D#CISSP1 Q.1: In a discretionary mode, which of the following entities is authorized to grant information access to other people? ^A: Manager ^B: Group leader ^C: Security manager ^D: User C#CISSP1 Q.2: Which DES mode of operation is best suited for database encryption? ^A: Cipher Block Chaining (CBC) mode ^B: Cycling Redundancy Checking (CRC) mode ^C: Electronic Code Book (ECB) mode ^D: Cipher Feedback (CFB) mode B#CISSP1 Q.3: Within the realm of IT security, which of the following combinations best defines risk? ^A: Threat coupled with a breach. ^B: Threat coupled with a vulnerability. ^C: Vulnerability coupled with an attack. ^D: Threat coupled with a breach of security. B#CISSP1 Q.4: Which of the following would be the best reason for separating the test and development environments? ^A: To restrict access to systems under test. ^B: To control the stability of the test environment. ^C: To segregate user and development staff. ^D: To secure access to systems under development. A#CISSP1 Q.5: Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organizations activities is incorrect? ^A: The CEO should always be the spokesperson for the company during a disaster. ^B: The disaster recover plan must include how the media is to be handled during the disaster. ^C: The organization's spokesperson should report bad news before the press gets a hold of it through another channel. ^D: An emergency press conference site should be planned ahead. B#CISSP1 Q.6: Which Orange book security rating introduces security labels? ^A: C2 ^B: B1 ^C: B2 ^D: B3 A#CISSP1 Q.7: A Business Impact Analysis (BIA) does not: ^A: Recommend the appropriate recovery solution. ^B: Determine critical and necessary business functions and their resource dependencies. ^C: Identify critical computer applications and the associated outage tolerance. ^D: Estimate the financial impact of a disruption. A#CISSP1 Q.8: Which access control model enables the owner of the resource to specify what subjects can accesss specific resources? ^A: Discretionary Access Control ^B: Mandatory Access Control ^C: Sensitive Access Control ^D: Role -based Access Control C#CISSP1 Q.9: What type of cable is used with 100Base-TX Fast Ethernet? ^A: Fiber-optic cable ^B: Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires. ^C: Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires. ^D: RG.58 cable. B#CISSP1 Q.10: Which of the following best describes the Secure Electronic Transaction (SET) protocol? ^A: Originated by VISA and MasterCard as an Internet credit card protocol. ^B: Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures. ^C: Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer. ^D: Originated by VISA and MasterCard as an Internet credit card protocol using SSL. D#CISSP1 Q.11: At which of the following phases of a software development life cycle are security and access controls ^A: Coding ^B: Product design ^C: Software plans and requirements ^D: Detailed design C#CISSP1 Q.12: Which type of control would password management classify as? ^A: Compensating control ^B: Detective control ^C: Preventive control ^D: Technical control C#CISSP1 Q.13: Due are is not related to: ^A: Good faith ^B: Prudent man ^C: Profit ^D: Best interest D#CISSP1 Q.14: Which of the following is not an Orange Book-defined life cycle assurance requirement? ^A: Security testing ^B: Design specification and testing ^C: Trusted distribution ^D: System integrity A#CISSP1 Q.15: What is another name for the Orange Book? ^A: The Trusted Computer System Evaluation Criteria (TCSEC) ^B: The Trusted Computing Base (TCB) ^C: The Information Technology Security Evaluation Criteria (ITSEC) ^D: The Common Criteria C#CISSP1 Q.16: A password that is the same for each log-on session is called a? ^A:one-time password ^B:two-time password ^C: static password ^D: dynamic password C#CISSP1 Q.17: Which of the following backup methods is most appropriate for off-site archiving? ^A: Incremental backup method. ^B: Off-site backup method. ^C: Full backup method. ^D: Differential backup method. C#CISSP1 Q.18: Which of the following is not a weakness of symmetric cryptography? ^A: Limited security ^B: Key distribution ^C: Speed ^D: Scalability B#CISSP1 Q.19: Which of the following is not a defined layer in the TCP/IP protocol model? ^A: Application layer ^B: Session layer ^C: Internet layer ^D: Network access layer A#CISSP1 Q.20: Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short time storage for changeable data, but require? ^A: Faster file access than tape. ^B: Slower file access than tape. ^C: Slower file access than drive. ^D: Slower file access than scale. B#CISSP1 Q.21: Which one of the following is not a primary component or aspect of firewall systems? ^A: Protocol filtering ^B: Packet switching ^C: Rule enforcement engine ^D: Extended logging capability C#CISSP1 Q.22: What are database views used for? ^A: To ensure referential integrity. ^B: To allow easier access to data in a database. ^C: To restrict user access to data in a database. ^D: To provide audit trails. B#CISSP1 Q.23: Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device? ^A: File services ^B: Mail services ^C: Print services ^D: Client/Server services D#CISSP1 Q.24: Intrusion detection has which of the following sets of characteristics. ^A: It is adaptive rather than preventive. ^B: It is administrative rather than preventive. ^C: It is disruptive rather than preventative. ^D: It is detective rather than preventative. A#CISSP1 Q.25: Which type of password provides maximum security because a new password is required for each now log-on is defined to as? ^A: One-time or dynamic password ^B: Cognitive password ^C: Static password ^D: Pass phrase B#CISSP1 Q.26: They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called? ^A: Token Ring ^B: Tokens ^C: Token passing networks ^D: Coupons A#CISSP1 Q.27: Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject? ^A: Take-Grant model ^B: Access Matrix model ^C: Biba model ^D: Bell-Lapadula model D#CISSP1 Q.28: Which of the following is the BEST way to prevent software license violations? ^A: Implementing a corporate policy on copyright infringements and software use. ^B: Requiring that all PCs be diskless workstations. ^C: Installing metering software on the LAN so applications can be accessed through the metered software. ^D: Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on the PC. A#CISSP1 Q.29: Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the standard for? ^A: Data exchange in many businesses. ^B: Data change in many businesses. ^C: Data compression in many businesses. ^D: Data interchange in many businesses. D#CISSP1 Q.30: What are two types of system assurance? ^A: Operational Assurance and Architecture Assurance. ^B: Design Assurance and Implementation Assurance. ^C: Architecture Assurance and Implementation Assurance. ^D: Operational Assurance and Life-Cycle Assurance. A#CISSP1 Q.31: Why does compiled code pose more risk than interpreted code? ^A: Because malicious code can be embedded in the compiled code and can be difficult to detect. ^B: Because the browser can safely execute all interpreted applets. ^C: Because compilers are not reliable. ^D: It does not. Interpreted code poses more risk than compiled code. C#CISSP1 Q.32: Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? ^A: The Total Quality Model (TQM) ^B: The IDEAL Model ^C: The Software Capability Maturity Model ^D: The Spiral Model A#CISSP1 Q.33: Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud simulates the tones of coins being deposited into a payphone? ^A: Red Boxes ^B: Blue Boxes ^C: White Boxes ^D: Black Boxes C#CISSP1 Q.34: What is the proper term to refer to a single unit of Ethernet data? ^A: Ethernet segment ^B: Ethernet datagram ^C: Ethernet frame ^D: Ethernet packet A#CISSP1 Q.35: Which of the following represents an ALE calculation? ^A: Singe loss expectancy x annualized rate of occurrence. ^B: Gross loss expectancy x loss frequency. ^C: Actual repla cement cost - proceeds of salvage. ^D: Asset value x loss expectancy. A#CISSP1 Q.36: IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist? ^A: Disclosure of residual data. ^B: Unauthorized obtaining of a privileged execution state. ^C: Data leakage through covert channels. ^D: Denial of service through a deadly embrace. A#CISSP1 Q.37: Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a? ^A: Single array ^B: Dual array ^C: Triple array ^D: Quadruple array D#CISSP1 Q.38: Why would anomaly detection IDSs often generate a large number of false positives? ^A: Because they can only identify correctly attacks they already know about. ^B: Because they are application-based are more subject to attacks. ^C: Because they cant identify abnormal behavior. ^D: Because normal patterns of user and system behavior can vary wildly. C#CISSP1 Q.39: According to private sector data classification levels, how would salary levels and medical information be classified? ^A: Public ^B: Sensitive ^C: Private ^D: Confidential B#CISSP1 Q.40: Which of the following is used in database information security to hide information? ^A: Inheritance ^B: Polyinstantiation ^C: Polymorphism ^D: Delegation A#CISSP1 Q.41: Which of the following evaluates the product against the specification? ^A: Verification ^B: Validation ^C: Concurrence ^D: Accuracy D#CISSP1 Q.42: Application Level Firewalls are commonly a host computer running proxy server software, which makes a? ^A: Proxy Client ^B: Proxy Session ^C: Proxy System ^D: Proxy Server B#CISSP1 Q.43: What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim's machine on any open port that is listening? ^A: Bonk attack ^B: Land attack ^C: Teardrop attack ^D: Smurf attack A#CISSP1 Q.44: The beginning and the end of each transfer during asynchronous communication data transfer are marked by? ^A: Start and Stop bits. ^B: Start and End bits. ^C: Begin and Stop bits. ^D: Start and Finish bits. A#CISSP1 Q.45: Most of unplanned downtime of information systems is attributed to which of the following? ^A: Hardware failure ^B: Natural disaster ^C: Human error ^D: Software failure A#CISSP1 Q.46: Raid that functions as part of the operating system on the file server ^A: Software implementation ^B: Hardware implementation ^C: Network implementation ^D: Netware implementation C#CISSP1 Q.47: During which phase of an IT system life cycle are security requirements developed? ^A: Operation ^B: Initiation ^C: Development ^D: Implementation B#CISSP1 Q.48: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of? ^A: Deterrent controls ^B: Output controls ^C: Information flow controls ^D: Asset controls B#CISSP1 Q.49: Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on? ^A: The societies role in the organization. ^B: The individual's role in the organization. ^C: The group-dynamics as they relate to the individual's role in the organization. ^D: The group-dynamics as they relate to the master-slave role in the organization. B#CISSP1 Q.50: An effective information security policy should not have which of the following characteristics? ^A: Include separation of duties. ^B: Be designed with a short-to mid-term focus. ^C: Be understandable and supported by all stakeholders. ^D: Specify areas of responsibility and authority. B#CISSP1 Q.51: Which of the following statements pertaining to secure information processing facilities is incorrect? ^A: Walls should have an acceptable fire rating. ^B: Windows should be protected by bars. ^C: Doors must resist forcible entry. ^D: Location and type of fire suppression systems should be known. D#CISSP1 Q.52: Making sure that the data is accessible when and where it is needed is which of the following? ^A: Confidentiality ^B: Integrity ^C: Acceptability ^D: Availability B#CISSP1 Q.53: Business continuity plan development depends most on? ^A: Directives of Senior Management ^B: Business Impact Analysis (BIA) ^C: Scope and Plan Initiation ^D: Skills of BCP committee D#CISSP1 Q.54: Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces? ^A: Transport layer ^B: Network layer ^C: Data link layer ^D: Physical layer D#CISSP1 Q.55: Related to information security, availability is the opposite of which of the following? ^A: Delegation ^B: Distribution ^C: Documentation ^D: Destruction A#CISSP1 Q.56: Which of the following is a disadvantage of a behavior-based ID system? ^A: The activity and behavior of the users while in the networked system may not be static enough to effectively implement a behavior-based ID system. ^B: The activity and behavior of the users while in the networked system may be dynamic enough to effectively implement a behavior-based ID system. ^C: The activity and behavior of the users while in the networked system may not be dynamic enough to effectively implement a behavior-based ID system. ^D: The system is characterized by high false negative rates where intrusions are missed. C#CISSP1 Q.57: Which of the following statements pertaining to VPN protocol standards is false? ^A: L2TP is a combination of PPTP and L2F. ^B: L2TP and PPTP were designed for single point-to-point client to server communication. ^C: L2TP operates at the network layer. ^D: PPTP uses native PPP authentication and encryption services. C#CISSP1 Q.58: What is the most critical characteristic of a biometric identifying system? ^A: Perceived intrusiveness ^B: Storage requirements ^C: Accuracy ^D: Reliability A#CISSP1 Q.59: RAID Software can run faster in the operating system because neither use the hardware -level parity drives by? ^A: Simple striping or mirroring. ^B: Hard striping or mirroring. ^C: Simple hamming code parity or mirroring. ^D: Simple striping or hamming code parity. A#CISSP1 Q.60: The guarantee that the message sent is the message received, and that the message was not intentionally or unintentionally altered is? ^A: Integrity ^B: Confidentiality ^C: Availability ^D: Identity B#CISSP1 Q.61: Which of the following is a preventive control? ^A: Motion detectors ^B: Guard dogs ^C: Audit logs ^D: Intrusion detection systems B#CISSP1 Q.62: What uses a key of the same length as the message? ^A: Running key cipher ^B: One-time pad ^C: Steganography ^D: Cipher block chaining A#CISSP1 Q.63: Which of the following protocols operates at the session layer (layer 5)? ^A: RPC ^B: IGMP ^C: LDP ^D: SPX B#CISSP1 Q.64: Which of the following are NOT a countermeasure to traffic analysis? ^A: Padding messages ^B: Eavesdropping ^C: Sending noise ^D: Covert channel analysis C#CISSP1 Q.65: Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at? ^A: Application layer ^B: Session layer ^C: Network layer ^D: Presentation layer C#CISSP1 Q.66: A prolonged high voltage is? ^A: Spike ^B: Blackout ^C: Surge ^D: Fault D#CISSP1 Q.67: How do the Information Labels of Compartmented Mode Workstation differ from the Sensitivity Levels of B3 evaluated systems? ^A: Information Labels in CMW are homologous to Sensitivity Labels, but a different term was chosen to emphasize that CMW's are not described in the Orange Book. ^B: Information La bels contain more information than Sensitivity Labels, thus allowing more granular access decisions to be made. ^C: Sensitivity Labels contain more information than Information Labels because B3+ systems should store more sensitive data than workstations. ^D: Information Labels contain more information than Sensitivity Labels, but are not used by the Reference Monitor to determine access permissions. A#CISSP1 Q.68: In what security mode can a system be operating if all users have the clearance or authorization and need-to-know to all data processed within the system? ^A: Dedicated security mode. ^B: System-high security mode. ^C: Compartmented security mode. ^D: Multilevel security mode. D#CISSP1 Q.69: What are the three conditions that must be met by the reference monitor? ^A: Confidentiality, availability and integrity. ^B: Policy, mechanism and assurance. ^C: Isolation, layering and abstraction. ^D: Isolation, completeness and verifiability. B#CISSP1 Q.70: While referring to Physical Security, what does Positive pressurization means? ^A: The pressure inside your sprinkler system is greater than zero. ^B: The air goes out of a room when a door is opened and outside air does not go into the room. ^C: Causes the sprinkler system to go off. ^D: A series of measures that increase pressure on employees in order to make them more productive. C#CISSP1 Q.71: The baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? ^A: Checkpoint level ^B: Ceiling level ^C: Clipping level ^D: Threshold level B#CISSP1 Q.72: The most prevalent cause of computer center fires is which of the following? ^A: AC equipment ^B: Electric al distribution systems. ^C: Heating systems ^D: Natural causes C#CISSP1 Q.73: An offsite backup facility intended to operate an information processing facility, having no computer or communications equipment, but having flooring, electrical writing, air conditioning, et^C: Is better known as a? ^A: Hot site ^B: Duplicate processing facility ^C: Cold site ^D: Warm site C#CISSP1 Q.74: Which of the following are necessary components of a Multi-Level Security Policy? ^A: Sensitivity Labels and a ""system high"" evaluation." ^B: Sensitivity Labels and Discretionary Access Control. ^C: Sensitivity Labels and Mandatory Access Control. ^D: Object Labels and a ""system high"" evaluation." A#CISSP1 Q.75: Which of the following, used to extend a network, has a storage capacity to store frames and act as a store -and-forward device? ^A: Bridge ^B: Router ^C: Repeater ^D: Gateway D#CISSP1 Q.76: Which of the following is addressed by Kerberos? ^A: Confidentiality and integrity. ^B: Authorization and authentication. ^C: Validation and integrity. ^D: Confidentiality and integrity. A#CISSP1 Q.77: Access Control techniques do not include which of the following choices? ^A: Relevant Access Controls ^B: Discretionary Access Control ^C: Mandatory Access Control ^D: Lattice Based Access Control D#CISSP1 Q.78: Why is public key cryptography recommended for use in the process of securing facsimiles during transmission? ^A: Keys are never transmitted over the network. ^B: Data compression decreases key change frequency. ^C: Key data is not recognizable from facsimile data. ^D: The key is securely passed to the receiving machine. A#CISSP1 Q.79: Database views are not used to: ^A: Implement referential integrity. ^B: Implement least privilege. ^C: To implement content-dependent access restrictions. ^D: Implement need-to-know. B#CISSP1 Q.80: Which of the following is most concerned with personnel security? ^A: Management controls ^B: Operational controls ^C: Technical controls ^D: Human resources controls. A#CISSP1 Q.81: Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect? ^A: With TCSEC, functionality and assurance are evaluated separately. ^B: TCSEC provides a means to evaluate the trustworthiness of an information system. ^C: The Orange book does not cover networks and communications. ^D: Data base management systems are not covered by the TCSEC. B#CISSP1 Q.82: Which of the following could illegally capture network user passwords? ^A: Data diddling ^B: Sniffing ^C: Spoofing ^D: Smurfing A#CISSP1 Q.83: Which trusted facility management concept implies that two operators must review and approve the work of each other? ^A: Two-man control ^B: Dual control ^C: Double control ^D: Segregation control B#CISSP1 Q.84: There are more than 20 books in the Rainbow Series. Which of the following covers password management guidelines? ^A: Orange Book ^B: Green Book ^C: Red Book ^D: Lavender Book D#CISSP1 Q.85: Which of the following is an ip address that is private? (i.e. reserved for internal networks, and not a valid address to use on the Internet)? ^A: 172.5.42.5 ^B: 172.76.42.5 ^C: 172.90.42.5 ^D: 172.16.42.5 C#CISSP1 Q.86: How fast is private key cryptography compared to public key cryptography? ^A: 10 to 100 times faster. ^B: 100 to 1000 times faster. ^C: 1000 to 10000 times faster. ^D: 10000 to 20000 times faster. C#CISSP1 Q.87: The continual effort of making sure that the correct policies, procedures and standards are in place and being followed is described as what? ^A: Due care ^B: Due concern ^C: Due diligence ^D: Due practice A#CISSP1 Q.88: Which tape format type is mostly used for home/small office backups? ^A: Quarter Inch Cartridge drives (QIC) ^B: Digital Linear Tapes (DLT) ^C: 8mm tape ^D: Digital Audio Tape (DAT) C#CISSP1 Q.89: In an organization, an Information Technology security function shoul^D: ^A: Be a function within the information systems function of an organization. ^B: Report directly to a specialized business unit such as legal, corporate security or insurance. ^C: Be lead by a Chief Security Officer and report directly to the CEO. ^D: Be independent but report to the Information Systems function. C#CISSP1 Q.90: Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? ^A: Business and functional managers. ^B: IT Security practitioners. ^C: System and information owners. ^D: Chief information officer. A#CISSP1 Q.91: The act of requiring two of the three factors to be used in the authentication process refers to? ^A: Two-Factor Authentication ^B: One-Factor Authentication ^C: Bi-Factor Authentication ^D: Double Authentication A#CISSP1 Q.92: This type of backup management provides a continuous on-line backup by using optical or tape jukeboxes, similar to WORMs, (Write Once, Read Many) ^A: Hierarchical Storage Management (HSM). ^B: Hierarchical Resource Management (HRM). ^C: Hierarchical Access Management (HAM). ^D: Hierarchical Instance Management (HIM). D#CISSP1 Q.93: Which of the following elements is not included in a Public Key Infrastructure (PKI)? ^A: Timestamping ^B: Lightweight Directory Access Protocol (LDAP) ^C: Certificate revocation ^D: Internet Key Exchange (IKE) B#CISSP1 Q.94: Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? ^A: Direct addressing ^B: Indirect addressing ^C: Indexed addressing ^D: Program addressing B#CISSP1 Q.95: Creation and maintenance of intrusion detection systems and processes for the following is one of them identify it: ^A: Event nonrepudiation ^B: Event notification ^C: Netware monitoring ^D: Guest access A#CISSP1 Q.96: Which of the following is true related to network sniffing? ^A: Sniffers allow an attacker to monitor data passing across a network. ^B: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods, ^C: Sniffers take over network connections. ^D: Sniffers send IP fragments to a system that overlap with each other. A#CISSP1 Q.97: Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? ^A: User datagram protocol (UDP) ^B: Internet protocol (IP) ^C: Address resolution protocol (ARP) ^D: Internet control message protocol (ICMP) B#CISSP1 Q.98: Which of the following is used to help business units understand the impact of a disruptive event? ^A: A risk analysis. ^B: A business impact assessment. ^C: A vulnerability assessment. ^D: A disaster recovery plan. B#CISSP1 Q.99: A contingency plan should address? ^A: Potential risks ^B: Residual risks ^C: Identified risks ^D: All of the above A#CISSP1 Q.100: In the OSI/ISO model, at what level is SET (SECURE ELECTRONIC TRANSACTION PROTOCOL) provided? ^A: Application ^B: Network ^C: Presentation ^D: Session A#CISSP1 Q.101: A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the session's communications protocol (TCP, UDP or ICMP), and the source destination application port for the? ^A: Desired service ^B: Dedicated service ^C: Delayed service ^D: Distributed service. A#CISSP1 Q.102: Packet Filtering Firewalls system is considered a? ^A: First generation firewall. ^B: Second generation firewall. ^C: Third generation firewall. ^D: Fourth generation firewall. D#CISSP1 Q.103: When should a post-mortem review meeting be held after an intrusion has been properly taken care of? ^A: Within the first three months after the investigation of the intrusion is completed. ^B: Within the first week after prosecution of intruders have taken place, whether successful or not. ^C: Within the first month after the investigation of the intrusion is completed. ^D: Within the first week of completing the investigation of the intrusion. A#CISSP1 Q.104: Which of the following can be used as a covert channel? ^A: Storage and timing. ^B: Storage and low bits. ^C: Storage and permissions. ^D: Storage and classification. C#CISSP1 Q.105: Which software development model is actually a meta-model that incorporates a number of the software development models? ^A: The Waterfall model. ^B: The modified Waterfall model. ^C: The Spiral model. ^D: The Critical Patch Model (CPM). B#CISSP1 Q.106: What is not true with pre -shared key authentication within IKE / IPsec protocol: ^A: Pre-shared key authentication is normally based on simple passwords. ^B: Needs a PKI to work. ^C: Only one preshared key for all VPN connections is needed. ^D: Costly key management on large user groups. D#CISSP1 Q.107: Which question is NOT true concerning Application Control? ^A: It limits end users of applications in such a way that only particular screens are visible. ^B: Only specific records can be requested choice. ^C: Particular uses of the application can be recorded for audit purposes. ^D: Is non-transparent to the endpoint applications so changes are needed to the applications involved. C#CISSP1 Q.108: In order to ensure the privacy and integrity of the data, conne ctions between firewalls over public networks should use? ^A: Screened subnets ^B: Digital certificates ^C: Encrypted Virtual Private Networks ^D: Encryption D#CISSP1 Q.109: What is necessary for a subject to have write access to an object in a Multi-Level Security Policy? ^A: The subject's sensitivity label must dominate the object's sensitivity label. ^B: The subject's sensitivity label subordinates the object's sensitivity label. ^C: The subject's sensitivity label is subordinated by the object's sensitivity label. ^D: The subject's sensitivity label is dominated by the object's sensitivity label. B#CISSP1 Q.110: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account? ^A: Data fiddling ^B: Data diddling ^C: Data hiding ^D: Data masking A#CISSP1 Q.111: Which of the following is unlike the other three? ^A: El Gamal ^B: Teardrop ^C: Buffer Overflow ^D: Smurf D#CISSP1 Q.112: Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud manipulates the line voltage to receive a tool-free call? ^A: Red Boxes ^B: Blue Boxes ^C: White Boxes ^D: Black Boxes D#CISSP1 Q.113: Which of the following groups represents the leading source of computer crime losses? ^A: Hackers ^B: Industrial saboteurs ^C: Foreign intelligence officers ^D: Employees A#CISSP1 Q.114: Which of the following steps should be performed first in a business impact analysis (BIA)? ^A: Identify all business units within the organization. ^B: Evaluate the impact of disruptive events. ^C: Estimate the Recovery Time Objectives (RTO). ^D: Evaluate the criticality of business functions. C#CISSP1 Q.115: Which of the following embodies all the detailed actions that personnel are required to follow? ^A: Standards ^B: Guidelines ^C: Procedures ^D: Baselines D#CISSP1 Q.116: Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases) is? ^A: Coaxial cable ^B: Twisted Pair cable ^C: Axial cable ^D: Fiber Optic cable A#CISSP1 Q.117: Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or cassette? ^A: Degaussing ^B: Parity Bit Manipulation ^C: Certification ^D: Buffer overflow A#CISSP1 Q.118: Which of the following is an advantage of prototyping? ^A: Prototype systems can provide significant time and cost savings. ^B: Change control is often less complicated with prototype systems. ^C: It ensures that functions or extras are not added to the intended system. ^D: Strong internal controls are easier to implement. A#CISSP1 Q.119: The IS security analyst's participation in which of the following system development life cycle phases provides maximum benefit to the organization? ^A: System requirements definition. ^B: System design. ^C: Program development. ^D: Program testing. C#CISSP1 Q.120: Controls are implemented to? ^A: Eliminate risk and reduce the potential for loss. ^B: Mitigate risk and eliminate the potential for loss. ^C: Mitigate risk and reduce the potential for loss. ^D: Eliminate risk and eliminate the potential for loss. A#CISSP1 Q.121: A circuit level gateway is ________ when compared to an application level firewall. ^A: Easier to maintain. ^B: More difficult to maintain. ^C: More secure. ^D: Slower C#CISSP1 Q.122: In IPSec, if the communication mode is gateway-gateway or host-gateway: ^A: Only tunnel mode can be used. ^B: Only transport mode can be used. ^C: Encapsulating Security Payload (ESP) authentication must be used. ^D: Both tunnel and transport mode can be used. C#CISSP1 Q.123: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? ^A: The Take-Grant model ^B: The Biba integrity model ^C: The Clark Wilson integrity model ^D: The Bell-LaPadula integrity model A#CISSP1 Q.124: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? ^A: In order to facilitate recover, a single plan should cover all locations. ^B: There should be requirements for to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.^C: In its procedures and tasks, the plan should refer to functions, not specific individuals. ^D: Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner. C#CISSP1 Q.125: What are suitable protocols for securing VPN connections? ^A: S/MIME and SSH ^B: TLS and SSL ^C: IPsec and L2TP ^D: PKCS and X.509 D#CISSP1 Q.126: Which of the following questions is less likely to help in assessing identification and authentication controls? ^A: Is a current list maintained and approved of authorized users and their access? ^B: Are passwords changed at least every ninety days or earlier if needed? ^C: Are inactive user identifications disabled after a specified period of time? ^D: Is there a process for reporting incidents? B#CISSP1 Q.127: The primary purpose for using one -way encryption of user passwords within a system is which of the following? ^A: It prevents an unauthorized person from trying multiple passwords in one logon attempt. ^B: It prevents an unauthorized person from reading or modifying the password list. ^C: It minimizes the amount of storage required for user passwords. ^D: It minimizes the amount of processing time used for encrypting passwords. D#CISSP1 Q.128: The security of a computer application is most effective and economical in which of the following cases? ^A: The system is optimized prior to the addition of security. ^B: The system is procured off-the-shelf. ^C: The system is customized to meet the specific security threat. ^D: The system is designed originally to provide the necessary security. D#CISSP1 Q.129: In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individual's identity? ^A: Retina scans ^B: Iris scans ^C: Palm scans ^D: Skin scans A#CISSP1 Q.130: Which of the following proves or disproves a specific act though oral testimony based on information gathered through the witness's five senses? ^A: Direct evidence ^B: Circumstantial evidence ^C: Conclusive evidence ^D: Corroborative evidence B#CISSP1 Q.131: Which of the following would be defined as an absence of safeguard that could be exploited? ^A: A threat ^B: A vulnerability ^C: A risk ^D: An exposure D#CISSP1 Q.132: Which of the following is a LAN transmission protocol? ^A: Ethernet ^B: Ring topology ^C: Unicast ^D: Polling B#CISSP1 Q.133: Why would a database be denormalized? ^A: To ensure data integrity. ^B: To increase processing efficiency. ^C: To prevent duplication of data. ^D: To save storage space. C#CISSP1 Q.134: Under ""Named Perils"" form of Property insurance " ^A: Burden of proof that particular loss is covered is on Insurer. ^B: Burden of proof that particular loss is not covered is on Insurer. ^C: Burden of proof that particular loss is covered is on Insured. ^D: Burden of proof that particular loss is not covered is on Insured. C#CISSP1 Q.135: The following is not true: ^A: Since the early days of mankind humans have struggled with the problems of protecting assets. ^B: The addition of a PIN keypad to the card reader was a solution to unreported card or lost card problem. ^C: There has never been of problem of lost keys. ^D: Human guard is an inefficient and sometimes ineffective method of protecting resources. C#CISSP1 Q.136: Which of the following statements pertaining to software testing approaches is correct? ^A: A bottom-up approach allows interface errors to be detected earlier. ^B: A top-down approach allows errors in critical modules to be detected earlier. ^C: The test plan and results should be retained as part of the system's permanent documentation. ^D: Black box testing is predicted on a close examination of procedural detail. C#CISSP1 Q.137: Which Orange Book evaluation level is described as ""Structured Protection""? " ^A: A1 ^B: B3 ^C: B2 ^D: B1 C#CISSP1 Q.138: Which of the following questions should any user not be able to answer regarding their organization information security policy? ^A: Who is involved in establishing the security policy? ^B: Where is the organization security policy defined? ^C: What are the actions that need to be performed in case of a disaster? ^D: Who is responsible for monitoring compliance to the organization security policy? A#CISSP1 Q.139: RAID Level 1 mirrors the data from one disk to set of disks using which of the following techniques? ^A: Copying the data onto another disk or set of disks. ^B: Moving the data onto another disk or set of disks.^C: Establishing dual connectivity to another disk or set of disks. ^D: Establishing dual addressing to another disk or set of disks. A#CISSP1 Q.140: Which type of firewall can be used to track connectionless protocols such as UDP and RPC? ^A: Statefull inspection firewalls ^B: Packet filtering firewalls ^C: Application level firewalls ^D: Circuit level firewalls C#CISSP1 Q.141: Which of the following items should not be retained in an E-mail directory? ^A: Drafts of documents. ^B: Copies of documents. ^C: Permanent records. ^D: Temporary documents. C#CISSP1 Q.142: Which of the following department managers would be best suited to oversee the development of an information security policy? ^A: Information systems ^B: Human resources ^C: Business operations ^D: Security administration B#CISSP1 Q.143: Which of the following counterme asures is not appropriate for war dialing attacks? ^A: Monitoring and auditing for such activity. ^B: Disabling call forwarding. ^C: Making sure only necessary phone numbers are made public. ^D: Using completely different numbers for voice and data accesses. B#CISSP1 Q.144: Which of the following tools is less likely to be used by a hacker? ^A: I0phtcrack ^B: Tripwire ^C: Crack ^D: John the Ripper A#CISSP1 Q.145: Which of the following logical access exposures involves changing data before, or as it is entered into the computer? ^A: Data diddling ^B: Salami techniques ^C: Trojan horses ^D: Viruses B#CISSP1 Q.146: Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts? ^A: Lower CASE ^B: Middle CASE ^C: Upper CASE ^D: I-CASE C#CISSP1 Q.147: What is called the number of columns in a table? ^A: Schema ^B: Relation ^C: Degree ^D: Cardinality B#CISSP1 Q.148: Which of the following is the most reliable authentication device? ^A: Variable callback system ^B: Smart Card system ^C: Fixed callback system ^D: Combination of variable and fixed callback system. C#CISSP1 Q.149: Which of the following firewall rules is less likely to be found on a firewall installed between and organization internal network and the Internet? ^A: Permit all traffic to and from local host. ^B: Permit all inbound ssh traffic ^C: Permit all inbound tcp connections. ^D: Permit all syslog traffic to log-server.abc.org. B#CISSP1 Q.150: The Internet can be utilized by either? ^A: Public or private networks (with a Virtual Private Networks). ^B: Private or public networks (with a Virtual Private Networks). ^C: Home or private networks (with a Virtual Private Networks). ^D: Public or home networks (with a Virtual Private Networks). A#CISSP1 Q.151: This backup method must be made regardless of whether Differential or Incremental methods are use^D: ^A: Full Backup Method ^B: Incremental backup method ^C: Differential backup method ^D: Tape backup method D#CISSP1 Q.152: Why do buffer overflows happen? ^A: Because buffers can only hold so much data. ^B: Because input data is not checked for appropriate length at time of input. ^C: Because they are an easy weakness to exploit. ^D: Because of insufficient system memory. C#CISSP1 Q.153: Which of the following should not be performed by an operator? ^A: Mounting disk or tape ^B: Backup and recovery ^C: Data entry ^D: Handling hardware C#CISSP1 Q.154: What security model is dependant on security labels? ^A: Discretionary access control ^B: Label-based access control ^C: Mandatory access control ^D: Non-discretionary access control A#CISSP1 Q.155: Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following? ^A: Audit log capabilities ^B: Event capture capabilities ^C: Event triage capabilities ^D: Audit notification capabilities B#CISSP1 Q.156: Computer crime is generally made possible by which of the following? ^A: The perpetrator obtaining training & special knowledge. ^B: Victim carelessness. ^C: Collusion with others in information processing ^D: System design flaws. A#CISSP1 Q.157: The structures, transmission methods, transport formats, and security measures that are used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media includes? ^A: The Telecommunications and Network Security domain. ^B: The Telecommunications and Netware Security domain. ^C: The Technical communications and Network Security domain. ^D: The Telnet and Network Security domain. A#CISSP1 Q.158: Which of the following is the lowest TCSEC class where in the sys tem must protected against covert storage channels (but not necessarily covert timing channels)? ^A: B2 ^B: B1 ^C: B3 ^D: A1 C#CISSP1 Q.159: Which type of control is concerned with avoiding occurrences of risks? ^A: Deterrent controls ^B: Detective controls ^C: Preventive controls ^D: Compensating controls A#CISSP1 Q.160: The basic function of an FRDS is to? ^A: Protect file servers from data loss and a loss of availability due to disk failure. ^B: Persistent file servers from data gain and a gain of availability due to disk failure. ^C: Prudent file servers from data loss and a loss of acceptability due to disk failure. ^D: Packet file servers from data loss and a loss of accountability due to disk failure. D#CISSP1 Q.161: Which of the following protocols does not operate at the data link layer (layer 2)? ^A: PPP ^B: RARP ^C: L2F ^D: ICMP A#CISSP1 Q.162: This tape format can be used to backup data systems in addition to its original intended audio used by: ^A: Digital Audio tape (DAT) ^B: Digital video tape (DVT) ^C: Digital Casio Tape (DCT) ^D: Digital Voice Tape (DVT) C#CISSP1 Q.163: By examining the ""state"" and ""context"" of the incoming data packets, it helps to track the protocols" "that are considered ""connectionless"", such as UDP-based applications and Remote Procedure Calls" (RPC). This type of firewall system is used in? ^A: First generation firewall systems. ^B: Second generation firewall systems. ^C: Third generation firewall systems. ^D: Fourth generation firewall systems. A#CISSP1 Q.164: Guards are appropriate whenever the function required by the security program involves which of the following? ^A: The use of discriminating judgment. ^B: The use of physical force. ^C: The operation of access control devices. ^D: The need to detect unauthorized access. A#CISSP1 Q.165: A server cluster looks like a? ^A: Single server from the user's point of view. ^B: Dual server from the user's point of view. ^C: Tripe server from the user's point of view. ^D: Quardle server from the user's point of view. D#CISSP1 Q.166: Which of the following are functions that are compatible in a properly segregated environment? ^A: Application programming and computer operation. ^B: System programming and job control analysis. ^C: Access authorization and database administration. ^D: System development and systems maintenance. B#CISSP1 Q.167: Encryption is applicable to all of the following OSI/ISO layers except: ^A: Network layer ^B: Physical layer ^C: Session layer ^D: Data link layer A#CISSP1 Q.168: The Computer Security Policy Model the Orange Book is based on is which of the following? ^A: Bell-LaPadula ^B: Data Encryption Standard ^C: Kerberos ^D: Tempest A#CISSP1 Q.169: Which type of attack would a competitive intelligence attack best classify as? ^A: Business attack ^B: Intelligence attack ^C: Financial attack ^D: Grudge attack C#CISSP1 Q.170: Which of the following is responsible for the most security issues? ^A: Outside espionage ^B: Hackers ^C: Personnel ^D: Equipment failure A#CISSP1 Q.171: Which of the following goals is NOT a goal of Problem Management? ^A: To eliminate all problems. ^B: To reduce failures to a manageable level. ^C: To prevent the occurrence or re-occurrence of a problem. ^D: To mitigate the negative impact of problems on computing services and resources. D#CISSP1 Q.172: Examples of types of physical access controls include all except which of the following? ^A: badges ^B: locks ^C: guards ^D: passwords C#CISSP1 Q.173: Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect? ^A: All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained. ^B: All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals. ^C: All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as associating or preparing to associate with criminals or criminal behavior. ^D: All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures. C#CISSP1 Q.174: Which DES modes can best be used for authentication? ^A: Cipher Block Chaining and Electronic Code Book. ^B: Cipher Block Chaining and Output Feedback. ^C: Cipher Block Chaining and Cipher Feedback. ^D: Output Feedback and Electronic Code Book. A#CISSP1 Q.175: In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? ^A: Link ^B: Transport ^C: Presentation ^D: Application B#CISSP1 Q.176: Which of the following best describes the purpose of debugging programs? ^A: To generate random data that can be used to test programs before implementing them ^B: To ensure that program coding flaws are detected and corrected. ^C: To protect, during the programming phase, valid changes from being overwritten by other changes. ^D: To compare source code versions before transferring to the test environment. A#CISSP1 Q.177: With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can be replaced on the server while the? ^A: System is up and running. ^B: System is down and running. ^C: System is in-between and running. ^D: System is centre and running. A#CISSP1 Q.178: What is the process that RAID Level 0 uses as it creates one large disk by using several disks? ^A: Striping ^B: Mirroring ^C: Integrating ^D: Clustering A#CISSP1 Q.179: Which of the following is used to create and delete views and relations within tables? ^A: SQL Data Definition Language ^B: SQL Data Manipulation Language ^C: SQL Data Relational Language ^D: SQL Data Identification Language B#CISSP1 Q.180: Which division of the Orange Book deals with discretionary protection (need-to-know)? ^A: D ^B: C ^C: B ^D: A C#CISSP1 Q.181:The Diffie -Hellman algorithm is used for? ^A: Encryption ^B: Digital signature ^C: Key exchange ^D: Non-repudiation A#CISSP1 Q.182: Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is the? ^A: Full backup method. ^B: Incremental backup method. ^C: Differential backup method. ^D: Tape backup method. C#CISSP1 Q.183: Which of the following teams should not be included in an organization's contingency plan? ^A: Damage assessment team. ^B: Hardware salvage team. ^C: Tiger team. ^D: Legal affairs team. B#CISSP2 Q.1: Covert channel is a communication channel that can be used for: ^A: Hardening the system. ^B: Violating the security policy. ^C: Protecting the DMZ. "^D: Strengthening the security policy.""" C#CISSP2 Q.2: To ensure that integrity is attainted through the Clark and Wilson model, certain rules are neede. These rules are: ^A: Processing rules and enforcement rules. ^B: Integrity-bouncing rules. ^C: Certification rules and enforcement rules. ^D: Certification rules and general rules. D#CISSP2 Q.3: What was introduces for circumventing difficulties in classic approaches to computer security by limiting damages produces by malicious programs? ^A: Integrity-preserving ^B: Ref Mon ^C: Integrity-monitoring ^D: Non-Interference A#CISSP2 Q.4: What is an indirect way to transmit information with no explicit reading of confidential information? ^A: Covert channels ^B: Backdoor ^C: Timing channels ^D: Overt channels B#CISSP2 Q.5: Which of the following are the limitations of the BLP model? ^A: No policies for changing access data control. ^B: All of the choices. ^C: Contains covert channels. ^D: Static in nature. B#CISSP2 Q.6: Which of the following are the two most well known access control models? ^A: Lattice and Biba ^B: Bell LaPadula and Biba ^C: Bell LaPadula and Chinese war ^D: Bell LaPadula and Info Flow A#CISSP2 Q.7: What can be defined as a formal security model for the integrity of subjects and objects in a system? ^A: Biba ^B: Bell LaPadulaLattice ^C: Lattice ^D: Info Flow D#CISSP2 Q.8: Which of the following is best known for capturing security requirements of commercial applications? ^A: Lattice ^B: Biba ^C: Bell LaPadula ^D: Clark and Wilson B#CISSP2 Q.9: The Clark Wilson model has its emphasis on: ^A: Security ^B: Integrity ^C: Accountability ^D: Confidentiality B#CISSP2 Q.10: Which of the following is a state machine model capturing confidentiality aspects of access control? ^A: Clarke Wilson ^B: Bell-LaPadula ^C: Chinese Wall ^D: Lattice C#CISSP2 Q.11: With the BLP model, access permissions are defined through: ^A: Filter rules ^B: Security labels ^C: Access Control matrix ^D: Profiles B#CISSP2 Q.12: With the BLP model, security policies prevent information flowing downwards from a: ^A: Low security level ^B: High security level ^C: Medium security level ^D: Neutral security level D#CISSP2 Q.13: When will BLP consider the information flow that occurs? ^A: When a subject alters on object. ^B: When a subject accesses an object. ^C: When a subject observer an object. ^D: All of the choices. C#CISSP2 Q.14: Separation of duties is valuable in deterring: ^A: DoS ^B: external intruder ^C: fraud ^D: trojan house C#CISSP2 Q.15: What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set? ^A: Use of rights ^B: Balance of power ^C: Separation of duties ^D: Fair use D#CISSP2 Q.16: Separation of duty can be: ^A: Dynamic only ^B: Encrypted ^C: Static only ^D: Static or dynamic A#CISSP2 Q.17: Who should determine the appropriate sensitivity classifications of information? ^A: Owner ^B: Server ^C: Administrator ^D: User A#CISSP2 Q.18: Who should determine the appropriate access control of information? ^A: Owner ^B: User ^C: Administrator ^D: Server D#CISSP2 Q.19: What principle requires that a user be given no more privilege then necessary to perform a job? ^A: Principle of aggregate privilege. ^B: Principle of most privilege. ^C: Principle of effective privilege. ^D: Principle of least privilege. B#CISSP2 Q.20: To ensure least privilege requires that __________ is identified. ^A: what the users privilege owns ^B: what the users job is ^C: what the users cost is ^D: what the users group is B#CISSP2 Q.21: The concept of least privilege currently exists within the context of: ^A: ISO ^B: TCSEC ^C: OSI ^D: IEFT B#CISSP2 Q.22: Enforcing minimum privileges for general system users can be easily achieved through the use of: ^A: TSTEC ^B: RBAC ^C: TBAC ^D: IPSEC B#CISSP2 Q.23: Which of the following are potential firewall problems that should be logged? ^A: Reboot ^B: All of the choices. ^C: Proxies restarted. ^D: Changes to configuration file. A#CISSP2 Q.24: Which of the following are security events on Unix that should be logged? ^A: All of the choices. ^B: Use of Setgid. ^C: Change of permissions on system files. ^D: Use of Setuid. B#CISSP2 Q.25: What process determines who is trusted for a given purpose? ^A: Identification ^B: Authorization ^C: Authentication ^D: Accounting B#CISSP2 Q.26: Which of the following tools can you use to assess your networks vulnerability? ^A: ISS ^B: All of the choices. ^C: SATAN ^D: Ballista D#CISSP2 Q.27: Which of the following should NOT be logged for performance problems? ^A: CPU load. ^B: Percentage of use. ^C: Percentage of idle time. ^D: None of the choices. A#CISSP2 Q.28: Which of the following should be logged for security problems? ^A: Use of mount command. ^B: Percentage of idle time. ^C: Percentage of use. ^D: None of the choices. B#CISSP2 Q.29: Which of the following services should be logged for security purpose? ^A: bootp ^B: All of the choices. ^C: sunrpc ^D: tftp D#CISSP2 Q.30: Who should NOT have access to the log files? ^A: Security staff. ^B: Internal audit staff. ^C: System administration staff. ^D: Manager’s secretary. C#CISSP2 Q.31: Which of the following correctly describe the use of the collected logs? ^A: They are used in the passive monitoring process only. ^B: They are used in the active monitoring process only. ^C: They are used in the active and passive monitoring process. ^D: They are used in the archiving process only. C#CISSP2 Q.32: All logs are kept on archive for a period of time. What determines this period of time? ^A: Administrator preferences. ^B: MTTR ^C: Retention polices ^D: MTTF C#CISSP2 Q.33: Logs must be secured to prevent: ^A: Creation, modification, and destruction. ^B: Modification, deletion, and initialization. ^C: Modification, deletion, and destruction. ^D: Modification, deletion, and inspection. A#CISSP2 Q.34: To ensure dependable and secure logging, all computers must have their clock synchronized to: ^A: A central timeserver. ^B: The log time stamp. ^C: The respective local times. ^D: None of the choices. B#CISSP2 Q.35: To ensure dependable and secure logging, logging information traveling on the network should be: ^A: Stored ^B: Encrypted ^C: Isolated ^D: Monitored A#CISSP2 Q.36: The activity that consists of collecting information that will be used for monitoring is called: ^A: Logging ^B: Troubleshooting ^C: Auditing ^D: Inspecting B#CISSP2 Q.37: How often should logging be run? ^A: Once every week. ^B: Always ^C: Once a day. ^D: During maintenance. A#CISSP2 Q.38: If the computer system being used contains confidential information, users must not: ^A: Leave their computer without first logging off. ^B: Share their desks. ^C: Encrypt their passwords. ^D: Communicate A#CISSP2 Q.39: Security is a process that is: ^A: Continuous ^B: Indicative ^C: Examined ^D: Abnormal C#CISSP2 Q.40: Which of the following user items can be shared? ^A: Password ^B: Home directory ^C: None of the choices. B#CISSP2 Q.41: Root login should only be allowed via: ^A: Rsh ^B: System console ^C: Remote program ^D: VNC B#CISSP2 Q.42: What should you do to the user accounts as soon as employment is terminated? ^A: Disable the user accounts and erase immediately the data kept. ^B: Disable the user accounts and have the data kept for a specific period of time. ^C: None of the choices. ^D: Maintain the user accounts and have the data kept for a specific period of time. D#CISSP2 Q.43: Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access. ^A: Superuser of inetd. ^B: Manager or root. ^C: Fsf or root ^D: Superuser or root. D#CISSP2 Q.44: Which of the following correctly describe “good” security practice? ^A: Accounts should be monitored regularly. ^B: You should have a procedure in place to verify password strength. ^C: You should ensure that there are no accounts without passwords. ^D: All of the choices. A#CISSP2 Q.45: LOMAC is a security enhancement for what operating system? ^A: Linux ^B: Netware ^C: Solaris B#CISSP2 Q.46: LOMAC uses what Access Control method to protect the integrity of processes and data? ^A: Linux based EFS. ^B: Low Water-Mark Mandatory Access Control. ^C: Linux based NFS. ^D: High Water-Mark Mandatory Access Control. D#CISSP2 Q.47: On Linux, LOMAC is implemented as: ^A: Virtual addresses ^B: Registers ^C: Kernel built in functions ^D: Loadable kernel module B#CISSP2 Q.49: What is the me thod of coordinating access to resources based on the listening of permitted IP addresses? ^A: MAC ^B: ACL ^C: DAC ^D: None of the choices. A#CISSP2 Q.50: With RBAC, each user can be assigned: ^A: One or more roles. ^B: Only one role. ^C: A token role. ^D: A security token. C#CISSP2 Q.51: With RBAC, roles are: ^A: Based on labels. ^B: All equal ^C: Hierarchical ^D: Based on flows. C#CISSP2 Q.52: With __________, access decisions are based on the roles that individual users have as part of an organization. ^A: Server based access control. ^B: Rule based access control. ^C: Role based access control. ^D: Token based access control. C#CISSP2 Q.53: Under Role based access control, access rights are grouped by: ^A: Policy name ^B: Rules ^C: Role name ^D: Sensitivity label C#CISSP2 Q.54: Which of the following will you consider as a “role” under a role based access control system? ^A: Bank rules ^B: Bank computer ^C: Bank teller ^D: Bank network B#CISSP2 Q.55: Role based access control is attracting increasing attention particularly for what applications? ^A: Scientific ^B: Commercial ^C: Security ^D: Technical D#CISSP2 Q.56: What is one advantage of deploying Role based access control in large networked applications? ^A: Higher security ^B: Higher bandwidth ^C: User friendliness ^D: Lower cost B#CISSP2 Q.57: DAC and MAC policies can be effectively replaced by: ^A: Rule based access control. ^B: Role based access control. ^C: Server based access control. ^D: Token based access control B#CISSP2 Q.58: Which of the following correctly describe Role based access control? ^A: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups. ^B: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure. ^C: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system. ^D: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL. D#CISSP2 Q.59: Which of the following RFC talks about Rule Based Security Policy? ^A: 1316 ^B: 1989 ^C: 2717 ^D: 2828 A#CISSP2 Q.60: With Rule Based Security Policy, a security policy is based on: ^A: Global rules imposed for all users. ^C: Global rules imposed for no body. ^D: Global rules imposed for only the local users. C#CISSP2 Q.61: With Rule Based Security Policy, global rules usually rely on comparison of the _______ of the resource being accesse^D: ^A: A group of users. ^B: Users ^C: Sensitivity ^D: Entities C#CISSP2 Q.62: What control is based on a specific profile for each user? ^A: Lattice based access control. ^B: Directory based access control. ^C: Rule based access control. ^D: ID based access control. A#CISSP2 Q.63: In a very large environment, which of the following is an administrative burden? ^A: Rule based access control. ^B: Directory based access control. ^C: Lattice based access control ^D: ID bases access control A#CISSP2 Q.64: Which of the following is a feature of the Rule based access control? ^A: The use of profile. ^B: The use of information flow label. ^C: The use of data flow diagram. ^D: The use of token. D#CISSP2 Q.65: A firewall can be classified as a: ^A: Directory based access control. ^B: Rule based access control. ^C: Lattice based access control. ^D: ID based access control. C#CISSP2 Q.66: The Lattice Based Access Control model was developed MAINLY to deal with: ^A: Affinity ^B: None of the choices. ^C: Confidentiality ^D: Integrity B#CISSP2 Q.67: With the Lattice Based Access Control model, a security class is also called a: ^A: Control factor ^B: Security label ^C: Mandatory number ^D: Serial ID A#CISSP2 Q.68: Under the Lattice Based Access Control model, a container of information is a(n): ^A: Object ^B: Model ^C: Label A#CISSP2 Q.69: What Access Control model was developed to deal mainly with information flow in computer systems? ^A: Lattice Based ^B: Integrity Based ^C: Flow Based ^D: Area Based B#CISSP2 Q.70: The Lattice Based Access Control model was developed to deal mainly with ___________ in computer systems. ^A: Access control ^B: Information flow ^C: Message routes ^D: Encryption B#CISSP2 Q.71: In the Lattice Based Access Control model, controls are applied to: ^A: Scripts ^B: Objects ^C: Models ^D: Factors C#CISSP2 Q.72: With Discretionary access controls, who determines who has access and what privilege they have? ^A: End users. ^B: None of the choices. ^C: Resource owners. ^D: Only the administrators. A#CISSP2 Q.73: What defines an imposed access control level? ^A: MAC ^B: DAC ^C: SAC ^D: CAC B#CISSP2 Q.74: Under MAC, who can change the category of a resource? ^A: All users. ^B: Administrators only. ^C: All managers. ^D: None of the choices. A#CISSP2 Q.75: Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy? ^A: None of the choices. ^B: All users. ^C: Administrators only. ^D: All managers. B#CISSP2 Q.76: You may describe MAC as: ^A: Opportunistic ^B: Prohibitive ^C: None of the choices. ^D: Permissive B#CISSP2 Q.77: Under MAC, which of the following is true? ^A: All that is expressly permitted is forbidden. ^B: All that is not expressly permitted is forbidden. ^C: All that is not expressly permitted is not forbidden. ^D: None of the choices. C#CISSP2 Q.78: Under MAC, a clearance is a: ^A: Sensitivity ^B: Subject ^C: Privilege ^D: Object D#CISSP2 Q.79: Under MAC, a file is a(n): ^A: Privilege ^B: Subject ^C: Sensitivity ^D: Object A#CISSP2 Q.80: Under MAC, classification reflects: ^A: Sensitivity ^B: Subject ^C: Privilege ^D: Object A#CISSP2 Q.81: MAC is used for: ^A: Defining imposed access control level. ^B: Defining user preferences. ^C: None of the choices. ^D: Defining discretionary access control level. C#CISSP2 Q.82: With MAC, who may make decisions that bear on policy? ^A: None of the choices. ^B: All users. ^C: Only the administrator. ^D: All users except guests. A#CISSP2 Q.83: With MAC, who may NOT make decisions that derive from policy? ^A: All users except the administrator. ^B: The administrator. ^C: The power users. ^D: The guests. B#CISSP2 Q.84: Under the MAC control system, what is required? ^A: Performance monitoring ^B: Labelling ^C: Sensing ^D: None of the choices C#CISSP2 Q.85: Access controls that are not based on the policy are characterized as: ^A: Secret controls ^B: Mandatory controls ^C: Discretionary controls ^D: Corrective controls A#CISSP2 Q.86: DAC are characterized by many organizations as: ^A: Need-to-know controls ^B: Preventive controls ^C: Mandatory adjustable controls ^D: None of the choices C#CISSP2 Q.87: Which of the following correctly describe DAC? ^A: It is the most secure method. ^B: It is of the B2 class. ^C: It can extend beyond limiting which subjects can gain what type of access to which objects. ^D: It is of the B1 class. B#CISSP2 Q.88: Under DAC, a subjects rights must be ________ when it leaves an organization altogether. ^A: recycled ^B: terminated ^C: suspended ^D: resumed B#CISSP2 Q.89: Audit trail is a category of what control? ^A: System, Manual ^B: Detective, Technical ^C: User, Technical ^D: Detective, Manual B#CISSP2 Q.90: IDS is a category of what control? ^A: Detective, Manual ^B: Detective, Technical ^C: User, Technical ^D: System, Manual D#CISSP2 Q.91: Which of the following is not a detective technical control? ^A: Intrusion detection system ^B: Violation reports ^C: Honeypot ^D: None of the choices. D#CISSP2 Q.92: ________ Technical Controls warn of technical Access Control violations. ^A: Elusive ^B: Descriptive ^C: Corrective ^D: Detective D#CISSP2 Q.93: A two factor authentication method is considered as a: ^A: Technical control ^B: Patching control ^C: Corrective control ^D: Logical control B#CISSP2 Q.94: Which of the following will you NOT consider as technical controls? ^A: Access Control software ^B: Man trap ^C: Passwords ^D: Antivirus Software B#CISSP2 Q.95: ___________________ are the technical ways of restricting who or what can access system resources. ^A: Preventive Manual Controls ^B: Detective Technical Controls ^C: Preventive Circuit Controls ^D: Preventive Technical Controls B#CISSP2 Q.96: Preventive Technical Controls is usually built: ^A: By using MD5. ^B: Into an operating system. ^C: By security officer. ^D: By security administrator. D#CISSP2 Q.97: Preventive Technical Controls cannot: ^A: Protect the OS from unauthorized modification. ^B: Protect confidential information from being disclosed to unauthorized persons. ^C: Protect the OS from unauthorized manipulation. ^D: Protect users from being monitored. D#CISSP2 Q.98: How do Preventive Technical Controls protect system integrity and availability? ^A: By limiting the number of threads only. ^B: By limiting the number of system variables. ^C: By limiting the number of function calls only. ^D: By limiting the number of users and/or processes. C#CISSP2 Q.99: Sensor is: ^A: Logical, Physical ^B: Corrective, Logical ^C: Detective, Physical ^D: Corrective, Physical D#CISSP2 Q.100: Motion detector is a feature of: ^A: Corrective Logical Controls. ^B: Logical Physical Controls. ^C: Corrective Physical Controls. ^D: Detective Physical Controls. A#CISSP2 Q.101: Closed circuit TV is a feature of: ^A: Detective Physical Controls ^B: Corrective Physical Controls ^C: Corrective Logical Controls ^D: Logical Physical Controls B#CISSP2 Q.102: Access control is the collection of mechanisms that permits managers of a system to exercise influence over the use of: ^A: A man guard ^B: An IS system ^C: A threshold ^D: A Trap B#CISSP2 Q.103: Access control allows you to exercise directing influence over which of the following aspects of a system? ^A: Behavior, user, and content provider. ^B: Behavior, use, and content. ^C: User logs and content. ^D: None of the choic es. B#CISSP2 Q.104: The principle of accountability is a principle by which specific action cab be traced back to: ^A: A policy ^B: An individual ^C: A group ^D: A manager C#CISSP2 Q.105: The principle of _________ s a principle by which specific action can be traced back to anyone of yourusers. ^A: Security ^B: Integrity ^C: Accountability ^D: Policy D#CISSP2 Q.106: According to the principle of accountability, what action should be traceable to a specific user? ^A: Material ^B: Intangible ^C: Tangible ^D: Significant C#CISSP2 Q.107: A significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action do NOT include: ^A: Violations of security policy. ^B: Attempted violations of security policy. ^C: Non-violations of security policy. ^D: Attempted violations of allowed actions. A#CISSP2 Q.108: ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricte^D: ^A: Access control ^B: Type of access ^C: System resource ^D: Work permit A#CISSP2 Q.109: The ability to do something with a computer resource can be explicitly enabled or restricted through: ^A: Physical and system-based controls. ^B: Theoretical and system-based controls. ^C: Mental and system-based controls. ^D: Physical and trap-based controls. C#CISSP2 Q.110: The main categories of access control do NOT include: ^A: Administrative Access Control ^B: Logical Access Control ^C: Random Access Control ^D: Physical Access Control D#CISSP2 Q.111: You have very strict Physical Access controls. At the same time you have loose Logical Access Controls. What is true about this setting? ^A: None of the choices. ^B: It can 100% secure your environment. ^C: It may secure your environment. ^D: It may not secure your environment. A#CISSP2 Q.112: Which of the following is NOT a type of access control? ^A: Intrusive ^B: Deterrent ^C: Detective ^D: Preventive A#CISSP2 Q.113: As a type of access control, which of the following asks for avoiding occurrence? ^A: Preventive ^B: Deterrent ^C: Intrusive ^D: Detective C#CISSP2 Q.114: As a type of access control, which of the following asks for identifying occurrences? ^A: Deterrent ^B: Preventive ^C: Detective ^D: Intrusive C#CISSP2 Q.115: As a type of access control, which of the following asks for discouraging occurrence? ^A: Detective ^B: Intrusive ^C: Deterrent ^D: Preventive C#CISSP2 Q.116: As a type of access control, which of the following asks for restoring controls? ^A: Deterrent ^B: Intrusive ^C: Corrective ^D: Preventive A#CISSP2 Q.117: What type of access control focuses on restoring resources? ^A: Recovery ^B: Preventive ^C: Intrusive ^D: Corrective C#CISSP2 Q.118: What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples? ^A: Bella ^B: Lattice ^C: Clark-Wilson ^D: Bell-LaPadula B#CISSP2 Q.119: What is an access control model? ^A: A formal description of access control ID specification. ^B: A formal description of security policy. ^C: A formal description of a sensibility label. ^D: None of the choices. B#CISSP2 Q.120: Which of the following is true about MAC? ^A: It is more flexible than DAC. ^B: It is more secure than DAC. ^C: It is less secure than DAC. ^D: It is more scalable than DAC. C#CISSP2 Q.121: The access matrix model consists of which of the following parts? (Choose all that apply) ^A: A function that returns an objects type. ^B: A list of subjects. ^C: All of the choices. ^D: A list of objects. A#CISSP2 Q.122: The access matrix model has which of the following common implementations? ^A: Access control lists and capabilities. ^B: Access control lists. ^C: Capabilities. ^D: Access control list and availability. B#CISSP2 Q.123: What can be accomplished by storing on each subject a list of rights the subject has for every object? ^A: Object ^B: Capabilities ^C: Key ring ^D: Rights B#CISSP2 Q.124: Which of the following is true regarding a secure access model? ^A: Secure information cannot flow to a more secure user. ^B: Secure information cannot flow to a less secure user. ^C: Secure information can flow to a less secure user. ^D: None of the choices. A#CISSP2 Q.125: In the Information Flow Model, what relates two versions of the same object? ^A: Flow ^B: State ^C: Transformation ^D: Successive points D#CISSP2 Q.126: In the Information Flow Model, what acts as a type of dependency? ^A: State ^B: Successive points ^C: Transformation ^D: Flow C#CISSP2 Q.127: The lattice-based model aims at protecting against: ^A: Illegal attributes. ^B: None of the choices. ^C: Illegal information flow among the entities. ^D: Illegal access rights B#CISSP2 Q.128: Which of the following are the components of the Chinese wall model? ^A: Conflict if interest classes. ^B: All of the choices. ^C: Subject ^D: Company Datasets. B#CISSP2 Q.129: Which of the following correctly describe the difference between identification and authentication? ^A: Authentication is a means to verify who you are, while identification is what you are authorized to perform. ^B: Identification is a means to verify who you are, while authentication is what you are authorized to perform. ^C: Identification is another name of authentication. ^D: Identification is the child process of authentication. B#CISSP2 Q.130: Identification establishes: ^A: Authentication ^B: Accountability ^C: Authorization ^D: None of the choices. A#CISSP2 Q.131: Identification usually takes the form of: ^A: Login ID. ^B: User password. ^C: None of the choices. ^D: Passphrase D#CISSP2 Q.132: Authentication is typically based upon: ^A: Something you have. ^B: Something you know. ^C: Something you are. ^D: All of the choices. B#CISSP2 Q.133: A password represents: ^A: Something you have. ^B: Something you know. ^C: All of the choices. ^D: Something you are. C#CISSP2 Q.134: A smart card represents: ^A: Something you are. ^B: Something you know. ^C: Something you have. ^D: All of the choices. A#CISSP2 Q.135: Retinal scans check for: ^A: Something you are. ^B: Something you have. ^C: Something you know. ^D: All of the choices. D#CISSP2 Q.136: Which of the following is the most commonly used check on something you know? ^A: One time password ^B: Login phrase ^C: Retinal ^D: Password A#CISSP2 Q.137: Software generated password has what drawback? ^A: Password not easy to remember. ^B: Password too secure. ^C: None of the choices. ^D: Password unbreakable. B#CISSP2 Q.138: Which of the following will you consider as most secure? ^A: Password ^B: One time password ^C: Login phrase ^D: Login ID C#CISSP2 Q.139: What type of password makes use of two totally unrelated words? ^A: Login phrase ^B: One time password ^C: Composition ^D: Login ID D#CISSP2 Q.140: Which of the following are the advantages of using passphrase? ^A: Difficult to crack using brute force. ^B: Offers numerous characters. ^C: Easier to remember. ^D: All of the choices. B#CISSP2 Q.141: Which of the following is the correct account policy you should follow? ^A: All of the choices. ^B: All active accounts must have a password. ^C: All active accounts must have a long and complex pass phrase. ^D: All inactive accounts must have a password. B#CISSP2 Q.142: On UNIX systems, passwords shall be kept: ^A: In any location on behalf of root. ^B: In a shadow password file. ^C: In the /etc/passwd file. ^D: In root. B#CISSP2 Q.143: Which of the following are the correct guidelines of password deployment? ^A: Passwords must be masked. ^B: All of the choices. ^C: Password must have a minimum of 8 characters. ^D: Password must contain a mix of both alphabetic and non-alphabetic characters. A#CISSP2 Q.144: Why would a 16 characters password not desirable? ^A: Hard to remember ^B: Offers numerous characters. ^C: Difficult to crack using brute force. ^D: All of the choices. C#CISSP2 Q.145: Which of the following is NOT a good password deployment guideline? ^A: Passwords must not be he same as user id or login id. ^B: Password aging must be enforced on all systems. ^C: Password must be easy to memorize. ^D: Passwords must be changed at least once every 60 days, depending on your environment. B#CISSP2 Q.146: Routing password can be restricted by the use of: ^A: Password age ^B: Password history ^C: Complex password ^D: All of the choices A#CISSP2 Q.147: Which of the following is an effective measure against a certain type of brute force password attack? ^A: Password used must not be a word found in a dictionary. ^B: Password history is used. ^C: Password reuse is not allowed. ^D: None of the choices. D#CISSP2 Q.148: Which of the following are measures against password sniffing? ^A: Passwords must not be sent through email in plain text. ^B: Passwords must not be stored in plain text on any electronic media. ^C: You may store passwords electronically if it is encrypted. ^D: All of the choices. B#CISSP2 Q.149: What should you do immediately if the root password is compromised? ^A: Change the root password. ^B: Change all passwords. ^C: Increase the value of password age. ^D: Decrease the value of password history. B#CISSP2 Q.150: Which of the following is the most secure way to distribute password? ^A: Employees must send in an email before obtaining a password. ^B: Employees must show ip in person and present proper identification before obtaining a password. ^C: Employees must send in a signed email before obtaining a password. ^D: None of the choices. C#CISSP2 Q.151: Which of the following can be used to protect your system against brute force password attack? ^A: Decrease the value of password history. ^B: Employees must send in a signed email before obtaining a password. ^C: After three unsuccessful attempts to enter a password, the account will be locked. ^D: Increase the value of password age. C#CISSP2 Q.152: You should keep audit trail on which of the following items? ^A: Password usage. ^B: All unsuccessful logon. ^C: All of the choices. ^D: All successful logon. B#CISSP2 Q.153: What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity? ^A: Password ^B: Token ^C: Ticket Granting ^D: Biometric A#CISSP2 Q.154: Which of the following will you consider as the MOST secure way of authentication? ^A: Biometric ^B: Password ^C: Token ^D: Ticket Granting A#CISSP2 Q.155: Biometric performance is most commonly measured in terms of: ^A: FRR and FAR ^B: FAC and ERR ^C: IER and FAR ^D: FRR and GIC B#CISSP2 Q.156: What is known as the probability that you are not authenticated to access your account? ^A: ERR ^B: FRR ^C: MTBF ^D: FAR B#CISSP2 Q.157: What is known as the chance that someone other than you is granted access to your account? ^A: ERR ^B: FAR ^C: FRR ^D: MTBF A#CISSP2 Q.158: You are comparing biometric systems. Security is the top priority. A low ________ is most important in this regar^D: ^A: FAR ^B: FRR ^C: MTBF ^D: ERR D#CISSP2 Q.159: The quality of finger prints is crucial to maintain the necessary: ^A: FRR ^B: ERR and FAR ^C: FAR ^D: FRR and FAR C#CISSP2 Q.160: By requiring the user to use more than one finger to authenticate, you can: ^A: Provide statistical improvements in EAR. ^B: Provide statistical improvements in MTBF. ^C: Provide statistical improvements in FRR. ^D: Provide statistical improvements in ERR. B#CISSP2 Q.161: Which of the following is being considered as the most reliable kind of personal identification? ^A: Token ^B: Finger print ^C: Password ^D: Ticket Granting D#CISSP2 Q.162: Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching? ^A: None of the choices. ^B: Flow direct ^C: Ridge matching ^D: Minutia matching B#CISSP2 Q.163: Which of the following are the types of eye scan in use today? ^A: Retinal scans and body scans. ^B: Retinal scans and iris scans. ^C: Retinal scans and reflective scans. ^D: Reflective scans and iris scans. B#CISSP2 Q.164: Which of the following eye scan methods is considered to be more intrusive? ^A: Iris scans ^B: Retinal scans ^C: Body scans ^D: Reflective scans B#CISSP2 Q.165: Which of the following offers greater accuracy then the others? ^A: Facial recognition ^B: Iris scanning ^C: Finger scanning ^D: Voice recognition B#CISSP2 Q.166: Which of the following are the valid categories of hand geometry scanning? ^A: Electrical and image-edge detection. ^B: Mechanical and image-edge detection. ^C: Logical and image-edge detection. ^D: Mechanical and image-ridge detection. A#CISSP2 Q.167: In the world of keystroke dynamics, what represents the amount of time you hold down in a particular key? ^A: Dwell time ^B: Flight time ^C: Dynamic time ^D: Systems time B#CISSP2 Q.168: In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between keys? ^A: Dynamic time ^B: Flight time ^C: Dwell time ^D: Systems time. D#CISSP2 Q.169: Which of the following are the benefits of Keystroke dynamics? ^A: Low cost ^B: Unintrusive device ^C: Transparent ^D: All of the choices. B#CISSP2 Q.170: DSV as an identification method check against users: ^A: Fingerprints ^B: Signature ^C: Keystrokes ^D: Facial expression A#CISSP2 Q.171: Signature identification systems analyze what areas of an individual’s signature? ^A: All of the choices EXCEPT the signing rate. ^B: The specific features of the signature. ^C: The specific features of the process of signing one’s signature. ^D: The signature rate. A#CISSP2 Q.172: What are the advantages to using voice identification? ^A: All of the choices. ^B: Timesaving ^C: Reliability ^D: Flexibility B#CISSP2 Q.173: What are the methods used in the process of facial identification? ^A: None of the choices. ^B: Detection and recognition. ^C: Scanning and recognition. ^D: Detection and scanning. A#CISSP2 Q.174: In the process of facial identification, the basic underlying recognition technology of facial identification involves: ^A: Eigenfeatures of eigenfaces. ^B: Scanning and recognition. ^C: Detection and scanning. ^D: None of the choices. C#CISSP2 Q.175: Which of the following is a facial feature identification product that can employ artificial intelligence and can require the system to learn from experience? ^A: All of the choices. ^B: Digital nervous system. ^C: Neural networking ^D: DSV B#CISSP2 Q.176: What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology? ^A: Decipher Chart ^B: Zephyr Chart ^C: Cipher Chart ^D: Zapper Chart B#CISSP2 Q.177: In terms of the order of effectiveness, which of the following technologies is the most affective? ^A: Fingerprint ^B: Iris scan ^C: Keystroke pattern ^D: Retina scan B#CISSP2 Q.178: In terms of the order of effectiveness, which of the following technologies is the least effective? ^A: Voice pattern ^B: Signature ^C: Keystroke pattern ^D: Hand geometry C#CISSP2 Q.179: In terms of the order of acceptance, which of the following technologies is the MOST accepted? ^A: Hand geometry ^B: Keystroke pattern ^C: Voice Pattern ^D: Signature D#CISSP2 Q.180: In terms of the order of acceptance, which of the following technologies is the LEAST accepted? ^A: Fingerprint ^B: Iris ^C: Handprint ^D: Retina patterns C#CISSP2 Q.181: Token, as a way to identify user, is subject to what type of error? ^A: Token error ^B: Decrypt error ^C: Human error ^D: Encrypt error C#CISSP2 Q.182: Which of the following factors may render a token based solution unusable? ^A: Token length ^B: Card size ^C: Battery lifespan ^D: None of the choices. D#CISSP2 Q.183: Memory only card works based on: ^A: Something you have. ^B: Something you know. ^C: None of the choices. ^D: Something you know and something you have. D#CISSP2 Q.184: Which of the following is a disadvantage of memory only card? ^A: High cost to develop. ^B: High cost to operate. ^C: Physically infeasible. ^D: Easy to counterfeit. D#CISSP2 Q.185: The word “smart card” has meanings of: ^A: Personal identity token containing IC-s. ^B: Processor IC card. ^C: IC card with ISO 7816 interface. ^D: All of the choices. C#CISSP2 Q.186: Processor card contains which of the following components? ^A: Memory and hard drive. ^B: Memory and flash. ^C: Memory and processor. ^D: Cache and processor. D#CISSP2 Q.187: Attacks on smartcards generally fall into what categories? ^A: Physical attacks. ^B: Trojan Horse attacks. ^C: Logical attacks. ^D: All of the choices, plus Social Engineering attacks. B#CISSP2 Q.188: What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard? ^A: Physical attacks. ^B: Logical attacks. ^C: Trojan Horse attacks. ^D: Social Engineering attacks. A#CISSP2 Q.189: What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard? ^A: Physical attacks ^B: Logical attacks ^C: Trojan Horse attacks ^D: Social Engineering attacks C#CISSP2 Q.190: What type pf attacks occurs when a rouge application has been planted on an unsuspecting user’s workstation? ^A: Physical attacks ^B: Logical attacks ^C: Trojan Horse attacks ^D: Social Engineering attacks A#CISSP2 Q.191: What is an effective countermeasure against Trojan horse attack that targets smart cards? ^A: Singe-access device driver architecture. ^B: Handprint driver architecture. ^C: Fingerprint driver architecture. ^D: All of the choices. C#CISSP2 Q.192: Which of the following attacks could be the most successful when the security technology is properly implemented and configured? ^A: Logical attacks ^B: Physical attacks ^C: Social Engineering attacks ^D: Trojan Horse attacks A#CISSP2 Q.193: What are the valid types of one time password generator? ^A: All of the choices. ^B: Transaction synchronous ^C: Synchronous/PIN synchronous ^D: Asynchronous/PIN asynchronous A#CISSP2 Q.194: What are the benefits of job rotation? ^A: All of the choices. ^B: Trained backup in case of emergencies. ^C: Protect against fraud. ^D: Cross training to employees. A#CISSP2 Q.195: In order to avoid mishandling of media or information, you should consider to use: ^A: Labeling ^B: Token ^C: Ticket ^D: SLL A#CISSP2 Q.196: In order to avoid mishandling of media or information, which of the following should be labeled? ^A: All of the choices. ^B: Printed copies ^C: Tape ^D: Floppy disks C#CISSP2 Q.197: A method for a user to identify and present credentials only once to a system is known as: ^A: SEC ^B: IPSec ^C: SSO ^D: SSL A#CISSP2 Q.198: Which of the following correctly describe the features of SSO? ^A: More efficient log-on. ^B: More costly to administer. ^C: More costly to setup. ^D: More key exchanging involved. B#CISSP2 Q.199: What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server? ^A: IPSec ^B: RADIUS ^C: L2TP ^D: PPTP C#CISSP2 Q.200: RADIUS is de fined by which RFC? ^A: 2168 ^B: 2148 ^C: 2138 ^D: 2158 A#CISSP2 Q.201: In a RADIUS architecture, which of the following acts as a client? ^A: A network Access Server. ^B: None of the choices. ^C: The end user. ^D: The authentic ation server. C#CISSP2 Q.202: In a RADIUS architecture, which of the following can ac as a proxy client? ^A: The end user. ^B: A Network Access Server. ^C: The RADIUS authentication server. ^D: None of the choices. D#CISSP2 Q.203: What protocol was UDP based and mainly intended to provide validation of dial up user login passwords? ^A: PPTP ^B: L2TP ^C: IPSec ^D: TACACS C#CISSP2 Q.204: Which of the following are proprietarily implemented by CISCO? ^A: RADIUS+ ^B: TACACS ^C: XTACACS and TACACS+ ^D: RADIUS B#CISSP2 Q.205: In Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication? ^A: /etc/shadow ^B: /etc/host.equiv ^C: /etc/passwd ^D: None of the choices. D#CISSP2 Q.206: Information security is the protection of dat^A: Information will be protected mainly based on: ^A: Its sensitivity to the company. ^B: Its confidentiality. ^C: Its value. ^D: All of the choices. B#CISSP2 Q.207: Which of the following actions can increase the cost of an exhaustive attack? ^A: Increase the age of a password. ^B: Increase the length of a password. ^C: None of the choices. ^D: Increase the history of a password. C#CISSP2 Q.208: Which of the following actions can make a cryptographic key more resistant to an exhaustive attack? ^A: None of the choices. ^B: Increase the length of a key. ^C: Increase the age of a key. ^D: Increase the history of a key. D#CISSP2 Q.209: What attack involves actions to mimic one’s identity? ^A: Brute force ^B: Exhaustive ^C: Social engineering ^D: Spoofing C#CISSP2 Q.210: What attack takes advantage of operating system buffer overflows? ^A: Spoofing ^B: Brute force ^C: DoS ^D: Exhaustive C#CISSP2 Q.211: What attack is primarily based on the fragmentation implementation of IP and large ICMP packet size? ^A: Exhaustive ^B: Brute force ^C: Ping of Death ^D: Spoofing C#CISSP2 Q.212: Land attack attacks a target by: ^A: Producing large volume of ICMP echos. ^B: Producing fragmented IP packets. ^C: Attacking an established TCP connection. ^D: None of the choices. A#CISSP2 Q.213: What attack is primarily based on the fragmentation implementation of IP? ^A: Teardrop ^B: Exhaustive ^C: Spoofing ^D: Brute force D#CISSP2 Q.214: What attack floods networks with broadcast traffic so that the network is congested? ^A: Spoofing ^B: Teardrop ^C: Brute force ^D: SMURF D#CISSP2 Q.215: What attack involves repeatedly sending identical e-massage to a particular address? ^A: SMURF ^B: Brute force ^C: Teardrop ^D: Spamming D#CISSP2 Q.216: Which of the following attacks focus on cracking passwords? ^A: SMURF ^B: Spamming ^C: Teardrop ^D: Dictionary D#CISSP2 Q.217: Man-in-the -middle attack is a real threat to what type of communication? ^A: Communication based on random challenge. ^B: Communication based on face to face contact. ^C: Communication based on token. ^D: Communication based on asymmetric encryption. B#CISSP2 Q.218: Which of the following will you consider as a program that monitors data traveling over a network? ^A: Smurfer ^B: Sniffer ^C: Fragmenter ^D: Spoofer A#CISSP2 Q.219: Individuals who have their sole aim as breaking into a computer system are being referred to as: ^A: Crackers ^B: Sniffers ^C: Hackers ^D: None of the choices. A#CISSP2 Q.220: What technology is being used to detect anomalies? ^A: IDS ^B: FRR ^C: Sniffing ^D: Capturing C#CISSP2 Q.221: IDSs verify, itemize, and characterize threats from: ^A: Inside your organization’s network. ^B: Outside your organization’s network. ^C: Outside and inside your organization’s network. ^D: The Internet. D#CISSP2 Q.222: IDS can be described in terms of what fundamental functional components? ^A: Response ^B: Information Sources ^C: Analysis ^D: All of the choices. D#CISSP2 Q.223: What are the primary goals of intrusion detection systems? ^A: Accountability ^B: Availability ^C: Response ^D: All of the choices A#CISSP2 Q.224: What is the most common way to classify IDSs? ^A: Group them by information source. ^B: Group them by network packets. ^C: Group them by attackers. ^D: Group them by signs of intrusion. B#CISSP2 Q.225: The majority of commercial intrusion detection systems are: ^A: Identity-based ^B: Network-based ^C: Host-based ^D: Signature-based A#CISSP2 Q.226: Which of the following is a drawback of Network-based IDSs? ^A: It cannot analyze encrypted information. ^B: It is very costly to setup. ^C: It is very costly to manage. ^D: It is not effective. A#CISSP2 Q.227: Host-based IDSs normally utilize information from which of the following sources? ^A: Operating system audit trails and system logs. ^B: Operating system audit trails and network packets. ^C: Network packets and system logs. ^D: Operating system alarms and system logs. A#CISSP2 Q.228: When comparing host based IDS with network based ID, which of the following is an obvious advantage? ^A: It is unaffected by switched networks. ^B: It cannot analyze encrypted information. ^C: It is not costly to setup. ^D: It is not costly to manage. D#CISSP2 Q.229: You are comparing host based IDS with network based I^D: Which of the following will you consider as an obvious disadvantage of host based IDS? ^A: It cannot analyze encrypted information. ^B: It is costly to remove. ^C: It is affected by switched networks. ^D: It is costly to manage. B#CISSP2 Q.230: Which of the following IDS inflict a higher performance cost on the monitored systems? ^A: Encryption based ^B: Host based ^C: Network based ^D: Trusted based D#CISSP2 Q.231: Application-based IDSs normally utilize information from which of the following sources? ^A: Network packets and system logs. ^B: Operating system audit trails and network packets. ^C: Operating system audit trails and system logs. ^D: Application’s transaction log files. A#CISSP2 Q.232: What are the primary approaches IDS takes to analyze events to detect attacks? ^A: Misuse detection and anomaly detection. ^B: Log detection and anomaly detection. ^C: Misuse detection and early drop detection. ^D: Scan detection and anomaly detection. B#CISSP2 Q.233: Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know attacks are called: ^A: Attachments ^B: Signatures ^C: Strings ^D: Identifications C#CISSP2 Q.234: Which of the following is an obvious disadvantage of deploying misuse detectors? ^A: They are costly to setup. ^B: They are not accurate. ^C: They most be constantly updated with signatures of new attacks. ^D: They are costly to use. C#CISSP2 Q.235: What detectors identify abnormal unusual behavior on a host or network? ^A: None of the choices. ^B: Legitimate detectors. ^C: Anomaly detectors. ^D: Normal detectors. D#CISSP2 Q.236: Which of the following are the major categories of IDSs response options? ^A: Active responses ^B: Passive responses ^C: Hybrid ^D: All of the choices. A#CISSP2 Q.237: Alarms and notifications are generated by IDSs to inform users when attacks are detecte^D: The most common form of alarm is: ^A: Onscreen alert ^B: Email ^C: Pager ^D: Icq A#CISSP2 Q.238: Which of the following is a valid tool that complements IDSs? ^A: All of the choices. ^B: Padded Cells ^C: Vulnerability Analysis Systems ^D: Honey Pots B#CISSP2 Q.239: What tool do you use to determine whether a host is vulnerable to known attacks? ^A: Padded Cells ^B: Vulnerability analysis ^C: Honey Pots ^D: IDS A#CISSP2 Q.240: What tool is being used to determine whether attackers have altered system files of executables? ^A: File Integrity Checker ^B: Vulnerability Analysis Systems ^C: Honey Pots ^D: Padded Cells A#CISSP2 Q.241: What is known as decoy system designed to lure a potential attacker away from critical systems? ^A: Honey Pots ^B: Vulnerability Analysis Systems ^C: File Integrity Checker ^D: Padded Cells B#CISSP2 Q.242: When the IDS detect attackers, the attackers are seamlessly transfe rred to a special host. This method is called: ^A: Vulnerability Analysis Systems ^B: Padded Cell ^C: Honey Pot ^D: File Integrity Checker D#CISSP2 Q.243: Most computer attacks result in violation of which of the following security properties? ^A: Availability ^B: Confidentiality ^C: Integrity and control ^D: All of the choices. D#CISSP2 Q.244: What types of computer attacks are most commonly reported by IDSs? ^A: System penetration ^B: Denial of service ^C: System scanning ^D: All of the choices D#CISSP2 Q.245: What attack is typically used for identifying the topology of the target network? ^A: Spoofing ^B: Brute force ^C: Teardrop ^D: Scanning D#CISSP3 Q.1: In a discretionary mode, which of the following entities is authorized to grant information access to other people? ^A: Manager ^B: Group leader ^C: Security manager ^D: User C#CISSP3 Q.2: Which DES mode of operation is best suited for database encryption? ^A: Cipher Block Chaining (CBC) mode ^B: Cycling Redundancy Checking (CRC) mode ^C: Electronic Code Book (ECB) mode ^D: Cipher Feedback (CFB) mode B#CISSP3 Q.3: Within the realm of IT security, which of the following combinations best defines risk? ^A: Threat coupled with a breach. ^B: Threat coupled with a vulnerability. ^C: Vulnerability coupled with an attack. ^D: Threat coupled with a breach of security. B#CISSP3 Q.4: Which of the following would be the best reason for separating the test and development environments? ^A: To restrict access to systems under test. ^B: To control the stability of the test environment. ^C: To segregate user and development staff. ^D: To secure access to systems under development. A#CISSP3 Q.5: Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organizations activities is incorrect? ^A: The CEO should always be the spokesperson for the company during a disaster. ^B: The disaster recover plan must include how the media is to be handled during the disaster. ^C: The organization’s spokesperson should report bad news before the press gets a hold of it through another channel. ^D: An emergency press conference site should be planned ahead. B#CISSP3 Q.6: Which Orange book security rating introduces security labels? ^A: C2 ^B: B1 ^C: B2 ^D: B3 A#CISSP3 Q.7: A Business Impact Analysis (BIA) does not: ^A: Recommend the appropriate recovery solution. ^B: Determine critical and necessary business functions and their resource dependencies. ^C: Identify critical computer applications and the associated outage tolerance. ^D: Estimate the financial impact of a disruption. A#CISSP3 Q.8: Which access control model enables the owner of the resource to specify what subjects can access specific resources? ^A: Discretionary Access Control ^B: Mandatory Access Control ^C: Sensitive Access Control ^D: Role -based Access Control C#CISSP3 Q.9: What type of cable is used with 100Base-TX Fast Ethernet? ^A: Fiber-optic cable ^B: Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires. ^C: Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires. ^D: RG.58 cable. B#CISSP3 Q.10: Which of the following best describes the Secure Electronic Transaction (SET) protocol? ^A: Originated by VISA and MasterCard as an Internet credit card protocol. ^B: Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures. ^C: Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer. ^D: Originated by VISA and MasterCard as an Internet credit card protocol using SSL. D#CISSP3 Q.11: At which of the following phases of a software development life cycle are security and access controls normally designed? ^A: Coding ^B: Product design ^C: Software plans and requirements ^D: Detailed design C#CISSP3 Q.12: Which type of control would password management classify as? ^A: Compensating control ^B: Detective control ^C: Preventive control ^D: Technical control C#CISSP3 Q.13: Due are is not related to: ^A: Good faith ^B: Prudent man ^C: Profit ^D: Best interest D#CISSP3 Q.14: Which of the following is not an Orange Book-defined life cycle assurance requirement? ^A: Security testing ^B: Design specification and testing ^C: Trusted distribution ^D: System integrity A#CISSP3 Q.15: What is another name for the Orange Book? ^A: The Trusted Computer System Evaluation Criteria (TCSEC) ^B: The Trusted Computing Base (TCB) ^C: The Information Technology Security Evaluation Criteria (ITSEC) ^D: The Common Criteria C#CISSP3 Q.16: A password that is the same for each log-on session is called a? ^A: “one-time password” ^B: “two-time password” ^C: static password ^D: dynamic password C#CISSP3 Q.17: Which of the following backup methods is most appropriate for off-site archiving? ^A: Incremental backup method. ^B: Off-site backup method. ^C: Full backup method. ^D: Differential backup method. C#CISSP3 Q.18: Which of the following is not a weakness of symmetric cryptography? ^A: Limited security ^B: Key distribution ^C: Speed ^D: Scalability B#CISSP3 Q.19: Which of the following is not a defined layer in the TCP/IP protocol model? ^A: Application layer ^B: Session layer ^C: Internet layer ^D: Network access layer A#CISSP3 Q.20: Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short time storage for changeable data, but require? ^A: Faster file access than tape. ^B: Slower file access than tape. ^C: Slower file access than drive. ^D: Slower file access than scale. B#CISSP3 Q.21: Which one of the following is not a primary component or aspect of firewall systems? ^A: Protocol filtering ^B: Packet switching ^C: Rule enforcement engine ^D: Extended logging capability C#CISSP3 Q.22: What are database views used for? ^A: To ensure referential integrity. ^B: To allow easier access to data in a database. ^C: To restrict user access to data in a database. ^D: To provide audit trails. B#CISSP3 Q.23: Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device? ^A: File services ^B: Mail services ^C: Print services ^D: Client/Server services D#CISSP3 Q.24: Intrusion detection has which of the following sets of characteristics. ^A: It is adaptive rather than preventive. ^B: It is administrative rather than preventive. ^C: It is disruptive rather than preventative. ^D: It is detective rather than preventative. A#CISSP3 Q.25: Which type of password provides maximum security because a new password is required for each now log-on is defined to as? ^A: One-time or dynamic password ^B: Cognitive password ^C: Static password ^D: Pass phrase B#CISSP3 Q.26: They in form of credit card-size memory cards or smart cards, or those resembling small calculators, are used to supply static and dynamic passwords are called? ^A: Token Ring ^B: Tokens ^C: Token passing networks ^D: Coupons A#CISSP3 Q.27: Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject? ^A: Take-Grant model ^B: Access Matrix model ^C: Biba model ^D: Bell-Lapadula model D#CISSP3 Q.28: Which of the following is the BEST way to prevent software license violations? ^A: Implementing a corporate policy on copyright infringements and software use. ^B: Requiring that all PCs be diskless workstations. ^C: Installing metering software on the LAN so applications can be accessed through the metered software. ^D: Regularly scanning used PCs to ensure that unauthorized copies of software have not been loaded on the PC. A#CISSP3 Q.29: Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the standard for? ^A: Data exchange in many businesses. ^B: Data change in many businesses. ^C: Data compression in many businesses. ^D: Data interchange in many businesses. D#CISSP3 Q.30: What are two types of system assurance? ^A: Operational Assurance and Architecture Assurance. ^B: Design Assurance and Implementation Assurance. ^C: Architecture Assurance and Implementation Assurance. ^D: Operational Assurance and Life-Cycle Assurance. A#CISSP3 Q.31: Why does compiled code pose more risk than interpreted code? ^A: Because malicious code can be embedded in the compiled code and can be difficult to detect. ^B: Because the browser can safely execute all interpreted applets. ^C: Because compilers are not reliable. ^D: It does not. Interpreted code poses more risk than compiled code. C#CISSP3 Q.32: Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? ^A: The Total Quality Model (TQM) ^B: The IDEAL Model ^C: The Software Capability Maturity Model ^D: The Spiral Model A#CISSP3 Q.33: Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud simulates the tones of coins being deposited into a payphone? ^A: Red Boxes ^B: Blue Boxes ^C: White Boxes ^D: Black Boxes C#CISSP3 Q.34: What is the proper term to refer to a single unit of Ethernet data? ^A: Ethernet segment ^B: Ethernet datagram ^C: Ethernet frame ^D: Ethernet packet A#CISSP3 Q.35: Which of the following represents an ALE calculation? ^A: Singe loss expectancy x annualized rate of occurrence. ^B: Gross loss expectancy x loss frequency. ^C: Actual repla cement cost – proceeds of salvage. ^D: Asset value x loss expectancy. A#CISSP3 Q.36: IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist? ^A: Disclosure of residual data. ^B: Unauthorized obtaining of a privileged execution state. ^C: Data leakage through covert channels. ^D: Denial of service through a deadly embrace. A#CISSP3 Q.37: Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a? ^A: Single array ^B: Dual array ^C: Triple array ^D: Quadruple array D#CISSP3 Q.38: Why would anomaly detection IDSs often generate a large number of false positives? ^A: Because they can only identify correctly attacks they already know about. ^B: Because they are application-based are more subject to attacks. ^C: Because they cant identify abnormal behavior. ^D: Because normal patterns of user and system behavior can vary wildly C#CISSP3 Q.39: According to private sector data classification levels, how would salary levels and medical information be classified? ^A: Public ^B: Sensitive ^C: Private ^D: Confidential B#CISSP3 Q.40: Which of the following is used in database information security to hide information? ^A: Inheritance ^B: Polyinstantiation ^C: Polymorphism ^D: Delegation A#CISSP3 Q.41: Which of the following evaluates the product against the specification? ^A: Verification ^B: Validation ^C: Concurrence ^D: Accuracy D#CISSP3 Q.42: Application Level Firewalls are commonly a host computer running proxy server software, which makes a? ^A: Proxy Client ^B: Proxy Session ^C: Proxy System ^D: Proxy Server B#CISSP3 Q.43: What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim’s machine on any open port that is listening? ^A: Bonk attack ^B: Land attack ^C: Teardrop attack ^D: Smurf attack A#CISSP3 Q.44: The beginning and the end of each transfer during asynchronous communication data transfer are marked by? ^A: Start and Stop bits. ^B: Start and End bits. ^C: Begin and Stop bits. ^D: Start and Finish bits. A#CISSP3 Q.45: Most of unplanned downtime of information systems is attributed to which of the following? ^A: Hardware failure ^B: Natural disaster ^C: Human error ^D: Software failure A#CISSP3 Q.46: Raid that functions as part of the operating system on the file server ^A: Software implementation ^B: Hardware implementation ^C: Network implementation ^D: Netware implementation C#CISSP3 Q.47: During which phase of an IT system life cycle are security requirements developed? ^A: Operation ^B: Initiation ^C: Development ^D: Implementation B#CISSP3 Q.48: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of? ^A: Deterrent controls ^B: Output controls ^C: Information flow controls ^D: Asset controls B#CISSP3 Q.49: Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on? ^A: The societies role in the organization. ^B: The individual’s role in the organization. ^C: The group-dynamics as they relate to the individual’s role in the organization. ^D: The group-dynamics as they relate to the master-slave role in the organization. B#CISSP3 Q.50: An effective information security policy should not have which of the following characteristics? ^A: Include separation of duties. ^B: Be designed with a short-to mid-term focus. ^C: Be understandable and supported by all stakeholders. ^D: Specify areas of responsibility and authority. B#CISSP3 Q.51: Which of the following statements pertaining to secure information processing facilities is incorrect? ^A: Walls should have an acceptable fire rating. ^B: Windows should be protected by bars. ^C: Doors must resist forcible entry. ^D: Location and type of fire suppression systems should be known. D#CISSP3 Q.52: Making sure that the data is accessible when and where it is needed is which of the following? ^A: Confidentiality ^B: Integrity ^C: Acceptability ^D: Availability B#CISSP3 Q.53: Business continuity plan development depends most on? ^A: Directives of Senior Management ^B: Business Impact Analysis (BIA) ^C: Scope and Plan Initiation ^D: Skills of BCP committee D#CISSP3 Q.54: Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces? ^A: Transport layer ^B: Network layer ^C: Data link layer ^D: Physical layer D#CISSP3 Q.55: Related to information security, availability is the opposite of which of the following? ^A: Delegation ^B: Distribution ^C: Documentation ^D: Destruction A#CISSP3 Q.56: Which of the following is a disadvantage of a behavior-based ID system? ^A: The activity and behavior of the users while in the networked system may not be static enough to effectively implement a behavior-based ID system. ^B: The activity and behavior of the users while in the networked system may be dynamic enough to effectively implement a behavior-based ID system. ^C: The activity and behavior of the users while in the networked system may not be dynamic enough to effectively implement a behavior-based ID system. ^D: The system is characterized by high false negative rates where intrusions are missed. C#CISSP3 Q.57: Which of the following statements pertaining to VPN protocol standards is false? ^A: L2TP is a combination of PPTP and L2F. ^B: L2TP and PPTP were designed for single point-to-point client to server communication. ^C: L2TP operates at the network layer. ^D: PPTP uses native PPP authentication and encryption services. C#CISSP3 Q.58: What is the most critical characteristic of a biometric identifying system? ^A: Perceived intrusiveness ^B: Storage requirements ^C: Accuracy ^D: Reliability A#CISSP3 Q.59: RAID Software can run faster in the operating system because neither use the hardware -level parity drives by? ^A: Simple striping or mirroring. ^B: Hard striping or mirroring. ^C: Simple hamming code parity or mirroring. ^D: Simple striping or hamming code parity. A#CISSP3 Q.60: The guarantee that the message sent is the message received, and that the message was not intentionally or unintentionally altered is? ^A: Integrity ^B: Confidentiality ^C: Availability ^D: Identity B#CISSP3 Q.61: Which of the following is a preventive control? ^A: Motion detectors ^B: Guard dogs ^C: Audit logs ^D: Intrusion detection systems B#CISSP3 Q.62: What uses a key of the same length as the message? ^A: Running key cipher ^B: One-time pad ^C: Steganography ^D: Cipher block chaining A#CISSP3 Q.63: Which of the following protocols operates at the session layer (layer 5)? ^A: RPC ^B: IGMP ^C: LDP ^D: SPX B#CISSP3 Q.64: Which of the following are NOT a countermeasure to traffic analysis? ^A: Padding messages ^B: Eavesdropping ^C: Sending noise ^D: Covert channel analysis C#CISSP3 Q.65: Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at? ^A: Application layer ^B: Session layer ^C: Network layer ^D: Presentation layer C#CISSP3 Q.66: A prolonged high voltage is? ^A: Spike ^B: Blackout ^C: Surge ^D: Fault D#CISSP3 Q.67: How do the Information Labels of Compartmented Mode Workstation differ from the Sensitivity Levels of B3 evaluated systems? ^A: Information Labels in CMW are homologous to Sensitivity Labels, but a different term was chosen to emphasize that CMW’s are not described in the Orange Book. ^B: Information La bels contain more information than Sensitivity Labels, thus allowing more granular access decisions to be made. ^C: Sensitivity Labels contain more information than Information Labels because B3+ systems should store more sensitive data than workstations. ^D: Information Labels contain more information than Sensitivity Labels, but are not used by the Reference Monitor to determine access permissions. A#CISSP3 Q.68: In what security mode can a system be operating if all users have the clearance or authorization and need-to-know to all data processed within the system? ^A: Dedicated security mode. ^B: System-high security mode. ^C: Compartmented security mode. ^D: Multilevel security mode. D#CISSP3 Q.69: What are the three conditions that must be met by the reference monitor? ^A: Confidentiality, availability and integrity. ^B: Policy, mechanism and assurance. ^C: Isolation, layering and abstraction. ^D: Isolation, completeness and verifiability. B#CISSP3 Q.70: While referring to Physical Security, what does Positive pressurization means? ^A: The pressure inside your sprinkler system is greater than zero. ^B: The air goes out of a room when a door is opened and outside air does not go into the room. ^C: Causes the sprinkler system to go off. ^D: A series of measures that increase pressure on employees in order to make them more productive. C#CISSP3 Q.71: The baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? ^A: Checkpoint level ^B: Ceiling level ^C: Clipping level ^D: Threshold level B#CISSP3 Q.72: The most prevalent cause of computer center fires is which of the following? ^A: AC equipment ^B: Electric al distribution systems. ^C: Heating systems ^D: Natural causes C#CISSP3 Q.73: An offsite backup facility intended to operate an information processing facility, having no computer or communications equipment, but having flooring, electrical writing, air conditioning, etc: Is better known as a? ^A: Hot site ^B: Duplicate processing facility ^C: Cold site ^D: Warm site C#CISSP3 Q.74: Which of the following are necessary components of a Multi-Level Security Policy? ^A: Sensitivity Labels and a “system high” evaluation. ^B: Sensitivity Labels and Discretionary Access Control. ^C: Sensitivity Labels and Mandatory Access Control. ^D: Object Labels and a “system high” evaluation. A#CISSP3 Q.75: Which of the following, used to extend a network, has a storage capacity to store frames and act as a store -and-forward device? ^A: Bridge ^B: Router ^C: Repeater ^D: Gateway D#CISSP3 Q.76: Which of the following is addressed by Kerberos? ^A: Confidentiality and integrity. ^B: Authorization and authentication. ^C: Validation and integrity. ^D: Confidentiality and integrity. A#CISSP3 Q.77: Access Control techniques do not include which of the following choices? ^A: Relevant Access Controls ^B: Discretionary Access Control ^C: Mandatory Access Control ^D: Lattice Based Access Control D#CISSP3 Q.78: Why is public key cryptography recommended for use in the process of securing facsimiles during transmission? ^A: Keys are never transmitted over the network. ^B: Data compression decreases key change frequency. ^C: Key data is not recognizable from facsimile data. ^D: The key is securely passed to the receiving machine. A#CISSP3 Q.79: Database views are not used to: ^A: Implement referential integrity. ^B: Implement least privilege. ^C: To implement content-dependent access restrictions. ^D: Implement need-to-know. B#CISSP3 Q.80: Which of the following is most concerned with personnel security? ^A: Management controls ^B: Operational controls ^C: Technical controls ^D: Human resources controls. A#CISSP3 Q.81: Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect? ^A: With TCSEC, functionality and assurance are evaluated separately. ^B: TCSEC provides a means to evaluate the trustworthiness of an information system. ^C: The Orange book does not cover networks and communications. ^D: Data base management systems are not covered by the TCSEC. B#CISSP3 Q.82: Which of the following could illegally capture network user passwords? ^A: Data diddling ^B: Sniffing ^C: Spoofing ^D: Smurfing A#CISSP3 Q.83: Which trusted facility management concept implies that two operators must review and approve the work of each other? ^A: Two-man control ^B: Dual control ^C: Double control ^D: Segregation control B#CISSP3 Q.84: There are more than 20 books in the Rainbow Series. Which of the following covers password management guidelines? ^A: Orange Book ^B: Green Book ^C: Red Book ^D: Lavender Book D#CISSP3 Q.85: Which of the following is an ip address that is private? (i.e. reserved for internal networks, and not a valid address to use on the Internet)? ^A: 172.5.42.5 ^B: 172.76.42.5 ^C: 172.90.42.5 ^D: 172.16.42.5 C#CISSP3 Q.86: How fast is private key cryptography compared to public key cryptography? ^A: 10 to 100 times faster. ^B: 100 to 1000 times faster. ^C: 1000 to 10000 times faster ^D: 10000 to 20000 times faster. C#CISSP3 Q.87: The continual effort of making sure that the correct policies, procedures and standards are in place and being followed is described as what? ^A: Due care ^B: Due concern ^C: Due diligence ^D: Due practice A#CISSP3 Q.88: Which tape format type is mostly used for home/small office backups? ^A: Quarter Inch Cartridge drives (QIC) ^B: Digital Linear Tapes (DLT) ^C: 8mm tape ^D: Digital Audio Tape (DAT) C#CISSP3 Q.89: In an organization, an Information Technology security function should: ^A: Be a function within the information systems function of an organization. ^B: Report directly to a specialized business unit such as legal, corporate security or insurance. ^C: Be lead by a Chief Security Officer and report directly to the CEO. ^D: Be independent but report to the Information Systems function. C#CISSP3 Q.90: Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? ^A: Business and functional managers. ^B: IT Security practitioners. ^C: System and information owners. ^D: Chief information officer A#CISSP3 Q.91: The act of requiring two of the three factors to be used in the authentication process refers to? ^A: Two-Factor Authentication ^B: One-Factor Authentication ^C: Bi-Factor Authentication ^D: Double Authentication A#CISSP3 Q.92: This type of backup management provides a continuous on-line backup by using optical or tape “jukeboxes”, similar to WORMs, (Write Once, Read Many) ^A: Hierarchical Storage Management (HSM). ^B: Hierarchical Resource Management (HRM). ^C: Hierarchical Access Management (HAM). ^D: Hierarchical Instance Management (HIM). D#CISSP3 Q.93: Which of the following elements is not included in a Public Key Infrastructure (PKI)? ^A: Timestamping ^B: Lightweight Directory Access Protocol (LDAP) ^C: Certificate revocation ^D: Internet Key Exchange (IKE) B#CISSP3 Q.94: Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? ^A: Direct addressing ^B: Indirect addressing ^C: Indexed addressing ^D: Program addressing B#CISSP3 Q.95: Creation and maintenance of intrusion detection systems and processes for the following is one of them identify it: ^A: Event nonrepudiation ^B: Event notification ^C: Netware monitoring ^D: Guest access A#CISSP3 Q.96: Which of the following is true related to network sniffing? ^A: Sniffers allow an attacker to monitor data passing across a network. ^B: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods, ^C: Sniffers take over network connections ^D: Sniffers send IP fragments to a system that overlap with each other. A#CISSP3 Q.97: Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? ^A: User datagram protocol (UDP) ^B: Internet protocol (IP) ^C: Address resolution protocol (ARP) ^D: Internet control message protocol (ICMP) B#CISSP3 Q.98: Which of the following is used to help business units understand the impact of a disruptive event? ^A: A risk analysis. ^B: A business impact assessment. ^C: A vulnerability assessment. ^D: A disaster recovery plan. B#CISSP3 Q.99: A contingency plan should address? ^A: Potential risks ^B: Residual risks ^C: Identified risks ^D: All of the above A#CISSP3 Q.100: In the OSI/ISO model, at what level is SET (SECURE ELECTRONIC TRANSACTION PROTOCOL) provided? ^A: Application ^B: Network ^C: Presentation ^D: Session A#CISSP3 Q.101: A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the session’s communications protocol (TCP, UDP or ICMP), and the source destination application port for the? ^A: Desired service ^B: Dedicated service ^C: Delayed service ^D: Distributed service. A#CISSP3 Q.102: Packet Filtering Firewalls system is considered a? ^A: First generation firewall. ^B: Second generation firewall. ^C: Third generation firewall. ^D: Fourth generation firewall. D#CISSP3 Q.103: When should a post-mortem review meeting be held after an intrusion has been properly taken care of? ^A: Within the first three months after the investigation of the intrusion is completed. ^B: Within the first week after prosecution of intruders have taken place, whether successful or not. ^C: Within the first month after the investigation of the intrusion is completed. ^D: Within the first week of completing the investigation of the intrusion. A#CISSP3 Q.104: Which of the following can be used as a covert channel? ^A: Storage and timing. ^B: Storage and low bits. ^C: Storage and permissions. ^D: Storage and classification. C#CISSP3 Q.105: Which software development model is actually a meta-model that incorporates a number of the software development models? ^A: The Waterfall model. ^B: The modified Waterfall model. ^C: The Spiral model. ^D: The Critical Patch Model (CPM). B#CISSP3 Q.106: What is not true with pre -shared key authentication within IKE / IPsec protocol: ^A: Pre-shared key authentication is normally based on simple passwords. ^B: Needs a PKI to work. ^C: Only one preshared key for all VPN connections is needed. ^D: Costly key management on large user groups. C#CISSP3 Q.108: In order to ensure the privacy and integrity of the data, conne ctions between firewalls over public networks should use? ^A: Screened subnets ^B: Digital certificates ^C: Encrypted Virtual Private Networks ^D: Encryption D#CISSP3 Q.109: What is necessary for a subject to have write access to an object in a Multi-Level Security Policy? ^A: The subject’s sensitivity label must dominate the object’s sensitivity label. ^B: The subject’s sensitivity label subordinates the object’s sensitivity label. ^C: The subject’s sensitivity label is subordinated by the object’s sensitivity label. ^D: The subject’s sensitivity label is dominated by the object’s sensitivity label. B#CISSP3 Q.110: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account? ^A: Data fiddling ^B: Data diddling ^C: Data hiding ^D: Data masking A#CISSP3 Q.111: Which of the following is unlike the other three? ^A: El Gamal ^B: Teardrop ^C: Buffer Overflow ^D: Smurf D#CISSP3 Q.112: Phreakers are hackers who specialize in telephone frau^D: What type of telephone fraud manipulates the line voltage to receive a tool-free call? ^A: Red Boxes ^B: Blue Boxes ^C: White Boxes ^D: Black Boxes D#CISSP3 Q.113: Which of the following groups represents the leading source of computer crime losses? ^A: Hackers ^B: Industrial saboteurs ^C: Foreign intelligence officers ^D: Employees A#CISSP3 Q.114: Which of the following steps should be performed first in a business impact analysis (BIA)? ^A: Identify all business units within the organization. ^B: Evaluate the impact of disruptive events. ^C: Estimate the Recovery Time Objectives (RTO). ^D: Evaluate the criticality of business functions. C#CISSP3 Q.115: Which of the following embodies all the detailed actions that personnel are required to follow? ^A: Standards ^B: Guidelines ^C: Procedures ^D: Baselines D#CISSP3 Q.116: Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases) is? ^A: Coaxial cable ^B: Twisted Pair cable ^C: Axial cable ^D: Fiber Optic cable A#CISSP3 Q.117: Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or cassette? ^A: Degaussing ^B: Parity Bit Manipulation ^C: Certification ^D: Buffer overflow A#CISSP3 Q.118: Which of the following is an advantage of prototyping? ^A: Prototype systems can provide significant time and cost savings. ^B: Change control is often less complicated with prototype systems. ^C: It ensures that functions or extras are not added to the intended system. ^D: Strong internal controls are easier to implement. A#CISSP3 Q.119: The IS security analyst’s participation in which of the following system development life cycle phases provides maximum benefit to the organization? ^A: System requirements definition. ^B: System design. ^C: Program development. ^D: Program testing. C#CISSP3 Q.120: Controls are implemented to? ^A: Eliminate risk and reduce the potential for loss. ^B: Mitigate risk and eliminate the potential for loss. ^C: Mitigate risk and reduce the potential for loss. ^D: Eliminate risk and eliminate the potential for loss. A#CISSP3 Q.121: A circuit level gateway is ________ when compared to an application level firewall. ^A: Easier to maintain. ^B: More difficult to maintain. ^C: More secure. ^D: Slower C#CISSP3 Q.122: In IPSec, if the communication mode is gateway-gateway or host-gateway: ^A: Only tunnel mode can be used. ^B: Only transport mode can be used. ^C: Encapsulating Security Payload (ESP) authentication must be used. ^D: Both tunnel and transport mode can be used. C#CISSP3 Q.123: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? ^A: The Take-Grant model ^B: The Biba integrity model ^C: The Clark Wilson integrity model ^D: The Bell-LaPadula integrity model A#CISSP3 Q.124: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? ^A: In order to facilitate recover, a single plan should cover all locations. ^B: There should be requirements for to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. ^C: In its procedures and tasks, the plan should refer to functions, not specific individuals. ^D: Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner. C#CISSP3 Q.125: What are suitable protocols for securing VPN connections? ^A: S/MIME and SSH ^B: TLS and SSL ^C: IPsec and L2TP ^D: PKCS and X.509 D#CISSP3 Q.126: Which of the following questions is less likely to help in assessing identification and authentication controls? ^A: Is a current list maintained and approved of authorized users and their access? ^B: Are passwords changed at least every ninety days or earlier if needed? ^C: Are inactive user identifications disabled after a specified period of time? ^D: Is there a process for reporting incidents? B#CISSP3 Q.127: The primary purpose for using one -way encryption of user passwords within a system is which of the following? ^A: It prevents an unauthorized person from trying multiple passwords in one logon attempt. ^B: It prevents an unauthorized person from reading or modifying the password list. ^C: It minimizes the amount of storage required for user passwords. ^D: It minimizes the amount of processing time used for encrypting passwords. D#CISSP3 Q.128: The security of a computer application is most effective and economical in which of the following cases? ^A: The system is optimized prior to the addition of security. ^B: The system is procured off-the-shelf. ^C: The system is customized to meet the specific security threat. ^D: The system is designed originally to provide the necessary security. D#CISSP3 Q.129: In the following choices there is one that is a typical biometric characteristics that is not used to uniquely authenticate an individual’s identity? ^A: Retina scans ^B: Iris scans ^C: Palm scans ^D: Skin scans A#CISSP3 Q.130: Which of the following proves or disproves a specific act though oral testimony based on information gathered through the witness’s five senses? ^A: Direct evidence ^B: Circumstantial evidence ^C: Conclusive evidence ^D: Corroborative evidence B#CISSP3 Q.131: Which of the following would be defined as an absence of safeguard that could be exploited? ^A: A threat ^B: A vulnerability ^C: A risk ^D: An exposure D#CISSP3 Q.132: Which of the following is a LAN transmission protocol? ^A: Ethernet ^B: Ring topology ^C: Unicast ^D: Polling B#CISSP3 Q.133: Why would a database be denormalized? ^A: To ensure data integrity. ^B: To increase processing efficiency. ^C: To prevent duplication of data. ^D: To save storage space. C#CISSP3 Q.134: Under “Named Perils” form of Property insurance ^A: Burden of proof that particular loss is covered is on Insurer. ^B: Burden of proof that particular loss is not covered is on Insurer. ^C: Burden of proof that particular loss is covered is on Insured. ^D: Burden of proof that particular loss is not covered is on Insured. C#CISSP3 Q.135: The following is not true: ^A: Since the early days of mankind humans have struggled with the problems of protecting assets. ^B: The addition of a PIN keypad to the card reader was a solution to unreported card or lost card problem. ^C: There has never been of problem of lost keys. ^D: Human guard is an inefficient and sometimes ineffective method of protecting resources. C#CISSP3 Q.136: Which of the following statements pertaining to software testing approaches is correct? ^A: A bottom-up approach allows interface errors to be detected earlier. ^B: A top-down approach allows errors in critical modules to be detected earlier. ^C: The test plan and results should be retained as part of the system’s permanent documentation. ^D: Black box testing is predicted on a close examination of procedural detail. C#CISSP3 Q.137: Which Orange Book evaluation level is described as “Structured Protection”? ^A: A1 ^B: B3 ^C: B2 ^D: B1 C#CISSP3 Q.138: Which of the following questions should any user not be able to answer regarding their organization information security policy? ^A: Who is involved in establishing the security policy? ^B: Where is the organization security policy defined? ^C: What are the actions that need to be performed in case of a disaster? ^D: Who is responsible for monitoring compliance to the organization security policy? A#CISSP3 Q.139: RAID Level 1 mirrors the data from one disk to set of disks using which of the following techniques? ^A: Copying the data onto another disk or set of disks.^B: Moving the data onto another disk or set of disks. ^C: Establishing dual connectivity to another disk or set of disks. ^D: Establishing dual addressing to another disk or set of disks. A#CISSP3 Q.140: Which type of firewall can be used to track connectionless protocols such as UDP and RPC? ^A: Statefull inspection firewalls ^B: Packet filtering firewalls ^C: Application level firewalls ^D: Circuit level firewalls C#CISSP3 Q.141: Which of the following items should not be retained in an E-mail directory? ^A: Drafts of documents. ^B: Copies of documents. ^C: Permanent records. ^D: Temporary documents. C#CISSP3 Q.142: Which of the following department managers would be best suited to oversee the development of an information security policy? ^A: Information systems ^B: Human resources ^C: Business operations ^D: Security administration B#CISSP3 Q.143: Which of the following counterme asures is not appropriate for war dialing attacks? ^A: Monitoring and auditing for such activity. ^B: Disabling call forwarding. ^C: Making sure only necessary phone numbers are made public. ^D: Using completely different numbers for voice and data accesses. B#CISSP3 Q.144: Which of the following tools is less likely to be used by a hacker? ^A: I0phtcrack ^B: Tripwire ^C: Crack ^D: John the Ripper A#CISSP3 Q.145: Which of the following logical access exposures involves changing data before, or as it is entered into the computer? ^A: Data diddling ^B: Salami techniques ^C: Trojan horses ^D: Viruses B#CISSP3 Q.146: Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts? ^A: Lower CASE ^B: Middle CASE ^C: Upper CASE ^D: I-CASE C#CISSP3 Q.147: What is called the number of columns in a table? ^A: Schema ^B: Relation ^C: Degree ^D: Cardinality B#CISSP3 Q.148: Which of the following is the most reliable authentication device? ^A: Variable callback system ^B: Smart Card system ^C: Fixed callback system ^D: Combination of variable and fixed callback system. C#CISSP3 Q.149: Which of the following firewall rules is less likely to be found on a firewall installed between and organization internal network and the Internet? ^A: Permit all traffic to and from local host. ^B: Permit all inbound ssh traffic ^C: Permit all inbound tcp connections. ^D: Permit all syslog traffic to log-server.abc.org. B#CISSP3 Q.150: The Internet can be utilized by either? ^A: Public or private networks (with a Virtual Private Networks). ^B: Private or public networks (with a Virtual Private Networks). ^C: Home or private networks (with a Virtual Private Networks). ^D: Public or home networks (with a Virtual Private Networks). A#CISSP3 Q.151: This backup method must be made regardless of whether Differential or Incremental methods are used. ^A: Full Backup Method ^B: Incremental backup method ^C: Differential backup method ^D: Tape backup method D#CISSP3 Q.152: Why do buffer overflows happen? ^A: Because buffers can only hold so much data. ^B: Because input data is not checked for appropriate length at time of input. ^C: Because they are an easy weakness to exploit. ^D: Because of insufficient system memory. C#CISSP3 Q.153: Which of the following should not be performed by an operator? ^A: Mounting disk or tape ^B: Backup and recovery ^C: Data entry ^D: Handling hardware C#CISSP3 Q.154: What security model is dependant on security labels? ^A: Discretionary access control ^B: Label-based access control ^C: Mandatory access control ^D: Non-discretionary access control A#CISSP3 Q.155: Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following? ^A: Audit log capabilities ^B: Event capture capabilities ^C: Event triage capabilities ^D: Audit notification capabilities B#CISSP3 Q.156: Computer crime is generally made possible by which of the following? ^A: The perpetrator obtaining training & special knowledge. ^B: Victim carelessness. ^C: Collusion with others in information processing ^D: System design flaws. A#CISSP3 Q.157: The structures, transmission methods, transport formats, and security measures that are used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media includes? ^A: The Telecommunications and Network Security domain. ^B: The Telecommunications and Netware Security domain. ^C: The Technical communications and Network Security domain. ^D: The Telnet and Network Security domain. A#CISSP3 Q.158: Which of the following is the lowest TCSEC class where in the sys tem must protected against covert storage channels (but not necessarily covert timing channels)? ^A: B2 ^B: B1 ^C: B3 ^D: A1 C#CISSP3 Q.159: Which type of control is concerned with avoiding occurrences of risks? ^A: Deterrent controls ^B: Detective controls ^C: Preventive controls ^D: Compensating controls A#CISSP3 Q.160: The basic function of an FRDS is to? ^A: Protect file servers from data loss and a loss of availability due to disk failure. ^B: Persistent file servers from data gain and a gain of availability due to disk failure. ^C: Prudent file servers from data loss and a loss of acceptability due to disk failure. ^D: Packet file servers from data loss and a loss of accountability due to disk failure. D#CISSP3 Q.161: Which of the following protocols does not operate at the data link layer (layer 2)? ^A: PPP ^B: RARP ^C: L2F ^D: ICMP A#CISSP3 Q.162: This tape format can be used to backup data systems in addition to its original intended audio usedby: ^A: Digital Audio tape (DAT) ^B: Digital video tape (DVT) ^C: Digital Casio Tape (DCT) ^D: Digital Voice Tape (DVT) C#CISSP3 Q.163: By examining the “state” and “context” of the incoming data packets, it helps to track the protocolsthat are considered “connectionless”, such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in? ^A: First generation firewall systems. ^B: Second generation firewall systems. ^C: Third generation firewall systems. ^D: Fourth generation firewall systems. A#CISSP3 Q.164: Guards are appropriate whenever the function required by the security program involves which of the following? ^A: The use of discriminating judgment.^B: The use of physical force. ^C: The operation of access control devices. ^D: The need to detect unauthorized access. A#CISSP3 Q.165: A server cluster looks like a? ^A: Single server from the user’s point of view. ^B: Dual server from the user’s point of view. ^C: Tripe server from the user’s point of view. ^D: Quardle server from the user’s point of view. D#CISSP3 Q.166: Which of the following are functions that are compatible in a properly segregated environment? ^A: Application programming and computer operation. ^B: System programming and job control analysis. ^C: Access authorization and database administration. ^D: System development and systems maintenance. B#CISSP3 Q.167: Encryption is applicable to all of the following OSI/ISO layers except: ^A: Network la yer ^B: Physical layer ^C: Session layer ^D: Data link layer A#CISSP3 Q.168: The Computer Security Policy Model the Orange Book is based on is which of the following? ^A: Bell-LaPadula ^B: Data Encryption Standard ^C: Kerberos ^D: Tempest A#CISSP3 Q.169: Which type of attack would a competitive intelligence attack best classify as? ^A: Business attack ^B: Intelligence attack ^C: Financial attack ^D: Grudge attack C#CISSP3 Q.170: Which of the following is responsible for the most security issues? ^A: Outside espionage ^B: Hackers ^C: Personnel ^D: Equipment failure A#CISSP3 Q.171: Which of the following goals is NOT a goal of Problem Management? ^A: To eliminate all problems. ^B: To reduce failures to a manageable level. ^C: To prevent the occurrence or re-occurrence of a problem. ^D: To mitigate the negative impact of problems on computing services and resources. D#CISSP3 Q.172: Examples of types of physical access controls include all except which of the following? ^A: badges ^B: locks ^C: guards ^D: passwords C#CISSP3 Q.173: Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect? ^A: All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained. ^B: All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals. ^C: All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as associating or preparing to associate with criminals or criminal behavior. ^D: All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures. C#CISSP3 Q.174: Which DES modes can best be used for authentication? ^A: Cipher Block Chaining and Electronic Code Book. ^B: Cipher Block Chaining and Output Feedback. ^C: Cipher Block Chaining and Cipher Feedback. ^D: Output Feedback and Electronic Code Book. A#CISSP3 Q.175: In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? ^A: Link ^B: Transport ^C: Presentation ^D: Application B#CISSP3 Q.176: Which of the following best describes the purpose of debugging programs? ^A: To generate random data that can be used to test programs before implementing them ^B: To ensure that program coding flaws are detected and corrected. ^C: To protect, during the programming phase, valid changes from being overwritten by other changes. ^D: To compare source code versions before transferring to the test environment. A#CISSP3 Q.177: With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can be replaced on the server while the? ^A: System is up and running. ^B: System is down and running. ^D: System is centre and running. A#CISSP3 Q.178: What is the process that RAID Level 0 uses as it creates one large disk by using several disks? ^A: Striping ^B: Mirroring ^D: Clustering A#CISSP3 Q.179: Which of the following is used to create and delete views and relations within tables? ^A: SQL Data Definition Language ^B: SQL Data Manipulation Language ^D: SQL Data Identification Language B#CISSP3 Q.180: Which division of the Orange Book deals with discretionary protection (need-to-know)? ^A: D ^B: C ^C: B C#CISSP3 Q.181: The Diffie -Hellman algorithm is used for? ^A: Encryption ^B: Digital signature ^D: Non-repudiation A#CISSP3 Q.182: Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is the? ^A: Full backup method. ^B: Incremental backup method. ^D: Tape backup method. C#CISSP3 Q.183: Which of the following teams should not be included in an organization’s contingency plan? ^A: Damage assessment team. ^B: Hardware salvage team. ^D: Legal affairs team. D#CISSP4 Q.1: In a discretionary mode, which of the following entities is authorized to grant information access to other people? ^A: Manager ^B: Group leader ^C: Security manager ^D: User B#CISSP4 Q.1: Covert channel is a communication channel that can be used for: ^A: Hardening the system. ^B: Violating the security policy. ^C: Protecting the DMZ. ^D: Strengthening the security policy. C#CISSP4 Q.2: To ensure that integrity is attainted through the Clark and Wilson model, certain rules are needed. These rules are: ^A: Processing rules and enforcement rules. ^B: Integrity-bouncing rules. ^C: Certification rules and enforcement rules. ^D: Certification rules and general rules. D#CISSP4 Q.3: What was introduces for circumventing difficulties in classic approaches to computer security by limiting damages produces by malicious programs? ^A: Integrity-preserving ^B: Ref Mon ^C: Integrity-monitoring ^D: Non-Interference A#CISSP4 Q.4: What is an indirect way to transmit information with no explicit reading of confidential information? ^A: Covert channels ^B: Backdoor ^C: Timing channels ^D: Overt channels B#CISSP4 Q.5: Which of the following are the limitations of the BLP model? ^A: No policies for changing access data control. ^B: All of the choices. ^C: Contains covert channels. ^D: Static in nature. B#CISSP4 Q.6: Which of the following are the two most well known access control models? ^A: Lattice and Biba ^B: Bell LaPadula and Biba ^C: Bell LaPadula and Chinese war ^D: Bell LaPadula and Info Flow A#CISSP4 Q.7: What can be defined as a formal security model for the integrity of subjects and objects in a system? ^A: Biba ^B: Bell LaPadulaLattice ^C: Lattice ^D: Info Flow D#CISSP4 Q.8: Which of the following is best known for capturing security requirements of commercial applications? ^A: Lattice ^B: Biba ^C: Bell LaPadula ^D: Clark and Wilson B#CISSP4 Q.9: The Clark Wilson model has its emphasis on: ^A: Security ^B: Integrity ^C: Accountability ^D: Confidentiality B#CISSP4 Q.10: Which of the following is a state machine model capturing confidentiality aspects of access control? ^A: Clarke Wilson ^B: Bell-LaPadula ^C: Chinese Wall ^D: Lattice C#CISSP4 Q.11: With the BLP model, access permissions are defined through: ^A: Filter rules ^B: Security labels ^C: Access Control matrix ^D: Profiles B#CISSP4 Q.12: With the BLP model, security policies prevent information flowing downwards from a: ^A: Low security level ^B: High security level ^C: Medium security level ^D: Neutral security level D#CISSP4 Q.13: When will BLP consider the information flow that occurs? ^A: When a subject alters on object. ^B: When a subject accesses an object. ^C: When a subject observer an object. ^D: All of the choices. C#CISSP4 Q.14: Separation of duties is valuable in deterring: ^A: DoS ^B: external intruder ^C: fraud ^D: trojan house C#CISSP4 Q.15: What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set? ^A: Use of rights ^B: Balance of power ^C: Separation of duties ^D: Fair use D#CISSP4 Q.16: Separation of duty can be: ^A: Dynamic only ^B: Encrypted ^C: Static only ^D: Static or dynamic A#CISSP4 Q.17: Who should determine the appropriate sensitivity classifications of information? ^A: Owner ^B: Server ^C: Administrator ^D: User A#CISSP4 Q.18: Who should determine the appropriate access control of information? ^A: Owner ^B: User ^C: Administrator ^D: Server D#CISSP4 Q.19: What principle requires that a user be given no more privilege then necessary to perform a job? ^A: Principle of aggregate privilege. ^B: Principle of most privilege. ^C: Principle of effective privilege. ^D: Principle of least privilege. B#CISSP4 Q.20: To ensure least privilege requires that __________ is identified. ^A: what the users privilege owns ^B: what the users job is ^C: what the users cost is ^D: what the users group is B#CISSP4 Q.21: The concept of least privilege currently exists within the context of: ^A: ISO ^B: TCSEC ^C: OSI ^D: IEFT B#CISSP4 Q.22: Enforcing minimum privileges for general system users can be easily achieved through the use of: ^A: TSTEC ^B: RBAC ^C: TBAC ^D: IPSEC B#CISSP4 Q.23: Which of the following are potential firewall problems that should be logged? ^A: Reboot ^B: All of the choices. ^C: Proxies restarted. ^D: Changes to configuration file. A#CISSP4 Q.24: Which of the following are security events on Unix that should be logged? ^A: All of the choices. ^B: Use of Setgid. ^C: Change of permissions on system files. ^D: Use of Setuid. B#CISSP4 Q.25: What process determines who is trusted for a given purpose? ^A: Identification ^B: Authorization ^C: Authentication ^D: Accounting B#CISSP4 Q.26: Which of the following tools can you use to assess your networks vulnerability? ^A: ISS ^B: All of the choices. ^C: SATAN ^D: Ballista D#CISSP4 Q.27: Which of the following should NOT be logged for performance problems? ^A: CPU load. ^B: Percentage of use. ^C: Percentage of idle time. ^D: None of the choices. A#CISSP4 Q.28: Which of the following should be logged for security problems? ^A: Use of mount command. ^B: Percentage of idle time. ^C: Percentage of use. ^D: None of the choices. B#CISSP4 Q.29: Which of the following services should be logged for security purpose? ^A: bootp ^B: All of the choices. ^C: sunrpc ^D: tftp D#CISSP4 Q.30: Who should NOT have access to the log files? ^A: Security staff. ^B: Internal audit staff. ^C: System administration staff. ^D: Manager’s secretary. C#CISSP4 Q.31: Which of the following correctly describe the use of the collected logs? ^A: They are used in the passive monitoring process only. ^B: They are used in the active monitoring process only. ^C: They are used in the active and passive monitoring process. ^D: They are used in the archiving process only. C#CISSP4 Q.32: All logs are kept on archive for a period of time. What determines this period of time? ^A: Administrator preferences. ^B: MTTR ^C: Retention polices ^D: MTTF C#CISSP4 Q.33: Logs must be secured to prevent: ^A: Creation, modification, and destruction. ^B: Modification, deletion, and initialization. ^C: Modification, deletion, and destruction. ^D: Modification, deletion, and inspection. A#CISSP4 Q.34: To ensure dependable and secure logging, all computers must have their clock synchronized to: ^A: A central timeserver. ^B: The log time stamp. ^C: The respective local times. ^D: None of the choices. B#CISSP4 Q.35: To ensure dependable and secure logging, logging information traveling on the network should be: ^A: Stored ^B: Encrypted ^C: Isolated ^D: Monitored A#CISSP4 Q.36: The activity that consists of collecting information that will be used for monitoring is called: ^A: Logging ^B: Troubleshooting ^C: Auditing ^D: Inspecting B#CISSP4 Q.37: How often should logging be run? ^A: Once every week. ^B: Always ^C: Once a day. ^D: During maintenance. A#CISSP4 Q.38: If the computer system being used contains confidential information, users must not: ^A: Leave their computer without first logging off. ^B: Share their desks. ^C: Encrypt their passwords. ^D: Communicate A#CISSP4 Q.39: Security is a process that is: ^A: Continuous ^B: Indicative ^C: Examined ^D: Abnormal C#CISSP4 Q.40: Which of the following user items can be shared? ^A: Password ^B: Home directory ^C: None of the choices. B#CISSP4 Q.41: Root login should only be allowed via: ^A: Rsh ^B: System console ^C: Remote program ^D: VNC B#CISSP4 Q.42: What should you do to the user accounts as soon as employment is terminated? ^A: Disable the user accounts and erase immediately the data kept. ^B: Disable the user accounts and have the data kept for a specific period of time. ^C: None of the choices. ^D: Maintain the user accounts and have the data kept for a specific period of time. D#CISSP4 Q.43: Access to the _________ account on a Unix server must be limited to only the system administrators that must absolutely have this level of access. ^A: Superuser of inetd. ^B: Manager or root. ^C: Fsf or root ^D: Superuser or root. D#CISSP4 Q.44: Which of the following correctly describe “good” security practice? ^A: Accounts should be monitored regularly. ^B: You should have a procedure in place to verify password strength. ^C: You should ensure that there are no accounts without passwords. ^D: All of the choices. A#CISSP4 Q.45: LOMAC is a security enhancement for what operating system? ^A: Linux ^B: Netware ^C: Solaris B#CISSP4 Q.46: LOMAC uses what Access Control method to protect the integrity of processes and data? ^A: Linux based EFS. ^B: Low Water-Mark Mandatory Access Control. ^C: Linux based NFS. ^D: High Water-Mark Mandatory Access Control. D#CISSP4 Q.47: On Linux, LOMAC is implemented as: ^A: Virtual addresses ^B: Registers ^C: Kernel built in functions ^D: Loadable kernel module B#CISSP4 Q.49: What is the me thod of coordinating access to resources based on the listening of permitted IP addresses? ^A: MAC ^B: ACL ^C: DAC ^D: None of the choices. A#CISSP4 Q.50: With RBAC, each user can be assigned: ^A: One or more roles. ^B: Only one role. ^C: A token role. ^D: A security token. C#CISSP4 Q.51: With RBAC, roles are: ^A: Based on labels. ^B: All equal ^C: Hierarchical ^D: Based on flows. C#CISSP4 Q.52: With __________, access decisions are based on the roles that individual users have as part of an organization. ^A: Server based access control. ^B: Rule based access control. ^C: Role based access control. ^D: Token based access control. C#CISSP4 Q.53: Under Role based access control, access rights are grouped by: ^A: Policy name ^B: Rules ^C: Role name ^D: Sensitivity label C#CISSP4 Q.54: Which of the following will you consider as a “role” under a role based access control system? ^A: Bank rules ^B: Bank computer ^C: Bank teller ^D: Bank network B#CISSP4 Q.55: Role based access control is attracting increasing attention particularly for what applications? ^A: Scientific ^B: Commercial ^C: Security ^D: Technical D#CISSP4 Q.56: What is one advantage of deploying Role based access control in large networked applications? ^A: Higher security ^B: Higher bandwidth ^C: User friendliness ^D: Lower cost B#CISSP4 Q.57: DAC and MAC policies can be effectively replaced by: ^A: Rule based access control. ^B: Role based access control. ^C: Server based access control. ^D: Token based access control B#CISSP4 Q.58: Which of the following correctly describe Role based access control? ^A: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups. ^B: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure. ^C: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system. ^D: It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL. D#CISSP4 Q.59: Which of the following RFC talks about Rule Based Security Policy? ^A: 1316 ^B: 1989 ^C: 2717 ^D: 2828 A#CISSP4 Q.60: With Rule Based Security Policy, a security policy is based on: ^A: Global rules imposed for all users. ^B: Local rules imposed for some users. ^C: Global rules imposed for no body. ^D: Global rules imposed for only the local users. C#CISSP4 Q.61: With Rule Based Security Policy, global rules usually rely on comparison of the _______ of the resource being accesseD. ^A: A group of users. ^B: Users ^C: Sensitivity ^D: Entities C#CISSP4 Q.62: What control is based on a specific profile for each user? ^A: Lattice based access control. ^B: Directory based access control. ^C: Rule based access control. ^D: ID based access control. A#CISSP4 Q.63: In a very large environment, which of the following is an administrative burden? ^A: Rule based access control. ^B: Directory based access control. ^C: Lattice based access control ^D: ID bases access control A#CISSP4 Q.64: Which of the following is a feature of the Rule based access control? ^A: The use of profile. ^B: The use of information flow label. ^C: The use of data flow diagram. ^D: The use of token. D#CISSP4 Q.65: A firewall can be classified as a: ^A: Directory based access control. ^B: Rule based access control. ^C: Lattice based access control. ^D: ID based access control. C#CISSP4 Q.66: The Lattice Based Access Control model was developed MAINLY to deal with: ^A: Affinity ^B: None of the choices. ^C: Confidentiality ^D: Integrity B#CISSP4 Q.67: With the Lattice Based Access Control model, a security class is also called a: ^A: Control factor ^B: Security label ^C: Mandatory number ^D: Serial ID A#CISSP4 Q.68: Under the Lattice Based Access Control model, a container of information is a(n): ^A: Object ^B: Model ^C: Label A#CISSP4 Q.69: What Access Control model was developed to deal mainly with information flow in computer systems? ^A: Lattice Based ^B: Integrity Based ^C: Flow Based ^D: Area Based B#CISSP4 Q.70: The Lattice Based Access Control model was developed to deal mainly with ___________ in computer systems. ^A: Access control ^B: Information flow ^C: Message routes ^D: Encryption B#CISSP4 Q.71: In the Lattice Based Access Control model, controls are applied to: ^A: Scripts ^B: Objects ^C: Models ^D: Factors C#CISSP4 Q.72: With Discretionary access controls, who determines who has access and what privilege they have? ^A: End users. ^B: None of the choices. ^C: Resource owners. ^D: Only the administrators. A#CISSP4 Q.73: What defines an imposed access control level? ^A: MAC ^B: DAC ^C: SAC ^D: CAC B#CISSP4 Q.74: Under MAC, who can change the category of a resource? ^A: All users. ^B: Administrators only. ^C: All managers. ^D: None of the choices. A#CISSP4 Q.75: Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy? ^A: None of the choices. ^B: All users. ^C: Administrators only. ^D: All managers. B#CISSP4 Q.76: You may describe MAC as: ^A: Opportunistic ^B: Prohibitive ^C: None of the choices. ^D: Permissive B#CISSP4 Q.77: Under MAC, which of the following is true? ^A: All that is expressly permitted is forbidden. ^B: All that is not expressly permitted is forbidden. ^C: All that is not expressly permitted is not forbidden. ^D: None of the choices. C#CISSP4 Q.78: Under MAC, a clearance is a: ^A: Sensitivity ^B: Subject ^C: Privilege ^D: Object D#CISSP4 Q.79: Under MAC, a file is a(n): ^A: Privilege ^B: Subject ^C: Sensitivity ^D: Object A#CISSP4 Q.80: Under MAC, classification reflects: ^A: Sensitivity ^B: Subject ^C: Privilege ^D: Object A#CISSP4 Q.81: MAC is used for: ^A: Defining imposed access control level. ^B: Defining user preferences. ^C: None of the choices. ^D: Defining discretionary access control level. C#CISSP4 Q.82: With MAC, who may make decisions that bear on policy? ^A: None of the choices. ^B: All users. ^C: Only the administrator. ^D: All users except guests. A#CISSP4 Q.83: With MAC, who may NOT make decisions that derive from policy? ^A: All users except the administrator. ^B: The administrator. ^C: The power users. ^D: The guests. B#CISSP4 Q.84: Under the MAC control system, what is required? ^A: Performance monitoring ^B: Labelling ^C: Sensing ^D: None of the choices C#CISSP4 Q.85: Access controls that are not based on the policy are characterized as: ^A: Secret controls ^B: Mandatory controls ^C: Discretionary controls ^D: Corrective controls A#CISSP4 Q.86: DAC are characterized by many organizations as: ^A: Need-to-know controls ^B: Preventive controls ^C: Mandatory adjustable controls ^D: None of the choices C#CISSP4 Q.87: Which of the following correctly describe DAC? ^A: It is the most secure method. ^B: It is of the B2 class. ^C: It can extend beyond limiting which subjects can gain what type of access to which objects. ^D: It is of the B1 class. B#CISSP4 Q.88: Under DAC, a subjects rights must be ________ when it leaves an organization altogether. ^A: recycled ^B: terminated ^C: suspended ^D: resumed B#CISSP4 Q.89: Audit trail is a category of what control? ^A: System, Manual ^B: Detective, Technical ^C: User, Technical ^D: Detective, Manual B#CISSP4 Q.90: IDS is a category of what control? ^A: Detective, Manual ^B: Detective, Technical ^C: User, Technical ^D: System, Manual D#CISSP4 Q.91: Which of the following is not a detective technical control? ^A: Intrusion detection system ^B: Violation reports ^C: Honeypot ^D: None of the choices. D#CISSP4 Q.92: ________ Technical Controls warn of technical Access Control violations. ^A: Elusive ^B: Descriptive ^C: Corrective ^D: Detective D#CISSP4 Q.93: A two factor authentication method is considered as a: ^A: Technical control ^B: Patching control ^C: Corrective control ^D: Logical control B#CISSP4 Q.94: Which of the following will you NOT consider as technical controls? ^A: Access Control software ^B: Man trap ^C: Passwords ^D: Antivirus Software D#CISSP4 Q.95: ___________________ are the technical ways of restricting who or what can access system resources. ^A: Preventive Manual Controls ^B: Detective Technical Controls ^C: Preventive Circuit Controls ^D: Preventive Technical Controls B#CISSP4 Q.96: Preventive Technical Controls is usually built: ^A: By using MD5. ^B: Into an operating system. ^C: By security officer. ^D: By security administrator. D#CISSP4 Q.97: Preventive Technical Controls cannot: ^A: Protect the OS from unauthorized modification. ^B: Protect confidential information from being disclosed to unauthorized persons. ^C: Protect the OS from unauthorized manipulation. ^D: Protect users from being monitored. D#CISSP4 Q.98: How do Preventive Technical Controls protect system integrity and availability? ^A: By limiting the number of threads only. ^B: By limiting the number of system variables. ^C: By limiting the number of function calls only. ^D: By limiting the number of users and/or processes. C#CISSP4 Q.99: Sensor is: ^A: Logical, Physical ^B: Corrective, Logical ^C: Detective, Physical ^D: Corrective, Physical D#CISSP4 Q.100: Motion detector is a feature of: ^A: Corrective Logical Controls. ^B: Logical Physical Controls. ^C: Corrective Physical Controls. ^D: Detective Physical Controls. A#CISSP4 Q.101: Closed circuit TV is a feature of: ^A: Detective Physical Controls ^B: Corrective Physical Controls ^C: Corrective Logical Controls ^D: Logical Physical Controls B#CISSP4 Q.102: Access control is the collection of mechanisms that permits managers of a system to exercise influence over the use of: ^A: A man guard ^B: An IS system ^C: A threshold ^D: A Trap B#CISSP4 Q.103: Access control allows you to exercise directing influence over which of the following aspects of a system? ^A: Behavior, user, and content provider. ^B: Behavior, use, and content. ^C: User logs and content. ^D: None of the choic es. B#CISSP4 Q.104: The principle of accountability is a principle by which specific action cab be traced back to: ^A: A policy ^B: An individual ^C: A group ^D: A manager C#CISSP4 Q.105: The principle of _________ s a principle by which specific action can be traced back to anyone of your users. ^A: Security ^B: Integrity ^C: Accountability ^D: Policy D#CISSP4 Q.106: According to the principle of accountability, what action should be traceable to a specific user? ^A: Material ^B: Intangible ^C: Tangible ^D: Significant C#CISSP4 Q.107: A significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action do NOT include: ^A: Violations of security policy. ^B: Attempted violations of security policy. ^C: Non-violations of security policy. ^D: Attempted violations of allowed actions. A#CISSP4 Q.108: ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricted. ^A: Access control ^B: Type of access ^C: System resource ^D: Work permit A#CISSP4 Q.109: The ability to do something with a computer resource can be explicitly enabled or restricted through: ^A: Physical and system-based controls. ^B: Theoretical and system-based controls. ^C: Mental and system-based controls. ^D: Physical and trap-based controls. C#CISSP4 Q.110: The main categories of access control do NOT include: ^A: Administrative Access Control ^B: Logical Access Control ^C: Random Access Control ^D: Physical Access Control D#CISSP4 Q.111: You have very strict Physical Access controls. At the same time you have loose Logical Access Controls. What is true about this setting? ^A: None of the choices. ^B: It can 100% secure your environment. ^C: It may secure your environment. ^D: It may not secure your environment. A#CISSP4 Q.112: Which of the following is NOT a type of access control? ^A: Intrusive ^B: Deterrent ^C: Detective ^D: Preventive A#CISSP4 Q.113: As a type of access control, which of the following asks for avoiding occurrence? ^A: Preventive ^B: Deterrent ^C: Intrusive ^D: Detective C#CISSP4 Q.114: As a type of access control, which of the following asks for identifying occurrences? ^A: Deterrent ^B: Preventive ^C: Detective ^D: Intrusive C#CISSP4 Q.115: As a type of access control, which of the following asks for discouraging occurrence? ^A: Detective ^B: Intrusive ^C: Deterrent ^D: Preventive C#CISSP4 Q.116: As a type of access control, which of the following asks for restoring controls? ^A: Deterrent ^B: Intrusive ^C: Corrective ^D: Preventive A#CISSP4 Q.117: What type of access control focuses on restoring resources? ^A: Recovery ^B: Preventive ^C: Intrusive ^D: Corrective C#CISSP4 Q.118: What scheme includes the requirement that the system maintain the separation of duty requirement expressed in the access control triples? ^A: Bella ^B: Lattice ^C: Clark-Wilson ^D: Bell-LaPadula B#CISSP4 Q.119: What is an access control model? ^A: A formal description of access control ID specification. ^B: A formal description of security policy. ^C: A formal description of a sensibility label. ^D: None of the choices. B#CISSP4 Q.120: Which of the following is true about MAC? ^A: It is more flexible than DAC. ^B: It is more secure than DAC. ^C: It is less secure than DAC. ^D: It is more scalable than DAC. C#CISSP4 Q.121: The access matrix model consists of which of the following parts? (Choose all that apply) ^A: A function that returns an objects type. ^B: A list of subjects. ^C: All of the choices. ^D: A list of objects. A#CISSP4 Q.122: The access matrix model has which of the following common implementations? ^A: Access control lists and capabilities. ^B: Access control lists. ^C: Capabilities. ^D: Access control list and availability. B#CISSP4 Q.123: What can be accomplished by storing on each subject a list of rights the subject has for every object? ^A: Object ^B: Capabilities ^C: Key ring ^D: Rights B#CISSP4 Q.124: Which of the following is true regarding a secure access model? ^A: Secure information cannot flow to a more secure user. ^B: Secure information cannot flow to a less secure user. ^C: Secure information can flow to a less secure user. ^D: None of the choices. A#CISSP4 Q.125: In the Information Flow Model, what relates two versions of the same object? ^A: Flow ^B: State ^C: Transformation ^D: Successive points D#CISSP4 Q.126: In the Information Flow Model, what acts as a type of dependency? ^A: State ^B: Successive points ^C: Transformation ^D: Flow C#CISSP4 Q.127: The lattice-based model aims at protecting against: ^A: Illegal attributes. ^B: None of the choices. ^C: Illegal information flow among the entities. ^D: Illegal access rights B#CISSP4 Q.128: Which of the following are the components of the Chinese wall model? ^A: Conflict if interest classes. ^B: All of the choices. ^C: Subject ^D: Company Datasets. B#CISSP4 Q.129: Which of the following correctly describe the difference between identification and authentication? ^A: Authentication is a means to verify who you are, while identification is what you are authorized to perform. ^B: Identification is a means to verify who you are, while authentication is what you are authorized to perform. ^C: Identification is another name of authentication. ^D: Identification is the child process of authentication. B#CISSP4 Q.130: Identification establishes: ^A: Authentication ^B: Accountability ^C: Authorization ^D: None of the choices. A#CISSP4 Q.131: Identification usually takes the form of: ^A: Login ID. ^B: User password. ^C: None of the choices. ^D: Passphrase D#CISSP4 Q.132: Authentication is typically based upon: ^A: Something you have. ^B: Something you know. ^C: Something you are. ^D: All of the choices. B#CISSP4 Q.133: A password represents: ^A: Something you have. ^B: Something you know. ^C: All of the choices. ^D: Something you are. C#CISSP4 Q.134: A smart card represents: ^A: Something you are. ^B: Something you know. ^C: Something you have. ^D: All of the choices. A#CISSP4 Q.135: Retinal scans check for: ^A: Something you are. ^B: Something you have. ^C: Something you know. ^D: All of the choices. D#CISSP4 Q.136: Which of the following is the most commonly used check on something you know? ^A: One time password ^B: Login phrase ^C: Retinal ^D: Password A#CISSP4 Q.137: Software generated password has what drawback? ^A: Password not easy to remember. ^B: Password too secure. ^C: None of the choices. ^D: Password unbreakable. B#CISSP4 Q.138: Which of the following will you consider as most secure? ^A: Password ^B: One time password ^C: Login phrase ^D: Login ID C#CISSP4 Q.139: What type of password makes use of two totally unrelated words? ^A: Login phrase ^B: One time password ^C: Composition ^D: Login ID D#CISSP4 Q.140: Which of the following are the advantages of using passphrase? ^A: Difficult to crack using brute force. ^B: Offers numerous characters. ^C: Easier to remember. ^D: All of the choices. B#CISSP4 Q.141: Which of the following is the correct account policy you should follow? ^A: All of the choices. ^B: All active accounts must have a password. ^C: All active accounts must have a long and complex pass phrase. ^D: All inactive accounts must have a password. B#CISSP4 Q.142: On UNIX systems, passwords shall be kept: ^A: In any location on behalf of root. ^B: In a shadow password file. ^C: In the /etc/passwd file. ^D: In root. B#CISSP4 Q.143: Which of the following are the correct guidelines of password deployment? ^A: Passwords must be masked. ^B: All of the choices. ^C: Password must have a minimum of 8 characters. ^D: Password must contain a mix of both alphabetic and non-alphabetic characters. A#CISSP4 Q.144: Why would a 16 characters password not desirable? ^A: Hard to remember ^B: Offers numerous characters. ^C: Difficult to crack using brute force. ^D: All of the choices. C#CISSP4 Q.145: Which of the following is NOT a good password deployment guideline? ^A: Passwords must not be he same as user id or login id. ^B: Password aging must be enforced on all systems. ^C: Password must be easy to memorize. ^D: Passwords must be changed at least once every 60 days, depending on your environment. B#CISSP4 Q.146: Routing password can be restricted by the use of: ^A: Password age ^B: Password history ^C: Complex password ^D: All of the choices A#CISSP4 Q.147: Which of the following is an effective measure against a certain type of brute force password attack? ^A: Password used must not be a word found in a dictionary. ^B: Password history is used. ^C: Password reuse is not allowed. ^D: None of the choices. D#CISSP4 Q.148: Which of the following are measures against password sniffing? ^A: Passwords must not be sent through email in plain text. ^B: Passwords must not be stored in plain text on any electronic media. ^C: You may store passwords electronically if it is encrypted. ^D: All of the choices. B#CISSP4 Q.149: What should you do immediately if the root password is compromised? ^A: Change the root password. ^B: Change all passwords. ^C: Increase the value of password age. ^D: Decrease the value of password history. B#CISSP4 Q.150: Which of the following is the most secure way to distribute password? ^A: Employees must send in an email before obtaining a password. ^B: Employees must show ip in person and present proper identification before obtaining a password. ^C: Employees must send in a signed email before obtaining a password. ^D: None of the choices. C#CISSP4 Q.151: Which of the following can be used to protect your system against brute force password attack? ^A: Decrease the value of password history. ^B: Employees must send in a signed email before obtaining a password. ^C: After three unsuccessful attempts to enter a password, the account will be locked. ^D: Increase the value of password age. C#CISSP4 Q.152: You should keep audit trail on which of the following items? ^A: Password usage. ^B: All unsuccessful logon. ^C: All of the choices. ^D: All successful logon. D#CISSP4 Q.153: What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity? ^A: Password ^B: Token ^C: Ticket Granting ^D: Biometric A#CISSP4 Q.154: Which of the following will you consider as the MOST secure way of authentication? ^A: Biometric ^B: Password ^C: Token ^D: Ticket Granting A#CISSP4 Q.155: Biometric performance is most commonly measured in terms of: ^A: FRR and FAR ^B: FAC and ERR ^C: IER and FAR ^D: FRR and GIC B#CISSP4 Q.156: What is known as the probability that you are not authenticated to access your account? ^A: ERR ^B: FRR ^C: MTBF ^D: FAR B#CISSP4 Q.157: What is known as the chance that someone other than you is granted access to your account? ^A: ERR ^B: FAR ^C: FRR ^D: MTBF A#CISSP4 Q.158: You are comparing biometric systems. Security is the top priority. A low ________ is most important in this regard. ^A: FAR ^B: FRR ^C: MTBF ^D: ERR D#CISSP4 Q.159: The quality of finger prints is crucial to maintain the necessary: ^A: FRR ^B: ERR and FAR ^C: FAR ^D: FRR and FAR C#CISSP4 Q.160: By requiring the user to use more than one finger to authenticate, you can: ^A: Provide statistical improvements in EAR. ^B: Provide statistical improvements in MTBF. ^C: Provide statistical improvements in FRR. ^D: Provide statistical improvements in ERR. B#CISSP4 Q.161: Which of the following is being considered as the most reliable kind of personal identification? ^A: Token ^B: Finger print ^C: Password ^D: Ticket Granting D#CISSP4 Q.162: Which of the following methods is more microscopic and will analyze the direction of the ridges of the fingerprints for matching? ^A: None of the choices. ^B: Flow direct ^C: Ridge matching ^D: Minutia matching B#CISSP4 Q.163: Which of the following are the types of eye scan in use today? ^A: Retinal scans and body scans. ^B: Retinal scans and iris scans. ^C: Retinal scans and reflective scans. ^D: Reflective scans and iris scans. B#CISSP4 Q.164: Which of the following eye scan methods is considered to be more intrusive? ^A: Iris scans ^B: Retinal scans ^C: Body scans ^D: Reflective scans B#CISSP4 Q.165: Which of the following offers greater accuracy then the others? ^A: Facial recognition ^B: Iris scanning ^C: Finger scanning ^D: Voice recognition B#CISSP4 Q.166: Which of the following are the valid categories of hand geometry scanning? ^A: Electrical and image-edge detection. ^B: Mechanical and image-edge detection. ^C: Logical and image-edge detection. ^D: Mechanical and image-ridge detection. A#CISSP4 Q.167: In the world of keystroke dynamics, what represents the amount of time you hold down in a particular key? ^A: Dwell time ^B: Flight time ^C: Dynamic time ^D: Systems time B#CISSP4 Q.168: In the world of keystroke dynamics, what represents the amount of time it takes a person to switch between keys? ^A: Dynamic time ^B: Flight time ^C: Dwell time ^D: Systems time. D#CISSP4 Q.169: Which of the following are the benefits of Keystroke dynamics? ^A: Low cost ^B: Unintrusive device ^C: Transparent ^D: All of the choices. B#CISSP4 Q.170: DSV as an identification method check against users: ^A: Fingerprints ^B: Signature ^C: Keystrokes ^D: Facial expression A#CISSP4 Q.171: Signature identification systems analyze what areas of an individual’s signature? ^A: All of the choices EXCEPT the signing rate. ^B: The specific features of the signature. ^C: The specific features of the process of signing one’s signature. ^D: The signature rate. A#CISSP4 Q.172: What are the advantages to using voice identification? ^A: All of the choices. ^B: Timesaving ^C: Reliability ^D: Flexibility B#CISSP4 Q.173: What are the methods used in the process of facial identification? ^A: None of the choices. ^B: Detection and recognition. ^C: Scanning and recognition. ^D: Detection and scanning. A#CISSP4 Q.174: In the process of facial identification, the basic underlying recognition technology of facial identification involves: ^A: Eigenfeatures of eigenfaces. ^B: Scanning and recognition. ^C: Detection and scanning. ^D: None of the choices. C#CISSP4 Q.175: Which of the following is a facial feature identification product that can employ artificial intelligence and can require the system to learn from experience? ^A: All of the choices. ^B: Digital nervous system. ^C: Neural networking ^D: DSV B#CISSP4 Q.176: What is typically used to illustrate the comparative strengths and weaknesses of each biometric technology? ^A: Decipher Chart ^B: Zephyr Chart ^C: Cipher Chart ^D: Zapper Chart B#CISSP4 Q.177: In terms of the order of effectiveness, which of the following technologies is the most affective? ^A: Fingerprint ^B: Iris scan ^C: Keystroke pattern ^D: Retina scan B#CISSP4 Q.178: In terms of the order of effectiveness, which of the following technologies is the least effective? ^A: Voice pattern ^B: Signature ^C: Keystroke pattern ^D: Hand geometry C#CISSP4 Q.179: In terms of the order of acceptance, which of the following technologies is the MOST accepted? ^A: Hand geometry ^B: Keystroke pattern ^C: Voice Pattern ^D: Signature D#CISSP4 Q.180: In terms of the order of acceptance, which of the following technologies is the LEAST accepted? ^A: Fingerprint ^B: Iris ^C: Handprint ^D: Retina patterns C#CISSP4 Q.181: Token, as a way to identify user, is subject to what type of error? ^A: Token error ^B: Decrypt error ^C: Human error ^D: Encrypt error C#CISSP4 Q.182: Which of the following factors may render a token based solution unusable? ^A: Token length ^B: Card size ^C: Battery lifespan ^D: None of the choices. D#CISSP4 Q.183: Memory only card works based on: ^A: Something you have. ^B: Something you know. ^C: None of the choices. ^D: Something you know and something you have. D#CISSP4 Q.184: Which of the following is a disadvantage of memory only card? ^A: High cost to develop. ^B: High cost to operate. ^C: Physically infeasible. ^D: Easy to counterfeit. D#CISSP4 Q.185: The word “smart card” has meanings of: ^A: Personal identity token containing IC-s. ^B: Processor IC card. ^C: IC card with ISO 7816 interface. ^D: All of the choices. C#CISSP4 Q.186: Processor card contains which of the following components? ^A: Memory and hard drive. ^B: Memory and flash. ^C: Memory and processor. ^D: Cache and processor. D#CISSP4 Q.187: Attacks on smartcards generally fall into what categories? ^A: Physical attacks. ^B: Trojan Horse attacks. ^C: Logical attacks. ^D: All of the choices, plus Social Engineering attacks. B#CISSP4 Q.188: What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard? ^A: Physical attacks. ^B: Logical attacks. ^C: Trojan Horse attacks. ^D: Social Engineering attacks. A#CISSP4 Q.189: What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard? ^A: Physical attacks ^B: Logical attacks ^C: Trojan Horse attacks ^D: Social Engineering attacks C#CISSP4 Q.190: What type pf attacks occurs when a rouge application has been planted on an unsuspecting user’s workstation? ^A: Physical attacks ^B: Logical attacks ^C: Trojan Horse attacks ^D: Social Engineering attacks A#CISSP4 Q.191: What is an effective countermeasure against Trojan horse attack that targets smart cards? ^A: Singe-access device driver architecture. ^B: Handprint driver architecture. ^C: Fingerprint driver architecture. ^D: All of the choices. C#CISSP4 Q.192: Which of the following attacks could be the most successful when the security technology is properly implemented and configured? ^A: Logical attacks ^B: Physical attacks ^C: Social Engineering attacks ^D: Trojan Horse attacks A#CISSP4 Q.193: What are the valid types of one time password generator? ^A: All of the choices. ^B: Transaction synchronous ^C: Synchronous/PIN synchronous ^D: Asynchronous/PIN asynchronous A#CISSP4 Q.194: What are the benefits of job rotation? ^A: All of the choices. ^B: Trained backup in case of emergencies. ^C: Protect against fraud. ^D: Cross training to employees. A#CISSP4 Q.195: In order to avoid mishandling of media or information, you should consider to use: ^A: Labeling ^B: Token ^C: Ticket ^D: SLL A#CISSP4 Q.196: In order to avoid mishandling of media or information, which of the following should be labeled? ^A: All of the choices. ^B: Printed copies ^C: Tape ^D: Floppy disks C#CISSP4 Q.197: A method for a user to identify and present credentials only once to a system is known as: ^A: SEC ^B: IPSec ^C: SSO ^D: SSL A#CISSP4 Q.198: Which of the following correctly describe the features of SSO? ^A: More efficient log-on. ^B: More costly to administer. ^C: More costly to setup. ^D: More key exchanging involved. B#CISSP4 Q.199: What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server? ^A: IPSec ^B: RADIUS ^C: L2TP ^D: PPTP C#CISSP4 Q.200: RADIUS is de fined by which RFC? ^A: 2168 ^B: 2148 ^C: 2138 ^D: 2158 A#CISSP4 Q.201: In a RADIUS architecture, which of the following acts as a client? ^A: A network Access Server. ^B: None of the choices. ^C: The end user. ^D: The authentic ation server. C#CISSP4 Q.202: In a RADIUS architecture, which of the following can ac as a proxy client? ^A: The end user. ^B: A Network Access Server. ^C: The RADIUS authentication server. ^D: None of the choices. D#CISSP4 Q.203: What protocol was UDP based and mainly intended to provide validation of dial up user login passwords? ^A: PPTP ^B: L2TP ^C: IPSec ^D: TACACS C#CISSP4 Q.204: Which of the following are proprietarily implemented by CISCO? ^A: RADIUS+ ^B: TACACS ^C: XTACACS and TACACS+ ^D: RADIUS B#CISSP4 Q.205: In Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication? ^A: /etc/shadow ^B: /etc/host.equiv ^C: /etc/passwd ^D: None of the choices. D#CISSP4 Q.206: Information security is the protection of dat^A: Information will be protected mainly based on: ^A: Its sensitivity to the company. ^B: Its confidentiality. ^C: Its value. ^D: All of the choices. B#CISSP4 Q.207: Which of the following actions can increase the cost of an exhaustive attack? ^A: Increase the age of a password. ^B: Increase the length of a password. ^C: None of the choices. ^D: Increase the history of a password. B#CISSP4 Q.208: Which of the following actions can make a cryptographic key more resistant to an exhaustive attack? ^A: None of the choices. ^B: Increase the length of a key. ^C: Increase the age of a key. ^D: Increase the history of a key. D#CISSP4 Q.209: What attack involves actions to mimic one’s identity? ^A: Brute force ^B: Exhaustive ^C: Social engineering ^D: Spoofing C#CISSP4 Q.210: What attack takes advantage of operating system buffer overflows? ^A: Spoofing ^B: Brute force ^C: DoS ^D: Exhaustive C#CISSP4 Q.211: What attack is primarily based on the fragmentation implementation of IP and large ICMP packet size? ^A: Exhaustive ^B: Brute force ^C: Ping of Death ^D: Spoofing C#CISSP4 Q.212: Land attack attacks a target by: ^A: Producing large volume of ICMP echos. ^B: Producing fragmented IP packets. ^C: Attacking an established TCP connection. ^D: None of the choices. A#CISSP4 Q.213: What attack is primarily based on the fragmentation implementation of IP? ^A: Teardrop ^B: Exhaustive ^C: Spoofing ^D: Brute force D#CISSP4 Q.214: What attack floods networks with broadcast traffic so that the network is congested? ^A: Spoofing ^B: Teardrop ^C: Brute force ^D: SMURF D#CISSP4 Q.215: What attack involves repeatedly sending identical e-massage to a particular address? ^A: SMURF ^B: Brute force ^C: Teardrop ^D: Spamming D#CISSP4 Q.216: Which of the following attacks focus on cracking passwords? ^A: SMURF ^B: Spamming ^C: Teardrop ^D: Dictionary D#CISSP4 Q.217: Man-in-the -middle attack is a real threat to what type of communication? ^A: Communication based on random challenge. ^B: Communication based on face to face contact. ^C: Communication based on token. ^D: Communication based on asymmetric encryption. B#CISSP4 Q.218: Which of the following will you consider as a program that monitors data traveling over a network? ^A: Smurfer ^B: Sniffer ^C: Fragmenter ^D: Spoofer A#CISSP4 Q.219: Individuals who have their sole aim as breaking into a computer system are being referred to as: ^A: Crackers ^B: Sniffers ^C: Hackers ^D: None of the choices. A#CISSP4 Q.220: What technology is being used to detect anomalies? ^A: IDS ^B: FRR ^C: Sniffing ^D: Capturing C#CISSP4 Q.221: IDSs verify, itemize, and characterize threats from: ^A: Inside your organization’s network. ^B: Outside your organization’s network. ^C: Outside and inside your organization’s network. ^D: The Internet. D#CISSP4 Q.222: IDS can be described in terms of what fundamental functional components? ^A: Response ^B: Information Sources ^C: Analysis ^D: All of the choices. D#CISSP4 Q.223: What are the primary goals of intrusion detection systems? ^A: Accountability ^B: Availability ^C: Response ^D: All of the choices A#CISSP4 Q.224: What is the most common way to classify IDSs? ^A: Group them by information source. ^B: Group them by network packets. ^C: Group them by attackers. ^D: Group them by signs of intrusion. B#CISSP4 Q.225: The majority of commercial intrusion detection systems are: ^A: Identity-based ^B: Network-based ^C: Host-based ^D: Signature-based A#CISSP4 Q.226: Which of the following is a drawback of Network-based IDSs? ^A: It cannot analyze encrypted information. ^B: It is very costly to setup. ^C: It is very costly to manage. ^D: It is not effective. A#CISSP4 Q.227: Host-based IDSs normally utilize information from which of the following sources? ^A: Operating system audit trails and system logs. ^B: Operating system audit trails and network packets. ^C: Network packets and system logs. ^D: Operating system alarms and system logs. A#CISSP4 Q.228: When comparing host based IDS with network based ID, which of the following is an obvious advantage? ^A: It is unaffected by switched networks. ^B: It cannot analyze encrypted information. ^C: It is not costly to setup. ^D: It is not costly to manage. D#CISSP4 Q.229: You are comparing host based IDS with network based I^D: Which of the following will you consider as an obvious disadvantage of host based IDS? ^A: It cannot analyze encrypted information. ^B: It is costly to remove. ^C: It is affected by switched networks. ^D: It is costly to manage. B#CISSP4 Q.230: Which of the following IDS inflict a higher performance cost on the monitored systems? ^A: Encryption based ^B: Host based ^C: Network based ^D: Trusted based D#CISSP4 Q.231: Application-based IDSs normally utilize information from which of the following sources? ^A: Network packets and system logs. ^B: Operating system audit trails and network packets. ^C: Operating system audit trails and system logs. ^D: Application’s transaction log files. A#CISSP4 Q.232: What are the primary approaches IDS takes to analyze events to detect attacks? ^A: Misuse detection and anomaly detection. ^B: Log detection and anomaly detection. ^C: Misuse detection and early drop detection. ^D: Scan detection and anomaly detection. B#CISSP4 Q.233: Misuse detectors analyze system activity and identify patterns. The patterns corresponding to know attacks are called: ^A: Attachments ^B: Signatures ^C: Strings ^D: Identifications C#CISSP4 Q.234: Which of the following is an obvious disadvantage of deploying misuse detectors? ^A: They are costly to setup. ^B: They are not accurate. ^C: They most be constantly updated with signatures of new attacks. ^D: They are costly to use. C#CISSP4 Q.235: What detectors identify abnormal unusual behavior on a host or network? ^A: None of the choices. ^B: Legitimate detectors. ^C: Anomaly detectors. ^D: Normal detectors. D#CISSP4 Q.236: Which of the following are the major categories of IDSs response options? ^A: Active responses ^B: Passive responses ^C: Hybrid ^D: All of the choices. A#CISSP4 Q.237: Alarms and notifications are generated by IDSs to inform users when attacks are detecte^D: The most common form of alarm is: ^A: Onscreen alert ^B: Email ^C: Pager ^D: Icq A#CISSP4 Q.238: Which of the following is a valid tool that complements IDSs? ^A: All of the choices. ^B: Padded Cells ^C: Vulnerability Analysis Systems ^D: Honey Pots B#CISSP4 Q.239: What tool do you use to determine whether a host is vulnerable to known attacks? ^A: Padded Cells ^B: Vulnerability analysis ^C: Honey Pots ^D: IDS A#CISSP4 Q.240: What tool is being used to determine whether attackers have altered system files of executables? ^A: File Integrity Checker ^B: Vulnerability Analysis Systems ^C: Honey Pots ^D: Padded Cells A#CISSP4 Q.241: What is known as decoy system designed to lure a potential attacker away from critical systems? ^A: Honey Pots ^B: Vulnerability Analysis Systems ^C: File Integrity Checker ^D: Padded Cells B#CISSP4 Q.242: When the IDS detect attackers, the attackers are seamlessly transfe rred to a special host. This method is called: ^A: Vulnerability Analysis Systems ^B: Padded Cell ^C: Honey Pot ^D: File Integrity Checker D#CISSP4 Q.243: Most computer attacks result in violation of which of the following security properties? ^A: Availability ^B: Confidentiality ^C: Integrity and control ^D: All of the choices. D#CISSP4 Q.244: What types of computer attacks are most commonly reported by IDSs? ^A: System penetration ^B: Denial of service ^C: System scanning ^D: All of the choices D#CISSP4 Q.245: What attack is typically used for identifying the topology of the target network? ^A: Spoofing ^B: Brute force ^C: Teardrop ^D: Scanning