CISSP Chapter 1: Questions & Answers: Latest Updated A+ Guide
Which of the following contains the primary goals and objectives of security? A. A network's border perimeter B. The CIA Triad C. A stand-alone system D. The Internet (Ans- B. The primary goals and objectives of security are confidentiality, integrity, and availability, commonly referred to as the CIA Triad . Vulnerabilities and risks are evaluated based on their threats against which of the following? A. One or more of the CIA Triad principles B. Data usefulness C. Due care D. Extent of liability (Ans- A. Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA Triad principles. Which of the following is a principle of the CIA Triad that means authorized subjects are granted timely and uninterrupted access to objects? A. Identification B. Availability C. Encryption D. Layering (Ans- B. Availability means that authorized subjects are granted timely and uninterrupted access to objects. Which of the following is not considered a violation of confidentiality? A. Stealing passwords B. Eavesdropping C. Hardware destruction D. Social engineering (Ans- C. Hardware destruction is a violation of availability and possibly integrity. Violations of confidentiality include capturing network traffic, stealing password files, social engineering, port scanning, shoulder surfing, eavesdropping, and sniffing. Which of the following is not true? A. Violations of confidentiality include human error. B. Violations of confidentiality include management oversight. C. Violations of confidentiality are limited to direct intentional attacks. D. Violations of confidentiality can occur when a transmission is not properly encrypted. (Ans- C. Violations of confidentiality are not limited to direct intentional attacks. Many instances of unauthorized disclosure of sensitive or confidential information are due to human error, oversight, or ineptitude. STRIDE is often used in relation to assessing threats against applications or operating systems. Which of the following is not an element of STRIDE? A. Spoofing B. Elevation of privilege C. Repudiation D. Disclosure (Ans- D. Disclosure is not an element of STRIDE. The elements of STRIDE are spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. If a security mechanism offers availability, then
Written for
- Institution
- CISSP Domain
- Course
- CISSP Domain
Document information
- Uploaded on
- November 5, 2023
- Number of pages
- 14
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
which of the following contains the primary goals
-
vulnerabilities and risks are evaluated based on t
-
which of the following is a principle of the cia t
Also available in package deal
