CISSP - 6 Flashcards
The three implementable classifications of access control are administrative, physical and A. detective B. preventive C. reactive D. technical
D. technical
What type of assessment tests the ability of an organization to know who, what, where, and when devices are connected to the network? A. Infrastructure B. Initial technical C. Access control D. Change impact
C. Access control
Which of the following is the primary benefit of deploying a Single Sign solution? A. Improved account maintenance B. reduced account synchronization C. reduced password fatigue D. increased password complexity?
C. reduced password fatigue
At which layer in the Open Systems Interconnection Reference Model does encryption and decryption take place? A. Presentation B. Application C. Session D. Transport
A. Presentation
How does a router determine the network address for a packet with destination address of 10.21.41.3? A. Extracts the port number in the IP header B. Uses the Internet Control Message Protocol C. Locates the last two segments of the IP address D. Calculates it from the IP address and subnet mask
D. Calculates it from the IP address and subnet mask
Man in the middle attacks are facilitated through A. snarfing B. spoofing C. spamming D. SYN flooding
B. spoofing
A database programmer’s faulty program automatically altered some database parameters of an organization’s confidential information. What security principle was violated by this? A. confidentiality B. integrity C. availability D. non-repudiation
B. integrity
Out of the following, what type of information requires the utmost protection in an organization A. public B. confidential C. internal use only D. restricted
D. restricted
The cost aspect of risk, typically associated with some type of loss, is known as a threat’s A. rating B. impact C. likelihood D. class
B. impact
When purchasing proprietary software from a vendor, source code escrow is best used to protect against A. system data loss B. vendor bankruptcy C. copyright violation D. legal liability
B. vendor bankruptcy
Which of the following vulnerabilities can be triggered by aggregation? A. privilege escalation B. structured query language injection C. cross site scripting D. forceful browsing
A. privilege escalation
When a financial transaction is digitally signed, which of the following additional safeguards can be used to prevent the same transaction from being processed again? A. include a timestamp in the message B. include a message authentication code C. encrypt the entire message excluding the digital signature D. encrypt the entire message including the digital signature
A. include a timestamp in the message
A hash function is used in the signature generation process to obtain a condensed version of the data to be signed; the condensed version of the data is often called a A. message digest B. public key C. data security standard D. encrypted payload
A. message digest
Data encryption as a method of protecting data A. requires good key management B. is easily administered C. is not resource intensive D. is the cheapest way to protect data
A. requires good key management
Which of the following statements best describes steganography? A. the plain text input is converted to a cipher B. intent to protect data in its entirety C. intent to hide data in its entirety D. the plain text input is converted to a hashed output
C. intent to hide data in its entirety