Information Systems Management > QUESTIONS & ANSWERS > CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update. (All)

CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update.

Document Content and Description Below

CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update. What is the most effective defense against cross-site scripting attacks? a) Limiting account privileges b)Use... r Authentication c) Input validation d)encryption c) Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML ˂SCRIPT˃ tag in the input. What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared with others? a) production b) processing c) revice d) presentation a) Production places the information in a format that may be shared with others. What form of security planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans? a)strategic b) operational c) tactical d)administrative c.) tactical planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans. Which is not a part of an electronic access control lock? A. An electromagnet B. A credential reader C. A door sensor D. A biometric scanner d -An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed sensor to reenable the electromagnet. Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites? a.Communications circuits B. Workstations C. Servers D. Current data d- current data Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication? A. Cipher Block Chaining (CBC) B. Electronic Code Book (ECB) C. Cipher Feedback (CFB) D. Output feedback (OFB) d -Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data. Which one of the following items is not a critical piece of information in the chain of evidence? A. General description of the evidence B. Name of the person collecting the evidence C. Relationship of the evidence to the crime D. Time and date the evidence was collected c -The chain of evidence does not require that the evidence collector know or document the relationship of the evidence to the crime. Which firewall type looks exclusively at the message header to determine whether to transmit or drop data? A. Static packet filtering B. Application-level gateway C. Stateful inspection D. Dynamic packet filtering a -A static packet-filtering firewall filters traffic by examining data from a message header. What type of information is used to form the basis of an expert system's decision-making process? A. A series of weighted layered computations B. Combined input from a number of human experts, weighted according to past performance C. A series of "if/then" rules codified in a knowledge base D. A biological decision-making process that simulates the reasoning process used by the human mind c -Expert systems use a knowledge base consisting of a series of "if/then" statements to form decisions based on the previous experience of human experts. What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption? A. Birthday attack B. Chosen ciphertext attack C. Meet-in-the-middle attack D. Man-in-the-middle attack c -The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication. Which of the following is most directly associated with providing or supporting perfect forward secrecy? A. PBKDF2 B. ECDHE C. HMAC D. OCSP B- Elliptic Curve Diffie-Hellman Ephemeral, or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE), implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a hashing function. OCSP is used to check for certificate revocation. What is the best way to understand the meaning of the term 100-year flood plain? A. A flood that occurs once every 100 years B. A flood larger than any recorded in the past 100 years C. A very serious but very unlikely flood event D. A very serious flood that has a probability of 1 in 100 (1%) of occurring in any single calendar year D-Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of the probability of their occurrence. An area rated as a 100-year flood plain has a 1 in 100 chance of occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any given calendar year, and so forth. Options A and B misrepresent the meaning of the 100-year interval mentioned, while option C fails to address its probabilistic intent. What is the formula used to compute the ALE? A. ALE = AV EF ARO B. ALE = ARO * EF C. ALE = AV * ARO D. ALE = EF * ARO a -The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the formula ALE = SLE * ARO. The other formulas displayed here do not accurately reflect this calculation. Matthew and Richard want to communicate with each other using a public key cryptosystem. What is the total number of keys they must have to successfully communicate? A. 1 B. 2 C. 3 D. 4 To use public key cryptography, Matthew and Richard must each have their own pair of public and private cryptographic keys. atunnel mode VPN is used to connect which types of systems? A. Hosts and servers B. Clients and terminals C. Hosts and networks D. Servers and domain controllers c-Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms. ___________________ is any hardware, software, or administrative policy or procedure that defines and enforces access and restriction rights on an organizational level. A. Logical control B. Technical control C. Access control D. Administrative control c- access control Which of the following cryptographic attacks can be used when you have access to an encrypted message but no other information? A. Known plain-text attack B. Frequency analysis attack C. Chosen cipher-text attack D. Meet-in-the-middle attack b-Frequency analysis may be used on encrypted messages. The other techniques listed require additional information, such as the plaintext or the ability to choose the ciphertext. Which of the following approaches uses mathematical algorithms to analyze data, developing models that may be used to predict future activity? A. Expert systems B. Data mining C. Data warehousing D. Information discovery b- Data mining uses mathematical approaches to analyze data, searching for patterns that predict future activity. Vulnerabilities and risks are evaluated based on their threats against which of the following? A. One or more of the CIA Triad principles B. Data usefulness C. Due care D. Extent of liability a- CIA The Twofish algorithm uses an encryption technique not found in other algorithms that XORs the plain text with a separate subkey before the first round of encryption. What is this called? A. Preencrypting B. Prewhitening C. Precleaning D. Prepending b-Prewhitening XORs the plain text with a separate subkey before the first round of encryption. When you are configuring a wireless extension to an intranet, once you've configured WPA-2 with 802.1x authentication, what additional security step could you implement in order to offer additional reliable security? A. Require a VPN. B. Disable SSID broadcast. C. Issue static IP addresses. D. Use MAC filtering. a -VPNRequiring a VPN to access the private wired network in addition to WPA-2 and 802.1x is the only additional reliable security option. Which one of the following is not a major asset category normally covered by the BCP (business continuity plan)? A. People B. Documentation C. Infrastructure D. Buildings/facilities b- The BCP normally covers three major asset categories: people, infrastructure, and buildings/facilities. What is a security risk of an embedded system that is not commonly found in a standard PC? A. Software flaws B. Access to the internet C. Control of a mechanism in the physical world D. Power loss C- Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, internet access, and software flaws are security risks of both embedded systems and standard PCs. what is the most common cause of failure for water based fire suppression systems? a. water shortage b. people c. ioniziation detectors d. placement of detectors in drop ceilings b- people -humans turn off water after fire and forget to turn back on What type of motion detector senses charges in the electrical or magnetic field surrounding a monitored object? a. wave b. photoelectric c. heat d. capacitance Capacitance is the ratio of the amount of electric charge stored on a conductor to a difference in electric potential What is the ideal humidity range for computer room? 40-60% What network devices operate within the Physical layer? A. Bridges and switches B. Firewalls C. Hubs and repeaters D. Routers c- hubs and repeaters What method is not integral to assuring effective and reliable security staffing? A. Screening B. Bonding C. Training D. Conditioning D- conditioning.Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers Which of the following is not an expected result of requiring users to regularly change their workstation assignment or physical location? A. Deters collusion between employees because ever-changing constellations of co-workers are less likely to bond sufficiently to perform unauthorized or illegal activities together B. Encourages users to store personal information on systems C. Encourages users to keep all work materials on network servers where they can be easily protected, overseen, and audited D. Gives users little or no opportunity to customize their systems or to install unapproved software because subsequent users will discover and report such changes B-Options A, C, and D are examples of valid reasons why changes to workstation assignments or physical location can improve or maintain security. Regularly changing workstation assignment or location discourages users from storing personal information on systems. Among the following attack patterns, which is not considered a form of amplified or denial of service attack? A. Flooding B. Spoofing C. Ping of death D. Smurf b- Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks. What type of evidence refers to written documents that are brought into court to prove a fact? A. Best evidence B. Payroll evidence C. Documentary evidence D. Testimonial evidence c- written documents brought into court to prove the facts of a case are referred to as documentary evidence. If you are the victim of a bluejacking attack, what was compromised? A. Your firewall B. Your switch C. Your cell phone D. Your web cookies C- _______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on. A. Accountability B. Authentication C. Confidentiality D. Identification D-Identification is the process by which a subject professes an identity and accountability is initiated. When NAC is used to manage an enterprise network, what is most likely to happen to a notebook system once reconnected to the intranet after it has been out of the office for six weeks while in use by an executive on an international business trip? A. Reimaged B. Updated at next refresh cycle C. Quarantine D. User must reset their password c- NAC often operates in a pre-admission philosophy in which a system must meet all current security requirements (such as patch application and antivirus updates) before it is allowed to communicate with the network. This often means systems that are not in compliance are quarantined or otherwise involved in a captive portal strategy in order to force compliance before network access is restored. Beth is planning to run a network port scan against her organization's web server. What ports should she expect will be open to the world? A. 80 and 443 B. 22 and 80 C. 80 and 1433 D. 22, 80, and 443 a- Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed. What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation? A. Protection profiles B. Evaluation assurance level C. Certificate authority D. Security target D- Security targets (STs) specify the claims of security from the vendor that are built into a TOE. What form of password attack utilizes a preassembled lexicon of terms and their permutations? A. Rainbow tables B. Dictionary word list C. Brute force D. Educated guess b-Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts. Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the "transitory activities" clause of the Digital Millennium Copyright Act? A. The service provider and the originator of the message must be located in different states. B. The transmission, routing, provision of connections, or copying must be carried out by an automated technical process without selection of material by the service provider. C. Any intermediate copies must not ordinarily be accessible to anyone other than anticipated recipients and must not be retained for longer than reasonably necessary. D. The transmission must be originated by a person other than the provider. a-The Digital Millennium Copyright Act does not include any geographical location requirements for protection under the "transitory activities" exemption. The other options are three of the five mandatory requirements. The other two requirements are that the service provider must not determine the recipients of the material and the material must be transmitted with no modification to its content. What is the primary objective of a spoof attack? A. To send large amounts of data to a victim B. To cause a buffer overflow C. To hide the identity of an attacker through misdirection D. To steal user accounts and passwords c-Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks. Which of the following is true regarding vulnerability scanners? A. They actively scan for intrusion attempts. B. They serve as a form of enticement. C. They locate known security holes. D. They automatically reconfigure a system to a more secure state. Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports, which include recommendations. What is a security risk of an embedded system that is not commonly found in a standard PC? A. Software flaws B. Access to the internet C. Control of a mechanism in the physical world D. Power loss c-Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, internet access, and software flaws are security risks of both embedded systems and standard PCs. Which of the following does not usually represent a timeframe of increased risk and vulnerability to an organization, such as information disclosure, data loss, and unplanned downtime? A. Layoffs B. Awareness training C. Acquisitions D. Mergers b-Awareness training typically reduces risk and vulnerability. Which of the following is not a denial-of-service attack? A. Exploiting a flaw in a program to consume 100 percent of the CPU B. Sending malformed packets to a system, causing it to freeze C. Performing a brute-force attack against a known user account when account lockout is not present D. Sending thousands of emails to a single address c What is the second phase of the IDEAL software development model? A. Developing B. Diagnosing C. Determining D. Designing B-The second phase of the IDEAL software development model is the Diagnosing stage. In what scenario would you perform bulk transfers of backup data to a secure off-site location? A. Incremental backup B. Differential backup C. Full backup D. Electronic vaulting D-Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion. What law amended the Health Insuranc [Show More]

Last updated: 1 year ago

Preview 1 out of 31 pages

Also available in bundle (1)

CISSP test BUNDLE, QUESTIONS AND ANSWERS, VERIFIED.

CISSP test bank - Exam questions to study/review 1. Top questions with accurate answers, 100% Accurate. VERIFIED.

By Topmark 1 year ago

$36

14  

Reviews( 0 )

Recommended For You

 *NURSING> QUESTIONS & ANSWERS > Test Bank Medical Surgical Nursing 9th Edition Ignatavicius Workman All Questions with accurate answers, latest update.Test Bank Ignatavicius Medical Surgical 9th edition Medical-Surgical Nursing (Miami Dade College) (All)

preview
Test Bank Medical Surgical Nursing 9th Edition Ignatavicius Workman All Questions with accurate answers, latest update.Test Bank Ignatavicius Medical Surgical 9th edition Medical-Surgical Nursing (Miami Dade College)

Test Bank Medical Surgical Nursing 9th Edition Ignatavicius Workman All Questions with accurate answers, latest update Test Bank Ignatavicius Medical Surgical 9th edition Medical-Sur...

By bundleHub Solution guider , Uploaded: Oct 04, 2022

$12

 *NURSING> QUESTIONS & ANSWERS > HESI EXIT RN EXAM-756 Questions with accurate answers, HESI EXIT RN Exam (Version 1 to Version 7) HESI EXIT RN Exam V1-V7, 100% proven pass rate. Latest updates. (All)

preview
HESI EXIT RN EXAM-756 Questions with accurate answers, HESI EXIT RN Exam (Version 1 to Version 7) HESI EXIT RN Exam V1-V7, 100% proven pass rate. Latest updates.

HESI EXIT RN EXAM-756 Questions with accurate answers, HESI EXIT RN Exam (Version 1 to Version 7) HESI EXIT RN Exam V1-V7, 100% proven pass rate. Latest updates. 1. Following discharge teachin...

By bundleHub Solution guider , Uploaded: Oct 03, 2022

$10

 *NURSING> QUESTIONS & ANSWERS > Med surge Exam 3 Practice questions with accurate answers, 99% proven pass rate. (All)

preview
Med surge Exam 3 Practice questions with accurate answers, 99% proven pass rate.

A patient with deep partial-thickness burns experiences severe pain associated with nausea during dressing changes. Which action will be most useful in decreasing the patient's nausea? - ✔✔Administer...

By bundleHub Solution guider , Uploaded: Aug 12, 2022

$9

 General Science> QUESTIONS & ANSWERS > 2022 California Permit Test Questions with Answers. Graded A+. Latest Predictor Questions. (All)

preview
2022 California Permit Test Questions with Answers. Graded A+. Latest Predictor Questions.

You should increase the distance between your vehicle and the vehicle ahead when you: a) Are following a small passenger vehicle. b)Are being tailgated by another driver. c)Are driving more slowly...

By bundleHub Solution guider , Uploaded: Aug 12, 2022

$9

 *NURSING> QUESTIONS & ANSWERS > CNL Questions 101-150. 100% accurate answers, graded A+. Latest 2022 version (All)

preview
CNL Questions 101-150. 100% accurate answers, graded A+. Latest 2022 version

*Tara, a CNL on a pediatric medical-surgical unit, conducted a 5P assessment and discovered that the discharge process was fragmented and parents were not satisfied with the process. Tara created a te...

By bundleHub Solution guider , Uploaded: Aug 08, 2022

$10

 Risk Management and Insurance> QUESTIONS & ANSWERS > All Mid-term Questions with accurate answers, Rated A+ (All)

preview
All Mid-term Questions with accurate answers, Rated A+

All Mid-term Questions with accurate answers, Rated A+ A carabiner is a type of __ device - Ans-Connecting A figure eight on a bight is used to - Ans-create a secure loop at the working end A rope...

By Nutmegs , Uploaded: Jun 17, 2022

$11

 Health Care> QUESTIONS & ANSWERS > All Mid-term Questions with accurate answers, Rated A+ (All)

preview
All Mid-term Questions with accurate answers, Rated A+

All Mid-term Questions with accurate answers, Rated A+ A carabiner is a type of __ device - Ans-Connecting A figure eight on a bight is used to - Ans-create a secure loop at the working end A rope...

By Professor Lynne , Uploaded: Jun 13, 2022

$12

 Physiology> QUESTIONS & ANSWERS > Psych final. Questions with accurate answers. Graded A+. Latest 2022. (All)

preview
Psych final. Questions with accurate answers. Graded A+. Latest 2022.

Psych final. Questions with accurate answers. Graded A+. Latest 2022. 1. Mental health is the successful adaptation to stressors from the - Ans-internal or external environment, evidence by thought...

By Professor Lynne , Uploaded: Jun 01, 2022

$16

 General Questions> QUESTIONS & ANSWERS > All Mid-term Questions with accurate answers, Rated A+ (All)

preview
All Mid-term Questions with accurate answers, Rated A+

A carabiner is a type of __ device - Ans-Connecting A figure eight on a bight is used to - Ans-create a secure loop at the working end A rope carried by a fire fighter only for self-rescue from...

By SupremeDocs , Uploaded: May 30, 2022

$9

 *NURSING> QUESTIONS & ANSWERS > Psych final. Questions with accurate answers. Graded A+. Latest 2022. (All)

preview
Psych final. Questions with accurate answers. Graded A+. Latest 2022.

1. Mental health is the successful adaptation to stressors from the - Ans-internal or external environment, evidence by thoughts, feelings, and behaviors that are age appropriate and congruent with...

By bundleHub Solution guider , Uploaded: May 26, 2022

$10

$12.00

Add to cart

Instant download

Can't find what you want? Try our AI powered Search

OR

GET ASSIGNMENT HELP
59
0

Document information


Connected school, study & course



About the document


Uploaded On

Mar 14, 2023

Number of pages

31

Written in

Seller


seller-icon
Topmark

Member since 1 year

65 Documents Sold


Additional information

This document has been written for:

Uploaded

Mar 14, 2023

Downloads

 0

Views

 59

Document Keyword Tags

THE BEST STUDY GUIDES

Avoid resits and achieve higher grades with the best study guides, textbook notes, and class notes written by your fellow students

custom preview

Avoid examination resits

Your fellow students know the appropriate material to use to deliver high quality content. With this great service and assistance from fellow students, you can become well prepared and avoid having to resits exams.

custom preview

Get the best grades

Your fellow student knows the best materials to research on and use. This guarantee you the best grades in your examination. Your fellow students use high quality materials, textbooks and notes to ensure high quality

custom preview

Earn from your notes

Get paid by selling your notes and study materials to other students. Earn alot of cash and help other students in study by providing them with appropriate and high quality study materials.


$12.00

WHAT STUDENTS SAY ABOUT US


What is Browsegrades

In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.

We are here to help

We're available through e-mail, Twitter, Facebook, and live chat.
 FAQ
 Questions? Leave a message!

Follow us on
 Twitter

Copyright © Browsegrades · High quality services·