Official (ISC)² CISSP (All Domains)
"Generally Accepted Principles and Practices for Securing Information Technology Systems"
(NIST SP 800-14) - correct answer-Provides a foundation upon which organizations can
establish and review information technology security programs.
2011 CWE/SANS Top 25 Most Dangerous Software Errors - correct answer-A list of the most
widespread and critical errors that can lead to serious vulnerabilities in software.
802.11a supports up to how many Mbps? - correct answer-54
802.11a uses which frequency? - correct answer-5.0
802.11b supports up to how many Mbps? - correct answer-11
802.11b uses which frequency? - correct answer-2.4
802.11g supports up to how many Mbps? - correct answer-54
802.11g uses which frequency? - correct answer-2.4
802.11n supports up to how many Mbps? - correct answer-144
802.11n uses which frequency? - correct answer-2.4 and 5.0
A basic network mapping technique that helps narrow the scope of an attack - correct
answer-Ping scanning
A client/server-based directory query protocol loosely based upon X.500, commonly used for
managing user information - correct answer-Lightweight Directory Access Protocol (LDAP)
A diagnostic tool that displays the path a packet traverses between a source and destination
host - correct answer-Traceroute
A firewall without a ruleset is considered what? - correct answer-router
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer -
correct answer-Fibre Channel over Ethernet (FCoE)
A method commonly used to modulate information into manageable bits that are sent over
the air wirelessly - correct answer-Spread spectrum
A program which can extract data from output on a display intended for a human - correct
answer-Screen Scraper
,A stateful protocol that requires two communication channels - correct answer-File Transfer
Protocol (FTP)
A technology that allows you to make voice calls using a broadband Internet connection
instead of a regular (or analog) phone line - correct answer-Voice over Internet Protocol
(VoIP)
A type of wireless network that connects several wireless LANs - correct answer-Wireless
metropolitan area networks
A wireless network made up of radio nodes organized in a mesh topology - correct
answer-Wireless mesh network
A wireless technology that spreads a transmission over a much larger frequency band, and
with corresponding smaller amplitude - correct answer-Direct-Sequence Spread Spectrum
(DSSS)
Abstraction - correct answer-Involves the removal of characteristics from an entity in order to
easily represent its essential properties.
Access badges - correct answer-Used to enter secured areas of a facility and are used in
conjunction with a badge reader to read information stored on the badge
Access Control Matrix - correct answer-A two-dimensional table that allows for individual
subjects and objects to be related to each other.
Access Control Systems - correct answer-Physical or electronic systems designed to control
who, or what, has access to a network
Account management systems - correct answer-Systems that attempt to streamline the
administration of user identity across multiple systems
Acoustic Sensors - correct answer-Device that uses passive listening devices
ActiveX Data Objects (ADO) - correct answer-A Microsoft high-level interface for all kinds of
data.
Address Space Layout Randomization (ASLR) - correct answer-Involves randomly arranging
the positions of key data areas of a program, including the base of the executable and the
positions of the stack, heap, and libraries in a process's memory address space.
Administrative Controls - correct answer-Procedures implemented to define the roles,
responsibilities, policies, and administrative functions needed to manage the control
environment.
Administrator accounts - correct answer-Accounts that are assigned only to named
individuals that require administrative access to the system to perform maintenance
activities, and should be different and separate from a user's normal account.
, Aggregation - correct answer-Combining non-sensitive data from separate sources to create
sensitive information.
Algorithm - correct answer-A mathematical function that is used in the encryption and
decryption processes.
Allow users remote access to a network via analog phone lines - correct answer-Modems
An authentication protocol used mainly in networked environments, such as ISPs, or for
similar services requiring single sign-on for layer 3 network access, for scalable
authentication combined with an acceptable degree of security. - correct answer-Remote
Authentication Dial-in User Service (RADIUS)
An encrypted tunnel between two hosts that allows them to securely communicate over an
untrusted network - correct answer-Virtual Private Network (VPN)
An open SCADA protocol that allows communication between multiple vendor systems. -
correct answer-DNP3 - Distributed Network Protocol
Annualized Rate of Occurrence (ARO) - correct answer-An estimate of how often a threat
will be successful in exploiting a vulnerability over the period of a year.
Application Layer - correct answer-Layer 7
Architecture Security Reviews - correct answer-A manual review of the product architecture
to ensure that it fulfills the necessary security requirements.
Arms Export Control Act of 1976 - correct answer-Authorizes the President to designate
those items that shall be considered as defense articles and defense services and control
their import and the export.
Asymmetric Algorithms - correct answer-One-way functions, that is, a process that is much
simpler to go in one direction (forward) than to go in the other direction (backward or reverse
engineering).
Audit Records - correct answer-Contain security event information such as successful and
failed authentication attempts, file accesses, security policy changes, account changes, and
use of privileges.
Authentication - correct answer-The process of verifying the identity of the user
Authorization - correct answer-The process of defining the specific resources a user needs
and determining the type of access to those resources the user may have
Automated Vulnerability Scanners - correct answer-Tests an application for the use of
system components or configurations that are known to be insecure.
"Generally Accepted Principles and Practices for Securing Information Technology Systems"
(NIST SP 800-14) - correct answer-Provides a foundation upon which organizations can
establish and review information technology security programs.
2011 CWE/SANS Top 25 Most Dangerous Software Errors - correct answer-A list of the most
widespread and critical errors that can lead to serious vulnerabilities in software.
802.11a supports up to how many Mbps? - correct answer-54
802.11a uses which frequency? - correct answer-5.0
802.11b supports up to how many Mbps? - correct answer-11
802.11b uses which frequency? - correct answer-2.4
802.11g supports up to how many Mbps? - correct answer-54
802.11g uses which frequency? - correct answer-2.4
802.11n supports up to how many Mbps? - correct answer-144
802.11n uses which frequency? - correct answer-2.4 and 5.0
A basic network mapping technique that helps narrow the scope of an attack - correct
answer-Ping scanning
A client/server-based directory query protocol loosely based upon X.500, commonly used for
managing user information - correct answer-Lightweight Directory Access Protocol (LDAP)
A diagnostic tool that displays the path a packet traverses between a source and destination
host - correct answer-Traceroute
A firewall without a ruleset is considered what? - correct answer-router
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer -
correct answer-Fibre Channel over Ethernet (FCoE)
A method commonly used to modulate information into manageable bits that are sent over
the air wirelessly - correct answer-Spread spectrum
A program which can extract data from output on a display intended for a human - correct
answer-Screen Scraper
,A stateful protocol that requires two communication channels - correct answer-File Transfer
Protocol (FTP)
A technology that allows you to make voice calls using a broadband Internet connection
instead of a regular (or analog) phone line - correct answer-Voice over Internet Protocol
(VoIP)
A type of wireless network that connects several wireless LANs - correct answer-Wireless
metropolitan area networks
A wireless network made up of radio nodes organized in a mesh topology - correct
answer-Wireless mesh network
A wireless technology that spreads a transmission over a much larger frequency band, and
with corresponding smaller amplitude - correct answer-Direct-Sequence Spread Spectrum
(DSSS)
Abstraction - correct answer-Involves the removal of characteristics from an entity in order to
easily represent its essential properties.
Access badges - correct answer-Used to enter secured areas of a facility and are used in
conjunction with a badge reader to read information stored on the badge
Access Control Matrix - correct answer-A two-dimensional table that allows for individual
subjects and objects to be related to each other.
Access Control Systems - correct answer-Physical or electronic systems designed to control
who, or what, has access to a network
Account management systems - correct answer-Systems that attempt to streamline the
administration of user identity across multiple systems
Acoustic Sensors - correct answer-Device that uses passive listening devices
ActiveX Data Objects (ADO) - correct answer-A Microsoft high-level interface for all kinds of
data.
Address Space Layout Randomization (ASLR) - correct answer-Involves randomly arranging
the positions of key data areas of a program, including the base of the executable and the
positions of the stack, heap, and libraries in a process's memory address space.
Administrative Controls - correct answer-Procedures implemented to define the roles,
responsibilities, policies, and administrative functions needed to manage the control
environment.
Administrator accounts - correct answer-Accounts that are assigned only to named
individuals that require administrative access to the system to perform maintenance
activities, and should be different and separate from a user's normal account.
, Aggregation - correct answer-Combining non-sensitive data from separate sources to create
sensitive information.
Algorithm - correct answer-A mathematical function that is used in the encryption and
decryption processes.
Allow users remote access to a network via analog phone lines - correct answer-Modems
An authentication protocol used mainly in networked environments, such as ISPs, or for
similar services requiring single sign-on for layer 3 network access, for scalable
authentication combined with an acceptable degree of security. - correct answer-Remote
Authentication Dial-in User Service (RADIUS)
An encrypted tunnel between two hosts that allows them to securely communicate over an
untrusted network - correct answer-Virtual Private Network (VPN)
An open SCADA protocol that allows communication between multiple vendor systems. -
correct answer-DNP3 - Distributed Network Protocol
Annualized Rate of Occurrence (ARO) - correct answer-An estimate of how often a threat
will be successful in exploiting a vulnerability over the period of a year.
Application Layer - correct answer-Layer 7
Architecture Security Reviews - correct answer-A manual review of the product architecture
to ensure that it fulfills the necessary security requirements.
Arms Export Control Act of 1976 - correct answer-Authorizes the President to designate
those items that shall be considered as defense articles and defense services and control
their import and the export.
Asymmetric Algorithms - correct answer-One-way functions, that is, a process that is much
simpler to go in one direction (forward) than to go in the other direction (backward or reverse
engineering).
Audit Records - correct answer-Contain security event information such as successful and
failed authentication attempts, file accesses, security policy changes, account changes, and
use of privileges.
Authentication - correct answer-The process of verifying the identity of the user
Authorization - correct answer-The process of defining the specific resources a user needs
and determining the type of access to those resources the user may have
Automated Vulnerability Scanners - correct answer-Tests an application for the use of
system components or configurations that are known to be insecure.
