(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike Chapple

Чтение книги онлайн.

      6 Which type of firewall automatically adjusts its filtering rules based on the content and context of the traffic of existing sessions?Static packet filteringApplication-level gatewayCircuit-level gatewayStateful inspection firewall

      7 A VPN can be a significant security improvement for many communication links. A VPN can be established over which of the following?Wireless LAN connectionRemote access dial-up connectionWAN linkAll of the above

      8 Adversaries will use any and all means to harm their targets. This includes mixing attack concepts together to make a more effective campaign. What type of malware uses social engineering to trick a victim into installing it?VirusWormTrojan horseLogic bomb

      9 Security is established by understanding the assets of an organization that need protection and understanding the threats that could cause harm to those assets. Then, controls are selected that provide protection for the CIA Triad of the assets at risk. The CIA Triad consists of what elements?Contiguousness, interoperable, arrangedAuthentication, authorization, accountabilityCapable, available, integralAvailability, confidentiality, integrity

      10 The security concept of AAA services describes the elements that are necessary to establish subject accountability. Which of the following is not a required component in the support of accountability?LoggingPrivacyIdentification verificationAuthorization

      11 Collusion is when two or more people work together to commit a crime or violate a company policy. Which of the following is not a defense against collusion?Separation of dutiesRestricted job responsibilitiesGroup user accountsJob rotation

      12 A data custodian is responsible for securing resources after ______________ has assigned the resource a security label.Senior managementThe data ownerAn auditorSecurity staff

      13 In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures used to gain a detailed understanding of the software development process?RepeatableDefinedManagedOptimizing

      14 Which one of the following is a layer of the ring protection scheme design concept that is not normally implemented?Layer 0Layer 1Layer 3Layer 4

      15 TCP operates at the Transport layer and is a connection-oriented protocol. It uses a special process to establish a session each time a communication takes place. What is the last phase of the TCP three-way handshake sequence?SYN flagged packetACK flagged packetFIN flagged packetSYN/ACK flagged packet

      16 The lack of secure coding practices has enabled an uncountable number of software vulnerabilities that hackers have discovered and exploited. Which one of the following vulnerabilities would be best countered by adequate parameter checking?Time-of-check to time-of-useBuffer overflowSYN floodDistributed denial of service (DDoS)

      17 Computers are based on binary mathematics. All computer functions are derived from the basic set of Boolean operations. What is the value of the logical operation shown here?X: 0 1 1 0 1 0Y: 0 0 1 1 0 1___________________X Å Y: ?0 1 0 1 1 10 0 1 0 0 00 1 1 1 1 11 0 0 1 0 1

      18 Which of the following are considered standard data type classifications used in either a government/military or a private sector organization? (Choose all that apply.)PublicHealthyPrivateInternalSensitiveProprietaryEssentialCertifiedCriticalConfidentialFor Your Eyes Only

      19 The General Data Protection Regulation (GDPR) has defined several roles in relation to the protection and management of personally identifiable information (PII). Which of the following statements is true?A data processor is the entity assigned specific responsibility for a data asset in order to ensure its protection for use by the organization.A data custodian is the entity that performs operations on data.A data controller is the entity that makes decisions about the data they are collecting.A data owner is the entity assigned or delegated the day-to-day responsibility of proper storage and transport as well as protecting data, assets, and other organizational objects.

      20 If Renee receives a digitally signed message from Mike, what key does she use to verify that the message truly came from Mike?Renee's public keyRenee's private keyMike's public keyMike's private key

      21 A systems administrator is setting up a new data management system. It will be gathering data from numerous locations across the network, even from remote offsite locations. The data will be moved to a centralized facility, where it will be stored on a massive RAID array. The data will be encrypted on the storage system using AES-256, and most files will be signed as well. The location of this data warehouse is secured so that only authorized personnel can enter the room and all digital access is limited to a set of security administrators. Which of the following describes the data?The data is encrypted in transit.The data is encrypted in processing.The data is redundantly stored.The data is encrypted at rest.

      22 The __________ is the entity assigned specific responsibility for a data asset in order to ensure its protection for use by the organization.Data ownerData controllerData processorData custodian

      23 A security auditor is seeking evidence of how sensitive documents made their way out of the organization and onto a public document distribution site. It is suspected that an insider exfiltrated the data over a network connection to an external server, but this is only a guess. Which of the following would be useful in determining whether this suspicion is accurate? (Choose two.)NACDLP alertsSyslogLog analysisMalware scanner reportsIntegrity monitoring

      24 A new Wireless Application Protocol (WAP) is being installed to add wireless connectivity to the company network. The configuration policy indicates that WPA3 is to be used and thus only newer or updated endpoint devices can connect. The policy also states that ENT authentication will not be implemented. What authentication mechanism can be implemented in this situation?IEEE 802.1XIEEE 802.1qSimultaneous authentication of equals (SAE)EAP-FAST

      25 When securing a mobile device, what types of authentication can be used that depend on the user's physical attributes? (Choose all that apply.)FingerprintTOTP (time-based one-time password)VoiceSMS (short message service)RetinaGaitPhone callFacial recognitionSmartcardPassword

      26 A recently acquired piece of equipment is not working properly. Your organization does not have a trained repair technician on staff, so you have to bring in an outside expert. What type of account should be issued to a trusted third-party repair technician?Guest accountPrivileged accountService accountUser account

      27 Security should be designed and integrated into the organization as a means to support and maintain the business objectives. However, the only way to know if the implemented security is sufficient is to test it. Which of the following is a procedure designed to test and perhaps bypass a system's security controls?Logging usage dataWar dialingPenetration testingDeploying secured desktop workstations

      28 Security needs to be designed to support the business objectives, but it also needs to be legally defensible. To defend the security of an organization, a log of events and activities must be created. Auditing is a required factor to sustain and enforce what?AccountabilityConfidentialityAccessibilityRedundancy

      29 Risk assessment is a process by which the assets, threats, probabilities, and likelihoods are evaluated in order to establish criticality prioritization. What is the formula used to compute the ALE?ALE = AV * EF * AROALE = ARO * EFALE = AV * AROALE = EF * ARO

      30 Incident response plans, business continuity plans, and disaster recovery plans are crafted when implementing business-level redundancy. These plans are derived from the information obtained when performing a business impact assessment (BIA). What is the first step of the BIA process?Identification of prioritiesLikelihood assessmentRisk identificationResource prioritization

      31 Many events can threaten the operation, existence, and stability of an organization. Some of those threats are human СКАЧАТЬ