CISSP - 6 Flashcards

1
Q

The three implementable classifications of access control are administrative, physical and A. detective B. preventive C. reactive D. technical

A

D. technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of assessment tests the ability of an organization to know who, what, where, and when devices are connected to the network? A. Infrastructure B. Initial technical C. Access control D. Change impact

A

C. Access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is the primary benefit of deploying a Single Sign solution? A. Improved account maintenance B. reduced account synchronization C. reduced password fatigue D. increased password complexity?

A

C. reduced password fatigue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

At which layer in the Open Systems Interconnection Reference Model does encryption and decryption take place? A. Presentation B. Application C. Session D. Transport

A

A. Presentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does a router determine the network address for a packet with destination address of 10.21.41.3? A. Extracts the port number in the IP header B. Uses the Internet Control Message Protocol C. Locates the last two segments of the IP address D. Calculates it from the IP address and subnet mask

A

D. Calculates it from the IP address and subnet mask

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Man in the middle attacks are facilitated through A. snarfing B. spoofing C. spamming D. SYN flooding

A

B. spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A database programmer’s faulty program automatically altered some database parameters of an organization’s confidential information. What security principle was violated by this? A. confidentiality B. integrity C. availability D. non-repudiation

A

B. integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Out of the following, what type of information requires the utmost protection in an organization A. public B. confidential C. internal use only D. restricted

A

D. restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The cost aspect of risk, typically associated with some type of loss, is known as a threat’s A. rating B. impact C. likelihood D. class

A

B. impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When purchasing proprietary software from a vendor, source code escrow is best used to protect against A. system data loss B. vendor bankruptcy C. copyright violation D. legal liability

A

B. vendor bankruptcy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following vulnerabilities can be triggered by aggregation? A. privilege escalation B. structured query language injection C. cross site scripting D. forceful browsing

A

A. privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When a financial transaction is digitally signed, which of the following additional safeguards can be used to prevent the same transaction from being processed again? A. include a timestamp in the message B. include a message authentication code C. encrypt the entire message excluding the digital signature D. encrypt the entire message including the digital signature

A

A. include a timestamp in the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A hash function is used in the signature generation process to obtain a condensed version of the data to be signed; the condensed version of the data is often called a A. message digest B. public key C. data security standard D. encrypted payload

A

A. message digest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data encryption as a method of protecting data A. requires good key management B. is easily administered C. is not resource intensive D. is the cheapest way to protect data

A

A. requires good key management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following statements best describes steganography? A. the plain text input is converted to a cipher B. intent to protect data in its entirety C. intent to hide data in its entirety D. the plain text input is converted to a hashed output

A

C. intent to hide data in its entirety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A major advantage of an expert system is that A. it is an objective and complete response for a given set of facts at all times B. it emulates problem solving behavior of a single subject matter expert C. the inferences for a given set of facts can be changed D. it is a low cost alternative to employing a human expert

A

A. it is an objective and complete response for a given set of facts at all times

17
Q

Which of the following is effective to preventing cross site scripting attacks? A. add a challenge/response to the webform B. disable java script C. disable active X D. Use Advanced Encryption standard

A

B. disable java script

18
Q

The information security incident response team is primarily concerned with A. handling information security incidents B. implementing safeguards to avoid security incidents C. executing penetration tests to detect systems vulnerabilities D. ensuring that all applications are properly patched

A

A. handling information security incidents

19
Q

Software that can covertly capture personal information stored on or typed into a computer is commonly called A. spyware B. shovelware C. adware D. foistware

A

A. spyware

20
Q

Monitoring and capturing wireless signals provides a hacker with what significant advantage? A. defeats the tempest safeguards B. bypasses the security built into the target application C. gathers information or data without physical trespass D. compromise wired equivalent privacy security

A

C. gathers information or data without physical trespass

21
Q

As part of a BCP, electronic business data must be A. transported in an approved container B. retained for an indefinite period C. stored in a usable format D. recorded in a least three locations

A

C. stored in a usable format

22
Q

Which of the following is the best trigger for an organization to review its BCP/DRP? A. procurement of new assets B. when a new security practitioner is assigned C. operating system patch update D. mail deliveries

A

A. procurement of new assets

23
Q

What convention provides a minimum level of international copyright protection? A. The Paris convention B. The Berne convention C. The Madrid Agreement D. The World Intellectual Property Organization

A

B. The Berne convention

24
Q

When developing plans to build a new facility or to relocate a business unit to another site, security considerations would incorporate A. third party security design solutions B. political agendas C. industry standards D. crime prevention through environmental design

A

D. crime prevention through environmental design

25
Q

Which device is best for making tailgating attacks impossible and can be installed to detect and record number of person’s entering and leaving a building A. cameras B. cipher locks with card swipe C. biometric scanning D. mantrap

A

D. mantrap