Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > CISSP CBK Review Seminar -- Domain 3 > Flashcards

CISSP CBK Review Seminar -- Domain 3 Flashcards

Domain 3

1
Q
  1. Which one of the following is the MOST effective method for reducing security vulnerabilities associated with building entrances?

(A) Minimize the number of entrances
(B) Use solid metal doors and frames
(C) Brightly illuminate the entrances
(D) Install tamperproof hinges and glass

A

(A) Minimize the number of entrances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Important documents that have been soaked in water during fire suppression efforts should be restored by

(A) document recovery specialists.
(B) Human Resources personnel.
(C) document library personnel.
(D) fire department specialists.

A

(A) document recovery specialists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. In a discretionary mode, who has delegation authority to grant access to information?

(A) User
(B) Security officer
(C) Group leader
(D) Owner

A

(D) Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following information system evaluation methods is process oriented rather than assurance oriented?

(A) International Organization for Standardization (ISO) 15408
(B) ISO 27002
(C) Systems Security Engineering Capability Maturity Model (SSE-CMM)
(D) Information Technology Security Evaluation Criteria (ITSEC)

A

(C) Systems Security Engineering Capability Maturity Model (SSE-CMM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What is one issue NOT addressed by the Bell-LaPadula model?

(A) Information flow control
(B) Security levels
(C) Need to Know
(D) Access modes

A

(C) Need to Know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?

(A) The attacker must have access to the target system.
(B) The attacker must have read access to the password file.
(C) The attacker must have write access to the password file.
(D) The attacker must know the password encryption mechanism and key
variable.

A

(C) The attacker must have write access to the password file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What type of subsystem is an application program that operates outside the operating system and carries out functions for a group of users, maintains some common data for all users in the group, and protects the data from improper access by users in the group?

(A) Prevented subsystem
(B) Protected subsystem
(C) File subsystem
(D) Directory subsystem

A

(B) Protected subsystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which one of the following describes a reference monitor?

(A) Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects
(B) Audit concept that refers to the monitoring and recording of all accesses to objects by subjects
(C) Identification concept that refers to the comparison of material supplied by a user with its reference profile
(D) Network control concept that distributes the authorization of subject accesses to objects

A

(A) Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which one of the following does NOT describe an information integrity model?

(A) Clark-Wilson
(B) Bell-LaPadula
(C) Biba
(D) Sutherland

A

(B) Bell-LaPadula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which one of the following is NOT a valid X.509 V.3 certificate field?

(A) Subject’s public key information
(B) Subject’s X.500 name
(C) Issuer’s unique identifier
(D) Subject’s digital signature

A

(D) Subject’s digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which one of the following represents an addition to a message digest (MD) algorithm to increase its cryptographic strength?

(A) Internet Security Association and Key Management Protocol (ISAKMP)/Oakley
(B) Keyed-Hash Message Authentication Code (HMAC)
(C) Triple Data Encryption Standard (3DES)
(D) Message Digest 5 (MD5)

A

(B) Keyed-Hash Message Authentication Code (HMAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. The three goals of integrity models are preventing unauthorized users from making modifications to data or programs, preventing authorized users from making improper or unauthorized modifications, and

(A) maintaining a current and complete audit record of all transactions.
(B) maintaining internal and external consistency of data and programs.
(C) assuring that all modifications are tracked to the responsible party.
(D) assuring data and programs are readily available to the intended user.

A

(B) maintaining internal and external consistency of data and programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which one of the following is used to provide authentication and confidentiality for e-mail messages?

(A) Digital signature
(B) Digital certificate
(C) Authentication Header (AH)
(D) Message digest (MD)

A

(B) Digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. When basic standards for software development are implemented within an organization and are in common use (defined, established, and documented), the organization has reached what level of the Capability Maturity Model Integration (CMMI) for software engineering?

(A) Level 1
(B) Level 2
(C) Level 3
(D) Level 4

A

(C) Level 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. When considering the Heating, Ventilation, and Air Conditioning (HVAC) requirements for a data processing center, why should an information security architect be concerned with the effect of humidity on data availability?

(A) Low humidity may cause condensation to occur, which could lead to data loss through a short circuit.
(B) High humidity may lead to high electrostatic buildup, which could lead to data loss through static discharge.
(C) High humidity may cause condensation to occur, which could lead to data loss through a short circuit.
(D) Low humidity may lead to high electrostatic buildup, which could lead to data loss through condensation.

A

(C) High humidity may cause condensation to occur, which could lead to data loss through a short circuit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. In e-mail security, both Secure Multipurpose Internet Mail Extensions (S/MIME) and Pretty Good Privacy (PGP) use Diffie-Hellman cipher. What is the purpose of using Diffie-Hellman?

(A) Key agreement or negotiation
(B) Digital signature
(C) Encrypting e-mail messages
(D) Creating a Message Authentication Code (MAC)

A

(A) Key agreement or negotiation

17
Q
  1. How can a user of digital signatures ensure non-repudiation of delivery of the
    correct message?

(A) Sender encrypts the message with the recipient’s public key and signs it with their own private key.
(B) Sender computes a digest of the message and sends it to a trusted third party who signs it and stores it for later reference.
(C) Sender signs the message and sends it to the recipient and requests “return receipt” of the e-mail.
(D) Sender gets a digitally signed acknowledgement from the recipient containing a copy or digest of the message.

A

(D) Sender gets a digitally signed acknowledgement from the recipient containing a copy or digest of the message.

18
Q
  1. Cryptoperiod refers to the

(A) length of time a particular cryptographic key may be used.
(B) length of time that keys can be generated before the series begins to repeat.
(C) number of encrypted messages before the ciphertext repeats.
(D) number of decrypted messages before the plaintext repeats.

A

(D) number of decrypted messages before the plaintext repeats.

19
Q
  1. What type of key distribution system allows two parties to establish a secure session without exchanging any secret key?

(A) Key exchange, but it is processor intensive.
(B) Symmetric Key Cryptography because of its speed.
(C) Session key, but only if it uses an asymmetric key.
(D) Key negotiation using Diffie-Hellman

A

(D) Key negotiation using Diffie-Hellman

20
Q
  1. Which of the following is LEAST important when selecting a security control?

(A) Cost of the control compared to the level of security it provides.
(B) Evaluated Assurance Level (EAL) under Common Criteria.
(C) Value of the asset being protected.
(D) The Protection Profile if it does not reflect the environment for which the
organization will employ the control.

A

(D) The Protection Profile if it does not reflect the environment for which the
organization will employ the control.

21
Q
  1. What is the BEST method of storing user passwords for a system?

(A) Password-protected file
(B) File restricted to one individual
(C) One-way encrypted hash
(D) Two-way encrypted cipher

A

(C) One-way encrypted hash

CISSP (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions