CISSP Learn App Flash Cards

Question 1

What documentation determines the type of individual that needs to be hired and is the first step in defining security needs related to personnel?

Answer 1

Job Descriptions

Question 2

What stage of the SW-CMM is usually little or no defined software development process.

Answer 2

Initial

Question 3

What stage of the SW-CMM is where Reuse of code in an organized fashion begins to enter the picture ?

Answer 3

Repeatable

Question 4

What stage of the SW-CMM is where formal, documented software development processes.

Answer 4

Defined

Question 5

What stage of the SW-CMM is where quantitative measures are used to gain a detailed understanding of the development process.

Answer 5

Managed

Question 6

What stage of the SW-CMM is where Sophisticated software development processes are in place that ensure that feedback from one phase reaches to the previous phase to improve future results.

Answer 6

Optimizing

Question 7

What is a type of bar chart that provides a graphical illustration of a schedule that helps you plan, coordinate, and track specific tasks in a project.

Answer 7

Gantt Chart

Question 8

What is a project-scheduling tool used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment.

Answer 8

PERT

Question 9

What is used to direct improvements to project management and software coding in order to produce more efficient software.

Answer 9

PERT

Question 10

What are the three components of the change management process ?

Answer 10

Request Control
Change Control
Release Control

Question 11

What provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

Answer 11

Request Control

Question 12

What change management process is used by developers to re-create the situation encountered by the user and to analyze the appropriate changes to remedy the situation.

Answer 12

Change Control

Question 13

What change management process provides an organized framework within which multiple developers can create and test a solution prior to rolling it out into a production environment.

Answer 13

Change Control

Question 14

What change management process double-checks and ensures that any code inserted as a programming aid during the change process (such as debugging code and/or backdoors) is removed before releasing the new software to production.

Answer 14

Release Control

Question 15

What change management process ensures that only approved changes are made to production systems.

Answer 15

Release Control

Question 16

What change management process include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.

Answer 16

Release Control

Question 17

What change management process includes conforming to quality control restrictions, developing tools for update or change deployment, properly documenting any coded changes, and restricting the effects of new code to minimize diminishment of security.

Answer 17

Change Control

Question 18

What is used to control the version(s) of software used throughout an organization and to formally track and control changes to the software configuration.

Answer 18

SCM

Question 19

What are the four components of SCM?

Answer 19

Configuration Identification
Configuration Control
Configuration Status Accounting
Configuration Audit

Question 20

What software configuration management process includes administrators documenting the configuration of covered software products throughout the organization.

Answer 20

Configuration Identification

Question 21

What software configuration management process ensures that changes to software versions are made in accordance with the change control and configuration management policies.

Answer 21

Configuration Control

Question 22

What software configuration management process is where Formalized procedures are used to keep track of all authorized changes that take place.

Answer 22

Configuration Audit

Question 23

What is canon one of the ISC 2 code of ethics ?

Answer 23

“protect society, the commonwealth, and the infrastructure.”

Question 24

What is canon two of the ISC 2 code of ethics ?

Answer 24

“act honorably, honestly, justly, responsibly, and legally.”

Question 25

What is canon three of the ISC 2 code of ethics ?

Answer 25

“provide diligent and competent service to principals.”

Question 26

What is canon four of the ISC 2 code of ethics ?

Answer 26

“advance and protect the profession.”

Question 27

What cpu design is a large set of complex machine language instructions, and is used by x86 cpus ?

Answer 27

CISC

Question 28

What cpu design is a reduced set of simpler instructions and is used in phones, ARM, and PDAs?

Answer 28

RISC

Question 29

What type of storage is often used to support records retention for legal or regulatory compliance.

Answer 29

WORM

Question 30

What are two common protections against software exploitation and execution?

Answer 30

DEP
ALSR

Question 31

What is a type of backdoor installed by system designers and programmers to allow developers to bypass normal system checks?

Answer 31

Maintenance Hooks

Question 32

What type of malware self propagates and causes loss of network availability and carry malicious code ?

Answer 32

Worms

Question 33

What malware performs two functions: one benign, such as a game, and one malicious.

Answer 33

Trojan Horse

Question 34

What malware replaces portions of the kernel and/or operating system.

Answer 34

Rootkit

Question 35

What type of malware is triggered when certain conditions have been met ?

Answer 35

Logic bombs

Question 36

What are the five modes of DES?

Answer 36

ECB
CBC
CFB
OFB
CTR

Question 37

What means the organization that issued the public/private key pairs retains a copy.

Answer 37

Key storage

Question 38

What type of key is retained by a third-party organization (and sometimes multiple organizations), often for law enforcement purposes.

Answer 38

Key escrow

Question 39

What is the successor to SSL?

Answer 39

TLS

Question 40

What two protocols are commonly used by HTTP?

Answer 40

TLS and SSL

Question 41

What is a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6.

Answer 41

IPSEC

Question 42

What IPsec protocol provides authentication and integrity for each packet of network data and acts as a digital signature for data?

Answer 42

AH

Question 43

What IPsec protocol provides confidentiality but can optionally provide authentication and integrity as well.

Answer 43

ESP

Question 44

What is a simplex (one-way) connection that may be used to negotiate ESP or AH parameters.

Answer 44

IPsec SA

Question 45

A unique 32-bit number that identifies each simplex SA connection.

Answer 45

SPI

Question 46

What protocol manages the SA creation process ?

Answer 46

ISAKMP

Question 47

What type of system requires two separate triggers to release water ?

Answer 47

Preaction systems

Question 48

What systems will not fill the pipes until both the fire alarm triggers and the sprinkler head opens.

Answer 48

Double interlock systems

Question 49

What systems release water into the pipes when a fire alarm triggers.

Answer 49

Single interlock systems

Question 50

What is a connection between private Intranets, such as connections to business partner intranets.

Answer 50

Extranet

Question 51

What is a privately owned network running TCP/IP, such as a company network.

Answer 51

Intranet

Question 52

What can provide dedicated bandwidth to point-to-point connections, such as a T1 connecting two offices.

Answer 52

Circuit switched networks