SEARCH
Notice

You are in browse mode. You must login to use MEMORY

CISSP Questions #2


🇬🇧
In English
Created:


Public
Created by:
John Intindolo


0 / 5  (0 ratings)



» To start learning, click login

1 / 67

[Front]


Key override. Key override can be used during emergency situations or with authorized personnel to gain immediate access. Master keying has to do with the capability of reconfiguring the lock, as in resetting the access code. Door delay is a control that sets off an alarm if a door is open for an extended period.
[Back]


Using special key combinations with cipher locks during emergency situations is called __________________. - Switch controls - Key override - Door delay - Master keying

Practice Known Questions

Stay up to date with your due questions

Complete 5 questions to enable practice

Exams

Exam: Test your skills

Test your skills in exam mode

Learn New Questions

Popular in this course

Learn with flashcards

Dynamic Modes

SmartIntelligent mix of all modes
CustomUse settings to weight dynamic modes

Manual Mode [BETA]

The course owner has not enabled manual mode
Other available modes

multiple choiceMultiple choice mode
SpeakingAnswer with voice
TypingTyping only mode

CISSP Questions #2 - Leaderboard

1 user has completed this course

No users have played this course yet, be the first


CISSP Questions #2 - Details

Levels:

Questions:

67 questions
🇬🇧🇬🇧
Software that creates a one-time passwords. One-time passwords can also be generated in software, instead of requiring a piece of hardware as in a token device. These are referred to as soft tokens and require that the authentication service and application contain the same base secrets, which are used to generate the one-time passwords.
Joan's two network engineers are in a passionate debate over the value of a soft token versus a hard token device. Which of the following best describes a soft token? - Software that creates one-time passwords - Software that creates passwords for users, also called a password generator - A time-based one-time password generating device - A dynamic password versus a static password
Bell LaPadula. “The first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access” is a formal definition of the Bell-LaPadula model, which was created and implemented to protect government and military confidential information.
Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access? - Biba - Bell LaPadula - Clark-Wilson - State machine
Microprobing. Microprobing uses needles to remove the outer protective material on the card's circuits by using ultrasonic vibration. Once this is completed then data can be accessed and manipulated by directly tapping into the card's ROM chips. This is considered an invasive attack that can be used against smart cards.
Match one of the following to this definition: "The use of needles to remove the outer protective material on the card's circuits, by using ultrasonic vibration. Once this is completed then data can be accessed and manipulated by directly tapping into the card's ROM chips." - Microprobing - Differential power analysis - Electromagnetic analysis - Software attacks
Scripting attacks. If a process is not isolated properly through encapsulation, this means its interface is accepting potentially malicious instructions.
If an application is developed improperly and does not carry out proper process isolation through encapsulation, which of the following is the most likely security concern? - Scripting attacks - Man-in-the-middle attacks - Invalid input values - Macro viruses
Oversee budgets. Senior executives have several key responsibilities in disaster recovery. These include: support and approval of plans, sponsoring all aspects of plans, verifying testing phases are being carried out, and overseeing budgets. Having the dedicated and consistent support of senior management is critical in the success of disaster recovery and contingency planning.
In disaster recovery, each level of employee should have clearly defined responsibilities. Which of the following is a responsibility of senior executives? - Develop testing plans - Establish project goals and develop plans - Identify critical business systems - Oversee budgets
Sender policy framework. Sender Policy Framework (SPF) is an e-mail validation system designed to prevent e-mail spam by detecting e-mail spoofing, by verifying the sender’s IP address. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific SPF record in DNS. Mail exchanges use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.Jack is a network administrator who needs to be able to specify which systems can send e-mail through his company’s mail servers. Which of the following best describes the solution that would provide this type of functionality? - SMTP authentication - TLS within a PKI - Sender policy framework - SMTP and IMAP authentication framework
Excludes a misbehaving computer from the ring. If a computer detects a problem with the network, it sends a beacon frame. This frame generates a failure domain, which is between the computer that issued the beacon and its neighbor downstream. The computers and devices within this failure domain will attempt to reconfigure certain settings to try and work around the detected fault.
What is a beaconing functionality in a token passing technology? - Ensures that a fault domain never occurs - Ensures that only one frame is on the network at a time - Allows the computers to communicate to each other through the token - Excludes a misbehaving computer from the ring
Domain. A domain just means the resources that are available to subjects for carrying out their tasks. The subjects can be users, applications, or processes.
Nathalie has access to the following: the customer provisioning database, shared network drive F:, the company's intranet, and the customer records database. These systems are referred to collectively as her what? - Trusted computing base - Clipping level - Domain - Virtual machine
Fighting against cybercrime. The G8 is an annual economic and political summit meeting of the heads of government with international officials. One of the topics that is covered by this group is cybercrime.
G8 has been involved with which of the following items? - Fighting against cybercrime - Legislating on economic espionage - Protecting employee privacy rights - Prosecuting software pirates
Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called a planning horizon. In defining a planning horizon, you will need to define your strategic goals, which are your long-term goals, your tactical goals or mid-term goals, and your operational goals, which are your daily goals.
Security models have many layers and different types of goals to accomplish in different time frames. Which of the following accurately describes the goals and their relationship? - Tactical goals or daily goals, operational goals or mid-term goals, strategic goals or long-term goals. This approach to planning is called a planning horizon - Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called the top-down approach - Tactical goals or daily goals, operational goals or mid-term goals, strategic goals or long-term goals. This approach to planning is called a bottom-up approach. - Strategic goals or long-term goals, tactical goals or mid-term goals, operational goals or daily goals. This approach to planning is called a planning horizon
Passive relocking function. A safe with a passive relocking function can detect when someone attempts to tamper with it and then engage extra internal bolts that will fall in place to ensure that the safe can't be compromised.
A safe that has the capability to detect when someone attempts to tamper with it, and upon detection engages extra internal bolts to ensure that it cannot be compromised, has a(n)_______________________. - Thermal relocking function - Passive relocking function - Active relocking function - Intrustion detection alarm
Is vendor specific.
Which of the following is NOT true of the OSI model? - Promotes interoperability between vendors - Enables standardization - Is vendor specific - Describes the encapsulation (packaging) of data to enable it to get from point A to point B
True.
In the OSI model, a computer sending data starts at layer 7 (working its way down) adding headers at each layer, while the receiving computer starts at layer 1 (working its way up) using and stripping away the headers at each layer. True or False?
- Layer 1 Physical: bits - Layer 2 Data: frame - Layer 3 Network: packet - Layer 4 Transport: segment - Layer 5 Session, 6 Presentation, 7 Application: data
Match the name of the Protocol Data Unit (PDU) to each Layer of the OSI Model: - Layer 1 Physical - Layer 2 Data - Layer 3 Network - Layer 4 Transport - Layer 5 Session, 6 Presentation, 7 Application PDU's: data, segment, packet, frame, bits
Logical Link Control (LLC).
Which of the following is a sub-layer of the Data Link layer of the OSI model that performs error detection? - Logical Link Control (LLC) - Media Access Control (MAC) - Pretty Good Privacy (PGP) - Remote Desktop Protocol (RDP)
Media Access Control (MAC).
Which of the following is a sub-layer of the Data Link layer of the OSI model that creates a local unique identifier for a network card? - Logical Link Control (LLC) - Media Access Control (MAC) - Pretty Good Privacy (PGP) - Remote Desktop Protocol (RDP)
ARP or Address Resolution Protocol.
_____ takes a known ip address and learns an unknown MAC. - PGP - SSH - ARP - RDC
True. Poisoning or Pollution is modifying someone's cache usually for the purpose of redirection.
True or False? Anything that has cache can be subjected to poisoning or pollution.
802.3 Ethernet.
CSMA/CD refers to detecting collision. Which of the following falls into this category? - 802.3 Ethernet - 802.11 Wireless
802.11 Wireless.
CSMA/CA refers to avoiding collision. Which of the following falls into this category? - 802.3 Ethernet - 802.11 Wireless
Layer 1 the physical layer.
Theft, unauthorized access, vandalism, sniffing, interference, and data emanation are examples of threats to which layer of the OSI model?
Layer 2 data link and layer 3 network.
Across which layers of the OSI model does ARP function?
Layer 2 data link.
At which layer of the OSI model does ARP function at?
Forward Proxy. Forward proxy inspects traffic from inside going out.
Which type of proxy would you use to control/audit/collect where your users go/do on the web? - Forward - Reverse
Reverse Proxy.
Which type of proxy inspects outside traffic that is coming in? - Forward - Reverse
Firewalls.
Packet filtering, State full, Proxy, and Dynamic Packet filtering are all types of what?
Port Address Translation (PAT).
What is the term that allows a single external ip address that masks hundreds of internal ip addresses? - Network Address Translation (NAT) - Port Address Translation (PAT)
Network Address Translation (NAT).
What is the term that allows a single external ip address to mask a single internal ip address? - Network Address Translation (NAT) - Port Address Translation (PAT)
127.0.01.
Which of the following is NOT an IP address that RFC 1918 says are private and not routable across the public internet? - 10.x.x.x - 172.16.x.x - 172..31.x.x - 127.0.0.1 - 192.168.x.x
ACL's should be complex. This is not a firewall best practice because ACL's or Access Control Lists should be simple.
Which of the following is NOT a firewall best practice? - Use implicit deny - ACL's should be complex - Perform ingress and egress filtering - Block unnecessary ICMP packets - ACL's should be simple
PPP or Point to Point Protocol.
Which protocol is used for layer 2 framing for remote access or WAN connectivity?
PPTP or Point to Point Tunneling Protocol.
Which protocol would be used for VPN? - PPP - UDP - PPTP
IPSEC.
What protocol must be used for VPN tunneling while using L2TP in order to secure the tunnel?
Generic Routing Encapsulation.
What does GRE stand for?
War dialing. War dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines.
Which of the following is NOT a wireless security problem? - Unauthorized access - War dialing - Sniffing - War driving - Unauthorized or Rogue access points (Man in the middle)
RC-4.
Which stream cipher is used with WEP?
The IV is only 48-bits. WEP is 24-bits while WPA is 48-bits.
Which one of the following is not a weaknesses of WEP? - IV transmitted in clear text - the IV is only 24-bits - the IV is only 48-bits - Uses RC-4 stream cipher
WPA.
TKIP or Temporal Key Integral Protocol was introduced in which wireless security encryption method? - WEP - WPA - WPA2
WPA2.
In which wireless security encryption method was AES introduced? - WEP - WPA - WPA2
TKIP or Temporal Key Integral Protocol.
Which of the following protocols can be defined as have dynamically negotiated keys as opposed to using the same static key over and over again? - CCMP - TKIP - AES - RC-4
Active.
When it comes to access, a subject (person, process or program) is considered ______. - Active - Passive
Passive.
When it comes to access, an object or resource (file, printer, etc.) is considered ______. - Active - Passive
- Identification: Make a claim (userid, etc.) - Authentication: Provide support or proof of your claim - Authorization: What rights and permissions you have - Auditing: Matching actions to subject
Match the definition with the correct component of IAAA of Access Control: Definition- What rights and permission you have, Make a claim (userid, etc.), Matching actions to subjects, Provide support or proof of your claim Component- Identification, Authentication, Authorization, Auditing
Something you need.
Which of the following is NOT a way to prove your identity? - Something you know - Something you need - Something you have - Something you are
CER or Crossover Error Rate.
In biometrics, the level at which False Rejection (FRR) and False Acceptance (FAR) meet is called _________. The lower the number, the more accurate the system is. (ie. Iris Scan are the most accurate).
Role-Based Access Control (RBAC).
When an employee changes roles and acquires an increase in additional permissions and privileges being properly withdrawn it is known as authorization creep. Which type of access control would help to prevent this? - Identity-based access control (IBAC) - Mandatory Access Control (MAC) - Role-Based Access Control (RBAC) - Discretionary Access Control (DAC)
Authentication Server (AS)
Which of the following Kerberos components allows an authentication of the user and issues a TGT? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS)
Ticket-Granting Service (TGS)
Which of the following issues a ticket for a particular user to access a particular service after receiving the TGT from the user? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS)
Ticket
Which of the following is a means of distributing Session Key? - Ticket - Ticket-Granting Ticket (TGT) - Ticket-Granting Service (TGS) - Authentication Server (AS)
Key Distribution Center (KDC).
_________ is a system that runs the TGS and the AS. - Ticket - Ticket-Granting Ticket (TGT) - Key Distribution Center (KDC) - Authentication Server (AS)
Copy.
If you are doing an unscheduled backup you should always use a ______ because the archive bit is not cleared or reset. - Copy - Full - Differential - Incremental
Incremental
______ backups backs up all files that have been modified since the last backup and reset the archive bit. - Copy - Full - Differential - Incremental
Differential.
_______ backups backs up all files that have been modified since last backup and the archive bit is not reset. - Copy - Full - Differential - Incremental
Copy.
Which type of backup should be used before upgrades, or system maintenance? - Copy - Full - Differential - Incremental
Primary key cannot be null.
What does Entity Integrity mean in relation to databases? - Primary key is null - Primary key cannot be null
True.
True or False? In databases Field, Columns, and Attributes mean the same thing.
True.
True or False? In databases Record, Rows, and Tuples mean the same thing.
Cardinality- Number of rows in a relation Degree- Number of columns in a relation DB Schema- Defines the design/structure
Match the following database terms to the correct definition. Term: Cardinality, Degree, DB Schema Definition: Defines the design/structure, Number of rows in a relation, Number of columns in a relation
Aggregation.
______ is collecting information and pulling it together. - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation
Inference.
_________ looks at all the information there and try to reason out a connection. - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation
Polyinstantiation.
_________ is the ability of a database to maintain multiple records with the same key, and can also indicate that two different instances have the same name (identifier, primary key). - Aggregation - Inference - Polyinstantiation - Code Injection - Input Validation
Authentication, Authorization, Accounting.
Radius provides what three services? - Confidentiality, Integrity, Availability - Authentication, Authorization, Accounting