CISSP - 7 Flashcards
The most common security breach of the physical access control at a work place is A. piggy back at the entrance B. Shoulder surfing someone C. using social networking D. allowing a smart phone
A. piggy back at the entrance
An efficient identity management solution would A. support any number of users necessary B. reduce repetitive tasks of user management C. properly manage profiles among diverse system D. allow complete, timely and accurate user management
B. reduce repetitive tasks of user management
Wired equivalent privacy uses which of the following ciphers? A. Rivest-Shamir Adleman B. Triple Data Encryption Standard C. Advanced Encryption Standard D. Rivest Cipher 4
D. Rivest Cipher 4
The first step in a transport layer security handshake is A. client sends the highest tls protocol version it supports to the server B. server sends the highest tls protocol version it supports to the client C. server provides its digital certificate to the client D. client provides its digital certificate to the server
A. client sends the highest tls protocol version it supports to the server
Which of the following is most important for an organization’s information security program to be effective? A. visible and active support from top management B. sufficient funds allocated to the information security program C. trained security and information technology staff D. strong security awareness program
A. visible and active support from top management
According to ISO/IEC 17799, which of the following terms should be considered in contracts involving third parties who have access to an organization’s facilities and in contracts involving outsourcing? A. when the company has the right to conduct an audit B. who is responsible for hardware and software installation and maintenance C. what levels of physical security are to be provided for equipment D. how the availability of services is to be maintained in the event of a disaster
B. who is responsible for hardware and software installation and maintenance
The Bell-LaPadula Model ensures confidentiality by comparing an object’s level of classification with a subject’s clearance and only allowing access if the clearance is A. Not related to the classification B. Related to the classification C. Equal to or higher than the classification D. lower than the classification
C. Equal to or higher than the classification
What is the purpose of a security assurance case? A. demonstrates a systems claims as a secure application B. validates the change management process supports security C. coordinates software test with network access lists D. plans the software module cycles against project plans
A. demonstrates a systems claims as a secure application
Software maintenance refers to A. changes to code during the development stage B. modifications of code currently in operation C. testing during user acceptance D. recovering of corrupted data files
B. modifications of code currently in operation
Which of the following application security development practices apply only to web based applications? A. keep the application current with vendor patches and hotfixes B. subscribe to vendor and third-party security advisories C. obtain cross-site scripting exploit code for testing D. follow proven system development life cycle methodologies
C. obtain cross-site scripting exploit code for testing
Block ciphers increase their strength through the use of A. encoding B. collisions C. transpositions D. symmetric keys
C. transpositions
A transposition cipher is easily broken by A. geometric analysis B. rotating cylinders C. frequency analysis D. diagram tables
C. frequency analysis
An organization has set up a public key infrastructure using the strict hierarchy of Certification Authorities model. The root CA is the A. only CA that certifies entities B. starting point for trust C. only CA not trusted by entities D. end point for trust
B. starting point for trust
The security practitioner has determined that they obtained a fake Certification Revocation List. This occurred because an attacker obtained the A. practitioners private key B. Certificate Authority’s private key C. practitioner’s public key D. Certificate Authority public key
B. Certificate Authority’s private key
A non interference model may be considered a type of which of the following security models? A. matrix-based B. multi-level C. information flow D. state machine
B. multi-level