Let's see how well you did on this test ... 1. What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at 1,000,000$ from a threat that has an annualized rate of occurrence (ARO) of 5% and an exposure factor (EF) of 30%? Answer: 15,000$ Sorry - you had a wrong answer, please review details below. The cost of the countermeasure should not be greater than the cost of replacing the asset it protects. In this case, an asset valued at 1,000,000$ with an exposure factor of 30% gives a single loss expectancy (SLE) of 300,000$ (dollar figure assigned to a single event). With an annualized rate of occurrence (ARO) of 5% (annualized estimated frequency in which a threat is expected to occur), the annualized loss expectancy (ALE) is: 300,000$ x .05 = 15,000 $. Therefore, 15,000$ is the annually expected financial loss from the threat, thus the maximum amount that should be spent on measures to protect an asset from that threat. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Security Management Practices (page 17). Thanks to Christian Vezina for providing this question. 2. Coaxial cables with many workstations or servers attached to the same segment of cable: Answer: Create a single point of failure if it is broken. Sorry - you had a wrong answer, please review details below. Coaxial cables with many workstations or servers attached to the same segment of cable create a single point of failure if they are broken. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 72. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 3. A TCP SYN attack: Answer: takes advantage of the way a TCP session is established. Sorry - you had a wrong answer, please review details below. SYN Flooding works as follows: (see also CERT(sm) Advisory CA-96.21 at ftp://info.cert.org/pub/cert_advisories) - A TCP connection request (SYN) is sent to the target computer. The source IP address in the packet is "spoofed," or replaced with an address that is not in use on the Internet, or that belongs to another computer. An attacker will send many of these TCP SYNs to tie up as many resources as possible on the target computer. - Upon receiving the connection request, the target computer allocates resources to handle and track the new connection, then responds with a "SYN-ACK". In this case, the response is sent to the "spoofed" non- existent IP address. - No response is received to the SYN-ACK. A Windows NT 3.5x or 4.0 computer with defaults configured will retransmit the SYN-ACK 5 times, doubling the time-out value after each retransmission. The initial time-out value is three seconds, so retries are attempted at 3, 6, 12, 24, and 48 seconds. After the last retransmission, 96 seconds are allowed to pass before the computer gives up on receiving a response, and deallocates the resources that were set aside earlier for the connection. The total elapsed time that resources are in use is 189 seconds. Reference: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 60). 4. Controls to keep password sniffing attacks from compromising computer systems include which of the following? Answer: one-time passwords and encryption Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 5. Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? Answer: Data link layer Sorry - you had a wrong answer, please review details below. The data link layer (layer 2) establishes the communications link between individual devices over a physical link or channel. It also ensures that messages are delivered to the proper device and translates the messages from layers above into bits for the physical layer (layer 1) to transmit. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 83). Thanks to Christian Vezina for providing this question. 6. The main issue with RAID Level 1 is that the one-for-one ratio is: Answer: very expensive, resulting in the highest cost per megabyte of data capacity. Sorry - you had a wrong answer, please review details below. The main issue with RAID Level 1 is that the one-for-one ratio is very expensive-resulting in the highest cost per megabyte of data capacity. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. Thanks to Rakesh Sud for providing this question. 7. Which of the following represents the best programming? Answer: High cohesion, low coupling Sorry - you had a wrong answer, please review details below. The best programming uses the most cohesive modules possible, but because different modules need to pass data and communicate, they usually cannot be totally cohesive. Also, the lower the coupling, the better the software design, because it promotes module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot. Source: WALLHOFF, John, CBK#4 Applications & Systems Development Security (CISSP Study Guide), April 2002 (page 7). Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 8. What do the ILOVEYOU and Melissa virus attacks have in common? Answer: They are both masquerading attacks. Sorry - you had a wrong answer, please review details below. While a masquerading attack can be considered a type of social engineering, the Melissa and ILOVEYOU viruses are examples of masquerading attacks, even if it may cause some kind of denial of service due to the web server being flooded with messages. In this case, the receiver confidently opens a message coming from a trusted individual, only to find that the message was sent using the trusted party's identity. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 650). Thanks to Christian Vezina for providing this question. 9. Which of the following is not a compensating measure for access violations? Answer: Security awareness Sorry - you had a wrong answer, please review details below. Security awareness is a preventive measure, not a compensating measure for access violations. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 50). Thanks to Christian Vezina for providing this question. 10. What mechanism does a system use to compare the security labels of a subject and an object? Answer: Reference Monitor Sorry - you had a wrong answer, please review details below. A reference monitor compares the sensitivity labels of subjects and objects to determine if the subject has rights to access the object. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 107. 11. What enables users to validate each other's certificate when they are certified under different certification hierarchies? Answer: Cross-certification Sorry - you had a wrong answer, please review details below. Cross-certification is the act or process by which two CAs each certifiy a public key of the other, issuing a public-key certificate to that other CA, enabling users that are certified under different certification hierarchies to validate each other's certificate. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 12. Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provide following service except: Answer: Confidentiality Sorry - you had a wrong answer, please review details below. AH provides integrity, authentication, and non-repudiation. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, page 164. Thanks to Jamil Siddique for providing this question and to John Palumbo for the extra details. 13. Which of the following ports does not normally need to be open for a mail server to operate? Answer: Port 119 Sorry - you had a wrong answer, please review details below. Port 119 is normally used for the Network News Transfer Protocol. It is thus not need for a mail server, which would normally listen to ports 25 (SMTP), 110 (POP3) and 143 (IMAP). Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1: Understanding Firewalls. Thanks to Christian Vezina for providing this question. 14. The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: Answer: Confidentiality, Integrity, and Availability (C.I.A.). Sorry - you had a wrong answer, please review details below. The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of Confidentiality, Integrity, and Availability (C.I.A.). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59. Thanks to Rakesh Sud for providing this question. 15. For which areas of the enterprise are business continuity plans required? Answer: All areas of the enterprise. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 16. Which of the following addresses cumbersome situations where users need to log on multiple times to access different resources? Answer: Single Sign-On (SSO) systems Sorry - you had a wrong answer, please review details below. Single Sign-On (SSO) addresses the cumbersome situation of logging on multiple times to access different resources. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 17. All of the following except which are Remote User Management issues? Answer: Hardware and software destruction Sorry - you had a wrong answer, please review details below. Remote User Management Issues: * Justification for and the validation of the use of remote computing systems * Hardware and software distribution * User support and remote assistance issues Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62. Thanks to Rakesh Sud for providing this question. 18. Operations Security seeks to primarily protect against which of the following? Answer: asset threats Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 19. In what are Access Control Lists (ACLs) and Capability Tables different? Answer: Access control lists are object-based whereas capability tables are subject-based. Sorry - you had a wrong answer, please review details below. Access control lists are lists of subjects that are authorized to access a specific object. They define what level of authorization is to be granted. A capability table specifies the access rights a certain subject possesses over certain specific objects. An Access Control List is bound to an object whereas a capability table is bound to a subject. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (pages 160-162). Thanks to Christian Vezina for providing this question and to Eric Siu for correcting it. 20. What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? Answer: A fault-tolerant system Sorry - you had a wrong answer, please review details below. A fault-tolerant system is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it. In a fail-safe system, program execution is terminated, and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a fail-soft system, when a hardware or software failure occurs and is detected, selected, non-critical processing is terminated. The term failover refers to switching to a duplicate "hot" backup component in real-time when a hardware or software failure occurs, enabling processing to continue. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 196). Thanks to Christian Vezina for providing this question. 21. Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? Answer: Internet Security Association and Key Management Protocol (ISAKMP) Sorry - you had a wrong answer, please review details below. RFC 2828 (Internet Security Glossary) defines the Internet Security Association and Key Management Protocol (ISAKMP) as an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism. Simple Key-management for Internet Protocols (SKIP) is a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets. OAKLEY is a key establishment protocol (proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP. IPsec Key Exchange (IKE) is an Internet, IPsec, keyestablishment protocol [R2409] (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 22. Which of the following statements regarding trade secrets is false? Answer: The Trade Secret Law normally protects the expression of the idea of the resource. Sorry - you had a wrong answer, please review details below. The Trade Secret Law does not protect the expression of the idea of the resource, but specific resources. A copyright protects the expression of ideas rather than the ideas themselves. A trade secret protects the idea itself. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 665). Thanks to Christian Vezina for providing this question. 23. What is called the percentage of invalid subjects that are falsely accepted? Answer: False Acceptance Rate (FAR) or Type II Error Sorry - you had a wrong answer, please review details below. The percentage of invalid subjects that are falsely accepted is called the False Acceptance Rate (FAR) or Type II Error. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 127-128). Thanks to Rakesh Sud for providing this question and to Don Murdoch for providing an extra reference. 24. Which of the following cable types is the least expensive to install? Answer: UTP Sorry - you had a wrong answer, please review details below. Unshielded twisted-pair (UTP) is the least expensive cable to install. Other are (from cheapest to most expensive): 10Base-2, shielded twisted-pair (STP) and 10Base-5. The most expensive cable type is fiber-optic. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Appendix E: Various Networking Components (page 913). Thanks to Christian Vezina for providing this question. 25. What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? Answer: Authority revocation list Sorry - you had a wrong answer, please review details below. The Internet Security Glossary (RFC2828) defines the Authority Revocation List (ARL) as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire. Not to confuse with a Certificate Revocation List (CRL). A certificate revocation tree is a mechanism for distributing notice of certificate revocations. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 26. Which of the following LAN devices only operates at the physical layer of the OSI/ISO model? Answer: Hub Sorry - you had a wrong answer, please review details below. Repeaters and hubs are devices that only operate at the physical layer of the OSI model. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 109). Thanks to Christian Vezina for providing this question. 27. DNS, FTP, TFTP, SNMP are provided at what level of the OSI / ISO model? Answer: Application Sorry - you had a wrong answer, please review details below. Reference: OSI/ISO. 28. Which of the following would be less likely to prevent an employee from reporting an incident? Answer: The process of reporting incidents is centralized. Sorry - you had a wrong answer, please review details below. The process of reporting incidents must be centralized (not decentralized), easy to accomplish, otherwise they won't even bother. All others are reasons that would prevent an employee from reporting an incident. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 675). Thanks to Christian Vezina for providing this question. 29. Which of the following is a preventive control? Answer: Guard dogs Sorry - you had a wrong answer, please review details below. Guard dogs are physical preventive controls, used to restrict access to a facility. Motion detectors, intrusion detection systems and audit logs are detective controls, used to identify undesirable events that are occurring or have occurred. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 180). Thanks to Christian Vezina for providing this question. 30. What is necessary for a subject to have write access to an object in a Multi-Level Security Policy? Answer: The subject's sensitivity label is dominated by the object's sensitivity label Sorry - you had a wrong answer, please review details below. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 76. 31. Which of the following is an ipaddress that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? Answer: 172.31.42.5 Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: The Linux Net-HOWTO. Also ensure that you take a look at RFC 1918, which is THE reference for private address space. 32. Computer crime is generally made possible by which of the following? Answer: victim carelessness Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 33. Which issue when selecting a facility site deals with the surrounding terrain, building markings and signs, and high or low population in the area: Answer: visibility Sorry - you had a wrong answer, please review details below. Items critical to selecting a facility site for visibility are: surrounding terrain, building markings and signs, types of neighbors, and high or low population in the area. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, page 284. Thanks to Jane E. Murley for providing this question. 34. What is a limitation of TCP Wrappers? Answer: It cannot control access to running UDP servers. Sorry - you had a wrong answer, please review details below. TCP Wrappers can be used to control when UDP servers start, but it has no other control over the server. UDP servers may continue to run after they've finished processing a legitimate request, and UDP's lack of a 3-way handshake makes it simple for attackers to trick UDP servers into processing illegitimate requests. Source: ZWICKY, Elizabeth D. et al., Building Internet Firewalls, O'Reilly & Associates, page 118. 35. In addition to the accuracy of the biometric systems, there are other factors that must also be considered: Answer: These factors include the enrolment time, the throughput rate, and acceptability. Sorry - you had a wrong answer, please review details below. In addition to the accuracy of the biometric systems, there are other factors that must also be considered. These factors include the enrolment time, the throughput rate, and acceptability. Enrolment time is the time it takes to initially "register" with a system by providing samples of the biometric characteristic to be evaluated. An acceptable enrolment time is around two minutes. For example, in fingerprint systems, the actual fingerprint is stored and requires approximately 250kb per finger for a high quality image. This level of information is required for one-to-many searches in forensics applications on very large databases. In finger-scan technology, a full fingerprint is not stored-the features extracted from this fingerprint are stored using a small template that requires approximately 500 to 1000 bytes of storage. The original fingerprint cannot be reconstructed from this template. Updates of the enrolment information may be required because some biometric characteristics, such as voice and signature, may change with time. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37 & 38. Thanks to Rakesh Sud for providing this question and to Sasa Vidanovic for helping with the review. 36. Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? Answer: The Clark Wilson integrity model Sorry - you had a wrong answer, please review details below. The Clark Wilson integrity model addresses the three following integrity goals: 1) data is protected from modification by unauthorized users; 2) data is protected from unauthorized modification by authorized users; and 3) data is internally and externally consistent. It also defines a Constrained Data Item (CDI), an Integrity Verification Procedure (IVP), a Transformation Procedure (TP) and an Unconstrained Data item. The Bell-LaPadula and Take-Grant models are not integrity models. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 205). Thanks to Christian Vezina for providing this question. 37. In an organization where there are frequent personnel changes, non-discretionary access control is useful because: Answer: the access controls are based on the individual's role or title within the organization. Sorry - you had a wrong answer, please review details below. In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual's role or title within the organization. These access controls do not need to be changed whenever a new person takes over the role. Another type of non-discretionary access control is lattice-based access control. In this type of control, a lattice model is applied. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. Thanks to Rakesh Sud for providing this question and to Sasa Vidanovic for helping with the review. 38. Which TCSEC class specifies discretionary protection? Answer: C1 Sorry - you had a wrong answer, please review details below. C1 involves discretionary protection, C2 involves controlled access protection, B1 involves labeled security protection and B2 involves structured protection. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 39. Which of the following includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects? Answer: Intrusion Detection (ID) and Response Sorry - you had a wrong answer, please review details below. This includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62. Thanks to Rakesh Sud for providing this question. 40. Like Kerberos, SESAME is also subject to which of the following? Answer: password guessing Sorry - you had a wrong answer, please review details below. SESAME is subject to password guessing like Kerberos. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 43. Thanks to Rakesh Sud for providing this question. 41. SESAME incorporates two certificates or tickets. Which of the following statements is correct? Answer: One certificate provides authentication as in Kerberos and the other certificate defines the access privileges that are assigned to a client. Sorry - you had a wrong answer, please review details below. To address some of the weaknesses in Kerberos, the Secure European System for Applications in a Multivendor Environment (SESAME) project uses public key cryptography for the distribution of secret keys and provides additional access control support. It uses the Needham-Schroeder protocol and a trusted authentication server at each host to reduce the key management requirements. In addition, SESAME incorporates two certificates or tickets. One certificate provides authentication as in Kerberos and the other certificate defines the access privileges that are assigned to a client. One weakness in SESAME is that it authenticates by using the first block of a message only and not the complete message. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42. Thanks to Rakesh Sud for providing this question and to Sasa Vidanovic for helping with the review. 42. If your property Insurance has Actual Cost Valuation (ACV) clause your damaged property will be compensated Answer: Based on the value of item on the date of loss Sorry - you had a wrong answer, please review details below. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Property Insurance overview, Page 587. Thanks to Jamil Siddique for providing this question. 43. Why does a digital signature contain a message digest? Answer: To detect any alteration of the message Sorry - you had a wrong answer, please review details below. The message digest is calculated and included in a digital signature to prove that the message has not been altered as it should be the same value as a recalculation performed upon receipt. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 214). Thanks to Christian Vezina for providing this question. 44. A momentary power outage is a: Answer: fault Sorry - you had a wrong answer, please review details below. A momentary power outage is a fault. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, page 299. Thanks to Jane E. Murley for providing this question. 45. Which of the following tasks is not usually part of a Business Impact Analysis(BIA)? Answer: Develop a mission statement. Sorry - you had a wrong answer, please review details below. The Business Impact Analysis is critical for the development of a business continuity plan (BCP). It identifies risks, critical processes and resources needed in case of recovery and quantifies the impact a disaster will have upon the organization. The development of a mission statement is normally performed before the BIA. According to the Disaster Recovery International Institute, a business continuity plan methodology would include the following phases: 1. 2. 3. 4. 5. 6. Project initiation phase (objectives and assumptions) Functional requirements phase (fact gathering, alternatives and decisions) Design and development phase (designing the plan) Implementation phase (creating the plan) Testing and exercising phase (post-implementation plan review) Maintenance and updating phase (updating the plan) 7. Execution phase (declare disaster and execute recovery operations) Source: DOUGHTY, Ken, "Business Continuity: A Business Survival Strategy", Information Systems Control Journal, volume 1, 2002, page 28. For more info: The Disaster Recovery Journal. Thanks to Christian Vezina for providing this question. 46. In Kerberos, the client decrypts the message containing the session key (Kc, tgs) with its secret key (Kc), and will now use this session key to communicate with the: Answer: TGS server Sorry - you had a wrong answer, please review details below. The client decrypts the message containing the session key (Kc, tgs) with its secret key (Kc), and will now use this session key to communicate with the TGS server. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 41. Thanks to Rakesh Sud for providing this question. 47. What type of attack involves IP spoofing, ICMP ECHO and a bounce site? Answer: Smurf attack Sorry - you had a wrong answer, please review details below. A smurf attack occurs when an attacker sends a spoofed (IP spoofing) PING (ICMP ECHO) packet to the broadcast address of a large network (the bounce site). The modified packet containing the address of the target system, all devices on its local network respond with a ICMP REPLY to the target system, which is then saturated with those replies. An IP spoofing attack is used to convince a system that it is communication with a known entity that gives an intruder access. It involves modifying the source address of a packet for a trusted source's address. A teardrop attack consists of modifying the length and fragmentation offset fields in sequential IP packets so the target system becomes confused and crashes after it receives contradictory instructions on how the fragments are offset on these packets. A SYN attack is when an attacker floods a system with connection requests but does not respond when the target system replies to those requests. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 76). Thanks to Christian Vezina for providing this question. 48. A Business Continuity Plan should be tested: Answer: At least once a year. Sorry - you had a wrong answer, please review details below. It is recommended that testing does not exceed established frequency limits. For a plan to be effective, all components of the BCP should be tested at least once a year. Also, is there is a major change in the operations of the organization, the plan should be revised and tested not more than three months after the change becomes operational. Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley & Sons, 2001 (page 165). Thanks to Christian Vezina for providing this question. 49. There are parallels between the trust models in Kerberos and in PKI. When we compare them side by side, Kerberos tickets correspond most closely to which of the following? Answer: public-key certificates Sorry - you had a wrong answer, please review details below. A Kerberos ticket is issued by a trusted third party; it is an encrypted data structure that includes the service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not a key. And there is no such thing as a private key certificate. 50. What is the PRIMARY use of a password? Answer: Authenticate the user. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 51. During Recovery, which of following is most critical? Answer: Data Sorry - you had a wrong answer, please review details below. Source: Veritas eLearning CD - Introducing Disaster Recovery Planning, Chapter 1. Thanks to Jamil Siddique for providing this question. 52. Unrestricted access to production programs should be given to which of the following? Answer: no one Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 53. Which Orange Book evaluation level is described as "Controlled Access Protection"? Answer: C2 Sorry - you had a wrong answer, please review details below. C2 systems are Discretionary Access Control (DAC), and must be able to control access with a fine granularity; i.e. to allow or disallow by a single user. This is often done with Access Control Lists (ACLs). Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 156-159. Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). 54. Which of the following is less likely to be included in the request control sub-phase of the maintenance phase of a software product? Answer: Recreating and analyzing the problem Sorry - you had a wrong answer, please review details below. Recreating and analyzing the problem is considered a part of the change control sub-phase of the maintenance phase. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252). Thanks to Christian Vezina for providing this question. 55. Attributable data should be: Answer: always traced to individuals responsible for observing and recording the data Sorry - you had a wrong answer, please review details below. As per FDA data should be attributable, original, accurate, contemporaneous and legible. In an automated system attributability could be achieved by a computer system designed to identify individuals responsible for any input. Source: U.S. Department of Health and Human Services, Food and Drug Administration, Guidance for Industry - Computerized Systems Used in Clinical Trials, April 1999, page 1. Thanks to Rakesh Sud for providing this question. 56. Which xDSL flavour can deliver up to 52 MBps downstream over a single copper twisted pair? Answer: VDSL Sorry - you had a wrong answer, please review details below. Very-high data-rate Digital Subscribe Line (VDSL) can deliver up to 52 MBps downstream over a single copper twisted pair over a relatively short distance (1000 to 4500 feet). Single-line Digital Subscriber Line (SDSL) and High-rate Digital Subscriber Line (HDSL) deliver 1.544 MBps of bandwidth each way. ADSL delivers a maximum of 9 MBps downstream. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 115). Thanks to Christian Vezina for providing this question. 57. Why does fiber optic communication technology have significant security advantage over other transmission technology? Answer: Interception of data traffic is more difficult. Sorry - you had a wrong answer, please review details below. It would be correct to select the first answer if the world "security" was not in the question. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 58. Which type of password token involves time synchronization? Answer: Synchronous dynamic password tokens Sorry - you had a wrong answer, please review details below. Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the password to be accepted. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 37). Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGrawHill/Osborne, 2002, chapter 4: Access Control (page 136). Thanks to Christian Vezina for providing this question and to Don Murdoch for providing an extra reference. 59. Which is not one of the primary goals of BIA Answer: Deciding on various test to be performed to validate Business Contuity Plan Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 276. Thanks to Jamil Siddique for providing this question. 60. The typical computer felons are usually persons with which of the following characteristics? Answer: They hold a position of trust. Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 61. Which of the following protocols is designed to send individual messages securely? Answer: Secure HTTP (S-HTTP). Sorry - you had a wrong answer, please review details below. An early standard for encrypting HTTP documents, Secure HTTP (S-HTTP) is designed to send individual messages securely. SSL is designed to establish a secure connection between two computers. SET was originated by VISA and MasterCard as an Internet credit card protocol using digital signatures. Kerberos is an authentication system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 89. Thanks to Rakesh Sud for providing this question. 62. Which IPSec operational mode encrypts the entire data packet into an IPSec packet? Answer: Tunnel mode Sorry - you had a wrong answer, please review details below. In tunnel mode, the entire data packet is encrypted and encased in an IPSec packet. In transport mode, only the datagram is encrypted, leaving the IP address visible. Authentication mode and safe mode are not defined IPSec operational modes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 96). Thanks to Christian Vezina for providing this question. 63. Which of the following are functions that are compatible in a properly segregated environment? Answer: System development and systems maintenance. Sorry - you had a wrong answer, please review details below. The goal is of separation of duties is to ensure that no single individual can compromise an application system's features and its control functions. It is common for system development and maintenance to be undertaken by the same person. In both cases the programmer requires access to the source code in the development environment, but should not be allowed access in the production environment. A computer operator should not have the possibility of modifying applications because they already have access to all resources of the systems and that would allow them to introduce fraudulent changes. Systems programming is incompatible with job control analysis since a systems programmer could change the job control parameters to run their own personal jobs. Access authorization is a responsibility of data owners, not database administrators. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 2: Management, Planning and Organisation of IS (page 73). Thanks to Christian Vezina for providing this question. 64. What is the purpose of Trusted Distribution? Answer: To ensure that the Trusted Computing Base is not tampered with during shipment or installation. Sorry - you had a wrong answer, please review details below. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 147. 65. Valuable paper insurance coverage does not cover damage to which of the following? Answer: Money and Securities Sorry - you had a wrong answer, please review details below. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, Property Insurance overview, Page 589. Thanks to Jamil Siddique for providing this question. 66. Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? Answer: It carries various sizes of packets Sorry - you had a wrong answer, please review details below. ATM is an example of a fast packet-switching network that can be used for either data, voice or video, but packets are of fixed size. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 455). Thanks to Christian Vezina for providing this question. 67. Frame relay and X.25 networks are part of which of the following? Answer: Packet-switched services Sorry - you had a wrong answer, please review details below. Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (pages 451-461). Thanks to Don Murdoch for providing a reference to this question. 68. The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? Answer: computer-aided design and imaging. Sorry - you had a wrong answer, please review details below. The object-relational and object-oriented models are better suited to managing complex data such as required for computer-aided design and imaging. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. Thanks to Rakesh Sud for providing this question. 69. This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges that what is required for the tasks the user needs to fulfill. What best describes this scenario? Answer: Excessive Privileges Sorry - you had a wrong answer, please review details below. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 645. Thanks to Nick Mackovski for providing this question. 70. Which of the following is a primary purpose for conducting parallel testing? Answer: To ensure the new system meets all user requirements. Sorry - you had a wrong answer, please review details below. The main purpose of parallel testing is to ensure the implementation of a new system will meet all user requirements. Unit and system testing will be completed before parallel testing. Costeffectiveness is not an issue at this level. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299). Thanks to Christian Vezina for providing this question. 71. When a biometric system is used, which error type deals with the possibility of granting access to impostors who should be rejected? Answer: Type II error Sorry - you had a wrong answer, please review details below. When a biometric system rejects an authorized individual, it is called a Type I error. When a system accepts impostors who should be rejected (false positive), it is called a Type II error. The Crossover Error Rate (CER), stated in a percentage, represents the point at which false rejection (Type I) rate equals the false acceptance (Type II) rate. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (page 128). Thanks to Christian Vezina for providing this question. 72. Which of the following ensures that security is not breached when a system crash or other system failure occurs? Answer: trusted recovery Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 222. Thanks to Eric Yandell for providing this question. 73. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)? Answer: Overt channel Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 219. Thanks to Nick Mackovski for providing this question. 74. Which of the following best provides e-mail message authenticity and confidentiality? Answer: Signing the message using the sender's private key and encrypting the message using the receiver's public key Sorry - you had a wrong answer, please review details below. By encrypting the message with the receiver's public key, only the receiver can decrypt the message using his/her own private key, thus ensuring confidentiality. By signing the message with the sender's private key, the receiver can verify its authenticity using the sender's public key. The receiver's private key is confidential, and therefore unknown to the sender. Messages encrypted using the sender's private key can be read by anyone (with the sender's public key). Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 215). Thanks to Christian Vezina for providing this question. 75. An example of a Commercial firewall that normalizes traffic, even at layer-7 is: Answer: One Secure IDP Sorry - you had a wrong answer, please review details below. Commercial firewalls that normalize traffic, even at layer-7, are coming. I know of one (OneSecure IDP), and I know others are on their way. If people are really concerned about stopping as many types of NIDS evasion techniques as possible, then they may wish to consider looking at in-line normalizers, or pressure their vendors at adding this functionality. Handley, Kreibic, and Paxson's USENIX paper on the subject is quite interesting, as they have identified something like 70 points of "normalizations" for IP, TCP, UDP, and ICMP alone. Source: HANDLEY, KREIBIC & PAXSON, Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. (See Appendix A). Thanks to Rakesh Sud for providing this question. 76. In an on-line transaction processing system, which of the following actions should be taken when erroneous or invalid transactions are detected? Answer: The transactions should be written to a report and reviewed. Sorry - you had a wrong answer, please review details below. The monitor mechanism within an OLTP system normally detects errors and rolls back any transaction that was taking place to ensure that no data is corrupted or that only part of a transaction happens. Any erroneous or invalid transactions that are detected should be written to a transaction log and to a report log to be reviewed at a later time. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 11: Application and System Development (page 728). Thanks to Rick Cahoon for providing a reference to this question. 77. Who designed the InfoSec Assessment Methodology (IAM)? Answer: The NSA's Information Systems Security Organization (ISSO) Sorry - you had a wrong answer, please review details below. As a result of Presidential Decision Directive #63, forming the National Infrastructure Protection Center (NIPC), the National Security Agency's Information Systems Security Organization (ISSO) instituted a program intended to improve the overall level of security protection of America's computing infrastructure. To help achieve this goal, the ISSO designed the InfoSec Assessment Methodology (IAM). The IAM process is a high-level (level I) security assessment. It is a nonintrusive, standardized baseline analysis of the InfoSec posture of an automated process. The heart of the IAM is the creation of the Organizational Criticality Matrix. In this chart, all relevant automated systems are assigned impact attributes (high, medium of low) based on their estimated effect on the CIA triad to the Organization. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Appendix E: The NSA InfoSec Assessment methodology (page 507). Thanks to Christian Vezina for providing this question. 78. Due care is not related to: Answer: Profit Sorry - you had a wrong answer, please review details below. Officers and directors of a company are expected to act carefully in fulfilling their tasks. A director shall act in good faith, with the care an ordinarily prudent person in a like position would exercise under similar circumstances and in a manner he reasonably believes is in the best interest of the enterprise. The notion of profit would tend to go against the due care principle. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law, Investigation, and Ethics (page 186). Thanks to Christian Vezina for providing this question. 79. Devices that supply power when the commercial utility power system fails are called which of the following? Answer: uninterruptible power supplies Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 80. Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? Answer: Birthday attack Sorry - you had a wrong answer, please review details below. A Birthday attack is usually applied to the probability of two different messages using the same hash function producing a common message digest. The term "birthday" comes from the fact that in a room with 23 people, the probability of two of more people having the same birthday is greater than 50%. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 163). Thanks to Christian Vezina for providing this question. 81. Controls are implemented to: Answer: mitigate risk and reduce the potential for loss Sorry - you had a wrong answer, please review details below. Controls are implemented to mitigate risk and reduce the potential for loss. Preventive controls are put in place to inhibit harmful occurrences; detective controls are established to discover harmful occurrences; corrective controls are used to restore systems that are victims of harmful attacks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. Thanks to Rakesh Sud for providing this question and to Sasa Vidanovic for helping with the review. 82. Related to information security, availability is the opposite of which of the following? Answer: destruction Sorry - you had a wrong answer, please review details below. Availability is the opposite of "destruction." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59. Thanks to Rakesh Sud for providing this question. 83. Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of: Answer: a class B network. Sorry - you had a wrong answer, please review details below. Before the advent of classless addressing, one could tell the size of a network by the first few bits of an IP address. If the first bit was set to zero (the first byte being from 0 to 127), the address was a class A network. Values from 128 to 191 were used for class B networks whereas values between 192 and 223 were used for class C networks. Class D, with values from 224 to 239 (the first three bits set to one and the fourth to zero), was reserved for IP multicast. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 3: TCP/IP from a Security Viewpoint. Thanks to Christian Vezina for providing this question. 84. Who developed one of the first mathematical models of a multilevel-security computer system? Answer: Bell and LaPadula Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 241). Thanks to Jane E. Murley for providing a reference to this question. 85. In the OSI / ISO model, at what level are TCP and UDP provided? Answer: Transport Sorry - you had a wrong answer, please review details below. The Transport layer of the OSI/ISO model supports the TCP and UDP protocol. 86. What is called the standard format that was established to set up and manage Security Associations (SA) on the Internet in IPSec? Answer: Internet Security Association and Key Management Protocol Sorry - you had a wrong answer, please review details below. Key management for IPSec, called the Internet Key Exchange (IKE), is defined with a combination of three protocols (ISAKMP, SKEME and Oakley). The Internet Security Association and Key Management Protocol (ISAKMP) is the one that defines the phases for establishing a secure relationship. Secure Key Exchange Mechanism (SKEME) describes a secure exchange mechanism and Oakley defines the modes of operation needed to establish a secure connection. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 172). Thanks to Christian Vezina for providing this question. 87. An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called Answer: a degausser. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 88. Covert Channel Analysis is required for systems evaluated at what TCSEC level? Answer: B2 and above Sorry - you had a wrong answer, please review details below. Covert channel analysis is required for systems evaluated at levels B2 and above. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 137. 89. In response to Access-request from client (NAS), which of the following is not one of the response from a RADIUS Server? Answer: Access-Granted Sorry - you had a wrong answer, please review details below. In response to an access-request from a client, a RADIUS server returns one of three authentication responses: access-accept, access-reject, or access-challenge, the latter being a request for additional authentication information such as a one-time password from a token or a callback identifier. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, page 36. Thanks to Jamil Siddique for providing this question. 90. Which of the following is a drawback of fiber optic cables? Answer: The expertise needed to install it. Sorry - you had a wrong answer, please review details below. Fiber optic is immune to the effects of electromagnetic interference, is very hard to tap and has a much longer effective usable length than any other cable type. The primary drawbacks of this cable type are its cost of installation and the high level of expertise needed to have it properly terminated. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 72). Thanks to Christian Vezina for providing this question. 91. Which backup method only copies files that have changed since a full backup was last performed? Answer: Differential backup method. Sorry - you had a wrong answer, please review details below. The Differential Backup Method only copies files that have changed since a full backup was last performed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 92. Which of the following statements pertaining to PPTP (Point-to-Point Tunnelling Protocol) is incorrect? Answer: PPTP is derived from L2TP. Sorry - you had a wrong answer, please review details below. PPTP is an encapsulation protocol based on PPP that works at OSI layer 2 (Data Link) and that enables a single point-to-point connection, usually between a client and a server. While PPTP uses IP to establish its connection ('transmits over'), since its based on PPP, which can speak other protocols, it is capable of handling other protocols as well. As currently implemented, PPTP encapsulates PPP packets using a modified version of the generic routing encapsulation (GRE) protocol, which gives PPTP to the flexibility of handling protocols other than IP, such as IPX and NETBEUI. PPTP does have some limitations. It does not provide strong encryption for protecting data, nor does it support any token-based methods for authenticating users. L2TP is derived from L2F and PPTP, not the opposite. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 6: Cryptography (page 115). Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGrawHill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 469). More info on PPP can be found in RFC 1334 - PPP Authentication Protocols. Information on PPTP can be found in RFC 2637 - Point-to-Point Tunneling Protocol (PPTP) and PPTP Technical Specifications document at 3COM. Thanks to Christian Vezina for providing this question. Thanks to Atul Porwal and Shawn Moyer for helping clearing things out. 93. RADIUS incorporates which of the following? Answer: authentication server and dynamic passwords. Sorry - you had a wrong answer, please review details below. RADIUS incorporates an authentication server and dynamic passwords. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 43, 44. Thanks to Rakesh Sud for providing this question. 94. Which OSI/ISO layers are TCP and UDP implemented at? Answer: Transport layer Sorry - you had a wrong answer, please review details below. TCP and UDP are implemented at the transport layer (layer 4). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 82). Thanks to Christian Vezina for providing this question. 95. A network-based vulnerability assessment is also called: Answer: An active vulnerability assessment. Sorry - you had a wrong answer, please review details below. A network-based vulnerability assessment system either re-enacts system attacks, noting and recording responses to there attacks, or probes different targets to infer weaknesses from their responses. Since they are actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability systems. Credential-based and passive are related to host-based vulnerability assessment systems. Source: DUPUIS, Clément, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 97). Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 96. Which of the following is NOT an advantage of password syncronization? Answer: higher cost Sorry - you had a wrong answer, please review details below. It is 1/10 the cost of single sign-on technology. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 35. Thanks to Rakesh Sud for providing this question. 97. Within which OSI/ISO layer is RPC implemented? Answer: Session layer Sorry - you had a wrong answer, please review details below. The Remote Procedure Call (RPC) protocol is implemented at the Session layer, which establishes, maintains and manages sessions as well as synchronization of the data flow. Source: Jason Robinett's CISSP Cram Sheet: domain2. Thanks to Christian Vezina for providing this question. 98. What works as an E-mail message transfer agent? Answer: SMTP Sorry - you had a wrong answer, please review details below. SMTP (Simple Mail Transfer Protocol) works as a message transfer agent. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 821. Thanks to Nick Mackovski for providing this question. 99. Which of the following best defines add-on security? Answer: Protection mechanisms implemented after an information system has become operational. Sorry - you had a wrong answer, please review details below. The Internet Security Glossary (RFC2828) defines add-on security as "The retrofitting of protection mechanisms, implemented by hardware or software, after the [automatic data processing] system has become operational." Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 100. Each data packet is assigned the IP address of the sender and the IP address of the: Answer: recipient. Sorry - you had a wrong answer, please review details below. Each data packet is assigned the IP address of the sender and the IP address of the recipient. The term network refers to the part of the IP address that identifies each network. The terms host and node refer to the parts of the IP address that identify a specific machine on a network. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87. Thanks to Rakesh Sud for providing this question. 101. Which of the following firewall rules is not appropriate to protect an organization's internal network? Answer: Allow echo reply outbound Sorry - you had a wrong answer, please review details below. Echo replies outbound should be dropped, not allowed. By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to learn about the internal network. The outbound echo request and inbound echo reply allow internal users to verify connectivity with external hosts. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10: The Perfect Firewall. Thanks to Christian Vezina for providing this question. 102. Making sure that only those who are supposed to access the data can access is: Answer: Confidentiality. Sorry - you had a wrong answer, please review details below. Confidentiality is defined as making sure that only those who are supposed to access the data can access it. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59. Thanks to Rakesh Sud for providing this question. 103. Which of the following is a communication path that is not protected by the system's normal security mechanisms? Answer: A covert channel Sorry - you had a wrong answer, please review details below. A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms. Covert channels are a secret way to convey information. Covert channels a addressed from TCSEC level B2. A trusted path is the protected channel that allows a user to access the Trusted Computing Base (TCB) without being compromised by other processes or users. A protection domain consists of the execution and memory space assigned to each process. A maintenance hook is a hardware or software mechanism that was installed to permit system maintenance and to bypass the system's security protections. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 219). Thanks to Christian Vezina for providing this question. 104. What is not the appropriate role of the IS security analyst in the application system development or acquisition project? Answer: policeman Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 105. What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? Answer: Identification Sorry - you had a wrong answer, please review details below. Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 106. Which of the following is addressed by Kerberos? Answer: confidentiality and integrity Sorry - you had a wrong answer, please review details below. Kerberos addresses the confidentiality and integrity of information. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42. Thanks to Rakesh Sud for providing this question and to Robert Mannal and Robert Hunter for reviewing it. 107. Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of: Answer: Output controls Sorry - you had a wrong answer, please review details below. Output controls are used for two things: for verifying the integrity and protecting the confidentiality of an output. These are examples of proper output controls. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 218). Thanks to Christian Vezina for providing this question. 108. In a Public Key Infrastructure (PKI) context, which of the following is a primary concern with LDAP servers? Answer: Availability Sorry - you had a wrong answer, please review details below. The primary security concerns relative to LDAP servers are availability and integrity. For example, denial of service attacks on an LDAP server could prevent access to the Certificate Revocation List and, thus, permit the use of a revoked certificate. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 165). Thanks to Christian Vezina for providing this question. 109. What is a "system high" policy? Answer: A system where all users are cleared to view the most highly classified data on the system Sorry - you had a wrong answer, please review details below. If a computer or network is designated as "system high", it can hold data of many different security classifications, but all users must be cleared for the highest level of data before they are given an account on the box. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 72. 110. A mechanism that enforces the authorized access relationships between subjects and objects is known as: Answer: the reference monitor. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 111. Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? Answer: Data link Sorry - you had a wrong answer, please review details below. The Data Link layer provides data transport across a physical link. It handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control. Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 2, August 1999. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 112. Related to information security, confidentiality is the opposite of which of the following? Answer: disclosure Sorry - you had a wrong answer, please review details below. Confidentiality is the opposite of disclosure. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59. Thanks to Rakesh Sud for providing this question. 113. According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? Answer: B2 Sorry - you had a wrong answer, please review details below. B2 security level requires that systems must support separate operator and system administrator roles. At B3 and A1, systems must clearly identify the functions of the security administrator to perform the security-related functions. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 220). Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). Thanks to Christian Vezina for providing this question. 114. What category of water sprinkler system is currently the most recommended water system for a computer room? Answer: Preaction sprinkler system Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 336. Thanks to Nick Mackovski for providing this question. 115. Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center? Answer: System development and systems maintenance Sorry - you had a wrong answer, please review details below. It is common for system development and maintenance to be undertaken by the same person. In both cases the programmer requires access to the source code in the development environment, but should not be allowed access in the production environment. Other choices are not correct. The roles of security administration and change management are incompatible functions. The level of security administration access rights could allow changes to go undetected. Computer operations and system development are incompatible since it would be possible for an operator to run a program that he/she had amended. The system development and change management task are incompatible because the combination of system development and change control would allow program modifications to bypass change control approvals. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 2: Management, Planning and Organization of IS (page 77). Thanks to Christian Vezina for providing this question. 116. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions Answer: D Sorry - you had a wrong answer, please review details below. Division D (minimal protection) has only one class and is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (page 252). Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). Thanks to Christian Vezina for providing this question. 117. Which of the following security-focused protocols operates at a layer different from the others? Answer: Secure HTTP Sorry - you had a wrong answer, please review details below. All the previous protocols operate at the transport layer except for Secure HTTP (S-HTTP), which operates at the application layer. S-HTTP is being overtaken by SSL. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 89). Thanks to Christian Vezina for providing this question and to Scot Hartman for rewording it. 118. Which of the following protocols provides non-repudiation in IPSec? Answer: Authentication Header (AH) Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 171-172. Thanks to Eric Yandell for providing this question. 119. Risk mitigation and risk reduction controls can be of which of the following types? Answer: preventive, detective, or corrective Sorry - you had a wrong answer, please review details below. Controls can be preventive, detective, or corrective. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32. Thanks to Rakesh Sud for providing this question. 120. Which of the following RAID levels functions as a single virtual disk? Answer: RAID Level 7 Sorry - you had a wrong answer, please review details below. RAID Level 7 is a variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. This is sometimes simulated by software running over a RAID level 5 hardware implementation. This enables the drive array to continue to operate if any disk or any path to any disk fails and also provides parity protection. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. Thanks to Rakesh Sud for providing this question and to Scot Hartman for correcting it. 121. Which of the following backup method must be made regardless of whether Differential or Incremental methods are used? Answer: Full Backup Method. Sorry - you had a wrong answer, please review details below. A Full Backup must be made regardless of whether Differential or Incremental methods are used. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (pages 617-619). Thanks to Rakesh Sud for providing this question and to Don Murdoch for providing an extra reference. 122. There are more than 20 books in the Rainbow Series. Which of the following covers password management guidelines? Answer: Green Book Sorry - you had a wrong answer, please review details below. The Orange Book is an abstract, very concise description of computer security requirements. It provides a broad framework for building and evaluating a trusted system but raises many questions about the specifics of what's really needed to satisfy particular requirements. In an attempt to help system developers, the government has published a number of additional books interpreting Orange Book requirements in particular, puzzling areas. These are known collectively as the Rainbow Series, because each has a different cover color. Chief among the documents is the Trusted Network Interpretation (the Red Book), which covers networks and network components. Another important book is the Trusted Database Management System Interpretation (the Lavender Book), interpreting Orange Book requirements for DBMS products. Other books include the Password Management Guideline (Green Book), a Guide to Understanding Audit in Trusted Systems (Tan Book), Guidelines for Formal Verification Systems (Purple Book), Guide for Understanding Design Documentation in Trusted Systems (Burgundy Book). Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 114). Thanks to Christian Vezina for providing this question. 123. Which of the following is NOT an administrative control? Answer: Logical access control mechanisms Sorry - you had a wrong answer, please review details below. All options represent administrative controls except logical access control mechanisms, which are considered technical controls. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 60). Thanks to Christian Vezina for providing this question. 124. Application Level Firewalls operate at the: Answer: OSI protocol Layer seven, the Application Layer. Sorry - you had a wrong answer, please review details below. It operates at the OSI protocol Layer seven, the Application Layer. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 90. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (pages 419-420). Thanks to Rakesh Sud for providing this question and to Don Murdoch for providing an extra reference. 125. What is the most critical piece to disaster recovery and continuity planning? Answer: Management support Sorry - you had a wrong answer, please review details below. All choices are related to DRP/BCP, but the most critical piece is the management support. The management must be convinced of its necessity and that's why a business case must be made. The decision of how a company should recover from any disaster is purely a business decision and should be treated as so. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 9: Disaster recovery and business continuity (page 595). Thanks to Christian Vezina for providing this question. 126. Which type of control is concerned with restoring controls? Answer: Corrective controls Sorry - you had a wrong answer, please review details below. Corrective controls are concerned with remedying circumstances and restoring controls whereas recovery controls are concerned with restoring resources, capabilities or losses. Compensating controls are alternative controls, used to compensate weaknesses in other controls and preventive controls are concerned with avoiding occurrences of risks. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 127. Why do many organizations require every employee to take a mandatory vacation of a week or more? Answer: To reduce the opportunity for an employee to commit an improper or illegal act. Sorry - you had a wrong answer, please review details below. Mandatory vacations in which someone other than the regular employee performs the job function reduces the opportunity to commit improper or illegal acts, and it allows discovering any fraudulent activity that could have been taking place. Other choices could be organizational benefits from a mandatory vacation policy, but not the reason why it is established. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 2: Management, Planning and Organization of IS (page 65). Thanks to Christian Vezina for providing this question. 128. Sensitivity labels are an example of: Answer: Preventive controls Sorry - you had a wrong answer, please review details below. Sensitivity labels are an example of preventive security application controls, as are firewalls, data encryption, one-time passwords, etc. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 264). Thanks to Christian Vezina for providing this question. 129. What is called the probability that a threat to an information system will materialize? Answer: Risk Sorry - you had a wrong answer, please review details below. Risk: The potential for harm or loss to an information system or network; the probability that a threat will materialize. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 16, 32. Thanks to Rakesh Sud for providing this question. 130. The Diffie-Hellman algorithm is used for: Answer: Key exchange Sorry - you had a wrong answer, please review details below. The Diffie-Hellman algorithm is used for key distribution and cannot be used to encrypt and decrypt messages. Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 4). Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 131. Why is traffic across a packet switched network (e.g. frame relay, X.25) difficult to monitor? Answer: Packets are transmitted on multiple paths Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 132. Public Key algorithms are: Answer: 1,000 to 10,000 times slower than secret key algorithms Sorry - you had a wrong answer, please review details below. The CISSP Prep Guide states, "Because there are more calculations associated with public key cryptography, it is 1,000 to 10,000 times slower than secret key cryptography." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, page 156. Thanks to Mark Radulovich for providing this question. 133. Another name for a VPN is a: Answer: tunnel Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 134. What is the role of IKE within the IPsec protocol? Answer: peer authentication and key exchange Sorry - you had a wrong answer, please review details below. Reference: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR; SMITH, Richard E., Internet Cryptography, 1997, AddisonWesley Pub Co. A very special thanks to Claus Stark and his wife Shubhangi for submitting this question. 135. What can best be defined as high-level statements, beliefs, goals and objectives? Answer: Policies Sorry - you had a wrong answer, please review details below. Policies are high-level statements, beliefs, goals and objectives and the general means for their attainment for a specific subject area. Standards are mandatory activities, action, rules or regulations designed to provide policies with the support structure and specific direction they require to be effective. Guidelines are more general statements of how to achieve the policies objectives by providing a framework within which to implement procedures. Procedures spell out the specific steps of how the policy and supporting standards and how guidelines will be implemented. Source: HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 136. Which of the following RAID implementations has the highest cost per megabyte? Answer: RAID 1 Sorry - you had a wrong answer, please review details below. RAID level 1 (mirroring) has the highest cost per megabyte since every piece of data is written at two different locations simultaneously for redundancy purposes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 65). Thanks to Christian Vezina for providing this question. 137. Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organization's activities is incorrect? Answer: The CEO should always be the spokesperson for the company during a disaster. Sorry - you had a wrong answer, please review details below. The disaster recovery plan must include how the media is to be handled during the disaster, in order to keep things under control. While the CEO is generally the spokesperson of the company, it is not advisable for the CEO to talk to the press during a disaster. A central point of information should be established for the media and responses should be conveyed by an informed, trained spokesperson. Identifying an emergency press conference site ahead helps in demonstrating the appearance that the situation is under control. Also, while no company wants to publicize bad news, it is far better to report it to the press and public than to have someone come after the fact demanding an explanation. The appearance will be that the organization was trying to cover up the event, and this leads to mistrust from the public. Source: HARE, Chris, CISSP Study Guide: Business Continuity Planning Domain, available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 138. What is the lowest Orange Book evaluation level requiring Security Domains? Answer: B3 Sorry - you had a wrong answer, please review details below. The Orange book defines four levels of assessment: A,B,C,D. Level A is the highest and Level D is the lowest. B3 systems require a reference monitor to be implemented. The main divisions are the following: A: Verified Protection B: Mandatory Protection C: Discretionary Protection D: Minimal Security Each division can have one or more numbered classes and each have a corresponding set of requirements that must be met for a system to achieve that particular rating. Classes are as follows: A1: Verified Design: like B3, but the system documentation must support everything (formal design). B3: Security Domains: Protect against covert timing channels; separate SysAdmin and SecAdmin roles. B2: Structured Protection: Security policy clearly defined; subjects and devices require labels and system must not allow covert (storage) channels; Trusted Facility Management which means a separation of SysAdmin and SysOperator roles. B1: Labeled Security: each data object has a classification label and each subject has a clearance label; system checks one against the other. C2: Controlled Access Protection: Identify individuals, auditing (especially of security related events which must be protected), object reuse concept, strict logon, decision making capability when subjects access objects. C1: Discretionary Security Protection: Users, groups, separation of identity, some access control necessary. D: Minimal protection: Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 5: Security Models and Architecture (pages 251-259). And: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 156-159. The Orange book can be found at www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html or at http://www.cerberussystems.com/INFOSEC/stds/d520028.htm. Thanks to Don Murdoch for providing an explanation and an extra reference to this question and to Richard Stephens and Jonathan Guymon for correcting it. 139. What will be Annualized Rate of Occurrence (ARO) of the treat "user input error", in the case that company employs 100 data entry clerks and every one of them make one input error each month? Answer: 1,200 Sorry - you had a wrong answer, please review details below. If every one of the 100 clerks makes 1 error 12 times per year, it makes a total of 1200 errors. The annualized rate of occurence (ARO) is a value that represents the estimated frequency in which a threat is expected to occur. The range can be from 0.0 to a large number. Having an average of 1200 errors per year means an ARO of 1200. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Security Management Principles (page 17). Thanks to Karin Brabcova for providing this question and to Kevin Miller for reviewing it. 140. Which type of attack involves impersonating a user or a system? Answer: Spoofing attack Sorry - you had a wrong answer, please review details below. A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system. Spamming refers to sending out or posting junk advertising and unsolicited mail. A smurf attack is a type of denial-of-service attack using PING and a spoofed address. Sniffing refers to observing packets passing on a network. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 77). Thanks to Christian Vezina for providing this question. 141. What is defined as the manner in which the network devices are organized to facilitate communications? Answer: LAN topologies Sorry - you had a wrong answer, please review details below. A network topology defines the manner in which the network devices are organized to facilitate communications. Common LAN technologies are bus, ring, star or meshed. LAN transmission methods refer to the way packets are sent on the network and are either unicast, multicast or broadcast. LAN transmission protocols are the rules for communicating between computers on a LAN. Common LAN transmission protocols are CSMA/CD, polling, token-passing. LAN media access methods control the use of a network (physical and data link layers). They can be Ethernet, ARCnet, Token ring and FDDI. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 105). Thanks to Christian Vezina for providing this question. 142. According to ISC2, what should be the fire rating for the walls of an information processing facility? Answer: All walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. Sorry - you had a wrong answer, please review details below. The walls must be a floor to ceiling slab with a one-hour minimum fire rating. Any adjacent walls where records such as paper, media, etc. must have a two-hour minimum fire rating. Source: Chris Hare's CISSP Study Notes on Physical Security, based on ISC2 CBK document. Available at http://www.ccure.org. Thanks to Christian Vezina for providing this question. 143. Which of the following questions is less likely to help in assessing controls over audit trails? Answer: Are incidents monitored and tracked until resolved? Sorry - you had a wrong answer, please review details below. Audit trails maintain a record of system activity by system or application processes and by user activity. In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems. Audit trail controls are considered technical controls. Monitoring and tracking of incidents is more an operational control related to incident response capability. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-50 to A-51). Thanks to Christian Vezina for providing this question. 144. Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? Answer: UPS Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 332. Thanks to Nick Mackovski for providing this question. 145. What is called a mathematical encryption operations that can not be reversed? Answer: One-way hash Sorry - you had a wrong answer, please review details below. The one-way hash function performs a mathematical encryption operation on the password that cannot be reversed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 40-41. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 146. Which of the following is commonly used for retrofitting multilevel security to a database management system? Answer: trusted front-end Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 147. Which of the following is an advantage of using a high-level programming language? Answer: It decreases the total amount of code written Sorry - you had a wrong answer, please review details below. A high level language does not enforce coding standards. The CISSP Prep Guide, Page 191 says: "Because is a desirable to write software in a higher level, English-like statements, high-level or high-order languages are employed. In these languages one statement usually requires a number of machine language instructions for its implementation. Therefore unlike assembly language, there is a one-to-many relationship between high-level instructions to machine language instructions." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 191). Thanks to Sharron Styles for providing a reference for this question. 148. This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): Answer: Hierarchical Storage Management (HSM). Sorry - you had a wrong answer, please review details below. Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71. Thanks to Rakesh Sud for providing this question. 149. A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via: Answer: interconnected network segments (extranets, intranets, and Virtual Private Networks). Sorry - you had a wrong answer, please review details below. A Wide Area Network (WAN) may be privately operated for a specific user community, may support multiple communication protocols, or may provide network connectivity and services via interconnected network segments (extranets, intranets, and VPNs). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 99. Thanks to Rakesh Sud for providing this question. 150. Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files the user has to interact with? Answer: Function Point (FP) Sorry - you had a wrong answer, please review details below. Function Point (FP) analysis is a measure of the size of an information system based on the number and complexity of the inputs, outputs and files that a user sees and interacts with. Function Points are used in a manner analogous to Lines of Code (LOC) as a measure of software productivity, quality and other attributes. CPM is used by network management techniques such as PERT, in computing a critical path. PERT is a network management technique used in both the planning and control of projects. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 314). Thanks to Christian Vezina for providing this question. 151. Which of the following is best provided by symmetric cryptography? Answer: Confidentiality Sorry - you had a wrong answer, please review details below. When using symmetric cryptography, both parties will be using the same key for encryption and decryption. Symmetric cryptography is generally fast and can be hard to break, but it offers limited overall security in the fact that it can only provide confidentiality. Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April 2002 (page 2). Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 152. What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? Answer: Salami techniques Sorry - you had a wrong answer, please review details below. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 644. Thanks to Nick Mackovski for providing this question and to Brian Backer for reviewing it. 153. Which of the following Common Data Network Services is used to a shared printer or a print queue/spooler? Answer: Print services. Sorry - you had a wrong answer, please review details below. Print services are used to print documents to a shared printer or a print queue/spooler. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100. Thanks to Rakesh Sud for providing this question. 154. If risk is defined as "the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets" then risk has all of the following elements EXCEPT? Answer: Controls addressing the threats Sorry - you had a wrong answer, please review details below. Threats, impact and probabilities are all elements of risk. Controls are developed to address the risk and hence are not, of themselves, an element of risk. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 1: The IS Audit Process (page 26). Thanks to Christian Vezina for providing this question. 155. Which RAID implementation uses interleave parity? Answer: RAID level 5 Sorry - you had a wrong answer, please review details below. RAID level 5 stripes data and parity at block level across all the drives in the set. As opposed to RAID level 3 and 4, parity information is written to the next available drive rather than to a dedicated drive by using an interleave parity, enabling more flexibility and increasing fault tolerance. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 66). Thanks to Christian Vezina for providing this question. 156. Network security is a(n): Answer: ever evolving process Sorry - you had a wrong answer, please review details below. Security should always be included when designing an enterprise network. With the increasing need to open your network to partners, customers, and remote users, it's more important than ever for security to be implemented at all layers of and entries into the network. Unfortunately, there is no quick fix, for network security is not a product or a protocol – it is an ever-evolving process. Thanks to Rakesh Sud for providing this question. 157. Which of the following questions is less likely to help in assessing physical access controls? Answer: Is the operating system configured to prevent circumvention of the security software and application controls? Sorry - you had a wrong answer, please review details below. Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical access controls except for the one regarding operating system configuration, which is a logical access control. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24). Thanks to Christian Vezina for providing this question. 158. During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? Answer: Quantitatively measuring the results of the test Sorry - you had a wrong answer, please review details below. It is important to have ways to measure the success of the plan and tests against the stated objectives. Therefore, results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan. Although choices A and B are also quantitative, they relate to specific areas, or an analysis of results from one viewpoint, namely the accuracy of the results and the elapsed time. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 5: Disaster Recovery and Business Continuity (page 269). Thanks to Christian Vezina for providing this question. 159. What is the most correct choice below when talking about the steps to resume normal operation? Answer: Non critical systems are moved first from alternate site to the primary business location Sorry - you had a wrong answer, please review details below. "It's interesting to note that the steps to resume normal processing operations will be different than the steps of the recovery plan; that is, the least critical work should be brought back first to the primary site." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 290. Thanks to Jamil Siddique for providing this question. Thanks to Jeremy Shelley for detecting that a wrong answer was selected as good. Thanks to James Schweitzer for proposing some clarification to this question 160. Which of the following is not normally a task of a Computer Incident Response Team (CIRT)? Answer: Remote access management Sorry - you had a wrong answer, please review details below. One major concept of Intrusion Detection and Response is the creation of a computer Incident Response Team (CIRT) for the following: * Analysis of an event notification * Response to an incident if the analysis warrants it * Escalation path procedures * Resolution, post-incident follow-up, and reporting to the appropriate parties Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 161. Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange? Answer: the Internet. Sorry - you had a wrong answer, please review details below. The Internet is a WAN that was originally funded by the Department of Defense, which uses TCP/IP for data interchange. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 99. Thanks to Rakesh Sud for providing this question. 162. Which of the following is true of two-factor authentication? Answer: It relies on two independent proofs of identity. Sorry - you had a wrong answer, please review details below. Two-factor authentication refers to using two independent proofs of identity, such as something the user has (e.g. a token card) and something the user knows (a password). Measuring hand geometry twice does not yield two _independent_ proofs. RSA encryption uses integers with exactly two prime factors, but the term "two-factor authentication" is not used in that context. Two-factor authentication may be used with single sign-on. 163. When backing up an applications system's data, which of the following is a key question to be answered first? Answer: What records to backup Sorry - you had a wrong answer, please review details below. For a proper backup procedure, first consider - WHAT to backup, then - HOW to store the backups, then - WHERE to store the backups, and finally - WHEN to make backups. Thanks to Peter Mosmans for providing explanations to this question. 164. Which of the following binds a subject name to a public key value? Answer: A public-key certificate Sorry - you had a wrong answer, please review details below. A public-key certificate binds a subject name to a public key value. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 165. When conducting a business continuity audit, which of the following would be the MOST important to review? Answer: Media backups are performed on a timely basis and stored off-site Sorry - you had a wrong answer, please review details below. Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 5: Disaster Recovery and Business Continuity (page 265). Thanks to Christian Vezina for providing this question. 166. Which of the following represents a relation, which is the basis of a relational database? Answer: Two-dimensional table Sorry - you had a wrong answer, please review details below. A relation is the basis of a relational database and is represented by a two dimensional table. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 167. Which of the following best ensures accountability of users for the actions taken within a system or domain? Answer: Authentication Sorry - you had a wrong answer, please review details below. The only way to ensure accountability is if the subject is uniquely identified and authenticated. Identification alone does not provide proof the user is who they claim to be. After showing proper credentials, a user is authorized access to resources. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 126). Thanks to Christian Vezina for providing this question. 168. Write-once, read-many (WORM) optical disk "jukeboxes" are used for which of the following? Answer: archiving data that does not change. Sorry - you had a wrong answer, please review details below. Write-once, read-many (WORM) optical disk "jukeboxes" are used for archiving data that does not change. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 70. Thanks to Rakesh Sud for providing this question. 169. Which of the following is true about Kerberos? Answer: It depends upon symmetric ciphers. Sorry - you had a wrong answer, please review details below. Kerberos is a third party authentication system that uses private key (a.k.a symmetric cipher) cryptography. Source: Internet and TCP/IP Network Security, pg. 328. 170. Which of the following choices describe a Challenge-response tokens generation? Answer: A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN. Sorry - you had a wrong answer, please review details below. Challenge-response tokens are: - A workstation or system generates a random challenge string and the owner enters the string into the token along with the proper PIN. - The token generates a response that is then entered into the workstation or system. - The authentication mechanism in the workstation or system then determines if the owner should be authenticated. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control (pages 136-137). Thanks to Rakesh Sud for providing this question, to Scot Hartman for reviewing it, and to Don Murdoch for providing the extra reference. 171. The primary purpose for using one-way encryption of user passwords within a system is which of the following? Answer: It prevents an unauthorized person from reading or modifying the password list. Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 172. RAID Level 1 mirrors the data from one disk or set of disks using which of the following techniques? Answer: copying the data onto another disk or set of disks. Sorry - you had a wrong answer, please review details below. RAID Level 1 mirrors the data from one disk or set of disks by duplicating the data onto another disk or set of disks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. Thanks to Rakesh Sud for providing this question and to Don Murdoch for reviewing it. 173. What enables a workstation to boot without requiring a hard or floppy disk drive? Answer: Bootstrap Protocol (BootP). Sorry - you had a wrong answer, please review details below. Bootstrap Protocol (BootP) is an Internet Layer protocol that enables a workstation to boot without requiring a hard or floppy disk drive. Reverse Address Resolution Protocol (RARP) is a TCP/IP protocol that permits a physical address, such as an Ethernet address, to be translated into an IP address. Address Resolution Protocol (ARP) is a TCP/IP protocol that permits an IP address to be translated into a physical address. Classless Inter-Domain Routing (CIDR) is a new IP addressing scheme. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 88. Thanks to Rakesh Sud for providing this question. 174. In a known plaintext attack, the cryptanalyst has knowledge of which of the following? Answer: both the plaintext and the associated ciphertext of several messages Sorry - you had a wrong answer, please review details below. In a known plaintext attack, the attacker has the plaintext and ciphertext of one or more messages. The goal is to discover the key used to encrypt the messages so that other messages can be deciphered and read. Source: Handbook of Applied Cryptography 4th Edition by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGrawHill/Osborne, 2002, chapter 8: Cryptography (page 578). Thanks to Mike Yeatman for providing this question. 175. Network cabling comes in three flavors, they are: Answer: twisted pair, coaxial, and fiber optic. Sorry - you had a wrong answer, please review details below. Network cabling comes in three flavors-twisted pair, coaxial, and fiber optic. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 101. Thanks to Rakesh Sud for providing this question. 176. What is called the number of columns in a table? Answer: Degree Sorry - you had a wrong answer, please review details below. The number of columns in a relation (a table) is the degree whereas the cardinality is the number of rows. The schema is the description of the database. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 45). Thanks to Christian Vezina for providing this question. 177. What is used to help IP match an IP address to the appropriate hardware address of the packet's destination so it can be sent? Answer: Address resolution protocol (ARP) Sorry - you had a wrong answer, please review details below. The Address Resolution Protocol (ARP) is used to match an IP address to an Ethernet address so the packet can be sent to the appropriate node. RARP is used to match an Ethernet address to an IP address. ICMP is a management protocol whose function is to send message between network devices. Routing tables are used by routers to choose the appropriate interface to route packets. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 87). Thanks to Christian Vezina for providing this question. 178. What type of cable is used with 100Base-TX Fast Ethernet? Answer: Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twistedpair (STP) wires. Sorry - you had a wrong answer, please review details below. 100Base-TX Fast Ethernet runs over two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-pair (STP) wires. Fiber-optic is used for 100Base-FX Fast Ethernet and Gigabit Ethernet. Four pairs of Category 3, 4 or 5 unshielded twisted-pair (UTP) wires are used with 100Base-T4 Fast Ethernet. RG-58 is a thin coaxial cable and is used with 10Base-2 Ethernet. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Appendix E: Various Networking Components (page 912). Thanks to Christian Vezina for providing this question. 179. The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? Answer: Static electricity Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 333. Thanks to Nick Mackovski for providing this question. 180. The high availability of multiple all-inclusive, easy-to-use hacking tools that do not require much technical knowledge has brought a growth in the number of which type of attackers? Answer: Script kiddies Sorry - you had a wrong answer, please review details below. Script kiddies are low- to moderately-skilled hackers using available scripts and tools to easily launch attacks against victims. Black hats are skilled hackers. White hats are security professionals. Phreakers are telephone system hackers. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 12: Operations security (Page 827). Thanks to Christian Vezina for providing this question. 181. Which of the following algorithms is used today for encryption in PGP? Answer: IDEA Sorry - you had a wrong answer, please review details below. The Pretty Good Privacy (PGP) email encryption system was developed by Phil Zimmerman. For encrypting messages, it actually uses AES with up to 256-bit keys, CAST, TripleDES, IDEA and Twofish. RSA is also used in PGP, but only for symmetric key exchange and for digital signatures, but not for encryption. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (pages 154, 169). More info on PGP can be found on their site at http://www.pgp.com/display.php?pageID=29. Thanks to Christian Vezina for providing this question. Thanks to John Palumbo for helping clearing out the explanation. Thanks to Anu Lanka for correcting the question and providing the extra reference. 182. Rewritable and erasable (CDR/W) optical disks are sometimes used for backups that require short time storage for changeable data, but require: Answer: faster file access than tape. Sorry - you had a wrong answer, please review details below. Rewritable and erasable (CDR/W) optical disks are sometimes used for backups that require short time storage for changeable data, but require faster file access than tape. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 70. Thanks to Rakesh Sud for providing this question. 183. Which of the following is a peer entity authentication method for PPP that uses a randomlygenerated challenge and requiring a matching response that depends on a cryptographic hash of the challenge and a secret key? Answer: Challenge Handshake Authentication Protocol Sorry - you had a wrong answer, please review details below. The Challenge Handshake Authentication Protocol (CHAP) is a peer entity authentication method for PPP that uses a randomly-generated challenge and requiring a matching response that depends on a cryptographic hash of the challenge and a secret key. The Challenge-Response Authentication Mechanism (CRAM) is an authentication mechanism for IMAP4 where a client uses a keyed hash to authenticate itself to an IMAP4 server. The Password Authentication Protocol (PAP) is a simple authentication mechanism used in PPP and where a user identifier and password are transmitted in cleartext. The Extensible Authentication Protocol (EAP) is a framework that supports multiple, optional authentication mechanisms for PPP, and is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. Thanks to Christian Vezina for providing this question. 184. Which of the following should NOT be addressed by employee termination practices? Answer: Employee bonding to protect against losses due to theft. Sorry - you had a wrong answer, please review details below. Employee bonding to protect against losses due to theft is an important hiring, not termination practice. It ensures that the most effective and efficient staff is chosen and that the company is in compliance with legal recruitment requirements. Other choices are all adequate termination practices. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 2: Management, Planning and Organization of IS (page 65). Thanks to Christian Vezina for providing this question. 185. Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device? Answer: Mail services. Sorry - you had a wrong answer, please review details below. Mail services send and receive email internally or externally through an email gateway device. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 99. Thanks to Rakesh Sud for providing this question. 186. Which of the following would MOST likely ensure that a system development project meets business objectives? Answer: User involvement in system specification and acceptance Sorry - you had a wrong answer, please review details below. Effective user involvement is the most critical factor in ensuring that the application meets business objectives. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 296). Thanks to Christian Vezina for providing this question. 187. Which of the following is the most secure form of triple-DES encryption? Answer: DES-EDE3 Sorry - you had a wrong answer, please review details below. Triple DES with three distinct keys is the most secure form of triple-DES encryption. It can either be DES-EEE3 (encrypt-encrypt-encrypt) or DES-EDE3 (encrypt-decrypt-encrypt). DES-EDE1 is not defined and would mean using a single key to encrypt, decrypt and encrypt again, equivalent to single DES. DES-EEE4 is not defined and DES-EDE2 uses only 2 keys (encrypt with first key, decrypt with second key, encrypt with first key again). Source: DUPUIS, Clément, CISSP Open Study Guide on domain 5, cryptography, April 1999. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 188. The two most common implementations of Intrusion Detection are which of the following? Answer: They commonly reside on a discrete network segment and monitor the traffic on that network segment. Sorry - you had a wrong answer, please review details below. Network-based ID systems: * Commonly reside on a discrete network segment and monitor the traffic on that network segment * Usually consist of a network appliance with a Network Interface Card (NIC) that is operating in promiscuous mode and is intercepting and analyzing the network packets in real time Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62. Thanks to Rakesh Sud for providing this question. 189. Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? Answer: differential backup method. Sorry - you had a wrong answer, please review details below. The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (pages 617-619). Thanks to Rakesh Sud for providing this question and to Don Murdoch for providing an extra reference. 190. Which of the following exceptions is less likely to make hearsay evidence admissible in court? Answer: Records are collected by senior or executive management. Sorry - you had a wrong answer, please review details below. Hearsay evidence is not normally admissible in court unless it has firsthand evidence that can be used to prove the evidence's accuracy, trustworthiness, and reliability like a businessperson who generated the computer logs and collected them. It is important that this person generates and collects logs as a normal part of his business and not just this one time for court. The value of evidence depends upon the genuineness and competence of the source; therefore, records collected by senior or executive management are not likely to be admissible in court. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 10: Law, Investigation, and Ethics (page 676). Thanks to Christian Vezina for providing this question. 191. How long did it take the EFF and Distributed Net to break a DES encrypted message in January 1999? Answer: 23 hours Sorry - you had a wrong answer, please review details below. Our combined worldwide team searched more than 240 billion keys every second for nearly 23 hours before we found the right 56-bit key to decrypt the answer to the RSA Challenge [III], which was 'See you in Rome (second AES Conference, March 22-23, 1999),' said Gilmore. Source: EFF press release 192. In which phase of IKE protocol (IPsec) is peer authentication performed? Answer: Phase 1 Sorry - you had a wrong answer, please review details below. Reference: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR; SMITH, Richard E., Internet Cryptography, 1997, AddisonWesley Pub Co. A very special thanks to Claus Stark and his wife Shubhangi for submitting this question. 193. While referring to Physical Security, what does Positive pressurization means? Answer: The air goes out of a room when a door is opened and outside air does not go into the room Sorry - you had a wrong answer, please review details below. Positive pressurization means that when an employee opens a door, the air goes out and outside air does not come in. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, page 305. Thanks to Jane E. Murley for providing this question. 194. Which of the following are two primary approaches to analyzing events to detect attacks? Answer: misuse detection and anomaly detection Sorry - you had a wrong answer, please review details below. There are two primary approaches to analyzing events to detect attacks: misuse detection and anomaly detection. Misuse detection, in which the analysis targets something known to be "bad", is the technique used by most commercial systems. Anomaly detection, in which the analysis looks for abnormal patterns of activity, has been, and continues to be, the subject of a great deal of research. Anomaly detection is used in limited form by a number of IDSs. There are strengths and weaknesses associated with each approach, and it appears that the most effective IDSs use mostly misuse detection methods with a smattering of anomaly detection components. Source: BACE, Rebecca & MELL, Peter, NIST Special Publication 800-31 on Intrusion Detection Systems, Page 16. Thanks to Rakesh Sud for providing this question. 195. Most of unplanned downtime of information systems is attributed to which of the following? Answer: Hardware failure Sorry - you had a wrong answer, please review details below. Source: Veritas eLearning CD - Introducing Disaster Recovery Planning, Chapter 1, Ref: As reported by Gartner/Dataquest. Thanks to Jamil Siddique for providing this question. 196. Which of the following tools is less likely to be used by a hacker? Answer: Tripwire Sorry - you had a wrong answer, please review details below. Tripwire is an integrity checking product, triggering alarms when important files (e.g. system or configuration files) are modified. This is a tool that is not likely to be used by hackers, other than for studying its workings in order to circumvent it. Info available at http://www.tripwire.com/. Other programs are password-cracking programs and are likely to be used by security administrators as well as by hackers. More info regarding Tripwire available on the Tripwire, Inc. Web Site. Thanks to Christian Vezina for providing this question. 197. What can be defined as a momentary low voltage? Answer: Sag Sorry - you had a wrong answer, please review details below. A sag is a momentary low voltage. A spike is a momentary high voltage. A fault is a momentary power out and a brownout is a prolonged power supply that is below normal voltage. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 6: Physical security (page 299). Thanks to Christian Vezina for providing this question. 198. Which of the following statements pertaining to disk mirroring is incorrect? Answer: Mirroring is a hardware-based solution. Sorry - you had a wrong answer, please review details below. With mirroring, the system writes the data simultaneously to separate drives or arrays. The advantage of mirroring are minimal downtime, simple data recovery, and increased performance in reading from the disk. The disadvantage of mirroring is that both drives or disk arrays are processing in the writing to disks function, which can hinder system performance. Mirroring has a high fault tolerance and can be implemented either through a hardware RAID controller or through the operating system. Since it requires twice the disk space than actual data, mirroring is the less cost-efficient data redundancy strategy. Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 45). Thanks to Christian Vezina for providing this question. 199. Which of the following is the most reliable authentication device? Answer: Smart Card system Sorry - you had a wrong answer, please review details below. Authentication provides assurance that someone or something is who or what he/it is supposed to be. Callback systems authenticate a person, but anyone can pretend to be that person. They are tied to a specific place and phone number. Although variable callback systems are more flexible than fixed callback systems, the phone numbers can be unencrypted by hackers. A smart card system uses cryptography tokens to protect against forgery and masquerading. The token requires the user to know something (e.g. a PIN or a password). The codes used with smart cards change frequently and are safer than callback systems. 200. It is a violation of the "separation of duties" principle when which of the following individuals access the security systems software? Answer: systems programmer Sorry - you had a wrong answer, please review details below. Details and reference for this question are not yet available. This question is a new question that was submitted by one of the member of the site and I have to find a reference for it. If you do have a reference to this question, please send it to Christian at cvezina@noos.fr with the question above. Thanks. Clement. 201. In Mandatory Access Control, sensitivity labels contain what information? Answer: the item's classification and category set Sorry - you had a wrong answer, please review details below. Categories and Compartments are synonyms. The sensitivity label must contain at least one Classification and at least one Categories/Compartment, but it is common in some environments for a single item to belong to multiple categories. The list of all the categories to which an item belongs is called a compartment set. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 74. 202. Which of the following should never be allowed through a firewall? Answer: NetBIOS Sorry - you had a wrong answer, please review details below. NetBIOS traffic should definitely not be allowed to pass through the organization's firewall in either direction. It is easily hacked and many exploits exist on hacker Web sites. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 4: Sockets and Services from a Security Viewpoint. Thanks to Christian Vezina for providing this question. 203. In The OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided? Answer: Link Sorry - you had a wrong answer, please review details below. The Data Link layer of the OSI/ISO model provides SLIP, CSLIP and PPP protocol. RFC 1661 - The Point-to-Point Protocol (PPP) specifies that the Point-to-Point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links. PPP is comprised of three main components: 1 A method for encapsulating multi-protocol datagrams. 2 A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection. 3 A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols. 204. Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? Answer: Normalization Sorry - you had a wrong answer, please review details below. Normalization is an important part of database design that ensures that attributes in a table depend only on the primary key. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. Thanks to Rakesh Sud for providing this question. 205. The RSA algorithm is an example of what type of cryptography? Answer: Asymmetric key Sorry - you had a wrong answer, please review details below. The RSA algorithm is a public key (a.k.a. "asymmetric key") encryption algorithm. Public key algorithms share one key with the public, and use a different one to decrypt messages. This differs from Private key (a.k.a. "symmetric key", "secret key", "private key" or "single key") algorithms like DES that require the sender and the recipient to have a shared secret. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 176. 206. Which of the following is not a method to protect subjects, objects and the data within the objects? Answer: Data mining Sorry - you had a wrong answer, please review details below. Layering, abstraction and data hiding are all methods to protect subjects and objects and are a foundational piece to a security model. Data mining is the process of extracting and processing the information held in a data warehouse into something useful. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (page 239). Thanks to Christian Vezina for providing this question. 207. Once an intrusion into your organization's information system has been detected, which of the following actions should be performed first? Answer: Determine to what extent systems and data are compromised. Sorry - you had a wrong answer, please review details below. Once an intrusion into your organization's information system has been detected, the first action that needs to be performed is determining to what extend systems and data are compromised, and then take action. Information, as collected and interpreted through analysis, is key to your decisions and actions while executing response procedures. This first analysis will provide information such as what attacks were used, was systems and data were accessed by the intruder, what the intruder did after obtaining access and what the intruder is currently doing (if the intrusion has not been contained). The next step is to communicate with relevant parties who need to be made aware of the intrusion in a timely manner so they can fulfil their responsibilities. Step three is concerned with collecting and protecting all information about the compromised systems and causes of the intrusion. It must be carefully collected, labelled, catalogued, and securely stored. Containing the intrusion, where tactical actions are performed to stop the intruder's access, limit the extent of the intrusion, and prevent the intruder from causing further damage, comes next. Since it is more a long-term goal, eliminating all means of intruder access can only be achieved last, by implementing an ongoing security improvement process. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, AddisonWesley, 2001, Chapter 7: Responding to Intrusions (pages 271-289). Thanks to Christian Vezina for providing this question. 208. The two most common implementations of Intrusion Detection are: Answer: Network-based and Host-based. Sorry - you had a wrong answer, please review details below. The two most common implementations of Intrusion Detection are Network-based and Hostbased. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 209. Which of the following would best describe secondary evidence? Answer: A copy of a piece of evidence Sorry - you had a wrong answer, please review details below. Secondary evidence is defined as a copy of evidence or oral description of its contents. It is considered not as reliable as best evidence. Evidence that proves or disproves a specific act through oral testimony based on information gathered through he witness's five senses is considered direct evidence. The fact that testimony is given by an expert only affects the witness's ability to offer an opinion instead of only testifying of the facts. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 310). Thanks to Christian Vezina for providing this question. 210. Which of the following does not address Database Management Systems (DBMS) Security? Answer: Padded cells Sorry - you had a wrong answer, please review details below. Padded cells complement Intrusion Detection Systems (IDSs) and are not related to DBMS security. Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan. Cell suppression is a technique used against inference attacks by not revealing information in the case where a statistical query produces a very small result set. Perturbation also addresses inference attacks but involves making minor modifications to the results to a query. Partitioning involves splitting a database into two or more physical or logical parts; especially relevant for multilevel secure databases. Source: LaROSA, Jeanette (domain leader), Application and System Development Security CISSP Open Study Guide, version 3.0, January 2002. Available at http://www.cccure.org. Thanks to Christian Vezina for providing this question. 211. What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? Answer: Level 2 Sorry - you had a wrong answer, please review details below. Users can obtain certificates with various levels of assurance. For example, level 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). Level 2 certificates verify a user's name, address, social security number, and other information against a credit bureau database. Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate. A level 4 certificate is not defined yet. Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks (page 54). Thanks to Christian Vezina for providing this question. 212. Which of the following is NOT a transaction redundancy implementation? Answer: on-site mirroring Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 286. Thanks to Eric Yandell for providing this question. 213. Risk analysis is MOST useful when applied during which phase of the system development process? Answer: Project initiation Sorry - you had a wrong answer, please review details below. In most projects the conditions for failure are established at the beginning of the project. Thus risk management should be established at the commencement of the project with a risk assessment during project initiation. Risks should be monitored during the life of the project and reassessed when appropriate. The most useful time is to undertake it at project initiation, although it is often valuable to update the current risk analysis at later stages. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 291). Thanks to Christian Vezina for providing this question. 214. What is the main responsibility of information owner? Answer: making the determination to decide what level of classification the information requires Sorry - you had a wrong answer, please review details below. "running regular backups" is the responsibility of custodian. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 1: Security Management Practices. Thanks to Karin Brabcova for providing this question. 215. In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network? Answer: The first two bits of the ip address would be set to one, and the third bit set to zero. Sorry - you had a wrong answer, please review details below. Each class of addresses contains a block that are reserved for private networks and which are not routable across the public Internet. For class A, the reserved addresses are 10.0.0.0 10.255.255.255. For class B networks, the reserved addresses are 172.16.0.0 - 172.31.255.255. For class C, the reserved addresses are 192.168.0.0 - 192.168.255.255. Source: SEMERIA, Chuck, Understanding IP Addressing: Everything You Ever Wanted To Know, 3Com Corporation. 216. A Business Impact Analysis (BIA) does not: Answer: Recommend the appropriate recovery solution. Sorry - you had a wrong answer, please review details below. Although it helps in building a business case for strategy selection, a Business Impact Analysis does not recommend recovery solutions. It concerns itself with the identification of critical business functions and impact in case of disruption. Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley & Sons, 2001 (page 68). Thanks to Christian Vezina for providing this question. 217. A momentary low voltage is a: Answer: sag Sorry - you had a wrong answer, please review details below. A momentary low voltage is a sag. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, page 299. Thanks to Jane E. Murley for providing this question. 218. Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption? Answer: Presentation layer Sorry - you had a wrong answer, please review details below. The presentation layer (ISO/OSI layer 6) performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption, text compression and reformatting. The function of the presentation layer is to ensure that the format of the data submitted by the application layer conforms to the applicable network standard. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 119). Thanks to Christian Vezina for providing this question. 219. The Terminal Access Controller Access Control System (TACACS) employs which of the following? Answer: a user ID and static password for network access. Sorry - you had a wrong answer, please review details below. For networked applications, the Terminal Access Controller Access Control System (TACACS) employs a user ID and a static password for network access. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. Thanks to Rakesh Sud for providing this question. 220. What does it mean if a system uses "Trusted Recovery"? Answer: A failure or crash of the system cannot be used to breach security. Sorry - you had a wrong answer, please review details below. Systems with Trusted Recovery must fail gracefully and not leave the information in an unprotected state when they do so (i.e. a box that functions as a firewall, and which routes packets after the firewall process has crashed is not using Trusted Recovery.) Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, 1991, pg. 140. 221. Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? Answer: When the fire involves electrical equipment Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 335). Thanks to Donnie Saunders for providing a reference to this question. 222. Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? Answer: Multiplexor Sorry - you had a wrong answer, please review details below. Multiplexors are devices that enable enables more than one signal to be sent out simultaneously over one physical circuit. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 118). Thanks to Christian Vezina for providing this question. 223. Which of the following tapes is only 4mm in size, yet the compression techniques and head scanning process make it a large capacity and fast tape? Answer: Digital Linear Tape (DLT). Sorry - you had a wrong answer, please review details below. The Digital Linear Tape (DLT) is 4mm in size, yet the compression techniques and head scanning process make it a large capacity and fast tape. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 70. Thanks to Rakesh Sud for providing this question. 224. Which of the following is true related to network sniffing? Answer: Sniffers allow an attacker to monitor data passing across a network. Sorry - you had a wrong answer, please review details below. Sniffers allow an attacker to monitor data passing across a network ... Sniffers exploit characteristics of several data-link technologies, including Token Ring and especially Ethernet. IP Spoofing is a network-based attack, which involves altering the source address of a computer to disguise the attacker and exploit weak authentication methods. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login. Malformed Packer attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach, NY, NY 2001, Chapter 22, Hacker Tools and Techniques by Ed Skoudis. 225. An exception to the search warrant requirement for officers is called? Under this doctrine, if probable cause is present and destruction of the evidence is deemed imminent, the search can conducted without the delay of having the warrant in-hand. Answer: Exigent Circumstance Doctrine Sorry - you had a wrong answer, please review details below. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 313. Thanks to Nick Mackovski for providing this question. 226. Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? Answer: Synchronous Communication. Sorry - you had a wrong answer, please review details below. Synchronous Communication is characterized by very high speed transmission rates that are governed by electronic clock timing signals. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100 Thanks to Rakesh Sud for providing this question. 227. Often RAID levels 0, 1, and 10 run faster on software RAID because of the need for the: Answer: server's software resources. Sorry - you had a wrong answer, please review details below. Often RAID levels 0, 1, and 10 run faster on software RAID because of the need for the server's software resources. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67. Thanks to Rakesh Sud for providing this question. 228. Which of the following is used to create and delete views and relations within tables? Answer: SQL Data Definition Language Sorry - you had a wrong answer, please review details below. The SQL Data Definition Language is used to create and delete views and relations (tables). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. Thanks to Rakesh Sud for providing this question. 229. Which data classification should apply to commercial trade secrets? Answer: Confidential Sorry - you had a wrong answer, please review details below. The disclosure of trade secrets could seriously affect a company; therefore the information would be classified as confidential, for use within the company only. Sensitive refers to information that require higher than normal assurance of accuracy and completeness. Private is for personal information and secret is used in military organizations. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 3: Security Management Practices (page 101). Thanks to Christian Vezina for providing this question. 230. Which of the following statements is most accurate of digital signature? Answer: It allows the recipient of data to prove the source and integrity of data. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 231. What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? Answer: Authentication Sorry - you had a wrong answer, please review details below. Authentication is verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 232. Which of the following choices is NOT part of a security policy? Answer: description of specific technologies used in the field of information security Sorry - you had a wrong answer, please review details below. Source: BS 7799:1999 Part 2: Specification for information security management systems. Thanks to Karin Brabcova for providing this question. 233. A Packet Filtering Firewall system is considered a: Answer: first generation firewall. Sorry - you had a wrong answer, please review details below. This type of firewall system is considered a first generation firewall, and can operate at either the Network or Transport Layer of the OSI model. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 90. Thanks to Rakesh Sud for providing this question. 234. Which of the following is a problem evidenced with Raid Level 0? Answer: It lessens the fault tolerance of the disk system. Sorry - you had a wrong answer, please review details below. One problem with RAID Level 0 is that it actually lessens the fault tolerance of the disk system rather than increasing it-the entire data volume is unusable if one drive in the set fails. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. Thanks to Rakesh Sud for providing this question. 235. Which of the following questions is less likely to help in assessing an organization's contingency planning controls? Answer: Is damaged media stored and/or destroyed? Sorry - you had a wrong answer, please review details below. Contingency planning involves more than planning for a move offsite after a disaster destroys a facility. It also addresses how to keep an organization's critical functions operating in the event of disruptions, large and small. Handling of damaged media is an operational task related to regular production and is not specific to contingency planning. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-27 to A-28). Thanks to Christian Vezina for providing this question. 236. The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: Answer: enticement. Sorry - you had a wrong answer, please review details below. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. Available at http://www.cccure.org. Thanks to Hal Tipton for contributing this question. 237. Frame relay uses a public switched network to provide: Answer: Wide Area Network (WAN) connectivity. Sorry - you had a wrong answer, please review details below. Frame relay uses a public switched network to provide Wide Area Network (WAN) connectivity. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 73. Thanks to Rakesh Sud for providing this question. 238. Which conceptual approach to intrusion detection is characterized with a high rate of false positives? Answer: Statistical analysis-based intrusion detection Sorry - you had a wrong answer, please review details below. Statistical analysis-based (also called behaviour-based) intrusion detection is characterized with a higher rate of false positives, as opposed to knowledge-based intrusion detection. Host-based and network-based intrusion detection are common implementations, not conceptual approaches. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 63). Thanks to Christian Vezina for providing this question. 239. An offsite backup facility intended to operate an information processing facility, having no computer or communications equipment, but having flooring, electrical writing, air conditioning, etc. is better known as a: Answer: Cold site Sorry - you had a wrong answer, please review details below. A cold site is ready to be used but does not have any of the needed equipment in advance on site. A hot site is a fully functional site with all necessary equipment to be ready to operate within hours. A warm site is an offsite backup facility that is partially configured with network connections and selected peripheral equipment to operate an information processing facility. A duplicate information processing facility is a dedicated, self-developed recovery site that can back up critical applications. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 5: Disaster Recovery and Business Continuity (page 262). Thanks to Christian Vezina for providing this question. 240. The main risks that physical security components combat are all of the following EXCEPT: Answer: SYN flood Sorry - you had a wrong answer, please review details below. The main risks that physical security components combat are theft, interruptions to services, physical damage, compromised system integrity, and unauthorized disclosure of information. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, page 291. Thanks to Jane E. Murley for providing this question. 241. Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts? Answer: Middle CASE Sorry - you had a wrong answer, please review details below. Middle CASE products are used for developing detail designs, such as screen and report layouts. Upper CASE is used to describe and document business and application requirements and lower CASE deals with the generation of program code and database definitions. I-CASE stands for Integrated CASE and covers the complete life-cycle process of a product. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 319) and HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 11: Application and System Development (page 768). Thanks to Christian Vezina for providing this question. 242. Which of the following is not EPA-approved replacements for Halon? Answer: Bromine Sorry - you had a wrong answer, please review details below. The following are EPA-approved replacements for Halon: FM-200, NAF-S-III, CEA-410, FE-13, Water, Inergen, Argon and Argonite. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 6: Physical Security (page 313). Thanks to Johnson Yim for providing this question. 243. This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? Answer: Input Controls Sorry - you had a wrong answer, please review details below. Input Controls are used to ensure that transactions are properly entered into the system once. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 218. Thanks to Nick Mackovski for providing this question. 244. Which of the following is NOT a major element of Business Continuity Planning? Answer: Creation of a BCP committee Sorry - you had a wrong answer, please review details below. Creating a BCP committee is part of the scope and plan initiation. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 274-275. Thanks to Eric Yandell for providing this question. 245. Which of the following represents the columns of the table in a relational database? Answer: attributes Sorry - you had a wrong answer, please review details below. The rows of the table represent records or tuples and the columns of the table represent the attributes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. Thanks to Rakesh Sud for providing this question and to Christian Vezina for improving it. 246. Which of the following statements pertaining to business continuity planning is correct? Answer: Recovery of telecommunications should be part of the recovery of IT facilities. Sorry - you had a wrong answer, please review details below. Sometimes IT facilities can be of very limited use if not supported by a telecommunications infrastructure; therefore recovery of telecommunications should be part of the recovery of IT facilities. A business impact analysis is the first step that is performed prior to developing a business plan. It is not normally part of the plan itself. Because the underlying purpose of business continuity planning is the resumption of business operations, it is essential to consider the entire organization, not just information systems processing services, when developing the plan. Not necessarily each IT platform needs a recovery strategy. Generally, only the ones supporting critical business functions will need a recovery strategy. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 5: Disaster Recovery and Business Continuity (page 253). Thanks to Christian Vezina for providing this question. 247. What is the most critical characteristic of a biometric identifying system? Answer: Accuracy Sorry - you had a wrong answer, please review details below. Accuracy is the most critical characteristic of a biometric identifying verification system. Accuracy is measured in terms of false rejection rate (FRR, or type I errors) and false acceptance rate (FAR or type II errors). The Crossover Error Rate (CER) is the point at which the FRR equals the FAR and has become the most important measure of biometric system accuracy. Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 1, Biometric Identification (page 9). Thanks to Christian Vezina for providing this question. 248. The main issue with RAID 3 and RAID 4 is that the constant writes to the parity drive can create which of the following? Answer: a performance degradation Sorry - you had a wrong answer, please review details below. RAID Levels 3 and 4 :- The main issue with this level of RAID is that the constant writes to the parity drive can create a performance hit. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. Thanks to Rakesh Sud for providing this question. 249. Attributes that characterize an attack are stored for reference using which of the following? Answer: signature-based ID Sorry - you had a wrong answer, please review details below. In a signature-based ID, signatures or attributes, which characterize an attack, are stored for reference. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49. Thanks to Rakesh Sud for providing this question. 250. Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct? Answer: Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. Sorry - you had a wrong answer, please review details below. Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. Thanks to Rakesh Sud for providing this question and to Sasa Vidanovic and Christian Vezina for helping with the review. You scored 0 out of 250 (0 %). Thanks! for using the CISSP OSG test facility Submit your own questions to improve the test! Questions and comments can be sent to: cvezina@noos.fr