Mixed Questions Flashcards

1
Q
Which one is an example of a man-in-the-middle attack? 
A. Buffer overflow 
B. DoS attack 
C. All of the above 
D. None of the above
A

Answer: D
Explanation: Wrong: Both A and B could be the result of a man-in-the-middle attack, but neither are man-in-the-middle attacks. For example someone who uses a packet capturing device, such as a “sniffer” to obtain an unencrypted user ID and password to one or more PCs or servers and then the platforms to launch a DOS attach or create a Buffer Overflow by exploiting an application flaw or OS Vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which one of these is a basic firewall? 
A. Packet Filtering Firewalls 
B. Proxy Firewalls 
C. All of the above 
D. None of the above
A

Answer: A
Explanation: Packet Filtering Firewall – only examines an IP packet based on Source IP (SIP), Destination IP (DIP), Source Port and Destination Port for both UDP and TCP by subjecting each IP packet to an Access Control List.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is there an exception area in a policy?
A. Policy isn’t valid without it
B. Management has to deal with various issues that may require exceptions
C. All of the above
D. None of the above

A

Answer: B
Explanation: Polices are ever evolving process that requires updating. Polices must change as the goals, functions and responsibilities of a company, government or employee changes. A simple policy exception could be – No unauthorized person or persons can enter the computer room. The Exception would be – Unless cleared by management and escorted by an authorized individual. In some cases there are NO exceptions – An example: Military TOP Secret information can ONLY be handled by someone with a TOP Secret Clearance; thus answer A is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which is a characteristic of IDEA? 
A. 56 bytes 
B. 64 bits 
C. 64 bytes 
D. All of the above 
E. None of the above
A

Answer: B
Explanation: From Wikipedia: International Data Encryption Algorithm (IDEA) operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups — modular addition and multiplication, and bitwise eXclusive OR (XOR) — which are algebraically “incompatible” in some sense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which of the following can be used to raise awareness of the importance of security and risk? Select best two.   
A. Money 
B. Training 
C. Cohersion 
D. Education
A

Answer: B,D
Explanation: Awareness and the importance of security and risk can not be improved or awareness be increased with only money. Awareness is produced by providing employees with education and training. Reference the Training and Education Triad. Exam Cram 2 CISSP Page 52

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Which mechanism complements an IDS? 
A. Activating the built in VPN capabilities 
B. Configuring built in alerts 
C. All of the above 
D. None of the above
A

Answer: B
Explanation: A network security engineer or other security personal must configure the IDS to detect alerts for specified security events, so the IDS will log the threat event. An IDS can either be a Network or Host based. Both have default settings and allow the administrator to configure triggers for alerts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A programmer creates a virus producing tool in order to test the performance of a new virus detection product.
A. This is ethical because it was created to test and enhance the performance of a virus protection tool
B. It’s unethical because the virus creating tool may become available to the public.
C. All of the above
D. None of the above

A

Answer: B
Explanation: As a CISSP, one needs to discourage unsafe practices and/or bad practices, and preserve and strengthen the integrity of the public infrastructures. See “All-in-One Exam Guide” Third Edition by Shon Harris page 753 or www.isc2.org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly