Extra Practice Flashcards

Question

``` Which type of password provides maximum security because a new password is required for each now log-on is defined to as? A. One-time or dynamic password B. Cognitive password C. Static password D. Pass phrase ```

Answer 1

Answer: A Explanation: “One-time” or “dynamic” password technology concept is having your remote host already know a password that is not going to go over insecure channels and when you connect, you get a challenge. You take the challenge information and password and plug it into an algorithm which generates the response that should get the same answer if the password is the same on the both sides. Therefore the password never goes over the network, nor is the same challenge used twice. Unlike SecurID or SNK, with S/key you do not share a secret with the host. Other one time password technology is card systems where each user gets a card that generates numbers that allow access to their account. Without the card, it is improbable to guess the numbers.

Answer 2

Answer: B Explanation: Tokens are usually used to provide authentication through “What we have”, is most commonly implemented to provide two-factor authentication. For example, SecurID requires two pieces of information, a password and a token. The token is usually generated by the SecurID token – a small electronic device that users keep with them that display a new number every 60 seconds. Combining this number with the users password allows the SecurID server to determine whatever or not the user should be granted access.

Answer 3

Answer: A Explanation: The Take-Grant System is a model that helps in determining the protection rights (e.g., read or write) in a computer system. The Take-Grant system was introduced by Jones, Lipton, and Snyder to show that it is possible to decide on the safety of a computer system even when the number of subjects and objects are very large, or unbound. This can be accomplished in linear time based on the initial size of the system. The take-grant system models a protection system which consists of a set of states and state transitions. A directed graph shows the connections between the nodes of this system. These nodes are representative of the subjects or objects of the model. The directed edges between the nodes represent the rights that one node has over the linked node.

Answer 4

Answer: D Explanation: Since its impossible to control all the efforts of the users to install software without the proper licenses in their PC´s (Specially downloaded from the Internet), the best way to prevent licenses violations is through regular audit to every single user PC to see what’s the installed programs are and what’s the nature of them (Shareware, freeware, licensed). We cant use LAN monitoring software because not all the applications are network enabled, also, there is usually a policy about software installation, but the users do not rely on them many times. It also a very nice practice to punish the users making software license violations.

Answer 5

Answer: A Explanation: This is the primary use of this kind of devices, since they are very portable (a medium-size external box) and they provide standard interfaces to the PC, they are usually used in data exchange because of their high capacity in comparison to the 3.5 floppy diskettes. We can make changes in the media used by this devices, but is not their primary use. Compression is not the best feature of this devices, their usually depend on File system compression. Absolutely, the best use of this boxes is for data exchange.

Answer 6

Answer: D Explanation: Software Systems Quality Assurance (SQA) is defined as a planned and systematic approach to the evaluation of the quality of and adherence to software product standards, processes, and procedures. SQA includes the process of assuring that standards and procedures are established and are followed throughout the software acquisition life cycle. Compliance with agreed-upon standards and procedures is evaluated through process monitoring, product evaluation, and audits. Software development and control processes should include quality assurance approval points, where an SQA evaluation of the product may be done in relation to the applicable standards. The 2 types available are : Operational assurance (that specified that the operation compiles with the required) and Life-Cycle assurance (that specifies that the system has passed through all the Software life-cycle).

Answer 7

Answer: A Explanation: Since the compiled code has already been translated to binary language (the language understanded natively by the computers), its very difficult for us (the humans) to detect malicious code inside an application, this is because its not apparently visible, you have to find that malicious code through the behavior of the program. Instead, when we talk about Interpreted code, we use a language interpreter, that is a piece of software that allows the end-user to write a program in some human-readable language, and have this program executed directly by the interpreter. This is in contrast to language compilers, that translate the human-readable code into machinereadable code, so that the end-user can execute the machine-readable code at a later time. This is far more easier to detect malicious code inside the programs, you just need to see what piece of code produced the undesired action.

Answer 8

Answer: C Explanation: The Capability Maturity Model for Software describes the principles and practices underlying software process maturity and is intended to help software organizations improve the maturity of their software processes in terms of an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The CMM is organized into five maturity levels: 1) Initial. The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics. 2) Repeatable. Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications. 3) Defined. The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. All projects use an approved, tailored version of the organization's standard software process for developing and maintaining software. 4) Managed. Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled. 5) Optimizing. Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.

Answer 9

Answer: A Explanation: The Red box basically simulates the sounds of coins being dropped into the coin slot of a payphone. The traditional Red Box consisting of a pair of Wien-bridge oscillators with the timing controlled by 555 timer chips. The Blue Box, The mother of all boxes, The first box in history, which started the whole phreaking scene. Invented by John Draper (aka "Captain Crunch") in the early 60s, who discovered that by sending a tone of 2600Hz over the telephone lines of AT&T, it was possible to make free calls. A Black Box is a device that is hooked up to your phone that fixes your phone so that when you get a call, the caller doesn't get charged for the call. This is good for calls up to 1/2 hour, after 1/2 hour the Phone Co. gets suspicious, and then you can guess what happens. The White Box turns a normal touch tone keypad into a portable unit. This kind of box can be commonly found in a phone shop.

Answer 10

Answer: C Explanation: Ethernet traffic is transported in units of a frame, where each frame has a definite beginning and end. Here is an Ethernet frame:

Answer 11

Answer: A Explanation: ALE (Annualized Loss Expectancy) calculations are a component of every risk analysis process. ALE calculations when done properly portray risk accurately. ALE calculations provide meaningful cost/benefit analysis. ALE calculations are used to: SLE x ARO = ALE

Answer 12

Answer: A Explanation: This is a well known issue knew by many programmers, since the operating system is allowing the executables to be used by many users in different sessions at the same time, and there is not refreshing every certain time, there will be a disclosure of residual data. To fix this we need to get sure that objects are refreshed frequently, for added security its better an OS that does not allow the use of an executable object by many users at the same time.

Answer 13

Answer: A Explanation: This is the function of a tape robot/changer working on a media library / jukebox. We can get as many as 32 / 64 or even more tapes action as a single logical unit. You can have a robot that changes and retrieves the different tapes when they are needed, so you see the whole bunch of tapes as it’s a single logical storage solution for you. This kind of solutions are very expensive.

Answer 14

Answer: D Explanation: One of the most obvious reasons why false alarms occur is because tools are stateless. To detect an intrusion, simple pattern matching of signatures is often insufficient. However, that's what most tools do. Then, if the signature is not carefully designed, there will be lots of matches. For example, tools detect attacks in sendmail by looking for the words "DEBUG" or "WIZARD" as the first word of a line. If this is in the body of the message, it's in fact innocuous, but if the tool doesn't differentiate between the header and the body of the mail, then a false alarm is generated. Finally, there are many events happening in the course of the normal life of any system or network that can be mistaken for attacks. A lot of sysadmin activity can be catalogued as anomalous. Therefore, a clear correlation between attack data and administrative data should be established to cross-check that everything happening on a system is actually desired. Normal patterns and user activities are usually confused with attacks by IDS devices, its expected that the 2nd generations IDS systems will decrease the percent of false positives.

Answer 15

Answer: C Explanation: According to the classification levels of the private sector, this information is classified as Private because this information is from a personal nature. There is no need for other employees to see details about your health or you salary range, this can lead to internal problems inside the company, problems like jealous employees.

Answer 16

Answer: B Explanation: Polyinstantiation represents an environment characterized by information stored in more than one location in the database. This permits a security model with multiple levels-of-view and authorization. The current problem with polyinstantiation is ensuring the integrity of the information in the database. Without an effective method for the simultaneous updating of all occurrences of the same data element - integrity cannot be guaranteed.

Answer 17

Answer: A Explanation: This is the proper term, “Verification”, this term is used when we are making a comparison of a product against a specification. For example, you can have a product that is build on open standards, you can have a proof of that by making a “verification” of it against the standards or specifications included in those.

Answer 18

Answer: D Explanation: A proxy server is a server that sits between a client and server application, such as a Web browser and a source web server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the original source web server. Firewalls usually provides this kind of services to have more control over user request and allow / deny the traffic of those through the gateway. At this time the most common Proxy server is for HTTP protocol, we can also have proxies for SMTP and FTP.

Answer 19

Answer: B Explanation: The Land attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim's machine on any open port that is listening. If the packet(s) contain the same destination and source IP address as the host, the victim's machine could hang or reboot. In addition, most systems experience a total freeze up, where as CTRL-ALT-DELETE fails to work, the mouse and keyboard become non operational and the only method of correction is to reboot via a reset button on the system or by turning the machine off. Vulnerable Systems: This will affect almost all Windows 95, Windows NT, Windows for Workgroups systems that are not properly patched and allow Net Bios over TCP/IP. In addition, machines running services such as HTTP, FTP, Identd, etc that do not filter packet(s), that contain the same source / destination IP address, can still be vulnerable to attack through those ports. Prevention: This attack can be prevented for open / listening ports by filtering inbound packets containing the same source / destination IP address at the router or firewall level. For most home users not running a lot of services, and for those who use IRC, disabling the Identd server within their client will stop most attacks since the identd service (113) is becoming the most attacked service/port.

Answer 20

Answer: A Explanation: This is what the static’s says. Most of the downtime is cause of unexpected hardware failure. Commonly you just replace the FRU (Field replazable unit) when they fail. Usually a well written software does not fail if the hardware is running correctly. The human errors are controllable and natural disasters are not very often. Hardware failure is very common, it’s a good practice to have spare disks, NIC and any other hardware FRU´s in your company to minimize the downtime with quick replacements.

Answer 21

Answer: A Explanation: This kind of RAID is totally depended on the operating system, this is because the server does not have any special hardware - RAID controller in the board. This kind of RAID implementation usually degrades performance because it takes many CPU cycles. A very common example of software RAID is the support for it on Windows 2000 Server, where you can create RAID 0,1 and 5 through heterogeneous disks, you can even make a RAID between one SCSI and one EIDE disk. The software implementation is hardware independent always that the disks are recognized by the Operating System.

Answer 22

Answer: B Explanation: In this phase, user needs are identified and the basic security objectives of the product are acknowledged. It must be determined if the product will be processing sensitive data, and if so, the levels of sensitivity involved should be defined. An initial risk analysis should be initiated that evaluates threats and vulnerabilities to estimate the cost/ benefit ratios of the different security countermeasures. Issues pertaining to security integrity, confidentiality, and availability need to be addressed. The level of each security attribute should be focused upon so a clear direction of security controls can begin to take shape. A basic security framework is designed for the project to follow, and risk management processes are established. Risk management will continue throughout the lifetime of the project. Risk information may start to be gathered and evaluated in the project initiation phase, but it will become more granular in nature as the phases graduate into the functional design and design-specification phase.

Answer 23

Answer: B Explanation: Since we want to deal with printer reports, we are talking about output controls, Why, because printer produce output, and we can control it. As a best practice you can have people dedicated in the company to receive the different print jobs in the printing center, and people that takes care of the confidential information requiring a signature from the sender stating that the document was delivered to the owner in a timely and secure fashion.

Answer 24

Answer: B Explanation: An access control model defines a computer and/or network system's rules for user access to information resources. Access control models provide confidentiality, integrity and also provide accountability through audit trails. An audit trail documents the access of an object by a subject with a record of what operations were performed. Operations include: read, write, execute and own. Non-Discretionary Access Control is usually role-based, centrally administered with authorization decisions based on the roles individuals have within an organization (e.g. bank teller, loan officer, etc. in a banking model). A system's security administrator grants and/or revokes system privileges based on a user's role. This model works well for corporations with a large turnover of personnel.

Answer 25

Answer: B Explanation: This is not a very good practice, specially for the CISSP examination, when you plan and develop the security policy for your enterprise you should always plan it with a long term focus. The policy should be created to be there for a long time, and you should only make revisions of it every certain time to comply with changes or things that could have changed. In a security policy the duties should be well specified, be understandable by the people involved in it, and specify areas of responsibility.

Answer 26

Answer: B Explanation: The correct answer can be determined through elimination. We need to have an acceptable fire rating for the walls, this is well known for any CISSP aspirant, its like that because we need to contain the fire as much as we can. We also need resistant doors so unauthorized people do not enter easily using the force. The people also need to know about fire suppression systems to be able to deal with a fire situation inside the facilities. As you can see, We should not protect windows with bars, this is a bad practice because, in the case of a fire, the people cannot get out of the building through the windows.

Answer 27

Answer: D Explanation: This is one of the pillars of network security. We can say that the data is available if we can access to it when we need it. This what is referred in the question, Availability refers to get access to data when and where you need it. Confidentiality deals with encryption and data protection against third party interception. Integrity deals with digital signatures and assures that the data has not changed. Acceptability is not a related term.

Answer 28

Answer: B Explanation: Business continuity is of course a vital activity. However, prior to the creation of a business continuity plan, it is essential to consider the potential impacts of disaster and to understand the underlying risks. It is now widely accepted that both business impact analysis and risk analysis are vital components of the business continuity process. However, many organizations are unsure of how to approach these important disciplines. BIA is important because it provides management level analysis by which an organization assesses the quantitative (financial) and qualitative (non-financial) impacts, effects and loss that might result if the organization were to suffer a Business Continuity E/I/C. The findings from a BIA are used to make decisions concerning Business Continuity Management strategy and solutions.

Answer 29

Answer: D Explanation: The Physical Layer is the layer that is concerned with the signaling of the message and the interface between the sender or receiver and the medium. The physical layer is generally defined by one of the standards bodies and carries a designation that indicates the characteristics of the connection. Among frequently used physical layers standards are EIA-232-D, ITU V.35, and some of the X series (X.21/X.21bis, for example).

Answer 30

Answer: D Explanation: This is the correct term, remember that Availability refers to get access to data when and where you need it. When we talk about destruction, we are saying the opposite, if your information is destroyed, you cant access to it neither when or where you want it. Delegation deals with permissions, distribution deals with deployment and documentation deals with information and how to´s. The term we are looking here is definitively “destruction”

Answer 31

Answer: A Explanation: Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection system later compares this model with the current activity. When a deviation is observed, an alarm is generated. In other words, anything that does not correspond to a previously learned behavior is considered intrusive. The high false alarm rate is generally cited as the main drawback of behavior-based techniques because the entire scope of the behavior of an information system may not be covered during the learning phase. Also, behavior can change over time, introducing the need for periodic online retraining of the behavior profile, resulting either in unavailability of the intrusion detection system or in additional false alarms. To get the most out of this kind of IDS you need to have very static behavior on your network and the user actions, this is because any new thing is considered dangerous, providing many false-positives but increased security. If you are in a very “dynamic” environment these kind of IDS system is not recommended.

Answer 32

Answer: C Explanation: The Layer 2 Tunnel Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for VPNs. VPNs allow users and telecommuters to connect to their corporate intranets or extranets. VPNs are costeffective because users can connect to the Internet locally and tunnel back to connect to corporate resources. This not only reduces overhead costs associated with traditional remote access methods, but also improves flexibility and scalability. PPTP and L2TP are Layer 2 tunneling protocols; both encapsulate the payload in a Point-to-Point Protocol (PPP) frame to be sent across an intermediate network.

Answer 33

Answer: C Explanation: The principle of biometrics is to use some unique characteristic to identify whether the person is who they say they are. Biometrics works by matching or verifying a person’s unique traits with stored data in two categories: physiological characteristics and those that are behavioral. Physical indicators include iris, fingerprint, facial, or hand geometry. Behavior types are usually voiceprints, keystroke dynamics and handwritten signatures. Most biometric technologies require special hardware to convert analog measurements of signatures, voices, or patterns of fingerprints and palm prints, to digital measurement, which computers can read. The biggest characteristic and problem of biometric implementations today is the accuracy, we must see the level of accuracy before buying a solution, because the technology is not perfect at this time and it can be erroneous sometimes.

Answer 34

Answer: A Explanation: This is true, if we do not use parity in our RAID implementation, like RAID 1 (Mirroring) or RAID 0 (Stripping) we can improve performance because the CPU does not need waste cycles to make the parity calculations. For example this can be achieved in Windows 2000 server through the use of RAID 0 (No fault tolerance, just stripping in 64kb chunks) or RAID 1 (Mirroring through a file system driver). This is not the case of RAID 5 that actually use parity to provide fault tolerance.

Answer 35

Answer: A Explanation: Here are 2 definitions for Data Integrity: Availability refers to get access to data when and where you need it. Confidentiality deals with encryption and data protection against third party interception. Identity deals with authentication.

Answer 36

Answer: B Explanation: This is very obvious. Since we want to prevent something from happening, we can go out and buy some Guard dogs to make the job. You are buying them because you want to prevent something from happening. The intruder will see the dogs and will maybe go back, this prevents an attack, this dogs are a form of preventive control. Motion Detectors and IDS are realtime, Audit Logs are passive.

Answer 37

Answer: B Explanation: The one time pad is the most secure, and one of the simplest of all cryptographic methods. It was invented and patented just after World War I by Gilbert Vernam (of AT&T) and Joseph Mauborgne (USA, later chief of the Signal Corps). The fundamental features are that the sender and receiver each have a copy of an encryption key, which is as long as the message to be encrypted, and each key is used for only one message and then discarded. That key must be random, that is without pattern, and must remain unknown to any attacker. In addition, the key must never be reused, otherwise the cipher becomes trivially breakable. One of its features it’s the key length, it’s the same as the message.

Answer 38

Answer: A Explanation: The socket method of network use is a message-based system, in which one process writes a message to another. This is a long way from the procedural model. The remote procedure call is intended to act like a procedure call, but to act across the network transparently. The process makes a remote procedure call by pushing its parameters and a return address onto the stack, and jumping to the start of the procedure. The procedure itself is responsible for accessing and using the network. After the remote execution is over, the procedure jumps back to the return address. The calling process then continues. RPC works at the Session layer of the OSI model.

Answer 39

Answer: B Explanation: Lets do this with a elimination process. With padding messages you can countermeasure traffic analysis because you add garbage information to the message to let in end in a fixed length, this can confuse the analyzer. Sending noise on the communication line could also countermeasure analysis because the analyzer don’t now how to differentiate between real information and noise. You can also covert channel analysis. Eavesdropping does not apply in this situation, its not considered a counter measure to traffic analysis.

Answer 40

Answer: C Explanation: Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. These firewalls are normally part of a router, which is a device that receives and forwards packets to networks. “In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it, or send a message to the originator.” The criteria used to evaluate a packet include source, destination IP address, destination port, and protocol used. These types of firewalls are low in cost and don’t have much of an impact on the network’s performance.

Answer 41

Answer: C Explanation:

Answer 42

Answer: D Explanation: The primary goal of the compartmented mode workstation (CMW) project was to articulate the security requirements that workstations must meet to process highly classified intelligence data. As a basis for the validity of the requirements developed, a prototype was implemented which demonstrated that workstations could meet the requirements in an operationally useful manner while still remaining binary compatible with off-the-shelf software. The security requirements not only addressed traditional security concerns but also introduced concepts in areas such as labeling and the use of a trusted window management system. The CMW labeling paradigm is based on associating two types of security labels with objects: sensitivity levels and information labels. Sensitivity levels describe the levels at which objects must be protected. Information labels are used to prevent data over classification and also provide a mechanism for associating with data those markings that are required for accurate data labeling, but which play no role in access control decisions. The use of a trusted window manager allows users to easily operate at multiple sensitivity levels and provides a convenient mechanism for communicating security information to users in a relatively unobtrusive manner. Information labels are not used by reference monitor, permissions are referenced in Sensibility labels.

Answer 43

Answer: A Explanation: An information-system (IS) security mode of operation wherein each user with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: (a) a valid security clearance for all information within the system; (b) formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, sub compartments, and/or special access programs); and (c) a valid need-to-know for all information contained within the IS. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.

Answer 44

Answer: D Explanation: These are three of the main characteristics of a Reference Monitor. You need Isolation, because it cant be of public access, the less access the better. It must have a sense of completeness to provide the whole information and process cycles. It must be verifiable, to provide security, audit and accounting functions.

Answer 45

Answer: B Explanation: Positive Pressurization is a condition that exists when more air is supplied to a space than is exhausted, so the air pressure within that space is greater than that in surrounding areas. This condition can cause the situation mentioned above in the answer B, you can make air go out of a room but not enter to it from the outside.

Answer 46

Answer: C Explanation: According to CISSP documentation, this is the proper term, The Clipping level is used to determine suspicious occurrences that are a production of errors or mistakes. Checkpoint level is not a related term. Ceiling level is not related to baselines. Threshold level is attractive, but is not the correct term. Take a look at your CISSP documentation.

Answer 47

Answer: B Explanation: According to static’s, this is the greatest cause, Electrical distribution systems, specially those not installed through standards are very prone to fail and make fire inside places. AC equipment its not very prone to make fire. Natural causes it’s a possibility but is definitively not the most prevalent cause. Heating systems are a very rare case of Fire beginners.

Answer 48

Answer: C Explanation: A cold site has all the appropriate power requirements, and floor space to install the hardware and to enable you to recreate your computer environment, but does not provide the actual equipment. Many of the companies that provide hot sites also provide cold sites. It may be reasonable for your company to consider creating its won cold site if your company has floor space available in another location than the home site. They require much more outage than Hot sites before operations can be restored.

Answer 49

Answer: C Explanation: First implemented in Military organizations (and I think even today it's implemented there only), this model was a significant improvement in terms of security policy implementation. This model made implementation of complex security policies very simple. It's specifications are present in the orange book from DoD. In this model, every object is assigned a sensitivity label. Also, every user is assigned a sensitivity label. If a user's sensitivity label is greater than or equal to the sensitivity label, he is allowed access to the object, otherwise, he is denied access. This methodology is used for creating a hierarchy of access. We can say that this method is used for partitioning the organization hierarchy horizontally. Multi-Level Security is considered a Mandatory Access Control method.

Answer 50

Answer: A Explanation: A bridge is a network device that connects two similar network segments together. The primary function of a bridge is to keep traffic separated on both sites of the bridge. Traffic is allowed to pass through the bridge only if the transmission is intended for a station in the opposite side. Bridges operate at the data link layer of the OSI model an provides two different collision domains in Ethernet, but they only provide one broadcast domain for layer 3 an up of the OSI model. The bridge can store frames and forward them in many forms like Cut-through and Store and Forward.

Answer 51

Answer: C Explanation: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well. Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt (confidentiality) all of their communications to assure privacy and data integrity as they go about their business.

Answer 52

Answer: A Explanation: Relevant Access Controls are not included as a Access Control Technique. Lattice-based access control models were developed in the early 1970s to deal with the confidentiality of military information. In the late 1970s and early 1980s, researchers applied these models to certain integrity concerns. Later, application of the models to the Chinese Wall policy, a confidentiality policy unique to the commercial sector, was demonstrated. Discretionary control is the most common type of access control mechanism implemented in computer systems today. The basis of this kind of security is that an individual user, or program operating on the user's behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user's control. Discretionary Access control security differs from mandatory access control security in that it implements the access control decisions of the user. Mandatory controls are driven by the results of a comparison between the user's trust level or clearance and the sensitivity designation of the information.

Answer 53

Answer: D Explanation: In this method of cryptography we use 2 keys, one to encrypt the data, and another to decrypt it. In Public Key Cryptography, the users have a public and a private key, the public key is of free distribution and is usually published in a directory, while the private keys must be keep secure. This allows the keys to pass in a secure fashion to the receiving machine, its because the public key is not confidential and can be send through a secure channel. You need to use a certification authority to make this kind of cryptography work.

Answer 54

Answer: A Explanation: A View is a display of one or more table shows that shows the table data. You can even retrieve part of the table and display the same to the user. Before a user is able to use a view, they must have both, permission on the view and all dependent objects. Views can also be used to implement security, for example you can create a view that only shows 3 of 5 columns contained in a table. Views are not used to provide integrity you can use constraints, rule or other components of database systems.

Answer 55

Answer: B Explanation: Personnel security always have to deal more with Operational controls, Operational controls provide the guidelines and the correct procedures to implement the different operations. Management controls are usually used only by managers. Human resources and Technical Controls are not related to personal security as the question states. See the different control definitions in your CISSP documentation.

Answer 56

Answer: A Explanation: TCSEC does not separate functionality and assurance from evaluation. It makes them a combined criteria. Just to remember, The Trusted Computer System Evaluation Criteria (TCSEC) is a collection of criteria used to grade or rate the security offered by a computer system product. The TCSEC is sometimes referred to as "the Orange Book" because of its orange cover (Orange Book deals with networks and communications). The current version is dated 1985 (DOD 5200.28-STD, Library No.S225,711) The TCSEC, its interpretations and guidelines all have different color covers, and are sometimes known as the "Rainbow Series". Database management is also covered in TCSEC. The Orange Book is used to evaluate whether a product contains the security properties the vendor claims it does and whether the product is appropriate for a specific application or function. The Orange Book is used to review the functionality, effectiveness, and assurance of a product during its evaluation, and it uses classes that were devised to address typical patterns of security requirements. – Shon Harris, “CISSP All-in-One Exam Guide”, 3rd Ed, p 302.

Answer 57

Answer: B Explanation: Sniffing is the action of capture the information going over the network. Most popular way of connecting computers is through Ethernet. Ethernet protocol works by sending packet information to all the hosts on the same circuit. The packet header contains the proper address of the destination machine. Only the machine with the matching address is suppose to accept the packet. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode. Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net by capturing password in an illegal fashion.

Answer 58

Answer: A Explanation: The proper term for this trusted facility management concept is “Two-man Control”, it means that two people must work and approve each others work to provide increased security and eliminate the possibility of one of them to hurt the company. For example they can only make changes to the system if both of them authenticate with their retina at the same time at the data center and enter their secret password This kind of work fashion is only used in highly secure environments, its not very common.

Answer 59

Answer: B Explanation: The DoD Password Management Guideline was published at 12 April 1985, it is also called the “Green Book” because of the color of its cover. Here is the password definition according to it: “A character string used to authenticate an identity. Knowledge of the password that is associated with a user ID is considered proof of authorization to use the capabilities associated with that user ID.”

Answer 60

``` Answer: D Explanation: The IP address 172.16.42.5 is contained in a class B reserved network, IANA reserved the 172.16.0.0 through 172.31.255.255 networks for internal use, this network its not routable in Internet and its commonly used in intranets. Class B networks are used in mediumsized networks. In class B networks, the two high order bits are always 10, and then remaining bits are used to define 16.384 networks, each with as many as 65.534 hosts attached. Examples of valid Class B networks include Microsoft and Exxon. ```

Answer 61

Answer: C Explanation: Since Private Key encryption (Symmetric) only has one key for encrypt-decrypt, you need to use an alternative way to pass the shared secret in a secure manner, in our days, it’s usually done by telephone or some secure methods that not involve the channel you are trying to secure. Also, since you need one different key to encrypt-decrypt every connection, the number of keys gets huge in a little time, for example, if we have 10 users trying to communicate between themselves, we have 100 different encryption keys to manage. There is an advantage for Private key encryption, the encryption is very fast, about 1000 / 10000 times faster than asymmetric encryption.

Answer 62

Answer: A Explanation: “Due care means that a company did all that it could have reasonable done to try and prevent security breaches, and also took the necessary steps to ensure that if a security breach did take place, the damages were reduced because of the controls or countermeasures that existed. Due care means that a company practiced common sense and prudent management practices with responsible actions. Due diligence meants that the company properly investigated all of their possible weaknesses and vulnerabilities before carrying out any due care practices. The following list describes some of the actions required to show that due care is being properly practiced in a corporation: Adequate physical and logical access controls Adequate telecommunication security, which could require encryption Proper information, application, and hardware backups Disaster recovery and business continuity plans Periodic review, drills, tests, and improvement in disaster recovery and business continuity plans Properly informing employees of expected behavior and ramifications of not following these expectations Developing a security policy, standards, procedures, and guidelines Performing security awareness training Running updated antivirus software Periodically performing penetration test from outside and inside the network Implementing dial-back or preset dialing features on remote access applications Abiding by and updating external service level agreements (SLAs) Ensuring that downstream security responsibilities are being met Implementing measure that ensure software piracy is not taking place Ensuring that proper auditing and reviewing of those audit logs are taking place Conducting background checks on potential employees” Pg. 616 Shon Harris: CISSP Certification All-in-One Exam Guide

Answer 63

Answer: A Explanation: QIC technology utilizates belt-driven dual-hub cartridges containing integral tape motion and guidance mechanisms, providing a rich spectrum of compatible solutions across a wide range of PC system platforms. QIC reliability is unsurpassed by any other removable storage technology. Reliability can be measured both in mean-time-between failure (MTBF) and, more practically, as a function of drive duty cycles. QIC has a worldwide installed base in excess of 15 million drives -- more than twice that of any alternate removable storage technology -- a level of acceptance that would have been unachievable without rock-solid reliability. QIC is the most common tape solution for SOHO.

Answer 64

Answer: C Explanation: This is one of the best practices because its not good to be lead and report to the same person, in that case, that person could take possession of everything that is happening and hurt the enterprise, we can’t let that to happen with security concerns. The best practice is to always be lead by a different person that the one you report to, this can be checked in real life. An advice, always try to report to the highest person you can inside the company.

Answer 65

Answer: C Explanation: This is true, the people who own the information and the equipment are the ones who need to ensure they are making everything to get integrity, confidentiality and availability. The security professionals can develop policies and show how to keep the environment secure, but it depends on the owners of the actual data to achieve the security.

Answer 66

Answer: A Explanation: Two-Factor Authentication is a security process that confirms user identities using two distinctive factors—something you know, such as a Personal Identification Number (PIN), and something you have, such as a smart card or token. The overall strength of Two-Factor Authentication lies in the combination of both factors, something you know and something you have.

Answer 67

Answer: A Explanation: Hierarchical Storage Management originated in the mainframe world where it was used to minimize storage costs. The HSM name signifies that the software has the intelligence to move files along a hierarchy of storage devices that are ranked in terms of cost per megabyte of storage, speed of storage and retrieval, and overall capacity limits. Files are migrated along the hierarchy to less expensive forms of storage based on rules tied to the frequency of data access. File migration and retrieval is transparent to users. Two major factors, data access response time and storage costs determine the appropriate combination of storage devices used in HSM. A typical three tier strategy may be composed of hard drives as primary storage on the file servers, rewritable optical as the secondary storage type, and tape as the final tertiary storage location. If faster access is required, a hard drive can be considered as an alternative to optical for secondary storage, and WORM (Write Once, Read Many) optical can also be implemented, in place of tape, as the final storage destination.

Answer 68

Answer: D Explanation: Public key cryptography is one mechanism that is often used to fulfill the security requirements necessary to conduct electronic transactions over public networks. PKI (public key infrastructure) and cryptography based solutions are taking the lead in secure ecommerce. PKI addresses nonrepudiation of identity using a dual-key encryption system that allows users to uniquely sign documents with a digital signature. Public key cryptography uses pairs of keys, each pair consisting of one public key and one private key. Information encrypted with one key in the pair can only be decrypted with the other key. LDAP is issued to bring user information and Timestamping to track changes over time. PKI also relies on certificated and CRL (Certificate Revocation list) to discard compromised, expired digital certificates.

Answer 69

Answer: B Explanation: An addressing mode found in many processors' instruction sets where the instruction contains the address of a memory location which contains the address of the operand (the "effective address") or specifies a register which contains the effective address. Indirect addressing is often combined with pre- or post- increment or decrement addressing, allowing the address of the operand to be increased or decreased by one (or some specified number) either before or after using it.

Answer 70

Answer: B Explanation: There is not much to explain or comment in here, when you administer an IDS system you have to deal with the maintenance and creation of event notification processes, this have to be reviewed every certain time. This is a well known topic for any Intrusion detection system administrator. This notifications will save your life when your network is being attacked and you get real time notifications that will allow you to shut down your external interface before the attacker gets what he was looking for.

Answer 71

Answer: A Explanation: Sniffing is the action of capture / monitor the traffic going over the network. Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net by capturing password in an illegal fashion.

Answer 72

Answer: A Explanation: UDP (User Datagram Protocol) is a communications method (protocol) that offers a limited amount of service when messages are exchanged between computers in a network that uses the Internet Protocol (IP). UDP is an alternative to the Transmission Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit (called a datagram) from one computer to another. Unlike TCP, however, UDP does not provide the service of dividing a message into packets (datagrams) and reassembling it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in. UDP is implemented at the Transport layer of the TCP/IP protocol model.

Answer 73

Answer: B Explanation: A Business impact assessment can provide information in combination with the BIA to the different business units about how can an attack impact or disrupt the business. Every disaster recovery plan should include an study containing a BIA and a Business impact assessment to better understand how is going to be in the case that a business continuity disruptive event takes place.

Answer 74

Answer: B Explanation: This is true, as stated in CISSP documentation, you should address any possible “Residual Risk” at your contingency plan to minimize business impact when you are in a downtime situation. The identified Risks and the Potential Risks are not identified there, they are identified earlier.

Answer 75

Answer: A Explanation: This protocol was created by VISA and MasterCard as a common effort to make the buying process over the Internet secure through the distribution line of those companies. It is located in layer 7 of the OSI model, the application layer. SET uses a system of locks and keys along with certified account IDs for both consumers and merchants. Then, through a unique process of "encrypting" or scrambling the information exchanged between the shopper and the online store, SET ensures a payment process that is convenient, private and most of all secure.

Answer 76

Answer: A Explanation: This is true, the packets filters show the desired service port (Remember that they are layer 3 devices), this is because you can have many different referenced port number in the destination port field of the different packets. You have to look for the well-known port numbers of the service desired. For example, look in port 80 for HTTP and port 21 for FTP. This is the correct terminology, see the features of Packet Filters in your CISSP documentation.

Answer 77

Answer: A Explanation: Firewall technology is a young but quickly maturing industry. The first generation of firewall architectures has been around almost as long as routers, first appearing around 1985 and coming out of Cisco's IOS software division. These firewalls are called packet filter firewalls. However, the first paper describing the screening process used by packet filter firewalls did not appear until 1988, when Jeff Mogul from Digital Equipment Corporation published his studies. At this time we are in the Fourth generation of firewall devices and software.

Answer 78

Answer: D Explanation: As stated in CISSP documentation, you should make post mortem review meetings after taking care of the intrusion, and no more than one week after the facts. Its not a good practice to wait more than this time, it’s a matter of common sense too, three months, one month, 2 weeks, its too much time.

Answer 79

Answer: A Explanation: Those are the proper elements, you can use these two to achieve a covert channel. Low bits is not a term related to covert channels. Permissions are related to authentication, they do not achieve what the question wants. Also, classification is could not selected as a correct choice. Check your official CISSP documentation to see what can be used as a covert channel. “An active variation on eavesdropping is called Covert Channel eavesdropping, which consists of using a hidden unauthorized network connection to communicate unauthorized information. A Covert Storage Channel operates by writing information to storage by one process and then reading by using another process from a different security level. A Covert Timing Channel signals information to another process by modulating its own resource use to affect the response time of another.” Pg. 101 Krutz: The CISSP Prep Guide: Gold Edition

Answer 80

Answer: C Explanation: The spiral model for software engineering has evolved to encompass the best features of the classic waterfall model, while at the same time adding an element known as risk analysis. The spiral model is more appropriate for large, industrial software projects and has four main blocks/quadrants. Each release or version of the software requires going through new planning, risk analysis, engineering and customer evaluation phases and this is illustrated in the model by the spiral evolution outwards from the center. For each new release of a software product, a risk analysis audit should be performed to decide whether the new objectives can be completed within budget (time and costs), and decisions have to be made about whether to proceed. The level of planning and customer evaluation is missing from the waterfall model which is mainly concerned with small software programs. The spiral model also illustrated the evolutionary development of software where a solution may be initially proposed which is very basic (first time round the loop) and then later releases add new features and possibly a more elaborate GUI.

Answer 81

Answer: B Explanation: Pre-Shared Secret is usually used when both ends of the VPN lacks access to a compatible certificate server. Once you have defined all the endpoints in your VPN, you can establish a password that is used to authenticate the other end of the connection, this is the PreShared secret. Since you are using Pre-Shared key because you don’t have an available / compatible certificate server, IPSEC and IKE do not need to use PKI in this case (that actually provides the certificate server infrastructure).

Answer 82

Answer: D Explanation: Application control provides a transparent feeling to endpoint applications when changes are needed, this is one of the features of it. With application control you can audit certain use of the applications involved and only specify record of your choice. There is also the possibility to limit the end users applications to provide access to only certain screens. Check your CISSP documentation about Application Control.

Answer 83

Answer: C Explanation: This is the correct answer, since firewall does not mean “VPN” we have to select “Encrypted Virtual Private Networks”. With a VPN and encryption we can provide secure communication in a transparent way for the users between the endpoints achieving “Confidentiality”. This confidentiality is achieved through encryption, and this encryption relies on encryption algorithms like AES, DES, CAST and others. Screened Subnet are not related to secure data over public networks, it’s a place to put our network services accessible from the outside. Digital certificates do not provide confidentiality, they only provide integrity.

Answer 84

Answer: A Explanation: The correct answer is: The subject's sensitivity label must dominate the object's sensitivity label. With a Multi-level security policy you have information that has different sensitivity labels. In order to read an object the subject's sensitivity label must be equal to or greater than that of the object. So it would be considered to dominate it, no read up. The following answers are incorrect: The subject's sensitivity label subordinates the object's sensitivity label. Is incorrect because if the subject's sensitivity label subordinates the object's sensitivity label that would mean it is lower and the subject should not have read access to the object. The subject's sensitivity label is subordinated by the object's sensitivity label. Is incorrect because the this would not allow for read access if the sensitivity lables were equal. So the subject's sensitivity label is not subordinated by the object's sensitivity label, the subject's label must dominate the object's label. Remember dominate means equal to or greater than where subordinate means less than. The subject's sensitivity label is dominated by the object's sensitivity label. Is incorrect because if the object's sensitivity label dominates the subject's sensitivity label then the subject should not have access, it is the subject that must dominate the object and not the other way around. Remember dominate means equal to or greater than so this would mean that the object's sensitivity label is equal to or greater than the subject. According to the OIG, Multi-level security is defined as a class of system-containing information with different sensitivities that simultaneously permits access by users with different security clearances and need-to-know, but prevents users from obtaining access to information for which they lack authorization. The Subject's sensitivity label must be equal to or greater than the object's sensitivity label in order for the subject to have read access to it, no read up.

Answer 85

Answer: B Explanation: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. This kind of attack was used in the past to make what is stated in the question, steal small quantities of money and transfer them to the attackers account. See “Data deddling crimes” on the Web. The most correct answer is ‘Salami’, but since that is not an option the most correct answer is data diddling. “A salami attack is committing several small crimes with the hope that the overall larger crime will go unnoticed. ….An example would be if an employee altered a banking software program to subtract 5 cents from each of the bank’s customers’ accounts once a month and moved this amount to the employee’s bank account. If this happened to all of the bank’s 50,000 customer accounts, the intruder could make up to $ 30,000 a year. Data diddling refers to the alteration of existing data. Many times this modification happens before it is entered into an application or as soon as it completes processing and is outputted from an application. There was an incident in 1997, in Maryland, where a Taco Bell employee was sentenced to ten years in jail because he reprogrammed the drive-up window cash register to ring up ever 42.99 order as one penny. He collected the full amount from the customer, put the penny in the till, and pocketed the other $2.98. He made $3600 before his arrest.” Pg. 602-603 Shon Harris: All-In-One CISSP Certification Exam Guide

Answer 86

Answer: A Explanation: Options B, C and D are all Denial of Service attacks. El Gamal is the Diffie-Hellman key exchange algorithm and is usually described as an active exchange of keys by two parties. The buffer overflow attack objective is consume the available memory for the TCP/IP protocol stack to make the machine crash. Teardrop and Smurf are DoS attacks that make use of spoofing.

Answer 87

Answer: D Explanation: A Black Box is a device that is hooked up to your phone that fixes your phone so that when you get a call, the caller doesn't get charged for the call. This is good for calls up to 1/2 hour, after 1/2 hour the Phone Co. gets suspicious, and then you can guess what happens. The Red box basically simulates the sounds of coins being dropped into the coin slot of a payphone. The traditional Red Box consisting of a pair of Wien-bridge oscillators with the timing controlled by 555 timer chips. The Blue Box, The mother of all boxes, The first box in history, which started the whole phreaking scene. Invented by John Draper (aka "Captain Crunch") in the early 60s, who discovered that by sending a tone of 2600Hz over the telephone lines of AT&T, it was possible to make free calls. The White Box turns a normal touch tone keypad into a portable unit. This kind of box can be commonly found in a phone shop.

Answer 88

Answer: D Explanation: This can be checked at the computer crime static’s on the web. Most of the attacks, actually 70% of them, come from inside the company, and 80% of them from employees of it. This is a reality, when we protect our infrastructure be sure to give great importance to internal security, we don’t when is one of the company employees going to make a strike. Hackers are also important, but less than our own employees.

Answer 89

Answer: A Explanation: Remember that when we talk about a BIA (Business Impact Analysis), we are analyzing and identifying possible issues about our infrastructure. It’s an analysis about the business, the process that it relays on, the level of the systems and a estimative of the financial impact, or in other words, how much many we loose with our systems down. The first step on it should always be the identifying of the business units in the company. You can then go to other requirements like estimate losses and downtime costs.

Answer 90

Answer: C Explanation: As stated in the dictionary, here are 3 definitions of procedure: Its pretty visible that this is the term we are looking for as stated in the questions, you can check your CISSP documentation too.

Answer 91

Answer: D Explanation: Since fiber optics does not use electrical signals to transmit the information (it uses lights that goes through the mirrored silvered cable from source to end), its not affected by EMI (Electro Magnetic Interference) like other copper transmission methods like 10base5 and 10base2, therefore EMI does not affect the possible transmission distance. Fiber optics can have a great distance between end points, much greater than the copper transmission methods. Examples of Fiber optics standards are: 100BaseFX and 1000BaseFX.

Answer 92

Answer: A Explanation: An alternating current (AC) bulk eraser (degausser) is used for complete erasure of data and other signal on magnetic media. Degaussing is a process where magnetic media is exposed to a powerful, alternating magnetic field. Degaussing removes any previously written data, leaving the media in a magnetically randomized (blank) state. The degausser must subject the media to an alternating magnetic field of sufficient intensity to saturate the media and then by slowly withdrawing or reducing the field leaves the magnetic media in a magnetically neutral state.

Answer 93

Answer: A Explanation: The Prototype Phase is also called the “Proof of Concept” Phase. Whether it’s called one or the other depends on what the creator is trying to “prove.” If the main deliverable of the Phase includes a working version of the product’s technical features, it’s a “prototype.” If the main deliverable just looks like it has the product’s technical features, then it’s a “proof of concept.” Prototypes can save time and money because you can test some functionality earlier in the process. You don’t have to make the whole final product to begin testing it.

Answer 94

Answer: B Explanation:

Answer 95

Answer: C Explanation: That’s the essence of Controls, you put them in your environment to minimize the impact of a potential loss, with them you can also mitigate the risk and obtain the first through this. Controls are a very good practice to secure an environment, they should be considered by any security professional, CISSP or not, the risk should be minimized as much as you can.

Answer 96

Answer: A Explanation: Since circuit level gateways are not as high in the OSI model for the inspection as Application level firewalls, they are easier to maintain and configure. Application layer firewalls are up to layer 7 of the OSI model and provide a great bunch of options and complex configurations. Application layer firewalls are more secure than circuit level gateway because they can track and analyze information up to layer 7, a drawback to this, is that this functionality makes them slower.

Answer 97

Answer: D Explanation: “IPSec can work in one of two modes: transport mode, where the payload of the message is protected, and tunnel mode, where the payload and the routing and header information is protected.” Pg 527 Shon Harris: All-in-One CISSP Certification Not:” Encapsulating Security Payload (ESP) authentication must be used” “IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method to be used, but it is an open, modular framework that provides a lot of flexibility for companies when they choose to use this type of technology. IPSec uses two basic security protocols: Authentication Header (AH) and the Encapsulating Security Payload (ESP). AH is the authenticating protocol, and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.” Pg 527 Shon Harris: All-in-One CISSP Certification

Answer 98

Answer: C Explanation: The Clark-Wilson model was developed to address security issues in commercial environments. The model uses two categories of mechanisms to realize integrity: well-formed transactions and separation of duty. It defines a constraint data item, a integrity verification and a transformation of that object. A possible way to represent a constraint that only certain trusted programs can modify objects is using application:checksum condition, where the checksum ensures authenticity of the application. Another way is using application:endorser condition, which indicates that a valid certificate, stating that the application has been endorsed by the specified endorser, must be presented. Static separation of duty is enforced by the security administrator when assigning group membership. Dynamic separation of duty enforces control over how permissions are used at the access time

Answer 99

Answer: A Explanation: This is not the best practice, even more for the CISSP exam. Continuity / recovery plans should be make for every location in separate. This is because when there is a disaster, Its not usually in all the different locations, its better to have one plan for each of it so you can use and follow only the plan of the affected site and don’t bother the other ones.

Answer 100

Answer: C Explanation: Both of them can be used to create and secure VPN’s. The Layer 2 Tunnel Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco's Layer 2 Forwarding (L2F) and Microsoft's Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an important component for VPNs. VPNs allow users and telecommuters to connect to their corporate intranets or extranets. IPSec is a series of guidelines for the protection of Internet Protocol (IP) communications. It specifies ways for securing private information transmitted over public networks. Services supported by IPSec include confidentiality (encryption), authenticity (proof of sender), integrity (detection of data tampering) and replay protection (defense against unauthorized re-sending of data). It work on layer 3 of the OSI model and is the most common protocols used to create VPNs.

Answer 101

Answer: D Explanation: We just some common sense to answer this question correctly, why are we going to ask about process reporting for incidents?, does is help relating to identification and authentication?, I don’t think so. There are other more interesting questions, password deal with authentication, inactive user Ids are also related to identification. But the most important to me, know if there is a list with authorized users and their current access, this can help you to identify unauthorized activities.

Answer 102

Answer: B Explanation: This kind of encryption flavor increases security for passwords, if you use a one way encryption algorithm, you know that the encryption is not reversible, you cannot get the original value that you provided as a password from the resulting hash with any key or algorithm. This increase security in the way that when a person see the password list, it will only see the hash values and cannot read the original password or modify them without getting corruption.

Answer 103

Answer: D Explanation: This is very obvious, if your system is designed from the ground up to provide security, its going to be cheaper and more effective at the end, because you don’t need reanalysis, re-coding, and re-structure of the internal code of the computer application. If you don’t address security at the beginning you will also need to spend time and money reviewing the code to try to put the security infrastructure in some place of it.

Answer 104

Answer: D Explanation: Answer A, B and C can be used to uniquely identify a person, but in the case of the Skin, there are no unique characteristics that can differentiate two distinct individuals in an acceptable accurate way. In the case of the IRIS and the Retina, there are not two of them equal. In the case of the palm, every person has different marks on it. The skin is common to all and does not have specific textures or marks to make it unique in comparison to another individual.

Answer 105

Answer: A Explanation: As stated in the CISSP documentation, “If you want to achieve the validation or revalidation of the oral testimony of a witness, you need to provide physical, direct evidence to backup your statements and override the five senses of an oral testimony”. Circumstantial or Corroborative evidence is not enough in this case, we need direct, relevant evidence backing up the facts.

Answer 106

Answer: B Explanation: In IT, a vulnerability is the weakness of a System to be exploited and corrupted by a security hole. There is always a risk that our systems been vulnerable, with security we cannot make the risk to be 0%, but we can decrease the possibility of a threat becoming in a successful attack through one of those vulnerabilities. There is no system without vulnerabilities, we need to patch our systems frequently to reduce the risk of a threat through a vulnerability of one of our systems.

Answer 107

Answer: C Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or more receiving stations using either a unicast, multicast, or broadcast transmission.” pg 528 Hansche: Official (ISC)2 Guide to the CISSP Exam

Answer 108

Answer: B Explanation: Denormalization is the process of attempting to optimize the performance of data storage by adding redundant data. It is necessary because current DBMSs are not fully relational. A fully relational DBMS would be able to preserve full normalization at the logical level, while allowing it to be mapped to performance-tuned physical level. Database designers often justify denormalization on performance issues, but they should note that logical denormalization can easily break the consistency of the database, one of the all-important ACID properties. However, a designer can achieve the performance benefits while retaining consistency by performing denormalization at a physical level; such denormalization is often called caching.

Answer 109

Answer: B Explanation: A insurance policy to cover fire damage is said to cover the "named peril" of fire. So, the insurer would need to prove that fire was not covered if the insurer was trying to deny the claim. The insured has no burden of proof other than showing damage was caused by fire.

Answer 110

Answer: C Explanation: This is absolutely false, this problem can be seen almost anywhere. There have always been trouble with the lost of keys. Some of those looses are more important than others, its not the same to lost the key of the company safe box, that lost the key of you locker with that contains your shoes. This is obviously an incorrect statement, answer C is the one in here. “Unfortunately, using security guards is not a perfect solution. There are numerous disadvantages to deploying, maintaining, and relying upon security guards. Not all environments and facilities support security guards. This may be due actual human incompatibility with the layout, design, location, and construction of the facility. Not all security guards are themselves reliable. Prescreening, bonding, and training does not guarantee that you won’t end up with an ineffective and unreliable security guard.” Pg 646 Tittel: CISSP Guide.

Answer 111

Answer: C Explanation: This is an absolute best practice in the software testing field, you should always have to keep all your testing approaches with the results as part of the product documentation. This can help you in the case you have problems with some tasks or components of the software in the future, you can check back your testing and results and see if the system was making the tasks correctly and if anything changed from that environment.

Answer 112

Answer: C Explanation: This is an absolute best practice in the software testing field, you should always have to keep all your testing approaches with the results as part of the product documentation. This can help you in the case you have problems with some tasks or components of the software in the future, you can check back your testing and results and see if the system was making the tasks correctly and if anything changed from that environment.

Answer 113

Answer: C Explanation: Class B2 corresponds to Structured Protection. Division B - Mandatory Protection Mandatory access is enforced by the use of security labels. The architecture is based on the BellLaPadula security model and evidence of the reference monitor enforcement must be available. B1: Labeled Security Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subject and the object's security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement and the design specifications are reviewed and verified. It is intended for environments that handle classified data. B2: Structured Protection The security policy is clearly defined and documented and the system design and implementation is subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces between layers. Subject and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means there are no trapdoors. There is a separation of operator and administration functions within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolated processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system. The environment that would require B2 systems could process sensitive data that requires a higher degree of security. This environment would require systems that are relatively resistant to penetration and compromise. B3 Security Domains In this class, more granularity is provided in each protects mechanism and the programming code that is not necessary to support the security is excluded. The design and implementation should not provide too much complexity because as the complexity of a system increases, the ability of the individuals who need to test, maintain, and configure it reduces; thus, the overall security can be threatened. The reference monitor components must be small enough to test properly and be tamperproof. The security administrator role is clearly defined and the system must be able to recover from failures without its security level being compromised. When the system starts up and loads its operating system and components, it must be done in an initial secure state to ensure any weakness of the system cannon be taken advantage of in this slice of time. An environment that requires B3 systems is a highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration. Note: In class (B2) systems, the TCB is based on a clearly defined and documented formal security policy model that requires the discretionary and mandatory access control enforcement found in class (B1) systems be extended to all subjects and objects in the ADP system. In addition, covert channels are addressed. The TCB must be carefully structured into protectioncritical and non-protection-critical elements. Class B corresponds to “Structured Protection” inside the Orange Book.

Answer 114

Answer: C Explanation: According to CISSP documentation, the actual definition and procedures defined inside an organization disaster recovery policy are of private nature. Only people working in the company and with a role inside it should know about those procedures. Its not a good practice to be divulgating Disaster recovery procedures to external people. Many times external people need to know who is involved in it, and who is responsible. This could be the case of a vendor providing replacement equipment in case of disaster.

Answer 115

Answer: A Explanation: RAID 1 or Mirroring is a technique in which data is written to two duplicate disks simultaneously through a copy process. This way if one of the disk drives fails, the system can instantly switch to the other disk without any loss of data or service. Disk mirroring is used commonly in on-line database systems where it's critical that the data be accessible at all times. RAID means “Redundant Array of Inexpensive Disks”.

Answer 116

Answer: A Explanation: Here are some characteristics of Statefull Inspection technology on Firewalls:

Answer 117

Answer: C Explanation: This is another matter of common sense; the CISSP exam has many situations like this. It is not a good practice to have Permanent documents in your e-mail, this is because you don’t know if your e-mail is always backed up, and maybe the document must be available in a corporate repository. There is no problem to have Copies, draft or temporary documents in your email. The important ones for the company are the Permanent documents.

Answer 118

Answer: C Explanation: He is the most appropriate manager, this is because he know the inns and outs of the business processes inside the company. Remember that he manages the business operations, and are those operations the ones that make the company live and generate the revenue. He knows who should access what and when. Security administrators develop the policy with the information provided by persons like the Business operations manager. Human Resources is not appropriate in this case, and the Information systems manager know about the technology, but not the business needs of the company.

Answer 119

Answer: B Explanation: War dialing, or scanning, has been a common activity in the computer underground and computer security industry for decades. Hollywood made war dialing popular with the 1983 movie, War Games, in which a teenager searching for a videogame company ultimately uncovers a government nuclear war warning system. The act of war dialing is extremely simple – a host computer dials a given range of telephone numbers using a modem. Every telephone number that answers with a modem and successfully connects to the host is stored in a log. Disabling call forwarding is not a useful countermeasure because it’s the attacker machine the one who connects to the attacked system and forwarding is not an issue inside the attack. Answer A, C and D can be used as countermeasures to harder the war dial attack.

Answer 120

Answer: B Explanation: Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintenance, and functionality. This tool is not usually used by hackers to attack, its usually used to defend against hackers attacks. L0phtcrack is a hacker utility to get passwords, Crack and John the Ripper are also password crackers

Answer 121

Answer: A Explanation: This kind of attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. This kind of attack was used in the past to steal small quantities of money and transfer them to the attackers account, there are many other uses too. Trojan horses open ports without the user knowledge to permit remote control and a Virus is a malicious piece of code that executed inside your computer.

Answer 122

Answer: B Explanation: This is the proper name, you can search for “Middle CASE” on the Internet. “Middle CASE” its a CASE flavor and UML design tool that provides the required functionality like screen and report layouts and detailed designs. There are many well known vendors providing this kind of tools for the development process of Software.

Answer 123

Answer: C Explanation: In database terminology, is the same to say that the number of Degrees is “X” and that the number of columns is “X” inside a Table. This question is just trying to test our knowledge of rare, difficult to fin terminology. You can check this in the knowledgebase of Oracle. When we talk about degrees, we are just talking about columns. The schema is the structure of the database, and the relations are the way each table relates to others.

Answer 124

Answer: B Explanation: The smart card, an intelligent token, is a credit card sized plastic card embedded with an integrated circuit chip. It provides not only memory capacity, but computational capability as well. The self-containment of smart card makes it resistant to attack as it does not need to depend upon potentially vulnerable external resources. Because of this characteristic, smart cards are often used in different applications which require strong security protection and authentication. Option B is the most correct option, this is because Callback systems are not considered very reliable in the CISSP examination, Smart cards can also provide 2 mode authentication. "Caller ID and callback options are great, but they are usually not practical because they require users to call in from a static phone number each time they access the network. Most users are accessing the network remotely because they are on the road and moving from place to place." Pg. 428 Shon Harris: All-In-One CISSP Certification Guide.

Answer 125

Answer: C Explanation: Option “C” is a very bad practice in a firewall connecting one of its interfaces to a public network like Internet. Since in that rule you are allowing all inbound TCP traffic, the hackers can send all the attacks they want to any TCP port, they can make port scanning, Syn Attacks, and many other dangerous DoS activities to our private network. Permit the traffic from local host is a best practice, our firewall is the local host. Permit SSH (Secure Shell) is also good because this protocol use cryptography.

Answer 126

Answer: C Explanation:

Answer 127

Answer: A Explanation: Since the “Full” backup method provides a baseline for our systems for Restore, the full backup must be done at least once regardless of the method you are using. Its very common to use full backups in combination with incremental or differential ones to decrease the backup time (however you increment the restore time), but there is no way to maintain a system only with incremental or differential backups. You always need to begin from your restore baseline, the Full Backup.

Answer 128

Answer: B Explanation:

Answer 129

Answer: B Explanation:

Answer 130

Answer: C Explanation: With mandatory controls, only administrators and not owners of resources may make decisions that bear on or derive from policy. Only an administrator may change the category of a resource, and no one may grant a right of access that is explicitly forbidden in the access control policy. This kind of access control method is based on Security labels. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden).

Answer 131

Answer: A Explanation: This is one of the weakest point of IDS systems installed on the individual hosts. Since much of the malicious activity could be circulating through the network, and this kind of IDS usually have small logging capabilities and of local nature. So any activity happening in the network could go unnoticed, and intrusions can’t be tracked as in depth as we could with an enterprise IDS solution providing centralized logging capabilities.

Answer 132

Answer: B Explanation: This is a real problem, nobody thinks that can be victim of a computer crime until it is. There is a big problem relating to the people thinking about this kind of attacks. Computer crimes can be very important and can make great damage to enterprises. Computer Crime will decrease once people begin to think about the Risks and begin to protect their systems from the most common attacks.

Answer 133

Answer: A Explanation: This is pretty straight forward. The four principal pillars of computer security: integrity, authentication, confidentiality and availability are all part of the network security and telecommunication domain. Why? Because those pillars deal with that. We provide integrity through digital signatures, authentication through passwords, confidentiality through encryption and availability by fault tolerance and disaster recovery. All of those are networking and telecommunication components.

Answer 134

``` Answer: A Explanation: The B2 class referenced in the orange book is the formal security policy model based on device labels that can use DAC (Discretionary access controls) and MAC (Mandatory Access Controls). It provides functionality about covert channel control. It does not require covert timing channels. You can review the B2 section of the Orange Book. ```

Answer 135

Answer: C Explanation: Preventive controls deals with the avoidance of risk through the diminution of probabilities. Is like the example we read earlier about the dogs. Just to remember, Since we want to prevent something from happening, we can go out and buy some Guard dogs to make the job. You are buying them because you want to prevent something from happening. The intruder will see the dogs and will maybe go back, this prevents an attack, this dogs are a form of preventive control.

Answer 136

Answer: A Explanation: FRDS systems will give us the functionality to protect our servers from disk failure an allow us to have highly available file services in our production servers. FRDS provides high availability against many types of disk failures and well known problems, if one disk goes down, the others still work providing no downtime. FRDS solutions are the preferred way to protect file servers against data corruption and loss. You can see more about FRDS in the Internet, search “FRDS System”.

Answer 137

Answer: D Explanation: Internet Control Message Protocol. ICMP is used for diagnostics in the network. The Unix program, ping, uses ICMP messages to detect the status of other hosts in the net. ICMP messages can either be queries (in the case of ping) or error reports, such as when a network is unreachable. This protocol resides in layer 3 of the OSI model (Network layer).

Answer 138

Answer: A Explanation: Digital Audio Tape (DAT or R-DAT) is a signal recording and playback medium introduced by Sony in 1987. In appearance it is similar to a compact audio cassette, using 1/8" magnetic tape enclosed in a protective shell, but is roughly half the size at 73 mm x 54 mm x 10.5 mm. As the name suggests the recording is digital rather than analog, DAT converting and recording at the same rate as a CD (44.1 kHz sampling rate and 16 bits quantization) without data compression. This means that the entire input signal is retained. If a digital source is copied then the DAT will produce an exact clone. The format was designed for audio use, but through an ISO standard it has been adopted for general data storage, storing from 4 to 40 GB on a 120 meter tape depending on the standard and compression (DDS-1 to DDS-4). It is, naturally, sequential-access media and is commonly used for backups. Due to the higher requirements for integrity in data backups a computer-grade DAT was introduced.

Answer 139

Answer: C Explanation: Statefull inspection is a third generation firewall technology designed to be aware of, and inspect, not only the information being received, but the dynamic connection and transmission state of the information being received. Control decisions are made by analyzing and utilizing the following: Communication Information, Communication derived state, Application derived state and information manipulation. Here are some characteristics of Statefull Inspection technology on Firewalls:

Answer 140

Answer: A Explanation: This is the correct answer, we don’t have guards only to use physical force, that is not the real functionality of them if your security policy is well oriented. They are not only there to operate control devices and to detect unauthorized access, as stated in CISSP documentation, the appropriate function of a guard inside a security program is the use of discriminating judgment.

Answer 141

Answer: A Explanation: A “Cluster” is a grouping of machines running certain services providing high availability and fault tolerance fro them. In other words, they are grouped together as a means of fail over support. From the users view, a cluster is a single server, but its only a logical one, you can have an array of 4 server in cluster all with the same IP address (/achieving correct resolution through ARP), there is no difference for the client.

Answer 142

Answer: D Explanation: If you think about it, System development and system maintenance are perfectly compatible, you can develop in the systems for certain time, and when it time for a maintenance, you stop the development process an make the maintenance. It’s a pretty straight forward process. The other answer do not provide the simplicity and freedom of this option. Incorrect answer: Access authorization and database administration are NEVER compatible.

Answer 143

Answer: B Explanation: The Physical Layer describes the physical properties of the various communications media, as well as the electrical properties and interpretation of the exchanged signals. Ex: this layer defines the size of Ethernet coaxial cable, the type of BNC connector used, and the termination method. You cannot encrypt nothing at this layer because its physical, it is not protocol / software based. Network, Data link and transport layer supports encryption.

Answer 144

Answer: A Explanation: Following the publication of the Anderson report, considerable research was initiated into formal models of security policy requirements and of the mechanisms that would implement and enforce those policy models as a security kernel. Prominent among these efforts was the ESD-sponsored development of the Bell and LaPadula model, an abstract formal treatment of DoD security policy.[2] Using mathematics and set theory, the model precisely defines the notion of secure state, fundamental modes of access, and the rules for granting subjects specific modes of access to objects. Finally, a theorem is proven to demonstrate that the rules are security-preserving operations, so that the application of any sequence of the rules to a system that is in a secure state will result in the system entering a new state that is also secure. This theorem is known as the Basic Security Theorem.

Answer 145

Answer: A Explanation: Since we are talking about a competitive intelligence attack, we can classify it as a Business attack because it is disrupting business activities. Intelligence attacks are one of the most commonly used to hurt a company where more it hurts, in its information. To see more about competitive intelligence attacks you can take a look at some CISSP study guide. It could be the CISSP gold edition guide. “Military and intelligence attacks are launched primarily to obtain secret and restricted information from law enforcement or military and technological research sources. Business attacks focus on illegally obtaining an organization’s confidential information. Financial attacks are carried out to unlawfully obtain money or services. Grudge attacks are attacks that are carried out to damage an organization or a person.” Pg. 616 Tittel: CISSP Study Guide

Answer 146

Answer: C Explanation: As I stated earlier in the comments, the great part of the attacks to companies comes from the personnel. Hackers are out there and attack some targets, but should never forget that your worst enemy can be inside of your company. Is for that that we usually implement IDS and profundity security. It’s a very good practice to install Host based IDS to limit the ability of internal attackers through the machines. Another problem with personal is the ignorance, there are time that they just don’t know what they are doing, and certainly are violating the security policy.

Answer 147

Answer: A Explanation: This is not possible, nobody can eliminate all problems, only god can, this is a reality and Problem Management Gurus know that. With problem management we can reduce failures, prevent reoccurrence of problems and mitigate negative impact as much as we can, but we cannot eliminate all problems, this is not a perfect world.

Answer 148

Answer: D Explanation: A password is not a physical thing, it’s a logical one. You can control physical access with armed guards, by locking doors and using badges to open doors, but you can’t relate password to a physical environment. Just to remember, Passwords are used to verify that the user of an ID is the owner of the ID. The ID-password combination is unique to each user and therefore provides a means of holding users accountable for their activity on the system. They are related to software, not to hardware.

Answer 149

Answer: C Explanation: This is not one of the statements of the ISC2 code of Ethics, ISC2 certified people is free to get in association with any person and any party they want. ISC2 thinks that their certified people must have liberty of choice in their associations. However ISC2 ask the certified professionals to promote the certification and the understanding and acceptance of security measures, they also ask the certified people to provide competent services and be proud of their exclusive ISC2 certified professional status. I think is very fair, you are free to who where you want, with the people you want, but always be proud of your certification and your skills as a security professional. Code from ISC web site. "All information systems security professionals who are certified by (ISC)2 recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all Certified Information Systems Security Professionals (CISSPs) commit to fully support this Code of Ethics. CISSPs who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. There are only four mandatory canons in the code. By necessity such high-level guidance is not intended to substitute for the ethical judgment of the professional. Additional guidance is provided for each of the canons. While this guidance may be considered by the Board in judging behavior, it is advisory rather than mandatory. It is intended to help the professional in identifying and resolving the inevitable ethical dilemmas that will confront him/her. Code of Ethics Preamble: * Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. * Therefore, strict adherence to this code is a condition of certification. Code of Ethics Canons: * Protect society, the commonwealth, and the infrastructure. * Act honorably, honestly, justly, responsibly, and legally. * Provide diligent and competent service to principals. * Advance and protect the profession. The following additional guidance is given in furtherance of these goals. Objectives for Guidance In arriving at the following guidance, the committee is mindful of its responsibility to: * Give guidance for resolving good v. good and bad v. bad dilemmas. * To encourage right behavior such as: * Research * Teaching * Identifying, mentoring, and sponsoring candidates for the profession * Valuing the certificate * To discourage such behavior as: * Raising unnecessary alarm, fear, uncertainty, or doubt * Giving unwarranted comfort or reassurance * Consenting to bad practice * Attaching weak systems to the public net * Professional association with non-professionals * Professional recognition of or association with amateurs * Associating or appearing to associate with criminals or criminal behavior However, these objectives are provided for information only; the professional is not required or expected to agree with them. In resolving the choices that confront him, the professional should keep in mind that the following guidance is advisory only. Compliance with the guidance is neither necessary nor sufficient for ethical conduct. Compliance with the preamble and canons is mandatory. Conflicts between the canons should be resolved in the order of the canons. The canons are not equal and conflicts between them are not intended to create ethical binds. Protect society, the commonwealth, and the infrastructure * Promote and preserve public trust and confidence in information and systems. * Promote the understanding and acceptance of prudent information security measures. * Preserve and strengthen the integrity of the public infrastructure. * Discourage unsafe practice. Act honorably, honestly, justly, responsibly, and legally * Tell the truth; make all stakeholders aware of your actions on a timely basis. * Observe all contracts and agreements, express or implied. * Treat all constituents fairly. In resolving conflicts, consider public safety and duties to principals, individuals, and the profession in that order. * Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful, objective, cautious, and within your competence. * When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which you render your service. Provide diligent and competent service to principals * Preserve the value of their systems, applications, and information. * Respect their trust and the privileges that they grant you. * Avoid conflicts of interest or the appearance thereof. * Render only those services for which you are fully competent and qualified. Advance and protect the profession * Sponsor for professional advancement those best qualified. All other things equal, prefer those who are certified and who adhere to these canons. Avoid professional association with those whose practices or reputation might diminish the profession. * Take care not to injure the reputation of other professionals through malice or indifference. •Maintain your competence; keep your skills and knowledge current. Give generously of your time and knowledge in training others.

Answer 150

Answer: C Explanation: Cipher Block Chaining (CBC) uses feedback to feed the result of encryption back into the encryption of the next block. The plain-text is XOR'ed with the previous cipher-text block before it is encrypted. The encryption of each block depends on all the previous blocks. This requires that the decryption side processes all encrypted blocks sequentially. This mode requires a random initialization vector which is XOR'ed with the first data block before it is encrypted. The initialization vector does not have to be kept secret. The initialization vector should be a random number (or a serial number), to ensure that each message is encrypted uniquely. In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before sending across an insecure data link. Both of those method can be best used to provide user authentication capabilities.

Answer 151

Answer: A Explanation: The Data Link layer takes raw data from the physical layer and gives it logical structure. This logic includes information about where the data is meant to go, which computer sends the data, and the overall validity of the bytes sent. The Data Link layer also controls functions of logical network topologies and physical addressing as well as data transmission synchronization and corrections. SLIP, CSLIP and PPP provide control functions at the Data Link Layer (layer 2 of the OSI model).

Answer 152

Answer: B Explanation: A bug is a coding error in a computer program. The process of finding bugs before program final users is called debugging. Debugging starts after the code is first written and continues in successive stage as code is combined with other units of programming to form a software product, such as an operating system or application. The main reason to debug is to detect and correct errors in the program.

Answer 153

Answer: A Explanation: This is true, since RAID 5 uses parity to provide fault tolerance through the array, once of the disk in it can become corrupted, and you usually can just take it out without turning off the system (Hot SWAP) and plug a spare disk on the bay. Then the array will automatically begin to reconstruct the information in the new disk with the parity contained through the other disks in the array. This Hot Swap capability is usually present in enterprise servers that require high availability.

Answer 154

Answer: A Explanation: This is the correct term, with stripping RAID 0 can evenly distribute the information through the disk that form the array in a transparent way for the final user. With RAID 0 you can be writing to 12 disk simultaneously and you see them as only one large logical partition. This level of RAID does not provide fault tolerance but provides an increase in performance because you are writing and reading from many disks and heads. An example of this stripping is the software version that comes with Windows 2000, it supports up to 32 disks.

Answer 155

Answer: A Explanation: SQL supports the data definition language (DDL) for creating, altering, and deleting tables and indexes. SQL does not permit metadata object names to be represented by parameters in DDL statements. With this language you can create many of the objects used in SQL, this language is standard and is supported by most database vendors in its standard form. Many of them also extends its functionality for proprietary products.

Answer 156

Answer: B Explanation: The C division of the Orange Book deals discretionary (need-to-know) protection and, through the inclusion of audit capabilities, for accountability of subjects and the actions they initiate. This information can be checked in the orange book. Just make a search online through it with the words “discretionary protection”.

Answer 157

Answer: C Explanation: Diffie Hellman is a Key exchange algorithm, its strength its in the difficulty of computing discrete logarithms in a finite field generated by a large primary number. Although RSA and Diffie Hellman are similar in mathematical theory, their implementation is somewhat different. This algorithm has been released to the public. It’s the primary alternative to the RSA algorithm for key exchange.

Answer 158

Answer: A Explanation: “Full” backup method provides a baseline for our systems for Restore; the full backup must be done at least once regardless of the method you are using to make backups. It’s very common to use full backups in combination with incremental or differential ones to decrease the backup time (however you increment the restore time with incremental and differential) because it takes the largest time to complete. You always need to begin a system restoration from your baseline, and this baseline is the Full Backup.

Answer 159

Answer: C Explanation: In the computer industry, a tiger team is a group of programmers or users who volunteer or are hired to expose errors or security holes in new software or to find out why a computer network's security is being broken. In hiring or recruiting volunteers for a tiger team, some software developers advise others to be sure that tiger team members don't include crackers, who might use their special knowledge of the software to disable or compromise it in the future. We don’t need a tiger team inside our contingency plan, however, we do need someone to assest the damage, the hardware and legal affairs.

Answer 160

Answer: C Explanation: Due care are the steps taken to show it has taken responsibility for its actions.

Answer 161

Answer: A,D Explanation: Policies are written as a broad overview and require the support of upper management. After the development and approval of policies, guidelines and procedures may be written.

Answer 162

Answer: A,B,D Explanation: Total risk = asset value * vulnerability * threats

Answer 163

Answer: B,C,E,F Explanation: One of the most common systems used to classify information is the one developed within the US Department of Defense. These include: unclassified, sensitive, confidential, secret, and top secret.

Answer 164

Answer: C Explanation: Job rotation is tightly tied to the principle of least privilege. It is an effective security control.

Answer 165

Answer: D Explanation: ARP poisoning is a masquerading attack where the attacker inserts a bogus IP and MAC address in a victims ARP table or into the table of a switch. This has the effect of redirecting traffic to the attacker and not to the intended computer.

Answer 166

Answer: B Explanation: Passwords are not sent in clear text. The server performing the authentication sends a challenge value and the user types in the password. The password is used to encrypt the challenge value then is sent back to the authentication server.

Answer 167

Answer: B Explanation: CSMA/CD computers do not use a token. It is the media access method used in Ethernet.

Answer 168

Answer: B Explanation: CSMA/CA sends out a message to all other computers indicating it is going to send out data. CSMA/CA or token ring networking uses this approach to reduce the amount of data collisions. Note: When computers use the carrier sense multiple access with collision detection (CSMA/CD) protocols, they monitor the transmission activity, or carrier activity, on the wire so that they can determine when would be the best time to transmit data. Carrier sense multiple access with collision avoidance (CSMA/CA) is an access method where each computer signals its intent to transmit data before it actually does so. pg 390-391 Shon Harris All-In-One CISSP Certification

Answer 169

Answer: A,D Explanation: ISDN BRI has 2 B and 1 D channels

Answer 170

Answer: B Explanation: The top speed of ISDN BRI is 128 KBS. Its two primary channels are each capable of carrying 64 KBS so the combined top speed is 128 KBS.

Answer 171

Answer: B,E Explanation: Many vendors have maintenance modems that vendors can use to troubleshoot systems and provide updates. They should normally be turned off. Also information about the system should not be posted on the website and should be closely guarded.

Answer 172

Answer: D Explanation: Circuit based look only at IP address and ports, whereas application based dig much deeper into the packet. This makes it more secure.

Answer 173

Answer: E Explanation: Phreaking is the fraudulent use of telephone services.

Answer 174

Answer: B Explanation: A VPN creates a secure tunnel through an insecure network.

Answer 175

Answer: C Explanation: TCP is a connection-orientated protocol.

Answer 176

Answer: C Explanation: Duel gateway host is not considered firewall technology.

Answer 177

Answer: D Explanation: Token ring passes all traffic through nodes.

Answer 178

Answer: C Explanation: Authentication is the act of validating a user with a unique and specific identifier.

Answer 179

Answer: B Explanation: Fiber is more secure because it is hard to tap into and gives off no EMI such as copper cabling.

Answer 180

Answer: E Explanation: The IAB considers the Internet a privilege, not a right, and as such considers it unethical to purposely disrupt communications.

Answer 181

Answer: A,E,F Explanation: The chain of evidence shows who obtained the evidence, who secured the evidence, and who controlled the evidence.

Answer 182

Answer: A Explanation: Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on the suspect's disk. This includes slack space and free space.

Answer 183

Answer: A Explanation: Along with the FBI, the Secret Service has been given the authority to investigate computer crime.

Answer 184

Answer: D Explanation: Brute force cracking is considered more difficult and must work through all possible combinations of numbers and characters.

Answer 185

Answer: A Explanation: Salts are added to Linux passwords to increase their randomness. They are used to help insure that no two users have the same, hashed password.

Answer 186

Answer: A,C Explanation: The Linux root user password is typically kept in /etc/passwd or etc/shadow.

Answer 187

Answer: D Explanation: The goal of cryptanalysis is to forge coded signals that will be accepted as authentic.

Answer 188

Answer: E Explanation: Human Resources always needs to be involved if an employee is suspected of wrongdoing. They know what rules apply to protect and prosecute employees.

Answer 189

Answer: C Explanation: Administrators that leave systems with apparent flaws are performing an act of enticement. This is sometimes called a honeypot.

Answer 190

Answer: A Explanation: Because it is difficult to detect electron tampering and can be easily modified.

Answer 191

Answer: D Explanation:

Answer 192

Answer: E Explanation: A watermark is a commercial application of steganography that is used to identify pictures or verify its authenticity.

Answer 193

Answer: A,C,D,E,F Explanation: At the beginning of any investigation, an investigator must ask who, what, when, where, and how. Answering the questions will lead to the successful conclusion of the case.

Answer 194

Answer: B Explanation: Risk can never be eliminated. It may be reduced or transferred to a third party through insurance, but will always remain in some form.

Answer 195

Answer: A Explanation: Employees are a greater risk to employers than outsiders, because they possess two of the three items required to commit a crime: means and opportunity.

Answer 196

Answer: C Explanation: Due care are the steps taken to show it has taken responsibility for its actions

Answer 197

Answer: A,D Explanation: Policies are written as a broad overview and require the support of upper management. After the development and approval of policies, guidelines and procedures may be written.

Answer 198

Answer: A,B,D Explanation: Total risk = asset value * vulnerability * threats

Answer 199

Answer: B,C,E,F Explanation: One of the most common systems used to classify information is the one developed within the US Department of Defense. These include: unclassified, sensitive, confidential, secret, and top secret.

Answer 200

Answer: C Explanation: Job rotation is tightly tied to the principle of least privilege. It is an effective security control.

Answer 201

Answer: B Explanation: Passwords are not sent in clear text. The server performing the authentication sends a challenge value and the user types in the password. The password is used to encrypt the challenge value then is sent back to the authentication server.

Answer 202

Answer: B Explanation: CSMA/CD computers do not use a token. It is the media access method used in Ethernet

Answer 203

Answer: B,E Explanation: Many vendors have maintenance modems that vendors can use to troubleshoot systems and provide updates. They should normally be turned off. Also information about the system should not be posted on the website and should be closely guarded.

Answer 204

Answer: D Explanation: Circuit based look only at IP address and ports, whereas application based dig much deeper into the packet. This makes it more secure.

Answer 205

Answer: E Explanation: Phreaking is the fraudulent use of telephone services.

Answer 206

Answer: B Explanation: A VPN creates a secure tunnel through an insecure network.

Answer 207

Answer: C Explanation: Duel gateway host is not considered firewall technology.

Answer 208

Answer: D Explanation: Token ring passes all traffic through nodes.

Answer 209

Answer: C Explanation: Authentication is the act of validating a user with a unique and specific identifier.

Answer 210

Answer: B Explanation: Fiber is more secure because it is hard to tap into and gives off no EMI such as copper cabling.

Answer 211

Answer: E Explanation: The IAB considers the Internet a privilege, not a right, and as such considers it unethical to purposely disrupt communications.

Answer 212

Answer: A Explanation: Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on the suspect's disk. This includes slack space and free space.

Answer 213

Answer: D Explanation: Brute force cracking is considered more difficult and must work through all possible combinations of numbers and characters.

Answer 214

Answer: A Explanation: Salts are added to Linux passwords to increase their randomness. They are used to help insure that no two users have the same, hashed password.

Answer 215

Answer: D Explanation: The goal of cryptanalysis is to forge coded signals that will be accepted as authentic.

Answer 216

Answer: E Explanation: Human Resources always needs to be involved if an employee is suspected of wrongdoing. They know what rules apply to protect and prosecute employees.

Answer 217

Answer: D | Explanation

Answer 218

E. A watermark Answer: E Explanation: A watermark is a commercial application of steganography that is used to identify pictures or verify its authenticity.

Answer 219

Answer: A,C,D,E,F Explanation: At the beginning of any investigation, an investigator must ask who, what, when, where, and how. Answering the questions will lead to the successful conclusion of the case.

Answer 220

Answer: C Explanation: Due care are the steps taken to show it has taken responsibility for its actions.

Answer 221

Answer: A,D Explanation: Policies are written as a broad overview and require the support of upper management. After the development and approval of policies, guidelines and procedures may be written.

Answer 222

Answer: A,B,D Explanation: Total risk = asset value * vulnerability * threats

Answer 223

Answer: B,C,E,F Explanation: One of the most common systems used to classify information is the one developed within the US Department of Defense. These include: unclassified, sensitive, confidential, secret, and top secret.

Answer 224

Answer: E Explanation: Call forwarding can be used to bypass the call back feature and is considered a security risk.

Answer 225

Answer: C Explanation: Authentication is the act of validating a user with a unique and specific identifier.

Answer 226

Answer: E Explanation: The IAAB considers the Internet a privilege, not a right, and as such considers it unethical to purposely disrupt communications.

Answer 227

Answer: A Explanation: Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on the suspect's disk. This includes slack space and free space.

Answer 228

Answer: E Explanation: Human Resources always needs to be involved if an employee is suspected of wrongdoing. They know what rules apply to protect and prosecute employees.

Answer 229

Answer: D Explanation: A copyright protects the expression of a resource, not the resource directly.

Answer 230

Answer: C,D Explanation: Administrative or regulatory laws are considered standards of performance or conduct expected by government agencies from companies, industries, and certain officials.

Answer 231

Answer: E Explanation: Acceptable use policies provide the company with legal protection. Logon banners should be used to inform users what will happen if they do not follow company rules

Answer 232

Answer: A Explanation: Trade secrets are deemed proprietary to a company and can be information that provides a competitive edge. This information is protected as long as the owner takes the necessary security actions.

Answer 233

Answer: D Explanation: Reporting the change to management is the last step in the process.

Answer 234

Answer: B Explanation: Senior management is ultimately responsible for the security of an organization. Policy flows from the top down.

Answer 235

Answer: A,B,C Explanation: Configuration management controls the changes that take place in hardware, software, and operating systems.

Answer 236

Answer: A Explanation: Macro viruses infect Microsoft office files. There are many macro viruses because the macro language is easy to use and because Microsoft Office is prolific.

Answer 237

Answer: C,E Explanation: Within a relational database, the rows of a table are called tuples and the columns are called attributes.

Answer 238

Answer: D Explanation: Worms can reproduce themselves without the help of system applications or resources.

Answer 239

Answer: E Explanation: Maintenance is the final stage of the system development life cycle.

Answer 240

Answer: A Explanation: A polymorphic virus is a virus that makes copies of itself, then makes changes to those copies. It does this in hopes of avoiding detection of anti-virus software.

Answer 241

Answer: B,C,D Explanation: The following identifies a business impact analysis: analyzing the threats associated with each functional area, determining the risk associated with each threat, and identifying the major functional areas of information.

Answer 242

Answer: B Explanation: Procedures are the step-by-step instructions used to satisfy control requirements.

Answer 243

Answer: A,C,D,E Explanation: All of the items listed can help secure faxes except printing a sensitive document banner, which actually encourages people to look at the document.

Answer 244

Answer: A,B,D Explanation: Rotation of duties, separation of duties, and mandatory vacations are all administrative controls, enforcing WEP is a technical control

Answer 245

Answer: E Explanation: Separation of duties is considered valuable in deterring fraud since fraud can occur if an opportunity exists for collaboration between various job related capabilities. The most commonly used examples are the separate transactions needed to initiate a payment and to authorize a payment. No single individual should be capable of executing both transactions.

Answer 246

Answer: C Explanation: Since CD's cannot be sanitized in a way to remove all data, they should be physically destroyed. There are many products that con do this. Some actually shred the CD!

Answer 247

Answer: D Explanation: Degaussing is the most accepted way of disposing data held on a floppy disk.

Answer 248

Answer: E Explanation: A known plain text attack is an attack against the organization's cryptosystem, not a direct attack against operations.

Answer 249

Answer: C Explanation: Trinoo and the Tribal Flood Network (TFN) are the two most commonly used distributed denial of service attacks. The other four tools mentioned are reconnaissance techniques used to map networks and scan for known vulnerabilities.

Answer 250

Answer: A Explanation: The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash

Answer 251

Answer: A,D,G Explanation: The essential security principles of confidentiality, integrity, and availability are referred to as the CIA Triad.

Answer 252

Answer: A Explanation: The first step in the access control process is identifying who the subject is.

Answer 253

Answer: C Explanation: A Type 2 authentication factor is something you have, such as a smart card, ATM card, token device, memory card, etc.

Answer 254

Answer: C Explanation: Dual controls require that two entities work together to complete a task. This is used to reduce the possibility of fraud.

Answer 255

Answer: A,D,G Explanation: PGP provides confidentiality, integrity, and authenticity.

Answer 256

Answer: A Explanation: Everyone is responsible for security.

Answer 257

Answer: G Explanation: The Bell-LaPadula model is focused on maintaining confidentiality.

Answer 258

Answer: B Explanation: Preventative access control is deployed to stop an unauthorized activity from occurring

Answer 259

Answer: B Explanation: SHA is specified in DSS, not DES. DSS: http://www.itl.nist.gov/fipspubs/fip186.htm DES: http://www.itl.nist.gov/fipspubs/fip46-2.htm

Answer 260

Answer: A,E Explanation: All the others except Rijndael and IDEA are examples of asymmetric key algorithms.