Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cissp-ac > Al's Cissp > Flashcards

Al's Cissp Flashcards

1
Q

An Electrical provider must maintain documentation of their electronic security perimeter in precisely the way set forth in the North American Energy Reliability Corporation (NERC) Critical Infrastructure Protection documents, particularly CIP-005-1, or face significantly daily fines. What is this an example of?

Standards

Baselines

Practices

Policies

A

Standards

A Standard is non-negotiable. It must be followed to the fullest extent. A Baseline is a minimum configuration that is required across all of an organization’s technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following terms refers to a security hole that could result in an attack on a system?

Risk

Exposure

Threat

Vulnerability

A

Vulnerability

A ‘vulnerability’ refers to a security hole that can potentially be tapped, resulting in an attack. It is not that an attack has been made, just that the possibility exists. If an attacker uses a vulnerability then it is said to have been “exploited.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Before Joan can begin work at her new job, she must undergo a Criminal Background Check and participate in Security Awareness Training. What type of control are these preventative measures?

Technical Controls

Administrative Controls

Physical Controls

Resident Control

A

Administrative Controls

Administrative controls are preventative in nature and include background checks, drug testing, security training on the Human Resources side, and also include policies, procedures, and data classification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

After risks are mitigated, what is the amount of risk remaining called?

Annualized Loss Expectancy

Single Loss Expectancy

Residual Risk

Exposure Factor

A

Residual Risk

After a Risk Analysis is performed, controls may be implemented. The risk that remains and is not mitigated by the controls is called Residual Risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following has the highest potential to be a security hazard to a company that has well-defined security procedures.

An employee who performs critical duties is fired.

The Information Security Officer falls ill.

Grid power is lost for 3 hours

A web server containing employee performance data crashes.

A

An employee who performs critical duties is fired.

Among these choices, the greatest risk is from an employee performing critical duties being fired. He may be in a position to compromise the security if he is disgruntled and wants to ‘get back’. The other situations will be handled well since the company has a well-defined security procedures in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Senior management plans to implement a security policy that outlines what can and cannot be done with employees’ e-mail for monitoring purposes and to address privacy issues. What would such a security policy be called?

Advisory

Issue-specific

System-specific

Organizational

A

Issue-specific

Issue-specific policies are also called functional implementing policies. They address specific issues that management feels needs more explanation and attention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following denotes the magnitude of potential losses due to a threat?

Risk

Exposure

Vulnerability

Loss

A

Exposure

Exposure is the magnitude of losses a potential vulnerability may cost an entity, if exploited by an agent of threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances?

Policies

Standards

Procedures

Guidelines

A

Guidelines

Guidelines are general approaches and provide the necessary flexibility to handle emergencies. Guidelines may also be certain recommended approaches / actions to handle certain scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Non-enforced password management on servers and workstations would be defined as a:

Risk

Threat Agent

Vulnerability

Threat

A

Vulnerability

A vulnerability is a S/W, hardware, or procedural weakness that could be easily exploited by an attacker. Non-enforced password management on servers and workstations is a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Information such as data that is critical to a company needs to be properly identified and classified. In general, what are the guidelines to classify data?

Classify all data irrespective of format (digital, audio, video) excluding paper.

Classify only data that is digital in nature and exists on the company servers.

Classify all data irrespective of the format it exists in (paper, digital, audio, video)

Classify only data that is digital in nature and exists on the company servers, desktops and all computers in the company.

A

Classify all data irrespective of the format it exists in (paper, digital, audio, video)

It might appear that one only needs to classify “digital data”. However, all data needs to be classified, irrespective of the format in which it exists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Which of the following roles is responsible for ensuring that the company complies with software license agreements?

Product-line manager

Process owner

Solution provider

Data analyst

A

Product-line manager

Product-line managers are responsible for ensuring that license agreements are complied with. They are also responsible for translating business objectives and specifications for the developer of a product or solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Once risk assessment of a company is performed, threats and vulnerabilities are identified and the total / residual risk is determined. Which of the following is not one of the ways in which risk is handled?

Risk Inference

Risk Mitigation

Risk Acceptance

Risk Avoidance

A

Risk Inference

Risk Inference is not a valid way to handle Risk. Risks are usually dealt with in four ways - risk mitigation, risk avoidance, risk transference and risk acceptance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following statements is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk?

A threat agent takes advantage of a vulnerability.

The probability of a fire causing damage is a risk.

A countermeasure can mitigate a vulnerability.

A vulnerability can expose a system to possible damage

A

A countermeasure can mitigate a vulnerability.

A countermeasure usually mitigates a risk and not a vulnerability. A vulnerability is just the potential possibility that a risk may occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The AIC triad is made up of three main principles of information security: availability, integrity and confidentiality. Which of the following threats can compromise data integrity?

Viruses

Social engineering

A

Viruses

Data integrity is compromised when it is modified by an unauthorized person or program and the accuracy of the data is no longer certain. Since a virus is able to alter system files and data, it can compromise data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following norms governs how banks can protect themselves and prevent themselves from overextending / becoming insolvent?

Basel II

International Banking Act

A

The Bank for International Settlements came up with a system by which banks could prevent themselves from overextending / becoming insolvent. This is known as Basel II Accord. Information security is a key part of the guidelines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Key stroke logging, shoulder surfing, and social engineering are methods for thwarting which of the information security principles?

Confidentiality

Integrity

A

The confidentiality of data is breached when unauthorized parties access it. Confidentiality breaches may be intentional by methods such as shoulder surfing or social engineering to gather passwords, or unintentional such as by failing to encrypt data while it is at rest or in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data on a server has been compromised due to a hack into the system. A forensic investigator needs to copy the data on a hard disk on the server. Which of these will be the first step to be performed as part of the process?

Ensure that a bit-level copy is performed sector by sector, using a specialized tool.

Ensure that the new media into which the hard disk is being copied is properly purged.

A

Ensure that the new media into which the hard disk is being copied is properly purged.

Among the given choices, the first step to be performed is to purge the new media completely before copying the hard disk contents. There have been instances where the media has contained prior information and was considered inadmissible in courts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Company Z’s systems are infected due to a virus attack through the network systems of company Q. If company Z sues company Q, this would be termed as:

Downstream liability

Upstream liability

A

This is termed as downstream liability. It is an important reason for companies to take proper precautions and protect their networks and systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An attack occurred on a computer network system and some data was compromised. If the company proceeds to court and initiates action against the attacker, which of the following people can testify and present their opinion of the case?

The security officer

An expert witness

A

An expert witness

In a court of law, the opinion rule applies. As a result, witnesses may only state facts pertaining to an issue and not their opinion. Only expert witnesses, who are considered subject matter experts, may testify and present an opinion of the issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Although the terms event and incident are often used interchangeably, they are different. Which of the following statements is incorrect in this context?

An incident may have a positive or a negative impact on the company.

An event is a negative occurrence that can be observed, verified and documented.

A

An incident may have a positive or a negative impact on the company.

An event is a negative occurrence that can be observed / verified / documented whereas an incident is a series of events that negatively affects the company. Virus, insider and terrorist attacks are incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is a benefit of job rotation?

Fraud Prevention

Job Rotation

Build skill redundancy

Cross training

All of the options

A

All of the choices listed are benefits of job rotation. Job rotation reduces the risk of fraud by reducing the risk of collusion between two individuals. Rotating individuals out of jobs helps build skill redundancy and cross training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Reducing or eliminating risk is accomplished by implementing which of the following?

Countermeasures

A risk management policy

A

Countermeasures are safeguards that are put in place to reduce or remove a potential risk. Countermeasures include virus scanning software, firewalls, mantraps, and badge readers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A hacker hacked into a system to access confidential data in an unauthorized manner. In order to prevent being tracked, he manually changed the IP address on the packets to show a different IP address than the actual one. This is called:

IP masking

IP spoofing

A

IP spoofing

This is called IP spoofing. Attackers spoof their IP addresses so that it becomes difficult, if not impossible for the victim to track them down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A credit card company has revamped its internal team structure. Earlier, an informal structure existed, but the new structure now houses an information security department. Ideally, to whom should this department report?

CIO

CISO

CEO

A

The CEO

A credit card company has high security needs. Ideally, in such an organization the information security department should report to the CEO directly. This minimizes message filtering and enhances communication. This also sends out a strong signal that the company values information security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

As part of the business impact analysis, individual threats are identified and loss criteria are applied. Which of the following is an incorrect criterion while considering business impact due to a potential disaster?

Decrease in operational expenses.

Loss of reputation

A

Decrease in operational expenses. When a disaster strikes, the operational expenses will most likely increase rather than decrease. All the other choices are correct and need to be included as part of loss criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the process of transferring transaction logs or journals to an offsite facility known as?

Electronic vaulting

Remote journaling

A

Remote journaling

Remote journaling is the process of moving journals or transaction logs offsite to another storage facility. This type of solution does not include the actual files, but only the logs containing any changes that have been made to the files since the last transfer. If for some reason data becomes corrupted, the log files can be retrieved and used to quickly restore the data. This is a very efficient means of recovery as only the changes need to be retrieved and applied to the data.

27
Q

A major storm has damaged the headquarters of Brighton Industries. Which of the following processes should be executed first?

Business continuity plan activation

Damage assessment

A

Damage assessment

Following a major event such a s fire, storm, or earthquake, the first process to be executed is the damage assessment. The assessment team will evaluate the extent of the damage, what processes have been impacted, and if they can be restored within the maximum tolerable downtime. Once these things have been determined, the team will decide if the BCP should be activated.

28
Q

The CEO of a drug-manufacturing company was aware of malpractices in the manufacture of certain drugs by the company. These drugs resulted in loss of life to some users of those drugs. The CEO is likely to be tried under:

Administrative, criminal and civil laws

Civil and criminal laws

A

In this scenario, the CEO is likely to be tried under all the three types of laws: 1. Civil law - because of the wrongs to certain individuals. 2. Criminal law - because the CEO willfully violated government laws. 3. Administrative law - because of the violation of regulatory standards.

29
Q

You are assigned the responsibility of performing a risk analysis to ensure that security is properly addressed in your organization. The first step would be to:

Carry out project sizing

Prepare a cost/benefit comparison.

A

Carry out project sizing

The first step in carrying out a risk analysis would be to carry out a project sizing. This is a very essential step and can mean the difference between project success and failure. It helps understand what assets and threats should be looked at and evaluated. If this step is not done properly, the project could end being budgeted wrongly. It may appear that the first step is to prepare a cost/benefit comparison, but that is a later step.

30
Q

Which of the following statements best describes the objectives of a Recovery Strategy?

They are measures put into place to help reduce the likelihood of a disaster.

They are predefined activities that will be used when a disaster strikes.

A

They are predefined activities that will be used when a disaster strikes.

Recovery strategies are predefined activities that will be used when a disaster strikes. They identify how the disaster and recovery should be handled. The recovery strategy should include documents about alternate sites and facilities, costs and alternatives, emergency response procedures, contact information, security procedures, and other systems that may need to be reviewed.

31
Q

Kate is the director of risk management at a large financial institution. Once each year, she is required by the board of directors to convene a table-top exercise based upon a disaster scenario. After several milestones are discussed in the exercise, she makes sure that the lessons learned are folded back into the BCP for more efficiency. This exemplifies which of the four elements of a business continuity plan?

Maintenance

Testing

A

Testing

Kate is testing the plan. Testing is a key aspect of the BCP because environments continually change. When the plan is tested (or exercised), improvements and efficiencies can be uncovered.

32
Q

The European Union takes individual privacy very seriously and has strict laws on what data is considered private. Which of these is not one of the European Union privacy principles?

Unnecessary data should not be collected

Data should only be kept for a maximum of 3 years from the time it was first collected.

A

Data should only be kept for a maximum of 3 years from the time it was first collected.

The European Union privacy principle does not specify a period for retention of data. It states that data should only be kept for as long as it is needed to accomplish the stated task.

33
Q

A security officer developed a security program to handle the security requirements of an organization. The first three stages of the life cycle of the security program were (a) Plan, (b) Implement and (c) Operate. Select a choice from the following which best represents the next activity to be done as part of the Security Program.

Monitor the program

Assign roles and responsibilities

A

Monitor the program

The next step in the process would be to monitor and evaluate the program. This would include reviewing logs, audit results, and service level agreements. This would also include development of improvements to the program.

34
Q

Separation of duties is an important aspect of operations security. Which of the following scenarios does not violate the separation of duties principle?

A computer user is allowed to install software and alter desktop configurations.

A computer user is allowed to install software and also to modify her security profile.

A

A computer user is allowed to install software and alter desktop configurations.

A computer user may be allowed to set an initial password, install software and alter desktop configurations. In this case, there is no breach of the separation of duties principle. However, the user must not be allowed to modify his/her security profile.

35
Q

Lighting in buildings is often controlled such that lights in different parts of the building turn on and off at different times. This gives potential intruders the impression that there are people at work in different parts of the building . What is this called?

Controlled lighting

Standby lighting

A

Standby lighting

This is referred to as standby lighting. It is similar to a technique used in residential homes where certain gadgets can be configured to turn lighting on or off at pre-determined times. This gives the illusion that the house is occupied. The same technique is used in companies and security guards can configure the times that lights turn on and off.

36
Q

A frame relay is a WAN solution that allows multiple companies and networks to share a WAN media. In this context, what is the equipment used at the company-end (such as a router or a switch) called?

DTE
DCE

A

DTE

The equipment used at the company’s end is called Data Terminal Equipment (DTE). It could be a router or a switch and provides connectivity between the company’s own network and the frame relay network. DCE is the equipment used by the service provider.

37
Q

Which of the following represents the correct sequence of activities in the event of a disaster?

Disaster, Interim operations, Alternate operations, Normal operations

Disaster, Recovery operations, Alternate operations, Normal operations

A

Disaster, Interim operations, Alternate operations, Normal operations

Once a disaster strikes, Interim operations kick in. These include emergency responses and situational assessments. This is then followed by alternate operations during which recovery and restoration operations are performed. This then allows the company to recover back to normal operations.

38
Q

At a generic level, evidence of a crime needs to be relevant to the case at hand and meet the criteria of the five rules of evidence. These rules states that:

Evidence must be authentic, complete, convincing, admissible and unaltered.

Evidence must be authentic, accurate, complete, convincing and admissible

A

Evidence must be authentic, accurate, complete, convincing and admissible

At a generic level, evidence in a computer crime needs to be relevant to the case at hand. The five rules of evidence are that it should be authentic, accurate, complete, convincing and admissible.

39
Q

A security officer would like to ensure that an early warning is received in case a fire breaks out. The early warning can then be used to sound a warning alarm to start off evacuation procedures. Which of these may be used as an early-warning device?

Smoke-activated detectors

Heat-activated detectors

A

Smoke-activated detectors

Smoke-activated detectors are very useful as early-warning devices. They operate using photo-electric devices, which detect variations in light intensity. If the beam of light produced by the device is obstructed due to smoke, an alarm sounds and this can be used to kick-off evacuation and other procedures.

40
Q

Which of the following is not an instance of a computer-targeted crime?

Carrying out hacktivism by defacing a government’s website

Capturing passwords and sensitive data

A

Carrying out hacktivism by defacing a government’s website

A computer-assisted crime is one in which a computer is a tool used to carry out a crime. A computer-targeted crime is one in which a computer is the victim of an attack to harm it. Hence, hacktivism, which involves protesting a government’s activities by defacing their websites is not a computer-targeted crime.

41
Q

The Clark-Wilson model establishes a system of subject-program-object bindings so that the subject does not have direct access to the object any more. Each data item is defined and changes are allowed only by a limited set of programs. Which of these is not a defined item?

Hidden data element (HDE)

Constrained data item (CDI)

A

A hidden data element (HDE) is not one of the items defined by the Clark-Wilson model. The other three are defined by the model. Additionally, an unconstrained data item is used to define data not controlled by the Clark-Wilson model.

42
Q

In which type of operating system do all of the operating system’s functionality work in ring 0 and in privileged or supervisory mode?

Monolithic operating systems

Virtual machines

A

In a monolithic operating system, all of the kernel’s activity takes place in privileged or supervisory mode. Hence, all the functionality is in ring 0. This improves performance but causes a security risk since more code runs in privileged mode and can be exploited by attackers.

43
Q

___ focal length lenses provide a wide angle view of an area, which is ideal in an open area such as a lobby. Long focal length lenses provide a very narrow view, which is more appropriate for small areas such as entry/ exit points.

Short

Long

A

Short

44
Q

The Rainbow Books are a series of security guidelines and standards published by various US government agencies. They are known as the Rainbow Books because each book has a different color cover. The ____ Book is called the Trusted Computer System Evaluation Criteria (TCSEC) and sets forth the requirements for assessing the security of a given computer system.

Blue

Orange

Red

A

Orange

45
Q

_____ warehousing could streamline data gathering and reporting for this organization. A _____warehouse consolidates data from different databases and provides it in a user friendly format. It is important to note the warehouse contains copies of the data from each source it services; when a user executes a query, the results returned are from the warehouse’s _____ store.

Data
Relational

A

Data

Relational

46
Q

_____ features require users to provide badges, PINs, or other authentication device every time a user enters and exits specified portals. If an employee fails to badge-out of a restricted area, he or she will be prohibited from re-entering that secured area without administrative intervention. This is a countermeasure against users sharing badges, PINs, etc.

Location logging

Anti-passback

A

Anti-passback

47
Q

Halon, a chlorofluorocarbon harmful to both humans and the ozone, was banned in 1987. It has not been manufactured since 1992, as per the terms of the Montreal Protocol. The most effective replacement for this fire suppression agent is

Argon

FE-200

A

FE-200

48
Q

When using electronic cipher locks, it is highly recommended that the keypad be _____ from view by anyone but the immediate user, to prevent unauthorized users from shoulder surfing key codes. These types of locks should also be connected to a _____ backup to ensure continuous operation of the lock during power outages.

Mantraped, egress control

Shielded, Battery

A

shielded , battery

49
Q

_____ is the highest level of maturity in the CMM framework. Organizations reaching this level have reached a point in their development processes where continuous improvement of existing processes is the focus. Less mature levels in the framework place the focus on developing, implementing, and managing standard, repeatable processes.

Optimizing

Managed

A

Optimizing

50
Q

_____ is a set of technical requirements for the reduction of electromagnetic waves for the purpose of making it very difficult for an attacker to gather information from those waves.

Faraday
Tempest

A

Tempest

51
Q

____ security mode, specified in DOD Directive 5200.28, is an operational mode in which all users have clearance or authorization, documented formal access approval, and a need to know the information stored on the system. _____ security mode can be implemented with a single or multiple data classification levels.

Dedicated
Privileged

A

Dedicated

52
Q

___is a standard that outlines how countermeasures can be developed to control spurious electrical signals that radiate from electrical equipment. Equipment that needs to be highly secure should prevent or control this type of radiation and adhere to the Tempest standards.

Faraday
Tempest

A

Tempest

53
Q

_____ is a negative occurrence that can be observed / verified / documented whereas an

Incident
Event

A

Event

54
Q

___ is a series of events that negatively affects the company. Virus, insider and terrorist attacks are of this type.

Incident
Event

A

Incident

55
Q

This is referred to as _____. It is similar to a technique used in residential homes where certain gadgets can be configured to turn lighting on or off at pre-determined times. This gives the illusion that the house is occupied. The same technique is used in companies and security guards can configure the times that lights turn on and off.

Standby lighting
Controlled Lightning

A

Standby lighting

56
Q

Once a disaster strikes, _____ kick in. These include emergency responses and situational assessments. This is then followed by alternate operations during which recovery and restoration operations are performed. This then allows the company to recover back to normal operations.

Disaster, Recovery operations, Emergency response, Normal operations.

Disaster, Interim operations, Alternate operations, Normal operations

A

Disaster, Interim operations, Alternate operations, Normal operations

57
Q

At a generic level, evidence in a computer crime needs to be relevant to the case at hand. The five rules of evidence are that it should be.

Evidence must be authentic, irrefutable, complete, convincing and admissible.

Evidence must be authentic, accurate, complete, convincing and admissible.

A

Evidence must be authentic, accurate, complete, convincing and admissible.

58
Q

In a _____ all of the kernel’s activity takes place in privileged or supervisory mode. Hence, all the functionality is in ring 0. This improves performance but causes a security risk since more code runs in privileged mode and can be exploited by attackers.

Virtual machines
Monolithic operating systems

A

Monolithic operating systems

59
Q

_____journaling is the process of moving journals or transaction logs offsite to another storage facility. This type of solution does not include the actual files, but only the logs containing any changes that have been made to the files since the last transfer. If for some reason data becomes corrupted, the log files can be retrieved and used to quickly restore the data. This is a very efficient means of recovery as only the changes need to be retrieved and applied to the data.

Remote
Data

A

Remote

60
Q

A _____ is used when there is requirement to split up a network into collision domains and broadcast domains.

router
bridge

A

router

61
Q

A _____ can do simple filtering to separate collision domains

router
bridge

A

bridge

62
Q

EEC - Elyptical curve encryption
Good for mobile devices does not consume all CPU

True
Falase

A

True

63
Q

FM-200 was replaced by

Argon

FE-200

A

FE-200

cissp-ac (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions