CISSP Practice Test Flashcards

1
Q

What is the correct definition of penetration testing?

A

test procedure performed by security professionals with management approval

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Based on the Federal Privacy Act of 1974, which type of permission must be obtained by a government agency to disclose private information that the agency collected?

A
  • written permission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are researching computer crimes. All of the following are categories of this type of crime, EXCEPT:

  • computer-targeted crime
  • computer-commerce crime
  • computer-incidental crime
  • computer-assisted crime
A
  • computer-commerce crime
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have developed the information security policy for your organization. Which step should precede the adoption of this policy?

A
  • obtaining management approval
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which security threat often uses tracking cookies to collect and report on a user’s activities?

A
  • spyware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which statement is true of symmetric cryptography?

A
  • Symmetric cryptography is faster than asymmetric cryptography
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Your company must comply with a cybersecurity certification body’s requirements. Management has requested that you perform a test prior to applying for this certification. Which type of test should you perform?

A
  • Perform an internal assessment or audit using personnel from within the company.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are the security administrator for your organization. A user in the IT department informs you that a print server was recently the victim of a teardrop attack. Which statement correctly defines the attack that has occurred?

A
  • It involves the use of malformed fragmented packets and causes the target system to either freeze or crash
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What information is true of an information processing facility?

A
  • Doors and frames should have the same fire rating
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of virus is specifically designed to infect programs as they are loaded into memory?

A
  • Resident virus
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of channel is used when one process writes data to a hard drive and another process reads it?

A
  • covert storage channel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are designing employee termination process guidelines. Which activity is NOT included in the employee termination process?

A
  • signing a non-disclosure agreement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security technician reports to you that a file server is experiencing unscheduled initial program loads (IPLs). Which statement BEST explains this problem?

A
  • The system is rebooting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Your company has implemented a host-based intrusion detection system (HIDS). You have recently become concerned with your problems when these systems are implemented. What is a major problem when deploying this type of system?

A
  • It must be deployed on each computer that needs it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does sending data across an insecure network, such as the Internet, primarily affect?

A
  • confidentiality and integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

During which step of incident response does root cause analysis occur?

A
  • review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is used in evolutionary computing?

A
  • genetic algorithms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which statement is true of a multilevel security mode?

A
  • The multilevel security mode involves the use of sensitivity labels
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which statement is NOT true regarding multicast transmissions?

A
  • A message has one source and destination address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which statement is true of the dedicated security mode?

A
  • All users have the clearance and formal approval required to access all of the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which security principle identifies sensitive data and ensures that unauthorized entities cannot access it?

A
  • confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which access control model uses the star (*) integrity axiom and the simple integrity axiom?

A
  • Biba model
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a physical barrier that acts as the first line of defense against an intruder?

A
  • a fence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Given two messages, M1 and M2, what is the LEAST likely outcome when using the same one-way hash function, H, to encrypt the messages?

A
  • H(M1) = H(M2)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which type of malicious code is hidden inside an otherwise benign program when the program is written

A
  • Trojan horse
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Your network allows remote users to connect over the Internet. Recently, hackers have attempted to breach your network. Management has decided to implement an authentication method that checks both ends of a connection. Which authentication method should you implement?

A
  • mutual authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The business continuity team is interviewing users to gather information about business units and their functions. Which part of the business continuity plan includes this analysis?

A
  • business impact analysis (BIA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An organization wants to implement the access control model that is the easiest to administer. Which access control model should they use?

A
  • RBAC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

You have been asked to implement network monitoring that detects any changes or deviations in network traffic. Which type of monitoring are you implementing?

A
  • anomaly-based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which notebook is most preferred during the course of investigation in legal record keeping?

A
  • bound notebook
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Your organization has a fault-tolerant, clustered database that maintains sales records. Which transactional technique is used in this environment?

A

Online transaction processing (OLTP) is used in this environment. OLTP is a transactional technique used when a fault-tolerant, clustered database exists. OLTP balances transactional requests and distributes them among the different servers based on transaction load. OLTP uses a two-phase commit to ensure that all the databases in the cluster contain the same data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which statement correctly defines dynamic data exchange (DDE)?

A
  • DDE allows multiple applications to share and exchange the same set of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

At which OSI layer does an active hub function?

A
  • Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?

A
  • NIDS analyzes encrypted information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which statement is true of the information flow model?

A
  • The information flow model allows the flow of information within the same security level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

During which step of the NIST SP 800-137 are the decisions on risk response made?

A
  • Respond to findings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Your organization has decided to implement a network-based intrusion detection system (NIDS). What is the primary advantage of using this type of sytem?

A
  • low maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following is not part of the Penetration Test?

A
  • Implementation of Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which attack is NOT directed ONLY at virtual machines?

A
  • MITM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A customer has requested a computer with a Clipper Chip. What is a Clipper Chip?

A
  • It is an encryption chip
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

You are the security administrator for an organization. Management decides that all communication on the network should be encrypted using the data encryption standard (DES) algorithm. Which statement is true of this algorithm?

A
  • A Triple DES (3DES) algorithm uses 48 rounds of computation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which statement is true of covert channels?

A
  • A covert channel is not controlled by a security mechanism
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Your company is establishing new employment candidate screening processes. Which of the following should be included?

a) check all references
b) verify all education
c) review military records and experience
d) perform a background check

A
  • all of the options
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which type of application serves as a core for the business operations of an organization?

A
  • a critical application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which attack sends unsolicited messages over a Bluetooth connection?

A
  • blue jacking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which is true of administrative law?

A
  • Administrative law emphasizes the performance and conduct of organizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which entity must certify the public key pair of a root CA?

A
  • the root CA
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Your company decides that a new software product must be purchased to help the marketing staff manage campaigns and the resources used. During which phase of the software acquisition process do you document the software requirements?

A
  • Planning phase
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

You are the incident investigator for your organization. You need to create two images of a file server’s hard drive. The incident investigation procedures state that you need to ensure that the new media is properly purged.

What should you do to meet this requirement?

A
  • Ensure that the new media does not contain any residual data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which processes control the flow of information in the lattice-based access control (LBAC) model?

A
  • least upper and greatest lower bound operators
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which security principle in the Bell-LaPadula model prevents the security level of subjects and objects from being changed once they have been created?

A
  • tranquility principle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Which type of virus includes protective code that prevents outside examination of critical elements?

A
  • armored virus
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A user inherits a permission based on his group membership. Which type of right has been implemented?

A
  • implicit right
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which WLAN technology supports maximum of 11 Mbps data transmission?

A
  • 802.11b
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

You DO NOT want to protect the file contents from being viewed; however, you want to be able to determine whether the contents of the file were altered during transit.

Which protective measure should you use?

A
  • a digital signature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is an integrated circuit with internal logic that is programmable?

A
  • a PLD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following is not based on the Feistel cipher?

A
  • Diffie-Hellman
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which statement is true of a data haven?

A
  • a data haven either has no laws or poorly enforced laws for information protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

You are examining an access control matrix for your organization. Which entity corresponds to a row in this matrix?

A
  • capability
60
Q

Which is typically part of an information policy?

A
  • classification of information
61
Q

Your company implements several databases. You are concerned with the security of the data in the databases. Which statement is correct for database security?

A
  • Data Control Language (DCL) implements security through access control and granular restrictions
62
Q

As an organization’s security administrator, you must prevent conflicts of interest when assigning personnel to complete certain security tasks. Which operations security tenant are you implementing?

A
  • separation of duties
63
Q

Evidence must be legally permissible in a court of law and must provide a foundation of a case. All of the following characteristics of evidence are important, EXCEPT:

A
  • confidentiality
64
Q

Which statement is true of the staff members of an organization in the context of information security?

A
  • They pose more threat than external hackers
65
Q

Your organization has asked the security team to add terrorist attacks to the organization’s business continuity plan. Which type threat does this represent?

A
  • politically motivated threat
66
Q

In which situation does cross-site scripting pose the most danger?

A
  • a user access a financial orgs site using his or her login credentials
67
Q

You are performing a forensic investigation of a recent computer security breach. You have been asked to use disk management to create a copy of a hard drive’s contents. Which statement is true of disk imaging when performed in a forensic investigation?

A
  • A bit-level copy of the disk assists in the forensic investigation
68
Q

You install a network analyzer to capture your network’s traffic as part of your company’s security policy. Later, you examine the captured packets and discover that only Subnet 1 traffic was captured. You need to capture packets from all four subnets on your network.

What could you do?

a) Install a port scanner
b) Install the network analyzer on all four subnets
c) Install a distributed network analyzer
d) Install the network analyzer on a router
e) Install the network analyzer on the firewall

A
  • b and c
69
Q

You are preparing a proposal for management about the value of using cryptography to protect your network. Which statement is true of cryptography?

A
  • key management is a primary concern of cryptography
70
Q

Which protocol is NOT used by network-attached storage?

A
  • NTFS
71
Q

Which Rainbow Series book covers security issues for networks and network components?

A
  • Red book
72
Q

You are analyzing risks for your organization. You must ensure that senior management provides the risk management components that you needed. All of the following components are provided by senior management, EXCEPT:

A
  • risk mitigation procedures
73
Q

Which characteristics of a system are evaluated by the Trusted Computer Systems Evaluation Criteria (TCSEC)?

a) assurance
b) authenticity
c) functionality
d) response-time

A
  • a and c
74
Q

Which functions can take place at the Data-link layer of the OSI model?

a) routing
b) flow control
c) error notification
d) physical addressing
e) setting voltage levels in transmission media

A
  • b, c, d
75
Q

What is the best description of cache memory?

A
  • memory used for high-speed transfer of data
76
Q

Which role is a strategic role that helps to develop policies, standards, and guidelines and ensure the security elements are implemented properly?

A
  • security analyst
77
Q

What is a characteristic of maintaining logs in a system?

A
  • Logging helps administrator to detect security breaches and vulnerable points in a network
78
Q

What is the first step in designing an effective physical security program?

A
  • identify the physical security program team
79
Q

Which standard must be used to protect email for communication with the US military?

A
  • MSP (Message Security Protocol)
80
Q

Your company has a backup solution that performs a full backup each Saturday evening, and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?

A
  • two
81
Q

Which OSI process ensures that each OSI layer at the sender adds its own information packet and each OSI layer at the receiver strips off its corresponding information?

A
  • encapsulation
82
Q

What is SOCKS?

A
  • a circuit-level proxy firewall that provides a secure channel between two computers
83
Q

An employee is suspected of criminal activity involving access to data in excess of the employee’s authority. You have obtained the original signed copy of the no-right-to-privacy agreement that the employee signed when he was hired. What kind of evidence is this agreement?

A
  • best evidence
84
Q

Which process includes auditing and tracking of changes made to the trusted computing base?

A
  • configuration management
85
Q

Which stipulation is usually NOT provided in an offsite vendor contract?

A
  • specific location of the offsite facility
86
Q

Which statement best describes an access control list (ACL)?

A
  • a list of subjects that have been granted access to a specific object, including the level of access granted
87
Q

Which statement is true of data diddling?

A
  • data diddling refers to manipulation of the input data in an application
88
Q

Which options are components of the security kernel?

a) software
b) hardware
c) reference monitor
d) trusted computing base

A
  • options a and b
89
Q

Your organization has recently implemented an artificial neural network (ANN). The ANN enabled the network to make decisions based on the experience provided to them. Which characteristic of the ANN is described?

A
  • adaptability
90
Q

What is an example of a stream cipher?

A
  • RC4
91
Q

Which type of virus installs itself under the anti-virus system and intercepts any calls that the anti-virus system makes to the operating system?

A
  • tunneling virus
92
Q

Your network contains four segments. Which network devices can you use to connect two or more of the LAN segments together?

a) Hub
b) Router
c) Switch
d) Bridge
e) Repeater
f) Multiplexer

A
  • b, c, and d
93
Q

You have been asked to manage your company’s information security continuous monitoring (ISCM) program. Which of the following statements regarding automated versus manual reporting is FALSE?

A
  • Manual tools are more thorough in their reporting than automated methods.
94
Q

Your organization has decided to implement the Diffie-Hellman asymmetric algorithm. Which statement is true of this algorithm’s key exchange?

A
  • authorized users exchange secret keys over a non-secure medium
95
Q

You need to solve a traffic problem occurring on a large Ethernet network. Within this large segment, the accounting department is flooding the network with a high volume of data which causes the entire network to slow down.

Which device is a quick and low-cost solution to isolating the accounting department?

A
  • bridge
96
Q

What is DNS poisoning?

A
  • the practice of dispensing IP addresses and host names with the goal of traffic diversion
97
Q

A file server has unexpectedly rebooted into single-user mode. You are not sure what caused the reboot. What should you do next?

A
  • Recover damaged file system files.
98
Q

What is the purpose of a device using direct memory access (DMA)?

A
  • It implements high-speed data transfer between the device and memory
99
Q

Which type of network monitoring method requires that updates be regularly obtained to ensure its effectiveness?

A
  • signature-based
100
Q

What is a data aggregator?

A
  • a company that compiles, stores, and sells personal information
101
Q

Which database interface language is a replacement for Open Database Connectivity (ODBC) and can only be used by Microsoft Windows clients?

A
  • OLE DB
102
Q

What is the highest data classification category?

A
  • Top Secret
103
Q

What is the name of a condition where long-term employees have more access permissions than needed as a result of changing jobs within the organization over time?

A
  • authorization creep
104
Q

Which function does start and stop bits provide?

A
  • they mark the beginning and ending of asynchronous communication
105
Q

What kind of attack involves injecting malicious code into a web application?

A
  • cross-site scripting
106
Q

What is true of an RSA algorithm?

A
  • a public key algorithm that performs both encryption and authentication
  • does not deal with discrete logarithms
  • can prevent MITM attacks
  • uses public and private key signatures for integrity verification
107
Q

Which security control ensures that data at rest remains confidential?

A
  • drive encryption
108
Q

What can cause issues with RFI?

A
  • fluorescent lighting
109
Q

What is a rootkit?

A
  • a collection of programs that grants a hacker administrative access to a computer or network
110
Q

What are the levels of data classification for government or military use?

A
  • unclassified
  • sensitive
  • confidential
  • secret
  • top secret
111
Q

What characteristics of the hand are evaluated by a hand geometry scan biometric system?

A
  • width of hand
  • width of fingers
  • length of fingers
112
Q

What affects asset retention policies?

A
  • laws and regulations
  • asset or data age
  • asset or data type
113
Q

What device converts messages between two dissimilar electronic e-mail applications?

A
  • e-mail gateway

- e.g. between an Exchange server and a Sendmail server

114
Q

What are corrective controls?

A
  • controls that take corrective action against threats
115
Q

What produces 160-bit checksums?

A
  • SHA
116
Q

What size checksums does MD5 produce?

A
  • 128-bit
117
Q

What size checksums does DES produce?

A
  • 56-bit
118
Q

What size checksums does AES produce?

A
  • 128-bit, 192-bit, 256-bit
119
Q

What is a “land attack”?

A
  • involves sending spoofed TCP SYN packet with the target host’s IP address and an open port as both the source and the destination to the target host on an open port
  • causes a system to freeze or crash
120
Q

What is a “ping of death” attack?

A
  • involves flooding target computers with oversized packets, exceeding the acceptable size during the process of reassembly
  • causes the system to freeze or crash
121
Q

Which entity can operate as both a subject and object?

A
  • program
  • a program operates as an object when a user or group accesses the program
  • a program operates as subject when the program accesses data in another location, such as a database
122
Q

What encryption algorithm is based on Diffie-Hellman key agreement?

A
  • El Gamal
123
Q

You are responsible for managing your company’s virtualization environment. Which feature should NOT be allowed on a virtualization host?

A
  • browsing the Internet
  • this could introduce a possible security breach by allowing spyware or malware
  • anything that affects a virtualization host also affects all virtual computers on the host
124
Q

Which type of card has an antenna that surrounds the card to allow the card to be read by the reader?

A
  • contactless smart card
125
Q

Which type of notebook is most preferred during the course of an investigation in legal record keeping?

A
  • bound notebook
126
Q

Which web browser add-in uses Authenticode for security?

A
  • ActiveX

- Authenticode is a certificate technology that allows ActiveX components to be validated by a server

127
Q

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?

A
  • post-mortem review
128
Q

Which radio transmission technology does the 802.11b standard specify?

A
  • DSSS (direct sequence spread spectrum)
129
Q

What does an incremental backup do?

A
  • It backs up all the new files that have changed since the last full or incremental backup and resets the archive bit
130
Q

You are the incident investigator. You need to create two images of a file server’s hard drive. The incident investigation procedure states that you need to ensure that the new media is properly purged.

What should you do to meet this requirement?

A
  • ensure that the new media does not contain any residual data
  • only the data collected as evidence during the incident investigation should be placed on the new media
131
Q

Implicit right

A
  • occurs when a user inherits a permission based on group membership
  • can occur due to role assignment
132
Q

Capability

A
  • access right that is assigned directly to a subject
133
Q

Explicit right

A
  • occurs when a user is given a permission directly
134
Q

Access right

A
  • generic term referring to any permission granted to a user, whether implicitly or explicitly
135
Q

What is a difference between PGP and the use of formal trust certificates?

A
  • the establishment of a web of trust between users

- PGP establishes a web of trust, which implies that the users generate and distribute their public keys

136
Q

What functionalities does PGP provide?

A
  • confidentiality through the IDEA
  • integrity through the MD5 hashing algorithm
  • authentication through public key certificates
  • nonrepudiation through encrypted signed messages
137
Q

What is IDEA

A

International Data Encryption Algorithm

138
Q

Which access control principle ensure that a particular role has more than one person trained to perform its duties?

A
  • job rotation
139
Q

Which entities correspond to columns and rows in an access control matrix?

A
  • a subject’s capability corresponds to a row

- a column in an access control matrix corresponds to the ACL for an object

140
Q

What is the purpose of a software escrow?

A
  • to provide a software vendor’s source code in the event the vendor goes out of business
141
Q

What is another term for technical controls?

A
  • logical controls
142
Q

What is the most common form of identification and authentication?

A
  • user identification with reusable password
143
Q

You are setting up the server computers for a new company. You have been asked to design the ACLs for the files and folders on the servers. Which principles affect the design?

A
  • least privilege

- need to know

144
Q

Which type of encryption algorithm is Diffie-Hellman an example?

A
  • asymmetric with authentication
145
Q

What are examples of asymmetric encryption?

A
  • RSA
  • DH
  • ElGamal
  • Elliptic Curve Cryptosystem (ECC)
  • LUC
  • Knapsack
146
Q

Which access control model is the easiest to administer?

A
  • RBAC