Glossary of CISSP TestKing

Start Studying! Add Cards ↓

Ensuring the integrity of business information is the PRIMARY concern of
A. Encryption Security
B. Procedural Security.
C. Logical Security
D. On-line Security
Answer: B
Procedures are looked at as the lowest level in the policy chain because they are closest to the computers and provide detailed steps for configuration and installation issues. They provide the steps to actually implement the statements in the policies, standards, and guidelines...Security procedures, standards, measures, practices, and policies cover a number of different subject areas. - Shon Harris All-in-one CISSP Certification Guide pg 44-45
Which one of the following actions should be taken FIRST after a fire has been detected?
A. Turn off powerto the computers
B. Call the fire department
C. Notify management
D. Evacuate all personnel
Answer: D
Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. . - Shon Harris All-in-one CISSP Certification Guide pg 625
Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling?
A. X.25
B. X.400
C. X.500
D. X.509
Answer: B
An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines. -
Not A: This is wrong X25 is the method that defines transport of point-to-point packet switching
Not D: “The X.509 standard defines the format for public key certificates.” Pg. 213 Krutz: The
CISSP Prep Guide: Gold Edition.
Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A. Lack of ability to scale.
B. Lack of learning model.
C. Inability to run in real time.
D. Requirement to monitor every event.
Answer: B
Disadvantages of Knowledge-based ID systems:
This system is resources-intensive; the knowledge database continually needs maintenance and updates New, unique, or original attacks often go unnoticed. Disadvantages of Behavior-based ID systems: The system is characterized by high false alarm rates. High positives are the most common failure of ID systems and can create data noise that makes the system unusable.
The activity and behavior of the users while in the networked system might not be static enough to effectively implement a behavior-based ID system. -Ronald Krutz The CISSP PREP Guide
(gold edition) pg 88
Digital signature users register their public keys with a certification authority, which distributes a certificate containing the user’s public key and digital signature of the certification authority. In
create the certificate, the useis public
Answer: A
The key word is ‘In create the certificate..” Certificates Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate creator); Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contends of the certificate); Issuer name (identification of the certificate authority that issues the certificate) Validity perido (specifies the dates and times - a starting date and time and an ending date and time - during which the certificate is valued); Subject’s name (contains the distinguished name, or DN, of the entity that owns the public key contained in the certificate); Subject’s public key (the meat of the certificate - the actual public key of the certificate owner used to setup secure communications) pg 343-344 CISSP Study Guide byTittel
Why are macro viruses easy to write?
A. Active contents controls can make direct system calls
B. The underlying language is simple and intuitive to apply.
C. Only a few assembler instructions are needed to do damage.
D. Office tem
Answer: B
Macro Languages enable programmers to edit, delete, and copy files. Because these languages
are so easy to use, many more types of macro viruses are possible. - Shon Harris All-in-one
CISSP Certification Guide pg 785
Tracing violations, or attempted violations of system security to the user responsible is a function of
A. authentication
B. access management
C. integrity checking
D. accountability
Answer: D
Auditing capabilities ensure that users are accountable for their actions, verify that the security policies are enforced, worked as a deterrent to improper actions, and are used as investigation tools. - Shon Harris AIIm- one CISSP Certification Guide pg 182
Which one of the following is concerned with masking the frequency, length, and origin- destination patterns of the communications between protocol entities?
A. Masking analysis
B. Protocol analysis
C. Traffic analysis
D. Pattern
Answer: C
Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that is useful to an intruder) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 323
In which situation would TEMPEST risks and technologies be of MOST interest?
A. Where high availability is vital.
B. Where the consequences of disclose are very high.
C. Where countermeasures are easy to implement
D. Where data ba
Answer: B
Emanation eavesdropping. Receipt and display of information, which is resident on computers or terminals, through the interception of radio frequency (RF) signals generated by those computers or terminals. The U.S. government established a program called TEMPEST that addressed this problem by requiring a shielding and other emanation-reducing mechanisms to be employed on computers processing sensitive and classified government information. . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 416
In which state must a computer system operate to process input/output instructions?
A. User mode
B. Stateful inspection
C. Interprocess communication
D. Supervisor mode
Answer: D
A computer is in a supervisory state when it is executing these privileged instructions. (privileged instructions are executed by the system administrator or by an individual who is authorized to use those instructions.) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 254-255
All of the following are basic components of a security policy EXCEPT the
A. definition of the issue and statement of relevant terms.
B. statement of roles and responsibilities
C. statement of applicability and compliance requirements.
Answer: D
Policies are considered the first and highest level of documentation, from which the lower level elements of standards, procedures, and guidelines flow. This order, however, does not mean that policies are more important than the lower elements. These higher-level policies, which are the more general policies and statements, should be created first in the process for strategic reasons, and then the more tactical elements can follow. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13
What set of principles is the basis for information systems controls?
A. Authentication, audit trails, and awareness briefings
B. Individual accountability, auditing, and separation of duties
C. Need to know, identification, and authent
Answer: C
“In addition to the CIA Triad, there is a plethora of other security-related concepts, principles, and tenants that should be considered and addressed when designing a security policy and deploying a security solution. This section discusses privacy, identification, authentication, authorization, accountability, nonrepudiation, and auditing.” Pg. 133 Tittel: CISSP Study Guide
Why do vendors publish MD5 hash values when they provide software patches for their customers to download from the Internet?
A. Recipients can verify the software’s integrity after downloading.
B. Recipients can confirm the authenticity of
Answer: A
If the two values are different, Maureen knows that the message was altered, either intentionally or unintentionally, and she discards the message. ..As stated in an earlier section, the goal of using a one-way hash function is to provide a fingerprint of the message. MD5 is the newer version of MD4. IT still produces a 128-bit hash, but the algorithm is a bit more complex to make it harder to break than MD4. The MD5 added a fourth round of operations to be performed during the hash functions and makes several of its mathematical operations carry steps or more complexity to provide a higher level of security
- Shon Harris All-in-one CISSP Certification Guide pg 182-185
Which one of the following is NOT a requirement before a search warrant can be issued?
A. There is a probably cause that a crime has been committed.
B. There is an expectation that evidence exists of the crime.
C. There is probably caus
Answer: D
“If a computer crime is suspected, it is important not to alert the suspect. A preliminary investigation should be conducted to determine weather a crime has been committed by examining the audit records and system logs, interviewing witnesses, and assessing the damage incurred....Search warrants are issued when there is a probable cause for the search and provide legal authorization to search a location for specific evidence.” -
Ronald Krutz The CISSP PREP Guide (gold edition) pg 436
The Trusted Computer Security Evaluation Criteria (TBSEC) provides
A. a basis for assessing the effectiveness of security controls built into automatic data-processing system products
B. a system analysis and penetration technique where speci
Answer: A
TBSEC provides guidelines to be used with evaluating a security product. The TBSEC guidelines address basic security functionality and allow evaluators to measure and rate the functionality of a system and how trustworthy it is. Functionality and assurance are combined and not separated, as in criteria developed later. TCSEC guidelines can be used for evaluating vendor products or by vendors to design necessary functionality into new products. CISSP Study Guide by Tittel pg.
Which factor is critical in all systems to protect data integrity?
A. Data classification
B. Information ownership
C. Change control
D. System design
Answer: A
A Integrity is dependent on confidentiality, which relies on data classification. Also Biba integrity model relies on data classification.
“There are numerous countermeasures to ensure confidentiality against possible threats. These include the use of encryption, network traffic padding, strict access control, rigorous authentication procedures, data classification, and extensive personnel training.
Confidentiality and integrity are dependent upon each other. Without object integrity, confidentiality cannon be maintained. Other concepts, conditions, and aspects of confidentiality include sensitivity, discretion, criticality, concealment, secrecy, privacy, seclusion, and isolation.” Pg 145 Tittel: CISSP Study Guide.
“Biba Integrity Model
Integrity is usually characterized by the three following goals:
1.) The data is protected from modification by unauthorized users.
2.) The data is protected from unauthorized modification by authorized users.
3.) The data is internally and externally consistent; the data held in a database must balance internally and correspond to the external, real world situation.”
Pg. 277 Krutz: The CISSP Prep Guide: Gold Edition.
Audit trails based upon access and identification codes establish...
A. intrustion detection thresholds
B. individual accontabbility
C. audit review critera
D. individual authentication
Answer: B
Accountability is another facet of access control. Individuals on a system are responsible for their actions. This accountability property enables system activities to be traced to the proper individuals. Accountability is supported by audit trails that record events on the system and on the network. Audit trails can be used for intrusion detection and for the reconstruction of past events.
-Ronald Krutz The CISSP PREP Guide (gold edition) pg 65
Which one of the following attacks is MOST effective against an Internet Protocol Security
(IPSEC) based virtual private network (VPN)?
A. Brute force
B. Man-in-the-middle
C. Traffic analysis
D. Replay
Answer: B
Active attacks find identities by being a man-in-the-middle or by replacing the responder in the negotiation. The attacker proceeds through the key negotiation with the attackee until the attackee has revealed its identity. In a well-designed system, the negotiation will fail after the attackee has revealed its identity because the attacker cannot spoof the identity of the originally- intended system. The attackee might then suspect that there was an attack because the other side failed before it gave its identity. Therefore, an active attack cannot be persistent because it would prevent all legitimate access to the desired IPsec system.
http:!! /1 8.html
Not C: Traffic analysis is a good attack but not the most effective as it is passive in nature, while Man in the middle is active.
Satellite communications are easily intercepted because_
A. transmissions are continuous 24 hours per day.
B. a satellite footprint is narrowly focused.
C. a satellite footprint is very large.
D. a satellite footprint does not cha
Answer: C
I think it may have to do with the footprint of the satellite.
Footprint - The area of Earth with sufficient antenna gain to receive a signal from a satellite. - html
Not A: Granted Satellites transmit but they may not do it 24x7 as it could be only when traffic is sent.
A country that fails to legally protect personal data in order to attract companies engaged in
collection of such data is referred to as a
A. data pirate
B. data haven
C. country of convenience
D. sanctional nation
Answer: B
Data Haven
A place where data that cannot legally be kept can be stashed for later use; an offshore web host. This is an interesting topic; companies often need information that they are not legally allowed to know. For example, some hospitals are not allowed to mark patients as HIV positive (because it stigmatizes patients); staff members create codes or other ways so they can take the necessary steps to protect themselves.
This phrase has been around for at least 15 years, but only in a specialist way. One sense is that of a place of safety and security for electronic information, for example where encrypted copies of crucial data can be stored as a backup away from one’s place of business. But it can also mean a site in which data can be stored outside the jurisdiction of regulatory authorities. This sense has come to wider public notice recently as a result of Neal Stephenson’s book Cryptonomicon, in which the establishment of such a haven in South East Asia is part of the plot. In a classic case of life imitating art, there is now a proposal to set up a data haven on one of the old World War Two
forts off the east coast of Britain, which declared independence under the name of Sealand back in 1967 (it issues its own stamps and money, for example). The idea is to get round a proposed British law-the Regulation of Investigatory Powers Bill (RIP)-that would force firms to hand over decryption keys if a crime is suspected and make Internet providers install equipment to allow interception of e-mails by the security services. The Privacy Act doesn’t protect information from being transferred from New Zealand to data havenscountries that don’t have adequate privacy protection. [Computerworld, May 1999] The government last night poured cold water on a plan by a group of entrepreneurs to establish a “data haven” on a rusting iron fortress in the North Sea in an attempt to circumvent new anti-cryptography laws. [Guardian, June 2000]
World Wide Words is copyright © Michael Quinion, 1996-2004. All rights reserved. Contact the author for reproduction requests. Comments and feedback are always welcome.
Page created 17 June 2000; last updated 27 October2002.
Not C: The majority google searches for ‘Country of Convenience’ relate to those countries
supporting terrorism.
Not D: the meaning of sanctioned is listed below. This would mean that countries that DON’T
protect privacy are APPROVED
Main Entry: 2sanction
Function: transitive verb
Inflected Form(s): sanc*tioned; sanc*tion*ing
Date: 1778
I to make valid or binding usually by a formal procedure (as ratification)
2 to give effective or authoritative approval or consent
Management can expect penetration tests to provide all of the following EXCEPT
A. identification of security flaws
B. demonstration of the effects of the flaws
C. a method to correct the security flaws.
D. verification of the leve
Answer: B
Penetration testing is a set of procedures designed to test and possibly bypass security controls of a system. Its goal is to measure an organization’s resistance to an attack and to uncover any weaknesses within the environment...The result of a penetration test is a report given to management describing the list of vulnerabilities that were identified and the severity of those vulnerabilities. From here, it is up to management to determine how the vulnerabilities are dealt with and what countermeasures are implemented.
- Shon Harris All-in-one CISSP Certification Guide pg 837-839
The Common Criteria construct which allows prospective consumers or developers to create standardized sets of security requirements to meet there needs is
A. a Protection Profile (PP).
B. a Security Target (ST).
C. an evaluation Assuran
Answer: A
Protection Profiles: The Common Criteria uses protection profiles to evaluate products. The protection profile contains the set of security requirements, their meaning and reasoning, and the corresponding EAL rating. The profile describes the environmental assumptions, the objectives, and functional and assurance level expectations. Each relevant threat is listed along with how it is to be controlled by specific objectives. It also justifies the assurance level and requirements for the strength of each protection mechanism. The protection profile provides a means for the consumer, or others, to identify specific security needs;p this is the security problem to be conquered.
EAL: An evaluation is carried out on a product and is assigned an evaluation assurance level (EAL) The thoroughness and stringent testing increases in detailed-oriented tasks as the levels increase. The Common Criteria has seven assurance levels. The ranges go from EAL1, where the functionality testing takes place, to EAL7, where thorough testing is performed and the system is verified. All-In-One CISSP Certification Exam Guide by Shon Harris pg. 262
“The Common Criteria defines a Protection Profile (PP), which is an implementation-independent specification of the security requirements and protections of a product that could be built. The Common Criteria terminology for the degree of examination of the product to be tested is the Evaluation Assurance Level (EAL). EAL5 range from EA1 (functional testing) to EA7 (detailed testing and formal design verification). The Common Criteria TOE [target of evaluation] refers to the product to be tested. A Security Target (ST) is a listing of the security claims for a particular IT security product.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 266-267
Which one of the following security technologies provides safeguards for authentication before securely sending information to a web server?
A. Secure/Multipurpose Internet Mail Extension (S/MIME)
B. Common Gateway Interface (CGI) scripts
Answer: D
Digital certificates provide communicating parties with the assurance that they are communicating with people who truly are who they claim to be.” Titel: CISSP Study Guide. pg 343. In this case, if the web server was a bank, you want to have a certificate confirming that they really are the bank before you authenticate with your username and password.
Which one of the following traits alow macro viruses to spread more effectively than other types?
A. They infect macro systems as well as micro computers.
B. They attach to executable and batch applications.
C. They can be transported b
Answer: C
Macro virus is a virus written in one of these programming languages and is platform independent. They infect and replicate in templates and within documents. - Shon Harris All-in- one CISSP Certification Guide pg 784
After law enforcement is informed of a computer crime, the organizations investigators constraints are
A. removed.
B. reduced.
C. increased.
D. unchanged.
Answer: C
“On the other hand, there are also two major factors that may cause a company to shy away from calling in the authorities. First, the investigation will more than likely become public and may embarrass the company. Second, law enforcement authorities are bound to conduct an investigation that complies with the Fourth Amendment and other legal requirements that may not apply to a private investigation.” Pg. 529 Tittel: CISSP Study Guide
Which of the following are objectives of an information systems security program?
A. Threats, vulnerabilities, and risks
B. Security, information value, and threats
C. Integrity, confidentiality, and availability.
D. Authenticity,
Answer: C
There are several small and large objectives of a security program, but the main three principles in all programs are confidentiality, integrity, and availability. These are referred to as the CIA triad.
- Shon Harris All-in-one CISSP Certification Guide pg 62
Who is the individual permitted to add users or install trusted programs?
A. Database Administrator
B. Computer Manager
C. Security Administrator
D. Operations Manager
Answer: D
Typical system administrator or enhanced operator functions can include the following Installing system software Starting up (booting) and shutting down a system Adding and removing system users Performing back-ups and recovery Handling printers and managing print queues-Ronald Krutz The CISSP PREP Guide (gold edition) pg 305- 304
What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme?
A. Permutations
B. Work factor
C. Factorability
D. Reversivibility
Answer: C
This algorithm is based on the difficulty of factoring a number, N, which is the product of two large prime numbers. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 204
In which one of the following documents is the assignment of individual roles and responsibilities
MOST appropriately defined?
A. Security policy
B. Enforcement guidelines
C. Acceptable use policy
D. Program manual
Answer: C
An acceptable use policy is a document that the employee signs in which the expectations, roles and responsibilities are outlined.
Issue -specific policies address specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply to these security issues. - Shon Harris AIIm- one CISSP Certification Guide pg 62
In addition to providing an audit trail required by auditors, logging can be used to
A. provide backout and recovery information
B. prevent security violations
C. provide system performance statistics
D. identify fields changed on
Answer: B
Auditing tools are technical controls that track activity within a network on a network device or on a specific computer. Even though auditing is not an activity that will deny an entity access to a network or computer, it will track activities so a network administrator can understand the types of access that took place, identify a security breach, or warn the administrator of suspicious activity. This can be used to point out weakness of their technical controls and help administrators understand where changes need to be made to preserve the necessary security level within the environment. . - Shon Harris All-in-one CISSP Certification Guide pg 179-180

Add Cards

You must Login or Register to add cards