Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP ISC2 EXAM > CISSP Sybex Official Study Guide Chapter 9 Review Questions > Flashcards

CISSP Sybex Official Study Guide Chapter 9 Review Questions Flashcards

1
Q

Many PC operating systems provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability?

A. Multiprogramming
B. Multithreading
C. Multitasking
D> Multiprocessing

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

A

C. Multitasking

Explanation:
Multitasking is processing more than one task at the same time. In most cases, multitasking is simulated by the operating system even when not supported by the processor.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What technology provides an organization with the best control over BYOD equipment?

A. Application whitelisting
B. Mobile device management
C. Encrypted removable storage
D. Geotagging

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

A

B. Mobile device management

Explanation:
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management but is only part of a full MDM solution.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Info management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management but is only part of a full MDM solution.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition. rmation Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have three applications running on a single-core single-processor system that supports multitasking. One of those applications is a word processing program that is managing two threads simultaneously. The other two applications are using only one thread of execution. How many application threads are running on the processor at any given time?

A. One
B. Two
C. Three
D. Four

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

A

A. One

Explanation:
A single-processor system can operate on only one thread at a time. There would be a total of four application threads (ignoring any threads created by the operating system), but the operating system would be responsible for deciding which single thread is running on the processor at any given time.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of federal government computing system requires that all individuals accessing the system have a need to know all of the information processed by that system?

A. Dedicated
B. System high
C. Compartmented
D. Multilevel

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

A

A. Dedicated

Explanation:
In a dedicated system, all users must have a valid security clearance for the highest level of information processed by the system, they must have access approval for all information processed by the system, and they must have a valid need to know of all information processed by the system.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 963). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a security risk of an embedded system that is not commonly found in a standard PC?

A. Software flaws
B. Access to the internet
C. Control of a mechanism in the physical world D. Power loss

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 395). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following describes a community cloud?

A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange
B. A cloud service within a corporate network and isolated from the internet
C. A cloud service that is accessible to the general public typically over an internet connection
D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer resources to outsiders

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the concept of a computer implemented as part of a larger system that is typically designed around a limited set of specific functions (such as management, monitoring, and control) in relation to the larger product of which it’s a component?

A. IoT
B. Application appliance
C. SoC
D. Embedded system

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk?

A. Static RAM
B. Dynamic RAM
C. Secondary memory
D. Real memory

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the most effective means of reducing the risk of losing the data on a mobile device, such as a notebook computer?

A. Defining a strong logon password
B. Minimizing sensitive data stored on the mobile device
C. Using a cable lock
D. Encrypting the hard drive

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What type of electrical component serves as the primary building block for dynamic RAM chips?

A. Capacitor
B. Resistor
C. Flip-flop
D. Transistor

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment?

A. Hard disk
B. Backup tape
C. Removable drives
D. RAM

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (pp. 396-397). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 396). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In which of the following security modes can you be assured that all users have access permissions for all information processed by the system but will not necessarily need to know of all that information?

A. Dedicated
B. System high
C. Compartmented
D/ Multilevel

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The most commonly overlooked aspect of mobile phone eavesdropping is related to which of the following?

A. Storage device encryption
B. Screen locks
C. Overhearing conversations
D> Wireless networking

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of memory device is usually used to contain a computer’s motherboard BIOS?

A. PROM
B. EEPROM
C. ROM
D. EPROM

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of memory is directly available to the CPU and is often part of the CPU?

A. RAM
B. ROM
C. Register memory
D. Virtual memory

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, the systems design, and the services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS? (Select all that apply)

A. Input validation
B. Defensive coding
C. Allowing script input
D. Escaping metacharacters

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 397). Wiley. Kindle Edition.

A
17
Q

What form of attack abuses a program’s lack of length limitation on the data it receives before storing the input in memory, which can lead to arbitrary code execution?

A. ARP poisoning
B. XSS
C. Domain hijacking
D. Buffer overflow

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 398). Wiley. Kindle Edition.

A
18
Q

What security principle helps prevent users from accessing memory spaces assigned to applications being run by other users?

A. Separation of privilege
B. Layering
C. Process isolation
D. Least privilege

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 398). Wiley. Kindle Edition.

A
19
Q

Which security principle mandates that only a minimum number of operating system processes should run in supervisory mode?

A. Abstraction
B. Layering
C. Data hiding
D. Least privilege

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 398). Wiley. Kindle Edition.

A
20
Q

Which security principle takes the concept of process isolation and implements it using physical controls?

A. Hardware segmentation
B. Data hiding
C. Layering
D. Abstraction

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 398). Wiley. Kindle Edition.

A

CISSP ISC2 EXAM (74 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions