CISSP Practice Test Flashcards by Deleted Deleted

What is the correct definition of penetration testing?

test procedure performed by security professionals with management approval

How well did you know this?

Not at all

Perfectly

Based on the Federal Privacy Act of 1974, which type of permission must be obtained by a government agency to disclose private information that the agency collected?

written permission

How well did you know this?

Not at all

Perfectly

You are researching computer crimes. All of the following are categories of this type of crime, EXCEPT:

computer-targeted crime
computer-commerce crime
computer-incidental crime
computer-assisted crime

computer-commerce crime

How well did you know this?

Not at all

Perfectly

You have developed the information security policy for your organization. Which step should precede the adoption of this policy?

obtaining management approval

How well did you know this?

Not at all

Perfectly

Which security threat often uses tracking cookies to collect and report on a user’s activities?

spyware

How well did you know this?

Not at all

Perfectly

Which statement is true of symmetric cryptography?

Symmetric cryptography is faster than asymmetric cryptography

How well did you know this?

Not at all

Perfectly

Your company must comply with a cybersecurity certification body’s requirements. Management has requested that you perform a test prior to applying for this certification. Which type of test should you perform?

Perform an internal assessment or audit using personnel from within the company.

How well did you know this?

Not at all

Perfectly

You are the security administrator for your organization. A user in the IT department informs you that a print server was recently the victim of a teardrop attack. Which statement correctly defines the attack that has occurred?

It involves the use of malformed fragmented packets and causes the target system to either freeze or crash

How well did you know this?

Not at all

Perfectly

What information is true of an information processing facility?

Doors and frames should have the same fire rating

How well did you know this?

Not at all

Perfectly

Which type of virus is specifically designed to infect programs as they are loaded into memory?

Resident virus

How well did you know this?

Not at all

Perfectly

Which type of channel is used when one process writes data to a hard drive and another process reads it?

covert storage channel

How well did you know this?

Not at all

Perfectly

You are designing employee termination process guidelines. Which activity is NOT included in the employee termination process?

signing a non-disclosure agreement

How well did you know this?

Not at all

Perfectly

A security technician reports to you that a file server is experiencing unscheduled initial program loads (IPLs). Which statement BEST explains this problem?

The system is rebooting

How well did you know this?

Not at all

Perfectly

Your company has implemented a host-based intrusion detection system (HIDS). You have recently become concerned with your problems when these systems are implemented. What is a major problem when deploying this type of system?

It must be deployed on each computer that needs it

How well did you know this?

Not at all

Perfectly

What does sending data across an insecure network, such as the Internet, primarily affect?

confidentiality and integrity

How well did you know this?

Not at all

Perfectly

During which step of incident response does root cause analysis occur?

review

How well did you know this?

Not at all

Perfectly

What is used in evolutionary computing?

genetic algorithms

How well did you know this?

Not at all

Perfectly

Which statement is true of a multilevel security mode?

The multilevel security mode involves the use of sensitivity labels

How well did you know this?

Not at all

Perfectly

Which statement is NOT true regarding multicast transmissions?

A message has one source and destination address

How well did you know this?

Not at all

Perfectly

Which statement is true of the dedicated security mode?

All users have the clearance and formal approval required to access all of the data

How well did you know this?

Not at all

Perfectly

Which security principle identifies sensitive data and ensures that unauthorized entities cannot access it?

confidentiality

How well did you know this?

Not at all

Perfectly

Which access control model uses the star (*) integrity axiom and the simple integrity axiom?

Biba model

How well did you know this?

Not at all

Perfectly

What is a physical barrier that acts as the first line of defense against an intruder?

a fence

How well did you know this?

Not at all

Perfectly

Given two messages, M1 and M2, what is the LEAST likely outcome when using the same one-way hash function, H, to encrypt the messages?

H(M1) = H(M2)

How well did you know this?

Not at all

Perfectly

Which type of malicious code is hidden inside an otherwise benign program when the program is written

- Trojan horse

Your network allows remote users to connect over the Internet. Recently, hackers have attempted to breach your network. Management has decided to implement an authentication method that checks both ends of a connection. Which authentication method should you implement?

- mutual authentication

The business continuity team is interviewing users to gather information about business units and their functions. Which part of the business continuity plan includes this analysis?

- business impact analysis (BIA)

An organization wants to implement the access control model that is the easiest to administer. Which access control model should they use?

- RBAC

You have been asked to implement network monitoring that detects any changes or deviations in network traffic. Which type of monitoring are you implementing?

- anomaly-based

Which notebook is most preferred during the course of investigation in legal record keeping?

- bound notebook

Your organization has a fault-tolerant, clustered database that maintains sales records. Which transactional technique is used in this environment?

Online transaction processing (OLTP) is used in this environment. OLTP is a transactional technique used when a fault-tolerant, clustered database exists. OLTP balances transactional requests and distributes them among the different servers based on transaction load. OLTP uses a two-phase commit to ensure that all the databases in the cluster contain the same data.

Which statement correctly defines dynamic data exchange (DDE)?

- DDE allows multiple applications to share and exchange the same set of data

At which OSI layer does an active hub function?

- Physical

Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?

- NIDS analyzes encrypted information

Which statement is true of the information flow model?

- The information flow model allows the flow of information within the same security level

During which step of the NIST SP 800-137 are the decisions on risk response made?

- Respond to findings

Your organization has decided to implement a network-based intrusion detection system (NIDS). What is the primary advantage of using this type of sytem?

- low maintenance

Which of the following is not part of the Penetration Test?

- Implementation of Controls

Which attack is NOT directed ONLY at virtual machines?

- MITM

A customer has requested a computer with a Clipper Chip. What is a Clipper Chip?

- It is an encryption chip

You are the security administrator for an organization. Management decides that all communication on the network should be encrypted using the data encryption standard (DES) algorithm. Which statement is true of this algorithm?

- A Triple DES (3DES) algorithm uses 48 rounds of computation

Which statement is true of covert channels?

- A covert channel is not controlled by a security mechanism

Your company is establishing new employment candidate screening processes. Which of the following should be included? a) check all references b) verify all education c) review military records and experience d) perform a background check

- all of the options

Which type of application serves as a core for the business operations of an organization?

- a critical application

Which attack sends unsolicited messages over a Bluetooth connection?

- blue jacking

Which is true of administrative law?

- Administrative law emphasizes the performance and conduct of organizations

Which entity must certify the public key pair of a root CA?

- the root CA

Your company decides that a new software product must be purchased to help the marketing staff manage campaigns and the resources used. During which phase of the software acquisition process do you document the software requirements?

- Planning phase

You are the incident investigator for your organization. You need to create two images of a file server's hard drive. The incident investigation procedures state that you need to ensure that the new media is properly purged. What should you do to meet this requirement?

- Ensure that the new media does not contain any residual data

Which processes control the flow of information in the lattice-based access control (LBAC) model?

- least upper and greatest lower bound operators

Which security principle in the Bell-LaPadula model prevents the security level of subjects and objects from being changed once they have been created?

- tranquility principle

Which type of virus includes protective code that prevents outside examination of critical elements?

- armored virus

A user inherits a permission based on his group membership. Which type of right has been implemented?

- implicit right

Which WLAN technology supports maximum of 11 Mbps data transmission?

- 802.11b

You DO NOT want to protect the file contents from being viewed; however, you want to be able to determine whether the contents of the file were altered during transit. Which protective measure should you use?

- a digital signature

What is an integrated circuit with internal logic that is programmable?

- a PLD

Which of the following is not based on the Feistel cipher?

- Diffie-Hellman

Which statement is true of a data haven?

- a data haven either has no laws or poorly enforced laws for information protection

You are examining an access control matrix for your organization. Which entity corresponds to a row in this matrix?

- capability

Which is typically part of an information policy?

- classification of information

Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?

- Data Control Language (DCL) implements security through access control and granular restrictions

As an organization's security administrator, you must prevent conflicts of interest when assigning personnel to complete certain security tasks. Which operations security tenant are you implementing?

- separation of duties

Evidence must be legally permissible in a court of law and must provide a foundation of a case. All of the following characteristics of evidence are important, EXCEPT:

- confidentiality

Which statement is true of the staff members of an organization in the context of information security?

- They pose more threat than external hackers

Your organization has asked the security team to add terrorist attacks to the organization's business continuity plan. Which type threat does this represent?

- politically motivated threat

In which situation does cross-site scripting pose the most danger?

- a user access a financial orgs site using his or her login credentials

You are performing a forensic investigation of a recent computer security breach. You have been asked to use disk management to create a copy of a hard drive's contents. Which statement is true of disk imaging when performed in a forensic investigation?

- A bit-level copy of the disk assists in the forensic investigation

You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the captured packets and discover that only Subnet 1 traffic was captured. You need to capture packets from all four subnets on your network. What could you do? a) Install a port scanner b) Install the network analyzer on all four subnets c) Install a distributed network analyzer d) Install the network analyzer on a router e) Install the network analyzer on the firewall

- b and c

You are preparing a proposal for management about the value of using cryptography to protect your network. Which statement is true of cryptography?

- key management is a primary concern of cryptography

Which protocol is NOT used by network-attached storage?

- NTFS

Which Rainbow Series book covers security issues for networks and network components?

- Red book

You are analyzing risks for your organization. You must ensure that senior management provides the risk management components that you needed. All of the following components are provided by senior management, EXCEPT:

- risk mitigation procedures

Which characteristics of a system are evaluated by the Trusted Computer Systems Evaluation Criteria (TCSEC)? a) assurance b) authenticity c) functionality d) response-time

- a and c

Which functions can take place at the Data-link layer of the OSI model? a) routing b) flow control c) error notification d) physical addressing e) setting voltage levels in transmission media

- b, c, d

What is the best description of cache memory?

- memory used for high-speed transfer of data

Which role is a strategic role that helps to develop policies, standards, and guidelines and ensure the security elements are implemented properly?

- security analyst

What is a characteristic of maintaining logs in a system?

- Logging helps administrator to detect security breaches and vulnerable points in a network

What is the first step in designing an effective physical security program?

- identify the physical security program team

Which standard must be used to protect email for communication with the US military?

- MSP (Message Security Protocol)

Your company has a backup solution that performs a full backup each Saturday evening, and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?

- two

Which OSI process ensures that each OSI layer at the sender adds its own information packet and each OSI layer at the receiver strips off its corresponding information?

- encapsulation

What is SOCKS?

- a circuit-level proxy firewall that provides a secure channel between two computers

An employee is suspected of criminal activity involving access to data in excess of the employee's authority. You have obtained the original signed copy of the no-right-to-privacy agreement that the employee signed when he was hired. What kind of evidence is this agreement?

- best evidence

Which process includes auditing and tracking of changes made to the trusted computing base?

- configuration management

Which stipulation is usually NOT provided in an offsite vendor contract?

- specific location of the offsite facility

Which statement best describes an access control list (ACL)?

- a list of subjects that have been granted access to a specific object, including the level of access granted

Which statement is true of data diddling?

- data diddling refers to manipulation of the input data in an application

Which options are components of the security kernel? a) software b) hardware c) reference monitor d) trusted computing base

- options a and b

Your organization has recently implemented an artificial neural network (ANN). The ANN enabled the network to make decisions based on the experience provided to them. Which characteristic of the ANN is described?

- adaptability

What is an example of a stream cipher?

- RC4

Which type of virus installs itself under the anti-virus system and intercepts any calls that the anti-virus system makes to the operating system?

- tunneling virus

Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together? a) Hub b) Router c) Switch d) Bridge e) Repeater f) Multiplexer

- b, c, and d

You have been asked to manage your company's information security continuous monitoring (ISCM) program. Which of the following statements regarding automated versus manual reporting is FALSE?

- Manual tools are more thorough in their reporting than automated methods.

Your organization has decided to implement the Diffie-Hellman asymmetric algorithm. Which statement is true of this algorithm's key exchange?

- authorized users exchange secret keys over a non-secure medium

You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data which causes the entire network to slow down. Which device is a quick and low-cost solution to isolating the accounting department?

- bridge

What is DNS poisoning?

- the practice of dispensing IP addresses and host names with the goal of traffic diversion

A file server has unexpectedly rebooted into single-user mode. You are not sure what caused the reboot. What should you do next?

- Recover damaged file system files.

What is the purpose of a device using direct memory access (DMA)?

- It implements high-speed data transfer between the device and memory

Which type of network monitoring method requires that updates be regularly obtained to ensure its effectiveness?

- signature-based

What is a data aggregator?

- a company that compiles, stores, and sells personal information

Which database interface language is a replacement for Open Database Connectivity (ODBC) and can only be used by Microsoft Windows clients?

- OLE DB

What is the highest data classification category?

- Top Secret

What is the name of a condition where long-term employees have more access permissions than needed as a result of changing jobs within the organization over time?

- authorization creep

Which function does start and stop bits provide?

- they mark the beginning and ending of asynchronous communication

What kind of attack involves injecting malicious code into a web application?

- cross-site scripting

What is true of an RSA algorithm?

- a public key algorithm that performs both encryption and authentication - does not deal with discrete logarithms - can prevent MITM attacks - uses public and private key signatures for integrity verification

Which security control ensures that data at rest remains confidential?

- drive encryption

What can cause issues with RFI?

- fluorescent lighting

What is a rootkit?

- a collection of programs that grants a hacker administrative access to a computer or network

What are the levels of data classification for government or military use?

- unclassified - sensitive - confidential - secret - top secret

What characteristics of the hand are evaluated by a hand geometry scan biometric system?

- width of hand - width of fingers - length of fingers

What affects asset retention policies?

- laws and regulations - asset or data age - asset or data type

What device converts messages between two dissimilar electronic e-mail applications?

- e-mail gateway | - e.g. between an Exchange server and a Sendmail server

What are corrective controls?

- controls that take corrective action against threats

What produces 160-bit checksums?

- SHA

What size checksums does MD5 produce?

- 128-bit

What size checksums does DES produce?

- 56-bit

What size checksums does AES produce?

- 128-bit, 192-bit, 256-bit

What is a "land attack"?

- involves sending spoofed TCP SYN packet with the target host's IP address and an open port as both the source and the destination to the target host on an open port - causes a system to freeze or crash

What is a "ping of death" attack?

- involves flooding target computers with oversized packets, exceeding the acceptable size during the process of reassembly - causes the system to freeze or crash

Which entity can operate as both a subject and object?

- program - a program operates as an object when a user or group accesses the program - a program operates as subject when the program accesses data in another location, such as a database

What encryption algorithm is based on Diffie-Hellman key agreement?

- El Gamal

You are responsible for managing your company's virtualization environment. Which feature should NOT be allowed on a virtualization host?

- browsing the Internet - this could introduce a possible security breach by allowing spyware or malware - anything that affects a virtualization host also affects all virtual computers on the host

Which type of card has an antenna that surrounds the card to allow the card to be read by the reader?

- contactless smart card

Which type of notebook is most preferred during the course of an investigation in legal record keeping?

- bound notebook

Which web browser add-in uses Authenticode for security?

- ActiveX | - Authenticode is a certificate technology that allows ActiveX components to be validated by a server

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?

- post-mortem review

Which radio transmission technology does the 802.11b standard specify?

- DSSS (direct sequence spread spectrum)

What does an incremental backup do?

- It backs up all the new files that have changed since the last full or incremental backup and resets the archive bit

You are the incident investigator. You need to create two images of a file server's hard drive. The incident investigation procedure states that you need to ensure that the new media is properly purged. What should you do to meet this requirement?

- ensure that the new media does not contain any residual data - only the data collected as evidence during the incident investigation should be placed on the new media

Implicit right

- occurs when a user inherits a permission based on group membership - can occur due to role assignment

Capability

- access right that is assigned directly to a subject

Explicit right

- occurs when a user is given a permission directly

Access right

- generic term referring to any permission granted to a user, whether implicitly or explicitly

What is a difference between PGP and the use of formal trust certificates?

- the establishment of a web of trust between users | - PGP establishes a web of trust, which implies that the users generate and distribute their public keys

What functionalities does PGP provide?

- confidentiality through the IDEA - integrity through the MD5 hashing algorithm - authentication through public key certificates - nonrepudiation through encrypted signed messages

What is IDEA

International Data Encryption Algorithm

Which access control principle ensure that a particular role has more than one person trained to perform its duties?

- job rotation

Which entities correspond to columns and rows in an access control matrix?

- a subject's capability corresponds to a row | - a column in an access control matrix corresponds to the ACL for an object

What is the purpose of a software escrow?

- to provide a software vendor's source code in the event the vendor goes out of business

What is another term for technical controls?

- logical controls

What is the most common form of identification and authentication?

- user identification with reusable password

You are setting up the server computers for a new company. You have been asked to design the ACLs for the files and folders on the servers. Which principles affect the design?

- least privilege | - need to know

Which type of encryption algorithm is Diffie-Hellman an example?

- asymmetric with authentication

What are examples of asymmetric encryption?

- RSA - DH - ElGamal - Elliptic Curve Cryptosystem (ECC) - LUC - Knapsack

Which access control model is the easiest to administer?

- RBAC