2022 Easily pass CISSP Exam with our Dumps & PDF Test Engine
CISSP PDF Pass Leader, CISSP Latest Real Test
Understanding specialized and useful abilities of CISSP test: Certified Information Systems Security Professional
The accompanying will be examined in ISC CISSP dumps:
- Integrate Security Risk Considerations into Acquisitions Strategy and Practice
- Understand Business Continuity Requirements
- Establish and Manage Security Education, Training, and Awareness
- Contribute to Personnel Security Policies
- Understand and Apply Threat Modeling
- Develop and Implement Documented Security Policy, Standards, Procedures, and Guidelines
- Understand and Apply Concepts of Confidentiality, Integrity, and Availability
- Apply Security Governance Principles
- Compliance
- Understand and Apply Risk Management Concepts
- Understand Legal and Regulatory Issues that Pertain to Information Security in a Global Context
NEW QUESTION 465
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
- A. Volume encryption
- B. Column level database encryption
- C. Data tokenization
- D. Transparent Database Encryption (TDE)
Answer: C
NEW QUESTION 466
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
- A. Man-in-the-Middle (MITM)
- B. Denial of Service (DoS)
- C. Spoofing
- D. Trojan horse
Answer: D
NEW QUESTION 467
At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?
- A. Session layer
- B. Transport layer
- C. Data link layer
- D. Network layer
Answer: B
Explanation:
Encrypted authentication is a firewall feature that allows users on an external network to authenticate themselves to prove that they are authorized to access resources on the internal network. Encrypted authentication is convenient because it happens at the transport layer
between a client software and a firewall, allowing all normal application software to run without
hindrance.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1:
Understanding Firewalls.
NEW QUESTION 468
Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
- A. Key Distribution Center (KDC)
- B. Preboot eXecution Environment (PXE)
- C. Trusted Platform Module (TPM)
- D. Simple Key-Management for Internet Protocol (SKIP)
Answer: C
NEW QUESTION 469
Single Sign-on (SSO) is characterized by which of the following advantages?
- A. Convenience and centralized network administration
- B. Convenience
- C. Convenience and centralized administration
- D. Convenience and centralized data administration
Answer: C
Explanation:
Convenience -Using single sign-on users have to type their passwords only once when they first log in to access all the network resources; and Centralized
Administration as some single sign-on systems are built around a unified server administration system. This allows a single administrator to add and delete accounts across the entire network from one user interface.
The following answers are incorrect:
Convenience - alone this is not the correct answer.
Centralized Data or Network Administration - these are thrown in to mislead the student.
Neither are a benefit to SSO, as these specifically should not be allowed with just an SSO.
References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management
Handbook, 4th Edition, Volume 1, page 35
TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page
180
NEW QUESTION 470
What is the PRIMARY goal of incident handling?
- A. Successfully retrieve all evidence that can be used to prosecute
- B. Contain and repair any damage caused by an event.
- C. Improve the company's ability to be prepared for threats and disasters
- D. Improve the company's disaster recovery plan
Answer: B
Explanation:
This is the PRIMARY goal of an incident handling process.
The other answers are incorrect because :
Successfully retrieve all evidence that can be used to prosecute is more often used in identifying
weaknesses than in prosecuting.
Improve the company's ability to be prepared for threats and disasters is more appropriate for a
disaster recovery plan.
Improve the company's disaster recovery plan is also more appropriate for disaster recovery plan. Reference : Shon Harris AIO v3 , Chapter - 10 : Law, Investigation, and Ethics , Page : 727-728
NEW QUESTION 471
Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
- A. Testing should not be done until the entire disaster plan can be tested.
- B. The company is fully prepared for a disaster if all tests pass.
- C. Testing should continue even if components of the test fail.
- D. Operational networks are usually shut down during testing.
Answer: C
NEW QUESTION 472
Which type of attack would a competitive intelligence attack best classify as?
- A. Financial attack
- B. Grudge attack
- C. Intelligence attack
- D. Business attack
Answer: D
Explanation:
Since we are talking about a competitive intelligence attack, we can classify it as a Business attack because it is disrupting business activities. Intelligence attacks are one of the most commonly used to hurt a company where more it hurts, in its information.
To see more about competitive intelligence attacks you can take a look at some CISSP study guide. It could be the CISSP gold edition guide.
"Military and intelligence attacks are launched primarily to obtain secret and restricted information from law enforcement or military and technological research sources.
Business attacks focus on illegally obtaining an organization's confidential information.
Financial attacks are carried out to unlawfully obtain money or services.
Grudge attacks are attacks that are carried out to damage an organization or a person."
Pg. 616 Tittel: CISSP Study Guide
NEW QUESTION 473
Which of the following statements pertaining to link encryption is false?
- A. It provides protection against packet sniffers and eavesdroppers.
- B. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
- C. Information stays encrypted from one end of its journey to the other.
- D. It encrypts all the data along a specific communication path.
Answer: C
Explanation:
When using link encryption, packets have to be decrypted at each hop and encrypted again.
Information staying encrypted from one end of its journey to the other is a characteristic of end-toend encryption, not link encryption. Link Encryption vs. End-to-End Encryption
Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop.
End-to-end encryption does not encrypt the IP Protocol headers, and therefore does not need to be decrypted at each hop.
Reference: All in one, Page 735 & Glossary
and
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 6).
NEW QUESTION 474
When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as:
- A. Need to know
- B. Segregation of duties
- C. Dual Control
- D. Separation of duties
Answer: C
Explanation:
Explanation/Reference:
Explanation:
PCI DSS defines Dual Control as below:
Dual Control: Process of using two or more separate entities (usually persons) operating in concert to
protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance, loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities.
(See also Split Knowledge).
Split knowledge: Condition in which two or more entities separately have key components that
individually convey no knowledge of the resultant cryptographic key.
Incorrect Answers:
B: The term "need to know", when used by government and other organizations (particularly those related to the military), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, unless one has a specific need to know; that is, access to the information must be necessary for the conduct of one's official duties. As with most security mechanisms, the aim is to make it difficult for unauthorized access to occur, without inconveniencing legitimate access. Need-to-know also aims to discourage "browsing" of sensitive material by limiting access to the smallest possible number of people. This is not what is described in the question.
C: Separation of duties is the practice of dividing steps in a function among different individuals, so as to keep a single individual from being able to subvert the process. This is not what is described in the question.
D: Segregation of Duties address the splitting of various functions within a process to different users so that it will not create an opportunity for a single user to perform conflicting tasks. This is not what is described in the question.
References:
https://www.pcisecuritystandards.org/security_standards/glossary.php
NEW QUESTION 475
The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when:
- A. (C < L) or C is less than L
- B. (C > L) or C is greater than L
- C. (C < L - (residual risk)) or C is less than L minus residual risk
- D. (C > L - (residual risk)) or C is greater than L minus residual risk
Answer: A
Explanation:
Explanation/Reference:
Explanation:
If the cost is lower than the estimated loss (C < L), then legal liability may exists if you fail to implement the proper safeguards. Government laws and regulations require companies to employ reasonable security measures to reduce private harms such as identity theft due to unauthorized access. The U.S. Gramm- Leach-Bliley Act (GLBA) Safeguards Rule and the broader European Directive 95/46/EC, Article 17, both require that companies employ reasonable or appropriate administrative and technical security measures to protect consumer information. The GLBA is a U.S. Federal law enacted by U.S. Congress in 1998 to allow consolidation among commercial banks. The GLBA Safeguards Rule is U.S. Federal regulation created in reaction to the GLBA and enforced by the U.S. Federal Trade Commission (FTC). The Safeguards Rule requires companies to implement a security plan to protect the confidentiality and integrity of consumer personal information and requires the designation of an individual responsible for compliance. Because these laws and regulations govern consumer personal information, they can lead to new requirements for information systems for which companies are responsible to comply. The act of compliance includes demonstrating due diligence, which is defined as "reasonable efforts that persons make to satisfy legal requirements or discharge their legal obligations". Reasonableness in software systems includes industries standards and may allow for imperfection. Lawyers representing firms and other organizations, regulators, system administrators and engineers all face considerable challenge in determining what constitutes "reasonable" security measures
for several reasons, including:
1. Compliance changes with the emergence of new security vulnerabilities due to innovations in information technology;
2. Compliance requires knowledge of specific security measures, however publicly available best practices typically include general goals and only address broad categories of vulnerability; and
3. Compliance is a best-effort practice, because improving security is costly and companies must prioritize security spending commensurate with risk of non-compliance.
In general, the costs of improved security are certain, but the improvement in security depends on unknown variables and probabilities outside the control of companies.
References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 315.
http://www.cs.cmu.edu/~breaux/publications/tdbreaux-cose10.pdf
NEW QUESTION 476
A security practitioner has just been assigned to address an ongoing Denial of Service (DoS) attack against the company's network, which includes an e-commerce web site. The strategy has to include defenses for any size of attack without rendering the company network unusable.
Which of the following should be a PRIMARY concern when addressing this issue?
- A. Allow legitimate connections while blocking malicious connections.
- B. Pay more for a dedicated path to the Internet.
- C. Ensure the web sites are properly backed up on a daily basis.
- D. Deal with end user education and training.
Answer: A
NEW QUESTION 477
The graph in Figure, which depicts the equation y 2 = x3 + ax + b,
denotes the:
Exhibit:
- A. Elliptic curve and the elliptic curve discrete logarithm problem
- B. ElGamal discrete logarithm problem
- C. RSA Factoring problem
- D. Knapsack problem
Answer: A
Explanation:
The elliptic curve is defined over a finite field comprised of real,
complex or rational numbers. The points on an elliptic curve form a
Group under addition. Multiplication (or
multiple additions) in an elliptic curve system is equivalent to modular exponentiation; thus, defining a discreet logarithm problem.
NEW QUESTION 478
Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?
- A. Allows for future enhancements to existing features
- B. Ensures that a trace for all deliverables is maintained and auditable
- C. Enforces backward compatibility between releases
- D. Ensures that there is no loss of functionality between releases
Answer: B
NEW QUESTION 479
Which of the following is a symmetric encryption algorithm?
- A. El Gamal
- B. RSA
- C. Elliptic Curve
- D. RC5
Answer: D
NEW QUESTION 480
Which statement below about the difference between analog and digital
signals is incorrect?
- A. An analog signal produces an infinite waveform.
- B. Adigital signal produces a saw-tooth wave form.
- C. An analog signal can be varied by amplification.
- D. Analog signals cannot be used for data communications.
Answer: D
Explanation:
The correct answer is "Analog signals cannot be used for data communications". The other answers are all properties of analog or digital signals.
NEW QUESTION 481
Which backup method is used if backup time is critical and tape space is at an extreme premium?
- A. Explanation:
Full Backup/Archival Backup - Complete/Full backup of every selected file on the
system regardless of whether it has been backup recently.. This is the slowest of the backup
methods since it backups all the data. It's however the fastest for restoring data.
Incremental Backup - Any backup in which only the files that have been modified since last full
back up are backed up. The archive attribute should be updated while backing up only modified
files, which indicates that the file has been backed up. This is the fastest of the backup methods,
but the slowest of the restore methods.
Differential Backup - The backup of all data files that have been modified since the last
incremental backup or archival/full backup. Uses the archive bit to determine what files have
changed since last incremental backup or full backup. The files grows each day until the next full
backup is performed clearing the archive attributes. This enables the user to restore all files
changed since the last full backup in one pass. This is a more neutral method of backing up data
since it's not faster nor slower than the other two
Easy Way To Remember each of the backup type properties:
Backup Speed Restore Speed
Full 3 1
Differential 2 2
Incremental 1 3
Legend: 1 = Fastest 2 = Faster 3 = Slowest
Source:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, 2001, John Wiley & Sons, Page 69.
and
http://www.proprofs.com/mwiki/index.php/Full_Backup,_Incremental_%26_Differential_Backup66.
Hierarchical Storage Management (HSM) is commonly employed in:
A. very large data retrieval systems.
B. very small data retrieval systems.
C. shorter data retrieval systems.
D. most data retrieval systems. - B. Incremental backup method.
- C. Differential backup method.
- D. Tape backup method.
- E. Full backup method.
Answer: B
Explanation:
Hierarchical Storage Management (HSM) is commonly employed in very large data retrieval systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71.
NEW QUESTION 482
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?
- A. Review the results of the most recent vulnerability scan
- B. Conduct a security impact analysis
- C. Conduct a gap analysis with the baseline configuration
- D. Conduct an Assessment and Authorization (A&A)
Answer: B
Explanation:
Section: Security Assessment and Testing
NEW QUESTION 483
What does the prudent man rule require?
- A. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances
- B. Senior officials to follow specified government standards
- C. Senior officials to post performance bonds for their actions
- D. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur
Answer: A
Explanation:
*Answer "Senior officials to post performance bonds for their actions" is a distracter and is not part of the prudent man rule.
*Answer "Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur" is incorrect because it is not possible to guarantee that breaches of security can never occur.
*Answer "Senior officials to follow specified government standards" is incorrect because the prudent man rule does not refer to a specific
government standard but relates to what other prudent persons would do.
NEW QUESTION 484
HOTSPOT
Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.
Answer:
Explanation:
Explanation: WS-Trust
The protocol used for issuing security tokens is based on WS-Trust. WS-Trust is a Web service specification that builds on WS-Security. It describes a protocol used for issuance, exchange, and validation of security tokens. WS-Trust provides a solution for interoperability by defining a protocol for issuing and exchanging security tokens, based on token format, namespace, or trust boundaries.
NEW QUESTION 485
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
- A. Simple Key-management for Internet Protocols (SKIP)
- B. Diffie-Hellman Key Exchange Protocol
- C. OAKLEY
- D. Internet Security Association and Key Management Protocol (ISAKMP)
Answer: C
Explanation:
RFC 2828 (Internet Security Glossary) defines OAKLEY as a key establishment
protocol (proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and
designed to be a compatible component of ISAKMP.
ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details
of any specific key generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism.
SKIP is a key distribution protocol that uses hybrid encryption to convey session keys that are
used to encrypt data in IP packets.
ISAKMP provides a framework for authentication and key exchange but does not define them.
ISAKMP is designed to be key exchange independant; that is, it is designed to support many
different key exchanges.
Oakley and SKEME each define a method to establish an authenticated key exchange. This
includes payloads construction, the information payloads carry, the order in which they are
processed and how they are used.
Oakley describes a series of key exchanges-- called modes and details the services provided by
each (e.g. perfect forward secrecy for keys, identity protection, and authentication).
SKEME describes a versatile key exchange technique which provides anonymity, repudiability,
and quick key refreshment.
RFC 2049 describes the IKE protocol using part of Oakley and part of SKEME in conjunction with
ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IETF IPsec DOI. While Oakley defines "modes", ISAKMP defines "phases". The relationship between the two is very straightforward and IKE presents different exchanges as modes which operate in one of two phases.
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA). "Main Mode" and "Aggressive Mode" each accomplish a phase 1 exchange. "Main Mode" and "Aggressive Mode" MUST ONLY be used in phase 1.
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation. "Quick Mode" accomplishes a phase 2 exchange. "Quick Mode" MUST ONLY be used in phase 2.
References: CISSP: Certified Information Systems Security Professional Study Guide By James Michael Stewart, Ed Tittel, Mike Chappl, page 397
RFC 2049 at: http://www.ietf.org/rfc/rfc2409 SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. The All-in-one CISSP Exam Guide, 3rd Edition, by Shon Harris, page 674 The CISSP and CAP Prep Guide, Platinum Edition, by Krutz and Vines
NEW QUESTION 486
......
Certification path of CISSP test: Certified Information Systems Security Professional
Is it true that you are hoping to speed up your data security profession? Separate yourself to businesses and additionally customers? The CISSP is a tip top approach to exhibit your insight, advance your vocation, and join a local area of similar online protection pioneers. It shows you have everything necessary to configuration, specialist, carry out, and run an effective data security program.
By taking the CISSP test, you’ll get the opportunity to demonstrate you have the specialized and administrative information important to successfully configuration, engineer, and deal with the general security stance of an association. Procuring the CISSP demonstrates you have the stuff to adequately configuration, carry out and deal with a top tier network safety program. The CISSP test assesses your skill across eight security areas. Consider the areas subjects you need to dominate dependent on your expert experience and instruction.
CISSP Dumps Ensure Your Passing: https://www.torrentvce.com/CISSP-valid-vce-collection.html
Valid CISSP Test Answers & CISSP Exam PDF: https://drive.google.com/open?id=1rpeYD3UuNq_NQgWOIEeCTNgE93b0alT0