CISSP - 4 Flashcards

1
Q

Organizations and people that use computers can describe their needs for information security and trust in systems in terms of three major requirements. These requirements are A. concepts, awareness, and practicality B. confidentiality, integrity, and availability C. control, network, and technology D. features, assurances, and practices

A

B. confidentiality, integrity, and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Information Security Manager is reviewing hiring practices, background checks and personnel controls. What type of access control review is the Information Security Manager completing? A. Administrative B. Physical/Personnel C. Corrective D. Logical/Technical

A

A. Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To avoid long-term emloyees from acquiring excessive privileges audit control procedures must address teh following: A. Principle of least privilege B. Executive management privilege C. Segragation of duties D. Discretionary access control

A

A. Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is considered an industry standard for remote access Virtual Private Networks? A. Internet Key Exchange Extended Authentication B. Internet Security Association and Key Management Protocol C. Transport Layer Security D. Interior Gateway Routing Protocol

A

C. Transport Layer Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which attack is based on the principle given any input there is a fair chance to find a key that will leave that input unchanged? A. Fixed-Point Attack B. Birthday Attack C. Cut and Splice Attack D. Shortcut Attack

A

A. Fixed-Point Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internet Protocol Security provides security to traffic traversing a network at which point in the transmission? A. At the perimeter if IPSec is implemented on a router or firewall B. At the application level if IPSec is implemented on the desktop C. At the data link level if IPSec is implemented for link encryption D. At the transport layer if IPSec is implemented using TCP

A

A. At the perimeter if IPSec is implemented on a router or firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who is responsible for corporate information security? A. Supervisors B. Users C. System Administrators D. Executive Management

A

D. Executive Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Business and technology goals are typically associated with the A. Business Impact Analysis B. Operational Plan C. Strategic Plan D. Tactical Plan

A

C. Strategic Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is identified as a Directive Control Vulnerability? A. Failure to train new late-shift operators in database rollback process B. The new biometric lock resulted in a high false acceptance rate C. Executive review of recent policy changes was postponed due to other conflicts D. The process for transferring audit logs to a central repository failed and was undetected for serveral days

A

C. Executive review of recent policy changes was postponed due to other conflicts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Known security vulnerabilities related to object sharing, trust, unprotected data channels, and timing issues are best addressed A. if redundant failover is built into the system B. in the design phase of development C. to avoid cascading runtime errors D. during the test stage of development

A

B. in the design phase of development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Polyinstantiation in a database is meant to prevent what kind of attack? A. Inference B. Privilege escalation C. SQL injection D. Denial of Service

A

A. Inference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is a form of cryptography technique that is unbreakable? A. Polyalphabetic substitution rotary ciphers B. Rivest-Shamir-Adleman public key C. Keyed Vernam ciphers D. One-time pad ciphers

A

D. One-time pad ciphers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which one of the following provides data security using factorization of large integers? A. Rivest-Shamir-Adleman B. Data Encryption Standard C. Bell-LaPadula Model D. Diffie-Hellman Model

A

A. Rivest-Shamir-Adleman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is an advantage of using steganography when compared to using encryption? A. Can be used to protect all forms of data B. Concealment that secret communication is used C. Method is secure even after discovery of use D. More secure in protecting data

A

B. Concealment that secret communication is used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the main reason that Public key encryption alogrithms have significantly longer key lengths than symmetric encryption algorithms? A. Public key algorithms are susceptible to techniques that significantly reduce the effective key length B. Longer keys are required for the session key exchange process C. Symmetric ciphers are optimised for implementation in hardware D. Brute force attacks are conducted against private keys

A

A. Public key algorithms are susceptible to techniques that significantly reduce the effective key length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In what security mode is a system operating when two or more classification levels of information are processed simulateneously and not all users have a clearance for all data handled by the system? A. Partitioned B. Dedicated C. System High D. Multilevel

A

D. Multilevel

17
Q

An organization is using virtual machines on the user’s computer. This virtual machine becomes infected with malware. What is the best way to remove the malware from the machine? A. roll back the system from a point prior to infection B. follow cleanup instructions provided by anti-malware vendor C. reinstall the operating system in the virtual machine D. load an image from prior to infection

A

D. load an image from prior to infection

18
Q

The first action to take when physical security is breached and resources are compromised in a workplace is to A. notify the incident response team B. turn off compromised system C. activate fail-safe on facility access points D. examine facility access logs

A

A. notify the incident response team

19
Q

All of the following are part of an incident response plan except A. definition of an incident B. steps to respond to an incident C. assessment of the risk of an incident D. roles and responsibilities during an incident

A

C. assessment of the risk of an incident

20
Q

Decryption and verification of information contained in a message can be done by A. Only the encrypting party B. Only the party to whom the message was addressed C. Anyone with the public key of the sender D. Anyone with the private key of the intended recepient

A

C. Anyone with the public key of the sender

21
Q

What is the primary driver for selecting a disaster recovery strategy? A. recovery time sensitivity B. cost of implementing the strategy C. location of the alternate site D. access to the spare equipment

A

A. recovery time sensitivity

22
Q

All of the following are included in the ISC2 Code of Ethics except A. report all vulnerabilities to the public immediately B. provide diligent and competent service to principals C. protect society, the commonwealth, and the infrastructure D. act honorably, honestly, justly, responsibly, and legally

A

A. report all vulnerabilities to the public immediately

23
Q

Information retention policy should be clearly defined to all employees to protect the company from issues related to A. security B. financial fraud C. discovery D. privacy

A

C. discovery

24
Q

Which of the following helps detect unauthorized equipment? A. component checklist B. anti-virus scans C. physical inventories D. spy sweepers

A

C. physical inventories

25
Q

Why do organizations require all persons to visibly display badges with pertinent information? A. to verify the identity of the wearer B. to promote employee relations C. to ensure the wearer can be tracked D. to allow electronic entry

A

A. to verify the identity of the wearer