Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > CISSP > Flashcards

CISSP Flashcards

1
Q

Which business continuity document is a functional analysis that lists the critical and necessary business functions, their resource dependencies, and their level of criticality to the overall organization?

A

Business Impact Analysis (BIA)

A business impact analysis (BIA) is a functional analysis that lists the critical and necessary business functions, their resource dependencies, and their level of criticality to the overall organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which business continuity document considers all aspects that are affected by a disaster, including functions, systems, personnel, and facilities, and lists and prioritizes the services that are needed?

A

Business Continuity Plan (BCP)

The business continuity plan (BCP) considers all aspects that are affected by a disaster, including functions, systems, personnel, and facilities, and lists and prioritizes the services that are needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the first step of business continuity?

A

Develop the continuity planning policy statement.

The first step of business continuity is to develop the continuity planning policy statement. All the other listed statements should be completed only after the continuity planning policy statement has been written.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In which phase of embedded device analysis are checksums utilized?

A

Preservation

Preservation: Focuses on preserving original artifacts in a way that is reliable, complete, accurate, and verifiable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Management has decided that your organization needs to implement an alternative site. Although it is willing to allocate some funds to provide an infrastructure for the site, it cannot allocate enough funds to place computers at the new facility. Which site should you implement?

A

Warm Site

A warm site contains telecommunications equipment but no computers and is cheaper than a hot site but more expensive than a cold site. It takes longer to recover than a hot site but shorter to recover than a cold site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of an account lockout policy?

A

An account lockout policy ensures that an account can no longer be used after a certain number of unsuccessful login attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your organization needs an alternative facility that will enable the organization to recover as quickly as possible. Management is willing to allocate substantial monetary resources for this. Which site should you implement?

A

Hot Site

You should implement a hot site because this site will allow you to recovery as quickly as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which document is an agreement between a software vendor and a business customer, such as a company or organization, specifying terms of use?

A

Software License Agreement

Software license agreement: An agreement between a software vendor and a business customer specifying terms of use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which statement BEST describes the Internet Engineering Task Force (IETF)?

A

The Internet Engineering Task Force (IETF) is a group dedicated to making the Internet better.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a series of actions or steps taken in order to achieve a particular end?

A

Process

A process is a series of actions or steps taken in order to achieve a particular end. Organizations will define individual processes and their relationship to one another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a system-specific policy?

A

Database Server Security Policy

A database server security policy is a system-specific policy because it covers a specific set of systems. All the other listed policies are issue-specific policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which RFC is called Ethics and the Internet?

A

RFC 1087

RFC 1087 outlines concepts pertaining to what the IAB considers unethical and unacceptable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which background check is the MOST important when hiring someone who will work with children?

A

Criminal History

Criminal history is the MOST important when hiring someone who will work with children.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which organizational role owns a system and must work with other users to ensure that data is secure?

A

System Owner

The system owner owns a system and must work with other users to ensure that data is secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which RAID method does not provide fault tolerance?

A

RAID 0

RAID 0: Also called disk striping, this method writes the data across multiple drives, but although it improves performance, its does not provide fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which background check is the MOST important when hiring someone who will drive a motor vehicle?

A

Driving Record

A driving record background check is the MOST important when hiring someone who will drive a motor vehicle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is a component of business continuity, disaster recovery, and risk management and is considered as plan B?

A

Contingency Plan

A contingency plan is sometimes referred to as “Plan B” because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuity, disaster recovery, and risk management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A loss of electricity is an example of which type of threat?

A

System Threats

System threats: Threats that exist not from the forces of nature but from failures in systems that provide basic services such as electricity and utilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following protocols will populate the protocol field of the IP header with a value of 6?

A

TCP

The listed protocols will populate the protocol field of the IP header with the following values TCP- 6 UDP- 17 ICMP- 1 IGMP- 2 L2TP- 115.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Under the General Data Protection Regulation (GDPR), which of the following allowed?

A

Information collected from users can be shared with exclusive permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What characteristic is present if transactions do not interact with other transactions until completion?

A

Isolation

Isolation: Transactions do not interact with other transactions until completion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following is the reallocation of system resources after ensuring that there is no residual data left on the medium?

A

Object Reuse

Object reuse: The allocation or reallocation of system resources after ensuring that there is no residual data left on the medium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

In the military, which information is usually considered unclassified?

A

Recruitment Numbers

Recruitment numbers are usually considered unclassified in the military.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

In a distributed environment, which of the following is software that ties the client and server software together?

A

Middleware

In a distributed environment, middleware is software that ties the client and server software together. It is neither a part of the operating system nor a part of the server software. It is the code that lies between the operating system and applications on each side of a distributed computing system in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following methods includes degaussing?

A

Purging

Degaussing, a purging technique, exposes the media to a powerful, alternating magnetic field, removing any previously written data and leaving the media in a magnetically randomized (blank) state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the highest level of classification for commercial systems?

A

Confidential

Commercial systems usually use the following classifications, from highest to lowest:
Confidential
Private
Sensitive
Public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following methods chemically alters the media?

A

Pulping

Pulping chemically alters the media.
Destruction is the physical act of destroying media in such a way that it cannot be reconstructed.
Shredding involves physically breaking media to pieces. Pulverizing involves reducing media to dust.Finally, burning incinerates the media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following components should be considered as part of any information classification system?

A

All the Statements

Access Control Measures
Backup/Recovery
Physical Security
Data Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is the last step of a data classification program?

A

Develop the data classification security awareness program.

30
Q

Which security technique controls what a user or group of users can see when they access the database?

A

Database Views

Database Views: Refers to the given set of data that a user or group of users can see when they access the database.

31
Q

Which of the following statements truly conveys the definition of data security?

A

Procedures, processes that protect data from unauthorized access.

Data security includes the procedures, processes, and systems that protect data from unauthorized access. Unauthorized access includes unauthorized digital and physical access. Data security also protects data against any threats that can affect data confidentiality, integrity, or availability.

32
Q

What is the last phase of the information life cycle?

A

Dispose/Store

The phases of the information life cycle are as follows:
Create/receive
Distribute
Use
Maintain
Dispose/store

33
Q

Which statement is TRUE regarding link encryption?

A

Packets are decrypted at each device.

In link encryption, the encryption affects the performance of all devices on the communication path. In link encryption, the entire packet is encrypted.

33
Q

Your organization is a government contractor that has access to the blueprints of several military helicopters. Which data classification level should be assigned to these assets?

A

Top Secret

Blueprints of military helicopters should be assigned to the top secret data classification level.

33
Q

Where should an organization keep the data if the data is needed used regularly and accessible to authorized users?

A

In the Primary Storage

33
Q

Which of the following is the BEST possible way to make the data unreadable?

A

Purging

Purging: Also referred to as sanitization, purging makes the data unreadable even with advanced forensic techniques. With this technique, data should be unrecoverable.

33
Q

U.S. federal agencies use which of the following designations when information is not classified but still needs to be protected and requires strict controls over its distribution?

A

Sensitive but Unclassified

U.S. federal agencies use the Sensitive but Unclassified (SBU) designation when information is not classified but still needs to be protected and requires strict controls over its distribution.

33
Q

Which of the following statements is true for a “Tuple” and an “Attribute” in relational database management systems (RDBMs)?

A

Tuple is a row in a table or view; Attribute is a column.

34
Q

What is the first phase of the information life cycle?

A

Create/Receive

The phases of the information life cycle are as follows:
Create/receive
Distribute
Use
Maintain
Dispose/store

35
Q

What is the property of a relational database called when one transaction in a database does not interact with other transactions until completion?

A

Isolation

Isolation: A transaction does not interact with other transactions until completion.

36
Q

Which encryption system uses a private or secret key that must remain secret between the two parties?

A

Symmetric Algorithm

A symmetric algorithm uses a private or secret key that must remain secret between the two parties.

37
Q

Which Common Criteria Evaluation Assurance Level (EAL) describes a system that ignores security threats?

A

EAL 1

38
Q

Which of the following is a location on the hard drive used temporarily for storage when memory space is low?

A

Virtual Memory

Virtual memory: A location on the hard drive used temporarily for storage when memory space is low.

39
Q

You distribute parts of a key to different entities so that the key can be recovered later. Which entity is responsible for a part of the key?

A

Trustee Agents

Trustee agents are responsible for part of the key. The parts of the key are distributed to the trustee agents, with each agent having a single part.

40
Q

Your organization has decided to use an out-of-band method to distribute the keys it will be using to another organization. The encryption scheme will be used to protect all communication between the organizations. Which of the following is an example of this type of distribution?

A

Sending by Courier

The only out -of-band method is to distribute the key by courier. The other methods are not out-of-band because they all involve the transmission of the keys over the medium that will be used for the communication.

41
Q

Which of the following is a relatively small amount of high speed RAM?

A

Cache

Cache- A relatively small amount of high speed RAM, which holds the instructions and data from primary memory, which has a high probability of being accessed during the currently executing portion of a program.

42
Q

In a PKI, what is a target?

A

A target is a path to a public key.

43
Q

Which model type focuses mainly on information flow?

A

Multilevel Lattice Model & Information Flow Model

Multilevel Lattice model: Developed mainly to deal with confidentiality issues and focuses mainly on information flow.

44
Q

A user contacts you regarding issues with transmitting a copy of his transcript to a potential contractor. When the user makes a copy of the transcript, a “Transcript cannot be copied” message is printed in a large font across the transcript. What is this an example of?

A

Digital Watermark

45
Q

Which algorithm performs 64 rounds of computations?

A

SHA-256

SHA-256 performs 64 rounds of computations.

46
Q

Which of the following methods searches for a specific data value in memory rather than using a specific memory address?

A

Associative Memory

Associative memory: Searches for a specific data value in memory rather than using a specific memory address.

47
Q

Which of the following addresses the entire primary memory space?

A

Absolute Addressing

Absolute addressing: Addresses the entire primary memory space.

48
Q

Which type of glass is heated to give it extra strength?

A

Tempered

Tempered glass: Created by heating the glass, which gives it extra strength.

49
Q

Which of the following is NOT an example of a system threat?

A

Floods

Floods are natural threats.

50
Q

Which algorithm uses a 128-, 192-, or 256-bit block size?

A

AES

AES supports a 128-, 192-, or 256-bit block size.

51
Q

Which term is used for the file or object after the message has been hidden within it?

A

Stego Medium

The term stego medium is the file or object after the message has been hidden. The payload is the message that is hidden.
The cover medium is the file or object before the message is hidden within it.
The carrier is the method of transmitting the stego medium.

52
Q

A computer’s central processing unit (CPU) works in fetch and execute cycles to run instructions of the larger programs. Where does the CPU actually perform the mathematical execution of instructions?

A

Arithmetic Logic Unit (ALU)

An arithmetic logic unit (ALU) in the CPU performs the actual execution of the instructions. The control unit acts as the system manager while instructions from applications and operating systems are executed.

53
Q

Which model type maintains the proper security relationship between objects and subjects in each state of operation?

A

State Machine Model

State Machine model: By examining every possible state the system could be in and ensuring that the system maintains the proper security relationship between objects and subjects in each state, the system is said to be secure.

54
Q

In a PKI, what is a trust anchor?

A

A trust anchor is a public key that verifies the certificate used in a digital signature.

55
Q

Which of the following reacts faster to a fire than nonoptical devices do?

A

Flame Actuated Sensor

Flame actuated sensor: Optical devices that “look at” the protected area. They generally react faster to a fire than nonoptical devices do.

56
Q

Your organization is considering deploying an application that uses Diffie-Hellman for key distribution. Which type of attack could this application be susceptible to?

A

Man-in-the-middle Attack

This application could be susceptible to man-in-the-middle attacks because it uses Diffie-Hellman. None of the other attacks is as likely. An organization should implement digital signatures or digital certificates for authentication at the beginning of the Diffie-Hellman process to protect against this type of attack.

57
Q

Which attack is aimed at wireless networks?

A

Emanations Capturing

Emanations capturing: Eavesdropping on wave frequencies to capture traffic.

58
Q

What is the purpose of a Dynamic Host Configuration Protocol (DHCP) service?that can be used to automate the process of assigning an IP configuration to the devices in the network?

A

Assigns IP configuration to devices in network.

59
Q

Which of the following layers of the TCP/IP model corresponds to the application, presentation, and session layers of the OSI model?

A

Application

Application: Corresponds to the application, presentation, and session layers of the OSI model.

60
Q

Which of the following allows networks to be segmented logically without physically rewiring the network?

A

VLAN

Virtual LAN (VLAN): Allows networks to be segmented logically without physically rewiring the network.

61
Q

Which of the following is a Class C address?

A

192.168.5.54

The IP Class C range of addresses is from 192.0.0.0 to 223.255.255.255.

62
Q

Why is the original version of File Transfer Protocol (FTP) considered outdated and should not be used?

A

It transmits username and password as cleartext.

63
Q

Which of the following protocols will populate the protocol field of the IP header with a value of 2?

A

IGMP

The listed protocols will populate the protocol field of the IP header with the following values: TCP- 6 UDP- 17 ICMP- 1 IGMP- 2 L2TP- 115.

64
Q

Which two of the following are protocols used to carry authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?

A

RADIUS & TACACS+

RADIUS is a standard published in RFC2138, whereas TACACS+ is a Cisco-proprietary method.

65
Q

What is maximum transmission speed of Direct-sequence spread spectrum (DSSS) that is used in 802.11 wireless technology?

A

11 mbps

66
Q

Which of the following best describes NFS?

A

NFS is a client/server file-sharing protocol used in UNIX/Linux.

Security+ (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions