2_TestKing - CISSP v12
CISSP
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers along with detailed explanations carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions. Go through the entire document at least twice so that you make sure that you are not missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check the products page on the TestKing web site for an update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go to https://www.sodocs.net/doc/9b18337467.html,
2.Click on Login (upper right corner)
3.Enter e-mail and password
4.The latest versions of all purchased products are downloadable from here. Just click the links.
For most updates, it is enough just to print the new questions at the end of the new version, not the whole document.
Feedback
Feedback on specific questions should be send to feedback@https://www.sodocs.net/doc/9b18337467.html,. You should state
1.Exam number and version.
2.Question number.
3.Order number and login ID.
Our experts will answer your mail promptly.
Copyright
Each pdf file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular pdf file is being distributed by you, TestKing reserves the right to take legal action against you according to the International Copyright Laws.
QUESTION NO: 1
In a discretionary mode, which of the following entities is authorized to grant information access to other people?
A.Manager
B.Group leader
C.Security manager
https://www.sodocs.net/doc/9b18337467.html,er
Answer: D
QUESTION NO: 2
Which DES mode of operation is best suited for database encryption?
A.Cipher Block Chaining (CBC) mode
B.Cycling Redundancy Checking (CRC) mode
C.Electronic Code Book (ECB) mode
D.Cipher Feedback (CFB) mode
Answer: C
QUESTION NO: 3
Within the realm of IT security, which of the following combinations best defines risk?
A.Threat coupled with a breach.
B.Threat coupled with a vulnerability.
C.Vulnerability coupled with an attack.
D.Threat coupled with a breach of security.
Answer: B
QUESTION NO: 4
Which of the following would be the best reason for separating the test and development environments?
A.To restrict access to systems under test.
B.To control the stability of the test environment.
C.To segregate user and development staff.
D.To secure access to systems under development.
Answer: B
QUESTION NO: 5
Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organizations activities is incorrect?
A.The CEO should always be the spokesperson for the company during a disaster.
B.The disaster recover plan must include how the media is to be handled during the disaster.
C.The organization’s spokesperson should report bad news before the press gets a hold of it through
another channel.
D.An emergency press conference site should be planned ahead.
Answer: A
QUESTION NO: 6
Which Orange book security rating introduces security labels?
A.C2
B.B1
C.B2
D.B3
Answer: B
QUESTION NO: 7
A Business Impact Analysis (BIA) does not:
A.Recommend the appropriate recovery solution.
B.Determine critical and necessary business functions and their resource dependencies.
C.Identify critical computer applications and the associated outage tolerance.
D.Estimate the financial impact of a disruption.
Answer: A
QUESTION NO: 8
Which access control model enables the owner of the resource to specify what subjects can access specific resources?
A.Discretionary Access Control
B.Mandatory Access Control
C.Sensitive Access Control
D.Role-based Access Control
Answer: A
QUESTION NO: 9
What type of cable is used with 100Base-TX Fast Ethernet?
A.Fiber-optic cable
B.Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires.
C.Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP)
wires.
D.RG.58 cable.
Answer: C
QUESTION NO: 10
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
A.Originated by VISA and MasterCard as an Internet credit card protocol.
B.Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
C.Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.
D.Originated by VISA and MasterCard as an Internet credit card protocol using SSL.
Answer: B
QUESTION NO: 11
At which of the following phases of a software development life cycle are security and access controls normally designed?
A.Coding
B.Product design
C.Software plans and requirements
D.Detailed design
Answer: D
QUESTION NO: 12
Which type of control would password management classify as?
https://www.sodocs.net/doc/9b18337467.html,pensating control
B.Detective control
C.Preventive control
D.Technical control
Answer: C
QUESTION NO: 13
Due are is not related to:
A.Good faith
B.Prudent man
C.Profit
D.Best interest
Answer: C
QUESTION NO: 14
Which of the following is not an Orange Book-defined life cycle assurance requirement?
A.Security testing
B.Design specification and testing
C.Trusted distribution
D.System integrity
Answer: D
QUESTION NO: 15
What is another name for the Orange Book?
A.The Trusted Computer System Evaluation Criteria (TCSEC)
B.The Trusted Computing Base (TCB)
C.The Information Technology Security Evaluation Criteria (ITSEC)
D.The Common Criteria
Answer: A
QUESTION NO: 16
A password that is the same for each log-on session is called a?
A.“one-time password”
B.“two-time password”
C.static password
D.dynamic password
Answer: C
QUESTION NO: 17
Which of the following backup methods is most appropriate for off-site archiving?
A.Incremental backup method.
B.Off-site backup method.
C.Full backup method.
D.Differential backup method.
Answer: C
QUESTION NO: 18
Which of the following is not a weakness of symmetric cryptography?
A.Limited security
B.Key distribution
C.Speed
D.Scalability
Answer: C
QUESTION NO: 19
Which of the following is not a defined layer in the TCP/IP protocol model?
A.Application layer
B.Session layer
C.Internet layer
https://www.sodocs.net/doc/9b18337467.html,work access layer
Answer: B
QUESTION NO: 20
Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short time storage for changeable data, but require?
A.Faster file access than tape.
B.Slower file access than tape.
C.Slower file access than drive.
D.Slower file access than scale.
Answer: A
QUESTION NO: 21
Which one of the following is not a primary component or aspect of firewall systems?
A.Protocol filtering
B.Packet switching
C.Rule enforcement engine
D.Extended logging capability
Answer: B
QUESTION NO: 22
What are database views used for?
A.To ensure referential integrity.
B.To allow easier access to data in a database.
C.To restrict user access to data in a database.
D.To provide audit trails.
Answer: C
QUESTION NO: 23
Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?
A.File services
B.Mail services
C.Print services
D.Client/Server services
Answer: B
QUESTION NO: 24
Intrusion detection has which of the following sets of characteristics.
A.It is adaptive rather than preventive.
B.It is administrative rather than preventive.
C.It is disruptive rather than preventative.
D.It is detective rather than preventative.
Answer: D
QUESTION NO: 25
Which type of password provides maximum security because a new password is required for each now log-on is defined to as?
A.One-time or dynamic password
B.Cognitive password
C.Static password
D.Passphrase
Answer: A
QUESTION NO: 26
They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called?
A.Token Ring
B.Tokens
C.Token passing networks
D.Coupons
Answer: B
QUESTION NO: 27
Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject?
A.Take-Grant model
B.Access Matrix model
C.Biba model
D.Bell-Lapadula model
Answer: A
QUESTION NO: 28
Which of the following is the BEST way to prevent software license violations?
A.Implementing a corporate policy on copyright infringements and software use.
B.Requiring that all PCs be diskless workstations.
C.Installing metering software on the LAN so applications can be accessed through the metered
software.
D.Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on
the PC.
Answer: D
QUESTION NO: 29
Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the standard for?
A.Data exchange in many businesses.
B.Data change in many businesses.
C.Data compression in many businesses.
D.Data interchange in many businesses.
Answer: A
QUESTION NO: 30
What are two types of system assurance?
A.Operational Assurance and Architecture Assurance.
B.Design Assurance and Implementation Assurance.
C.Architecture Assurance and Implementation Assurance.
D.Operational Assurance and Life-Cycle Assurance.
Answer: D
QUESTION NO: 31
Why does compiled code pose more risk than interpreted code?
A.Because malicious code can be embedded in the compiled code and can be difficult to detect.
B.Because the browser can safely execute all interpreted applets.
C.Because compilers are not reliable.
D.It does not. Interpreted code poses more risk than compiled code.
Answer: A
QUESTION NO: 32
Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?
A.The Total Quality Model (TQM)
B.The IDEAL Model
C.The Software Capability Maturity Model
D.The Spiral Model
Answer: C
QUESTION NO: 33
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud simulates the tones of coins being deposited into a payphone?
A.Red Boxes
B.Blue Boxes
C.White Boxes
D.Black Boxes
Answer: A
QUESTION NO: 34
What is the proper term to refer to a single unit of Ethernet data?
A.Ethernet segment
B.Ethernet datagram
C.Ethernet frame
D.Ethernet packet
Answer: C
QUESTION NO: 35
Which of the following represents an ALE calculation?
A.Singe loss expectancy x annualized rate of occurrence.
B.Gross loss expectancy x loss frequency.
C.Actual replacement cost – proceeds of salvage.
D.Asset value x loss expectancy.
Answer: A
QUESTION NO: 36
IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist?
A.Disclosure of residual data.
B.Unauthorized obtaining of a privileged execution state.
C.Data leakage through covert channels.
D.Denial of service through a deadly embrace.
Answer: A
QUESTION NO: 37
Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a?
A.Single array
B.Dual array
C.Triple array
D.Quadruple array
Answer: A
QUESTION NO: 38
Why would anomaly detection IDSs often generate a large number of false positives?
A.Because they can only identify correctly attacks they already know about.
B.Because they are application-based are more subject to attacks.
C.Because they cant identify abnormal behavior.
D.Because normal patterns of user and system behavior can vary wildly.
Answer: D
QUESTION NO: 39
According to private sector data classification levels, how would salary levels and medical information be classified?
A.Public
B.Sensitive
C.Private
D.Confidential
Answer: C
QUESTION NO: 40
Which of the following is used in database information security to hide information?
A.Inheritance
B.Polyinstantiation
C.Polymorphism
D.Delegation
Answer: B
QUESTION NO: 41
Which of the following evaluates the product against the specification?
A.Verification
B.Validation
C.Concurrence
D.Accuracy
Answer: A
QUESTION NO: 42
Application Level Firewalls are commonly a host computer running proxy server software, which makes a?
A.Proxy Client
B.Proxy Session
C.Proxy System
D.Proxy Server
Answer: D
QUESTION NO: 43
What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim’s machine on any open port that is listening?
A.Bonk attack
https://www.sodocs.net/doc/9b18337467.html,nd attack
C.Teardrop attack
D.Smurf attack
Answer: B
QUESTION NO: 44
The beginning and the end of each transfer during asynchronous communication data transfer are marked by?
A.Start and Stop bits.
B.Start and End bits.
C.Begin and Stop bits.
D.Start and Finish bits.
Answer: A
QUESTION NO: 45
Most of unplanned downtime of information systems is attributed to which of the following?
A.Hardware failure
B.Natural disaster
C.Human error
D.Software failure
Answer: A
QUESTION NO: 46
Raid that functions as part of the operating system on the file server
A.Software implementation
B.Hardware implementation
https://www.sodocs.net/doc/9b18337467.html,work implementation
https://www.sodocs.net/doc/9b18337467.html,ware implementation
Answer: A
QUESTION NO: 47
During which phase of an IT system life cycle are security requirements developed?
A.Operation
B.Initiation
C.Development
D.Implementation
Answer: C
QUESTION NO: 48
Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of?
A.Deterrent controls
B.Output controls
https://www.sodocs.net/doc/9b18337467.html,rmation flow controls
D.Asset controls
Answer: B
QUESTION NO: 49
Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on?
A.The societies role in the organization.
B.The individual’s role in the organization.
C.The group-dynamics as they relate to the individual’s role in the organization.
D.The group-dynamics as they relate to the master-slave role in the organization.
Answer: B
QUESTION NO: 50
An effective information security policy should not have which of the following characteristics?
A.Include separation of duties.
B.Be designed with a short-to mid-term focus.
C.Be understandable and supported by all stakeholders.
D.Specify areas of responsibility and authority.
Answer: B
QUESTION NO: 51
Which of the following statements pertaining to secure information processing facilities is incorrect?
A.Walls should have an acceptable fire rating.
B.Windows should be protected by bars.
C.Doors must resist forcible entry.
D.Location and type of fire suppression systems should be known.
Answer: B
QUESTION NO: 52
Making sure that the data is accessible when and where it is needed is which of the following?
A.Confidentiality
B.Integrity
C.Acceptability
D.Availability
Answer: D
QUESTION NO: 53
Business continuity plan development depends most on?
A.Directives of Senior Management
B.Business Impact Analysis (BIA)
C.Scope and Plan Initiation
D.Skills of BCP committee
Answer: B
QUESTION NO: 54
Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?
A.Transport layer
https://www.sodocs.net/doc/9b18337467.html,work layer
C.Data link layer
D.Physical layer
Answer: D
QUESTION NO: 55
Related to information security, availability is the opposite of which of the following?
A.Delegation
B.Distribution
C.Documentation
D.Destruction
Answer: D
QUESTION NO: 56
Which of the following is a disadvantage of a behavior-based ID system?
A.The activity and behavior of the users while in the networked system may not be static enough to
effectively implement a behavior-based ID system.
B.The activity and behavior of the users while in the networked system may be dynamic enough to
effectively implement a behavior-based ID system.
C.The activity and behavior of the users while in the networked system may not be dynamic enough to
effectively implement a behavior-based ID system.
D.The system is characterized by high false negative rates where intrusions are missed.
Answer: A
QUESTION NO: 57
Which of the following statements pertaining to VPN protocol standards is false?
A.L2TP is a combination of PPTP and L2F.
B.L2TP and PPTP were designed for single point-to-point client to server communication.
C.L2TP operates at the network layer.
D.PPTP uses native PPP authentication and encryption services.
Answer: C
QUESTION NO: 58
What is the most critical characteristic of a biometric identifying system?
A.Perceived intrusiveness
B.Storage requirements
C.Accuracy
D.Reliability
Answer: C
QUESTION NO: 59
RAID Software can run faster in the operating system because neither use the hardware-level parity drives by?
A.Simple striping or mirroring.
B.Hard striping or mirroring.
C.Simple hamming code parity or mirroring.
D.Simple striping or hamming code parity.
Answer: A
QUESTION NO: 60
The guarantee that the message sent is the message received, and that the message was not intentionally or unintentionally altered is?
A.Integrity
B.Confidentiality
C.Availability
D.Identity
Answer: A
QUESTION NO: 61
Which of the following is a preventive control?
A.Motion detectors
B.Guard dogs
C.Audit logs
D.Intrusion detection systems
Answer: B
QUESTION NO: 62
What uses a key of the same length as the message?
A.Running key cipher
B.One-time pad
C.Steganography
D.Cipher block chaining
Answer: B
QUESTION NO: 63
Which of the following protocols operates at the session layer (layer 5)?
A.RPC
B.IGMP
C.LDP
D.SPX
Answer: A
QUESTION NO: 64
Which of the following are NOT a countermeasure to traffic analysis?
A.Padding messages
B.Eavesdropping
C.Sending noise
D.Covert channel analysis
Answer: B
QUESTION NO: 65