Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP 2024 > Domain 3: Review Questions > Flashcards

Domain 3: Review Questions Flashcards

1
Q

Which of the following is most correct?

A. Asymmetric crypto has a larger key space.
B. A cryptogram is a segment of cipher text transmitted over the internet, but not over a VPN.
C. TLS and SSL use symmetric crypto
D. The key schedule is determined by the programmer when writing the software but can be changed by the device’s system admin.

A

A. Asymmetric crypto has a larger key space.

Asymmetric cryptography (e.g., RSA, ECC) typically uses much larger key sizes than symmetric cryptography to achieve equivalent security. For example:
A 2048-bit RSA key provides security comparable to a 128-bit AES key.
The larger key space increases the complexity of brute-force attacks in asymmetric encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is NOT correct?

A. When using PKI, the sender can use their own private key or the public key of the receiver.
B. When electing to use their private key, the sender provides proof of origin
C. A strength of Asymmetric cryptography is that is scales well in a mesh network
D. One strength of symmetric crypto is key distribution

A

D. One strength of symmetric crypto is key distribution.

D is Incorrect.

Key distribution is a major weakness of symmetric cryptography because the secret key must be securely shared between parties before communication can occur. This requires secure channels or additional mechanisms, making symmetric cryptography less scalable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is provided if data cannot be read?

A. Integrity
B. Confidentiality
C. Availability
D. Defense in depth

A

B. Confidentiality is provided if the data cannot be read. It can be provided either through access controls and encryption for data as it exists on a hard drive or through encryption as the data is in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In a distributed environment, which of the following is software that ties the client and server software together?

A. Embedded system
B. Mobile code
C. Virtual computing
D. Middleware

A

D. In a distributed environment, middleware is software that ties the client and server software together. It is neither a part of the operating system nor a part of the server software. It is the code that lies between the operating system and applications on each side of a distributed computing system in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is composed of the components (hardware, firmware, and/or software) that are expected to enforce the security policy of the system?

A. Security perimeter
B. Reference monitor
C. Trusted Computer Base (TCB)
D. Security kernel

A

C. The Trusted Computer Base (TCB) is composed of the components (hardware, firmware, and/or software) that are trusted to enforce the security policy of the system and that if compromised jeopardize the security properties of the entire system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which process converts plaintext into ciphertext?

A. Hashing
B. Decryption
C. Encryption
D. Digital signature

A

C. Encryption converts plaintext into ciphertext. Hashing reduces a message to a hash value. Decryption converts ciphertext into plaintext. A digital signature is an object that provides sender authentication and message integrity by including a digital signature with the original message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of cipher is the Caesar cipher

A. Polyalphabetic substitution
B. Mono-alphabetic substitution
C. Polyalphabetic transposition
D. Mono-alphabetic transposition

A

B. The Caesar cipher is a mono-alphabetic substitution cipher. The Vigenere substitution is a polyalphabetic substitution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the most secure encryption scheme?

A. Concealment cipher
B. Symmetric algorithm
C. One-time pad
D. Asymmetric algorithm

A

C. A one-time pad is the most secure encryption scheme because it is used only once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which 3DES implementation encrypts each block of data three times, each time with a different key?

A. 3DES-EDE3
B. 3DES-EEE3
C. 3DES-EDE2
D. 3DES-EEE2

A

B. The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key.

The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block with the first key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is NOT a hash function?

A. ECC
B. MD6
C. SHA-2
D. RIPEMD-160

A

A. Elliptic Curve Cryptosystem (ECC) is NOT a hash function. It is an asymmetric algorithm. All the other options are hash functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is an example of a preventive control?

A. A door lock system on a server room
B. An electric fence surrounding a facility
C. Armed guards outside a facility
D. Parking lot cameras

A

A.

An electric fence surrounding a facility is designed to deter access to the building by those who should not have any access (an external threat), whereas a door lock system on the server room that requires a swipe of the employee card is designed to prevent access by those who are already in the building (an internal threat).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is NOT one of the three main strategies that guide CPTED?

A. Natural access control
B. Natural surveillance reinforcement
C. Natural territorials reinforcement
D. Natural surveillance

A

B. The three strategies are natural access control, natural territorials reinforcement, and natural surveillance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What occurs when different encryption keys generate the same ciphertext from the same plaintext message?

A. Key clustering
B. Cryptanalysis
C. Keyspace
D. Confusion

A

A. Key clustering occurs when different encryption keys generate the same ciphertext from the same plaintext message.

Cryptanalysis is the science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. A keyspace is all the possible key values when using a particular algorithm or other security measure. Confusion is the process of changing a key value during each round of encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which encryption system uses a private or secret key that must remain secret between the two parties?

A. Running key cipher
B. Concealment cipher
C. Asymmetric algorithm
D. Symmetric algorithm

A

D. A symmetric algorithm uses a private or secret key that must remain secret between the two parties.

A running key cipher uses a physical component, usually a book, to provide the polyalphabetic characters. A concealment cipher occurs when plaintext is interspersed somewhere within other written material. An asymmetric algorithm uses both a public key and a private or secret key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is an asymmetric algorithm?

A. IDEA
B. Twofish
C. RC6
D. RSA

A

D. RSA is an asymmetric algorithm. All the other algorithms are symmetric algorithms.

Symmetric Algorithm include Digital Encryption Standard and Triple Data Encryption Standard, Advanced Encryption Standard, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6/RC7, and CAST

Asymmetric Algorithms include Diffie-Hellman, RSA, El Gamal, ECC, Knapsack, and zero-knowledge proof.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which PKI component contains a list of all the certificates that have been revoked?

A. CA
B. RA
C. CRL
D. OCSP

A

C. A certificate revocation list (CRL) contains a list of all the certificates that have been revoked.

A certificate authority (CA) is the entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary. A registration authority (RA) verifies the requestor’s identity, registers the requestor, and passes the request to the CA. Online Certificate Status Protocol (OCSP) is an Internet protocol that obtains the revocation status of an X.509 digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext?

A. Frequency analysis
B. Reverse engineering
C. Ciphertext-only attack
D. Brute force

A

D. A brute-force attack executed against a cryptographic algorithm uses all possible keys until a key is discovered that successfully decrypts the ciphertext.

A frequency analysis attack relies on the fact that substitution and transposition ciphers will result in repeated patterns in ciphertext. A reverse engineering attack occurs when an attacker purchases a particular cryptographic product to attempt to reverse engineer the product to discover confidential information about the cryptographic algorithm used. A ciphertext-only attack uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In ISO/IEC 15288:2015, which process category includes acquisition and supply?

A. Technical management processes
B. Technical processes
C. Agreement processes
D. Organizational project-enabling processes

A

C. ISO/IEC 15288:2015 establishes four categories of processes:

  • Agreement processes, including acquisition and supply
  • Organizational project-enabling processes, including infrastructure management, quality management, and knowledge management
  • Technical management processes, including project planning, risk management, configuration management, and quality assurance
  • Technical processes, including system requirements definition, system analysis, implementation, integration, operation, maintenance, and disposal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which statement is true of dedicated security mode?

A. It employs a single classification level.
B. All users have the same security clearance, but they do not all possess a need-to-know clearance for all the information in the system.
C. All users must possess the highest security clearance, but they must also have valid need-to-know clearance, a signed NDA, and formal approval for all information to which they have access.
D. Systems allow two or more classification levels of information to be processed at the same time.

A

A. Dedicated security mode employs a single classification level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the first step in ISO/IEC 27001:2013?

A. Identify the requirements.
B. Perform risk assessment and risk treatment.
C. Maintain and monitor the ISMS.
D. Obtain management support.

A

D. The first step in ISO/IEC 27001:2013 is to obtain management support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which two states are supported by most processors in a computer system?

A. Supervisor state and problem state
B. Supervisor state and kernel state
C. Problem state and user state
D. Supervisor state and elevated state

A

A. Two processor states are supported by most processors: supervisor state (or kernel mode) and problem state (or user mode).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When supporting a BYOD initiative, from which group do you probably have most to fear?

A. Hacktivists
B. Careless users
C. Software vendors
D. Mobile device vendors

A

B. As a security professional, when supporting a BYOD initiative, you should take into consideration that you probably have more to fear from the carelessness of the users than you do from hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which term applies to embedded devices that bring with them security concerns because engineers that design these devices do not always worry about security?

A. BYOD
B. NDA
C. IoT
D. ITSEC

A

C. Internet of Things (IoT) is the term used for embedded devices and their security concerns because engineers that design these devices do not always worry about security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which option best describes the primary concern of NIST SP 800-57?

A. Asymmetric encryption
B. Symmetric encryption
C. Message integrity
D. Key management

A

D. Key management is the primary concern of NIST SP 800-57.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following key types requires only integrity security protection?

A. Public signature verification key
B. Private signature key
C. Symmetric authentication key
D. Private authentication key

A

A. Public signature verification keys require only integrity security protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the final phase of the cryptographic key management life cycle, according to NIST SP 800-57?

A. Operational phase
B. Destroyed phase
C. Pre-operational phase
D. Post-operational phase

A

B. The destroyed phase is the final phase of the cryptographic key management life cycle, according to NIST SP 800-57.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following are examples of symmetric algorithm?

A. Triple Data Encryption Standard,
B. RC4/RC5/RC6/RC7
C. El Gamal
D. Advanced Encryption Standard
E. ECC

A

A, B, D

Symmetric Algorithms include Digital Encryption Standard and Triple Data Encryption Standard, Advanced Encryption Standard, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6/RC7, and CAST.

Asymmetric Algorithms include Diffie-Hellman, RSA, El Gamal, ECC, Knapsack, and zero-knowledge proof.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme’s competitors. What security model best fits Matthew’s needs?

A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash

A

D.

The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?

A. Incipient
B. Smoke
C. Flame
D. Heat

A

A.

Fires may be detected as early as the incipient stage. During this stage, air ionization takes place, and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?

A. CCTV
B. IPS
C. Turnstiles
D. Faraday cages

A

A.

Closed-circuit television (CCTV) systems act as a secondary verification mechanism for physical presence because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?

A. 2
B. 4
C. 8
D. 12

A

B.

In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?

A. SaaS
B. IaaS
C. CaaS
D. PaaS

A

A.

This is an example of a vendor offering a fully functional application as a web-based service. Therefore, it fits under the definition of software as a service (SaaS). In infrastructure as a service (IaaS), compute as a service (CaaS), and platform as a service (PaaS), the customer provides their own software. In this example, the vendor is providing the email software, so none of those choices is appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Bob is a security administrator with the U.S. federal government and wants to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-5. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?

A. EdDSA
B. HAVAL
C. RSA
D. ECDSA

A

B.

The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Rivest, Shamir, Adleman (RSA) algorithm; the Elliptic Curve DSA (ECDSA) algorithm, and the Edwards Curve Digital Signature Algorithm (EdDSA). HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?

A. Harry
B. Sally
C. Server
D. Document

A

A.

In the subject/object model of access control, the user or process making the request for a resource is the subject of that request. In this example, Harry is requesting resource access and is, therefore, the subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?

A. Keep the website offline until the investigation is complete.
B. Take the virtualization platform offline as evidence.
C. Take a snapshot of the compromised system and use that for the investigation.
D. Ignore the incident and focus on quickly restoring the website.

A

C.

Michael should conduct his investigation, but there is a pressing business need to bring the website back online. The most reasonable course of action would be to take a snapshot of the compromised system and use the snapshot for the investigation, restoring the website to operation as quickly as possible while using the results of the investigation to improve the security of the site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Helen is a software engineer and is developing code that she would like to restrict to running within an isolated sandbox for security purposes. What software development technique is Helen using?

A. Bounds
B. Input validation
C. Confinement
D. TCB

A

C.

Using a sandbox is an example of confinement, where the system restricts the access of a particular process to limit its ability to affect other processes running on the same system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What concept describes the degree of confidence that an organization has that its controls satisfy security requirements?

A. Trust
B. Credentialing
C. Verification
D. Assurance

A

D.

Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?

A. Maintenance hook
B. Cross-site scripting
C. SQL injection
D. Buffer overflow

A

A.

Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls. If not removed prior to finalizing code, they pose a significant security vulnerability if an attacker discovers the maintenance hook.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

In the figure shown here, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance, and the file has a Confidential classification. What principle of the Biba model is being enforced?

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property

A

B.

The Simple Integrity Property states that an individual may not read a file classified at a lower security level than the individual’s security clearance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Tom is responsible for maintaining the security of systems used to control industrial processes located within a power plant. What term is used to describe these systems?

A. POWER
B. SCADA
C. HAVAL
D. COBOL

A

B.

Supervisory control and data acquisition (SCADA) systems are used to control and gather data from industrial processes. They are commonly found in power plants and other industrial environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite that she knows the user’s password. What hardware security feature is likely causing this problem?

A. TCB
B. TPM
C. NIACAP
D. RSA

A

B.

The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?

A. MD5
B. 3DES
C. SHA1
D. SHA 256

A

D.

Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

If Alice wants to send Bob a message that is encrypted for confidentiality, what key does she use to encrypt the message?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

A

C

In an asymmetric cryptosystem, the sender of a message encrypts the message using the recipient’s public key. The recipient may then decrypt that message using their own private key, which only they should possess.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

When Bob receives the encrypted message from Alice, what key does he use to decrypt the message’s plaintext content?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

A

D

When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is the only one who should be able to decrypt it, thus preserving confidentiality.

45
Q

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

Which one of the following keys would Bob not possess in this scenario?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

A

B

Each user retains their own private key as secret information. In this scenario, Bob would only have access to his own private key and would not have access to the private key of Alice or any other user.

46
Q

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.

Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

A

B

Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.

47
Q

What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?

A. Hash
B. Salt
C. Extender
D. Rebar

A

B.

The salt is a random value added to a password before it is hashed by the operating system. The salt is then stored in a password file with the hashed password. This increases the complexity of cryptanalytic attacks by negating the usefulness of attacks that use precomputed hash values, such as rainbow tables.

48
Q

Which one of the following is not an attribute of a typical hashing algorithm?

A. They require a cryptographic key.
B. They are irreversible.
C. It is very difficult to find two messages with the same hash value.
D. They take variable-length input.

A

A.

Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.

49
Q

What type of fire suppression system fills with water after a valve opens when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?

A. Wet pipe
B. Dry pipe
C. Deluge
D. Preaction

A

A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

50
Q

Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?

A. AH
B. ESP
C. IKE
D. ISAKMP

A

B.

The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

51
Q

Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?

A. Nonrepudiation
B. Authentication
C. Integrity
D. Confidentiality

A

D.

The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality processes protect against this risk. Nonrepudiation is when the recipient of a message can prove the originator’s identity to a third party. Authentication is a means of proving one’s identity. Integrity demonstrates that information has not been modified since transmission.

52
Q

Joanna wants to review the status of the industrial control systems her organization uses for building control. What type of systems should she inquire about access to?

A. SCADA
B. DSS
C. BAS
D. ICS-CSS

A

A.

Supervisory Control and Data Acquisition systems, or SCADA systems, provide a graphical interface to monitor industrial control systems (ICS). Joanna should ask about access to her organization’s SCADA systems.

53
Q

What are the ISO/IEC 15288:2015 four categories of processes?

A

ISO/IEC 15288:2015 establishes four categories of processes:

  1. Agreement processes: This category includes acquisition and supply.
  2. Organizational project-enabling processes: This category includes life cycle model management, infrastructure management, portfolio management, human resource management, quality management, and knowledge management.
  3. Technical management processes: This category includes project planning, project assessment and control, decision management, risk management, configuration management, information management, measurement, and quality assurance.
  4. Technical processes: This category includes business or mission analysis, stakeholder needs and requirements definition, system requirements definition, architecture definition, design definition, system analysis, implementation, integration, verification, transition, validation, operation, maintenance, and disposal.
54
Q

Name the Symmetric Algorithms. Provide their Key size and block sizes.

A
55
Q

Name the Symmetric Algorithms. Provide their Key size and block sizes.

A
56
Q
  1. In the figure shown here, Harry’s request to write to the data file is blocked. Harry has a Secret security clearance, and the data file has a Confidential classification. What principle of the Bell-LaPadula model blocked this request?

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. Discretionary Security Property

A

C.

The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property.

57
Q

Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?

A. IDEA
B. Diffie-Hellman
C. RSA
D. MD5

A

B.

The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network. IDEA and RSA are encryption algorithms. MD5 is a hashing function.

58
Q

Carl’s organization recently underwent a user access review. At the conclusion of the review, the auditors noted several cases of privilege creep. What security principle was violated?

A. Fail securely
B. Keep it simple and secure
C. Trust but verify
D. Least privilege

A

D.

The principle of least privilege says that an employee should have only the minimum necessary privileges required to perform their jobs. Privilege creep indicates that an employee has accumulated permissions that they no longer require, indicating a violation of the least privilege principle. The trust but verify principle says that organizations should use auditing to ensure that control objectives are met. The fail securely principle says that security controls should default to a secure state in the event of a control failure. The keep it simple and secure principle says that security controls and other technologies should remain as simple as possible while still completing their objectives.

59
Q

Matt’s organization recently adopted a zero trust network architecture. Under this approach, which one of the following criteria would be LEAST appropriate to use when granting a subject access to resources?

A. Password
B. Two-factor authentication
C. IP address
D. Biometric scan

A

C.

In a zero trust network architecture, access control decisions should never be made based upon a system’s location on the network. Therefore, an IP address should never be used and would be the least appropriate of these options. While the other options have differing levels of security (two-factor authentication is clearly stronger than a password or biometrics alone), they do not violate the principles of a zero trust network architecture.

60
Q

Colin is the chief privacy officer for a nonprofit organization and is assisting with the team’s transition to a Privacy by Design approach. Under this approach, which is not one of the Privacy by Design principles?

A. Proactive, not reactive
B. Privacy as the default setting
C. End-to-end security
D. Defense in depth

A

D.

While defense in depth is a strong security principle, it is not a component of Privacy by Design.

The following are the seven principles of the Privacy by Design model:
1. Proactive, not reactive; preventative not remedial
2. Privacy as the default
3. Privacy embedded into design
4. Full functionality—positive-sum, not zero-sum
5. End-to-end life-cycle protection
6. Visibility and transparency
7. Respect for user privacy

61
Q

What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection?

A. Security through obscurity
B. Kerckhoffs’ principle
C. Defense in depth
D. Heisenburg principle

A

B.

Kerckhoffs’ principle says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

62
Q

What are the seven principles of Privacy by Design?

A

The following are the seven principles of the Privacy by Design model:

  1. Proactive, not reactive; preventative not remedial
  2. Privacy as the default
  3. Privacy embedded into design
  4. Full functionality—positive-sum, not zero-sum
  5. End-to-end life-cycle protection
  6. Visibility and transparency
  7. Respect for user privacy
63
Q

Ryan is developing a physical access plan for his organization’s data center and wants to implement the security control indicated by the arrow in this diagram. What is the name of this control?

A. Access control vestibule
B. Turnstile
C. Intrusion prevention system
D. Portal

A

A.

Access control vestibules use two sets of doors to control access to a facility. This may be used to prevent piggybacking by monitoring use of the vestibule to allow only a single individual to enter a facility at a time. They may also be used to allow manual inspection of individuals or perform other security screening. Access control vestibules are also commonly known as mantraps

64
Q

Which one of the following does not describe a standard physical security requirement for wiring closets?

A. Place only in areas monitored by security guards.
B. Do not store flammable items in the closet.
C. Use sensors on doors to log entries.
D. Perform regular inspections of the closet.

A

A.

While it would be ideal to have wiring closets in a location where they are monitored by security staff, this is not feasible in most environments. Wiring closets must be distributed geographically in multiple locations across each building used by an organization.

65
Q

In the figure shown here, Sally is blocked from writing to the data file by the Biba integrity model. Sally has a Secret security clearance, and the file is classified Top Secret. What principle is preventing her from writing to the file?

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property

A

D.

The *-Integrity Property states that a subject cannot modify an object at a higher integrity level than that possessed by the subject.

66
Q

Lana recently implemented a new process in her organization where managers who are responsible for granting users access to a system are not permitted to participate in access reviews. What principle is she enforcing?

A. Two-person control
B. Least privilege
C. Privilege creep
D. Segregation of duties

A

D.

The segregation of duties principle says that no employee should have permission to perform two tasks that, when combined, would pose a security risk. In this situation, an employee auditing their own work would create a conflict of interest, so Lana has implemented a segregation of duties. Two-person control is closely related, but it requires that two different employees approve an action. If she required that two managers approve new accounts, that would be an example of two-person control.

67
Q

Which of the following statements about system development are correct? (Select all that apply.)

A. Systems should be designed to operate in a secure manner if the user performs no other configuration.
B. Systems should be designed to fall back to a secure state if they experience an error.
C. Systems should be designed to incorporate security as a design feature.
D. Systems should be designed in a manner that keeps their functionality as simple as possible.

A

A, B, C, D.

All of these statements are correct. The idea that systems should be designed to operate in a secure manner if the user performs no other configuration is the secure defaults principle. The idea that systems should be designed to fall back to a secure state if they experience an error is the fail securely principle. The idea that systems should be designed to incorporate security as a design feature is the security by design principle. The idea that systems should be designed in a manner that keeps their functionality as simple as possible is the keep it simple principle.

68
Q

Alan is reviewing a system that has been assigned the EAL1 evaluation assurance level under the Common Criteria. What is the degree of assurance that he may have about the system?

A. It has been functionally tested.
B. It has been structurally tested.
C. It has been formally verified, designed, and tested.
D. It has been methodically designed, tested, and reviewed.

A

A.

EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.

69
Q

Jake works for a research organization that is seeking to deploy a grid computing system that will perform cycle scavenging on user workstations to conduct research tasks that require high-performance computing. What is the most significant risk associated with this operation?

A. Data confidentiality
B. Isolation breach
C. Data integrity
D. Data availability

A

B.

The system can be designed in a manner that protects the confidentiality, integrity, and availability of data. The research workstations included in the grid are from internal users, minimizing the risk of distributing the data. However, an isolation breach in the distributed computing client could be catastrophic, allowing someone who compromises the controller to assume control of every device in the organization.

70
Q

Eimear’s software development team uses an approach that creates many discrete software objects and then binds them together using APIs. What term best describes this architecture?

A. Microservices
B. Function-as-a-service
C. Containerization
D. Virtualization

A

A.

This is an example of a microservices architecture. Each of the component microservices performs a discrete task and then communicates with other microservices using APIs. This might be accomplished using function-as-a-service (FaaS) cloud computing, containerization, and/or virtualization, but there is no indication whether those services are being used in the scenario.

71
Q

Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create?

A. An access control list
B. An access control entry
C. Role-based access control
D. Mandatory access control

A

A.

Adam created a list of individual users who may access the file. This is an access control list, which consists of multiple access control entries. It includes the names of users, so it is not role-based, and Adam was able to modify the list, so it is not mandatory access control.

72
Q

What are the seven Common Criteria evaluation assurance levels?

A

The seven Common Criteria evaluation assurance levels are:

EAL1 Functionally tested
EAL2 Structurally tested
EAL3 Methodically tested and checked
EAL4 Methodically designed, tested and reviewed
EAL5 Semi-formally verified designed and tested
EAL6 Semi-formally verified design and tested
EAL7 Formally verified design and tested

73
Q

What are the seven Common Criteria evaluation assurance levels?

A

The seven Common Criteria evaluation assurance levels are:

EAL1 Functionally tested
EAL2 Structurally tested
EAL3 Methodically tested and checked
EAL4 Methodically designed, tested and reviewed
EAL5 Semi-formally verified designed and tested
EAL6 Semi-formally verified design and tested
EAL7 Formally verified design and tested

74
Q

Betty is concerned about the use of buffer overflow attacks against a custom application developed for use in her organization. What security control would provide the strongest defense against these attacks?

A. Firewall
B. Intrusion detection system
C. Parameter checking
D. Vulnerability scanning

A

C.

Parameter checking, or input validation, is used to ensure that input provided by users to an application matches the expected parameters for the application. Developers may use parameter checking to ensure that input does not exceed the expected length, preventing a buffer overflow attack.

75
Q

Which one of the following combinations of controls best embodies the defense-in-depth principle?

A. Encryption of email and network intrusion detection
B. Cloud access security brokers (CASBs) and security awareness training
C. Data loss prevention and multifactor authentication
D. Network firewall and host firewall

A

D.

The defense-in-depth principle suggests using multiple overlapping security controls to achieve the same control objective. Network and host firewalls are both designed to limit network traffic and therefore are an example of defense in depth. The encryption of email and network intrusion detection are unrelated controls and do not satisfy the same objective. The same is true for the combination of CASB and security awareness training and the combination of DLP and multifactor authentication.

76
Q

James is working with a Department of Defense system that is authorized to simultaneously handle information classified at the Secret and Top Secret levels. What type of system is he using?

A. Single state
B. Unclassified
C. Compartmented
D. Multistate

A

D.

Multistate systems are certified to handle data from different security classifications simultaneously by implementing protection mechanisms that segregate data appropriately.

77
Q

Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle’s security clearance requirements?

A. Kyle must have a clearance for the highest level of classification processed by the system, regardless of his access.
B. Kyle must have access approval for all information processed by the system.
C. Kyle must have a valid need to know for all information processed by the system.
D. Kyle must have a valid security clearance.

A

C.

For systems running in System High mode, the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all, information processed by the system.

78
Q
  1. Gary intercepts a communication between two individuals and suspects that they are exchanging secret messages. The content of the communication appears to be the image shown here. What type of technique may the individuals use to hide messages inside this image?
    Source: Matt65 / Wikimedia Commons / Public domain.

A. Visual cryptography
B. Steganography
C. Cryptographic hashing
D. Transport layer security

A

B.

Steganography is the art of using cryptographic techniques to embed secret messages within other content. Some steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.

79
Q

Philip is developing a new security tool that will be used by individuals in many different subsidiaries of his organization. He chooses to use Docker to deploy the tool to simplify configuration. What term best describes this approach?

A. Virtualization
B. Abstraction
C. Simplification
D. Containerization

A

D. All of these terms accurately describe this use of technology. However, the use of Docker is best described as a containerization technology, so this is the best possible answer choice.

80
Q
  1. In the ring protection model shown here, what ring contains the operating system’s kernel?

A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 3

A

A.

The kernel lies within the central ring, Ring 0. Conceptually, Ring 1 contains other operating system components. Ring 2 is used for drivers and protocols. User-level programs and applications run at Ring 3. Rings 0 through 2 run in privileged mode, while Ring 3 runs in user mode. It is important to note that many modern operating systems do not fully implement this model.

81
Q

In an infrastructure-as-a-service environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service?

A. Customer’s security team
B. Customer’s storage team
C. Customer’s vendor management team
D. Vendor

A

D.

In an infrastructure-as-a-service environment, security duties follow a shared responsibility model. Since the vendor is responsible for managing the storage hardware, the vendor would retain responsibility for destroying or wiping drives as they are taken out of service. However, it is still the customer’s responsibility to validate that the vendor’s sanitization procedures meet their requirements prior to utilizing the vendor’s storage services.

82
Q

During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. Which one of the following actions should she take first?

A. Remove the key from the bucket.
B. Notify all customers that their data may have been exposed.
C. Request a new certificate using a new key.
D. Nothing, because the private key should be accessible for validation.

A

C.

The first thing Casey should do is notify her management, but after that, replacing the certificate and using proper key management practices with the new certificate’s key should be at the top of her list.

83
Q

Which one of the following systems assurance processes provides an independent third-party evaluation of a system’s controls that may be trusted by many different organizations?

A. Certification
B. Definition
C. Verification
D. Accreditation

A

C.

The verification process is similar to the certification process in that it validates security controls. Verification may go a step further by involving a third-party testing service and compiling results that may be trusted by many different organizations. Accreditation is the act of management formally accepting a system, not evaluating the system itself.

84
Q

Darcy’s organization is deploying serverless computing technology to better meet the needs of developers and users. In a serverless model, who is normally responsible for configuring operating system security controls?

A. Software developer
B. Cybersecurity professional
C. Cloud architect
D. Vendor

A

D.

In a serverless computing model, the vendor does not expose details of the operating system to its customers. Therefore, the vendor retains full responsibility for configuring it securely under the shared responsibility model of cloud computing.

85
Q

B. The mean time to failure (MTTF) provides the average amount of time before a device of that particular specification fails.Harold is assessing the susceptibility of his environment to hardware failures and would like to identify the expected lifetime of a piece of hardware. What measure should he use for this?

A. MTTR
B. MTTF
C. RTO
D. MTO

A

B.

The mean time to failure (MTTF) provides the average amount of time before a device of that particular specification fails.

86
Q

Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. They would like the system to be set up so that any pair of arbitrary users may communicate privately. How many total keys will they need?

A. 500
B. 1,000
C. 2,000
D. 499,500

A

C.

Asymmetric cryptosystems use a pair of keys for each user. In this case, with 1,000 users, the system will require 2,000 keys. 499,500 would be the correct answer for a symmetric system.

87
Q

Gary is concerned about applying consistent security settings to the many mobile devices used throughout his organization. What technology would best assist with this challenge?

A. MDM
B. IPS
C. IDS
D. SIEM

A

A.

Mobile Device Management (MDM) products provide a consistent, centralized interface for applying security configuration settings to mobile devices.

88
Q

Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he received definitely came from Alice. What goal of cryptography is Bob attempting to achieve?

A. Authentication
B. Confidentiality
C. Nonrepudiation
D. Integrity

A

C.

Nonrepudiation occurs when the recipient of a message is able to demonstrate to a third party that the message came from the purported sender.

89
Q

Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown here. What type of card is this?

A. Smart card
B. Proximity card
C. Magnetic stripe card
D. Phase three card

A

A.

The card shown in the image has a smart chip underneath the American flag. Therefore, it is an example of a smart card. This is the most secure type of identification card technology.

90
Q

Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in a restricted work area within his facility. What technology would protect against this type of attack?

A. TCSEC
B. SCSI
C. GHOST
D. TEMPEST

A

D.

The TEMPEST program creates technology that is not susceptible to Van Eck phreaking attacks because it reduces or suppresses natural electromagnetic emanations.

91
Q

Jorge believes that an attacker has obtained the hash of the Kerberos service account from one of his organization’s Active Directory servers. What type of attack would this enable?

A. Golden ticket
B. Kerberoasting
C. Pass the ticket
D. Brute force

A

A.

Golden ticket attacks use the hash of the Kerberos service account to create tickets in an Active Directory environment. Kerberoasting attacks rely on collected TGS tickets. Pass the ticket attacks rely on tickets harvested from the LSASS process. Brute-force attacks depend on random guessing without any additional information.

92
Q

Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?

A. MD5
B. AES
C. PGP
D. WPA3

A

A.

The MD5 hashing algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments. The AES, PGP, and WPA3 algorithms are all still considered secure.

93
Q

Robert is investigating a security breach and discovers the Mimikatz tool installed on a system in his environment. What type of attack has likely taken place?

A. Password cracking
B. Pass the hash
C. MAC spoofing
D. ARP poisoning

A

B.

The use of the Mimikatz tool is indicative of an attempt to capture user password hashes for use in a pass-the-hash attack against Microsoft Active Directory accounts.

94
Q

Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?

A. Chosen ciphertext
B. Chosen plaintext
C. Known plaintext
D. Brute force

A

C.

In a known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate that ciphertext. In a chosen plaintext attack, the attacker has the ability to choose the plaintext to be encrypted. In a chosen ciphertext attack, the attacker can choose the ciphertext output. In a brute-force attack, the attacker simply tries all possible key combinations.

95
Q

A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?

A. Social engineering
B. TOCTOU
C. Data diddling
D. Parameter checking

A

B.

In a time of check to time of use (TOCTOU) attack, the attacker exploits the difference in time between when a security control is verified and the data protected by the control is actually used.

96
Q

Carl is deploying a set of video sensors that will be placed in remote locations as part of a research project. Because of connectivity limitations, he would like to perform as much image processing and computation as possible on the device itself before sending results back to the cloud for further analysis. What computing model would best meet his needs?

A. Serverless computing
B. Edge computing
C. IaaS computing
D. SaaS computing

A

B.

In this case, most cloud service models (including IaaS, SaaS, and serverless/FaaS) would require transmitting most information back to the cloud. The edge computing service model would be far more appropriate, as it places computing power at the sensor, minimizing the data that must be sent back to the cloud over limited connectivity network links.

97
Q

What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive?

A. Reformatting
B. Disk encryption
C. Degaussing
D. Physical destruction

A

B.

Wear leveling is about writing to the disk evenly. Encrypting the data would protect against the disclosure of data on portions of the disk that have remnants due to too much wear and having been set aside as no longer usable. Disk formatting does not effectively remove data from any device. Degaussing is effective only for magnetic media. Physically destroying the drive would not permit reuse.

98
Q

Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter from the database and totaled them up to determine the total sales volume. What type of attack occurred?

A. Social engineering
B. Inference
C. Aggregation
D. Data diddling

A

C.

In an aggregation attack, individual(s) use their access to specific pieces of information to piece together a larger picture that they are not authorized to access.

99
Q

What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment?

A. Faraday cage
B. Copper-infused windows
C. Shielded cabling
D. White noise

A

D.

While all of the controls mentioned protect against unwanted electromagnetic emanations, only white noise is an active control. White noise generates false emanations that effectively “jam” the true emanations from electronic equipment.

100
Q

In a software-as-a-service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?

A. Customer’s security team
B. Vendor
C. Customer’s networking team
D. Customer’s infrastructure management team

A

B.

In a software-as-a-service environment, the customer has no access to any underlying infrastructure, so firewall management is a vendor responsibility under the cloud computing shared responsibility model.

101
Q

Alice has read permissions on an object, and she would like Bob to have those same rights. Which one of the rules in the Take-Grant protection model would allow her to complete this operation?

A. Create rule
B. Remove rule
C. Grant rule
D. Take rule

A

C.

The grant rule allows a subject to grant rights that it possesses on an object to another subject.

102
Q

As part of his incident response process, Charles securely wipes the drive of a compromised machine and reinstalls the operating system (OS) from original media. Once he is done, he patches the machine fully and applies his organization’s security templates before reconnecting the system to the network. Almost immediately after the system is returned to service, he discovers that it has reconnected to the same botnet it was part of before. Where should Charles look for the malware that is causing this behavior?

A. The operating system partition
B. The system BIOS or firmware
C. The system memory
D. The installation media

A

B.

The system Charles is remediating may have a firmware or BIOS infection, with malware resident on the system board. While uncommon, this type of malware can be difficult to find and remove. Since he used original media, it is unlikely that the malware came from the software vendor. Charles wiped the system partition, and the system would have been rebooted before being rebuilt, thus clearing system memory.

103
Q

Lauren implements ASLR to help prevent system compromises. What technique has she used to protect her system?

A. Encryption
B. Mandatory access control
C. Memory address randomization
D. Discretionary access control

A

C.

Lauren has implemented address space layout randomization, a memory protection methodology that randomizes memory locations, which prevents attackers from using known address spaces and contiguous memory regions to execute code via overflow or stack smashing attacks.

104
Q

Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?

A. Substitution cipher
B. AES
C. Transposition cipher
D. 3DES

A

C.

This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language. This type of attack, where the attacker only has access to an encrypted message, is also known as a ciphertext-only attack.

105
Q

In a zero trust network architecture, what component is responsible for making policy decisions based upon rules and external data sources?

A. Policy engine
B. Policy administrator
C. Policy enforcement point
D. Subject

A

A.

In a zero trust network architecture, the policy engine is responsible for making policy decisions based upon rules and external data sources. It uses a trust algorithm to decide whether to grant, deny, or revoke access, considering factors like identity management, threat intelligence, and security information and event management (SIEM) data. The policy administrator, on the other hand, acts based on the decisions made by the policy engine, establishing or removing communication paths and managing session-specific credentials. The policy enforcement point enforces these decisions by controlling access to resources based on instructions from the policy administrator. Lastly, the subject refers to users, services, or systems that request access or attempt to use rights and is not involved in decision-making.

105
Q

Grace would like to implement application control technology in her organization. Users often need to install new applications for research and testing purposes, and she does not want to interfere with that process. At the same time, she would like to block the use of known malicious software. What type of application control would be appropriate in this situation?

A. Blacklisting
B. Graylisting
C. Whitelisting
D. Bluelisting

A

A.

The blacklisting approach to application control allows users to install any software they want except for packages specifically identified by the administrator as prohibited. This would be an appropriate approach in a scenario where users should be able to install any nonmalicious software they want to use.

106
Q
A
107
Q

Warren is designing a physical intrusion detection system for use in a sensitive media storage facility and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement?

A. Heartbeat sensor
B. Emanation security
C. Motion detector
D. Faraday cage

A

A.

Heartbeat sensors send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.

108
Q
A

CISSP 2024 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions