CISSP - 7 Flashcards

1
Q

The most common security breach of the physical access control at a work place is A. piggy back at the entrance B. Shoulder surfing someone C. using social networking D. allowing a smart phone

A

A. piggy back at the entrance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An efficient identity management solution would A. support any number of users necessary B. reduce repetitive tasks of user management C. properly manage profiles among diverse system D. allow complete, timely and accurate user management

A

B. reduce repetitive tasks of user management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Wired equivalent privacy uses which of the following ciphers? A. Rivest-Shamir Adleman B. Triple Data Encryption Standard C. Advanced Encryption Standard D. Rivest Cipher 4

A

D. Rivest Cipher 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The first step in a transport layer security handshake is A. client sends the highest tls protocol version it supports to the server B. server sends the highest tls protocol version it supports to the client C. server provides its digital certificate to the client D. client provides its digital certificate to the server

A

A. client sends the highest tls protocol version it supports to the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is most important for an organization’s information security program to be effective? A. visible and active support from top management B. sufficient funds allocated to the information security program C. trained security and information technology staff D. strong security awareness program

A

A. visible and active support from top management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

According to ISO/IEC 17799, which of the following terms should be considered in contracts involving third parties who have access to an organization’s facilities and in contracts involving outsourcing? A. when the company has the right to conduct an audit B. who is responsible for hardware and software installation and maintenance C. what levels of physical security are to be provided for equipment D. how the availability of services is to be maintained in the event of a disaster

A

B. who is responsible for hardware and software installation and maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The Bell-LaPadula Model ensures confidentiality by comparing an object’s level of classification with a subject’s clearance and only allowing access if the clearance is A. Not related to the classification B. Related to the classification C. Equal to or higher than the classification D. lower than the classification

A

C. Equal to or higher than the classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of a security assurance case? A. demonstrates a systems claims as a secure application B. validates the change management process supports security C. coordinates software test with network access lists D. plans the software module cycles against project plans

A

A. demonstrates a systems claims as a secure application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Software maintenance refers to A. changes to code during the development stage B. modifications of code currently in operation C. testing during user acceptance D. recovering of corrupted data files

A

B. modifications of code currently in operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following application security development practices apply only to web based applications? A. keep the application current with vendor patches and hotfixes B. subscribe to vendor and third-party security advisories C. obtain cross-site scripting exploit code for testing D. follow proven system development life cycle methodologies

A

C. obtain cross-site scripting exploit code for testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Block ciphers increase their strength through the use of A. encoding B. collisions C. transpositions D. symmetric keys

A

C. transpositions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A transposition cipher is easily broken by A. geometric analysis B. rotating cylinders C. frequency analysis D. diagram tables

A

C. frequency analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organization has set up a public key infrastructure using the strict hierarchy of Certification Authorities model. The root CA is the A. only CA that certifies entities B. starting point for trust C. only CA not trusted by entities D. end point for trust

A

B. starting point for trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The security practitioner has determined that they obtained a fake Certification Revocation List. This occurred because an attacker obtained the A. practitioners private key B. Certificate Authority’s private key C. practitioner’s public key D. Certificate Authority public key

A

B. Certificate Authority’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A non interference model may be considered a type of which of the following security models? A. matrix-based B. multi-level C. information flow D. state machine

A

B. multi-level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following refers to the method of scavenging for sensitive data by claiming a large amount of disk space? A. object remanence B. object resue C. object mediation D. object recycle

A

B. object resue

17
Q

Heuristic anti-virus programs typically verify that the A. program type matches the program language B. entry point of a file points to the last section of the application C. creation date and modification date are valid D. virus signature does not appear in the program header

A

B. entry point of a file points to the last section of the application

18
Q

An organization only allows checks to be written for over $50,000 when they are signed by two managers. If either does not sign, the check is not valid. This is an example of which of the following security principles? A. securing the weakest link B. least common mechanism C. reluctance to trust D. separation of privilege

A

D. separation of privilege

19
Q

An active content module that attempts to monopolize and exploit system resources is called a A. macro virus B. hostile applet C. worm D. cookie

A

B. hostile applet

20
Q

Immediately following the deployment of a patch, a critical organizational system fails. The first response for the patch team should be to A. contact the manufacturer B. execute the rollback plan C. contact senior management D. restart the failed system

A

B. execute the rollback plan

21
Q

The standard definition of a configuration management system includes which of the following operational aspects A. identification, control, status accounting, and audit review B. review, testing, implementation, report, and follow up C. identification, analysis, directive, and review D. audit, report, configure, and review

A

A. identification, control, status accounting, and audit review

22
Q

As part of a BCP, which two characteristics of a business or function must be identified? A. reason and initiator B. cost and distribution C. sequence and location D. result and requirements

A

D. result and requirements

23
Q

An important aspect of a computer ethics program involves consideration of A. risk environment B. budget constraints C. regulatory requirements D. the level of security awareness

A

C. regulatory requirements

24
Q

A potential security issue arising from the use of non-key combination locks is A. inherent weaknesses of mechanism B. a loss of individual accountability C. circumvention of least privilege D. conflicts in separation of duties

A

B. a loss of individual accountability

25
Q

Early warning fire detection systems should A. deactivate all power, including power from UPS and generators, before the system activates B. be installed and maintained in accordance with national or international standards C. discharge immediately upon the detection of a fire threat D. be installed in areas where gas suppression systems are used

A

B. be installed and maintained in accordance with national or international standards