CISSP - 4 Flashcards
Organizations and people that use computers can describe their needs for information security and trust in systems in terms of three major requirements. These requirements are A. concepts, awareness, and practicality B. confidentiality, integrity, and availability C. control, network, and technology D. features, assurances, and practices
B. confidentiality, integrity, and availability
The Information Security Manager is reviewing hiring practices, background checks and personnel controls. What type of access control review is the Information Security Manager completing? A. Administrative B. Physical/Personnel C. Corrective D. Logical/Technical
A. Administrative
To avoid long-term emloyees from acquiring excessive privileges audit control procedures must address teh following: A. Principle of least privilege B. Executive management privilege C. Segragation of duties D. Discretionary access control
A. Principle of least privilege
What is considered an industry standard for remote access Virtual Private Networks? A. Internet Key Exchange Extended Authentication B. Internet Security Association and Key Management Protocol C. Transport Layer Security D. Interior Gateway Routing Protocol
C. Transport Layer Security
Which attack is based on the principle given any input there is a fair chance to find a key that will leave that input unchanged? A. Fixed-Point Attack B. Birthday Attack C. Cut and Splice Attack D. Shortcut Attack
A. Fixed-Point Attack
Internet Protocol Security provides security to traffic traversing a network at which point in the transmission? A. At the perimeter if IPSec is implemented on a router or firewall B. At the application level if IPSec is implemented on the desktop C. At the data link level if IPSec is implemented for link encryption D. At the transport layer if IPSec is implemented using TCP
A. At the perimeter if IPSec is implemented on a router or firewall
Who is responsible for corporate information security? A. Supervisors B. Users C. System Administrators D. Executive Management
D. Executive Management
Business and technology goals are typically associated with the A. Business Impact Analysis B. Operational Plan C. Strategic Plan D. Tactical Plan
C. Strategic Plan
Which of the following is identified as a Directive Control Vulnerability? A. Failure to train new late-shift operators in database rollback process B. The new biometric lock resulted in a high false acceptance rate C. Executive review of recent policy changes was postponed due to other conflicts D. The process for transferring audit logs to a central repository failed and was undetected for serveral days
C. Executive review of recent policy changes was postponed due to other conflicts
Known security vulnerabilities related to object sharing, trust, unprotected data channels, and timing issues are best addressed A. if redundant failover is built into the system B. in the design phase of development C. to avoid cascading runtime errors D. during the test stage of development
B. in the design phase of development
Polyinstantiation in a database is meant to prevent what kind of attack? A. Inference B. Privilege escalation C. SQL injection D. Denial of Service
A. Inference
Which of the following is a form of cryptography technique that is unbreakable? A. Polyalphabetic substitution rotary ciphers B. Rivest-Shamir-Adleman public key C. Keyed Vernam ciphers D. One-time pad ciphers
D. One-time pad ciphers
Which one of the following provides data security using factorization of large integers? A. Rivest-Shamir-Adleman B. Data Encryption Standard C. Bell-LaPadula Model D. Diffie-Hellman Model
A. Rivest-Shamir-Adleman
Which of the following is an advantage of using steganography when compared to using encryption? A. Can be used to protect all forms of data B. Concealment that secret communication is used C. Method is secure even after discovery of use D. More secure in protecting data
B. Concealment that secret communication is used
What is the main reason that Public key encryption alogrithms have significantly longer key lengths than symmetric encryption algorithms? A. Public key algorithms are susceptible to techniques that significantly reduce the effective key length B. Longer keys are required for the session key exchange process C. Symmetric ciphers are optimised for implementation in hardware D. Brute force attacks are conducted against private keys
A. Public key algorithms are susceptible to techniques that significantly reduce the effective key length