CISSP - 1 Flashcards

1
Q

Web spoofing is what type of attack? A. Buffer Overflow B. Covert channel C. Brute force D. Man-in-the-middle

A

D. Man-in-the-middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is the GREATEST deterrent to brute force login attacks? A. Use strong passwords B. Prohibiting initial password delivery via e-mail C. Lock out account after a certain number of failed attempts D. Use smart cards

A

D. Use smart cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The GREATEST challenge for security of voicemail systems is A. Password complexity B. The presence of stale mailboxes C. Direct Inward System Access D. the use of interactive voice response

A

A. Password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Point-to-Point Protocol is vulnerable to attack because A. PPP passwords for other systems are stored in the clear B. systems by default accept all incoming PPP connection requests C. it lacks any means for authentication D. its communication are all in the clear and exposed to eavesdroppers

A

D. its communication are all in the clear and exposed to eavesdroppers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What must be defined prior to designing a security policy? A. Number of IT personnel in the security department B. Physical security controls on corporate network C. The number of firewall security appliances on the network D. The budget assigned to the security department

A

B. Physical security controls on corporate network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the MOST critical factor in the success of an enterprise security strategy? A. Ability to effectively monitor the enterprise B. Budget available for security department C. Senior management support D. Thorough security awareness plans

A

C. Senior management support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In software Development Life Cycle, enumerating all possible attack paths and identifying the necessary controls are performed at the A. Initiation phase B. Design Phase C. Development Phase D. Testing Phase

A

B. Design Phase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the PRIMARY purpose for code obfuscation? A. Protects confidentiality of security controls in the software B. Decreases the complexity of testing C. Increases the difficulty of reverse engineering D. Increases performance during compilation

A

C. Increases the difficulty of reverse engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the principal difference between open Pretty Good Privacy and Secure Multipurpose Internet Mail Extensions A. Open PGP makes use of a Certificate Authority whereas S/MIME does not B. S/MIME uses outdated cryptographic algorithms C. The method of key exchange is different between S/MIME and open PGP D. Open PGP uses an asymmetric key algorithm whereas S/MIME uses a symmetric algorithm

A

C. The method of key exchange is different between S/MIME and open PGP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which security measure BEST provides non-repudiation in e-mail? A. Digital Signature B. Doublelength key encrypting key C. Message authentication D. Triple Data Encryption Standard

A

A. Digital Signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which security model considers a subject can read information developed by a subordinate but can’t alter it? A. Brewer-Nash B. Biba C. Bell-LaPadula D. Clark-Wilson

A

C. Bell-LaPadula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following separates trusted network-level partitions from untrusted network-level areas? A. Fault tolerant systems B. Reference monitor C. Security perimeter D. Loadbalancing systems

A

C. Security perimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why does requiring employees to take their vacations help control security risk? A. Access can be disabled for the duration of the person’s absence B. Misuse is most likely to be noticed during the person’s absence C. Investigations are easier to conduct in the employee’s absence D. Employee health and safety requirements are a priority

A

B. Misuse is most likely to be noticed during the person’s absence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A stack overflow attack that crashes a Transmission Control Protocol/Internet Protocol service daemon can result in a serious security breach because the A. process does not implement proper object reuse B. process is executed by a privileged entity C. network interface becomes promiscuous D. daemon can be replaced by a Trojan horse

A

B. process is executed by a privileged entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Business continuity training for employees should be held A. over a weekend so key personnel are not inconvenienced B. after business hours to avoid business interruptions C. on a random basis after a disaster occurs D. on a regularly scheduled basis

A

D. on a regularly scheduled basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The main difference between the Disaster Recovery Plan and the Business Continuity Plan is A. The BCP needs to be tested and maintained more frequently than the DRP because the DRP is needed when a disaster happens B. a DRP identifies the Information Technology assets and concentrates on recovery of IT infrastructure, the BCP concentrates on maintaining and conducting business while the IT assets are unavailable C. the BIA is only required to be performed for a BCP and not for a DRP D. a DRP is a subset of BCP and not need the call lists

A

B. a DRP identifies the Information Technology assets and concentrates on recovery of IT infrastructure, the BCP concentrates on maintaining and conducting business while the IT assets are unavailable

17
Q

Which of the following companies don’t have to comply with Sarbanes-Oxley legislation? A. United States based enterprise with operating companies in 50 different countries B. United Kingdom quoted on the United States stock exchange with operations in Europe C. United States based enterprise which operates in the United States D. United Kingdom privately held enterprise which operates only in the United Kingdom and Europe

A

D. United Kingdom privately held enterprise which operates only in the United Kingdom and Europe

18
Q

Discovery of which of the following MOST increases the risk of identity theft? A. Birth date and gender B. Name and personal information C. Mother’s maiden name and current address D. Internet protocol address and Transmission Control Protocol Port .

A

B. Name and personal information

19
Q

How could the use of e-mail affect expectations of privacy? A. Privacy can be expected if both sender and receiver delete their message archives on a regular basis B. Privacy cannot be expected because once the message is sent, all control of its distribution is lost C. Privacy can be expected if the message is transmitted with text authentication D. Privacy cannot be expected if Rivest-Shamir-Adleman encryption is used because the sender used their private key

A

B. Privacy cannot be expected because once the message is sent, all control of its distribution is lost

20
Q

When developing plans to secure access to an asset management facility, the physical identification procedures should address the A. rights and privileges extended to staff B. elliptical curve and discrete logarithm problems C. customer SLA D. financial cost of the access control system

A

A. rights and privileges extended to staff

21
Q

Closed Circuit TV is considered part of which access control category? A. Compensating B. Preventative C. Deterrent D. Directive

A

C. Deterrent

22
Q

The SSL protocol provides security services between which layers of the OSI model? A. Physical and Data Link B. Transport and Session C. Network and Transport D. Presentation and Application

A

B. Transport and Session

23
Q

Which of the following is a basic feature of the Waterfall development model? A. it allows for a prototype to be constructed quickly by skipping development phases B. it uses risk driven approach during each phase of the model C. it assumes completion of each phase of the model before moving on to the next phase D. it needs an open architecture to complete each phase of the model

A

C. it assumes completion of each phase of the model -before moving on to the next phase

24
Q

Memory space is typically shared between A. threads of different processes B. threads of the same process C. processes of different threads D. processes of the same thread

A

B. threads of the same process

25
Q

What type of recovery site is configured with power, cooling, and network cabling, but not actual computing equipment? A. Hot site B. Warm site C. Cold site D. Dual site

A

B. Warm site