even if an attacker gained access to the Remote Access Server, the firewall would provide another layer of protection. Incorrect Answers: A: Using a TACACS+ server does provide a good remote access authentication and authorization solution. However, to best eliminate dial-up access through a Remote Access Server as a hacking vector, you should place the remote access server outside the firewall. C: Setting modem ring count to at least 5 may deter wardialers but it does not eliminate dial-up access through a Remote Access Server as a hacking vector. D: Only attaching modems to non-networked hosts do not eliminate dial-up access through a Remote Access Server as a hacking vector. Besides being impractical, the non-network hosts would be vulnerable to attack. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 695 QUESTION 875 Which authentication technique BEST protects against hijacking? A. B. C. D.

Static authentication Continuous authentication Robust authentication Strong authentication

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: There are three major types of authentication available: static, robust, and continuous. Static authentication includes passwords and other techniques that can be compromised through replay attacks. They are often CISSP

called reusable passwords. Robust authentication involves the use of cryptography or other techniques to create one-time passwords that are used to create sessions. These can be compromised by session hijacking. Continuous authentication prevents session hijacking. Continuous Authentication provides protection against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete. These are typically referred to as active attacks, since they assume that the imposter can actively influence the connection between claimant and verifier. One way to provide this form of authentication is to apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier. There are other combinations of cryptography that can provide this form of authentication but current strategies rely on applying some type of cryptography to every bit of data sent. Otherwise, any unprotected bit would be suspect. Incorrect Answers: A: Static authentication only provides protection against attacks in which an imposter cannot see, insert or alter the information passed between the claimant and the verifier during an authentication exchange and subsequent session. Static authentication does not protect against hijacking. C: Robust Authentication relies on dynamic authentication data that changes with each authenticated session between a claimant and verifier. Robust or dynamic authentication does not protect against hijacking. D: Strong authentication is not a specific authentication type; it is another term for multi-factor authentication. References: http://www.windowsecurity.com/whitepapers/policy_and_standards/Internet_Security_Policy/ Internet_Security_Policy__Sample_Policy_Areas.html QUESTION 876 Which of the following is NOT a security goal for remote access? A. B. C. D.

Reliable authentication of users and systems Protection of confidential data Easy to manage access control to systems and network resources Automated login for remote users

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Protection of confidential data is one of the most important security aspects of any business. Providing remote access to a network and its computer systems brings new risks. Is the person logging in remotely who he claims to be? Is someone physically or electronically looking over his shoulder, or tapping the communication line? Is the client device from which he is performing the remote access in a secure configuration, or has it been compromised by spyware, Trojan horses, and other malicious code? When providing remote access to your network, you need reliable authentication of users and systems. You also need to be able to control access to the systems and network resources. Automated login for remote users is not a security goal for remote access. Logins should not be automated for remote users. Automated logins do not improve the security of the network or systems. Incorrect Answers: A: Reliable authentication of users and systems is a security goal for remote access. B: Protection of confidential data is a security goal for remote access. C: Easy to manage access control to systems and network resources is a security goal for remote access. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1250 QUESTION 877 During an IS audit, one of your auditors has observed that some of the critical servers in your organization can be accessed ONLY by using a shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?

CISSP

A. B. C. D.

Password sharing Accountability Shared account management Difficulty in auditing shared account

Correct Answer: B Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Identification and authentication are the keystones of most access control systems. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Identification establishes user accountability for the actions on the system. Authentication is verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time. Audit trails list the actions performed by the user account used to perform the actions. However, if all the users are using the same user account, you have no way of knowing which person performed which action. Therefore, you have no “accountability”. Incorrect Answers: A: Password sharing is not the primary concern in this case. The only password shared is the password for the shared account. C: Shared account management is not a concern. The fact that the account is shared is the concern. D: Difficulty in auditing shared account is not the primary concern. Auditing a single account is not a problem. The problem is that you do not know which person is using the account at any given time. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 57 QUESTION 878 During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication? A. B. C. D.

Eavesdropping Traffic analysis Masquerading Race Condition

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A race condition happens when two different processes need to carry out their tasks on the same resource. Incorrect Answers: A: Sniffing or eavesdropping involves the capturing and recording of all frames traveling across the network media. B: Traffic analysis is used for discovering information by watching traffic patterns on a network. C: Masquerading occurs by impersonating another user to gain unauthorized access to a system References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 410, 411, 1060, 1294 Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, p. 508 CISSP

QUESTION 879 Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)? A. B. C. D.

Eavesdropping Traffic analysis Masquerading Race Condition

Correct Answer: D Section: Identity and Access Management Explanation Explanation/Reference: Explanation: In the industry, race conditions and TOC/TOU attacks are considered to be the same thing. Incorrect Answers: A: Sniffing or eavesdropping involves the capturing and recording of all frames traveling across the network media. B: Traffic analysis is used for discovering information by watching traffic patterns on a network. C: Masquerading occurs by impersonating another user to gain unauthorized access to a system References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 410, 411, 1060, 1294 Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, p. 508 QUESTION 880 What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system? A. B. C. D.

Accountability controls Mandatory access controls Assurance procedures Administrative controls

Correct Answer: C Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization’s security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. Incorrect Answers: A: Controls are administrative, logical/technical or physical. Accountability controls are not a defined control type and do not ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. B: Mandatory access controls are an access control type. They do not ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. D: Administrative controls are a group of controls that include policies and procedures. However, assurance procedures are the specific name for the set of procedures that ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system.

CISSP

References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 47 QUESTION 881 To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up: A. B. C. D.

Access Rules Access Matrix Identification controls Access terminal

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object. Incorrect Answers: B: An access control matrix is a table of subjects and objects specifying the actions individual subjects can take upon individual objects. C: Identification is a mechanism that falls under the Technical controls banner. D: Access terminal refers to the workstation that allows access. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 28, 227-229 QUESTION 882 Which type of password provides maximum security because a new password is required for each new log-on? A. B. C. D.

One-time or dynamic password Cognitive password Static password Passphrase

Correct Answer: A Section: Identity and Access Management Explanation Explanation/Reference: Explanation: A one-time or dynamic password is no longer valid and, if obtained by a hacker, cannot be reused after it has been used. A one-time or dynamic password is used in environments where a higher level of security than static passwords is required. Incorrect Answers: B: After a user is enrolled by answering several questions based on her life experiences, the user can answer the questions asked of her to be authenticated instead of having to remember a password. The questions do not change from log-on to log-on. C: Static passwords are passwords that can be reused, but may or may not expire. D: Passphrases are long static passwords, which is made up of words in a phrase or sentence. References:

CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 195, 196 Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 30 QUESTION 883 Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of its internals? A. B. C. D.

Black-box testing Parallel Test Regression Testing Pilot Testing

Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Black box testing examines the functionality of an application without peering into its internal structures or workings. Black box testing provides the tester with no internal details; the software is treated as a black box that receives inputs. Incorrect Answers: B: Parallel Testing is the process of entering the same inputs in two different versions of the application and reporting the anomalies. C: Regression Testing is the process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. D: Pilot Testing is a preliminary test that focuses on specific and predefined aspect of a system. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 194 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1105 https://en.wikipedia.org/wiki/Black-box_testing http://www.tutorialspoint.com/software_testing_dictionary/parallel_testing.htm http://soft-engineering.blogspot.co.za/2010/12/what-is-difference-between-pilot-and.html QUESTION 884 Which of the following is NOT a technique used to perform a penetration test? A. B. C. D.

traffic padding scanning and probing war dialing sniffing

Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Traffic padding is a countermeasure to traffic analysis. Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that was generated. The attacker might not know what Alice and Bob were talking about, but can know that they were talking and how much they talked. In certain circumstances this can be very bad. Consider for example

CISSP

when a military is organizing a secret attack against another nation: it may suffice to alert the other nation for them to know merely that there is a lot of secret activity going on. Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are appended to the end of the message with an indication at the end how much this random data is. The randomness should have a minimum value of 0, a maximum number of N and an even distribution between the two extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a lower percentage of the channel will be used to transmit real data. Also note, that since the cryptographic routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put the padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner. Incorrect Answers: B: Scanning and probing is a technique used in Penetration Testing. Various scanners, like a port scanner, can reveal information about a network’s infrastructure and enable an intruder to access the network’s unsecured ports. C: War dialing is a technique used in Penetration Testing. War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers to hack in to. D: Sniffing (packet sniffing) is a technique used in Penetration Testing. Packet sniffing is the process of intercepting data as it is transmitted over a network. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, pp. 233, 238. https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_analysis QUESTION 885 Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? A. B. C. D.

They are more cost-effective They offer a lack of corporate bias They use highly talented ex-hackers They ensure a more complete reporting

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Two points are important to consider when it comes to ethical hacking: integrity and independence. By not using an ethical hacking firm that hires or subcontracts to ex-hackers of others who have criminal records, an entire subset of risks can be avoided by an organization. Also, it is not cost-effective for a single firm to fund the effort of the ongoing research and development, systems development, and maintenance that is needed to operate state-of-the-art proprietary and open source testing tools and techniques. External penetration firms are more effective than internal penetration testers because they are not influenced by any previous system security decisions, knowledge of the current system environment, or future system security plans. Moreover, an employee performing penetration testing might be reluctant to fully report security gaps. Incorrect Answers: A: External penetration service firms are more cost-effective than using corporate resources for penetration testing. This is a valid reason to use external penetration service firms. B: External penetration service firms do offer a lack of corporate bias compared to corporate resources. This is a valid reason to use external penetration service firms. D: External penetration service firms do tend to ensure more complete reporting than corporate resources. This is a valid reason to use external penetration service firms.

CISSP

References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 517 QUESTION 886 Which of the following statements pertaining to ethical hacking is NOT true? A. An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. B. Testing should be done remotely to simulate external threats. C. Ethical hacking should not involve writing to or modifying the target systems negatively. D. Ethical hackers never use tools that have the potential of affecting servers or services. Correct Answer: D Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Ethical hackers should use tools that have the potential of affecting servers or services to provide a valid security test. These are the tools that a malicious hacker would use. The first step before sending even one single packet to the target would be to have a signed agreement with clear rules of engagement and a signed contract. The signed contract explains to the client the associated risks and the client must agree to them before you even send one packet to the target range. This way the client understands that some of the tests could lead to interruption of service or even crash a server. The client signs that he is aware of such risks and willing to accept them. Incorrect Answers: A: An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. An ethical hacking firm's independence can be questioned if they sell security solutions at the same time as doing testing for the same client. B: Testing should be done remotely to simulate external threats. Testing simulating a cracker from the Internet is often one of the first tests being done. This is to validate perimeter security. By performing tests remotely, the ethical hacking firm emulates the hacker's approach more realistically. C: Ethical hacking should not involve writing to or modifying the target systems negatively. Proving the ability to write to or modify the target systems (without causing harm) is enough to demonstrate the existence of a vulnerability. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 520 QUESTION 887 Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system. A. B. C. D.

EAL, Security Target, Target of Evaluation SFR, Protection Profile, Security Target Protection Profile, Target of Evaluation, Security Target SFR, Security Target, Target of Evaluation

Correct Answer: C Section: Security Assessment and Testing Explanation

CISSP

Explanation/Reference: Explanation: Under the Common Criteria model, an evaluation is carried out on a product and it is assigned an Evaluation Assurance Level (EAL). The thorough and stringent testing increases in detailed-oriented tasks as the assurance levels increase. The Common Criteria has seven assurance levels. The range is from EAL1, where functionality testing takes place, to EAL7, where thorough testing is performed and the system design is verified. The different components are shown in the exhibit below:

Incorrect Answers: A: Evaluated Assurance Levels (EALs) determine the levels of evaluation required. EAL is not a common criteria security evaluation process concept. B: Security functional requirements (SFRs) are individual security functions which must be provided by a product. An SFR is not a common criteria security evaluation process concept. D: Security functional requirements (SFRs) are individual security functions which must be provided by a product. An SFR is not a common criteria security evaluation process concept. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 403-405 QUESTION 888 You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls.

CISSP

Which method would you use in this scenario: A. B. C. D.

Black box Method Pivoting method White Box Method. Grey Box Method

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Pivoting is a method that makes use of the compromised system to attack other systems on the same network to avoid restrictions that might prohibit direct access to all machines. Incorrect Answers: A: Black box testing examines the functionality of an application without peering into its internal structures or workings. C: With white box testing, the testers are provided with complete knowledge of the infrastructure being tested. D: With gray-box pen testing, the tester is provided with partial knowledge of the infrastructure being tested. References: https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting https://en.wikipedia.org/wiki/Black-box_testing http://www.redsphereglobal.com/content/penetration-testing QUESTION 889 Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. B. C. D.

Test environment using test data. Test environment using sanitized live workloads data. Production environment using test data. Production environment using sanitized live workloads data.

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: You should perform stress tests in a test environment. It is best to use live workload data as the stress test would be more realistic. Stress testing (sometimes called torture testing) is a form of deliberately intense or thorough testing used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to observe the results. Incorrect Answers: A: It would be better to use live workload data. C: You should not perform stress tests in the product environment. D: You should not perform stress tests in the product environment. References: https://en.wikipedia.org/wiki/Stress_testing QUESTION 890 Which of the following are required for Life-Cycle Assurance? CISSP

A. B. C. D.

System Architecture and Design specification Security Testing and Covert Channel Analysis Security Testing and Trusted distribution Configuration Management and Trusted Facility Management

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information. The computer system must contain hardware/software mechanisms that can be independently evaluated to provide sufficient assurance that the system enforces the requirements. By extension, assurance must include a guarantee that the trusted portion of the system works only as intended. To accomplish these objectives, two types of assurance are needed with their respective elements: Operational Assurance: System Architecture, System Integrity, Covert Channel Analysis, Trusted Facility Management and Trusted Recovery Life-cycle Assurance: Security Testing, Design Specification and Verification, Configuration Management and Trusted System Distribution Incorrect Answers: A: System Architecture is not required for Life-Cycle Assurance. System Architecture is part of Operational Assurance. B: Covert Channel Analysis is not required for Life-Cycle Assurance. Covert Channel Analysis is part of Operational Assurance. D: Trusted Facility Management is not required for Life-Cycle Assurance. Trusted Facility Management is part of Operational Assurance. References: https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria QUESTION 891 Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? A. B. C. D.

White-Box Penetration Testing Black-Box Pen Testing Penetration Testing Gray-Box Pen Testing

Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: With white box testing, the testers are provided with complete knowledge of the infrastructure being tested. Incorrect Answers: B: With black box testing, the testers are provided with no knowledge of the infrastructure being tested. C: Penetration testing, whose test target may be a white box or black box, is a software attack on a computer system that looks for security weaknesses.

CISSP

D: With gray-box pen testing, the tester is provided with partial knowledge of the infrastructure being tested. References: http://www.redsphereglobal.com/content/penetration-testing QUESTION 892 Which of the following would be the best reason for separating the test and development environments? A. B. C. D.

To restrict access to systems under test. To control the stability of the test environment. To segregate user and development staff. To secure access to systems under development.

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: You should always separate test and development environments. When testing a system, you need to isolate the system to ensure the test system is controlled and stable. This will ensure the system is tested in a realistic environment that mirrors the live environment as closely as possible. Access control methods can be used to easily separate the test and development environments. Incorrect Answers: A: Restricting access to systems under test is not the best reason for separating the test and development environments. Preventing instability in a development environment from affecting the test environment is a better answer. C: Segregate user and development staff is not the best reason for separating the test and development environments. D: Securing access to systems under development is not the best reason for separating the test and development environments. Securing access to systems under development would not be achieved by separating the test and development environments. QUESTION 893 Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. B. C. D.

Validation Verification Assessment Accuracy

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Verification is the process of determining whether the product accurately represents and meets the design specifications given to the developers. Incorrect Answers: A: Validation is the process of determining whether the product provides the necessary solution for the realworld problem that is was created to solve. C: Assessments are performed to determine the potential risks to a system. It does not test a system’s compliance with design specifications and security requirements. CISSP

D: Accuracy is related to the integrity of information and systems. The integrity of information and systems requires that the information and systems remain accurate and reliable. This is ensured by preventing any unauthorized modification to the information or systems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23-24, 74-74, 1106 https://en.wikipedia.org/wiki/Verification_and_validation QUESTION 894 Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes. Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: To run a source comparison does not prevent any specific action from occurring. Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Controls help to reduce the risk of damage or loss by stopping, deterring, or slowing down an attack against an asset. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security incident: Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out unauthorized intruders; During the event, detective controls are intended to identify and characterize an incident in progress e.g. by sounding the intruder alarm and alerting the security guards or police; After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g. by recovering the organization to normal working status as efficiently as possible. Incorrect Answers: A: Denying a programmer access to production data is an example of preventive control as it prevents the programmer from accessing the data. B: To make a change request to include extra information would prevent unauthorized changes from being made. D: By establishing procedure for emergency changes unauthorized changes could be prevented. References: https://en.wikipedia.org/wiki/Security_controls QUESTION 895 A network-based vulnerability assessment is a type of test also referred to as: A. B. C. D.

An active vulnerability assessment. A routing vulnerability assessment. A host-based vulnerability assessment. A passive vulnerability assessment.

Correct Answer: A Section: Security Assessment and Testing CISSP

Explanation Explanation/Reference: Explanation: An Intrusion Detection System (IDS) typically follows a two-step process. First procedures include inspection of the configuration files of a system to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. In a second step, procedures are network-based and considered an active component; mechanisms are set in place to reenact known methods of attack and to record system responses. Incorrect Answers: B: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a routing vulnerability assessment. C: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a hostbased vulnerability assessment. D: A network-based vulnerability assessment is referred to as an active vulnerability assessment, not a passive vulnerability assessment. QUESTION 896 Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? A. B. C. D.

White-Box Penetration Testing Black-Box Pen Testing Penetration Testing Gray-Box Pen Testing

Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: In general there are three ways a pen tester can test a target system. White-Box: The tester has full access and is testing from inside the system. Gray-Box: The tester has some knowledge of the system he's testing. Black-Box: The tester has no knowledge of the system. Each of these forms of testing has different benefits and can test different aspects of the system from different approaches. Incorrect Answers: B: Black-Box Pen Testing: This is where no prior knowledge is given about the target network. Only a domain name or business name may be given to the analyst. This is not what is described in the question. C: The term “Penetration Testing” does not specify what type of penetration testing is being performed. D: With Gray-Box testing, the tester has some knowledge of the system he's testing. This is not what is described in the question. QUESTION 897 Which one of the following is NOT one of the outcomes of a vulnerability assessment? A. B. C. D.

Quantative loss assessment Qualitative loss assessment Formal approval of BCP scope and initiation document Defining critical support areas

Correct Answer: C Section: Security Assessment and Testing CISSP

Explanation Explanation/Reference: Explanation: Formal approval of BCP scope is not part of the vulnerability assessment. A vulnerability assessment identifies a wide range of vulnerabilities in the environment. Vulnerability assessments just find the vulnerabilities (the holes). A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Incorrect Answers: A: Quantifying losses is part of the vulnerability assessment. B: Prioritizing (qualifying) losses is part of the vulnerability assessment. D: Identifying critical vulnerabilities is part of the vulnerability assessment. References: https://en.wikipedia.org/wiki/Vulnerability_assessment QUESTION 898 Which of the following testing method examines internal structure or working of an application? A. B. C. D.

White-box testing Parallel Test Regression Testing Pilot Testing

Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: White-box testing is a method of testing software that tests internal structures or workings of an application, versus its functionality. White-box testing allows access to program source code, data structures, variables, etc. Incorrect Answers: B: Parallel Testing is the process of entering the same inputs in two different versions of the application and reporting the anomalies. C: Regression Testing is the process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. D: Pilot Testing is a preliminary test that focuses on specific and predefined aspect of a system. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 194 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1105 https://en.wikipedia.org/wiki/White-box_testing http://www.tutorialspoint.com/software_testing_dictionary/parallel_testing.htm http://soft-engineering.blogspot.co.za/2010/12/what-is-difference-between-pilot-and.html QUESTION 899 What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used. CISSP

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Poor password selection is frequently a major security problem for any system's security. Administrators should obtain and use password-guessing programs frequently to identify those users having easily guessed passwords. Because password-cracking programs are very CPU intensive and can slow the system on which it is running, it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation. Also, by doing the work on a non-networked machine, any results found will not be accessible by anyone unless they have physical access to that system. Out of the four choice presented above this is the best choice. However, in real life you would have strong password policies that enforce complexity requirements and does not let the user choose a simple or short password that can be easily cracked or guessed. That would be the best choice if it was one of the choices presented. Another issue with password cracking is one of privacy. Many password cracking tools can avoid this by only showing the password was cracked and not showing what the password actually is. It is masking the password being used from the person doing the cracking. Incorrect Answers: A: The password cracking program should not be on a networked computer. This is a security risk as someone could access the computer over the network. Furthermore, you should not run the password cracking program on the live password database. B: The password cracking program should not be on a networked computer. This is a security risk as someone could access the computer over the network. D: Whether or not a password-cracking program is unethical depends on why you are cracking the passwords. Cracking passwords as a test of password strength is a valid security test. QUESTION 900 Which of the following would best describe the difference between white-box testing and black-box testing? A. B. C. D.

White-box testing is performed by an independent programmer team. Black-box testing uses the bottom-up approach. White-box testing examines the program internal logical structure. Black-box testing involves the business units

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: White box software testing gives the tester access to program source code, data structures, variables, etc. White box testing gives the tester access to the internal logical structure of the program, while black box testing gives the tester no internal details: The software is treated as a black box that receives inputs. Incorrect Answers: A: White-box testing can be performed by any programmer who has access the source code. B: Black-box testing just hides the internal details of the program. Black-box testing does not use either a bottom-up, or top down approach. D: Black-box testing is blind to business units, as it has not access to any internal details of the program. References: CISSP

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 194 QUESTION 901 Who should measure the effectiveness of Information System security related controls in an organization? A. B. C. D.

The local security specialist The business manager The systems auditor The central security manager

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: The function of the auditor is to come around periodically and make sure you are doing what you are supposed to be doing. They ensure the correct controls are in place and are being maintained securely. The goal of the auditor is to make sure the organization complies with its own policies and the applicable laws and regulations. Organizations can have internal auditors and/or external auditors. The external auditors commonly work on behalf of a regulatory body to make sure compliance is being met. CobiT is a model that most information security auditors follow when evaluating a security program. The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. Incorrect Answers: A: A local security specialist could be hired to measure the effectiveness of Information System security related controls in an organization. However, in doing so, the local security specialist would be performing the role of systems auditor. B: The business manager does not measure the effectiveness of Information System security related controls in an organization. D: The central security manager could measure the effectiveness of Information System security related controls in an organization. However, in doing so, central security manager would be performing the role of systems auditor. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 55, 125 QUESTION 902 Which must bear the primary responsibility for determining the level of protection needed for information systems resources? A. B. C. D.

IS security specialists Senior Management Senior security analysts systems Auditors

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Computers and the information processed on them usually have a direct relationship with a company’s critical missions and objectives. Because of this level of importance, senior management should make protecting CISSP

these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible. For a company’s security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent. Incorrect Answers: A: IS security specialists may be the ones who implement the security measures; however, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. C: Senior security analysts may be the ones who determine how to implement the security measures; however, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. D: Systems Auditors ensure the appropriate security controls are in place. However, they do not bear the primary responsibility for determining the level of protection needed for information systems resources. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 101 QUESTION 903 Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed? A. B. C. D.

EAL 3 EAL 4 EAL 5 EAL 6

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Under the Common Criteria model, an evaluation is carried out on a product and it is assigned an Evaluation Assurance Level (EAL). The thorough and stringent testing increases in detailed-oriented tasks as the assurance levels increase. The Common Criteria has seven assurance levels. The range is from EAL1, where functionality testing takes place, to EAL7, where thorough testing is performed and the system design is verified. The different EAL packages are listed next: EAL1 Functionally tested EAL2 Structurally tested EAL3 Methodically tested and checked EAL4 Methodically designed, tested, and reviewed EAL5 Semi-formally designed and tested EAL6 Semi-formally verified design and tested EAL7 Formally verified design and tested Incorrect Answers: A: EAL3 is ‘methodically tested and checked’, not ‘methodically designed, tested, and reviewed’. C: EAL5 is ‘semi-formally designed and tested, not ‘methodically designed, tested, and reviewed’. D: EAL6 is ‘semi-formally verified design and tested, not ‘methodically designed, tested, and reviewed’. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 402 QUESTION 904 Which Orange Book evaluation level is described as "Verified Design"? A. A1.

CISSP

B. B3. C. B2. D. B1. Correct Answer: A Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Level A1 is “Verified Design”. A1: Verified Design: The architecture and protection features are not much different from systems that achieve a B3 rating, but the assurance of an A1 system is higher than a B3 system because of the formality in the way the A1 system was designed, the way the specifications were developed, and the level of detail in the verification techniques. Formal techniques are used to prove the equivalence between the TCB specifications and the security policy model. A more stringent change configuration is put in place with the development of an A1 system, and the overall design can be verified. In many cases, even the way in which the system is delivered to the customer is under scrutiny to ensure there is no way of compromising the system before it reaches its destination. The type of environment that would require A1 systems is the most secure of secured environments. This type of environment deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication, restrictions, and auditing. Incorrect Answers: B: Level B3 is “Security Domains”, not “Verified Design”. C: Level B2 is “Structured Protection”, not “Verified Design”. D: Level B1 is “Labeled Security”, not “Verified Design”. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 395-397 QUESTION 905 Which Orange Book evaluation level is described as "Structured Protection"? A. B. C. D.

A1 B3 B2 B1

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Level B2 is described as “Structured Protection”. B2: Structured Protection The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. CISSP

Incorrect Answers: A: Level A1 is “Verified Design”, not “Structured Protection”. B: Level B3 is “Security Domains”, not “Structured Protection”. D: Level B1 is “Labeled Security”, not “Structured Protection”. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 395-397 QUESTION 906 What can be BEST defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? A. B. C. D.

Risk management Risk analysis Threat analysis Due diligence

Correct Answer: C Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Threat analysis is defined as the examination of threat-sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. Incorrect Answers: A: Risk management is defined the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level. B: Risk analysis is defined as a method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards. D: Due diligence is the act of gathering the necessary information so the best decision-making activities can take place. QUESTION 907 In discretionary access environments, which of the following entities is authorized to grant information access to other people? A. B. C. D.

Manager Group Leader Security Manager Data Owner

Correct Answer: D Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Discretionary access control (DAC) enables data owners to dictate who has access to the files and resources owned by them. Incorrect Answers: A: In Discretionary Access Control (DAC) environments it is the data owner that is authorized to grant information access to other people, not the manager. B: In Discretionary Access Control (DAC) environments it is the data owner that is authorized to grant information access to other people, not the group leader. CISSP

C: In Discretionary Access Control (DAC) environments it is the data owner that is authorized to grant information access to other people, not the security manager. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 220 QUESTION 908 What is the most effective means of determining that controls are functioning properly within an operating system? A. B. C. D.

Interview with computer operator Review of software control features and/or parameters Review of operating system manual Interview with product vendor

Correct Answer: B Section: Security Assessment and Testing Explanation Explanation/Reference: Explanation: Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging. Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system's integrity. The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented. A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, misconfigurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment. Incorrect Answers: A: An interview with the computer operator is not an effective means of determining that controls are functioning properly within an operating system because the computer operator will not necessarily be aware of the detailed settings of the parameters. C: The operating system manual should provide information as to what settings can be used but will not give any hint as to how parameters are actually set. D: An interview with the product vendor is not an effective means of determining that controls are functioning properly within an operating system because the product vendor will not be aware of the detailed settings of the parameters. QUESTION 909 Operations Security seeks to PRIMARILY protect against which of the following? A. B. C. D.

object reuse facility disaster compromising emanations asset threats

Correct Answer: D Section: Security Operations Explanation

CISSP

Explanation/Reference: Explanation: Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. It also refers to the implementation of security controls for normal transaction processing, system administration tasks, and critical external support operations. These controls can include resolving software or hardware problems along with the proper maintenance of auditing and monitoring processes. Like the other domains, the Operations Security domain is concerned with triples — threats, vulnerabilities, and assets. A threat in the Operations Security domain can be defined as an event that could cause harm by violating the security. An example of an operations threat would be an operator’s abuse of privileges, thereby violating confidentiality. A vulnerability is defined as a weakness in a system that enables security to be violated. An example of an operations vulnerability would be a weak implementation of the separation of duties. An asset is considered anything that is a computing resource or ability, such as hardware, software, data, and personnel. Incorrect Answers: A: Object Reuse is the concept of reusing data storage media after its initial use. Object reuse is one type of risk. Preventing object reuse alone is not the primary purpose of Operations Security. B: Operations Security seeks to primarily protect against all types of asset threats. It does not seek to primarily protect against a single threat such as a facility disaster. C: Operations Security does not seek to protect against a single threat such as compromising emanations. It protects all assets against all threats. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 302 QUESTION 910 The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. B. C. D.

Preventative control. Detective control Compensating control Corrective control

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The question states that you are looking at recorded events on closed-circuit TV camera. This is a detective control. The purpose of a detective control is to identify an incident’s activities after it took place. Examples or detective controls are cameras, logs, investigations and IDS. Incorrect Answers: A: Preventative controls are intended to avoid an incident from occurring. In this question, the event has occurred. Therefore, this answer is incorrect. C: Compensating control are controls that provide an alternative measure of control. This is not what is described in the question. Therefore, this answer is incorrect. D: Corrective controls fix components or systems after an incident has occurred. Watching camera footage does not fix anything. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30 QUESTION 911 CISSP

Which of the following questions is LESS likely to help in assessing identification and authentication controls? A. B. C. D.

Is a current list maintained and approved of authorized users and their access? Are passwords changed at least every ninety days or earlier if needed? Are inactive user identifications disabled after a specified period of time? Is there a process for reporting incidents?

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Identification and authentication controls ensure standard security practices are adhered to. These include maintaining a list of authorized users and their access, password expiration and disabling inactive user accounts. Incident reporting is not related to identification or authentication. Therefore, the question: “Is there a process for reporting incidents?” will not help in assessing identification and authentication controls. Incorrect Answers: A: Identification and authentication controls should include a maintained and approved list of authorized users and their access. Asking about this will help in assessing identification and authentication controls. B: Identification and authentication controls should include a password expiration policy to ensure passwords are changed on a regular basis. Asking about this will help in assessing identification and authentication controls. C: Identification and authentication controls should include inactive accounts being disabled. Asking about this will help in assessing identification and authentication controls. QUESTION 912 Which of the following is NOT an example of an operational control? A. B. C. D.

Backup and recovery Auditing Contingency planning Operations procedures

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: On the CISSP exam you can see control categories broken down into administrative, technical, and physical categories and the categories outlined by NIST, which are management, technical, and operational. You need to be familiar with both ways of categorizing control types. According to the NIST control categories, Auditing is in the Audit and Accountability Technical control group. Operational controls are controls over the hardware, the media used and the operators using these resources. Backup and recovery, contingency planning and operations procedures are operational controls. Incorrect Answers: A: Backup and recovery are listed under the Contingency Planning (CP) operational control group. C: Contingency planning is a NIST operational control group. D: Operations procedures are an example of an operational control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 58 http://infohost.nmt.edu/~sfs/Regs/sp800-53.pdf) CISSP

QUESTION 913 In what way can violation of clipping levels assist in violation tracking and analysis? A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Companies can set predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised. This baseline is referred to as a clipping level. Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of such data. To make a violation listing effective, a clipping level must be established. Any violations recorded after the clipping level threshold is reached can be used to assist in violation tracking and analysis. Incorrect Answers: B: Clipping levels do not enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. You would not record ONLY security relevant violations; when the number of violations reaches a defined threshold (the clipping level), all further violations would be recorded. C: Clipping levels do not enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. All violations (after the clipping level has been reached) are recorded whether the user is a normal user or a privileged user. D: Clipping levels do not enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations. This is not the function of clipping levels. QUESTION 914 Which of the following control helps to identify an incident’s activities and potentially an intruder? A. B. C. D.

Deterrent Preventive Detective Compensating

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Detective control is an access control type that is effective during and after an attack. It is used to record and analyze the events of a breach to expose the source and target of the attack, the vulnerability targeted, and the specific tools and methodology used to commit the attack.

CISSP

Incorrect Answers: A: Deterrent controls discourage users from performing actions on a system. B: Preventive controls stop actions from taking place. D: A compensating control is an added security control put in place to counteract weaknesses in other controls. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 27, 28 QUESTION 915 Which of the following is NOT an example of preventive control? A. B. C. D.

Physical access control like locks and door User login screen which allows only authorize user to access website Encrypt the data so that only authorize user can view the same Duplicate checking of a calculation

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Preventive Access Controls are intended to prevent an incident from occurring. Duplicate checking of a calculation is not an example of a preventive control. Physical access control like locks and doors are an example of preventive/physical controls. These measures are intended to restrict the physical access to areas with systems holding sensitive information. A user login screen which allows only authorized users to access a website is an example of preventive/ technical control. The preventive/technical pairing uses technology to enforce access control policies. These technical controls are also known as logical controls and can be built into the operating system, be software applications, or can be supplemental hardware/software units. Encrypting the data so that only authorized users can view it is another example of preventive/technical control. The preventive/technical pairing uses technology to enforce access control policies. Some typical preventive/ technical controls are protocols, encryption, smart cards, biometrics (for authentication), local and remote access control software packages, call-back systems, passwords, constrained user interfaces, menus, shells, database views, limited keypads, and virus scanning software. Incorrect Answers: A: Physical access control like locks and doors are an example of preventive controls. B: A user login screen which allows only authorized users to access a website is an example of preventive control. C: Encrypting the data so that only authorized users can view it is an example of preventive control. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 49 QUESTION 916 Which of the following is NOT an example of a detective control? A. B. C. D.

System Monitor IDS Motion detector Backup data restore

Correct Answer: D Section: Security Operations Explanation CISSP

Explanation/Reference: Explanation: Backup data restore is a Recovery/Technical control. Incorrect Answers: A, B, C: Detective controls include Motion detectors, Closed-circuit TVs, Monitoring and Supervising, Job rotation, Investigations, Audit logs, and IDS. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 32, 33 QUESTION 917 When attempting to establish liability, which of the following would be described as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation? A. B. C. D.

Due care Due concern Due diligence Due practice

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence." EXAM TIP: The Due Diligence refers to the steps taken to identify risks that exist within the environment. This is based on best practices, standards such as ISO 27001, ISO 17799, and other consensus. The first letter of the word Due and the word Diligence should remind you of this. The two letters are DD = Do Detect. In the case of due care, it is the actions that you have taken (implementing, designing, enforcing, updating) to reduce the risks identified and keep them at an acceptable level. The same apply here, the first letters of the work Due and the work Care are DC. Which should remind you that DC = Do correct. Incorrect Answers: B: Due concern is not a valid answer. Due Care is what is described in the question. C: Due diligence is performing reasonable examination and research before committing to a course of action. Basically, "look before you leap." In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be "haphazard" or "not doing your homework." This is not what is described in the question. D: Due practice is not a valid answer. Due Care is what is described in the question. QUESTION 918 Which of the following is NOT a critical security aspect of Operations Controls? A. B. C. D.

Controls over hardware. Data media used. Operators using resources. Environmental controls.

Correct Answer: D Section: Security Operations CISSP

Explanation Explanation/Reference: Explanation: While it is important that environmental concerns are addressed they are part of the Physical Security Domain. The Operations Security domain is concerned with the controls that are used to protect hardware, software, and media resources from the following: Threats in an operating environment Internal or external intruders Operators who are inappropriately accessing resources Incorrect Answers: A: Controls over hardware are a critical security aspect of Operations Controls. B: Controls over the data media used are a critical security aspect of Operations Controls. C: Controls over the operators using resources are a critical security aspect of Operations Controls. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 207 QUESTION 919 Which of the following is required in order to provide accountability? A. B. C. D.

Authentication Integrity Confidentiality Audit trails

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Accountability is another facet of access control. Individuals on a system are responsible for their actions. This accountability property enables system activities to be traced to the proper individuals. Accountability is supported by audit trails that record events on the system and network. Audit trails can be used for intrusion detection and for the reconstruction of past events. Monitoring individual activities, such as keystroke monitoring, should be accomplished in accordance with the company policy and appropriate laws. Banners at the log-on time should notify the user of any monitoring that is being conducted. Incorrect Answers: A: Authentication is proof that a user is who they say they are. This is important in accountability. However, you also need to be able to monitor that user’s actions. This is provided by audit trails. B: Integrity ensures that data is consistent and not modified. This does not provide accountability. C: Confidentiality attempts to prevent the intentional or unintentional unauthorized disclosure of data. This does not provide accountability. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 72 QUESTION 920 Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks

CISSP

C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Pattern matching and anomaly detection analysis activities do not work with packets. Incorrect Answers: A: Anomaly detection collects data on normal activities. This produces data. B: A pattern matching IDS uses a signature database and attempts to match all monitored events to its contents. It can only detect known attacks that are present in the database. D: Anomaly detection collects data on normal activities. Once it has accumulated enough data about normal activity, it can detect abnormal and possible malicious activities and events. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56 QUESTION 921 Which of the following is NOT a characteristic of a host-based intrusion detection system? A. B. C. D.

A HIDS does not consume large amounts of system resources A HIDS can analyze system logs, processes and resources A HIDS looks for unauthorized changes to the system A HIDS can notify system administrators when unusual events are identified

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: HIDS constantly monitors the system. This can consume quite a few resources. Incorrect Answers: B: A HIDS might look at the state of a system, its stored information, whether in RAM, in the file system, log files or elsewhere; and check that the contents of these appear as expected, e.g. have not been changed by intruders. C: HIDS detects unauthorized changes to the system. D: When a HIDS detect an anomaly it typically alerts the system administrator of the intrusion. References: https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system QUESTION 922 Which of the following best describes signature-based detection? A. Compare source code, looking for events or sets of events that could cause damage to a system or network. B. Compare system activity for the behavior patterns of new attacks. C. Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.

CISSP

D. Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack. Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Models of how the attacks are carried out are developed and called signatures. Each identified attack has a signature, which is used to detect an attack in progress or determine if one has occurred within the network. Any action that is not recognized as an attack is considered acceptable. Incorrect Answers: A: Signature-based detection checks activities and events. It does check source codes. B: Signature-based detection checks for patterns of old known attacks. It does not check for new unknown patterns of attacks. D: Signature-based detection monitors activities and events, not objects. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 257 QUESTION 923 Which of the following questions is LEAST likely to help in assessing controls covering audit trails? A. B. C. D.

Does the audit trail provide a trace of user actions? Are incidents monitored and tracked until resolved? Is access to online logs strictly controlled? Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Audit trails maintain a record of system activity by system or application processes and by user activity. In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems. Audit trail controls are considered technical controls. Monitoring and tracking of incidents is more an operational control related to incident response capability. Therefore, asking if incidents monitored and tracked until resolved will not help in assessing controls covering audit trails. Incorrect Answers: A: An audit trail should provide a trace of user actions. Asking about this will help in assessing controls covering audit trails. C: Access to online logs should be strictly controlled. Asking about this will help in assessing controls covering audit trails. D: There should be separation of duties between security personnel who administer the access control function and those who administer the audit trail. Asking about this will help in assessing controls covering audit trails. QUESTION 924 What IDS approach relies on a database of known attacks? A. Signature-based intrusion detection B. Statistical anomaly-based intrusion detection

CISSP

C. Behavior-based intrusion detection D. Network-based intrusion detection Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A signature based IDS monitors packets and compares them against a database of signatures or attributes from known malicious threats. Incorrect Answers: B: An IDS which is anomaly based monitors network traffic and compares it against an established baseline, which identifies what is “normal” for that network, and the alerts the relevant party when traffic is detected which is significantly different to the baseline. C: A statistical anomaly–based IDS is a behavioral-based system, which does not relies on a database of known attacks. D: On-line network-based IDS monitors network traffic in real time and it analyses the Ethernet packet and applies it on the same rules to decide if it is an attack or not. References: https://en.wikipedia.org/wiki/Intrusion_detection_system Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 258 QUESTION 925 An Intrusion Detection System (IDS) is what type of control? A. B. C. D.

A preventive control. A detective control. A recovery control. A directive control.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Detective controls include Motion detectors, Closed-circuit TVs, Monitoring and Supervising, Job rotation, Investigations, Audit logs, and IDS. Incorrect Answers: A: Preventive controls include Locks, Badge system, Security guard, Security policy, Testing, ACLs, Encryption, and Smart cards. C: Recovery controls include Offsite facility, and Data backup. D: Directive controls, which are also known as administrative controls, include Security policy, Monitoring and Supervising, Separation of duties, Job rotation, Information Classification, Personnel Procedures, Testing, and Security-awareness training. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 32, 33 QUESTION 926 Which of the following is most appropriate to notify an external user that session monitoring is being conducted? A. Logon Banners B. Wall poster CISSP

C. Employee Handbook D. Written agreement Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Logon banners should be used to notify an external user that session monitoring is being conducted. This provides legal protection for the company. A logon banner is text that appears on the computer screen when a user logs in to a system. By using a logon banner, the user cannot claim that he or she did not know that their session was being monitored. B: A wall poster is not the most appropriate to notify an external user that session monitoring is being conducted. The user is external so he or she would not be able to see the poster. C: An employee handbook is not the most appropriate to notify an external user that session monitoring is being conducted. The external user would not have access to the employee handbook. D: A written agreement is not the most appropriate to notify an external user that session monitoring is being conducted. The user is external so he or she would not be able to read a written agreement. QUESTION 927 What is the essential difference between a self-audit and an independent audit? A. B. C. D.

Tools used Results Objectivity Competence

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: To maintain operational assurance, organizations use two basic methods: system audits and monitoring. Monitoring refers to an ongoing activity whereas audits are one-time or periodic events and can be either internal or external. The essential difference between a self-audit and an independent audit is objectivity, thus indirectly affecting the results of the audit. Incorrect Answers: A: Internal and external auditors can use the same tools. B: Internal and external auditors should return the same results. However, the objectivity of an independent audit may return more comprehensive results. D: Internal and external auditors should have the same level of competence. QUESTION 928 Which of the following is NOT a form of detective technical control? A. B. C. D.

Audit trails Access control software Honeypot Intrusion detection system

Correct Answer: B Section: Security Operations Explanation CISSP

Explanation/Reference: Explanation: Access control software is an example of a preventive/technical control, not a detective/technical control. By combining preventive and detective controls, types with the administrative, technical (logical), and physical means of implementation, the following pairings are obtained: Preventive/administrative Preventive/technical Preventive/physical Detective/administrative Detective/technical Detective/physical The detective/technical control measures are intended to reveal the violations of security policy using technical means. These measures include intrusion detection systems and automatically-generated violation reports from audit trail information. These reports can indicate variations from “normal” operation or detect known signatures of unauthorized access episodes. A honeypot is a system designed with the purpose of being attacked so that the attack can be monitored and the attack techniques noted. This is another example of a detective technical control. Incorrect Answers: A: Audit trails are an example of a detective/technical control. C: A honeypot is an example of a detective/technical control. D: An intrusion detection system is an example of a detective/technical control. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, pp. 48-50 QUESTION 929 Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place? A. B. C. D.

Intrusion Detection System Compliance Validation System Intrusion Management System (IMS) Compliance Monitoring System

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: An intrusion detection system (IDS) monitors network or system activities for malicious activities or policy violations and generates reports to a management station. Incorrect Answers: B: Compliance Validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out. C: Intrusion Management System (IMS) is not a valid type of system with regards to this exam. D: Compliance Monitoring System is not a valid type of system with regards to this exam. References: https://en.wikipedia.org/wiki/Intrusion_detection_system http://searchcompliance.techtarget.com/definition/compliance-validation QUESTION 930 Which of the following monitors network traffic in real time? CISSP

A. B. C. D.

network-based IDS host-based IDS application-based IDS firewall-based IDS

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: On-line network-based IDS monitors network traffic in real time and it analyses the Ethernet packet and applies it on the same rules to decide if it is an attack or not. Incorrect Answers: B: A host-based intrusion detection system (HIDS) monitors and analyzes the internals of a computing system, as well as the network packets on its network interfaces in certain instances. C: An application-based IDS is designed to monitor a specific application. D: Firewalls are different to IDS because it looks outwardly for intrusions in order to stop them from happening. References: https://en.wikipedia.org/wiki/Intrusion_detection_system https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system QUESTION 931 A host-based IDS is resident on which of the following? A. B. C. D.

On each of the critical hosts decentralized hosts central hosts bastion hosts

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A host-based IDS (HIDS) is installed on individual workstations and/or servers to watch for inappropriate or anomalous activity. Incorrect Answers: B, C: A host-based IDS (HIDS) only monitors the workstations and/or servers it is installed on. D: A Bastion host is a special purpose computer on a network designed and configured specifically to resist attacks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 256 https://en.wikipedia.org/wiki/Bastion_host QUESTION 932 Which of the following usually provides reliable, real-time information without consuming network or host resources? A. network-based IDS B. host-based IDS

CISSP

C. application-based IDS D. firewall-based IDS Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: On-line network-based IDS monitors network traffic in real time and it analyses the Ethernet packet and applies it on the same rules to decide if it is an attack or not. Incorrect Answers: B: A host-based intrusion detection system (HIDS) monitors and analyzes the internals of a computing system, as well as the network packets on its network interfaces in certain instances. C: An application-based IDS is designed to monitor a specific application. D: Firewalls are different to IDS because it looks outwardly for intrusions in order to stop them from happening. References: https://en.wikipedia.org/wiki/Intrusion_detection_system https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system QUESTION 933 The fact that a network-based IDS reviews packets payload and headers enables which of the following? A. B. C. D.

Detection of denial of service Detection of all viruses Detection of data corruption Detection of all password guessing attacks

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit logs in order to determine if any violations of an organization’s security policy have taken place. An IDS can detect intrusions that have circumvented or passed through a firewall or are occurring within the local area network behind the firewall. A network-based IDS usually provides reliable, real-time information without consuming network or host resources. A network-based IDS is passive while it acquires data. Because a network-based IDS reviews packets and headers, denial of service attacks can also be detected. Furthermore, because this IDS is monitoring an attack in realtime, it can also respond to an attack in progress to limit damage. Incorrect Answers: B: A network-based IDS does not detect viruses. C: A network-based IDS does not detect data corruption. D: A network-based IDS does not detect all password guessing attacks. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 71 QUESTION 934 Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

CISSP

A. B. C. D.

host-based IDS firewall-based IDS bastion-based IDS server-based IDS

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A host-based intrusion detection system (HIDS) monitors and analyzes the internals of a computing system. This would include system and event logs. Incorrect Answers: A, B, C: These are not valid IDS types. References: https://en.wikipedia.org/wiki/Intrusion_detection_system https://en.wikipedia.org/wiki/Host-based_intrusion_detection_system QUESTION 935 What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)? A. B. C. D.

It can be very invasive to the host operating system Monitors all processes and activities on the host system only Virtually eliminates limits associated with encryption They have an increased level of visibility and control compared to NIDS

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Because the HIDS uses the resources of the host, it can be very invasive. Incorrect Answers: B, C, D: Advantages of HIDS includes: Monitoring of host local events (reveals attacks not detectable by NIDS). Works well even if traffic is encrypted. When it works on OS audit trails it can reveal Trojan Horse or other attacks to SW integrity. References: http://www.federica.unina.it/ingegneria/security-and-dependability-of-computer-systems/intrusion-detectionsystemarchitectures/ QUESTION 936 Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)? A. B. C. D.

signature-based IDS statistical anomaly-based IDS event-based IDS inference-based IDS

CISSP

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A signature based IDS monitors packets and compares them against a database of signatures or attributes from known malicious threats. Incorrect Answers: B: An IDS which is anomaly based monitors network traffic and compares it against an established baseline, which identifies what is “normal” for that network, and the alerts the relevant party when traffic is detected which is significantly different to the baseline. C, D: These are not valid IDS types. References: https://en.wikipedia.org/wiki/Intrusion_detection_system https://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_system QUESTION 937 Which of the following is an issue with signature-based intrusion detection systems? A. B. C. D.

Only previously identified attack signatures are detected. Signature databases must be augmented with inferential elements. It runs only on the windows operating system Hackers can circumvent signature evaluations.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit logs in order to determine if any violations of an organization’s security policy have taken place. An IDS can detect intrusions that have circumvented or passed through a firewall or are occurring within the local area network behind the firewall. In a signature-based ID, signatures or attributes, which characterize an attack, are stored for reference. Then, when data about events are acquired from host audit logs or from network packet monitoring, this data is compared with the attack signature database. If there is a match, a response is initiated. A weakness of this approach is the failure to characterize slow attacks that are extended over a long time period. To identify these types of attacks, large amounts of information must be held for extended time periods. Another issue with signature-based ID is that only attack signatures that are stored in their database are detected. Incorrect Answers: B: It is not true that signature databases must be augmented with inferential elements. C: It is not true that signature-based intrusion detection systems only run on the windows operating system. D: Hackers circumventing signature evaluations is not an issue with signature-based intrusion detection systems. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 71 QUESTION 938 Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

CISSP

A. B. C. D.

Statistical Anomaly-Based IDS Signature-Based IDS dynamical anomaly-based IDS inferential anomaly-based IDS

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: An IDS which is anomaly based monitors network traffic and compares it against an established baseline, which identifies what is “normal” for that network, and the alerts the relevant party when traffic is detected which is significantly different to the baseline. Incorrect Answers: B: A signature based IDS monitors packets and compares them against a database of signatures or attributes from known malicious threats. C: Dynamical anomaly-based IDS is not a valid IDS type. D: Inferential anomaly-based IDS is not a valid IDS type. References: https://en.wikipedia.org/wiki/Intrusion_detection_system https://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_system QUESTION 939 What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected. A. B. C. D.

Application Based Intrusion Detection Systems (AIDS) Network Based Intrusion Detection System (NIDS) Intrusion Prevention System (IPS) Host Based Intrusion Detection System (HIDS)

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: An IPS detects intrusive activity and also prevents the traffic from gaining access to the target. Incorrect Answers: A, B, D: Intrusion Detection Systems detect intrusive activity and generates an alert. It does not take action when a possible intrusion is detected. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 255-266 QUESTION 940 Detective/Technical measures: A. include intrusion detection systems and automatically-generated violation reports from audit trail information. B. do not include intrusion detection systems and automatically-generated violation reports from audit trail information. C. include intrusion detection systems but do not include automatically-generated violation reports from audit

CISSP

trail information. D. include intrusion detection systems and customized-generated violation reports from audit trail information. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The detective/technical control measures are intended to reveal the violations of security policy using technical means. These measures include intrusion detection systems and automatically-generated violation reports from audit trail information. These reports can indicate variations from “normal” operation or detect known signatures of unauthorized access episodes. Incorrect Answers: B: Detective/Technical measures DO include intrusion detection systems and automatically-generated violation reports from audit trail information. C: Detective/Technical measures DO include automatically-generated violation reports from audit trail information. D: Detective/Technical measures include automatically-generated violation reports, not customized-generated violation reports from audit trail information. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 50 QUESTION 941 Why would anomaly detection IDSs often generate a large number of false positives? A. B. C. D.

Because they can only identify correctly attacks they already know about. Because they are application-based are more subject to attacks. Because they can't identify abnormal behavior. Because normal patterns of user and system behavior can vary wildly.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: An Anomaly-Based Intrusion Detection System, is a system for detecting computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been created. In order to determine what is attack traffic, the system must be taught to recognize normal system activity. This can be accomplished in several ways, most often with artificial intelligence type techniques. Systems using neural networks have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known as strict anomaly detection. Anomaly-based Intrusion Detection does have some shortcomings, namely a high false-positive rate and the ability to be fooled by a correctly delivered attack. A cause of the high false-positive rate is that normal patterns of user and system behavior can vary wildly. Different people do things in different ways. These can appear as ‘anomalies’ to the IDS and generate a false positive. Incorrect Answers: A: It is not true that anomaly detection IDSs can only identify correctly attacks they already know about. This

CISSP

statement describes signature-based IDSs. B: It is not true that anomaly detection IDSs are application-based and are more subject to attacks. They can be hardware-based. Furthermore, hackers attack computer systems; they don’t attack IDSs. C: It is not true that anomaly detection IDSs cannot identify abnormal behavior; that’s exactly what they do. References: https://en.wikipedia.org/wiki/Anomaly-based_intrusion_detection_system QUESTION 942 Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port? A. B. C. D.

Allow the packet to be processed by the network and record the event Record selected information about the packets and drop the packets Resolve the destination address and process the packet Translate the source address and resend the packet

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: In this question, a land attack has been detected by the IDS. A reasonable response from the IDS would be to record selected information about the packets and drop the packets. Knowledge is accumulated by the IDS vendors about specific attacks and how they are carried out. Models of how the attacks are carried out are developed and called signatures. Each identified attack has a signature, which is used to detect an attack in progress or determine if one has occurred within the network. Any action that is not recognized as an attack is considered acceptable. An example of a signature is a packet that has the same source and destination IP address. All packets should have a different source and destination IP address, and if they have the same address, this means a Land attack is under way. In a Land attack, a hacker modifies the packet header so that when a receiving system responds to the sender, it is responding to its own address. Now that seems as though it should be benign enough, but vulnerable systems just do not have the programming code to know what to do in this situation, so they freeze or reboot. Incorrect Answers: A: A land attack is an old and well known attack so the IDS would know what it is. Knowing the packets are an attack, the IDS should not allow the packet to be processed by the network. C: When the IP source address and port is the same as the destination IP address and port, this is a land attack. It is not necessary to resolve the IP address and the packets should not be processed. D: When the IP source address and port is the same as the destination IP address and port, this is a land attack. The source address should not be translated and the packet should not be resent. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 257 http://searchsecurity.techtarget.com/answer/What-is-a-land-attack http://www.symantec.com/connect/articles/understanding-ids-active-response-mechanisms http://www.sans.org/security-resources/idfaq/active.php QUESTION 943 Which of the following BEST describes Configuration Management controls? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base.

CISSP

D. Auditing and controlling any changes to the Trusted Computing Base. Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to a particular system or equipment during its life cycle. In particular, as related to equipment used to process classified information, equipment can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). The Trusted Computer System Evaluation Criteria (TCSEC) requires all changes to the TCB for classes B2 through A1 be controlled by configuration management. Although the "rainbow series" documentation mostly relates to software controls for trusted computers, configuration management is not limited to only this function. Incorrect Answers: A: Configuration Management is not just the auditing of changes to the Trusted Computing Base; it also includes controlling any changes to the TCB. B: Configuration Management is not just the control of changes to the Trusted Computing Base; it also includes the auditing of changes to the TCB. C: Configuration Management is not defined as the control of changes in the configuration access to the Trusted Computing Base. References: http://surflibrary.org/ses/TEMPBOOK/CH6CONFGMGT.pdf QUESTION 944 You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course) What is it that you are likely seeing here? A. B. C. D.

A Honeypot An Ethernet Switch An IDS (Intrusion Detection System) A File Server

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A honeypot is a system that is setup to be easy to attack. This seems to be the case in this scenario. A honeypot system is a computer that usually sits in the screened subnet, or DMZ, and attempts to lure attackers to it instead of to actual production computers. To make a honeypot system lure attackers, administrators may enable services and ports that are popular to exploit. Incorrect Answers: B: A switch would not host vulnerable services. C: An Intrusion Detection System would not host vulnerable services. D: A file server could host vulnerable services. But it is more likely that the server was set up as honeypot as all other targets are setup in a secure manner.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 655 QUESTION 945 Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. B. C. D.

Key escrow Rotation of duties Principle of need-to-know Principle of least privilege

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Job rotations reduce the risk of collusion of activities between individuals. Companies with individuals working with sensitive information or systems where there might be the opportunity for personal gain through collusion can benefit by integrating job rotation with segregation of duties. Rotating the position may uncover activities that the individual is performing outside of the normal operating procedures, highlighting errors or fraudulent behavior. Rotation of duties is a method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task. Separation of duties is a basic control that prevents or detects errors and irregularities by assigning responsibility for different parts of critical tasks to separate individuals, thus limiting the effect a single person can have on a system. One individual should not have the capability to execute all of the steps of a particular process. This is especially important in critical business areas, where individuals may have greater access and capability to modify, delete, or add data to the system. Failure to separate duties could result in individuals embezzling money from the company without the involvement of others. Incorrect Answers: A: Key escrow is related to the protection of keys in storage by splitting the key in pieces that will be controlled by different departments. Key escrow is the process of ensuring a third party maintains a copy of a private key or key needed to decrypt information. Key escrow also should be considered mandatory for most organization’s use of cryptography as encrypted information belongs to the organization and not the individual; however often an individual’s key is used to encrypt the information. Key escrow will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes. C: The need-to-know principle specifies that a person must not only be cleared to access classified or other sensitive information, but have requirement for such information to carry out assigned job duties. Ordinary or limited user accounts are what most users are assigned. They should be restricted only to those privileges that are strictly required, following the principle of least privilege. Access should be limited to specific objects following the principle of need-to-know. The principle of need-to-know will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes. D: The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. Least privilege refers to granting users only the accesses that are required to perform their job functions. Some employees will require greater access than others based upon their job functions. For example, an individual performing data entry on a mainframe system may have no need for Internet access or the ability to run reports regarding the information that they are entering into the system. Conversely, a supervisor may have the need to run reports, but should not be provided the capability to change information in the database. The principle of least privilege will not interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes. QUESTION 946 Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel CISSP

B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Limiting the local access of operations personnel means that the operator will not be able to access the unauthorized data. Therefore, to gain access to the data, the operator would need to collude with someone who does have access to the data. Incorrect Answers: B: Job rotation (rotation of duties) is defined as the process of limiting the amount of time an operator is assigned to perform a security related task before being moved to a different task with a different security classification. This control lessens the opportunity for collusion between operators for fraudulent purposes. However, the job the operator is currently performing does not necessarily mean that the operator cannot access the unauthorized data. This can only be assured by limiting the local access of operations personnel. C: Management monitoring of audit logs is a detective control. It would not affect what data an operator has access to so it would have no effect on whether collusion would be required in order to gain access to unauthorized data. D: Enforcing regular password changes does not affect what data an operator has access to so it would have no effect on whether collusion would be required in order to gain access to unauthorized data. QUESTION 947 Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. B. C. D.

A trusted path A protection domain A covert channel A maintenance hook

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms. Covert channels are a secret way to convey information. Covert channels are addressed from TCSEC level B2. Incorrect Answers: A: A trusted path is the protected channel that allows a user to access the Trusted Computing Base (TCB) without being compromised by other processes or users. This is not what is described in the question. B: A protection domain consists of the execution and memory space assigned to each process. This is not what is described in the question. C: A maintenance hook is a hardware or software mechanism that was installed to permit system maintenance and to bypass the system's security protections. This is not what is described in the question. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 219 QUESTION 948 CISSP

Which of the following are the two commonly defined types of covert channels? A. B. C. D.

Storage and Timing Software and Timing Storage and Kernel Kernel and Timing

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. Covert channels are of two types: storage and timing. A covert storage channel involves direct or indirect reading of a storage location by another process. A covert timing channel depends upon being able to influence the rate that some other process is able to acquire resources, such as the CPU. A covert storage channel is a “covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g. sectors on a disk) that is shared by two subjects at different security levels. A covert timing channel is a “covert channel in which one process signals information to another by modulating its own use of system resources (e.g. CPU time) in such a way that this manipulation affects the real response time observed by the second process Incorrect Answers: B: Software and Timing are not defined types of covert channels. C: Kernel is not a defined type of covert channel. D: Kernel is not a defined type of covert channel. References: http://www.isg.rhul.ac.uk/~prai175/ISGStudentSem07/CovertChannels.ppt Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 378-379 QUESTION 949 Which of the following is NOT a component of an Operations Security "triples"? A. B. C. D.

Asset Threat Vulnerability Risk

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The term operations security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. Like the other domains, the Operations Security domain is concerned with triples: threats, vulnerabilities, and assets. We will now look at what constitutes a triple in the Operations Security domain: A threat in the Operations Security domain can be defined as the presence of any potential event that could cause harm by violating security. An example of an operations threat is an operator’s abuse of privileges that violates confidentiality. CISSP

A vulnerability is defined as a weakness in a system that enables security to be violated. An example of an operations vulnerability is a weak implementation of the separation of duties. An asset is considered anything that is a computing resource or ability, such as hardware, software, data, and personnel. ‘Risk’ is not a component of the Operations Security "triples”. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 216 Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 302 QUESTION 950 Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. B. C. D.

Detective Controls Preventative Controls Corrective Controls Directive Controls

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Preventative Controls. In the Operations Security domain, preventative controls are designed to achieve two things — to lower the amount and impact of unintentional errors that are entering the system, and to prevent unauthorized intruders from internally or externally accessing the system. An example of these controls might be pre-numbered forms, or a data validation and review procedure to prevent duplications. Incorrect Answers: A: Detective controls are used to detect an error once it has occurred; they do not prevent unauthorized intruders from internally or externally accessing the system. C: Corrective controls are implemented to help mitigate the impact of a loss event through data recovery procedures. They do not prevent unauthorized intruders from internally or externally accessing the system. D: Directive controls are administrative instruments such as policies, procedures, guidelines, and agreements. They do not prevent unauthorized intruders from internally or externally accessing the system. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 217. QUESTION 951 This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? A. B. C. D.

Processing Controls Output Controls Input Controls Input/Output Controls

Correct Answer: C Section: Security Operations Explanation CISSP

Explanation/Reference: Explanation: Transaction controls are used to provide control over the various stages of a transaction — from initiation, to output, through testing and change control. Input Controls are a type of transaction control. Input controls are used to ensure that transactions are properly input into the system only once. Elements of input controls may include counting the data and timestamping it with the date it was entered or edited. Incorrect Answers: A: Processing controls are used to guarantee that transactions are valid and accurate and that wrong entries are reprocessed correctly and promptly. This is not what is described in the question. B: Output controls are used for two things — for protecting the confidentiality of an output, and for verifying the integrity of an output by comparing the input transaction with the output data. Elements of proper output controls would involve ensuring the output reaches the proper users, restricting access to the printed output storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output, and printing “no output” banners when a report is empty. This is not what is described in the question. D: Input/Output Controls are not a defined control type. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 303 QUESTION 952 Configuration Management is a requirement for the following level(s) of the Orange Book? A. B. C. D.

B3 and A1 B1, B2 and B3 A1 B2, B3, and A1

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Configuration Management is a requirement only for B2, B3, and A1. Configuration management consists of identifying, controlling, accounting for, and auditing all changes made to a particular system or equipment during its life cycle. In particular, as related to equipment used to process classified information, equipment can be identified in categories of COMSEC, TEMPEST, or as a Trusted Computer Base (TCB). The Trusted Computer System Evaluation Criteria (TCSEC) requires all changes to the TCB for classes B2 through A1 be controlled by configuration management. Incorrect Answers: A: Configuration Management is also a requirement in level B2. B: Configuration Management is not a requirement in level B1. Furthermore, Configuration Management is also a requirement in level A1. C: Configuration Management is a requirement in levels B2 and B3. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 223 http://surflibrary.org/ses/TEMPBOOK/CH6CONFGMGT.pdf Page 6-1 QUESTION 953 You work in a police department forensics lab where you examine computers for evidence of crimes. Your work CISSP

is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten? A. B. C. D.

Chain of custody Locking the laptop in your desk Making a disk image for examination Cracking the admin password with chntpw

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: By leaving the laptop, which contains unique data, unguarded, you cannot guarantee that the data on it remain untampered. This breaks the chain of custody. When evidence is seized, it is important to make sure a proper chain of custody is maintained to ensure any data collected can later be properly and accurately represented in case it needs to be used for later events such as criminal proceedings or a successful prosecution. Incorrect Answers: B: Locking the desktop to the desktop would not protect the data on it from being changed. C: It is a good idea to make a disk image of the Laptop, but the critical step here is to ensure that the laptop is preserved. By leaving it alone the chain of custody is broken. D: Cracking the admin password is not vital for the forensic investigation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 248 QUESTION 954 Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions? A. B. C. D.

C2 B1 B2 B3

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The Security Administrator role is defined only at level B3 (and A1). It requires the system to clearly identify functions of security administrator to perform security-related functions. Incorrect Answers: A: Level C2 does not require the system to clearly identify functions of the security administrator to perform security-related functions. B: Level B1 does not require the system to clearly identify functions of the security administrator to perform security-related functions. C: Level B2 does not require the system to clearly identify functions of the security administrator to perform security-related functions. CISSP

References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 308 QUESTION 955 Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if: A. B. C. D.

The company is not a multi-national company. They have not exercised due care protecting computing resources. They have failed to properly insure computer resources against loss. The company does not prosecute the hacker that caused the breach.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Due care and due diligence are comparable to the “prudent person” concept. A prudent person is seen as responsible, careful, cautious, and practical, and a company practicing due care and due diligence is seen in the same light. Incorrect Answers: A: Culpable negligence is not in reference to a multi-national company. Culpable negligence is related to lack of due care. C: Culpable negligence is not in reference to a computer resources loss. Culpable negligence is related to lack of due care. D: Culpable negligence is not due to a failure to prosecute a hacker who has caused a breach. Culpable negligence is related to lack of due care. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1234 QUESTION 956 The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: A. B. C. D.

alteration investigation entrapment enticement

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Enticement is the act of luring an intruder and is legal. Incorrect Answers: A: There is no alteration here. The intruder is lured. B: There is no alteration here. The intruder is lured. C: Entrapment induces a crime, tricks a person, and is illegal. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1068 QUESTION 957 In Operations Security trusted paths provide: A. B. C. D.

trustworthy integration into integrity functions. trusted access to unsecure paths. trustworthy interfaces into privileged user functions. trustworthy interfaces into privileged MTBF functions.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: "Trusted paths provide trustworthy interfaces into privileged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted." The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the system’s security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. A trusted path is a communication channel between the user, or program, and the TCB. The TCB provides protection resources to ensure this channel cannot be compromised in any way. Incorrect Answers: A: Trusted paths do not provide trustworthy integration into integrity functions; this is not the correct definition of a trusted path. B: Trusted paths do not provide trusted access to unsecure paths; this is not the correct definition of a trusted path. A trusted path provides a secure path so that a user can access the TCB without being compromised by other processes or users. D: MTBF stands for Mean Time Between Failures. This has nothing to do with trusted path. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 359-360 QUESTION 958 According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? A. B. C. D.

A1 B1 B2 B3

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and CISSP

no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: A: Separate operator and system administrator roles are required at level A1. However, they are also required at the lower level of B2. B: Separate operator and system administrator roles are not required at level B1. D: Separate operator and system administrator roles are required at level B3. However, they are also required at the lower level of B2. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 396 QUESTION 959 Which element must computer evidence have to be admissible in court? A. B. C. D.

It must be relevant. It must be annotated. It must be printed. It must contain source code.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: For evidence to be admissible in court, it needs to be relevant, sufficient, and reliable. Incorrect Answers: B: Evidence does not need to be annotated to be admissible in court. C: Evidence does not need to be printed to be admissible in court. D: Evidence does not need to contain source code to be admissible in court. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1068 QUESTION 960 Which of the following is NOT a preventive operational control? A. B. C. D.

Protecting laptops, personal computers and workstations. Controlling software viruses. Controlling data media access and disposal. Conducting security awareness and technical training.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behavior and their responsibilities in protecting the organization's mission is an example of a CISSP

preventive management control, therefore not an operational control. Incorrect Answers: A: Protecting laptops, personal computers and workstations is an example of a preventive operational control. B: Controlling software viruses is an example of a preventive operational control. C: Controlling data media access and disposal is an example of a preventive operational control. QUESTION 961 Which of the following questions is LESS likely to help in assessing controls over hardware and software maintenance? A. Is access to all program libraries restricted and controlled? B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions? C. Is there version control? D. Are system components tested, documented, and approved prior to promotion to production? Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Hardware and software maintenance access controls are used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls. Incorrect Answers: A: Restricting and controlling access to all program libraries is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance. C: Version control is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance. D: Testing, documenting and approval of system components is part of controlling hardware and software maintenance. Asking about this will help in assessing controls over hardware and software maintenance. QUESTION 962 The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria which are often called the five rules of evidence: A. B. C. D.

It has to be encrypted, accurate, complete, convincing, and Admissible. It has to be authentic, hashed, complete, convincing, and Admissible. It has to be authentic, accurate, complete, convincing, and auditable. It has to be authentic, accurate, complete, convincing, and Admissible.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The Five Rules for Evidence are Admissible, Authentic, Complete, Accurate, and Convincing. Incorrect Answers: A: Encrypted is not included in the Five Rules for Evidence. B: Hashed is not included in the Five Rules for Evidence. C: Auditable is not included in the Five Rules for Evidence.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1053 QUESTION 963 Another example of Computer Incident Response Team (CIRT) activities is: A. B. C. D.

Management of the netware logs, including collection, retention, review, and analysis of data Management of the network logs, including collection and analysis of data Management of the network logs, including review and analysis of data Management of the network logs, including collection, retention, review, and analysis of data

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The network logs contain information which can give clues on computer incidents that have occurred. This information must be collected, saved for future use (retained), reviewed, and analyzed. These activities related to handling incidents are the responsibility of the Computer Incident Response Team. Incorrect Answers: A: Data in the network logs, not the netware logs, contain information related to network incidents. B: Data must be kept and reviewed. C: Data must be collected and kept. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1034 QUESTION 964 Who is responsible for initiating corrective measures and capabilities used when there are security violations? A. B. C. D.

Information systems auditor Security administrator Management Data owners

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Management is responsible for initiating corrective measures and capabilities used when there are security violations. Incorrect Answers: A: The Information systems auditor ensures that the correct controls are in place and are being maintained securely. The information systems auditor is not responsible for initiating corrective measures and capabilities used when there are security violations. B: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. These controls commonly include firewalls, IDS, IPS, antimalware, security proxies, data loss prevention, etc. The security administrator is not responsible for initiating corrective measures and capabilities used when there are security violations. D: The data owner decides upon the classification of the data she is responsible for. The data owner is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria. The data owner is not responsible for initiating corrective CISSP

measures and capabilities used when there are security violations. References: https://quizlet.com/31878633/cissp-domain-1-information-security-governance-and-risk-management-flashcards/ Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 121-125 QUESTION 965 In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. B. C. D.

Recovery Containment Triage Analysis and tracking

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Root cause analysis, which is part of analysis and tracking steps, is an intensive process to determine why something happened and how to prevent it in the future. Incorrect Answers: A: Recovery does not include finding the cause of the problem. B: A proper containment strategy buys the incident response team time for a proper investigation and determination of the incident’s root cause, but the containment step does not include finding the root cause. C: Triage would be the first step, prior to finding the root cause of the problem, and includes estimating the severity of the incident. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1039 QUESTION 966 In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. B. C. D.

Recovery Containment Triage Analysis and tracking

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The analysis stage of the incident response procedure deals with the gathering of additional data to try and figure out the root cause of the incident. Tracking can take place in parallel with the analysis and examination, and deals with determining whether the source of the incident was internal or external and how the offender infiltrated and gained access to the asset. Incorrect Answers: A: The recovery stage of the incident response procedure deals with the implementation of the required solution to make sure that this type of incident cannot recur. CISSP

B: The containment stage of the incident response procedure deals with isolating the incident based on the category of the attack, the assets affected by the incident, and the criticality of those assets. C: The triage stage of the incident response procedure deals with determining whether the reported event is an incident and whether the incident-handling process should be started. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 1037-1040 QUESTION 967 Which type of control is concerned with restoring controls? A. B. C. D.

Compensating controls Corrective controls Detective controls Preventive controls

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Corrective controls are used to restore systems after an incident has occurred. The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating. The six different control functionalities are as follows: Deterrent: Intended to discourage a potential attacker Preventive: Intended to avoid an incident from occurring Corrective: Fixes components or systems after an incident has occurred Recovery: Intended to bring the environment back to regular operations Detective: Helps identify an incident’s activities and potentially an intruder Compensating: Controls that provide an alternative measure of control Incorrect Answers: A: Compensating controls provide an alternative measure of control. They are not used to restore systems after an incident. C: Detective controls are used to discover harmful occurrences. They are not used to restore systems after an incident. D: Preventive controls are used to avoid an incident from occurring. They are not used to restore systems after an incident. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30 QUESTION 968 When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as: A. B. C. D.

Dual Control Need to know Separation of duties Segregation of duties

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: CISSP

Explanation: PCI DSS defines Dual Control as below: Dual Control: Process of using two or more separate entities (usually persons) operating in concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance, loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities. (See also Split Knowledge). Split knowledge: Condition in which two or more entities separately have key components that individually convey no knowledge of the resultant cryptographic key. Incorrect Answers: B: The term "need to know", when used by government and other organizations (particularly those related to the military), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, unless one has a specific need to know; that is, access to the information must be necessary for the conduct of one's official duties. As with most security mechanisms, the aim is to make it difficult for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of sensitive material by limiting access to the smallest possible number of people. This is not what is described in the question. C: Separation of duties is the practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to subvert the process. This is not what is described in the question. D: Segregation of Duties address the splitting of various functions within a process to different users so that it will not create an opportunity for a single user to perform conflicting tasks. This is not what is described in the question. References: https://www.pcisecuritystandards.org/security_standards/glossary.php QUESTION 969 Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. B. C. D.

Incident Evaluation Incident Recognition Incident Protection Incident Response

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Incident Response includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident’s effects. Incorrect Answers: A: Incident Evaluation is the process that would be performed by the “appropriate parties” to determine the extent of the severity of an incident. Incident Evaluation is not the process of notifying the appropriate parties about the incident. B: Incident Recognition is the initial realization that an incident has occurred. After an incident is recognized, the appropriate parties should be notified about the incident. Incident Recognition is not the process of notifying the appropriate parties about the incident. C: Incident Protection is not a defined incident management process. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 187

CISSP

QUESTION 970 An Intrusion Detection System (IDS) is what type of control? A. B. C. D.

A preventive control. A detective control. A recovery control. A directive control.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Detective controls can be used to investigate what happened after an incident. Your IDS may collect information on where the attack came from, what port was used, and other details that could be used in the investigation steps. Incorrect Answers: A: "Preventative control" is incorrect. Preventative controls preclude events or actions that might compromise a system or cause a policy violation. An intrusion prevention system would be an example of a preventative control. C: "Recovery control" is incorrect. Recover controls include processes used to return the system to a secure state after the occurrence of a security incident. Backups and redundant components are examples of recovery controls. D: "Directive controls" is incorrect. Directive controls are administrative instruments such as policies, procedures, guidelines, and agreements. An acceptable use policy is an example of a directive control. QUESTION 971 How would nonrepudiation be BEST classified as? A. B. C. D.

A preventive control A logical control A corrective control A compensating control

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. For example, if a user sends a message and then later claims he did not send it, this is an act of repudiation. When a cryptography mechanism provides nonrepudiation, the sender cannot later deny he sent the message (well, he can try to deny it, but the cryptosystem proves otherwise). It’s a way of keeping the sender honest. Nonrepudiation is a preventive control – it prevents someone having the ability to deny something. Incorrect Answers: B: Logical controls (also called technical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. Nonrepudiation is not a logical control. C: Corrective controls are used to restore systems after an attack or other harmful occurrence. Nonrepudiation is not a corrective control. D: Compensating controls are used to provide an alternative measure of control. Nonrepudiation is not a compensating control.

CISSP

References: http://searchsecurity.techtarget.com/definition/nonrepudiation Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 770 QUESTION 972 Which of the following is NOT a preventive login control? A. B. C. D.

Last login message Password aging Minimum password length Account expiration

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Password management and account management are preventive login controls. Password aging determines how long a password can be used for before the password must be changed. For example a maximum password age of 30 days would force users to change their passwords every 30 days. Minimum password length determines the minimum number of characters a password should have. A minimum of eight characters is generally regarded as a requirement for a good password. Account expiration determines when a user account will expire. This is especially useful for temporary workers and helps to ensure that unused accounts are not left active. A last login message is not a preventive login control. A last login message is informational only and does nothing to improve the security of the system. Incorrect Answers: B: Password aging is an example of a preventive login control. C: Minimum password length is an example of a preventive login control. D: Account expiration is an example of a preventive login control. QUESTION 973 Which type of control is concerned with avoiding occurrences of risks? A. B. C. D.

Deterrent controls Detective controls Preventive controls Compensating controls

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Preventive controls are concerned with avoiding occurrences of risks. The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating. The six different control functionalities are as follows: Deterrent: Intended to discourage a potential attacker Preventive: Intended to avoid an incident from occurring Corrective: Fixes components or systems after an incident has occurred Recovery: Intended to bring the environment back to regular operations Detective: Helps identify an incident’s activities and potentially an intruder Compensating: Controls that provide an alternative measure of control CISSP

Incorrect Answers: A: Deterrent controls are intended to discourage a potential attacker. A potential hacker is a risk; however, it is just one type of risk. Preventive controls are concerned with avoiding all risks. B: Detective controls are used to discover harmful occurrences; not avoid them. D: Compensating controls provide an alternative measure of control. They are not the primary control type concerned with avoiding occurrences of risks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 30 QUESTION 974 Password management falls into which control category? A. B. C. D.

Compensating Detective Preventive Technical

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Preventive controls are put in place to inhibit harmful occurrences. Access control is an example of a preventive control. Passwords are used in access control; therefore, password control is a preventive control. Preventive controls can be administrative, physical or technical. Preventive Technical controls include: Passwords, biometrics, smart cards Encryption, secure protocols, call-back systems, database views, constrained user interfaces Antimalware software, access control lists, firewalls, intrusion prevention system Incorrect Answers: A: Compensating controls are controls that provide an alternative measure of control. Password management does not fall into the Compensating control category. B: Detective controls are established to discover harmful occurrences. Password management does not fall into the Detective control category. D: Technical is a control type, not a control category. Password management is a technical control but it falls into the Preventive control category. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 31 QUESTION 975 What is the primary goal of setting up a honey pot? A. B. C. D.

To lure hackers into attacking unused systems To entrap and track down possible hackers To set up a sacrificial lamb on the network To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: CISSP

Explanation: A honeypot system is a computer that usually sits in the screened subnet, or DMZ, and attempts to lure attackers to it instead of to actual production computers. To make a honeypot system lure attackers, administrators may enable services and ports that are popular to exploit. Some honeypot systems have services emulated, meaning the actual service is not running but software that acts like those services is available. Honeypot systems can get an attacker’s attention by advertising themselves as easy targets to compromise. They are configured to look like regular company systems so that attackers will be drawn to them like bears are to honey. Honeypots can work as early detection mechanisms, meaning that the network staff can be alerted that an intruder is attacking a honeypot system, and they can quickly go into action to make sure no production systems are vulnerable to that specific attack type. Organizations use these systems to identify, quantify, and qualify specific traffic types to help determine their danger levels. The systems can gather network traffic statistics and return them to a centralized location for better analysis. So as the systems are being attacked, they gather intelligence information that can help the network staff better understand what is taking place within their environment. Incorrect Answers: A: A honeypot does act as a decoy system in that it can lure hackers into attacking the honeypot system instead of live production servers. However, this is not the primary goal of a honeypot. The primary goal is to learn about attack techniques so the network can be fortified. B: Entrapping and tracking down attackers is not the goal of a honeypot. Learning about possible attack techniques is more valuable to a company. C: It is not the goal of a honeypot to set up a sacrificial lamb on the network. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 655 QUESTION 976 Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of: A. B. C. D.

Deterrent controls Output controls Information flow controls Asset controls

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Output controls are used for two things — for protecting the confidentiality of an output, and for verifying the integrity of an output by comparing the input transaction with the output data. Elements of proper output controls would involve ensuring the output reaches the proper users, restricting access to the printed output storage areas, printing heading and trailing banners, requiring signed receipts before releasing sensitive output, and printing “no output” banners when a report is empty Incorrect Answers: A: Deterrent controls are used to encourage compliance with external controls, such as regulatory compliance. These controls are meant to complement other controls, such as preventative and detective controls. This is not what is described in the question. C: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are not examples of information flow controls. D: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are not examples of asset controls. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer

CISSP

Security, John Wiley & Sons, New York, 2001, p. 218 QUESTION 977 Which of the following security control is intended to avoid an incident from occurring? A. B. C. D.

Deterrent Preventive Corrective Recovery

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Preventive controls stop actions from taking place. It applies restrictions to what a possible user can do, whether the user is authorized or unauthorized. Incorrect Answers: A: Deterrent controls discourage users from performing actions on a system. C: Corrective controls deals with correcting a damaged system or process. D: Recovery controls may be required to restore functionality of the system and organization subsequent to a security incident taking place. References: Conrad, Eric, Seth Misenar, Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 27, 28 QUESTION 978 Which of the following are the three classifications of RAID identified by the RAID Advisory Board? A. Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. B. Foreign Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. C. Failure Resistant Disk Systems (FRDSs), File Transfer Disk Systems, and Disaster Tolerant Disk Systems. D. Federal Resistant Disk Systems (FRDSs), Fault Tolerant Disk Systems, and Disaster Tolerant Disk Systems. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: The RAID Advisory Board has defined three classifications of RAID: Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. As of this writing only the first one, FRDS, is an existing standard, and the others are still pending. We will now discuss the various implementation levels of an FRDS. Failure Resistant Disk System: The basic function of an FRDS is to protect file servers from data loss and a loss of availability due to disk failure. It provides the ability to reconstruct the contents of a failed disk onto a replacement disk and provides the added protection against data loss due to the failure of many hardware parts of the server. One feature of an FRDS is that it enables the continuous monitoring of these parts and the alerting of their failure. Failure Resistant Disk System Plus: An update to the FRDS standard is called FRDS+. This update adds the ability to automatically hot swap (swapping while the server is still running) failed disks. It also adds protection against environmental hazards (such as temperature, out-of-range conditions, and external power failure) and includes a series of alarms and warnings of these failures. CISSP

Incorrect Answers: B: Foreign Resistant Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. C: File Transfer Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. D: Federal Resistant Disk Systems is not one of the three classifications of RAID identified by the RAID Advisory Board. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 979 RAID Level 1 is commonly called which of the following? A. B. C. D.

mirroring striping clustering hamming

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: B: Striping is used in other RAID levels, but not in RAID level 1. C: Clustering is not a RAID level. D: RAID Level 1 is not called hamming. Hamming is code used to create parity data in RAID level 2. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 980 Which of the following is often implemented by a one-for-one disk to disk ratio? A. B. C. D.

RAID Level 1 RAID Level 0 RAID Level 2 RAID Level 5

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the CISSP

data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: B: RAID level 0 is not implemented by a one-for-one disk to disk ratio. C: RAID level 2 is not implemented by a one-for-one disk to disk ratio. D: RAID level 5 is not implemented by a one-for-one disk to disk ratio. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 981 The MAIN issue with Level 1 of RAID is which of the following? A. B. C. D.

It is very expensive. It is difficult to recover. It causes poor performance. It is relatively unreliable.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: B: RAID level 1 is not difficult to recover. If one drive fails, the system automatically gets the data from the other drive. C: RAID level 1 does not cause poor performance. The performance is quite good because no parity data needs to be calculated. D: RAID level 1 is not relatively unreliable; duplicating data onto another disk is a reliable system. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 982 Which of the following effectively doubles the amount of hard drives needed but also provides redundancy? A. B. C. D.

RAID Level 0 RAID Level 1 RAID Level 2 RAID Level 5

Correct Answer: B Section: Security Operations Explanation CISSP

Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: A: RAID Level 0 requires a minimum of two disks so in that sense, it does double the minimum disk requirement. However, if the minimum amount of disks you require to store your data is more than two, then RAID level 0 does not double the disk requirement. For example, if you needed 4 disks to store all your data, you could just create a 4-disk RAID. RAID level 0 also provides no redundancy. C: RAID Level 2 defines a 39-disk system. This doesn’t double the amount of hard drives needed because it is a fixed disk requirement. D: RAID Level 5 does not double the amount of hard drives needed. RAID level 5 requires the equivalent of one extra drive for parity data. For example, if 4 disks were needed for the amount of data to be stored, the RAID would need 5 disks. If 10 disks were required for the amount of data to be stored, the RAID would need 11 disks in total. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 983 Which of the following is used to create parity information? A. B. C. D.

a hamming code a clustering code a mirroring code a striping code

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 2 consists of bit-interleaved data on multiple disks. The parity information is created using a hamming code that detects errors and establishes which part of which drive is in error. It defines a disk drive system with 39 disks: 32 disks of user storage 66 and seven disks of error recovery coding. This level is not used in practice and was quickly superseded by the more flexible levels of RAID such as RAID 3 and RAID 5. Incorrect Answers: B: Clustering code is not used to create parity information. C: A mirroring code is not used to create parity information. Mirroring is used to describe the method used in RAID level 1. D: A striping code is not used to create parity information. Striping is the method used to write data across multiple disks in RAID systems. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 984 The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following? CISSP

A. B. C. D.

Block level. Bridge level. Channel level. Buffer level.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Levels 3 and 4 function in a similar way. The only difference is that level 3 is implemented at the byte level and level 4 is usually implemented at the block level. In this scenario, data is striped across several drives and the parity check bit is written to a dedicated parity drive. This is similar to RAID 0. They both have a large data volume, but the addition of a dedicated parity drive provides redundancy. If a hard disk fails, the data can be reconstructed by using the bit information on the parity drive. The main issue with this level of RAID is that the constant writes to the parity drive can create a performance hit. In this implementation, spare drives can be used to replace crashed drives. Incorrect Answers: B: RAID level 4 is not implemented at bridge level. C: RAID level 4 is not implemented at channel level. D: RAID level 4 is not implemented at buffer level. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 985 The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios? A. B. C. D.

system is up and running system is quiesced but operational system is idle but operational system is up and in single-user-mode

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 5 stripes the data and the parity information at the block level across all the drives in the set. It is similar to RAID 3 and 4 except that the parity information is written to the next available drive rather than to a dedicated drive by using an interleave parity. This enables more flexibility in the implementation and increases fault tolerance as the parity drive is not a single point of failure, as it is in RAID 3 or 4. The disk reads and writes are also performed concurrently, thereby increasing performance over levels 3 and 4. The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server while the system is up and running. This is probably the most popular implementation of RAID today. Incorrect Answers: B: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and running. The server does not need to be quiesced. C: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and running. The server does not need to be idle. D: Hot swappable means that the disk drives can be replaced on the server while the server is system is up and CISSP

running. The server does not need to be in single-user-mode. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 986 RAID level 10 is created by combining which of the following? A. B. C. D.

level 0 (striping) with level 1 (mirroring). level 0 (striping) with level 2 (hamming). level 0 (striping) with level 1 (clustering). level 0 (striping) with level 1 (hamming).

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID 10, also known as RAID 1+0, combines disk mirroring and disk striping to protect data. A RAID 10 configuration requires a minimum of four disks, and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets. RAID 10 provides redundancy and performance, and is the best option for I/O-intensive applications. One disadvantage is that only 50% of the total raw capacity of the drives is usable due to mirroring. Incorrect Answers: B: Level 0 (striping) is combined with level 1 (mirroring), not level 2 (hamming). C: Level 1 is mirroring, not clustering. D: Level 1 is mirroring, not hamming. References: http://searchstorage.techtarget.com/definition/RAID-10-redundant-array-of-independent-disks QUESTION 987 A hardware RAID implementation is usually: A. B. C. D.

platform-independent. platform-dependent. operating system dependent. software dependent.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A hardware RAID implementation is usually platform-independent. It runs below the operating system (OS) of the server and usually does not care if the OS is Novell, NT, or Unix. The hardware implementation uses its own Central Processing Unit (CPU) for calculations on an intelligent controller card. There can be more than one of these cards installed to provide hardware redundancy in the server. RAID levels 3 and 5 run faster on hardware. A software implementation of RAID means it runs as part of the operating system on the file server. Incorrect Answers: B: A hardware RAID implementation is not platform-dependent. CISSP

C: A hardware RAID implementation is not operating system dependent. D: A hardware RAID implementation is not software dependent. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 988 RAID levels 3 and 5 run: A. B. C. D.

faster on hardware. slower on hardware. faster on software. at the same speed on software and hardware.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A hardware RAID implementation is usually platform-independent. It runs below the operating system (OS) of the server and usually does not care if the OS is Novell, NT, or Unix. The hardware implementation uses its own Central Processing Unit (CPU) for calculations on an intelligent controller card. There can be more than one of these cards installed to provide hardware redundancy in the server. RAID levels 3 and 5 run faster on hardware. A software implementation of RAID means it runs as part of the operating system on the file server. Incorrect Answers: B: RAID levels 3 and 5 run faster, not slower on hardware. C: RAID levels 3 and 5 run faster on hardware, not software. D: RAID levels 3 and 5 run faster hardware than they do on software. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 989 When RAID runs as part of the operating system on the file server, it is an example of a: A. B. C. D.

software implementation. hardware implementation. network implementation. server implementation.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID can be implemented in either hardware or software. Each type has its own issues and benefits. A software implementation of RAID means it runs as part of the operating system on the file server. Often RAID levels 0, 1, and 10 run faster on software RAID because of the need for the server’s software resources. Simple striping or mirroring can run faster in the operating system because neither use the hardware-level parity drives. Incorrect Answers: B: RAID running as part of the operating system on the file server is an example of a software implementation, CISSP

not a hardware implementation. C: RAID running as part of the operating system on the file server is an example of a software implementation, not a network implementation. D: RAID running as part of the operating system on the file server is an example of a software implementation, not a server implementation. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 990 A server cluster looks like a: A. B. C. D.

single server from the user's point of view. dual server from the user's point of view. triple server from the user's point of view. quadruple server from the user's point of view.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A server cluster is a group of independent servers, which are managed as a single system that provides higher availability, easier manageability, and greater scalability. The cluster looks like a single server from the user’s point of view. If any server in the cluster crashes, processing continues transparently. Incorrect Answers: B: A server cluster looks like a single server, not a dual server from the user's point of view. C: A server cluster looks like a single server, not a triple server from the user's point of view. D: A server cluster looks like a single server, not a quadruple server from the user's point of view. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 145 QUESTION 991 Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. B. C. D.

The full backup method. The incremental backup method. The differential backup method. The tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The Full Backup Method makes a complete backup of every file on the server every time it is run. The method is primarily run when time and tape space permits, and is used for system archive or baselined tape sets. Incorrect Answers: B: The incremental backup method backs up only the files that have changed since the previous full or CISSP

incremental backup. This backup method does not back up all files every time it is run. C: The differential backup method backs up only the files that have changed since the previous full backup. This backup method does not back up all files every time it is run. D: The tape backup method is not a method that determines what files are backed up; it just specifies that the files are backed up to tape. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 148 QUESTION 992 Which backup method usually resets the archive bit on the files after they have been backed up? A. B. C. D.

Incremental backup method. Differential backup method. Partial backup method. Tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The incremental backup method backs up all the files that have changed since the last full or incremental backup and resets the archive bit to 0. This is known as “clearing the archive bit”. A full backup backs up all files regardless of whether the archive bit is 1 or 0 and sets the archive bit to 0. The archive bit is used by the backup process to determine whether a file has been changed. When you modify a file or create a new file, the archive bit is set to 1. This tells the backups process that the file has changed (or is a new file) and needs to be backed up. When an incremental backup backs up the file, it sets the archive bit to 0. When the next incremental backup runs and sees that the archive bit is 0, the incremental backup knows that the file has not changed since the last backup and so will not back up the file again. Incorrect Answers: B: The differential backup method backs up only the files that have changed since the previous full backup. This backup method does not reset the archive bit. C: The partial backup method is not a method that determines whether the archive bit is reset or not; it just specifies that a subset of data is backed up. D: The tape backup method is not a method that determines whether the archive bit is reset or not; it just specifies that the files are backed up to tape. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 69 QUESTION 993 Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. B. C. D.

The differential backup method. The full backup method. The incremental backup method. The tape backup method.

Correct Answer: A Section: Security Operations Explanation CISSP

Explanation/Reference: Explanation: The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup. Archive bits let the backup software know what needs to be backed up. The differential and incremental backup types rely on the archive bit to direct them. Incorrect Answers: B: Full backups back up all files. Full backups are not additive. C: Incremental backups are not additive because they reset the archive bit so the file is not backed up again next day (unless the file was changed again). D: The tape backup method is not a method that determines whether the archive bit is reset or not; it just specifies that the files are backed up to tape. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 69 http://www.brighthub.com/computing/windows-platform/articles/24531.aspx QUESTION 994 Which of the following backup method must be made regardless of whether Differential or Incremental methods are used? A. B. C. D.

Full Backup Method. Incremental backup method. Supplemental backup method. Tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A Full Backup must be made regardless of whether Differential or Incremental methods are used. The Full Backup Method makes a complete backup of every file on the server every time it is run. The full backup will reset the archive bits on all the files that were backed up. The archive bits are used by incremental and differential backups to determine which files have been changed since the full backup and therefore, which files need to be backed up. Incorrect Answers: B: Incremental backups back up all files that were changed since the last full or incremental backup. You do not have to use incremental backups. C: “Supplemental” is not the backup type that must be made regardless of whether Differential or Incremental methods are used. A supplemental backup is an ‘extra’ or ‘additional’ backup; it is not part of the regular backup schedule. D: The tape backup method is not one of the defined backup types; it just specifies that the files are backed up to tape. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 69 QUESTION 995 Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?

CISSP

A. B. C. D.

Digital Video Tape (DVT). Digital Analog Tape (DAT). Digital Voice Tape (DVT). Digital Audio Tape (DAT).

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Digital Audio Tape (DAT) can be used to backup data systems in addition to its original intended audio uses. Incorrect Answers: A: Digital Video Tape (DVT) is not used to backup data systems. B: Digital Analog Tape (DAT) is not a defined type of tape; DAT stands for Digital Audio Tape. C: Digital Voice Tape (DVT) is not a defined type of tape; DVT stands for Digital Video Tape. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 70 QUESTION 996 This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): A. B. C. D.

Hierarchical Storage Management (HSM). Hierarchical Resource Management (HRM). Hierarchical Access Management (HAM). Hierarchical Instance Management (HIM).

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs. It appears as an infinite disk to the system, and can be configured to provide the closest version of an available real-time backup. This is commonly employed in very large data retrieval systems. Incorrect Answers: B: Hierarchical Resource Management (HRM) is not a defined backup media technology. C: Hierarchical Access Management (HAM) is not a defined backup media technology. D: Hierarchical Instance Management (HIM) is not a defined backup media technology. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 71 QUESTION 997 Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the: A. Operations Security Domain. B. Operations Security Domain Analysis.

CISSP

C. Telecommunications and Network Security Domain. D. Business Continuity Planning and Disaster Recovery Planning. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain. Operations Security can be described as the controls over the hardware in a computing facility, the data media used in a facility, and the operators using these resources in a facility. Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations in order to routinely support operational activities that enable computer systems to function correctly. It also refers to the implementation of security controls for normal transaction processing, system administration tasks, and critical external support operations. These controls can include resolving software or hardware problems along with the proper maintenance of auditing and monitoring processes. Incorrect Answers: B: Physically securing backup tapes from unauthorized access is not considered a function of the Operations Security Domain Analysis. C: Physically securing backup tapes from unauthorized access is not considered a function of the Telecommunications and Network Security Domain. D: Physically securing backup tapes from unauthorized access is not considered a function of the Business Continuity Planning and Disaster Recovery Planning. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 71 Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 301 QUESTION 998 The main issue with RAID Level 1 is that the one-for-one ratio is: A. B. C. D.

very expensive, resulting in the highest cost per megabyte of data capacity. very inexpensive, resulting in the lowest cost per megabyte of data capacity. very unreliable resulting in a greater risk of losing data. very reliable resulting in a lower risk of losing data.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: B: RAID Level 1 is not inexpensive, resulting in the lowest cost per megabyte of data capacity; it is the opposite. C: RAID Level 1 is not unreliable resulting in a greater risk of losing data; it is the opposite. D: RAID Level 1 is very reliable resulting in a lower risk of losing data. However, this is not an ‘issue’, it’s a good

CISSP

thing. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2001, p. 90 QUESTION 999 Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels? A. B. C. D.

RAID Level 0 RAID Level 1 RAID Level 2 RAID Level 7

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 2 consists of bit-interleaved data on multiple disks. The parity information is created using a hamming code that detects errors and establishes which part of which drive is in error. It defines a disk drive system with 39 disks: 32 disks of user storage 66 and seven disks of error recovery coding. This level is not used in practice and was quickly superseded by the more flexible levels. Incorrect Answers: A: RAID Level 0 "Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk. However, without the parity information, it is not possible to recover from a hard drive failure. This technique does not provide redundancy and should not be used for systems with high availability requirements. RAID Level 0 is widely used today where performance is required but not redundancy. B: RAID Level 1 "This level duplicates all disk writes from one disk to another to create two identical drives. This technique is also known as data mirroring. RAID Level 1 is widely used today. D: RAID Level 7 is a variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. This is sometimes simulated by software running over a RAID level 5 hardware implementation. This enables the drive array to continue to operate if any disk or any path to any disk fails. RAID Level 7 was not superseded by the more flexible levels. References: Krutz, Ronald L. and Russel Dean Vines, The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, New York, 2003, p. 90 QUESTION 1000 Which RAID implementation is commonly called mirroring? A. B. C. D.

RAID level 2 RAID level 3 RAID level 5 RAID level 1

Correct Answer: D Section: Security Operations Explanation

CISSP

Explanation/Reference: Explanation: RAID Level 1 is commonly called mirroring. It mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. This is often implemented by a one-for-one disk to disk ratio: Each drive is mirrored to an equal drive partner that is continually being updated with current data. If one drive fails, the system automatically gets the data from the other drive. The main issue with this level of RAID is that the onefor-one ratio is very expensive — resulting in the highest cost per megabyte of data capacity. This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. Incorrect Answers: A: RAID level 2 uses hamming code parity. It is not called mirroring. B: RAID level 3 uses byte level parity. It is not called mirroring. C: RAID level 5 uses interleave parity. It is not called mirroring. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 144 QUESTION 1001 Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program. The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities. In regards to storage technology, what is the most suitable configuration for the server hard drives? A. B. C. D.

Single hard disk (no RAID) RAID 0 RAID 1 RAID 10

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The questions states that the requirements are low cost technologies, high performance and no high availability capacities. RAID Level 0 creates one large disk by using several disks. This process is called striping. It stripes data across all disks (but provides no redundancy) by using all of the available drive space to create the maximum usable data volume size and to increase the read/write performance. Incorrect Answers: A: Single hard disk does meet the low cost requirement and no high availability but it does not provide high performance. C: RAID 1 (mirroring) does not provide high performance; it does provide high cost and high availability. This does not meet the requirements. D: RAID 10 does provide high performance but it is an expensive solution with high availability capacities. This does not meet the requirements. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 65 QUESTION 1002 Which of the following answers is directly related to providing High Availability to your users?

CISSP

A. B. C. D.

Backup data circuits Good hiring practices Updated Antivirus Software Senior Executive Support

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: When planning for high availability, any critical component of your data network should have some sort of redundancy or backup plan in case it does fail. One of the ways to provide uninterrupted access to information assets is through redundancy and fault tolerance. Redundancy refers to providing multiple instances of either a physical or logical component such that a second component is available if the first fails. Fault tolerance is a broader concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure. This can include items like these: RAID array disks on servers so that if any single drive fails the server remains available. Backup network connections. Many internet services providers provide these for a fee. Backup power for all systems and circuits. Fire suppression and evacuation plans. A data backup practice to backup and restore data while storing backups offsite in a safe, remote location. Incorrect Answers: B: Good hiring practices can ensure that good staff are hired. However, this does not ensure high availability. C: Updated Antivirus Software does not ensure high availability, although it's a critical part of defense in depth. D: Senior Executive Support, while this is important for funding equipment for high availability, it isn't directly related to providing the high availability. QUESTION 1003 When backing up an applications system's data, which of the following is a key question to be answered first? A. B. C. D.

When to make backups. Where to keep backups. What records to backup. How to store backups.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: It is critical that a determination be made of WHAT data is important and should be retained and protected. Without determining the data to be backed up, the potential for error increases. A record or file could be vital and yet not included in a backup routine. Alternatively, temporary or insignificant files could be included in a backup routine unnecessarily. Incorrect Answers: A: Although it is important to consider schedules for backups, this is done after it has been determined what data should be included in the backup routine. B: The location of the backup copies of data should be decided after determining what data should be included in the backup routine. C: How to store backups is a question that needs to be answered. However, what to backup is the first question to be answered. CISSP

QUESTION 1004 Which of the following security controls is intended to bring an environment back to regular operation? A. B. C. D.

Deterrent Preventive Corrective Recovery

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The different functionalities of security controls are preventive, detective, corrective, deterrent, recovery, and compensating. The six different control functionalities are as follows: Deterrent Intended to discourage a potential attacker Preventive Intended to avoid an incident from occurring Corrective Fixes components or systems after an incident has occurred Recovery Intended to bring the environment back to regular operations Detective Helps identify an incident’s activities and potentially an intruder Compensating Controls that provide an alternative measure of control Incorrect Answers: A: The Deterrent security control is intended to discourage a potential attacker. This is not what is described in the question. B: The Preventative security control is intended to avoid an incident from occurring. This is not what is described in the question. C: The Corrective security control fixes components or systems after an incident has occurred. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 30 QUESTION 1005 Which of the following activities would not be included in the contingency planning process phase? A. B. C. D.

Prioritization of applications Development of test procedures Assessment of threat impact on the organization Development of recovery scenarios

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: When an incident strikes, more is required than simply knowing how to restore data from backups. Also necessary are the detailed procedures that outline the activities to keep the critical systems available and ensure that operations and processing are not interrupted. Contingency management defines what should take place during and after an incident. Actions that are required to take place for emergency response, continuity of operations, and dealing with major outages must be documented and readily available to the operations staff. Development of test procedures is not part of contingency planning. This has nothing to do with recovering from an incident.

CISSP

Incorrect Answers: A: Prioritization of applications is used to determine which applications are most important to the company and should be recovered first. This should be part of your contingency planning. C: Assessment of threat impact on the organization should be part of the contingency plan to determine what affect an incident would have. This should be part of your contingency planning. D: Development of recovery scenarios are the most obvious part of a contingency plan. You need to plan how to recover from an incident. This should be part of your contingency planning. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1276 QUESTION 1006 Which RAID Level often implements a one-for-one disk to disk ratio? A. B. C. D.

RAID Level 1 RAID Level 0 RAID Level 2 RAID Level 5

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID Level 1, disk mirroring, uses a one-for-one setup, where data are written to two drives at once. If one drive fails, the other drive has the exact same data available. Incorrect Answers: B: RAID Level 0 uses data striped over several drives, not just two drives. There is not one-to-one disk ratio. C: RAID Level 2 uses data striped over several drives, not just two drives. There is not one-to-one disk ratio. D: RAID Level 5 does not use a one-to-one disk ratio. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1007 What is the PRIMARY purpose of using redundant array of inexpensive disks (RAID) level zero? A. B. C. D.

To improve system performance. To maximize usage of hard disk space. To provide fault tolerance and protection against file server hard disk crashes. To implement integrity.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID level 0 offers no fault tolerance, just performance improvements. Incorrect Answers: B: RAID level 0 provides no increase in hard disk usage compared to non-raid disks. C: RAID level 0 offers no fault tolerance. D: RAID does provide integrity. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 142 QUESTION 1008 Which RAID implementation stripes data and parity at block level across all the drives? A. B. C. D.

RAID level 1 RAID level 2 RAID level 4 RAID level 5

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: With RAID level 5 data are written in disk sector units to all drives. Parity is written to all drives also, which ensures there is no single point of failure. Incorrect Answers: A: RAID Level 1 does not use a parity bit. It uses mirroring of drives. B: RAID Level 2 does not use block level parity. It uses hamming code parity. C: RAID level 4 uses byte-level parity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1009 Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance? A. B. C. D.

RAID level 0 RAID level 1 RAID level 2 RAID level 5

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: RAID level 1 is mirroring of drives. Data are written to two drives at once. 50% of the disks are used for fault tolerance. Incorrect Answers: A: RAID level 0, data striping, provides no fault tolerance. C: RAID Level 2 uses parity for fault tolerance, but is not used in production today. D: RAID level 5 uses one parity bit for fault tolerance. With three drives, the minimum amount, 33% of the disks are for fault tolerance. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1010 Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

CISSP

A. B. C. D.

Full backup method Incremental backup method Fast backup method Differential backup method

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The Differential backup method backs up the files that have been modified since the last full backup. The differential process does not change the archive bit value. Incorrect Answers: A: During a full backup all data are backed up and saved to some type of storage media, and the archive bit is cleared. B: The Incremental backup method backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. C: There is no backup method named fast backup method. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 936 QUESTION 1011 Which of the following items is NOT primarily used to ensure integrity? A. B. C. D.

Cyclic Redundancy Check (CRC) Redundant Array of Inexpensive Disks (RAID) system Hashing Algorithms The Biba Security model

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: RAID can be used for fault tolerance, but it does not provide integrity. Incorrect Answers: A: Cyclic redundancy checks (CRCs) act as an integrity tool. C: Hash totals act as an integrity tool. D: The Biba integrity security model focuses on integrity. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 171 QUESTION 1012 Which backup method does not reset the archive bit on files that are backed up? A. Full backup method B. Incremental backup method C. Differential backup method

CISSP

D. Additive backup method Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The Differential backup method backs up the files that have been modified since the last full backup. The differential process does not change the archive bit value. Incorrect Answers: A: During a full backup all data are backed up and saved to some type of storage media, and the archive bit is cleared. B: The Incremental backup method backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. D: There is no backup method named the Additive backup method. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 936 QUESTION 1013 Which of the following defines when RAID separates the data into multiple units and stores it on multiple disks? A. B. C. D.

striping scanning screening shadowing

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: When data are written across all drives, the technique of striping is used. This activity divides and writes the data over several drives. Incorrect Answers: B: Scanning is not a concept used in relation to RAID. C: Screening is not a concept used in relation to RAID. D: Shadowing is not a concept used in relation to RAID. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1268 QUESTION 1014 What is the process that RAID Level 0 uses as it creates one large disk by using several disks? A. B. C. D.

striping mirroring integrating clustering

Correct Answer: A Section: Security Operations Explanation

CISSP

Explanation/Reference: Explanation: With RAID Level 0 data is striped over several drives creating one single logical disk. Incorrect Answers: B: Mirroring is RAID Level 1 and uses only two disks. C: There is not RAID Level named integrating. D: There is not RAID Level named clustering. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1015 RAID Level 1 mirrors the data from one disk or set of disks using which of the following techniques? A. B. C. D.

Duplicating the data onto another disk or set of disks. Moving the data onto another disk or set of disks. Establishing dual connectivity to another disk or set of disks. Establishing dual addressing to another disk or set of disks.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: With RAID Level 1 data are written to two drives at once. If one drive fails, the other drive has the exact same data available. Incorrect Answers: B: RAID Level 1 does not move data, it make two copies of it and stores it on two separate disks. C: Dual connectivity is not used by any RAID level. D: Dual addressing is not used by any RAID level. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1016 Which of the following stripes the data and the parity information at the block level across all the drives in the set? A. B. C. D.

RAID Level 5 RAID Level 0 RAID Level 2 RAID Level 1

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: With RAID level 5 data are written in disk sector units to all drives. Parity is written to all drives also, which ensures there is no single point of failure. Incorrect Answers:

CISSP

B: RAID Level 0 does not use a parity bit. It just stripes data over several drives. C: RAID Level 2 does not use block level parity. It uses hamming code parity. D: RAID Level 1 does not use a parity bit. It uses mirroring of drives. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1270 QUESTION 1017 A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. B. C. D.

server cluster. client cluster. guest cluster. host cluster.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A server cluster is a group of servers that are viewed logically as one server to users and can be managed as a single logical system. Clustering provides for availability and scalability. It groups physically different systems and combines them logically, which provides immunity to faults and improves performance. Incorrect Answers: B: A cluster contains servers, not clients. C: A guest cluster is referring to something more specific compared to a server cluster. For example, for Windows Server 2012, a failover cluster that is made up of two or more virtual machines is typically referred to as a guest cluster. D: A host cluster is a more specific notion compared to server cluster, specifically, it is a type of web hosting. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1272 QUESTION 1018 If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. B. C. D.

server farm client farm cluster farm host farm

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Clusters may also be referred to as server farms. If one of the systems within the cluster fails, processing continues because the rest pick up the load, although degradation in performance could occur. Incorrect Answers: B: A cluster contains servers, not clients. C: A cluster and a cluster farm is not the same thing. A cluster is server farm. D: A cluster and a host farm is not the same thing. A cluster is server farm. CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1272 QUESTION 1019 Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets? A. B. C. D.

full backup method. incremental backup method. differential backup method. tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: In a full backup all data are backed up and saved to some type of storage media. From this baseline differential and incremental backups can later be made. Incorrect Answers: B: An incremental process backs up all the files that have changed since the last full or incremental backup. C: A differential backup backs up the files that have been modified since the last full backup. When the data need to be restored, the full backup is laid down first, and then the most recent differential backup is put down on top of it. D: A tape backup is any type of backup which backs up data to the tape medium. It can be a full backup, an incremental backup, or a differential backup. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 936 QUESTION 1020 Which backup method is used if backup time is critical and tape space is at an extreme premium? A. B. C. D.

Incremental backup method. Differential backup method. Full backup method. Tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: An incremental process backs up only the files that have changed since the last full or incremental backup. Compared to a differential or a full back, an incremental backup copies less files. Incorrect Answers: B: A differential backup backs up the files that have been modified since the last full backup. More files are copies compared to an incremental backup. C: In a full backup all data are backed up and saved to some type of storage media. D: A tape backup is any type of backup which backs up data to the tape medium. It can be a full backup, an incremental backup, or a differential backup. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 936 QUESTION 1021 Hierarchical Storage Management (HSM) is commonly employed in: A. B. C. D.

very large data retrieval systems. very small data retrieval systems. shorter data retrieval systems. most data retrieval systems.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: HSM (Hierarchical Storage Management) provides continuous online backup functionality. It combines hard disk technology with the cheaper and slower optical or tape jukeboxes. HSM is typically used in very large data retrieval systems. Incorrect Answers: B: HSM is typically not used in small data retrieval systems. C: HSM is not used in small data retrieval systems. D: Due to the added complexity of HSM, it is used only in very large data retrieval systems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1274 QUESTION 1022 Which of the following best describes what would be expected at a "hot site"? A. B. C. D.

Computers, climate control, cables and peripherals Computers and peripherals Computers and dedicated climate control systems. Dedicated climate control systems

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A hot site is a facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources from a hot site are usually the data, which will be retrieved from a backup site, and the people who will be processing the data. The hot site would include computers, cables and peripherals. A climate control system might be required as well as most electronic equipment must operate in a climatecontrolled atmosphere. Incorrect Answers: B: Computer cables would be required as well. C: Peripherals and cables would be required as well. D: A hot site would require computers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 920 QUESTION 1023

CISSP

Which of the following computer recovery sites is only partially equipped with processing equipment? A. B. C. D.

hot site. rolling hot site. warm site. cold site.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A warm site is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment such as communication equipment and servers. Incorrect Answers: A: A hot site is a facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources from a hot site are usually the data. B: A rolling hot site is a mobile facility, typically the back of an 18-wheel truck. It has all of the capabilities of a hot site and is very versatile, but expensive. Hot sites are fully equipped. D: A cold site is a leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional services. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 921 QUESTION 1024 Which of the following computer recovery sites is the least expensive and the most difficult to test? A. B. C. D.

non-mobile hot site. mobile hot site. warm site. cold site.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A cold site is less expensive compared to a warm site or a hot site. A cold site is a leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional services. A cold site is essentially an empty data center. Incorrect Answers: A: A hot site is fully equipped and is therefore more expensive than a cold site. B: A mobile (rolling) hot site is a mobile facility, typically the back of an 18-wheel truck. It has all of the capabilities of a hot site and is very versatile, but expensive. C: A warm site is more expensive than a cold site, since it is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 921 QUESTION 1025 CISSP

Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? A. B. C. D.

It is unlikely to be affected by the same disaster. It is close enough to become operational quickly. It is close enough to serve its users. It is convenient to airports and hotels.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: When choosing a backup facility, it should be far enough away from the original site so that one disaster does not take out both locations. In other words, it is not logical to have the backup site only a few miles away if the company is concerned about, for example, tornado damage, because the backup site could also be affected or destroyed. Incorrect Answers: B: The alternate site should be too close so that one disaster does not take out both locations. C: The alternate site should be too close so that one disaster does not take out both locations. D: That the alternate city is convenient to airports and hotels is A major factor when considering an alternate site. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 924 QUESTION 1026 Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? A. B. C. D.

hot site. warm site. cold site. reciprocal agreement.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Reciprocal agreements are Enforceable. This means that although company A said company B could use its facility when needed, when the need arises, company A legally does not have to fulfill this promise. Incorrect Answers: A: A hot site contract is enforceable, while a reciprocal agreement could be hard to enforce. B: A warm site contract is enforceable, while a reciprocal agreement could be hard to enforce. C: A cold site contract is enforceable, while a reciprocal agreement could be hard to enforce. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 924 QUESTION 1027 A Differential backup process will:

CISSP

A. B. C. D.

Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1 Backs up data labeled with archive bit 1 and changes the data label to archive bit 0 Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0 Backs up data labeled with archive bit 0 and changes the data label to archive bit 1

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: When a file is modified or created, the file system sets the archive bit to 1. A differential backup process backs up the files that have been modified since the last full backup, but does not change the archive bit value. Incorrect Answers: B: A differential backup process does not change the archive bit value. C: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1. D: Because a differential backup process backs up the files that have been modified since the last full backup, the archive bit at the start of the process would be set to 1. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 935-936 QUESTION 1028 Who should direct short-term recovery actions immediately following a disaster? A. B. C. D.

Chief Information Officer. Chief Operating Officer. Disaster Recovery Manager. Chief Executive Officer.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The disaster recovery manager should direct short-term recovery actions immediately following a disaster. Incorrect Answers: A: The Chief Information Officer (CIO) does not handle disaster recovery. As a CIO must make executive decisions regarding things such as the purchase of IT equipment from suppliers or the creation of new systems, they are therefore responsible to lead and direct the workforce of their specific organization. In addition, the CIO is ‘required to have strong organizational skills’. This is particularly relevant for a Chief Information Officer of an organization, who must balance roles in order to gain a competitive advantage and keep the best interests of the organization’s employees. CIOs also have the responsibility of recruiting, so it is important that they take on the best employees to complete the jobs the company needs fulfilling. B: The Chief Operating Officer does Direct recovery actions following a disaster. The Chief Operating Officer is responsible for the daily operation of the company, and routinely reports to the highest ranking executive. D: The Chief Executive Officer (CEO) does not handle disaster recovery. The CEO has responsibilities as a director, decision maker, leader, manager and executor. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 657 QUESTION 1029 CISSP

Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes? A. B. C. D.

Composition Priorities Dependencies Service levels

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Data points obtained as part of the BIA information gathering process will be used later during analysis. It is important that the team members ask about how different tasks—whether processes, transactions, or services, along with any relevant dependencies—get accomplished within the organization. Incorrect Answers: A: To determine the dependencies, not the composition, between the business processes is an import step of the BIA process. B: To determine the dependencies, not the priorities, between the business processes is an import step of the BIA process. D: To determine the service levels, not the priorities, between the business processes is an import step of the BIA process. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 905 QUESTION 1030 Which of the following recovery plan test results would be most useful to management? A. B. C. D.

elapsed time to perform various activities. list of successful and unsuccessful activities. amount of work completed. description of each activity.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: The team of testers must agree upon what activities are getting tested and how to properly determine success or failure. Incorrect Answers: A: The key when testing the recovery plan is to know fail or success of the activities, not the elapsed time of them. C: The recovery plan test refers to activities not to work completed. D: The key when testing the recovery plan is to know fail or success of the activities, not the description time of time. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 954 QUESTION 1031 Which of the following answers BEST indicates the most important part of a data backup plan?

CISSP

A. B. C. D.

Testing the backups with restore operations An effective backup plan A reliable network infrastructure Expensive backup hardware

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: If you can't restore lost files from your backup system then your backup plan is useless. You could have the best backup system and plan available but if you are unable to restore files then the system cannot assure data availability. Develop an effective disaster recovery plan and include in that plan a good backup strategy that meets the needs of your organization. Be sure to include periodic recovery practice operations to prove the effectiveness of the system. Incorrect Answers: B: This question is asking for the BEST answer for the most important part of a data backup plan. An effective backup plan is what you want; however the MOST IMPORTANT part of the backup plan is the ability to restore the data. C: A reliable network infrastructure makes it easier to backup and restore your data. However, network reliability is not the MOST IMPORTANT part of a backup plan. The ability to restore the data is more important. D: Expensive backup hardware is not the BEST answer. If your expensive backup hardware cannot restore your data, it is no good to you. QUESTION 1032 Fault tolerance countermeasures are designed to combat threats to which of the following? A. B. C. D.

an uninterruptible power supply. backup and retention capability. design reliability. data integrity.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: One of the ways to provide uninterrupted access to information assets is through redundancy and fault tolerance. Redundancy refers to providing multiple instances of either a physical or logical component such that a second component is available if the first fails. Fault tolerance is a broader concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure. Fault tolerance countermeasures are designed to combat threats to design reliability. Although fault tolerance can include redundancy, it also refers to systems such as RAID where if a disk fails, the data can be made available from the remaining disks. Incorrect Answers: A: Fault tolerance countermeasures ensure that data assets remain available in the event of a failure of any component, not just an uninterruptible power supply. B: Fault tolerance countermeasures ensure that data assets remain available in the event of a failure of any component, not just the backup and retention capability. D: Fault tolerance countermeasures do not protect data integrity. CISSP

QUESTION 1033 An incremental backup process A. Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. B. Backs up the files that been modified since the last full backup. It does not change the archive bit value. C. Backs up all the data and changes the archive bit to 0. D. Backs up all the data and changes the archive bit to 1. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The incremental backup method backs up all the files that have changed since the last full or incremental backup and resets the archive bit to 0. This is known as “clearing the archive bit”. A full backup backs up all files regardless of whether the archive bit is 1 or 0 and sets the archive bit to 0. The archive bit is used by the backup process to determine whether a file has been changed. When you modify a file or create a new file, the archive bit is set to 1. This tells the backups process that the file has changed (or is a new file) and needs to be backed up. When an incremental backup backs up the file, it sets the archive bit to 0. When the next incremental backup runs and sees that the archive bit is 0, the incremental backup knows that the file has not changed since the last backup and so will not back up the file again. Incorrect Answers: B: This answer describes the differential backup process. The differential backup does not change the archive bit value; an incremental backup does change the archive bit value to 0. C: This answer describes the full backup process. An incremental backup does not back up ALL files; it only backs up changed files. D: An incremental backup does not back up ALL files; it only backs up changed files. Furthermore, it changes the archive bit value to 0, not 1. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 801-802 QUESTION 1034 A Differential backup process: A. B. C. D.

Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1 Backs up data labeled with archive bit 1 and changes the data label to archive bit 0 Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0 Backs up data labeled with archive bit 0 and changes the data label to archive bit 1

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Archive bit 1 = On (the archive bit is set). Archive bit 0 = Off (the archive bit is NOT set). A full backup backs up all files regardless of whether the archive bit is 1 or 0 and sets the archive bit to 0. When the archive bit is set to ON, it indicates a file that has changed and needs to be backed up. Differential backups back up all files that have changed since the last full backup - all files that have their archive bit value set to 1. Differential backups do not change the archive bit value when they backup a file; they leave the archive bit value set to 1. CISSP

Incorrect Answers: B: Backs up data labeled with archive bit 1 and changes the data label to archive bit 0. - This is the behavior of an incremental backup, not a differential backup. C: Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0. - If the archive bit is set to 0 (Off), it will only be backed up with a Full backup. Differential and incremental backups will not back up the file. D: Backs up data labeled with archive bit 0 and changes the data label to archive bit 1. - If the archive bit is set to 0 (Off), it will only be backed up with a Full backup. Differential and incremental backups will not back up the file. References: https://en.wikipedia.org/wiki/Archive_bit QUESTION 1035 Prior to a live disaster test also called a Full Interruption test, which of the following is most important? A. B. C. D.

Restore all files in preparation for the test. Document expected findings. Arrange physical security for the test site. Conduct of a successful Parallel Test

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A Full Interruption Test is the most intrusive to regular operations and business productivity. The original site is actually shut down, and processing takes place at the alternate site. A parallel test is one in which some systems are actually run at the alternate site. Incorrect Answers: A: Restoration of files is not the most important when conducting a Full Interruption. The most important is to set up a secondary site and conduct a parallel test on that site. B: To document expected findings is not the most important when conducting a Full Interruption. The most important is to set up a secondary site and conduct a parallel test on that site. C: To arrange physical security for the test site is not the most important when conducting a Full Interruption. The most important is to conduct a parallel test on the test site. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 956 QUESTION 1036 Organizations should not view disaster recovery as which of the following? A. B. C. D.

Committed expense. Discretionary expense. Enforcement of legal statutes. Compliance with regulations.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A discretionary expense is a cost which is Essential for the operation of a business. The disaster recovery is CISSP

concerned with business functions and costs that are essential for the business, and does Address discretionary expense. Incorrect Answers: A: A committed expense is an unavoidable expensive. Disaster recovery must take unavoidable expenses into account. C: The disaster recovery procedures must be in compliance with the law. D: The disaster recovery procedures must be in compliance with regulations References: http://www.investopedia.com/terms/d/discretionary-expense.asp QUESTION 1037 Which of the following is BEST defined as a physical control? A. B. C. D.

Monitoring of system activity Fencing Identification and authentication methods Logical access control mechanisms

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Physical controls are controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls. Fencing (protecting the perimeter of the facility) is an example of a physical control. Incorrect Answers: A: Monitoring of system activity is an example of a technical control. C: Identification and authentication methods are an example of a technical control. D: Logical access control mechanisms are an example of a technical control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 28 QUESTION 1038 Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations? A. B. C. D.

Restrict access to main air intake points to persons who have a work-related reason to be there Maintain access rosters of maintenance personnel who are not authorized to work on the system Escort all contractors with access to the system while on site Ensure that all air intake points are adequately secured with locking devices

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Over the past several years, there has been an increasing awareness dealing with anthrax and airborne attacks. Harmful agents introduced into the HVAC system can rapidly spread throughout the structure and infect all persons exposed to the circulated air. CISSP

The following is a list of guidelines necessary to enhance security in this critical aspect of facility operations: Restrict access to main air intake points to persons who have a work-related reason to be there. Escort all contractors with access to the system while on site. Ensure that all air intake points are adequately secured with locking devices. Maintaining access rosters of maintenance personnel who are not authorized to work on the system is a recommended guideline; however, it is not a ‘necessary’ guideline to ensure safety. Incorrect Answers: A: Restricting access to main air intake points to persons who have a work-related reason to be there is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect. C: Escorting all contractors with access to the system while on site is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect. D: Ensuring that all air intake points are adequately secured with locking devices is a necessary guideline to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations. Therefore, this answer is incorrect. QUESTION 1039 Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following? A. B. C. D.

Accountability of biometrics systems Acceptability of biometrics systems Availability of biometrics systems Adaptability of biometrics systems

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Acceptability in terms of biometric systems refers to considerations of privacy, invasiveness, and psychological and physical comfort when using the system. For example, a concern with retina scanning systems may be the exchange of body fluids on the eyepiece or the feeling that a retinal scan could be harmful to the eye. Another concern would be the retinal pattern that could reveal changes in a person’s health, such as diabetes or high blood pressure. Incorrect Answers: A: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of accountability of biometrics systems. C: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of availability of biometrics systems. D: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are not elements of adaptability of biometrics systems. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 60 QUESTION 1040 The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels? A. C1 and above. B. C2 and above. C. B1 and above.

CISSP

D. B2 and above. Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The Orange Book provides a classification system that is divided into hierarchical divisions of assurance levels: A. Verified protection B. Mandatory protection C. Discretionary protection D. Minimal security Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating. The classes with higher numbers offer a greater degree of trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1. Each division and class incorporates the requirements of the ones below it. This means that C2 must meet its criteria requirements and all of C1’s requirements, and B3 has its requirements to fulfill along with those of C1, C2, B1, and B2. C2: Controlled Access Protection Users need to be identified individually to provide more precise access control and auditing functionality. Logical access control mechanisms are used to enforce authentication and the uniqueness of each individual’s identification. Security-relevant events are audited, and these records must be protected from unauthorized modification. Incorrect Answers: A: Auditing mechanisms are not required for systems at C1 level. C: Auditing mechanisms are at C2 level which is lower than B1. D: Auditing mechanisms are at C2 level which is lower than B2. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-395 QUESTION 1041 The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for: A. B. C. D.

Security Testing. Design Verification. System Integrity. System Architecture Specification.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Orange Book Pages 15 states: 2.1.3.1.2 System Integrity: Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB. Incorrect Answers: A: The requirement for security testing: The security mechanisms of the ADP system shall be tested and found

CISSP

to work as claimed in the system documentation. Testing shall be done to assure that there are no obvious ways for an unauthorized user to bypass or otherwise defeat the security protection mechanisms of the TCB. This is not what is described in the question. B: There are five requirements defined for design verification. The statement in the question is not one of those five requirements. D: The statement in the question is not one of the requirements for System Architecture Specification. References: http://csrc.nist.gov/publications/history/dod85.pdf, pp. 15, 101 QUESTION 1042 Covert Channel Analysis is FIRST introduced at what level of the TCSEC rating? A. B. C. D.

C2 and above. B1 and above. B2 and above. B3 and above.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above because these are the systems that would be holding data sensitive enough for others to go through all the necessary trouble to access data in this fashion. B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise. Incorrect Answers: A: Covert Channel Analysis is not used at layer C2. B: Covert Channel Analysis is not used at layer B1. D: B3 is not the lowest level that uses Covert Channel Analysis. Level B2 uses Covert Channel Analysis. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 380, 396 QUESTION 1043 Which of the following is most concerned with personnel security? A. B. C. D.

Management controls Operational controls Technical controls Human resources controls

Correct Answer: B CISSP

Section: Security Operations Explanation Explanation/Reference: Explanation: On the CISSP exam you can see control categories broken down into administrative, technical, and physical categories and the categories outlined by NIST, which are management, technical, and operational. You need to be familiar with both ways of categorizing control types. According to the NIST control categories, Personnel Security is an Operational control. Incorrect Answers: A: Personnel security is not a management control. C: Personnel security is not a technical control. D: Human resources controls are not a defined control category although there are human resource controls listed in the administrative control category. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 58 QUESTION 1044 Which of the following backup sites is the most effective for disaster recovery? A. B. C. D.

Time brokers Hot sites Cold sites Reciprocal Agreement

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Hot sites are a good choice for a company that needs to ensure a site will be available for it as soon as possible. The only missing resources from a hot site are usually the data. A hot site is a facility that is leased or rented and is fully configured and ready to operate within a few hours. Incorrect Answers: A: A time brokers backup solution would be less effective compared to hot or cold sites. C: A cold site is less effective than a hot site since the cold site is a leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional services. A cold site is essentially an empty data center. D: Reciprocal agreements are less effective compared to hot or cold sites, since reciprocal agreements are Enforceable. This means that although company A said company B could use its facility when needed, when the need arises, company A legally does not have to fulfill this promise. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 921 QUESTION 1045 Which of the following is a transaction redundancy implementation? A. B. C. D.

On-site mirroring Electronic Vaulting Remote Journaling Database Shadowing

CISSP

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: On-site mirroring is a transaction redundancy solution. Incorrect Answers: B: Electronic vaulting is one type of transaction redundancy solution. Electronic vaulting makes copies of files as they are modified and periodically transmits them to an offsite backup site. C: Remote journaling is one type of transaction redundancy solution. Remote journaling is a method of transmitting data offsite. It usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. D: Database Shadowing is one type of transaction redundancy solution. It is a mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 938-939 QUESTION 1046 A site that is owned by the company and mirrors the original production site is referred to as a _______? A. B. C. D.

Hot site. Warm Site. Reciprocal site. Redundant Site.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A redundant site is owned by the company and is a mirror of the original production environment. Incorrect Answers: A: A hot site is not owned by the company. A hot site is leased or rented. B: A warm site is a leased or rented facility. It is not owned by the company. C: A reciprocal site is owned by another company, and is set up through a reciprocal agreement. A reciprocal agreement is one in which a company promises another company it can move in and share space if it experiences a disaster, and vice versa. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 925 QUESTION 1047 Which of the following is the most critical item from a disaster recovery point of view? A. B. C. D.

Data Hardware/Software Communication Links Software Applications

Correct Answer: A

CISSP

Section: Security Operations Explanation Explanation/Reference: Explanation: Data loss has the most negative impact on business functions. Data loss often lead to business failure. Incorrect Answers: B: Software can be reinstalled and hardware can replaced, and are therefore less critical compared to loss of data. C: Communication links can quite easily put back again, compared to loss of data. D: Loss of applications is Critical as they can be reinstalled. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 957 QUESTION 1048 Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)? A. B. C. D.

Recovery Point Objective Recovery Time Objective Point of Time Objective Critical Time Objective

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A Recovery Point Objective (RPO) is the maximum period of time in which data might be lost if a disaster strikes. It is the most recent point in time to which data must be synchronized to avoid major negative impact on the organization. Incorrect Answers: B: The Recovery Time Objective is the amount of time in which you think you can feasibly recover the function in the event of a disruption. C: There is no Point of Time Objective within the CISSP framework. D: There is no Critical Time Objective within the CISSP framework. QUESTION 1049 Which of the following items is a benefit of cold sites? A. B. C. D.

No resource contention with other organization Quick Recovery A secondary location is available to reconstruct the environment Low Cost

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A cold site is a leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional services. A cold site cannot provide a quick

CISSP

recovery. A warm site is needed for a quick recovery. Incorrect Answers: A: A cold site is a separate site and would Be a resource contention with another company. C: A cold site is located at another location where the original site can be reconstructed. D: Compared to a hot site, or a warm site, a cold site has a lower cost. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 921 QUESTION 1050 When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? A. B. C. D.

Shadowing Data mirroring Backup Archiving

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Database Shadowing is one type of transaction redundancy solution whereby a full copy of the user's database is maintained at an alternate information processing facility. Incorrect Answers: B: Data mirroring does not necessarily use a remote location. Data mirroring mirrors data to another server, or to another hard drive on the same server, on the local network. C: A backup solution would not handle database records. It handles data at the file level. D: An archiving solution would not handle database records. It handles data at the file level. References: http://www.bcmpedia.org/wiki/Database_Shadowing QUESTION 1051 Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? A. B. C. D.

External Hot site Warm Site Internal Hot Site Dual Data Center

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: An internal hot site is standby ready with all the technology and equipment necessary to run the applications to be recovered there. Incorrect Answers: A: An external hot site has equipment on the floor waiting for recovery, but the environment must be rebuilt for CISSP

the recovery. An external hot site is not standby ready. B: A warm site is not standby ready. A warm site is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment such as communication equipment and servers. D: A dual data center is employed for application that canAccept any downtime without unacceptably impacting the business. A dual data center would be more than standby ready, but it would be more expensive. QUESTION 1052 What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? A. B. C. D.

The most critical operations are moved from alternate site to primary site before others Operation may be carried by a completely different team than disaster recovery team The least critical functions should be moved back first You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The salvage team must ensure the reliability of primary site. This is done by returning the least-mission-critical processes to the restored original site to stress – test the rebuilt network. As the restored site shows resiliency, more important processes are transferred. Incorrect Answers: A: The most critical operations should be to the primary site after, Before, the other less critical operations have been moved. B: As many operations that the salvage team handles are the same as the operations carried out by the disaster recovery team, there can be very well be an overlap between the team members. A person can be a member of both teams. D: The order in which the operations are restored should Be exactly the same order in which the operations where moved to the alternative site. You should transfer the least critical operations first. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 669 QUESTION 1053 Which of the following is a large hardware/software backup system that uses the RAID technology? A. B. C. D.

Tape Array. Scale Array. Crimson Array Table Array.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Cheyenne Software (now owned by Computer Associates) was the first to offer RAID 5 for tape devices. Because by nature tape devices employ a sequential access method, RAID 5 is an ideal solution for a tape array. CISSP

Incorrect Answers: B: A scale array is A RAID backup system. C: A crimson array is A RAID backup system. D: A table array is A RAID backup system. QUESTION 1054 What is the MOST critical piece to disaster recovery and continuity planning? A. B. C. D.

Security policy Management support Availability of backup information processing facilities Staff training

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The most critical part of establishing and maintaining a current continuity plan is management support. Management must be convinced of the necessity of such a plan. Therefore, a business case must be made to obtain this support. Incorrect Answers: A: Compared to get management support for the plan, security policy is less important. C: Compared to get management support for the plan, availability of backup facilities is less important. D: Compared to get management support for the plan, staff training is less important. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 897 QUESTION 1055 During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? A. B. C. D.

Measurement of accuracy Elapsed time for completion of critical tasks Quantitatively measuring the results of the test Evaluation of the observed test results

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Once you develop a list of threats, you must individually evaluate each threat and its related risk. There are two risk assessment methodologies: quantitative and qualitative. Quantitative risk analysis assigns real dollar figures to the loss of an asset. Incorrect Answers: A: Accuracy is not measured. It is the list of threats that are quantitative measured. B: Elapsed time for completion of critical tasks is Critical. It is critical to evaluate the risks. D: the observed test results are Evaluated. The business function either passes or fails the test. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional CISSP

Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 243 QUESTION 1056 Which of the following statements regarding an off-site information processing facility is TRUE? A. B. C. D.

It should have the same amount of physical access restrictions as the primary processing site. It should be located in proximity to the originating site so that it can quickly be made operational. It should be easily identified from the outside so in the event of an emergency it can be easily found. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The physical access restrictions at the off-site facility does Be at same level as at the original site. Incorrect Answers: B: An off-site location which is close would be ill-advised as the same disaster can strike both the main site and the alternate site. C: The off-site facility must be readily accessed and should be easily identified from the outside. D: The same operational environment should be possible at the alternate location. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 444 QUESTION 1057 Business Continuity and Disaster Recovery Planning (Primarily) addresses the: A. B. C. D.

Availability of the CIA triad Confidentiality of the CIA triad Integrity of the CIA triad Availability, Confidentiality and Integrity of the CIA triad

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Availability is one of the main themes behind business continuity planning, in that it ensures that the resources required to keep the business going will continue to be available to the people and systems that rely upon them. Note: The CIA Triad, primary goals and objectives of security, is the three essential security principles of confidentiality, integrity, and availability. Vulnerabilities and risks are also evaluated based on the threat they pose against one or more of the CIA Triad principles. Incorrect Answers: B: Business Continuity and Disaster Recovery Planning primarily addresses availability, Confidentiality. C: Business Continuity and Disaster Recovery Planning primarily addresses availability, not integrity. D: Business Continuity and Disaster Recovery Planning primarily addresses availability, , Confidentiality or integrity. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 888

CISSP

QUESTION 1058 Which of the following is used to create parity information? A. B. C. D.

a hamming code a clustering code a mirroring code a striping code

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Parity data are created with a hamming code, which identifies any errors. Hamming codes can detect up to twobit errors or correct one-bit errors without detection of uncorrected errors. For example, RAID 2 uses hamming code parity. Incorrect Answers: B: A clustering code is not used for parity information. C: A mirroring code is not used for parity information. D: A striping code is not used for parity information. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1270 QUESTION 1059 Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. B. C. D.

Full backup method. Incremental backup method. Differential backup method. Tape backup method.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A full backup copies all the data from the system to the backup medium. Incorrect Answers: B: An incremental backup copies only the files that have been modified since the previous backup. C: A differential backup is a type of data backup that preserves data, saving only the difference in the data since the last full backup. D: A tape backup could perform many types of backups, including incremental or differential backups which do Copy every file. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1410 QUESTION 1060 Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:

CISSP

A. B. C. D.

Incident Evaluation Incident Recognition Incident Protection Incident Response

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: When an incident occurs, the Incident response team has four primary responsibilities: 1. Determine the amount and scope of damage caused by the incident. 2. Determine whether any confidential information was compromised during the incident. 3. Implement any necessary recovery procedures to restore security and recover from incident - related damages. 4. Supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident. Incorrect Answers: A: Determining the extent of the severity of an incident and remediate the incident's effects, is part of the incident response, and not part of an incident evaluation. B: Determining the extent of the severity of an incident and remediate the incident's effects, is part of the incident response, and not part of an incident recognition. C: Determining the extent of the severity of an incident and remediate the incident's effects, is part of the incident response, and not part of an incident protection. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 726 QUESTION 1061 A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of the following? A. B. C. D.

Server clustering Redundant servers Multiple servers Server fault tolerance

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A server cluster is a group of servers that are viewed logically as one server to users and can be managed as a single logical system through a single IP address. Incorrect Answers: B: Redundant servers are not grouped together and can be managed through a single IP address. C: In general, a group of multiple servers can be grouped together and managed through a single IP address. D: Server fault tolerance is not related to managing a group of servers through a single IP address. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1272 QUESTION 1062 CISSP

Which of the following is NOT a common backup method? A. B. C. D.

Full backup method Daily backup method Incremental backup method Differential backup method

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: You can have daily backup schedule, but there is no specific backup method called daily backup. Incorrect Answers: A: The full backup method copies all the data from the system to the backup medium. C: The incremental backup method copies only the files that have been modified since the previous backup. D: The differential backup method is a type of data backup that preserves data, saving only the difference in the data since the last full backup. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1410 QUESTION 1063 Which common backup method is the fastest on a daily basis? A. B. C. D.

Full backup method Incremental backup method Fast backup method Differential backup method

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: An incremental backup is fast because it copies only the files that have been modified since the previous backup. Incorrect Answers: A: A full backup is not fast as it copies all the data from the system to the backup medium. C: There is no backup method called the fast backup method. D: A differential backup is slower than an incremental backup since it copies more data. A differential backup copies only the difference in the data since the last full backup. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1410 QUESTION 1064 Which of the following backup methods is most appropriate for off-site archiving? A. Incremental backup method B. Off-site backup method C. Full backup method

CISSP

D. Differential backup method Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: All data should be archived. A full backup copies all the data from the system to the backup medium. After the full backup has finished, the backup media is physically transported to another off-site location. Incorrect Answers: A: Archiving should copy all the data, but an incremental backup copies only the files that have been modified since the previous backup. B: There is no special off-site backup method. Instead use a standard full backup and transport the backup media to the other site. D: Archiving should copy all the data, but a differential backup copies only the difference in the data since the last full backup. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1410 QUESTION 1065 Which of the following statements pertaining to RAID technologies is incorrect? A. B. C. D.

RAID-5 has a higher performance in read/write speeds than the other levels. RAID-3 uses byte-level striping with dedicated parity. RAID-0 relies solely on striping. RAID-4 uses dedicated parity.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: RAID-0 is faster than RAID-5 since RAID-0 is striping without parity, while RAID-5 uses parity which makes it slower. Incorrect Answers: B: RAID-3 uses byte-level parity. The Data striping over all drives and parity data held on one drive. If a drive fails, it can be reconstructed from the parity drive. C: With RAID-0 the data striped over several drives. No redundancy or parity is involved. If one volume fails, the entire volume can be unusable. It is used for performance only. D: RAID-4 uses block-level parity. The Data striping over all drives and parity data held on one drive. If a drive fails, it can be reconstructed from the parity drive. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1270 QUESTION 1066 A contingency plan should address: A. B. C. D.

Potential risks. Residual risks. Identified risks. All answers are correct.

CISSP

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Contingency plans are developed as a result of a risk being identified. Contingency plans are pre-defined actions plans that can be implemented if identified risks actually occur. One type of identified risk is a residual risk. Residual risks are those risks that are expected to remain after implementing the planned risk response, as well as those that have been deliberately accepted. A contingency plan should address the risks found during risk assessment. Risk assessment includes both the identification of potential risk and the evaluation of the potential impact of the risk. Incorrect Answers: A: Contingency plans should not just address potential risks. It should address identified risks and residual risks as well. B: Contingency plans should not just address residual risks. It should address identified risks and potential risks as well. C: Contingency plans should not just address identified risks. It should address potential risks and residual risks as well. QUESTION 1067 Which of the following focuses on sustaining an organization's business functions during and after a disruption? A. B. C. D.

Business continuity plan Business recovery plan Continuity of operations plan Disaster recovery plan

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A business continuity plan (BCP) contains strategy documents that provide detailed procedures that ensure critical business functions are maintained. Incorrect Answers: B: A recovery plan is focused on what actions to take after the disruption, while a Business continuity plan also includes procedures to keep critical business functions working during a disruption. C: The plan that keeps the business functions operating during a disruption is not named continuity of operations plan; it is called a Business continuity plan. D: A Disaster recovery plan is a plan developed to help a company recover from a disaster. It does not include operations to sustain business functions during a disruption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 961 QUESTION 1068 Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks? A. B. C. D.

Risk assessment Residual risks Security controls Business units CISSP

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A risk assessment is a critical part of the disaster recovery planning process. In disaster recovery planning, once you've completed a business impact analysis (BIA), the next step is to perform a risk assessment. Once risks and vulnerabilities have been identified, i.e. after the risk assessment has been completed, four types of defensive responses can be considered: Protective measures Mitigation measures Recovery activities Contingency plans Incorrect Answers: B: Contingency plans depend on risk assessments, not on residual risks. The residual risk is remaining risk after the security controls have been applied. C: Contingency plans depend on risk assessments, not on Security controls. D: Contingency plans depend on risk assessments, not on Business units. References: http://searchdisasterrecovery.techtarget.com/Risk-assessments-in-disaster-recovery-planning-A-free-IT-riskassessment-template-and-guide QUESTION 1069 A Business Continuity Plan should be tested: A. B. C. D.

Once a month. At least twice a year. At least once a year. At least once every two years.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Once a continuity plan is developed, it actually has to be put into action. The people who are assigned specific tasks need to be taught and informed how to fulfill those tasks, and dry runs must be done to walk people through different situations. The drills should take place at least once a year, and the entire program should be continually updated and improved. Incorrect Answers: A: Once a month would be too much. The Business Continuity Plan should be tested at least once a year. B: The Business Continuity Plan should be tested at least once a year. Twice a year is not necessary. D: The Business Continuity Plan should be tested at least once a year. Once every two years is not recommended. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 951 QUESTION 1070 Which of the following teams should be included in an organization's contingency plan? A. Damage assessment team

CISSP

B. Hardware salvage team C. Tiger team D. Legal affairs team Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A Tiger team is a team of attackers of a network. A Tiger team would never be part in a contingency plan. Note: The contingency plan consists of a business continuity plan (BCP) and a Disaster Recovery Plan (DRP). The teams necessary for the DRP include: Damage assessment team The damage assessment team is responsible for determining the disaster's cause and the amount of damage that has occurred to organizational assets. Legal Affairs Team The legal affairs team deals with all legal issues immediately following the disaster and during the disaster recovery. Hardware Salvage team The hardware salvage team recovers all assets at the disaster location and ensures that the primary site returns to normal. The hardware salvage team manages the cleaning of equipment, the rebuilding of the original facility, and identifies any experts to employ in the recovery process. Incorrect Answers: A: The damage assessment team is part of the contingency plan. B: The Hardware salvage team is part of the contingency plan. D: The legal affairs team is part of the contingency plan. QUESTION 1071 Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect? A. The plan should be reviewed at least once for accuracy and completeness. B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan. C. Strict version control should be maintained. D. Copies of the plan should be provided to recovery personnel for storage offline at home and office. Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The Contingency Planning Coordinator is not responsible to distribute the contingency plan to all employees. Incorrect Answers: A: Once a continuity plan is developed, it actually has to be put into action. The people who are assigned specific tasks need to be taught and informed how to fulfill those tasks, and dry runs must be done to walk people through different situations. The drills should take place at least once a year, and the entire program should be continually updated and improved. C: Version control is critical. A strict version control of the IT contingency should be kept. D: There should be two or three copies of these plans. One copy may be at the primary location, but the other copies should be at other locations in case the primary facility is destroyed. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 951

CISSP

QUESTION 1072 Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix? A. Contact information for all personnel. B. Vendor contact information, including offsite storage and alternate site. C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D. The Business Impact Analysis. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Contact information for all personnel is not required. Contact information is required for specific vendors, emergency agencies, offsite facilities, and any other entity that may need to be contacted in a time of need. Incorrect Answers: B: Contact information is required for specific vendors, emergency agencies, offsite facilities, and any other entity that may need to be contacted in a time of need. C: Documentation of the current system must be incorporated in the contingency plan. This documentation should include equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D: A vital part of a contingency plan is to conduct the business impact analysis (BIA). References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 890, 931 QUESTION 1073 Which of the following server contingency solutions offers the highest availability? A. B. C. D.

System backups Electronic vaulting/remote journaling Redundant arrays of independent disks (RAID) Load balancing/disk replication

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: With load balancing, often through clustering, each system takes a part of the processing load, and if one system fails there is an automatic failover to the other systems which continue to work. This guarantees a high availability of the service. Incorrect Answers: A: Systems backups only protects against data loss. It does not product a failure of server. B: Electronic vaulting and remote journaling are transaction redundancy solutions. It protect the system by copying transaction information to a remote location. In case of server failure the database can be restored, but it would require a rebuild of the database. C: RAID protects against a hard disk failures, but it does not protect against other type of server failures. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1272 CISSP

QUESTION 1074 What assesses potential loss that could be caused by a disaster? A. B. C. D.

The Business Assessment (BA) The Business Impact Analysis (BIA) The Risk Assessment (RA) The Business Continuity Plan (BCP)

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A Business Impact Analysis assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business. Incorrect Answers: A: The Business Assessment is an analysis that identifies the resources that are critical to an organization’s ongoing viability and the threats posed to those resources. A Business Assessment does analyze the potential loss of a disaster. C: A risk assessment includes the identification of potential risk and the evaluation of the potential impact of the risk. A risk assessment does assess the potential loss of a disaster. D: A business continuity plan (BCP) contains strategy documents that provide detailed procedures that ensure critical business functions are maintained. However, a BCP analyses the potential loss of a disaster. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 825 QUESTION 1075 Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival? A. B. C. D.

A risk assessment A business assessment A disaster recovery plan A business impact analysis

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A BIA (business impact analysis) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function’s criticality level. Incorrect Answers: A: A risk assessment includes the identification of potential risk and the evaluation of the potential impact of the risk. A risk assessment is a functional analysis of critical business functions. B: A Business Assessment is a functional analysis of critical business functions. The Business Assessment is an analysis that identifies the resources that are critical to an organization’s ongoing viability and the threats posed to those resources. C: A disaster recovery plan focuses on how to recover various IT mechanisms after a disaster. A disaster CISSP

recovery plan is a functional analysis of critical business functions. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 905 QUESTION 1076 What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization? A. B. C. D.

Recovery Point Objectives (RPO) Recovery Time Objectives (RTO) Recovery Time Period (RTP) Critical Recovery Time (CRT)

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. Incorrect Answers: A: A recovery point objective is the maximum targeted period in which data might be lost from an IT service due to a major incident. C: Recovery Time Period (RTP) is not a concept used within the CISSP framework. D: Critical Recovery Time (CRT) is not a concept used within the CISSP framework. References: https://en.wikipedia.org/wiki/Recovery_time_objective QUESTION 1077 Which of the following steps should be one of the FIRST steps performed in a Business Impact Analysis (BIA)? A. B. C. D.

Identify all CRITICAL business units within the organization. Evaluate the impact of disruptive events. Estimate the Recovery Time Objectives (RTO). Identify and Prioritize Critical Organization Functions

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management’s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats. Incorrect Answers: A: Identifying critical business units is an initial step of a Business Impact Analysis. Business Impact Analysis focuses on business functions, not on business units. B: Evaluating the impact of disruptive events is an initial step of a Business Impact Analysis. C: Estimating the Recovery Time Objectives is an initial step of a Business Impact Analysis. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 972 QUESTION 1078 A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include? A. B. C. D.

Marketing/Public relations Data/Telecomm/IS facilities IS Operations Facilities security

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. To get the alternate site operational it would need an information technology system similar to equal to the system running on the primary. This would include telecommunication facilities such as internet access. We would also need the data from the primary site to get the alternate site up and running. Incorrect Answers: A: Marketing/Public relations are not the primary concern. Most important is to get an alternate processing site running. C: At a disaster the Information Systems would be disrupted. To get the information systems up and running again we would need an alternate processing site, which requires the data, telecomm, and information systems facilities. D: Facility security relations are not the primary concern. Most important is to get an alternate processing site running. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 655 QUESTION 1079 Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? A. In order to facilitate recovery, a single plan should cover all locations. B. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. C. In its procedures and tasks, the plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A single plan is Always the best idea. Depending on the size of your organization and the number of people involved in the DRP effort, it may be a good idea to maintain multiple types of Recovery Plans documents. Incorrect Answers:

CISSP

B: A Business Continuity Plan committee needs to be put together. This committee decides course of actions that are implemented in the Business Continuity Plan. C: Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. D: The Business Continuity Plan risk assessment should include continuity risks due to outsourced vendors and suppliers. Critical vendors should be contacted to ensure that necessary equipment can be obtained. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 661 QUESTION 1080 The first step in the implementation of the contingency plan is to perform: A. B. C. D.

A firmware backup A data backup An operating systems software backup An application software backup

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The first priority of a contingency plan is to preserve business data. A first step to protect the data is make a backup of it. Incorrect Answers: A: A firmware backup is of lesser priority compared to a data backup. C: An operating systems backup is of lesser priority compared to a data backup. D: An application software backup is of lesser priority compared to a data backup. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1276 QUESTION 1081 The MOST common threat that impacts a business's ability to function normally is: A. B. C. D.

Power Outage Water Damage Severe Weather Labor Strike

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: As power outages are more common than other threats, even the most basic disaster recovery plan contains provisions to deal with the threat of a short power outage. Incorrect Answers: B: Water damage is much less frequent compared to a power outage. C: Severe weather causing a threat is much less frequent compared to a power outage. D: A labor strike causing a threat is much less frequent compared to a power outage.

CISSP

References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 649 QUESTION 1082 Failure of a contingency plan is usually: A. B. C. D.

A technical failure. A management failure. Because of a lack of awareness. Because of a lack of training.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Failure of the contingency plan is usually considered as a management failure. Incorrect Answers: A: A technical failure is not usually thought to be a failure of the contingency plan. C: A lack of awareness is not usually thought to be a failure of the contingency plan. D: Lack of training is not usually thought to be a failure of the contingency plan. QUESTION 1083 Which of the following questions is less likely to help in assessing an organization's contingency planning controls? A. B. C. D.

Is damaged media stored and/or destroyed? Are the backup storage site and alternate site geographically far enough from the primary site? Is there an up-to-date copy of the plan stored securely off-site? Is the location of stored backups identified?

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Damaged media is A critical part of contingency planning. Incorrect Answers: B: When choosing a backup facility, it should be far enough away from the original site so that one disaster does not take out both locations. C: To protect against disasters a copy of the current contingency plan must be stored away from the main site. D: To protect against disasters at least some of the backups must be stored at another location than the main site. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 953 QUESTION 1084 A business continuity plan is an example of which of the following? A. Corrective control B. Detective control

CISSP

C. Preventive control D. Compensating control Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A corrective control, such as business continuity plan (BCP), consists of instructions, procedures, or guidelines used to reverse the effects of an unwanted activity, such as attacks or errors. In particular a BCP is the assessment of a variety of risks to organizational processes and the creation of policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur. Incorrect Answers: B: A business continuity plan is A detective control. A detective control is an access control deployed to discover unwanted or unauthorized activity. Examples of detective access controls include security guards, supervising users, incident investigations, and intrusion detection systems (IDSs). C: A preventive control is any security mechanism, tool, or practice that can deter and mitigate undesirable actions or events. A business continuity plan is A preventive control. D: A compensating control is a data security measure that is designed to satisfy the requirement for some other security measure that is deemed too difficult or impractical to implement. A business continuity plan is A compensating control. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 14 QUESTION 1085 Which of the following statements pertaining to disaster recovery is incorrect? A. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first. Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The salvage team must ensure the reliability of primary site. This is done by returning the least-mission-critical processes to the restored original site to stress – test the rebuilt network. As the restored site shows resiliency, more important processes are transferred. Incorrect Answers: A: The restoration team should be responsible for getting the alternate site into a working and functioning environment B: The salvage team must ensure the reliability of primary site by returning it to normal processing conditions. C: Within the recovery plan the salvage team is responsible for starting the recovery of the original site. The recovery plan must include how the original site is recovered. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 669

CISSP

QUESTION 1086 For which areas of the enterprise are business continuity plans required? A. B. C. D.

All areas of the enterprise. The financial and information processing areas of the enterprise. The operating areas of the enterprise. The marketing, finance, and information processing areas.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A Business Impact Analysis (BIA) is performed at the beginning of business continuity planning to identify all the areas of the enterprise that would suffer the greatest financial or operational loss in the event of a disaster or disruption. Incorrect Answers: B: All areas of the operations must be considered, not only the financial an information processing areas. C: All areas of the operations must be considered, not only the operating areas. D: All areas of the operations must be considered, not only the marketing, finance, and information processing areas. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 911 QUESTION 1087 Which of the following will a Business Impact Analysis NOT identify? A. B. C. D.

Areas that would suffer the greatest financial or operational loss in the event of a disaster. Systems critical to the survival of the enterprise. The names of individuals to be contacted during a disaster. The outage time that can be tolerated by the enterprise as a result of a disaster.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A Business Impact Analysis (BIA) does not identify persons that should be contacted during a disaster. Incorrect Answers: A: A Business Impact Analysis (BIA) is performed at the beginning of business continuity planning to identify all the areas of the enterprise that would suffer the greatest financial or operational loss in the event of a disaster or disruption. B: The BIA identifies the company’s critical systems needed for survival. D: The BIA estimates the outage time that can be tolerated by the company as a result of a disaster or disruption. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 911 QUESTION 1088 What is a hot-site facility?

CISSP

A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. B. A site in which space is reserved with pre-installed wiring and raised floors. C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. D. A site with readymade work space with telecommunications equipment, LANs, PCs, and terminals for work groups. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A hot site is a backup facility is maintained in constant working order, with a full complement of pre-installed servers and workstations, raised flooring, air conditioning, network equipment including communications links, and UPS ready to assume primary operations responsibilities. Incorrect Answers: B: A site in which space is reserved with pre-installed wiring and raised floors is called a cold site, A hot site. C: A hot site includes pre-installed servers. D: A hot site includes pre-installed servers. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 656 QUESTION 1089 Which of the following best describes remote journaling? A. B. C. D.

Send hourly tapes containing transactions off-site. Send daily tapes containing transactions off-site. Real-time capture of transactions to multiple storage devices. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Remote journaling is a method of transmitting data offsite. It usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. These logs contain the deltas (changes) that have taken place to the individual files. If and when data are corrupted and need to be restored, the bank can retrieve these logs, which are used to rebuild the lost data. Incorrect Answers: A: Remote journaling does not involve tapes that are sent on an hourly schedule. B: Remote journaling does not involve tapes that are sent on a daily schedule. C: Remote journaling send log files, not transactions, to a remote location. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 938-939 QUESTION 1090 All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would Be considered an essential element of the BIA but an important topic to include within the BCP plan?

CISSP

A. B. C. D.

IT Network Support Accounting Public Relations Purchasing

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Public Relations is part of the BCP, but it is not part of the BIA. Public relations and Crisis Communication should be part of the BCP. Incorrect Answers: A: IT Network Support is part of both the BCP and the BIA. B: Accounting is part of both the BCP and the BIA. D: Purchasing is part of both the BCP and the BIA. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 905 QUESTION 1091 Of the following, which is a specific loss criteria that should be considered while developing a BIA? A. B. C. D.

Loss of skilled workers knowledge Loss in revenue Loss in profits Loss in reputation

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Loss of skilled workers knowledge is considered to be a BIA loss criteria. BIA loss criteria include: Loss in revenue Loss in profits Loss in reputation and public confidence Loss of competitive advantages Increase in operational expenses Violations of contract agreements Violations of legal and regulatory requirements Delayed income costs Loss in productivity Incorrect Answers: B: Loss in revenue is a BIA loss criteria. C: Loss in profits is a BIA loss criteria. D: Loss in reputation is a BIA loss criteria. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 909 QUESTION 1092 Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

CISSP

A. B. C. D.

Personnel turnover Large plans can take a lot of work to maintain Continuous auditing makes a Disaster Recovery plan irrelevant Infrastructure and environment changes

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Auditing would affect the Disaster Recovery plan. Note: The main reasons Disaster Recovery plans become outdated include the following: Personnel turn over. Large plans take a lot of work to maintain. Changes occur to the infrastructure and environment. Other reasons include: The business continuity process is not integrated into the change management process. Reorganization of the company, layoffs, or mergers occurs. Changes in hardware, software, and applications occur. After the plan is constructed, people feel their job is done. Plans do not have a direct line to profitability. Incorrect Answers: A: Personnel turnover can make the Disaster Recovery plan outdated. B: Large plans take a lot of work to maintain can make the Disaster Recovery plan outdated. C: Changes that occur to the infrastructure and environment can make the Disaster Recovery plan outdated. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 958 QUESTION 1093 Which backup type run at regular intervals would take the least time to complete? A. B. C. D.

Full Backup Differential Backup Incremental Backup Disk Mirroring

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: An incremental backup copies only the files that have been modified since the previous backup. An incremental backup copies less data compared to full and differential backups. Incorrect Answers: A: A full backup copies all the data from the system to the backup medium. It copies more data compared to an incremental backup. B: A differential backup is a type of data backup that preserves data, saving only the difference in the data since the last full backup. But a differential backup copies more data compared to an incremental backup. D: Disk mirroring works dynamically in real-time. Disk mirroring does not take place at regular intervals. References: CISSP

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 1410 QUESTION 1094 What is electronic vaulting? A. B. C. D.

Information is backed up to tape on a hourly basis and is stored in an on-site vault. Information is backed up to tape on a daily basis and is stored in an on-site vault. Transferring electronic journals or transaction logs to an off-site storage facility A transfer of bulk information to a remote central backup facility.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Electronic vaulting makes copies of files as they are modified and periodically transmits them in a bulk to an offsite backup site. Incorrect Answers: A: Electronic vaulting does not use tape backup on an hourly basis. B: Electronic vaulting does not use tape backup on a daily basis. C: Electronic vaulting copies data files not transaction logs. Remote journaling transfer log files. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 938-939 QUESTION 1095 After a company is out of an emergency state, what should be moved back to the original site first? A. B. C. D.

Executives Least critical components IT support staff Most critical components

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: The salvage team must ensure the reliability of primary site. This is done by returning the least-mission-critical processes to the restored original site to stress – test the rebuilt network. As the restored site shows resiliency, more important processes are transferred. Incorrect Answers: A: There is no priority to move the Executives back to the original site fast. The salvage team, not the Executives brings the original site back in order. C: The salvage team, not the IT support staff brings the original site back in order. There is no priority to move the IT support staff back to the original site fast. D: The most critical operations should be to the primary site after, before, the other less critical operations have been moved. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 669

CISSP

QUESTION 1096 How often should tests and disaster recovery drills be performed? A. B. C. D.

At least once a quarter At least once every 6 months At least once a year At least once every 2 years

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The drills should take place at least once a year, and the entire program should be continually updated and improved. Incorrect Answers: A: Once a quarter would be too much. Once a year is fine. B: Once every 6 months would be too much. Once a year is fine. D: Once every 2 years would Be enough. Once a year is the recommended frequency. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 951 QUESTION 1097 A business impact assessment is one element in business continuity planning. What are the three primary goals of a BIA? A. Data processing continuity planning, data recovery plan maintenance, and testing the disaster recovery plan. B. Scope and plan initiation, business continuity plan development, and plan approval and implementation. C. Facility requirements planning, facility security management, and administrative personnel controls. D. Criticality prioritization, downtime estimation, and resource requirements. Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The first business impact assessment (BIA) task facing the BCP team is identifying business priorities. The second quantitative measure that the team must develop is the maximum tolerable downtime (MTD). The final step of the BIA is to prioritize the allocation of business continuity resources to the various risks that you identified and assessed in the preceding tasks of the BIA. Incorrect Answers: A: Continuity planning and data recovery planning are not part of the BIA. B: Business continuity plan development is not part of the BIA. C: Facility planning is not part of the BIA. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 623-624 QUESTION 1098 Business Continuity Planning (BCP) is defined as a preparation that facilitates:

CISSP

A. B. C. D.

the rapid recovery of mission-critical business operations the continuation of critical business functions the monitoring of threat activity for adjustment of technical controls the reduction of the impact of a disaster

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The BCP is concerned with monitoring threat activity. Incorrect Answers: A: One goal of BCP is to enhance a company’s ability to recover from a disruptive event promptly. B: BCP is used to maintain the continuous operation of a business in the event of an emergency situation. D: The goal of BCP planners is to implement a combination of policies, procedures, and processes such that a potentially disruptive event has as little impact on the business as possible. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 612 QUESTION 1099 During a test of a disaster recovery plan the IT systems are concurrently set up at the alternate site. The results are compared to the results of regular processing at the original site. What kind of testing has taken place? A. B. C. D.

Simulation Parallel Checklist Full interruption

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: In a parallel test the employees are relocated to the site perform their disaster recovery responsibilities just as they would for an actual disaster. The only difference is that operations at the main facility are not interrupted. That site retains full responsibility for conducting the day - to - day business of the organization. Incorrect Answers: A: A simulation test does not use an alternate site. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response. C: In a checklist test you simply distribute copies of disaster recovery checklists to the members of the disaster recovery team for review. You do not set up an alternate site. D: Full - interruption tests actually shut down operations at the primary site and shifting them to the recovery site. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 671 QUESTION 1100 During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours.

CISSP

What would this system be classified as? A. B. C. D.

Important Urgent Critical Vital

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A classification of critical has a maximum tolerable downtime (MTD) in minutes to hours, such as 2 hours. Incorrect Answers: A: A classification as Important would have a MTD of around 72 hours. B: A classification as urgent would have a MTD of around 24 hours. D: There is no MTD classification named vital. The classifications are Nonessential (30 days), Normal (7 days), Important (72 hours), Urgent (24 hours), and Critical/Essential (minutes to hours). References: http://docplayer.net/1184175-Cissp-common-body-of-knowledge-business-continuity-disaster-recoveryplanning-domain-version-5-9-2.html QUESTION 1101 Business Impact Analysis (BIA) is about A. B. C. D.

Technology Supporting the mission of the organization Due Care Risk Assessment

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A Business Impact Assessment (BIA) supports the mission of the organization by identifying the resources that are critical to an organization’s ongoing viability and the threats posed to those resources. The BIA also assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business. Incorrect Answers: A: BIA is about critical business functions, and about technology. C: While due care concerns using reasonable care to protect the interests of an organization, BIA is about supporting the mission of the organization. D: BIA is about risk assessment. A BIA often takes place prior to a risk assessment. The BIA focuses on the effects or consequences of the interruption to critical business functions and attempts to quantify the financial and non-financial costs associated with a disaster. The business impact assessment looks at the parts of the organization that are most crucial. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 825 QUESTION 1102 CISSP

What is the MOST important step in business continuity planning? A. B. C. D.

Risk Assessment Due Care Business Impact Analysis (BIA) Due Diligence

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: In order to develop the in business continuity planning (BCP), the scope of the project must be determined and agreed upon. This involves some distinct milestones including Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components. Incorrect Answers: A: Risk assessment is part of the business continuity planning, but it is less important compared to the BIA. B: Due care is not the most important to the business continuity planning. Due care concerns using reasonable care to protect the interests of an organization. D: Due diligence is A factor for continuity planning. Due diligence is an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 356 QUESTION 1103 You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR) plan. After several months of researching the various areas of the organization, you are ready to present the plan to Senior Management. During the presentation meeting, the plan that you have dutifully created is not received positively. Senior Management is convinced that they need to enact your plan, nor are they prepared to invest any money in the plan. What is the BEST reason, as to why Senior Management is not willing to enact your plan? A. B. C. D.

The business case was not initially made and thus did not secure their support. They were not included in any of the Risk Assessment meetings. They were not included in any of the Business Impact Assessment meetings. A Business Impact Assessment was not performed.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The most critical part of establishing and maintaining a current continuity plan is management support. Management must be convinced of the necessity of such a plan. Therefore, a business case must be made to obtain this support. In order to convince Senior Management of the viability of the plan you need to convince them of the business case. The Senior Management usually wants information stated in monetary, quantitative terms, not in subjective, qualitative terms.

CISSP

Incorrect Answers: B: Senior Management does not need to attend the Risk Assessment meetings. C: Senior Management does not need to attend the Business Impact Assessment meetings. D: The Business Impact Assessment is made after the BCP plan has been approved. To make a Business Impact Assessment the BCP team must sit down and discuss, preferably with the involvement of senior management, qualitative concerns to develop a comprehensive approach that satisfies all stakeholders. QUESTION 1104 When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise available to lead the organization. Which of the following terms BEST describes this process? A. B. C. D.

Succession Planning Continuity of Operations Business Impact Analysis Business Continuity Planning

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Organizations must ensure that there is always an executive available to make decisions during a disaster. Executive succession planning determines an organization’s line of succession. Executives may become unavailable due to a variety of disasters, ranging from injury and loss of life to strikes, travel restrictions, and medical quarantines. Incorrect Answers: B: The purpose of a Continuity of Operations plan is to maintain operations during a disaster. Continuity of Operations does address chain of command recovery. C: A Business Impact Assessment (BIA) is an analysis that identifies the resources that are critical to an organization’s ongoing viability and the threats posed to those resources. A BIA does address chain of command recovery. D: Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. Business continuity planning does address chain of command recovery. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 372 QUESTION 1105 Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description? Configured and functional facility Available with a few hours Requires constant maintenance Is expensive to maintain A. B. C. D.

Hot Site Warm Site Cold Site Remote Site

Correct Answer: A Section: Security Operations CISSP

Explanation Explanation/Reference: Explanation: A hot site is a facility that is leased or rented and is fully configured and ready to operate within a few hours. The only missing resources from a hot site are usually the data, which will be retrieved from a backup site, and the people who will be processing the data. The hot site would include computers, cables and peripherals. Incorrect Answers: B: A warm site is a leased or rented facility that is usually partially configured with some equipment, such as HVAC, and foundational infrastructure components, but not the actual computers. In other words, a warm site is usually a hot site without the expensive equipment such as communication equipment and servers. C: A cold site is a leased or rented facility that supplies the basic environment, electrical wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional services. D: A remote site is just a site at a remote location. There are no specification on what equipment or services, if any, would be available at the remote location. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 920 QUESTION 1106 Which of the following plan provides procedures for sustaining essential business operations while recovering from significant disruption? A. B. C. D.

Business Continuity Plan Occupant Emergency Plan Cyber Incident Response Plan Disaster Recovery Plan

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: A business continuity plan provides procedures for sustaining essential business operations while recovering from a significant disruption. Incorrect Answers: B: The occupant emergency plan (OEP) provides the “response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency.” C: A Cyber Incident response plan focuses on malware, hackers, intrusions, attacks, and other security issues. It outlines procedures for incident response. D: A Disaster recovery plan provides detailed procedures to facilitate recovery of capabilities at an alternate site, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 369-370 QUESTION 1107 Which of the following statements pertaining to disaster recovery planning is incorrect? A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if a

CISSP

disruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities. Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Every organization should have a disaster recovery plan, but there is no requirement of a disaster recovery plan. Incorrect Answers: B: The DRP is carried out when everything is still in emergency mode, and everyone is scrambling to get all critical systems back online. But the DRP also includes comprehensive instructions for essential personnel to follow immediately upon recognizing that a disaster is imminent. C: The disaster recovery plan (DRP) guides the recovery efforts necessary to restore your business to normal operations as quickly as possible. The DRP guides the actions of emergency - response personnel until the end goal is reached, which is to see the business restored to full operating capacity in its primary operations facilities. D: One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 887 QUESTION 1108 Which of the following statements do apply to a hot site? A. B. C. D.

It is expensive. There are cases of common overselling of processing capabilities by the service provider. It provides a false sense of security. It is accessible on a first come first serve basis. In case of large disaster it might Be accessible.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A hot site is Accessible on first come first server basis. With a hot site arrangement, a backup facility is maintained in constant working order, with a full complement of servers, workstations, and communications links ready to assume primary operations responsibilities. The servers and workstations are all preconfigured and loaded with appropriate operating system and application software. Incorrect Answers: A: One disadvantage of a hot site is that it is very expensive. B: The hot site service provider might oversell the processing capabilities. C: The level of disaster recovery protection provided by a hot site is unsurpassed. A hot site does not give a false sense of security. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 921 QUESTION 1109 What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

CISSP

A. B. C. D.

Remote journaling Electronic vaulting Data clustering Database shadowing

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: In an electronic vaulting scenario, database backups are transferred to a remote site using bulk transfers. The transfers occur in infrequent batches. Incorrect Answers: A: With remote journaling, data transfers are performed in a expeditious manner. Data transfers occur in a bulk transfer mode, but they occur on a frequent basis, usually once every hour if not more frequently. C: Data clustering does not include batch processing dumping data at an alternate location. D: Database shadowing is remote journaling to more than one destination duplicate server. Remote journaling is Batch processing dumping backup data to an alternate location. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 660 QUESTION 1110 Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? A. B. C. D.

Full Interruption test Checklist test Simulation test Structured walk-through test

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Full-interruption tests operate like parallel tests, but they involve actually shutting down operations at the primary site and shifting them to the recovery site. After a parallel test has been completed the next step is to perform a full-interruption test. Incorrect Answers: B: The checklist test is one of the simplest tests to conduct. You should perform it before, after, you perform a Parallel test. C: Simulation tests are similar to the structured walk – through tests, and should be performed before parallel test, after parallel tests. D: Parallel tests represent the next level in testing compared to a structured walk-through test, not vice versa. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 671 QUESTION 1111 What is the Maximum Tolerable Downtime (MTD)?

CISSP

A. B. C. D.

Maximum elapsed time required to complete recovery of application data Minimum elapsed time required to complete recovery of application data Maximum elapsed time required to move back to primary site after a major disruption It is maximum delay businesses can tolerate and still remain viable

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The outage time that can be endured by a company is referred to as the maximum tolerable downtime (MTD). Incorrect Answers: A: Maximum Tolerable Downtime does not refer to application data. Maximum Tolerable Downtime is the time delay that the business can tolerate. B: Maximum Tolerable Downtime does not refer to application data. Maximum Tolerable Downtime is the time delay that the business can tolerate. C: Maximum Tolerable Downtime does not refer to the time needed to move back to the primary site after a disruption. Maximum Tolerable Downtime is the time delay that the business can tolerate. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 909 QUESTION 1112 Which of the following specifically addresses cyber-attacks against an organization's IT systems? A. B. C. D.

Continuity of support plan Business continuity plan Incident response plan Continuity of operations plan

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A Cyber incident response plan focuses on malware, hackers, intrusions, attacks, and other security issues. It outlines procedures for incident response. There are no other types of Incident response plans. Incorrect Answers: A: There is no continuity of support plan which addresses cyber-attacks. The Incident response plan addresses cyber-attacks. B: A business continuity plan (BCP) does address cyber-attacks. A BCP contains strategy documents that provide detailed procedures that ensure critical business functions are maintained. D: There is no continuity of operations plan which addresses cyber-attacks. The Incident response plan addresses cyber-attacks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 953 QUESTION 1113 During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first?

CISSP

A. B. C. D.

Damage mitigation Install LAN communications network and servers Assess damage to LAN and servers Recover equipment

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: The damage assessment team should be responsible determining the disaster's cause and the amount of damage that has occurred to organizational assets. The assessment of the damage should include the status of the equipment at the site such as servers and network devices. Incorrect Answers: A: Damage mitigation is a preventive method which is applied prior to a disaster, while salvage are done after a disaster. B: Before installing new equipment the damage must be assessed and the equipment must be salvaged. D: Before the salvage team starts to recover the equipment, the damage assessment team should assess the damage on the site. QUESTION 1114 Which disaster recovery plan test involves functional representatives meeting to review the plan in detail? A. B. C. D.

Simulation test Checklist test Parallel test Structured walk-through test

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: In a Structured walk-through test representatives from each department or functional area come together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan; discusses the scope and assumptions of the plan; reviews the organization and reporting structure; and evaluates the testing, maintenance, and training requirements described. Incorrect Answers: A: In a Simulation test the plan is not reviewed in detail. In a Simulation test all employees who participate in operational and support functions, or their representatives, come together to practice executing the disaster recovery plan based on a specific scenario. B: A Checklist test, like a Structured walk-through test, has the aim to review the plan, but in a Checklist test the functional representatives do not meet. Instead copies of the BCP are distributed to the different departments and functional areas for review. C: The purpose of a Parallel test is not to review the plan in detail. A parallel test is done to ensure that the specific systems can actually perform adequately at the alternate offsite facility. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 955 QUESTION 1115 When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

CISSP

A. B. C. D.

Executive management staff Senior business unit management BCP committee Functional business units

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Senior management is ultimately responsible for all phases of the plan, and who should be most concerned about the protection of its assets. They must sign off on all policy issues, and they will be held liable for overall success or failure of a security solution. Incorrect Answers: A: If possible the BCP plan should by endorsed by the Executive management staff, but the Executive management staff is not responsible for identifying and prioritizing time-critical systems. C: The BCP committee does not identify and prioritize systems. The BCP committee oversees, initiates, plans, approves, tests and audits the BCP. It also implements the BCP, coordinates activities, approve the BIA survey. The BCP committee also oversees the creation of continuity plans and reviews the results of quality assurance activities D: Functional business units are a part of the BCP committee. Functional business units are not responsible for identifying and prioritizing time-critical system. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 55 QUESTION 1116 In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? A. B. C. D.

Human Resources Industrial Security Public Relations External Audit Group

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: If the incident response team determines that a crime has been carried out, senior management should be informed immediately. If the suspect is an employee, a human resources representative must be called right away. Incorrect Answers: B: Industrial Security does not need to be involved when an employee is suspected of a crime. C: Public Relations does not need to be involved when an employee is suspected of a crime. D: The External Audit Group does not need to be involved when an employee is suspected of a crime. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1035 QUESTION 1117 To be admissible in court, computer evidence must be which of the following? CISSP

A. B. C. D.

Relevant Decrypted Edited Incriminating

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: For evidence to be admissible in court, it needs to be relevant, sufficient, and reliable. Incorrect Answers: B: The evidence should not be changed. If it is encrypted it should be kept encrypted. C: Evidence should not be changed or edited. D: Evidence does not need to be incriminating. It can very well be used in favor of the suspect, such as an alibi. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1068 QUESTION 1118 Once evidence is seized, a law enforcement officer should emphasize which of the following? A. B. C. D.

Chain of command Chain of custody Chain of control Chain of communications

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: When evidence is seized, it is important to make sure a proper chain of custody is maintained to ensure any data collected can later be properly and accurately represented in case it needs to be used for later events such as criminal proceedings or a successful prosecution. Incorrect Answers: A: Chain of command is not related to the collection of evidence. In a military context, the chain of command is the line of authority and responsibility along which orders are passed within a military unit and between different units. C: Chain of control is not related to collection of evidence. Chain of custody relates to how evidence is collected. D: Chain of communication is not related to collection of evidence. Chain of custody relates to how evidence is collected. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 248 QUESTION 1119 Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing? A. System development activity B. Help-desk function

CISSP

C. System Imaging D. Risk management process Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: The computer system should not be changed, while the incident handling is ongoing. System development should not occur during incident handling. Incorrect Answers: B: As part of the ongoing incident handling employees, vendors, customers, partner, devices or sensors report the event to Help Desk. C: System imaging would not affect the ongoing incident handling and should take place to D: The Risk management process would not affect the ongoing incident handling. References: https://en.wikipedia.org/wiki/Computer_security_incident_management QUESTION 1120 In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process? A. B. C. D.

Using a write blocker Made a full-disk image Created a message digest for log files Displayed the contents of a folder

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The original media should have two copies created: a primary image (a control copy that is stored in a library) and a working image (used for analysis and evidence collection). These should be timestamped to show when the evidence was collected. Displaying the contents of a folder would affect the original media, and would compromise the evidence collection process. Incorrect Answers: A: A write blocker would be a step to secure the integrity of the media. B: Making a full-disk image would be a part of the investigation process. C: To create a message digest for log files would be part of the documentation. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1049 QUESTION 1121 What is the PRIMARY goal of incident handling? A. B. C. D.

Successfully retrieve all evidence that can be used to prosecute Improve the company's ability to be prepared for threats and disasters Improve the company's disaster recovery plan Contain and repair any damage caused by an event.

CISSP

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The primary goal of incident handling is to contain, eradicate, and recovery from the incident. See step 3 below. Note: The Incident Handling lifecycle can be divided into the following four steps: 1. Preparation 2. Detection and Analysis 3. Containment, Eradication, and Recovery 4. Post-incident Activity Incorrect Answers: A: Retrieving evidence to prosecute is not part of Incident Handling. B: Preparation is part of incident handling lifecycle, but it is not the most important goal. C: Improving the disaster recovery plan is not a goal of incident handling. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 331 QUESTION 1122 Which of the following would be LESS likely to prevent an employee from reporting an incident? A. B. C. D.

They are afraid of being pulled into something they don't want to be involved with. The process of reporting incidents is centralized. They are afraid of being accused of something they didn't do. They are unaware of the company's security policies and procedures.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A centralized incident reporting would increase, not decrease, the likelihood that an employee would report an incident. Incorrect Answers: A: An employee could be afraid to get involved and refrain from reporting an incident. C: Employees that are afraid of being accused of something they didn't do would be less likely to report an incident. D: Employees that are unaware of the company's security policies and procedures would be less likely to report an incident. References: https://en.wikipedia.org/wiki/Computer_security_incident_management QUESTION 1123 What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected? A. B. C. D.

To ensure that no evidence is lost. To ensure that all possible evidence is gathered. To ensure that it will be admissible in court To ensure that incidents were handled with due care and due diligence.

CISSP

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Real evidence, like any type of evidence, must meet the relevancy, materiality, and competency requirements before being admitted into court. In many cases, it is not possible for a witness to uniquely identify an object in court. In those cases, a chain of evidence (also known as a chain of custody) must be established. Incorrect Answers: A: Chain of custody is not used to avoid loss of evidence. It is used to ensure that evidence can be admitted. B: Chain of custody is not used to ensure that all possible evidence is collected. It is used to ensure that evidence can be admitted. D: Chain of custody concern evidence, it does not concern incidents. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 704 QUESTION 1124 What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? A. B. C. D.

Evidence Circumstance Doctrine Exigent Circumstance Doctrine Evidence of Admissibility Doctrine Exigent Probable Doctrine

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: In some circumstances, a law enforcement agent may seize evidence that is not included in the warrant, such as if the suspect tries to destroy the evidence. In other words, if there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction. This is referred to as exigent circumstances. Incorrect Answers: A: The exception to the search warrant is called exigent Circumstance, not Evidence Circumstance. C: Admissible evidence is not related to any search warrant. The general rule in evidence is that all relevant evidence is admissible and all irrelevant evidence is inadmissible. D: A search without a warrant can only be executed under exigent circumstances, not under exigent probabilities. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1057 QUESTION 1125 A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence? A. Direct evidence B. Circumstantial evidence

CISSP

C. Hearsay evidence D. Secondary evidence Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: Oral evidence, such as a witness’s testimony, and copies of original documents are placed in the secondary evidence category. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. Incorrect Answers: A: Direct evidence can prove a fact all by itself and does not need backup information to refer to. B: Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact. C: Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability. Hearsay is even less reliable compared to secondary evidence. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1055 QUESTION 1126 Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. B. C. D.

Direct evidence. Circumstantial evidence. Conclusive evidence. Corroborative evidence.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: Direct evidence can prove a fact all by itself and does not need backup information to refer to. Direct evidence often is based on information gathered from a witness’s five senses. Incorrect Answers: B: Circumstantial evidence can prove an intermediate fact, but not a direct fact by itself. The intermediate fact can then be used to deduce or assume the existence of another fact. C: Conclusive evidence is not collected from the five senses of a witness. Conclusive evidence is irrefutable and cannot be contradicted. Conclusive evidence is very strong all by itself and does not require corroboration. D: Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand its own, so it cannot disprove a specific act. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1055 QUESTION 1127 This type of supporting evidence is used to help prove an idea or a point, however it cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?

CISSP

A. B. C. D.

Circumstantial evidence Corroborative evidence Opinion evidence Secondary evidence

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: Corroborative evidence is supporting evidence used to help prove an idea or point. It cannot stand its own. Incorrect Answers: A: Circumstantial evidence can prove an intermediate fact, but not a direct fact by itself. The intermediate fact can then be used to deduce or assume the existence of another fact. This type of fact is used so the judge or jury will logically assume the existence of a primary fact. C: Opinion evidence would be the opinion of a witness, but the opinion rule dictates that the witness must testify to only the facts of the issue and not her opinion of the facts. D: Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. Oral evidence, such as a witness’s testimony, and copies of original documents are placed in the secondary evidence category. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1055 QUESTION 1128 Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court? A. B. C. D.

It must prove a fact that is immaterial to the case. Its reliability must be proven. The process for producing it must be documented and repeatable. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy. Incorrect Answers: A: The immateriality of the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. B: The reliability of the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. C: The process of producing the evidence is not the most important. It is more important to show how the evidence was collected, analyzed, transported, and preserved. This is called the chain of custody. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1050 QUESTION 1129 CISSP

Why would a memory dump be admissible as evidence in court? A. B. C. D.

Because it is used to demonstrate the truth of the contents. Because it is used to identify the state of the system. Because the state of the memory cannot be used as evidence. Because of the exclusionary rule.

Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: A memory dump identifies the state of the system. Computer-generated evidence that is in the form of routine operational business data or reports and binary disk or memory dumps now constitute exceptions to the rule that computer-generated evidence is hearsay, and is therefore admissible in court. Incorrect Answers: A: A memory dump does not identify the truth, it is identification of the state of the system. C: The state of the memory, the system state, can be admissible as evidence in court. D: The exclusionary rule refers to evidence that is inadmissible. The exclusionary rule is a legal principle in the United States, under constitutional law, which holds that evidence collected or analyzed in violation of the defendant's constitutional rights is sometimes inadmissible for a criminal prosecution in a court of law. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 504 QUESTION 1130 When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first? A. B. C. D.

Eliminate all means of intruder access. Contain the intrusion. Determine to what extent systems and data are compromised. Communicate with relevant parties.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: If the event is determined to be a real incident, it is identified and classified. Once we understand the severity of the incident taking place, we move on to the next stage, which is investigation. Investigation involves the proper collection of relevant data, which will be used in the analysis and following stages. The goals of these stages are to reduce the impact of the incident, identify the cause of the incident, resume operations as soon as possible, and apply what was learned to prevent the incident from recurring. Incorrect Answers: A: Before we can eliminate intruder access we would have to determine the extent of the intrusion. B: Before containing the intrusion we need to determine the extent of the intrusion. D: Before we can communicate with the relevant parties we need to determine the extent of the intrusion. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1038

CISSP

QUESTION 1131 When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court? A. B. C. D.

Back up the compromised systems. Identify the attacks used to gain access. Capture and record system information. Isolate the compromised systems.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: For a crime to be successfully prosecuted, solid evidence is required. Computer forensics is the art of retrieving this evidence and preserving it in the proper ways to make it admissible in court. Related system information must be captures and recorded. Incorrect Answers: A: To backup up a compromised system is a good idea, but it is not required for prosecution. B: Identifying the attacks would be a useful further step, but first the evidence must be safeguarded. D: To isolate a compromised system is a good idea, but it is not required for prosecution. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1052 QUESTION 1132 In order to be able to successfully prosecute an intruder: A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies. B. A proper chain of custody of evidence has to be preserved. C. Collection of evidence has to be done following predefined procedures. D. Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence. Correct Answer: B Section: Security Operations Explanation Explanation/Reference: Explanation: When evidence is seized, it is important to make sure a proper chain of custody is maintained to ensure any data collected can later be properly and accurately represented in case it needs to be used for later events such as criminal proceedings and a successful prosecution. Incorrect Answers: A: To successfully prosecute an intruder you do not need a designed point of contact. You need proper chain of custody of evidence. C: To successfully prosecute an intruder you do not to follow predefined procedures. You need proper chain of custody of evidence. D: It is import to make a replica of digital evidence to avoid tamping with evidence, though it is not strictly required to make a successfully prosecution. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 248

CISSP

QUESTION 1133 When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence: A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect critical information. C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation. Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy. Incorrect Answers: A: The legal aspect is not the most important factor to chain of custody. A history of how the evidence was handled is more important. B: When evidence is collected contact and advice from law enforcement officials. A history of how the evidence was handled is more important. D: Specifics of how to handle log files are not the most critical factor to establish a chain of custody. . A history of how the evidence was handled is more important. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1050 QUESTION 1134 When should a post-mortem review meeting be held after an intrusion has been properly taken care of? A. B. C. D.

Within the first three months after the investigation of the intrusion is completed. Within the first week after prosecution of intruders have taken place, whether successful or not. Within the first month after the investigation of the intrusion is completed. Within the first week of completing the investigation of the intrusion.

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: You should make post mortem review meeting after taking care of the intrusion, and no more than one week after the intrusion has been taken care of. Incorrect Answers: A: It is not a good practice to wait more than one week for the post-mortem review meeting. Three months is too much time. B: It is not a good practice to wait more than one week for the post-mortem review meeting To wait for until after a prosecution would take too much time. C: It is not a good practice to wait more than one week for the post-mortem review meeting. One month is too much time. References: CISSP

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 332 QUESTION 1135 Which of the following is a problem regarding computer investigation issues? A. Information is tangible. B. Evidence is easy to gather. C. Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence. D. In many instances, an expert or specialist is not required. Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Computer-based evidence is typically considered hearsay evidence. Hearsay is second-hand evidence, as opposed to direct evidence. Second-hand evidence is treated as less reliable. Incorrect Answers: A: Tangible information does not cause problem within an investigation. B: Easily collected information would cause a problem. D: During a computer investigation an expert or specialist could very well be required. References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 389 QUESTION 1136 If an organization were to monitor their employees' e-mail, it should not: A. B. C. D.

Monitor only a limited number of employees. Inform all employees that e-mail is being monitored. Explain who can read the e-mail and how long it is backed up. Explain what is considered an acceptable use of the e-mail system.

Correct Answer: A Section: Security Operations Explanation Explanation/Reference: Explanation: All the employees should be monitored, not only a few. Incorrect Answers: B: If a company feels it may be necessary to monitor e-mail messages and usage, this must be explained to the employees. C: The company should outline who can and cannot read employee messages, describe the circumstances under which e-mail monitoring may be acceptable, and specify where the e-mail can be accessed. D: The company should state which e-mail activity is acceptable. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1020 QUESTION 1137

CISSP

If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below? A. B. C. D.

Acquisition collection and identification Analysis Storage, preservation, and transportation Destruction

Correct Answer: D Section: Security Operations Explanation Explanation/Reference: Explanation: The evidence lifecycle does not include destruction. The evidence need to be preserved. Incorrect Answers: A: The evidence lifecycle include collection and identification of evidence. B: Analysis of evidence is included in the evidence lifecycle. C: The evidence lifecycle include storage, preservation, and transportation of evidence. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1054 QUESTION 1138 Which of the following best defines a Computer Security Incident Response Team (CSIRT)? A. B. C. D.

An organization that provides a secure channel for receiving reports about suspected security incidents. An organization that ensures that security incidents are reported to the authorities. An organization that coordinates and supports the response to security incidents. An organization that disseminates incident-related information to its constituency and other involved parties.

Correct Answer: C Section: Security Operations Explanation Explanation/Reference: Explanation: Many organizations now have a dedicated team responsible for investigating any computer security incidents that take place. These teams are commonly known as computer incident response teams (CIRTs) or computer security incident response teams (CSIRTs). Note: When an incident occurs, the response team has four primary responsibilities: Determine the amount and scope of damage caused by the incident. Determine whether any confidential information was compromised during the incident. Implement any necessary recovery procedures to restore security and recover from incident - related damages. Supervise the implementation of any additional security measures necessary to improve security and prevent recurrence of the incident. Incorrect Answers: A: The CSIRT is not set up to receive reports on security incidents. The CSIRT handles the security incidents when they occur. B: The CSIRT is not set up to alert authorities of security incidents. The CSIRT handles the security incidents when they occur. D: The CSIRT is not set up to inform on security incidents. The CSIRT handles the security incidents when they occur.

CISSP

References: Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 726 QUESTION 1139 What does "System Integrity" mean? A. B. C. D.

The software of the system has been implemented as designed. Users can't tamper with processes they do not own. Hardware and firmware have undergone periodic testing to verify that they are functioning properly. Design specifications have been verified against the formal top-level specification.

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: System Integrity means that all components of the system cannot be tampered with by unauthorized personnel and can be verified that they work properly. Incorrect Answers: A: System Integrity concerns how software runs, and is not related to implementation of software. C: System Integrity does not mean hardware and firmware verification. System Integrity relates to how running software behaves. D: System Integrity is not part of the specification verification. System Integrity concerns how software runs. References: http://www.cerberussystems.com/INFOSEC/stds/d520028.htm Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 12 QUESTION 1140 In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. B. C. D.

virus worm Trojan horse trapdoor

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: A trojan horse is any code that appears to have some useful purpose but contains code that has a malicious or harmful purpose imbedded in it. It is non-self-replicating malware that often includes a trapdoor as a means to gain access to a computer system bypassing security controls. Incorrect Answers: A: A Virus is a malicious program that can replicate itself and spread from one system to another. It does not appear to be harmless; its sole purpose is malicious intent often doing damage to a system.

CISSP

B: A Worm is similar to a Virus but does not require user intervention to execute. Rather than doing damage to the system, worms tend to self-propagate and devour the resources of a system. D A trapdoor is a means to bypass security by hiding an entry point into a system. Trojan Horses often have a trapdoor imbedded in them. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1213, 1214 http://en.wikipedia.org/wiki/Trojan_horse_(computing) http://en.wikipedia.org/wiki/Computer_virus http://en.wikipedia.org/wiki/Computer_worm http://en.wikipedia.org/wiki/Backdoor_(computing) QUESTION 1141 The security of a computer application is MOST effective and economical in which of the following cases? A. B. C. D.

The system is optimized prior to the addition of security. The system is procured off-the-shelf. The system is customized to meet the specific security threat. The system is originally designed to provide the necessary security.

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: The earlier in the process that security is planned for and implement the cheaper it is. It is also much more efficient if security is addressed in each phase of the development cycle rather than an add-on because it gets more complicated to add at the end. If security plan is developed at the beginning it ensures that security won't be overlooked. Incorrect Answers: A: If you wait to implement security after a system is completed the cost of adding security increases dramatically and can become much more complex. B: It is often difficult to add security to a system that has been procured off-the shelf. C: This implies only a single threat. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 298, 357 QUESTION 1142 Which of the following virus types changes some of its characteristics as it spreads? A. B. C. D.

Boot Sector Parasitic Stealth Polymorphic

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: A Polymorphic virus produces varied but operational copies of itself in an attempt to evade anti-virus software. Incorrect Answers: A: A boot sector virus attacks the boot sector of a drive. It describes the type of attack of the virus and not the CISSP

characteristics of its composition. B: A parasitic virus attaches itself to other files but does not change its characteristics. C: A stealth virus attempts to hide changes of the affected files but not itself. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1199, 1200, 1201 QUESTION 1143 Which of the following is commonly used for retrofitting multilevel security to a database management system? A. B. C. D.

trusted front-end trusted back-end controller kernel

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: In a multilevel security (MLS) database system, a trusted front-end is configured. Users connect to the trusted front-end and the trusted front-end connects to the database system. The trusted front end is responsible for directing queries to the correct database processor, for ensuring that there is no illegal flow of information between the database processors, for maintaining data consistency between replicated database fragments, and for properly labeling query responses and sending them back to the appropriate user. In addition, the trusted front end is responsible for user identification and authentication, maintenance of the trusted path to the user, and auditing. Incorrect Answers: B: A trusted back-end is not configured. The back-end would be the database system. Users connect to a trusted-front end which in turn connects to the back-end database system. C: A ‘controller’ is not the correct term for a system that is configured for a multilevel security database system. D: A kernel is the heart of an operating system. This is not what is configured for a multilevel security database system. References: http://www.acsac.org/secshelf/book001/19.pdf QUESTION 1144 Which of the following is an advantage of using a high-level programming language? A. B. C. D.

It decreases execution times for programs It allows programmers to define syntax It requires programmer-controlled storage management It enforces coding standards

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: High-level languages enforce coding standards as a specific order to statements is required as well as a syntax that must be used. Incorrect Answers: A: High-level language makes a program easier to code but does not affect the execution times for a program. CISSP

B: High-level languages have a set syntax that the programmer needs to follow. It does not allow the programmer to define their own syntax. C: High-level languages abstract the actual operation of the computer system such as memory usage, and storage. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1125-1128 QUESTION 1145 In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. B. C. D.

The transactions should be dropped from processing. The transactions should be processed after the program makes adjustments. The transactions should be written to a report and reviewed. The transactions should be corrected and reprocessed.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: An online transaction processing system is used in conjunction with a database to commit transactions to a database I real time. The database must maintain its integrity, meaning the data in the database must be accurate at all times. Therefore, transactions must occur correctly or not at all to ensure that that only accurate data are entered into the database. Incorrect Answers: B: Invalid transactions should not be processed as it would affect the accuracy of the data and the integrity of the database. Instead, the transaction should be dropped. C: Writing the transaction to a report for later review would help identify potential problems and/or threats. However, the database must maintain its integrity, meaning the data in the database must be accurate at all times. This means that the invalid transactions should not be allowed as it would compromise the database integrity. Therefore, the transaction should be dropped. D: Generally, an online transaction processing system does not have mechanisms to correct invalid transactions. These transactions are made by information entered into a web form or other front-end interface. The user needs to correct their error and resubmit the information. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1180-1182, 11871188 http://en.wikipedia.org/wiki/Online_transaction_processing http://databases.about.com/od/administration/g/concurrency.htm QUESTION 1146 When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason? A. B. C. D.

Human error The Windows Operating system Insecure programming languages Insecure Transport Protocols

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: CISSP

Explanation: The human error in this answer is poor programming by the software developer. A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. When a programmer writes a piece of software that will accept data, this data and its associated instructions will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted data. So if the input is supposed to be one character, the buffer should be one byte in size. If a programmer does not ensure that only one byte of data is being inserted into the software, then someone can input several characters at once and thus overflow that specific buffer. Incorrect Answers: B: The Windows Operating system does not cause buffer overflow vulnerabilities. C: Insecure programming languages do not cause buffer overflow vulnerabilities. D: Insecure Transport Protocols do not cause buffer overflow vulnerabilities. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 332 QUESTION 1147 A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. B. C. D.

project initiation and planning phase system design specification phase development & documentation phase acceptance phase

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Certification and accreditation (C&A) processes are performed before a system can be formally installed in the production environment. Certification is the technical testing and evaluation of a system while accreditation is the formal authorization given by management to allow a system to operate in a specific environment. The accreditation decision is based upon the results of the certification process. This occurs during the acceptance phase. Incorrect Answers: A: The project initiation and planning phase is the initial phase that establishes the need for a system. Nothing has been developed yet to be evaluated, tested, accredited, etc. B: System requirement specifications are gathered in the system design and specifications phase. This phase determines how the system will accomplish design goals and could cover required functionality, compatibility, fault tolerance, extensibility, security, usability, and maintainability. C: During the development & documentation phase programmers are assigned tasks to meet the specifications laid out in the design phase. This is where the system is developed. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 300, 406-407, 1092, 1095 QUESTION 1148 Which of the following is often the GREATEST challenge of distributed computing solutions? A. scalability

CISSP

B. security C. heterogeneity D. usability Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: A distributed computing environment is dependent on a network to ensure interoperability. This increases the footprint of the system and increases the potential for attack. Incorrect Answers: A: A distributed computing environment is almost infinitely scalable as additional systems can just be added to the environment. C: The distributed computing environment has evolved to support heterogeneous systems early in its emergence. It is thus possible to have systems from different vendors in a distributed computing environment. D: The support for heterogeneous systems in a distributed computing environment reduces the problem of usability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 70, 1142-1143 QUESTION 1149 What is the appropriate role of the security analyst in the application system development or acquisition project? A. B. C. D.

policeman control evaluator & consultant data owner application user

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: The security analyst contributes to the development of policies, standards, guidelines, and baselines. They help define the security controls and ensure the security controls are being implemented and maintained. This role is fulfilled through consultation and evaluation. Incorrect Answers: A: During system development or acquisition, there should be no need of anyone filling the role of policeman. C: The data owner is responsible for the protection of the data used by the application and can decide what security controls would be required to protect the Databased on the sensitivity and criticality of the data. D: The application user is an individual who uses the application for work-related tasks. The user must have the necessary level of access to the data to perform the duties within their position. The application user is not responsible for implementing or evaluating security measures. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 114, 121-122, 123, 125 QUESTION 1150 The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? CISSP

A. B. C. D.

project initiation and planning phase system design specifications phase development and documentation phase in parallel with every phase throughout the project

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: A system has a developmental life cycle, which is made up of the following phases: initiation, acquisition/ development, implementation, operation/maintenance, and disposal. Collectively these are referred to as a system development life cycle (SDLC). Security is critical in each phase of the life cycle. In the initiation phase the company establishes the need for a specific system. The company has figured out that there is a problem that can be solved or a function that can be carried out through some type of technology. A preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system. The Acquisition/Development phase should include security analysis such as Security functional requirements analysis and Security assurance requirements analysis In the Implementation phase, it may be necessary to carry out certification and accreditation (C&A) processes before a system can be formally installed within the production environment. Certification is the technical testing of a system. In the Operation and Maintenance phase, continuous monitoring needs to take place to ensure that security baselines are always met. Vulnerability assessments and penetration testing should also take place in this phase. These types of periodic testing allow for new vulnerabilities to be identified and remediated. Disposal phase: When a system no longer provides a needed function, plans for how the system and its data will make a transition should be developed. Data may need to be moved to a different system, archived, discarded, or destroyed. If proper steps are not taken during the disposal phase, unauthorized access to sensitive assets can take place. Incorrect Answers: A: Security staff should participate in all phases of the system development life cycle, not just the project initiation and planning phases. B: Security staff should participate in all phases of the system development life cycle, not just the development phase. Documentation is not one of the phases in the system development life cycle. C: System design specifications would happen in the development phase. ‘System design specifications’ is not a recognized phase in itself. Security staff should participate in all phases of the system development life cycle, not just the development phase. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1087-1093 QUESTION 1151 Which answer BEST describes a computer software attack that takes advantage of a previously unpublished vulnerability? A. B. C. D.

Zero-Day Attack Exploit Attack Vulnerability Attack Software Crack

Correct Answer: A Section: Software Development Security Explanation

CISSP

Explanation/Reference: Explanation: A zero-day is an undisclosed computer application vulnerability that could be misused to harmfully affect the computer programs, data, additional computers or a network. Incorrect Answers: B: An exploit refers to a piece of software or data, or a sequence of commands that takes advantage of a bug or vulnerability with the aim of causing unplanned or unexpected behavior to take place on computerized hardware, or its software. C: A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. D: Software cracking is the modification of software to get rid of or deactivate features that are considered undesirable by the person cracking the software. References: https://en.wikipedia.org/wiki/Zero_day_attack https://en.wikipedia.org/wiki/Exploit_%28computer_security%29 https://en.wikipedia.org/wiki/Vulnerability_(computing) https://en.wikipedia.org/wiki/Software_cracking QUESTION 1152 A 'Pseudo flaw' is which of the following? A. B. C. D.

An apparent loophole deliberately implanted in an operating system program as a trap for intruders. An omission when generating Psuedo-code. Used for testing for bounds violations in application programming. A normally generated page fault causing the system to halt.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A Pseudo flaw is appears as a vulnerability in an operating system program but is in actual fact a trap for intruders who may attempt to exploit the vulnerability. Incorrect Answers: B: Pseudocode is an informal high-level description of the operating principle of a software program. It uses some of the syntax and conventions of a programming language, but is intended for human reading rather than machine reading. C: Bounds checking is used to test for violations in application programming. Essentially, it tests the application’s response to inputted data and ensures the inputted data are of an acceptable length. D: A page fault is caused when the operating kernel attempts to access a page that is in virtual memory rather than in RAM. This often causes the system to halt. References: http://itlaw.wikia.com/wiki/Pseudo-flaw https://en.wikipedia.org/wiki/Pseudocode Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 334 Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 267 QUESTION 1153 Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model

CISSP

C. The Waterfall Model D. Expert Systems Model Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. CMM has Five Maturity Levels of Software Processes: The initial level: processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable as processes would not be sufficiently defined and documented to allow them to be replicated. The repeatable or managed level: basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. The defined level: an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. The quantatively managed level: an organization monitors and controls its own processes through data collection and analysis. The optimized level: processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. Incorrect Answers: B: The Spiral model uses an iterative approach to software development with an emphasis on risk analysis. The iterative approach allows new requirements to be addressed as they are uncovered. Testing takes place early in the development project, and feedback based upon these tests is integrated into the following iteration of steps. The risk analysis ensures that all issues are actively reviewed and analyzed. The evaluation phase allows the customer to evaluate the product in its current state and provide feedback, which is an input value for the following iteration of steps. This is a good model for complex projects that have fluid requirements. C: The Waterfall model uses a linear-sequential life-cycle approach with each phase having to be completed in its entirety before the next phase can begin. At the end of each phase, a review takes place to make sure the project is on the correct path. In this model all requirements are gathered in the initial phase and it is difficult to integrate changes as more information becomes available or requirements change. D: Expert systems is not a model for the development of software products. It is the use artificial intelligence (AI) to solve problems and is also called knowledge-based systems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 62, 1112, 11151116, 1120-1122, 1192 http://en.wikipedia.org/wiki/Capability_Maturity_Model QUESTION 1154 Which of the following determines that the product developed meets the projects goals? A. B. C. D.

verification validation concurrence accuracy

Correct Answer: B Section: Software Development Security Explanation

CISSP

Explanation/Reference: Explanation: Validation is the process of determining whether the product provides the necessary solution for the real-world problem that is was created to solve. Incorrect Answers: A: Verification is the process of determining whether the product accurately represents and meets the design specifications given to the developers. C: Concurrence occurs when there is a piece of software that will be accessed at the same time by different users and/or applications. It is not an issue of product development. D: Accuracy is related to the integrity of information and systems. The integrity of information and systems requires that the information and systems remain accurate and reliable. This is ensured by preventing any unauthorized modification to the information or systems. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 23-24, 1106, 1124, 1180-1181 http://iase.disa.mil/ditscap/DITSCAP.html QUESTION 1155 What is RAD? A. B. C. D.

A development methodology A project management technique A measure of system complexity Risk-assessment diagramming

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The Rapid Application Development (RAD) model is a software development model or methodology that relies on the use of rapid prototyping and enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. Incorrect Answers: B: RAD, or Rapid Application Development, is a software development model that relies on the use of rapid prototyping and enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. It is not a project management technique. C: RAD, or Rapid Application Development, is a software development model that relies on the use of rapid prototyping and enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. It is not a measure of system complexity D: RAD, or Rapid Application Development, is a software development model that relies on the use of rapid prototyping and enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. It is not Risk-assessment diagramming. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1116-1118 QUESTION 1156 Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes.

CISSP

D. To compare source code versions before transferring to the test environment Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: Debugging provides the basis for the programmer to correct the logic errors in a program under development before it goes into production. Logical errors and coding mistakes are referred to as bugs in the code. Incorrect Answers: A: The process of generating random data that can be sent to a target program in order to trigger failures is called fuzzing. C: Debugging does not protect the program from changes. D: Debugging is not used to compare code versions. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1102-1103, 1105 https://en.wikipedia.org/wiki/Debugging QUESTION 1157 Which of the following is one of the oldest and most common problems in software development that is still very prevalent today? A. B. C. D.

Buffer Overflow Social Engineering Code injection for machine language Unassembled reversible DOS instructions.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Buffer overflows are in the source code of various applications and operating systems. They have been around since programmers started developing software. This means it is very difficult for a user to identify and fix them. When a buffer overflow is identified, the vendor usually sends out a patch, so keeping systems current on updates, hotfixes, and patches is usually the best countermeasure. A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. So, the purpose of a buffer overflow may be either to make a mess, by shoving arbitrary data into various memory segments, or to accomplish a specific task, by pushing into the memory segment a carefully crafted set of data that will accomplish a specific task. This task could be to open a command shell with administrative privilege or execute malicious code. Incorrect Answers: B: Social engineering is when one person tricks another person into sharing confidential information, for example, by posing as someone authorized to have access to that information. This is a user issue; it is not a problem in software development. C: Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. This is not one of the most common problems in software development today. D: DOS applications are rare nowadays so unassembled reversible DOS instructions is not a prevalent problem today.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 332, 337 QUESTION 1158 Which of the following is NOT true concerning Application Control? A. B. C. D.

It limits end users use of applications in such a way that only particular screens are visible. Only specific records can be requested through the application controls Particular usage of the application can be recorded for audit purposes It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Application control limits what users can see or do within the application. For example, if a user does not have the necessary access privilege to perform some functions, the functions can be hidden from the screen or the screen itself can be hidden so the user cannot select it within the application. In a similar way, only the records a user has access to can be displayed. Application control is transparent to the user; the user does not know that a particular screen, function or data records have been hidden. Application control can be implemented to record the activities a user performs within the application for auditing purposes. Incorrect Answers: A: It is true that application control limits end users use of applications in such a way that only particular screens are visible. B: It is true that only specific records can be requested through the application controls. C: It is true that particular usage of the application can be recorded for audit purposes by Application Control. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1084-1085 QUESTION 1159 The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? A. B. C. D.

computer-aided development and imaging computer-aided duplexing and imaging computer-aided processing and imaging computer-aided design and imaging

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: An object-oriented database has classes to define the attributes and procedures of its objects, which can be a variety of data types such as images, audio, documents, and video. This complex data is required for computer-aided design and imaging. Incorrect Answers: A, B, C: Computer-aided development, computer-aided duplexing, and computer-aided processing are not valid CISSP

computing terms. The correct term is computer-aided design. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1173-1174 QUESTION 1160 Which of the following is not an element of a relational database model? A. B. C. D.

Relations, tuples, attributes and domains Data Manipulation Language (DML) on how the data will be accessed and manipulated Constraints to determine valid ranges and values Security structures called referential validation within tables

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: A relational database model uses attributes (columns) and tuples (rows) to contain and organize information. The relational database model is the most widely used model today. It presents information in the form of tables. A relational database is composed of two-dimensional tables, and each table contains unique rows, columns, and cells (the intersection of a row and a column). Each cell contains only one data value that represents a specific attribute value within a given tuple. These data entities are linked by relationships. The relationships between the data entities provide the framework for organizing data. A primary key is a field that links all the data within a record to a unique value. Data manipulation language (DML) contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete commands). A constraint is usually associated with a table and is created with a CREATE CONSTRAINT or CREATE ASSERTION SQL statement. They define certain properties that data in a database must comply with. They can apply to a column, a whole table, more than one table or an entire schema. Security structures called referential validation within tables are not an element of a relational database model. Referential integrity is used to ensure all foreign keys reference primary keys. Referential validation is not a security structure within a table. Incorrect Answers: A: Relations, tuples, attributes and domains are elements of a relational database model. B: Data Manipulation Language (DML) is an element of a relational database model. C: Constraints to determine valid ranges and values are an element of a relational database model. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1171-1177 QUESTION 1161 A persistent collection of interrelated data items can be defined as which of the following? A. B. C. D.

database database management system database security database shadowing

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: CISSP

A database can be defined as a persistent collection of interrelated data items. Persistency is obtained through the preservation of integrity and through the use of nonvolatile storage media. The description of a database is a schema and a Data Description Language (DDL) defines the schema. Incorrect Answers: B: A database management system is the software that maintains and provides access to the database. This is not what is described in the question. C: Database security restricts access to the database to authorized users and applications. This is not what is described in the question. D: Database shadowing creates a replica of the database on another database server for redundancy purposes. This is not what is described in the question. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 67 QUESTION 1162 The description of the database is called a schema. The schema is defined by which of the following? A. B. C. D.

Data Control Language (DCL). Data Manipulation Language (DML). Data Definition Language (DDL). Search Query Language (SQL).

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The description of the database is called a schema, and the schema is defined by a Data Definition Language (DDL). DDL is similar to a computer programming language and is used for defining data structures, such as database schemas. Incorrect Answers: A: The Data Control Language (DCL) is a subset of the Structured Query Language (SQL) that allows database administrators to configure security access to relational databases. B: The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands will be used by all database users during the routine operation of the database. D: SQL is the abbreviation for structured query language and not search query language. SQL is a standardized query language for requesting information from a database. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1177, 1178 https://secure.wikimedia.org/wikipedia/en/wiki/Data_Definition_Language http://databases.about.com/od/Advanced-SQL-Topics/a/Data-Control-Language-Dcl.htm http://www.webopedia.com/TERM/S/SQL.html http://www.w3schools.in/mysql/ddl-dml-dcl/ http://www.orafaq.com/faq/what_are_the_difference_between_ddl_dml_and_dcl_commands QUESTION 1163 Which of the following defines the software that maintains and provides access to the database? A. B. C. D.

database management system (DBMS) relational database management system (RDBMS) database identification system (DBIS) Interface Definition Language system (IDLS)

CISSP

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. Incorrect Answers: B: A relational database management system (RDBMS) provides access to a relational database. C: There is no database identification system. D: An Interface Definition Language (IDL) is a language that is used to define the interface between a client and server process in a distributed system. It is not used to provide access to a database. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1170 http://csis.pace.edu/~marchese/CS865/Papers/interface-definition-language.pdf QUESTION 1164 Which of the following represents a relation, which is the basis of a relational database? A. B. C. D.

One-dimensional table Two-dimensional table Three-dimensional table Four-dimensional table

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: The relational database model is based on a series of interrelated two-dimensional tables that have columns representing the variables and rows that contain specific instances of data. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1171 QUESTION 1165 Which of the following represents the rows of the table in a relational database? A. B. C. D.

attributes records or tuples record retention relation

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: The rows of the table represent records or tuples. Incorrect Answers: A: The columns of the table represent the attributes.

CISSP

C: Record retention refers to the usually legal requirement to retain data that are no longer of value to the business for a period of time. This ensures compliance with legal requirements. D: The relation represents the link between data entities, usually from different tables in the database. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1171, 1174 Miller, David R., CISSP Training Kit, O’Reilly Media, Sebastopol, 2013, pp. 687-688 QUESTION 1166 Which of the following can be defined as the set of allowable values that an attribute can take? A. B. C. D.

domain of a relation domain name service of a relation domain analysis of a relation domains, in database of a relation

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The domain of a relation is the set of allowable values that an attribute can take. In other words, it is the values that can be entered in a column (attribute) of a table (relation). References: Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, p. 272 QUESTION 1167 Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table? A. B. C. D.

primary key candidate key secondary key foreign key

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The primary key is the attribute that is used to make each row or tuple in a table unique. Incorrect Answers: B: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. C: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key. D: A foreign key is an attribute in one table that matches the primary key of another table and is used to crossreference tables. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-1180

CISSP

Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312 http://databases.about.com/cs/specificproducts/g/candidate.htm http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html QUESTION 1168 Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple? A. B. C. D.

primary key candidate key foreign key secondary key

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The primary key is the attribute that is used to make each row or tuple in a table unique. Incorrect Answers: B: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. C: A foreign key is an attribute in one table that matches the primary key of another table and is used to crossreference tables. D: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-1180 Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312 http://databases.about.com/cs/specificproducts/g/candidate.htm http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html QUESTION 1169 Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. B. C. D.

foreign key candidate key primary key secondary key

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A foreign key is an attribute in one table that matches the primary key of another table and is used to crossreference tables. Incorrect Answers:

CISSP

B: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. C: The primary key is the attribute that is used to make each row or tuple in a table unique. D: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-1180 Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312 http://databases.about.com/cs/specificproducts/g/candidate.htm http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html QUESTION 1170 Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? A. B. C. D.

primary key secondary key foreign key candidate key

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A foreign key is an attribute in one table that references or matches the primary key of another table. The primary key is the attribute that is used to ensure that each row or tuple in a table unique. Together, the foreign key and the primary key ensure referential integrity. Incorrect Answers: B: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key. C: A foreign key is an attribute in one table that matches the primary key of another table and is used to crossreference tables. D: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-1180, 1181 Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312 http://databases.about.com/cs/specificproducts/g/candidate.htm http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html QUESTION 1171 Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations? A. B. C. D.

foreign key to primary key foreign key to candidate key candidate key to primary key primary key to secondary key CISSP

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A foreign key is an attribute in one table that references or matches the primary key of another table. The primary key is the attribute that is used to ensure that each row or tuple in a table unique. Together, the foreign key and the primary key ensure referential integrity. Incorrect Answers: B: Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. There are usually more than one candidate key attributes in a table. C: A foreign key is an attribute in one table that references or matches the primary key of another table. Candidate keys are a subset of attributes that from which the database developer can choose the primary key to uniquely identify any tuple or record in a table. D: Secondary keys are candidate keys that have not been chosen as the primary key. The primary key is the attribute that is used to make each row or tuple in a table unique. Candidate keys are a subset of attributes that from which the database developer can choose the primary key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1174, 1179-1180, 1181 Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 276, 312 http://databases.about.com/cs/specificproducts/g/candidate.htm http://rdbms.opengrass.net/2_Database Design/2.1_TermsOfReference/2.1.2_Keys.html QUESTION 1172 A database view is the results of which of the following operations? A. B. C. D.

Join and Select. Join, Insert, and Project. Join, Project, and Create. Join, Project, and Select.

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: SQL offers three classes of operators for creating views: select, project, and join. The select operator serves to shrink the table vertically by eliminating unwanted rows (tuples). The project operator serves to shrink the table horizontally by removing unwanted columns (attributes). Most commercial implementations of SQL do not support a project operation, instead projections are achieved by specifying the columns desired in the output. The join operator allows the dynamic linking of two tables that share a common column value. Incorrect Answers: A: SQL offers three classes of operators for creating views: select, project, and join. However, modern implementations of SQL do not support a project operation, instead projections are achieved by specifying the columns desired in the output. Nevertheless, project is a SQL operator. B: Insert is a SQL command used to insert data into a table. It is not used to output a view. C: Create is a SQL command used to create a new database, table, view, or index. However, the data or output of the view requires a select statement to shrink the table vertically by not showing unwanted rows, a project operation that shrinks the table horizontally by not showing unwanted columns, and a join statement when data CISSP

from more than one table is required. References: http://db.grussell.org/section010.html http://databasemanagement.wikia.com/wiki/Relational_Database_Model QUESTION 1173 In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query? A. B. C. D.

query plan relational plan database plan structuring plan

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A query plan (or query execution plan) is an ordered set of steps used to access data in a SQL relational database management system. This is a specific case of the relational model concept of access plans. Since SQL is declarative, there are typically a large number of alternative ways to execute a given query, with widely varying performance. When a query is submitted to the database, the query optimizer evaluates some of the different, correct possible plans for executing the query and returns what it considers the best option. Incorrect Answers: B: Relational plan is not the correct term to describe implementation procedures that correspond to each of the low-level operations in the query. C: Database plan is not the correct term to describe implementation procedures that correspond to each of the low-level operations in the query. D: Structural plan is not the correct term to describe implementation procedures that correspond to each of the low-level operations in the query. References: https://en.wikipedia.org/wiki/Query_plan QUESTION 1174 In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement? A. B. C. D.

A bind value An assimilation value A reduction value A resolution value

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Bind parameters—also called dynamic parameters or bind variables—are an alternative way to pass data to the database. Instead of putting the values directly into the SQL statement, you just use a placeholder like ?, :name or @name and provide the actual values using a separate API call. When using bind parameters you do not write the actual values but instead insert placeholders into the SQL statement. That way the statements do not change when executing them with different values. CISSP

Incorrect Answers: B: An assimilation value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. C: A reduction value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. D: A resolution value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. References: http://use-the-index-luke.com/sql/where-clause/bind-parameters QUESTION 1175 Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? A. B. C. D.

Bind variables Assimilation variables Reduction variables Resolution variables

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Bind variables placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server. The SQL statement is sent to the server for parsing and the later values are bound to the placeholders and sent separately to the server. This separate step is the origin of the term ‘bind variable’. Incorrect Answers: B: An assimilation value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. C: A reduction value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. D: A resolution value is not the correct term for a value that can be bound to a placeholder declared within an SQL statement. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 84 QUESTION 1176 Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? A. B. C. D.

Normalization Assimilation Reduction Compaction

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: CISSP

The first normal form (1NF) requires that we create separate tables for each group of related data and identify each row with a unique column identified as the primary key. The second normal form (2NF) requires that we move data that is only partially dependent on the primary key to another table. The third normal form (3NF) requires that we remove data that do not depend only on the primary key. The process of conforming with the normal form us called normalization. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 199-200 QUESTION 1177 Normalizing data within a database could include all or some of the following except which one? A. Eliminate duplicative columns from the same table. B. Eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key C. Eliminates Functional dependencies on non-key fields by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. D. Eliminating duplicate key fields by putting them into separate tables. Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Normalizing data within a database does not eliminate duplicate key fields by putting them into separate tables. An entity is in First Normal Form (1NF) when all tables are two-dimensional with no repeating groups. A row is in first normal form (1NF) if all underlying domains contain atomic values only. 1NF eliminates repeating groups by putting each into a separate table and connecting them with a one-to-many relationship. Make a separate table for each set of related attributes and uniquely identify each record with a primary key. Eliminate duplicative columns from the same table. Create separate tables for each group of related data and identify each row with a unique column or set of columns (the primary key). An entity is in Second Normal Form (2NF) when it meets the requirement of being in First Normal Form (1NF) and additionally: Does not have a composite primary key. Meaning that the primary key cannot be subdivided into separate logical entities. All the non-key columns are functionally dependent on the entire primary key. A row is in second normal form if, and only if, it is in first normal form and every non-key attribute is fully dependent on the key. 2NF eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key. An example is resolving many:many relationships using an intersecting entity An entity is in Third Normal Form (3NF) when it meets the requirement of being in Second Normal Form (2NF) and additionally: Functional dependencies on non-key fields are eliminated by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. A row is in third normal form if and only if it is in second normal form and if attributes that do not contribute to a description of the primary key are move into a separate table. An example is creating look-up tables. Incorrect Answers: A: Normalizing data within a database does eliminate duplicative columns from the same table. B: Normalizing data within a database does eliminate functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key. C: Normalizing data within a database does eliminate Functional dependencies on non-key fields by putting

CISSP

them in a separate table. References: http://psoug.org/reference/normalization.html http://searchsqlserver.techtarget.com/definition/normalization?vgnextfmt=print QUESTION 1178 Which of the following is used to create and modify the structure of your tables and other objects in the database? A. B. C. D.

SQL Data Definition Language (DDL) SQL Data Manipulation Language (DML) SQL Data Relational Language (DRL) SQL Data Identification Language (DIL)

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The Data Definition Language (DDL) is similar to a computer programming language and is used for defining data structures, such as database schemas, database tables, and other database objects. Incorrect Answers: B: The Data Manipulation Language (DML) is used to retrieve, insert and modify database data. These commands will be used by all database users during the routine operation of the database. C: The SQL language consists of three components: the Data Definition Language (DDL), the Data Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data relational language. D: The SQL language consists of three components: the Data Definition Language (DDL), the Data Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data identification language. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1177 QUESTION 1179 SQL commands do not include which of the following? A. B. C. D.

Select, Update Grant, Revoke Delete, Insert Add, Relist

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: There is no Add command within the Structure Query Language (SQL). Instead the Insert command is used to add new data to the database. There is also no Relist command within SQL. Incorrect Answers: A: Select and Update are Data Manipulation Language (DML) commands. The Select statement is used to CISSP

select data from a database while the Update statement is used to update existing records in a table. B: Grant and Revoke are Data Control Language (DCL) commands are used to enforce database security. The Grant statement is used to provide access or privileges on the database objects while the Revoke statement is used to remove those privileges. C: Delete and Insert are Data Manipulation Language (DML) commands. The Delete statement is used to remove data from a database while the Insert statement is used to add data to a table. References: https://technet.microsoft.com/en-us/library/ff848799.aspx https://technet.microsoft.com/en-us/library/ff848766.aspx http://www.cs.utexas.edu/~mitra/csFall2012/cs329/lectures/sql.html http://www.w3schools.com/SQl/sql_select.asp http://www.w3schools.com/SQl/sql_update.asp http://beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm QUESTION 1180 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type? A. B. C. D.

Object-Oriented Databases (OODB) Object-Relational Databases Relational Databases Database management systems (DBMS)

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: An object-oriented database (OODB) has classes to define the attributes and procedures of its objects, which can be a variety of data types such as images, audio, documents, and video. This complex data is required for computer-aided design and imaging. Incorrect Answers: B: An object-relational database (ORD) is a relational database with a software front end that is written in an object-oriented programming language and is used with Object-Oriented Databases (OODB). It does not store data. C: A relational database organizes data into two-dimensional tables consisting of attributes (columns) and tuples (rows). It is not suited to storing complex data types such as video, graphics, etc. D: The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1170, 1171, 11731174, 1175 QUESTION 1181 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? A. B. C. D.

Object-Oriented Databases (OODB) Object-Relational Databases (ORDB) Relational Databases Database management systems (DBMS)

Correct Answer: A Section: Software Development Security CISSP

Explanation Explanation/Reference: Explanation: An object-oriented database (OODB) is more dynamic than a relational database as it stores data as objects. It allows object-oriented programming (OOP) code, including classes, to manipulate the objects. This also makes the reusing of code possible. Incorrect Answers: B: An object-relational database (ORD) is a relational database with a software front end that is written in an object-oriented programming language. This allows programmers to develop a front-end that incorporates the business logic procedures to be used by requesting applications and the data within the database. C: A relational database stores data in a two-dimensional table and uses query language, such as Structured Query Language (SQL), to access and manipulate that data. D: The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1173-1174, 1175 Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 202 QUESTION 1182 Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both? A. B. C. D.

object-relational database object-oriented database object-linking database object-management database

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: An object-relational database is described as is the marriage of object-oriented and relational technologies combining the attributes of both. An object-relational database (ORD) or object-relational database management system (ORDBMS) is a relational database with a software front end that is written in an object-oriented programming language. A relational database just holds data in static two-dimensional tables. When the data are accessed, some type of processing needs to be carried out on it—otherwise, there is really no reason to obtain the data. If we have a front end that provides the procedures (methods) that can be carried out on the data, then each and every application that accesses this database does not need to have the necessary procedures. This means that each and every application does not need to contain the procedures necessary to gain what it really wants from this database. Incorrect Answers: B: An object-oriented database is a database designed to handle a variety of data types (images, audio, documents, video). This is not what is described in the question. C: An object-linking database is not a valid database type. D: An object-management database is not a valid database type. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1175 QUESTION 1183 What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple CISSP

tuples with the same primary keys with each instance distinguished by a security level? A. B. C. D.

Data mining Polyinstantiation Cell suppression Noise and perturbation

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. At a lower security level the tuple will not contain sensitive data and it will effectively be hidden from users who do not have the appropriate access permissions. Incorrect Answers: A: Data mining is the process of analyzing large amounts of data to determine patterns that would not previously be apparent. C: Cell suppression is a technique used to hide specific cells in a database that contain information that could be used in inference attacks. D: Noise and perturbation is a technique of inserting fake information in a database in an attempt to misdirect an attacker or create sufficient confuse that the actual attack will not be fruitful. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1185, 1186, 1188 QUESTION 1184 Which of the following translates source code one command at a time for execution on a computer? A. B. C. D.

A translator An interpreter A compiler An assembler

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: Interpreters translate one command at a time during run-time or execution time. Incorrect Answers: A: A translator converts source code to another format, which could be another high-level language, an intermediate language, or machine language. C: A compiler converts high-level language source code to the necessary a target language for specific processors to understand. D: An assembler converts assembly language source code into machine code that the computer understands. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1128-1130 QUESTION 1185 Which of the following is a Microsoft technology for communication among software components distributed across networked computers? CISSP

A. B. C. D.

DDE OLE ODBC DCOM

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. The model was created by Microsoft and outlines standardized APIs, component naming schemes, and communication standards. So if I am a developer and I want my application to be able to interact with the Windows operating system and the different applications developed for this platform, I will follow the COM outlined standards. Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network. So this is how the client/server-based activities are carried out by COM-based operating systems and/or applications. Incorrect Answers: A: Dynamic Data Exchange (DDE) allows information to be shared or communicated between programs on one computer, not across networked computers. B: Object linking and embedding (OLE) provides a way for objects to be shared on a local personal computer and to use COM as their foundation. OLE enables objects—such as graphics, clipart, and spreadsheets—to be embedded into documents. This is not what is described in the question. C: Open Database Connectivity (ODBC) is an API that allows an application to communicate with a database, either locally or remotely. This is not what is described in the question. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1146, 1176 QUESTION 1186 Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE? A. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. B. It uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. C. It provides the same functionality as DCOM, but it is more proprietary than DCOM. D. It is a set of management services with a communication layer based on RPC. Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Distributed Computing Environment (DCE) does provide the same functionality as DCOM, but it is NOT more proprietary than DCOM. Distributed Computing Environment (DCE) is a standard developed by the Open Software Foundation (OSF), also called Open Group. It is a client/server framework that is available to many vendors to use within their products. This framework illustrates how various capabilities can be integrated and shared between heterogeneous systems. DCE provides a Remote Procedure Call (RPC) service, security service, directory service, time service, and distributed file support. It was one of the first attempts at distributed computing in the industry. CISSP

DCE is a set of management services with a communications layer based on RPC. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. DCE and Distributed Component Object Model (DCOM) offer much of the same functionality. DCOM, however, was developed by Microsoft and is more proprietary in nature. Incorrect Answers: A: It is true that DCE is a layer of software that sits on the top of the network layer and provides services to the applications above it. B: It is true that DCE uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. D: It is true that DCE is a set of management services with a communication layer based on RPC. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1146, 1142 QUESTION 1187 Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. B. C. D.

Stealth viruses Polymorphic viruses Trojan horses Logic bombs

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: A Polymorphic virus produces varied but operational copies of itself in an attempt to evade anti-virus software. Incorrect Answers: A: A stealth virus attempts to hide changes of the affected files but not itself. C: A Trojan horse is code that is disguised as a useful application but contains code that has a malicious or harmful purpose imbedded in it. D: A logic bomb executes a set of instructions when specific conditions are met. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1199, 1200, 1201, 1206 QUESTION 1188 Why would a database be denormalized? A. B. C. D.

To ensure data integrity To increase processing efficiency To prevent duplication of data To save storage space

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: The purpose of denormalization is to improve the read performance and processing efficiency of a database by adding redundant data or by grouping data. CISSP

Incorrect Answers: A: The duplication of data creates a problem for data integrity as the data needs to be updated in numerous places. Normalization, which eliminates the duplication of data, improves data integrity. C: The purpose of normalization is to eliminate duplication of the data. All duplicated data items should be deleted and replaced by a pointer. Denormalization could reverse this process. It attempts to improve the read performance and processing efficiency of a database by adding redundant data or by grouping data. D: The purpose of denormalization is to improve the read performance and processing efficiency of a database by adding redundant data or by grouping data. This increases storage space consumption. References: https://en.wikipedia.org/wiki/Denormalization https://en.wikipedia.org/wiki/Database_normalization Miller, David R., CISSP Training Kit, O’Reilly Media, Sebastopol, 2013, pp. 620, 622 QUESTION 1189 Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. B. C. D.

Inadequate quality assurance (QA) tools. Constantly changing user needs. Inadequate user participation in defining the system's requirements. Inadequate project management.

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The most important stages of developing computerized information systems (or any other system or software) are the early requirement gathering and design phases. If the needs of the users are not correctly determined, the system will not meet those needs. As end users will be the people using the system, they are will have the most valuable input into the system requirements definition. Inadequate user participation in defining the system's requirements can lead to a system design that does not meet the requirements of the users. Incorrect Answers: A: This question is asking for the BEST answer. Inadequate quality assurance (QA) tools may result in poor QA tests so floors in the system aren’t recognized. However, defining the system's requirements is the most important stage of the project. If this is not done correctly, then QA testing will have no effect on the suitability of the new system. B: Constantly changing user needs can be a hazard in a development project. However, this only has an effect if the users are involved in the design of the system. D: Inadequate project management generally leads to late or over-budget projects. Incorrectly determining the system requirements could be due to inadequate project management. However, Answer C is more specific to the cause of the problem. QUESTION 1190 Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. B. C. D.

Interface errors are detected earlier. Errors in critical modules are detected earlier. Confidence in the system is achieved earlier. Major functions and processing are tested earlier.

Correct Answer: B Section: Software Development Security Explanation CISSP

Explanation/Reference: Explanation: Bottom Up Testing is an approach to integrated testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested. With Bottom Up Testing critical modules can be tested first and the main advantage of this approach is that bugs are more easily found. All the bottom or low-level modules, procedures or functions are integrated and then tested. After the integration testing of lower level integrated modules, the next level of modules will be formed and can be used for integration testing. This approach is helpful only when all or most of the modules of the same development level are ready. This method also helps to determine the levels of software developed and makes it easier to report testing progress in the form of a percentage. Incorrect Answers: A: Interface modules are located at higher levels of the software design, not at the bottom levels. C: The major advantage of the top-down approach is that bugs are found earlier, not that confidence is achieved earlier. D: The major functions are not located at the bottom, and would not be tested earlier. References: https://en.wikipedia.org/wiki/Integration_testing#Top-down_and_Bottom-up QUESTION 1191 Which of the following is an advantage of prototyping? A. B. C. D.

Prototype systems can provide significant time and cost savings. Change control is often less complicated with prototype systems. It ensures that functions or extras are not added to the intended system. Strong internal controls are easier to implement.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: A sample of software code or a model (prototype) can be developed to explore a specific approach to a problem before investing expensive time and resources. A team can identify the usability and design problems while working with a prototype and adjust their approach as necessary. Within the software development industry three main prototype models have been invented and used. These are the rapid prototype, evolutionary prototype, and operational prototype. Incorrect Answers: B: Change control is not less complicated with prototype systems. C: Prototyping does nothing to ensure that functions or extras are not added to the intended system. D: Strong internal controls are not easier to implement with prototyping. Being a new/prototype system, strong internal controls are likely to be more difficult to implement than a non-prototype system. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1114 QUESTION 1192 Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit

CISSP

D. Because of insufficient system memory Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: In computer security and programming buffer overflow is a type of application error. The application's lack of proper checking of parameters causes the buffer overflow. A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. This is a special case of the violation of memory safety. Incorrect Answers: A: It is true that there is a limit of data that can be handled by a buffer, but this limit is not the cause of the overflow. B: Buffer overflows can be exploited, but the cause is a flaw in the program. The exploitation does not cause the overflow. D: Insufficient memory does not cause overflows. The overflow is caused by a flow in the application. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 71 QUESTION 1193 What is called the number of columns in a table? A. B. C. D.

Schema Relation Degree Cardinality

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The number of columns in a database table (relation) is referred to as the degree. Incorrect Answers: A: Schema describes that structure of the database B: A database table is also referred to as a relation. D: Cardinality is the number of rows (tuples) in a database table (relation). References: Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 275, 277 QUESTION 1194 Which of the following would not correspond to the number of primary keys values found in a table in a relational database? A. Degree B. Number of tuples C. Cardinality

CISSP

D. Number of rows Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The degree of a table represents the number of columns in a database table. This does not correspond to the number of primary key values in a table as each row must have a unique primary key. Incorrect Answers: B, D: A row in a database table is referred to as a tuple. Each row or tuple must have a unique primary key. Therefore, the number of rows or tuples will correspond to the number of primary keys values found in a table. D: Cardinality is the number of rows, also known as tuples, in a table. Each row or tuple must have a unique primary key. Therefore, the cardinality of a table will correspond to the number of primary keys values found in a table. References: Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, pp. 275, 277 http://databases.about.com/od/specificproducts/a/keys.htm QUESTION 1195 Which of the following represents the best programming? A. B. C. D.

Low cohesion, low coupling Low cohesion, high coupling High cohesion, low coupling High cohesion, high coupling

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Cohesion reflects how many different types of tasks a module can carry out. If a module carries out only one task (i.e., subtraction) or several tasks that are very similar (i.e., subtract, add, multiply), it is described as having high cohesion, which is a good thing. The higher the cohesion, the easier it is to update or modify and not affect other modules that interact with it. This also means the module is easier to reuse and maintain because it is more straightforward when compared to a module with low cohesion. Coupling is a measurement that indicates how much interaction one module requires to carry out its tasks. If a module has low (loose) coupling, this means the module does not need to communicate with many other modules to carry out its job. High (tight) coupling means a module depends upon many other modules to carry out its tasks. Low coupling is more desirable because the modules are easier to understand, easier to reuse, and changes can take place and not affect many modules around it. Low coupling indicates that the programmer created a well-structured module. Incorrect Answers: A: With low cohesion it is harder to update a module of the program. B: With low cohesion it is harder to update a module of the program. High coupling would make the modules of the program harder to understand and harder to reuse. D: High coupling would make the modules of the program harder to understand and harder to reuse. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 1138-1139

CISSP

QUESTION 1196 Java is not: A. B. C. D.

Object-oriented. Distributed. Architecture Specific. Multithreaded.

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: JAVA was developed so that the same program could be executed on multiple hardware and operating system platforms, it is not Architecture Specific. Incorrect Answers: A: JAVA is object-oriented as it works with classes and objects. B: JAVA was developed to be used in a distributed computing environment. D: JAVA is multi-threaded that is calls to subroutines as is the case with object-oriented programming. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1148 QUESTION 1197 What are user interfaces that limit the functions that can be selected by a user called? A. B. C. D.

Constrained user interfaces Limited user interfaces Mini user interfaces Unlimited user interfaces

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Constrained user interfaces limit users’ access abilities by not allowing them to request certain functions or information, or to have access to specific system resources. Incorrect Answers: B: Limited user interfaces is not a valid term with regards to CISSP. C: Mini user interfaces are designed for hand-held devices like smartphones. D: Unlimited user interfaces are not a valid term with regards to CISSP. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 228 http://www.reinteract.org/design/mini.html QUESTION 1198 Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors.

CISSP

C. Exceptional condition handling errors. D. Input validation errors. Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: The buffer overflow is probably the most notorious of input validation mistakes. A buffer overflow is an example of boundary condition error where data is allowed to be written outside the allocated buffer. Incorrect Answers: A: Buffer overflow and boundary conditions errors are not race conditions errors. Race conditions exist when the design of a program puts it in a vulnerable condition before ensuring that those vulnerable conditions are mitigated. Examples include opening temporary files without first ensuring the files cannot be read, or written to, by unauthorized users or processes, and running in privileged mode or instantiating dynamic load library functions without first verifying that the dynamic load library path is secure. Either of these may allow an attacker to cause the program (with its elevated privileges) to read or write unexpected data or to perform unauthorized commands. B: Buffer overflow and boundary conditions errors are not access validation errors. An example of an access validation error would be when a process is denied access to an object. C: An example of exceptions handling error would be a division by zero. Buffer overflows and boundary conditions are not examples of exceptional conditions errors. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 1162, 1304 QUESTION 1199 Which of the following does not address Database Management Systems (DBMS) Security? A. B. C. D.

Perturbation Cell suppression Padded cells Partitioning

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: A padded cell system is used in Intrusion Detection Systems (IDSs) and is similar to a honeypot. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell. The padded cell has the look and layout of the actual network, but within the padded cell the intruder can neither perform malicious activities nor access any confidential data. Incorrect Answers: A: Noise and perturbation is a database security technique of inserting fake information in the database to misdirect an attacker or cause confusion on the part of the attacker that the actual attack will not be fruitful. B: Cell suppression is a database security technique used to hide specific cells in a database that contain information that could be used in inference attacks. D: Partitioning is a database security technique that involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1185

CISSP

Stewart, James, Ed Tittel and Mike Chapple, CISSP: Certified Information Systems security Professional Study Guide, 5th Edition, Wiley Publishing, Indianapolis, 2011, p. 58 QUESTION 1200 Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. B. C. D.

Implementation System feasibility Product design Software plans and requirements

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Information security best practice is a consensus of the best way to protect the confidentiality, integrity, and availability of assets. Following best practices is a way to demonstrate due care and due diligence. Due Care and Due Diligence should therefore be a part of the Software plans and requirements phase. Note: Due care is doing what a reasonable person would do. It is sometimes called the “prudent man” rule. The term derives from “duty of care. Due diligence is the management of due care. Expecting your staff to keep their systems patched means you expect them to exercise due care. Verifying that your staff has patched their systems is an example of due diligence. Incorrect Answers: A: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the implementation phase. B: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the System feasibility phase. C: Due Care and Due Diligence would be a part of the requirements of a project, and not a part of the design phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 161 QUESTION 1201 Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. B. C. D.

Detailed design Implementation Product design Software plans and requirements

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The design stage takes as its initial input the requirements identified in the approved requirements document, this would include security specifications. For each requirement, a set of one or more design elements will be produced as a result of interviews, workshops, and/or prototype efforts.

CISSP

Incorrect Answers: A: In the Systems Development Life Cycle (SDLC) model there is not Detailed Design just a Product Design or simply a Design phase. B: The security specifications are implemented in the implementation phase, but they are incorporated earlier in the product design phase. D: The security specifications are made in the Software plans and requirements phase, but incorporated in the product design phase. References: https://en.wikipedia.org/wiki/Systems_development_life_cycle QUESTION 1202 In a database management system (DBMS), what is the "cardinality?" A. B. C. D.

The number of rows in a relation. The number of columns in a relation. The set of allowable values that an attribute can take. The number of relations in a database.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: In database design, the cardinality or fundamental principle of one data table with respect to another is a critical aspect. The relationship of one to the other must be precise and exact between each other in order to explain how each table links together. In the relational model, tables can be related as any of "one-to-many" or "many-to-many." This is said to be the cardinality of a given table in relation to another. Incorrect Answers: B: The number of columns in a relation would be the size of the key. It is not the cardinality of the relation. C: Cardinality concerns the relation between two tables, not allowable attributes. D: Cardinality concerns one specific relation between two tables, not the number of relations in a database. References: https://en.wikipedia.org/wiki/Cardinality_(data_modeling) QUESTION 1203 Which of the following statements pertaining to software testing is incorrect? A. B. C. D.

Unit testing should be addressed and considered when the modules are being designed. Test data should be part of the specifications. Testing should be performed with live data to cover all possible situations. Test data generators can be used to systematically generate random test data that can be used to test programs.

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Live data would cover less of the possible input data range compared to generated data. Incorrect Answers: A: Unit testing can start very early in development. After a programmer develops a component, or unit of code, CISSP

it is tested with several different input values and in many different situations. The goal of this type of testing is to isolate each part of the software and show that the individual parts are correct. B: An important problem in testing is that of generating quality test data and is seen as an important step in reducing the cost of software testing. Test data should therefore be part of the specification. D: An important problem in testing is that of generating quality test data and is seen as an important step in reducing the cost of software testing. Hence, test data generation is an important part of software testing. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1104 QUESTION 1204 Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. B. C. D.

Estimating the cost of the changes requested Recreating and analyzing the problem Determining the interface that is presented to the user Establishing the priorities of requests

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: To determine the user interface would not be part of the change control phase. This would be done in an earlier phase. The change control analyst is responsible for approving or rejecting requests to make changes to the network, systems, or software. This role must make certain that the change will not introduce any vulnerability, that it has been properly tested, and that it is properly rolled out. The change control analyst needs to understand how various changes can affect security, interoperability, performance, and productivity. Incorrect Answers: A: Calculation the cost of the change should be a part of analyzing a change request. B: Testing is a part of change control. If a problem occurs during testing change control should recreate and analyze the problem. D: If there are multiple change requests then they must be prioritized in the change control phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1122 QUESTION 1205 Sensitivity labels are an example of what application control type? A. B. C. D.

Preventive security controls Detective security controls Compensating administrative controls Preventive accuracy controls

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: CISSP

Sensitivity (Security) labels are attached to all objects; thus, every file, directory, and device has its own security label with its classification information. A user may have a security clearance of secret, and the data he requests may have a security label with the classification of top secret. In this case, the user will be denied (prevented) because his clearance is not equivalent or does not dominate (is not equal or higher than) the classification of the object. The terms “security labels” and “sensitivity labels” can be used interchangeably. Incorrect Answers: B: Sensitivity labels are preventive, not detective, as the label may prevent the user or process from accessing the resource. C: A compensating control is a data security measure that is designed to satisfy the requirement for some other security measure that is deemed too difficult or impractical to implement. Sensitive controls are preventive, not compensating. D: Sensitivity labels have nothing to do with accuracy. They are preventive. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 222 QUESTION 1206 What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. B. C. D.

Polyinstantiation Inference Aggregation Data mining

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access. The combined information has a sensitivity that is greater than that of the individual parts. Incorrect Answers: A: Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. At a lower security level the tuple will not contain sensitive data and it will effectively be hidden from users who do not have the appropriate access permissions. B: Inference is the intended result of aggregation. The inference problem happens when a subject deduces the full story from the pieces he learned of through aggregation. This is seen when data at a lower security level indirectly portrays data at a higher level. D: Data mining is about finding new information in a lot of data. Sensitivity or security is not related to data mining. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1183 Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1186, 1188 QUESTION 1207 Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard CISSP

B. Lateral chaining C. Forward chaining D. Backward chaining Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: Backward chaining (or backward reasoning) is an inference method that can be described as working backward from the goal/hypothesis. It is used in automated theorem provers, inference engines, proof assistants and other artificial intelligence applications. Incorrect Answers: A: A blackboard system is an artificial intelligence application based on the blackboard architectural model, where a common knowledge base, the "blackboard", is iteratively updated by a diverse group of specialist knowledge sources, starting with a problem specification and ending with a solution. B: Lateral chaining is not one of the expert system operating modes. C: Forward chaining is the opposite of backward chaining. Forward chaining starts with the available data and uses inference rules to extract more data until a goal (hypothesis) is reached. References: https://en.wikipedia.org/wiki/Backward_chaining QUESTION 1208 Why does compiled code pose more of a security risk than interpreted code? A. B. C. D.

Because malicious code can be embedded in compiled code and be difficult to detect. If the executed compiled code fails, there is a chance it will fail insecurely. Because compilers are not reliable. There is no risk difference between interpreted code and compiled code.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Compiled code poses more of a security risk than interpreted code because of malicious code can be embedded in the compiled code and be difficult to detect. Incorrect Answers: B: Compiled code that fails would be an example of an application runtime error, which in itself is no security risk. C: Compilers are to be trusted. D: Compiled code is more of a security risk. References: Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 425 QUESTION 1209 Which of the following is not a defined maturity level within the Software Capability Maturity Model? A. Repeatable B. Defined

CISSP

C. Managed D. Oriented Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. CMM has Five Maturity Levels of Software Processes: The initial level: processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable as processes would not be sufficiently defined and documented to allow them to be replicated. The repeatable or managed level: basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. The defined level: an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. The quantatively managed level: an organization monitors and controls its own processes through data collection and analysis. The optimized level: processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. There is thus no Oriented level. Incorrect Answers: A: The repeatable level is the second maturity level. At this level basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. B: The defined level is the third maturity level. At this level an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. C: The (quantatively) managed level is the fourth maturity level. At this level an organization monitors and controls its own processes through data collection and analysis. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 62, 1120-1122 http://en.wikipedia.org/wiki/Capability_Maturity_Model QUESTION 1210 Which software development model is actually a meta-model that incorporates a number of the software development models? A. B. C. D.

The Waterfall model The modified Waterfall model The Spiral model The Critical Path Model (CPM)

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation:

CISSP

The spiral model is a risk-driven process model generator for software projects. Thus, the incremental, waterfall, prototyping, and other process models are special cases of the spiral model that fit the risk patterns of certain projects. Incorrect Answers: A: The Waterfall model is a special case of the Spiral model, not the opposite way around. B: The modified Waterfall model is a special case of the Spiral model, not the opposite way around. D: A critical path model is not a meta-model. The critical path model requires you to establish the time frame for a project and schedule start and end times for each task in the project. References: https://en.wikipedia.org/wiki/Spiral_model Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1112, 1115-1116 QUESTION 1211 Which of the following is used in database information security to hide information? A. B. C. D.

Inheritance Polyinstantiation Polymorphism Delegation

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: Polyinstantiation is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables. It is often used to prevent inference attacks by hiding information. Incorrect Answers: A: Inheritance is not used to hide database information. Within object orientation programming inheritance is a mechanism for code reuse and to allow independent extensions of the original software via public classes and interfaces. C: Polymorphism is when different objects are given the same input and react differently. Polymorphism is not a way to hide database security information. D: Delegation is a concept within object-oriented programming. Delegation does not concern information security for database. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1136, 1186 http://en.wikipedia.org/wiki/Polyinstantiation https://en.wikipedia.org/wiki/Polymorphism_(computer_science) QUESTION 1212 Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? A. B. C. D.

The Total Quality Model (TQM) The IDEAL Model The Software Capability Maturity Model The Spiral Model

Correct Answer: C Section: Software Development Security CISSP

Explanation Explanation/Reference: Explanation: The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. CMM has Five Maturity Levels of Software Processes: The initial level: processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable as processes would not be sufficiently defined and documented to allow them to be replicated. The repeatable or managed level: basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. The defined level: an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. The quantatively managed level: an organization monitors and controls its own processes through data collection and analysis. The optimized level: processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. Incorrect Answers: A: Total Quality Management (TQM) is a management approach of an organization centered on quality, based on the participation of all its members and aiming at long term success through customer satisfaction. B: The Integrated Design, Evaluation, and Assessment of Loadings (IDEAL) model is a post-construction water quality model for designing storm water best management practices. It is not a software development model. D: The Spiral model uses an iterative approach to software development with an emphasis on risk analysis. The iterative approach allows new requirements to be addressed as they are uncovered. It is a good model for complex projects that have fluid requirements. The spiral model has four main phases: Planning Risk analysis: ensures that all issues are actively reviewed and analyzed. Development and testing: prototype testing takes place early in the development project, and feedback based upon these tests is integrated into the following iteration of steps. Evaluation: the customer evaluates the product in its current state and provides feedback, which is an input value for the following iteration of steps. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 62, 1115-1116, 1120-1122 http://en.wikipedia.org/wiki/Capability_Maturity_Model https://en.wikipedia.org/wiki/Total_quality_management https://en.wikipedia.org/wiki/IDEAL_model QUESTION 1213 Which of the following characteristics pertaining to databases is NOT true? A. B. C. D.

A data model should exist and all entities should have a significant name. Justifications must exist for normalized data. No NULLs should be allowed for primary keys. All relations must have a specific cardinality.

Correct Answer: B Section: Software Development Security Explanation

CISSP

Explanation/Reference: Explanation: Data normalization is the process of reducing data to its canonical form. Database normalization is the process of organizing the fields and tables of a relational database to minimize redundancy and dependency. Justification is not a term that is used for normalized data. Incorrect Answers: A: A database model, such as a relational database model, is a type of data model that determines the logical structure of a database and fundamentally determines in which manner data can be stored, organized, and manipulated. Within a database model the entities must be named properly. C: A primary key cannot have a NULL value. D: A database relation could be either one-to-one, one-to-many, or many-to-many. References: https://en.wikipedia.org/wiki/Data_normalization QUESTION 1214 Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. B. C. D.

Aggregation Inference Clustering Collision

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access. The combined information has a sensitivity that is greater than that of the individual parts. Thus the collection/aggregation of data should be classified at a higher security. Incorrect Answers: B: Inference is the intended result of aggregation. The inference problem happens when a subject deduces the full story from the pieces he learned of through aggregation. This is seen when data at a lower security level indirectly portrays data at a higher level. C: The term clustering does not apply here. D: The term collision does not apply here. In a computer system, a cluster is a group of servers and other resources that act like a single system and enable high availability. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1183 QUESTION 1215 At what stage of the applications development process should the security department become involved? A. B. C. D.

Prior to the implementation Prior to systems testing During unit testing During requirements development

Correct Answer: D Section: Software Development Security CISSP

Explanation Explanation/Reference: Explanation: The security department would be busy in the development phase as it includes the follow security related activities: Security functional requirements analysis Identifies the protection levels that must be provided by the system to meet all regulatory, legal, and policy compliance needs. Security assurance requirements analysis Identifies the assurance levels the system must provide. The activities that need to be carried out to ensure the desired level of confidence in the system are determined, which are usually specific types of tests and evaluations. Security plan Documented security controls the system must contain to ensure compliance with the company’s security needs. Security test and evaluation plan Outlines how security controls should be evaluated before the system is approved and deployed. Incorrect Answers: A: It would be too late to involve the security department during the implementation phase. B: It would be too late to involve the security department during Testing Phases including the System Testing phase. C: It would be too late to involve the security department during the Unit Testing phase. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1091 QUESTION 1216 Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. B. C. D.

Recovery testing Security testing Stress/volume testing Interface testing

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: Security testing tests all security mechanisms and features within a system to determine the level of protection they provide. Security testing can include authorization testing, penetration testing, formal design and implementation verification, and functional testing. Authorization testing is the process of determining that a requester is allowed to receive a service or perform an operation. Access control is an example of authorization. Incorrect Answers: A: Recovery testing is the activity of testing how well an application is able to recover from crashes, hardware failures and other similar problems. Recovery testing does not test access control and does not find any security holes. C: Stress testing is a form of deliberately intense or thorough testing used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to observe the results. Stress testing does not test access control and does not find any security holes. D: Interface testing can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units. Interface testing does not test access control and does not find any security holes. CISSP

References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 14 QUESTION 1217 Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. B. C. D.

Unit testing Pilot testing Regression testing Parallel testing

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Regression testing means that after a change to a system takes place, you retest to ensure functionality, performance, and protection. Incorrect Answers: A: With Unit testing, you test an individual component in a controlled environment where programmers validate data structure, logic, and boundary conditions. B: Pilot testing involves having a group of end users try the system prior to its full deployment in order to give feedback on its performance. D: Parallel Testing is performed when the organization is moving from one system to another. It is the process of performing workflows in the legacy system and the new system to assure that the processes will lead to the same result. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1105 QUESTION 1218 Which of the following statements pertaining to software testing approaches is correct? A. B. C. D.

A bottom-up approach allows interface errors to be detected earlier. A top-down approach allows errors in critical modules to be detected earlier. The test plan and results should be retained as part of the system's permanent documentation. Black box testing is predicated on a close examination of procedural detail.

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The documentation requirements include design documentation, which shows that the system was built to include protection mechanisms, test documentation (test plan and results), a facility, and user manuals. Incorrect Answers: A: Interface modules are located at higher levels of the software design, not at the bottom levels. B: With Bottom Up Testing, not with Top-down Testing, critical modules can be tested first and the main advantage of this approach is that bugs are more easily found. D: Black-box testing hides the internal details of the program, it ignores the procedural details. CISSP

References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 394 QUESTION 1219 What is one disadvantage of content-dependent protection of information? A. B. C. D.

It increases processing overhead. It requires additional password entry. It exposes the system to data locking. It limits the user's individual address space.

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: 'Content-dependent' access control is a form of access control required by many applications. It is defined as access control where the decision to allow access to an object depends upon the value of attributes of the user and target objects themselves. One drawback with Content-dependent access control is that extra processing is required. Incorrect Answers: B: Content-dependent protection does not require an additional password entry. C: Content-dependent protection does not lock data. D: Content-dependent protection does not limit any address space. References: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.5365 QUESTION 1220 In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system. Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Programmers have figured out how to write applets that enable the code to access hard drives and resources that are supposed to be protected by the Java security scheme. This code can be malicious in nature and cause destruction and mayhem to the user and her system. Incorrect Answers: A: The transportation of an applet cannot remove SSL or S-HTTP. B: When an applet is executed, the JVM will create a virtual machine, which provides an environment called a sandbox. This virtual machine is an enclosed environment in which the applet carries out its activities. CISSP

D: The Java Virtual Machine (JVM) converts the bytecode to the machine code that the processor on that particular system can understand. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1155 QUESTION 1221 What would you call an attack where an attacker can influence the state of the resource between check and use? This attack can happen with shared resources such as files, memory, or even variables in multithreaded programs. This can cause the software to perform invalid actions when the resource is in an unexpected state. The steps followed by this attack are usually the following: the software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. A. B. C. D.

TOCTOU attack Input checking attack Time of Check attack Time of Use attack

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Time of check, time of use (TOCTOU) attacks are also called race conditions. An attacker attempts to alter a condition after it has been checked by the operating system, but before it is used. TOCTOU is an example of a state attack, where the attacker capitalizes on a change in operating system state. Incorrect Answers: B: Buffer overflow, directory traversal, cross-site scripting and SQL injection are just a few of the attacks that can result from improper data validation. They can be said to be input checking attacks. C: Time of Check attack is only half-true. This attack is called Time of check, time of use (TOCTOU) attack. D: Time of Use attack is only half-true. This attack is called Time of check, time of use (TOCTOU) attack. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 280 QUESTION 1222 A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections. What is malware that can spread itself over open network connections? A. B. C. D.

Worm Rootkit Adware Logic Bomb

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: CISSP

Explanation: Computer worm is malicious code that spreads from host to host through removable disks or across a network connection. It differs from a virus as it does not require a host application to spread and is a self-contained application. Incorrect Answers: B: A rootkit is a set of tools placed on a system that has already been compromised. It is intended for future use by the attacker. It does not replicate or spread across a network connection. C: Adware is software that automatically generates advertisements. It is not malicious code but some adware use invasive measures which can cause security and privacy issues. D: A logic bomb executes a set of instructions when specific conditions are met. It is not self-replicating code and does not spread across a network connection. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1202, 1203, 1204, 1206 http://en.wikipedia.org/wiki/Rootkit http://en.wikipedia.org/wiki/Computer_worm http://en.wikipedia.org/wiki/Adware QUESTION 1223 Debbie from finance called to tell you that she downloaded and installed a free wallpaper program that sets the wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer's IP Address and port and see a site selling prescription drugs. Apart from the wallpaper changing software, what did Debbie install without her knowledge? A. B. C. D.

Trojan horse Network mobile code Virus Logic Bomb

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A Trojan horse is code that is disguised as a useful application but contains code that has a malicious or harmful purpose imbedded in it. The Trojan horse can then set up a back door, install keystroke loggers, implement rootkits, upload files from the victim’s system, install bot software, and perform many other types of malicious acts. Incorrect Answers: B: Network mobile code is usually called a worm, which is malicious software that infects adjacent hosts which are unpatched against the vulnerability the worm exploits. C: A virus is a segment of code that attaches itself to a host program by embedding a copy of itself in that program. A virus would not open a port on Debbie’s computer and install a site selling prescription drugs. D: A logic bomb executes a set of instructions when specific conditions are met. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1199-1201, 1202, 1206 http://en.wikipedia.org/wiki/Trojan_horse_(computing) QUESTION 1224 Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

CISSP

A. B. C. D.

Web Applications Intrusion Detection Systems Firewalls DNS Servers

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity. Incorrect Answers: B: Cross-site scripting (XSS) attacks target websites and web applications. It does not target Intrusion Detection Systems (IDS). C: Cross-site scripting (XSS) attacks target websites and web applications. It does not target firewalls. B: Cross-site scripting (XSS) attacks target websites and web applications. It does not target DNS Servers. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1164, 1168 https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) QUESTION 1225 Examine the following characteristics and identify which answer best indicates the likely cause of this behavior: Core operating system files are hidden Backdoor access for attackers to return Permissions changing on key files A suspicious device driver Encryption applied to certain files without explanation Logfiles being wiped A. B. C. D.

Kernel-mode Rootkit User-mode Rootkit Malware Kernel-mode Badware

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: A rootkit is a set of tools placed on a system that has already been compromised. The attacker usually replaces default system tools with compromised tools, which share the same name. Most rootkits contain sniffers, so the data can be captured and reviewed by the attacker; and “log scrubbers,” which remove traces of the attacker’s activities from the system logs. Incorrect Answers: B: A user-level rootkit does not have as much access or privilege compared to a kernel-level rootkit and would not include device drivers. C: Malware is a very broad term that describes any software that is written to do something nefarious. D: Kernel-mode Badware is not a valid computer term. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1202-1204 CISSP

QUESTION 1226 Which of the following attack includes social engineering, link manipulation or web site forgery techniques? A. B. C. D.

Smurf attack Traffic analysis Phishing Interrupt attack

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Phishing is the attempt to get information such as usernames, passwords, and credit card details commonly through email spoofing and instant messaging that contain links directing the unsuspecting user to enter details at a fake website whose look and feel are almost identical to the legitimate website. Attempts to deal with phishing include legislation, user training, public awareness, and technical security measures. Incorrect Answers: A: A smurf attack is a distributed denial of service (DDoS) attack in which an ICMP ECHO REQUEST packet with the victims spoofed source address is sent to the victim’s network broadcast address. Each system on the victim’s subnet receives an ICMP ECHO REQUEST packet and replies with an ICMP ECHO REPLY packet to the spoof address in the ICMP ECHO REQUEST packet. This floods the victims system, causing it to slow down, freeze, crash, or reboot. This attack does not make use of social engineering, link manipulation or web site forgery techniques. B: A traffic analysis attack is carried out to uncover information by analyzing traffic patterns on a network. Traffic padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to disguise patterns and make it more difficult to uncover them. This attack does not make use of social engineering, link manipulation or web site forgery techniques. D: An interrupt or denial of service (DoS) attack occurs when an attacker sends multiple service requests to the victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be able to carry out regular tasks. This attack does not make use of social engineering, link manipulation or web site forgery techniques. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 271-273, 587, 1293, 1294 http://en.wikipedia.org/wiki/Phishing QUESTION 1227 Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees? A. B. C. D.

Smurf attack Traffic analysis Phishing Interrupt attack

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Phishing is the attempt to get information such as usernames, passwords, and credit card details commonly through email spoofing and instant messaging that contain links directing the unsuspecting user to enter details CISSP

at a fake website whose look and feel are almost identical to the legitimate website. Attempts to deal with phishing include legislation, user training, public awareness, and technical security measures. Incorrect Answers: A: A smurf attack is a distributed denial of service (DDoS) attack in which an ICMP ECHO REQUEST packet with the victims spoofed source address is sent to the victim’s network broadcast address. Each system on the victim’s subnet receives an ICMP ECHO REQUEST packet and replies with an ICMP ECHO REPLY packet to the spoof address in the ICMP ECHO REQUEST packet. This floods the victims system, causing it to slow down, freeze, crash, or reboot. B: A traffic analysis attack is carried out to uncover information by analyzing traffic patterns on a network. Traffic padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to disguise patterns and make it more difficult to uncover them. D: An interrupt or denial of service (DoS) attack occurs when an attacker sends multiple service requests to the victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be able to carry out regular tasks. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 271-273, 587, 1293, 1294 http://en.wikipedia.org/wiki/Phishing QUESTION 1228 Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)? A. B. C. D.

Initial, Managed, Defined, Quantitatively managed, Optimized Initial, Managed, Defined, Optimized, Quantitatively managed Initial, Defined, Managed, Quantitatively managed, Optimized Initial, Managed, Quantitatively managed, Defined, Optimized

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. CMM has Five Maturity Levels of Software Processes: The initial level: processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable as processes would not be sufficiently defined and documented to allow them to be replicated. The repeatable or managed level: basic project management techniques are established, and successes could be repeated as the requisite processes would have been made established, defined, and documented. The defined level: an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. The quantatively managed level: an organization monitors and controls its own processes through data collection and analysis. The optimized level: processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. Incorrect Answers: B: Optimized is the last maturity level and follows the quantatively managed level. C: Defined is the third maturity level and follows the managed level. D: Defined is the third maturity level and precedes the quantatively managed level.

CISSP

References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 62, 1120-1122 http://en.wikipedia.org/wiki/Capability_Maturity_Model QUESTION 1229 A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? A. B. C. D.

Replace the file with the original version from master media Proceed with automated disinfection Research the virus to see if it is benign Restore an uninfected version of the patched file from backup media

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: The file might have been damaged by the virus, and should be restored from backup media. Incorrect Answers: A: The file might be on the master media, but it should be on the backup media. B: The file must be restored. The recovery process might have damaged the file. C: The file must be restored. The recovery process might have damaged the file. References: https://en.wikipedia.org/wiki/Computer_virus#Recovery_strategies_and_methods QUESTION 1230 Which one of the following is NOT a check for Input or Information Accuracy in Software Development security? A. B. C. D.

Review check Range Check Relationship Check Reasonableness check

Correct Answer: A Section: Software Development Security Explanation Explanation/Reference: Explanation: There is no such thing as a review check for input validation. Incorrect Answers: B: Simple range examines user input for consistency with a minimum/maximum range. C: A relationship Check test if logically related data elements are compatible. For example that an employee rated as “hourly” gets paid at a rate within the range of $8 and $20. D: Reasonable indicators are used to judge whether data is within a reasonable range based on metadata. References: https://en.wikipedia.org/wiki/Data_validation

CISSP

QUESTION 1231 What is NOT included in a data dictionary? A. B. C. D.

Data Element Definitions Schema Objects Reference Keys Structured Query Language

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: A data dictionary is a central collection of data element definitions, schema objects, and reference keys. It does not hold actual data and therefore does not use Structured Query Language (SQL) to access and manipulate data. Incorrect Answers: A, B, C: A data dictionary is a central collection of data element definitions, schema objects, and reference keys. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1178-1179 http://en.wikipedia.org/wiki/Data_dictionary QUESTION 1232 A shared resource matrix is a technique commonly used to locate: A. B. C. D.

Malicious code Security flaws Trap doors Covert channels

Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: A covert channel is a way for an entity to receive information in an unauthorized manner. It is an information flow that is not controlled by a security mechanism. The channel to transfer this unauthorized data is the result of one of the following conditions: Improper oversight in the development of the product Improper implementation of access controls within the software Existence of a shared resource between the two entities which are not properly controlled By using a shared resource matrix a covert channel can be located. Incorrect Answers: A: A shared resource matrix is not used to locate malicious code. Malicious code, such as viruses or Trojan horses, is used to infect a computer to make it available for takeover and remote control. B: A shared resource matrix is not used to locate the security flaw of covert channels, but not to locate security flaws in general. C: You do not use a shared resource matrix to locate a trapdoor. A backdoor (or trapdoor) in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, or obtaining access to plaintext while attempting to remain undetected. The backdoor may take the form of a hidden part of a program; a separate program (e.g., Back Orifice) may subvert CISSP

the system through a rootkit. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 378 QUESTION 1233 Java follows which security model: A. B. C. D.

least privilege Sand box CIA OSI

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: When a Java applet is executed, the JVM (Java Virtual Machine) will create a virtual machine, which provides an environment called a sandbox. This virtual machine is an enclosed environment in which the applet carries out its activities. Incorrect Answers: A: The principle of least privilege (POLP) is the practice of limiting access to the minimal level that will allow normal functioning. Java uses the sandbox model, not the POLP model. C: A simple but widely-applicable security model is the CIA triad; standing for Confidentiality, Integrity and Availability; three key principles which should be guaranteed in any kind of secure system. Java does not use the CIA security model. D: OSI (Open Systems Interconnection) is reference model for how applications can communicate over a network. OSI is not related to Java. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1154 QUESTION 1234 What is the BEST definition of SQL injection? A. SQL injection is a database problem. B. SQL injection is a web Server problem. C. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch. D. SQL injection is an input validation problem. Correct Answer: D Section: Software Development Security Explanation Explanation/Reference: Explanation: SQL injection, where instead of valid input, the attacker puts actual database commands into the input fields, which are then parsed and run by the application. SQL (Structured Query Language) statements can be used by attackers to bypass authentication and reveal all records in a database. Incorrect Answers: A: It is true that underlying the SQL injection attack there is a database, but the SQL injection is only possible if CISSP

the input is not properly validated. B: SQL injection exploits lack of proper input validation. It does not exploit a web server directly. C: SQL injection exploits lack of proper input validation. It does not exploit a web server directly. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1163 QUESTION 1235 What allows a relation to contain multiple rows with a same primary key? A. B. C. D.

RDBMS Polymorphism Polyinstantiation It is not possible

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. Incorrect Answers: A: A relational database management system (RDBMS) is a database management system (DBMS) that is based on the relational model. The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. B: Polymorphism is a concept in object-oriented programming in which objects are created from the same parent class but have overload operators and performing different methods. D: Polyinstantiation does allow a relation (table) to contain multiple tuples (rows) with the same primary key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1136, 1170, 1186 http://en.wikipedia.org/wiki/Polyinstantiation https://en.wikipedia.org/wiki/Relational_database_management_system https://en.wikipedia.org/wiki/Polymorphism_(computer_science) QUESTION 1236 Business rules can be enforced within a database through the use of A. B. C. D.

Proxy Redundancy Views Authentication

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: Business rules can run on (base) tables or on views. In database theory, a view is the result set of a stored query on the data, which the database users can query just as they would in a persistent database collection object. This pre-established query command is kept in the database dictionary. Incorrect Answers: CISSP

A: Proxies are not use in databases. In computer networks, a proxy server is a server (computer) which clients (people or computers) use to access other computers. B: The concept of redundancy is not used within a database to enforce business rules. D: Business rules use views (or tables) not authentication. References: https://en.wikipedia.org/wiki/View_(SQL) QUESTION 1237 The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years. The following items have been on the list for many years. What of the choices below represent threats that have been at the top of the list for many years? A. B. C. D.

Cross Site Scripting and Dynamic Unicode injection attacks SQL injection and Cross Site Scripting attacks SQL Injection and Weak Authentication and Session Management attacks Cross Site Scripting and Security Misconfigurations attacks

Correct Answer: B Section: Software Development Security Explanation Explanation/Reference: Explanation: SQL injection and Cross Site scripting attacks are the top two risks on the OWASP list. The top risks identified by the Open Web Application Security Project (OWASP) group as of 2013 are as follows: A1: Injection Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards Incorrect Answers: A: OWASP refers to SQL, OS, and LDAP injections, not to Dynamic Unicode injection. C: Weak Authentication and Session Management attacks are ranked third on the OWASP list. D: Security Misconfiguration is ranked third on the OWASP list. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, pp. 1109-1110 QUESTION 1238 What is the purpose of Trusted Distribution? A. B. C. D.

To ensure that messages sent from a central office to remote locations are free from tampering. To prevent the sniffing of data as it travels through an untrusted network enroute to a trusted network. To ensure that the Trusted Computing Base is not tampered with during shipment or installation. To ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack.

CISSP

Correct Answer: C Section: Software Development Security Explanation Explanation/Reference: Explanation: The purpose of trusted distribution is to ensure that the Trusted Computing Base is not tampered with during shipment or installation. Hostile attacks may occur on computer systems when they are in use, but it is also possible for computer systems to be attacked even before they are installed at a customer site. Trusted distribution is one link in a chain of assurances provided by trusted systems. It is helpful to take a look at all of the other activities that take place to ensure that the system in operation is the one that the vendor and customer agree upon. The following is a summary of the assurances that are needed to ensure that the product delivered to a customer site is operating under a correct implementation of the system's security policy: Assurance that the product evaluated is the one the manufacturer built Assurance that the product built is the one that was sent Assurance that the product sent is the one the customer site received. Incorrect Answers: A: It is not the purpose of trusted distribution to ensure that messages sent from a central office to remote locations are free from tampering. B: It is not the purpose of trusted distribution to prevent the sniffing of data as it travels through an untrusted network enroute to a trusted network. D: It is not the purpose of trusted distribution to ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack. References: http://home.bi.no/fag86013/annet/trdistgd.html

CISSP

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF