CISSP - Exam review 1 (Questions and Answers A+ Graded 100% Verified)

CISSP - Exam review 1 (Questions and Answers A+ Graded 100% Verified) What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities? a) Privacy act b) Forth Amendment c) Second Amendment d) Gramm-Leach-Bliley act CORRECT ANSWER: b) Fourth Amendment Which component of the CIA triad has the most avenue or vectors of attacks and compromise? CORRECT ANSWER: Availability During the de-encapsulation procedure the _______________________ layer strips out its information and sends the message to the network layer CORRECT ANSWER: Data link which of the following is not a feature of packet switching? a) Bursty traffic b) Fixed known delays c) Sensitive to data loss d) Supports any type of traffic CORRECT ANSWER: b) Fixed know delays. Packet switching has unknown traffic delays. Circuit switching has fixed known delays Data objects and their names in the OSI model CORRECT ANSWER: Datalink layer: frame Network layer: datagram or packet Transport layer: segment Session, Presentation and Application: PDU (Protocol Data Unit) Which of the following is not a required component of a digital cerificate? a) serial number b) validity period c) receiver's name d) X.509 version CORRECT ANSWER: c) receiver's name What regulation formalizes the prudent man rule that requires senior executive to take personal responsibility for their actions? a) CFAA b) Federal Sentencing Guidelines c) GLBA d) Sarbanes-Oxley CORRECT ANSWER: b) Federal Sentencing Guidelines GLBA - Gramm-Leach-Bliley Act = financial institutions and privacy CFAA - Computer Fraude and Abuse Act What is the foundation of user and personnel security? a) Background checks b) Job descriptions c) Auditing and monitoring d) Discretionary access control CORRECT ANSWER: b) Job descriptions Which of the following provides the best protection against the loss of confidentiality for sensitive data: a) Data labels b) Data classification c) Data handling d) Data degaussing methods CORRECT ANSWER: b) Data classification Data labels and proper data handling depend on data being classified correctly first. WHich of the following is the type of antivirus response function that removes malicious code but leave the damage unrepaired a) cleaning b) removal c) stealth d) polymorphism CORRECT ANSWER: b) (virus) removal cleaning removes the virus and repairs the damage Which of the following is not a typical security concern with VOIP? a) VLAN hopping b) Caller ID falsification c) Vishing d) SPIT CORRECT ANSWER: VLAN hopping is not associated with VOIP, but a switch security issue. SPIT = Spam over Internet Telephony Which VPN protocol should not be used as the sole encapsulation mechanism if there is a dial-up mechanism present between the host and the link end-point? a) L2F b) PPTP c) IPSEC d) L2TP CORRECT ANSWER: IPSec is not designed to operate naked over a dial-up segment. It should be encapsulated with L2TP for example A tunnel mode VPN is used to connect which types of systems? a) Hosts and servers b) Clients and terminals c) Hosts and networks d) Servers and domain controllers CORRECT ANSWER: c) Hosts and networks Tunnel mode VPNs are used to connect Networks to Networks and Hosts to Networks Transport mode VPN is used to connect Hosts to Hosts. Host, server, client, terminal and domain controller are all synonyms in this context UDP: a) bits b) logical addressing c) data reformatting d) simplex CORRECT ANSWER: UDP is a simplex protocol at the Transport layer UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the header and payload. Abnormal or unauthorized activities detectable by IDS (select all that apply) a) External connection attempts b) Execution of malicious code c) Access to controlled object d) none of the above CORRECT ANSWER: a, b and c The question does not specify NIDS (network IDS) nor HIDS (Host ISD). Therefore assume both types. WiFi technique using a form of serial communication: a) Spread Spectrum b) FHSS c) DSSS d) OFDM CORRECT ANSWER: b) FHSS (Frequency Hopping Spread Spectrum) is an early implementation of frequency spread spectrum. Instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use. Direct Sequence Spread Spectrum (DSSS) employs all the available frequencies simultaneously in parallel Orthogonal frequency-division multiplexing (OFDM) sends data in multiple streams at the same time Cryptography: What term defines when the same text encrypted by different keys produces the same cyphertext? (Same plaintext -> 2 different keys -> Same cyphertext) CORRECT ANSWER: Clustering (aka key clustering) in cryptography Cryptography: Different text -> same hashing function -> same hashes CORRECT ANSWER: Collition Internet protocol all public emails comply with: a) IEEE 802.11 b) X.400 c) X.509 d) LDAP CORRECT ANSWER: b) X.400 IEEE 802.11 -> Wifi X.509 -> Digital certificates LDAP (Lightweight Directory Access Protocol) -> Directory information services protocol (i.e. name resolution, users database, domain controller DB, etc.) It is a cell-switching technology instead of packet-switching one: a) ISDN b) Frame Relay c) SMDS d) ATM CORRECT ANSWER: d) ATM is a cell-switching technology SMDS: Switched Multi-megabit Data Service. Frame Relay and ISDN are also packet switching services Which of the following algorithms/protocols provide inherent support for non-repudiation? a) HMAC b) DSA c) MD5 d) SHA1 CORRECT ANSWER: b) DSA (Digital Signature Algorithm) The Hashed Message Authentication Code (HMAC) algorithm implements a partial digital signature— it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation. MD5 and SHA are hashing (message digest) algorithms that provide integrity assurance. Evidence Standards for Civil Investigation and Criminal investigation CORRECT ANSWER: Civil Investigation -> Preponderance of the evidence Criminal Investigation -> Beyond a reasonable doubt Min # of keys for 3DES CORRECT ANSWER: Two 3DES uses 2 or 3 keys Boolean operators (symbols): CORRECT ANSWER: ! or ~ -> NOT ^ or & -> AND (^ looks like "A") V or || -> OR o -> NOR What protocol manage the security associations used by IPSec? a) ISAKMP b) SKIP c) IPCOMP d) SSL CORRECT ANSWER: a) ISAKMP (Internet Security Association and Key Management Protocol) ISAKMP provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations. Identification is the first step towards what ultimate goal? a) Accountability b) Authorization c) Auditing d) non-repudiation CORRECT ANSWER: a) Accountability is the ultimate goal of a process started by Identification STRIDE CORRECT ANSWER: Spoofing Tempering Repudiation Information disclosure Denial of service Elevation of privilege What element of data categorization management can override all other forms of data management control? a) Classification b) Physical access c) Custodian responsibilities d) Taking ownership CORRECT ANSWER: d) Taking ownership. It overrides controls and gives full access and control of the object Which of the following is the most distinctive concept in relation to layered security? a) Multiple b) Series c) Parallel d) Filter CORRECT ANSWER: b) Series. Layered security implies multiple layers and security controls in a series faction: one control after the other and if one control fails the overall security is not compromised What is the primary objective of data classification schemes? a) To control access to objects by authorized subjects b) To formalize and stratify the process of securing data based on assigning labels of importance and sensitivity c) To establish an transaction trail for auditing accountability d) To manipulate access control to provide for the most efficient mean to grant or restrict functionality CORRECT ANSWER: b) To formalize and stratify the process of securing data on assigning labels of importance and sensitivity. note that a) mainly refers to access control Military labels of data classification CORRECT ANSWER: Top Secret Secret Confidential Sensitive but unclassified Unclassified Note that Top Secret, Secret and Confidential are known as "Classified Information" in Military or Governmental organizations Commercial/Business Organization:s labels of data classification CORRECT ANSWER: Confidential (or Private for PII) Sensitive (or Internal) Public Breaches vs. Threat events CORRECT ANSWER: A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. Threat events are accidental and intentional exploitations of vulnerabilities. They can also be natural or manmade. Threat events include fire, earthquake, flood, system failure, human error (due to a lack of training or ignorance), and power outage. When a safeguard or countermeasure is non existent or inefficient, what remains? a) Vulnerability b) Risk c) Exposure d) Penetration CORRECT ANSWER: a) Vulnerability Vulnerability is the absence or weakness of a safeguard or countermeasure Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. It is an assessment of probability, possibility, or chance. Exposure is being susceptible to asset loss because of a threat; Vulnerability vs. Exposure CORRECT ANSWER: Vulnerability is the absence or weakness of a safeguard or countermeasure. Exposure is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event. What security control is directly focused on preventing collusion? a) Principle of least privilege b) Job rotation c) Separation of duties d) Qualitative risk analysis CORRECT ANSWER: c) Job rotation Separation of duties and Least privilege do not PREVENT collusion. In fact by giving people less privileges and by separating and limiting their duties people are required to collude if they want to commit any wrongdoing. That does not mean they should not be implemented, but collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used. Else there would be no need to collude if people have too much permission and have privileges to all of the data or system. Separation of duties prevents fraud. The principle of least privilege prevents unauthorized access to protected or sensitive objects and information. Notice that the likelihood that a co-worker will be willing to collaborate in a illegal or abusive activity is reduced because of the higher risk of detection created by the combination of separation of duties, reduced job responsibilities and job rotation You've performed a risk analysis and implemented a countermeasure. When evaluating the risk after the implementation, which of the following would be reduced? a) Exposure factor (EF) b) Single loss expectancy (SLE) c) Asset value d) Annualized Rate of Occurrence (ARO) CORRECT ANSWER: d) Annualized Rate of Occurrence The EF is the % of the asset's value that is lost if the vulnerability is exploited. If the vulnerability is exploited after the implementation of the countermeasure the loss would be the same (think if the countermeasure would not work). Therefore the EF would be the same and its SLE. A safeguard changes the ARO. In fact, the whole point of a safeguard is to reduce the ARO. In other words, a safeguard should reduce the number of times an attack is successful in causing damage to an asset. What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the Business Impact Assessment? a) Monetary b) Utility c) Importance d) Time CORRECT ANSWER: a) Monetary "Importance" is a qualitative metric *BCP Overview* 4 main steps: *1) Project scope and planning* *2) Business impact assessment* *3) Continuity planning * *4) Approval and implementation* *1) Project Scope and Planning:* a) Structured analysis of the BIZ's organization from a crisis planning point of view b) The creation of a BCP team with the approval of senior management c) An assessment of the resources available to participate in BC activities d) An Analysis of legal & regulatory landscape that governs an organization's response to a catastrophic event