CISSP - 8 Flashcards
Requiring a password before accessing a mobile device is representative of which of the following controls? A. preventative B. detective C. administrative D. corrective
A. preventative
Which of the following is a mechanism for representing sets of subjects in an Access Control List? A. Group B. Wild Card C. Capability D. Userid
A. Group
System audit log monitoring represents which type of contol? A. administrative B. physical C. technical D. detective
A. administrative
What technology interleaves data frames from multiple conversations into a single data stream for transmission? A. Time-division multiplexing B. real-time transport protocol C. synchronous data link control D. wired equivalency privacy
A. Time-division multiplexing
Which technique is used to ensure confidentiality in VPNs A. transform B. encryption C. wrapping D. encapsulation
D. encapsulation
Which of the following best assures non-repudiation? A. SSL B. Digital signatures C. Distributed checksum D. SMTP
B. Digital signatures
Data or information classification is the responsibility of A. security technical support staff B. internal audit consultants C. governmental regulatory bodies D. senior business managers
D. senior business managers
Office phone systems are a common medium for which secuirty issue? A. rogue response B. social engineering C. password cracking D. baiting
B. social engineering
Security guidelines and best practices that developers should consider in the implementation phase include: A. testing, acceptance and deployment, and maintenance B. cross site scripting, securing data store and in transit, and error handling C. input validation mechanisms, strong encryption, and error handling D. information gathering, threat assessment, and threat mitigation
C. input validation mechanisms, strong encryption, and error handling
What is the best remediation control to prevent a structured query language injection vulnerability? A. strong output validation B. parameterized statements C. restrict input field size D. client side input validation
B. parameterized statements
Which of the following is a method for evaluating the effectiveness of application security? A. Bell-LaPadulla B. Certification and Accreditation C. Qualitative Risk analysis D. Due dilligence
B. Certification and Accreditation
An encryption system’s work factor is the A. length of time required to encrypt the data B. algorithm used to scramble data C. length of time required to break the encryption D. combination of private and public key
C. length of time required to break the encryption
Which one of the following is an example of a simple substitution algorithm? A. Rivest-Shamar Adleman B. Data Encryption Standard C. Caesar Cipher D. Blowfish
C. Caesar Cipher
The primary problem with symmetric alogrithms relates to A. key length B. key distribution C. algorithm speed D. cipher inefficiency
B. key distribution
The fundamental priniciples of a Information System security model are based on A. the relationship between business mission and goals B. a set of access controls and protocol filters to reduce hardware and software vulnerabilities C. the alignment of policies and procedures with information technology operations D. an analysis of vulnerabilities and threats
A. the relationship between business mission and goals
Which of the following activities occurs before any matches or variances to the rule sets are identified and listed in a report by a vulnerability assessment tool? A. collected information is compared against a specific set of rules B. baselines the security state of the system C. data is captured in the tools repository D. acquisition queries are performed
B. baselines the security state of the system
The use of multiple security techniques within each security layer helps to mitigate the risk of one layer being compromised and provides A. barrier defense B. defense in depth C. endpoitn secuirty D. secuirty zones
B. defense in depth
An effective countermeasure for a denial of service attack is A. redundant network B. an intrusion prevention system C. a hardened server operating system D. a demilitarized sone
A. redundant network
Blended threats combine different types of malilcious code to A. masquerade their source of origin B. attack potential vulnerabilities C. exploit known security vulnerabilities D. activate backdoors in the target applcation
C. exploit known security vulnerabilities
Earlier in the year a server was reconfigured after a secuirty problem. Now the server must be moved to a new DMZ and be reconfigured again. What is the best proactice to follow prior reconfiguration? A. Review how the server is curretnly configured B. Examine the change control documentaion for the server C. consult with the engineer responsible for the server D. examine the current server configuration and consult with the engineer responsible for the server
B. Examine the change control documentaion for the server
Who has the final approval of an organizational BCP? A. technology leadership team B. business process team C. human resources team D. executive level management team
D. executive level management team
The BIA process for Disaster Recovery Plan should include A. law enforcement B. personnel C. competitiors D. vendors
B. personnel
How often should the BCP/DRP plan be updated? A. annual B. every time the plan is tested C. semi-annual D. after a personnel change
B. every time the plan is tested
When implementing a discovery solution for incident response for hard disks across an organization’s computing environment, it is important to A. involve individuals only with a need to know B. inform end users of the new secuirty capabilities C. initiate discovery immediately after an incident occurs D. implement the solution for users with regulated computers
A. involve individuals only with a need to know
