Название: (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests
Автор: Mike Chapple
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119787648
isbn:
86 If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role?Step 1Step 2Step 3Step 4
87 What data security role is primarily responsible for step 5?Data ownersData processorsCustodiansUsers
88 Susan’s organization performs a secure disk wipe process on hard drives before they are sent to a third-party organization to be shredded. What issue is her organization attempting to avoid?Data retention that is longer than defined in policyMishandling of drives by the third partyClassification mistakesData permanence
89 Mike wants to track hardware assets as devices and equipment are moved throughout his organization. What type of system can help do this without requiring staff to individually check bar codes or serial numbers?A visual inventoryWiFi MAC address trackingRFID tagsSteganography
90 Retaining and maintaining information for as long as it is needed is known as what?Data storage policyData storageAsset maintenanceRecord retention
91 Which of the following activities is not a consideration during data classification?Who can access the dataWhat the impact would be if the data was lost or breachedHow much the data cost to createWhat protection regulations may be required for the data
92 What type of encryption is typically used for data at rest?Asymmetric encryptionSymmetric encryptionDESOTP
93 Which data role is tasked with apply rights that provide appropriate access to staff members?Data processorsBusiness ownersCustodiansAdministrators
94 What element of asset security is often determined by identifying an asset's owner?It identifies the individual(s) responsible for protecting the asset.It provides a law enforcement contact in case of theft.It helps establish the value of the asset.It determines the security classification of the asset.
95 Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?Ensure that the tapes are handled the same way the original media would be handled based on their classification.Increase the classification level of the tapes because they are leaving the possession of the company.Purge the tapes to ensure that classified data is not lost.Decrypt the tapes in case they are lost in transit.
96 Which of the following does not describe data in motion?Data on a backup tape that is being shipped to a storage facilityData in a TCP packetData in an e-commerce transactionData in files being copied between locations
97 A new law is passed that would result in significant financial harm to your company if the data that it covers was stolen or inadvertently released. What should your organization do about this?Select a new security baseline.Relabel the data.Encrypt all of the data at rest and in transit.Review its data classifications and classify the data appropriately.
98 Which of the following data roles are typically found inside of a company instead of as a third-party contracting relationship? (Select all that apply.)Data ownersData controllersData custodiansData processors
99 What commercial data classification is most appropriate for data contained on corporate websites?PrivateSensitivePublicProprietary
100 Match each of the numbered data elements shown here with one of the lettered categories. You may use the categories once, more than once, or not at all. If a data element matches more than one category, choose the one that is most specific.Data elementsMedical recordsTrade secretsSocial Security numbersDriver's license numbersCategoriesProprietary dataProtected health informationPersonally identifiable information
Chapter 3 Security Architecture and Engineering (Domain 3)
SUBDOMAINS:
3.1 Research, implement and manage engineering processes using secure design principles
3.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
3.3 Select controls based upon system security requirements
3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
3.6 Select and determine cryptographic solutions
3.7 Understand methods of cryptanalytic attacks
3.8 Apply security principles to site and facility design
3.9 Design site and facility security controls
1 Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users' access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme's competitors. What security model best fits Matthew's needs?Clark-WilsonBibaBell-LaPadulaBrewer-Nash
2 Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?IncipientSmokeFlameHeat
3 Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?CCTVIPSTurnstilesFaraday cages
4 Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?24812
5 Fran's company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran's company considering?SaaSIaaSCaaSPaaS
6 Bob is a security administrator with the U.S. federal government and wants to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?DSAHAVALRSAECDSA
7 Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?HarrySallyServerDocument
8 Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?Keep the website offline until the investigation is complete.Take the virtualization platform offline as evidence.Take a snapshot of the compromised system and use that for the investigation.Ignore the СКАЧАТЬ