CISSP-FD review questions Flashcards
1 General-purpose control types include all the following except A ❍ Detective B ❍ Mandatory C ❍ Preventive D ❍ Compensating
B
2 Violation reports and audit trails are examples of what type of control? A ❍ Detective technical B ❍ Preventive technical C ❍ Detective administrative D ❍ Preventive administrative
A
3 “A user cannot deny an action” describes the concept of A ❍ Authentication B ❍ Accountability C ❍ Non-repudiation D ❍ Plausible deniability
C
4 Authentication can be based on any combination of the following factors except A ❍ Something you know B ❍ Something you have C ❍ Something you need D ❍ Something you are
C
5 Unauthorized users that are incorrectly granted access in biometric systems are described as the A ❍ False Reject Rate (Type II error) B ❍ False Accept Rate (Type II error) C ❍ False Reject Rate (Type I error) D ❍ False Accept Rate (Type I error)
B
6 All the following devices and protocols can be used to implement one-time passwords except A ❍ Tokens B ❍ S/Key C ❍ Diameter D ❍ Kerberos
D
7 Which of the following PPP authentication protocols transmits passwords in clear text? A ❍ PAP B ❍ CHAP C ❍ MS-CHAP D ❍ FTP
A
8 Which of the following is not considered a method of attack against access control systems? A ❍ Brute force B ❍ Dictionary C ❍ Denial of Service D ❍ Buffer overflow
C
9 Sensitivity labels are a fundamental component in which type of access control systems? A ❍ Mandatory access control B ❍ Discretionary access control C ❍ Access control lists D ❍ Role-based access control
A
10 Which of the following access control models addresses availability issues? A ❍ Bell-La Padula B ❍ Biba C ❍ Clark-Wilson D ❍ None of the above
D
1 A data network that operates across a relatively large geographic area defines what type of network? A ❍ LAN B ❍ MAN C ❍ CAN D ❍ WAN
D
2 The process of wrapping protocol information from one layer in the data section of another layer describes A ❍ Data encryption B ❍ Data encapsulation C ❍ Data hiding D ❍ TCP wrappers
B
3 The LLC and MAC are sub-layers of what OSI model layer? A ❍ Data Link B ❍ Network C ❍ Transport D ❍ Session
A
4 The Ethernet protocol is defined at what layer of the OSI model and in which IEEE standard? A ❍ Data Link Layer, 802.3 B ❍ Network Layer, 802.3 C ❍ Data Link Layer, 802.5 D ❍ Network Layer, 802.5
A
5 All the following are examples of packet-switched WAN protocols, except A ❍ X.25 B ❍ Frame Relay C ❍ ISDN D ❍ SMDS
C
6 Which of the following is an example of a Class C IP address? A ❍ 17.5.5.1 B ❍ 127.0.0.1 C ❍ 192.167.4.1 D ❍ 224.0.0.1
C
7 The TCP/IP Protocol Model consists of the following four layers:
A ❍ Application, Presentation, Session, Transport
B ❍ Application, Session, Network, Physical
C ❍ Application, Session, Transport, Internet
D ❍ Application, Transport, Internet, Link
D
8 Which of the following firewall architectures employs external and internal routers, as well as a bastion host? A ❍ Screening router B ❍ Screened-subnet C ❍ Screened-host gateway D ❍ Dual-homed gateway
B
9 Which of the following is not a common VPN protocol standard? A ❍ IPSec B ❍ PPTP C ❍ TFTP D ❍ L2TP
C
10 A type of network attack in which TCP packets are sent from a spoofed source address with the SYN bit set describes A ❍ Smurf B ❍ Fraggle C ❍ Teardrop D ❍ SYN flood
D
1 The three elements of the C-I-A triad include
A ❍ Confidentiality, integrity, authentication
B ❍ Confidentiality, integrity, availability
C ❍ Confidentiality, integrity, authorization
D ❍ Confidentiality, integrity, accountability
B
2 Which of the following government data classification levels describes
information that, if compromised, could cause serious damage to national
security?
A ❍ Top Secret
B ❍ Secret
C ❍ Confidential
D ❍ Sensitive but Unclassified
B
3 The practice of regularly transferring personnel into different positions or
departments within an organization is known as
A ❍ Separation of duties
B ❍ Reassignment
C ❍ Lateral transfers
D ❍ Job rotations
D
4 The individual responsible for assigning information classification levels for assigned information assets is A ❍ Management B ❍ Owner C ❍ Custodian D ❍ User
B