CISSP - 1 Flashcards
Web spoofing is what type of attack? A. Buffer Overflow B. Covert channel C. Brute force D. Man-in-the-middle
D. Man-in-the-middle
Which of the following is the GREATEST deterrent to brute force login attacks? A. Use strong passwords B. Prohibiting initial password delivery via e-mail C. Lock out account after a certain number of failed attempts D. Use smart cards
D. Use smart cards
The GREATEST challenge for security of voicemail systems is A. Password complexity B. The presence of stale mailboxes C. Direct Inward System Access D. the use of interactive voice response
A. Password complexity
Point-to-Point Protocol is vulnerable to attack because A. PPP passwords for other systems are stored in the clear B. systems by default accept all incoming PPP connection requests C. it lacks any means for authentication D. its communication are all in the clear and exposed to eavesdroppers
D. its communication are all in the clear and exposed to eavesdroppers
What must be defined prior to designing a security policy? A. Number of IT personnel in the security department B. Physical security controls on corporate network C. The number of firewall security appliances on the network D. The budget assigned to the security department
B. Physical security controls on corporate network
What is the MOST critical factor in the success of an enterprise security strategy? A. Ability to effectively monitor the enterprise B. Budget available for security department C. Senior management support D. Thorough security awareness plans
C. Senior management support
In software Development Life Cycle, enumerating all possible attack paths and identifying the necessary controls are performed at the A. Initiation phase B. Design Phase C. Development Phase D. Testing Phase
B. Design Phase
Which of the following is the PRIMARY purpose for code obfuscation? A. Protects confidentiality of security controls in the software B. Decreases the complexity of testing C. Increases the difficulty of reverse engineering D. Increases performance during compilation
C. Increases the difficulty of reverse engineering
What is the principal difference between open Pretty Good Privacy and Secure Multipurpose Internet Mail Extensions A. Open PGP makes use of a Certificate Authority whereas S/MIME does not B. S/MIME uses outdated cryptographic algorithms C. The method of key exchange is different between S/MIME and open PGP D. Open PGP uses an asymmetric key algorithm whereas S/MIME uses a symmetric algorithm
C. The method of key exchange is different between S/MIME and open PGP
Which security measure BEST provides non-repudiation in e-mail? A. Digital Signature B. Doublelength key encrypting key C. Message authentication D. Triple Data Encryption Standard
A. Digital Signature
Which security model considers a subject can read information developed by a subordinate but can’t alter it? A. Brewer-Nash B. Biba C. Bell-LaPadula D. Clark-Wilson
C. Bell-LaPadula
Which of the following separates trusted network-level partitions from untrusted network-level areas? A. Fault tolerant systems B. Reference monitor C. Security perimeter D. Loadbalancing systems
C. Security perimeter
Why does requiring employees to take their vacations help control security risk? A. Access can be disabled for the duration of the person’s absence B. Misuse is most likely to be noticed during the person’s absence C. Investigations are easier to conduct in the employee’s absence D. Employee health and safety requirements are a priority
B. Misuse is most likely to be noticed during the person’s absence
A stack overflow attack that crashes a Transmission Control Protocol/Internet Protocol service daemon can result in a serious security breach because the A. process does not implement proper object reuse B. process is executed by a privileged entity C. network interface becomes promiscuous D. daemon can be replaced by a Trojan horse
B. process is executed by a privileged entity
Business continuity training for employees should be held A. over a weekend so key personnel are not inconvenienced B. after business hours to avoid business interruptions C. on a random basis after a disaster occurs D. on a regularly scheduled basis
D. on a regularly scheduled basis