REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 

Tailynn

Methew

Anderson

Alexander

Jacob

 
 

 

Braindumps of CISSP
Certified Information Systems Security Professional

Exam Questions, Answers, Braindumps (CISSP)

Thanx to www.examcheats.net for providing helpful material.Here is my contribution.

Question: 1
Ensuring the integrity of business information is the PRIMARY concern of
A. Encryption Security
B. Procedural Security.
C. Logical Security
D. On-line Security
Answer: B
Procedures are looked at as the lowest level in the policy chain because they are closest to the computers and provide detailed steps for configuration and installation issues. They provide the steps to actually implement the statements in the policies, standards, and guidelines...Security procedures, standards, measures, practices, and policies cover a number of different subject areas. - Shon Harris All-in-one CISSP Certification Guide pg 44-45
Question: 2
Which one of the following actions should be taken FIRST after a fire has been detected?
A. Turn off power to the computers
B. Call the fire department
C. Notify management
D. Evacuate all personnel
Answer: D
Protection of life is of the utmost importance and should be dealt with first before looking to save material objects. . - Shon Harris All-in-one CISSP Certification Guide pg 625
Question: 3
Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling?
A. X.25
B. X.400
C. X.500
D. X.509
Answer: B
An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines. - http://www.webopedia.com/TERM/X/X_400.html
Not A: This is wrong X25 is the method that defines transport of point-to-point packet switching networks.
Not D: "The X.509 standard defines the format for public key certificates." Pg. 213 Krutz: The CISSP Prep Guide: Gold Edition.
Question: 4
Which of the following is a weakness of both statistical anomaly detection and pattern matching?
A. Lack of ability to scale.
B. Lack of learning model.
C. Inability to run in real time.
D. Requirement to monitor every event.
Answer: B
Explanation: Disadvantages of Knowledge-based ID systems:
This system is resources-intensive; the knowledge database continually needs maintenance and updates New, unique, or original attacks often go unnoticed.Disadvantages of Behavior-based ID systems:
The system is characterized by high false alarm rates. High positives are the most common failure of ID systems and can create data noise that makes the system unusable.
The activity and behavior of the users while in the networked system might not be static enough to effectively implement a behavior-based ID system. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 88
Question: 5
Digital signature users register their public keys with a certification authority, which distributes a certificate containing the user's public key and digital signature of the certification authority. In create the certificate, the user's public key and the validity period are combined with what other information before computing the digital signature?
A. Certificate issuer and the Digital Signature Algorithm identifier
B. User's private key and the identifier of the master key code
C. Name of secure channel and the identifier of the protocol type
D. Key authorization and identifier of key distribution center
Answer: A
The key word is 'In create the certificate.." Certificates Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate creator); Signature alogrithim identifier (specifies the technique used by the certificate authority to digitally sign the contens of the certificate); Issuer name (identification of the certificate authority that issues the certificate) Validity perido (specifies the dates and times - a starting date and time and an ending date and time - during which the certificate is valied); Subject's name (contains the distinguished name, or DN, of the entity that owns the public key contained in teh certificate); Subject's public key (the meat of the certificate - the actual public key of the certificate owneer used to setup secure communications) pg 343-344 CISSP Study Guide byTittel
Question: 6
Why are macro viruses easy to write?
A. Active contents controls can make direct system calls
B. The underlying language is simple and intuitive to apply.
C. Only a few assembler instructions are needed to do damage.
D. Office templates are fully API compliant.
Answer: B
Macro Languages enable programmers to edit, delete, and copy files. Because these languages are so easy to use, many more types of macro viruses are possible. - Shon Harris All-in-one CISSP Certification Guide pg 785
Question: 7
Tracing violations, or attempted violations of system security to the user responsible is a function of
A. authentication
B. access management
C. integrity checking
D. accountability
Answer: D
Auditing capabilities ensure that users are accountable for their actions, verify that the security policies are enforced, worked as a deterrent to improper actions, and are used as investigation tools. - Shon Harris Allin- one CISSP Certification Guide pg 182
Question: 8
Which one of the following is concerned with masking the frequency, length, and origin-destination patterns of the communications between protocol entities?
A. Masking analysis
B. Protocol analysis
C. Traffic analysis
D. Pattern analysis
Answer: C
Traffic analysis, which is sometimes called trend analysis, is a technique employed by an intruder that involves analyzing data characteristics (message length, message frequency, and so forth) and the patterns of transmissions (rather than any knowledge of the actual information transmitted) to infer information that isuseful to an intruder) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 323
Question: 9
In which situation would TEMPEST risks and technologies be of MOST interest?
A. Where high availability is vital.
B. Where the consequences of disclose are very high.
C. Where countermeasures are easy to implement
D. Where data base integrity is crucial
Answer: B
Emanation eavesdropping. Receipt and display of information, which is resident on computers or terminals, through the interception of radio frequency (RF) signals generated by those computers or terminals. The U.S. government established a program called TEMPEST that addressed this problem by requiring a shielding and other emanation-reducing mechanisms to be employed on computers processing sensitive and classified government information. . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 416

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend