Certified Information Systems Security Professional
Exam Questions, Answers,
Thanx to www.examcheats.net
for providing helpful material.Here is my contribution.
Ensuring the integrity of business information is the
PRIMARY concern of
A. Encryption Security
B. Procedural Security.
C. Logical Security
D. On-line Security
Procedures are looked at as the lowest level in the
policy chain because they are closest to the computers
and provide detailed steps for configuration and installation
issues. They provide the steps to actually implement
the statements in the policies, standards, and guidelines...Security
procedures, standards, measures, practices, and policies
cover a number of different subject areas. - Shon Harris
All-in-one CISSP Certification Guide pg 44-45
Which one of the following actions should be taken FIRST
after a fire has been detected?
A. Turn off power to the computers
B. Call the fire department
C. Notify management
D. Evacuate all personnel
Protection of life is of the utmost importance and should
be dealt with first before looking to save material
objects. . - Shon Harris All-in-one CISSP Certification
Guide pg 625
Which one of the following is the Open Systems Interconnection
(OSI) protocol for message handling?
An ISO and ITU standard for addressing and transporting
e-mail messages. It conforms to layer 7 of the OSI model
and supports several types of transport mechanisms,
including Ethernet, X.25, TCP/IP, and dial-up lines.
Not A: This is wrong X25 is the method that defines
transport of point-to-point packet switching networks.
Not D: "The X.509 standard defines the format for
public key certificates." Pg. 213 Krutz: The CISSP
Prep Guide: Gold Edition.
Which of the following is a weakness of both statistical
anomaly detection and pattern matching?
A. Lack of ability to scale.
B. Lack of learning model.
C. Inability to run in real time.
D. Requirement to monitor every event.
Explanation: Disadvantages of Knowledge-based ID systems:
This system is resources-intensive; the knowledge database
continually needs maintenance and updates New, unique,
or original attacks often go unnoticed.Disadvantages
of Behavior-based ID systems:
The system is characterized by high false alarm rates.
High positives are the most common failure of ID systems
and can create data noise that makes the system unusable.
The activity and behavior of the users while in the
networked system might not be static enough to effectively
implement a behavior-based ID system. -Ronald Krutz
The CISSP PREP Guide (gold edition) pg 88
Digital signature users register their public keys with
a certification authority, which distributes a certificate
containing the user's public key and digital signature
of the certification authority. In create the certificate,
the user's public key and the validity period are combined
with what other information before computing the digital
A. Certificate issuer and the Digital Signature Algorithm
B. User's private key and the identifier of the master
C. Name of secure channel and the identifier of the
D. Key authorization and identifier of key distribution
The key word is 'In create the certificate.." Certificates
Certificates that conform to X.509 contain the following
data: Version of X.509 to which the certificate conforms;
Serial number (from the certificate creator); Signature
alogrithim identifier (specifies the technique used
by the certificate authority to digitally sign the contens
of the certificate); Issuer name (identification of
the certificate authority that issues the certificate)
Validity perido (specifies the dates and times - a starting
date and time and an ending date and time - during which
the certificate is valied); Subject's name (contains
the distinguished name, or DN, of the entity that owns
the public key contained in teh certificate); Subject's
public key (the meat of the certificate - the actual
public key of the certificate owneer used to setup secure
communications) pg 343-344 CISSP Study Guide byTittel
Why are macro viruses easy to write?
A. Active contents controls can make direct system calls
B. The underlying language is simple and intuitive to
C. Only a few assembler instructions are needed to do
D. Office templates are fully API compliant.
Macro Languages enable programmers to edit, delete,
and copy files. Because these languages are so easy
to use, many more types of macro viruses are possible.
- Shon Harris All-in-one CISSP Certification Guide pg
Tracing violations, or attempted violations of system
security to the user responsible is a function of
B. access management
C. integrity checking
Auditing capabilities ensure that users are accountable
for their actions, verify that the security policies
are enforced, worked as a deterrent to improper actions,
and are used as investigation tools. - Shon Harris Allin-
one CISSP Certification Guide pg 182
Which one of the following is concerned with masking
the frequency, length, and origin-destination patterns
of the communications between protocol entities?
A. Masking analysis
B. Protocol analysis
C. Traffic analysis
D. Pattern analysis
Traffic analysis, which is sometimes called trend analysis,
is a technique employed by an intruder that involves
analyzing data characteristics (message length, message
frequency, and so forth) and the patterns of transmissions
(rather than any knowledge of the actual information
transmitted) to infer information that isuseful to an
intruder) . -Ronald Krutz The CISSP PREP Guide (gold
edition) pg 323
In which situation would TEMPEST risks and technologies
be of MOST interest?
A. Where high availability is vital.
B. Where the consequences of disclose are very high.
C. Where countermeasures are easy to implement
D. Where data base integrity is crucial
Emanation eavesdropping. Receipt and display of information,
which is resident on computers or terminals, through
the interception of radio frequency (RF) signals generated
by those computers or terminals. The U.S. government
established a program called TEMPEST that addressed
this problem by requiring a shielding and other emanation-reducing
mechanisms to be employed on computers processing sensitive
and classified government information. . -Ronald Krutz
The CISSP PREP Guide (gold edition) pg 416