CISSP OPT 3rd ED Sybex -- Wrong Only Flashcards

Question 1

Q

Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party’s copyright. What law governs the actions that Francine must take?

A. Copyright Act
B. Lanham Act
C. Digital Millennium Copyright Act
D. Gramm Leach Bliley Act

Answer

A

C. Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) sets forth the requirements for online service providers when handling copyright complaints received from third parties. The Copyright Act creates the mechanics for issuing and enforcing copyrights but does not cover the actions of online service providers. The Lanham Act regulates the issuance of trademarks to protect intellectual property. The Gramm-Leach-Bliley Act regulates the handling of personal financial information.

Question 2

Q

Question 6 tb787631.CISSPPT3E.c01.006
Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?

A. Student identification number
B. Social Security number
C. Driver’s license number
D. Credit card number

Answer

A

A. Student identification number

Most state data breach notification laws are modeled after California’s data breach notification law, which covers Social Security number, driver’s license number, state identification card number, credit/debit card numbers, and bank account numbers (in conjunction with a PIN or password). California’s breach notification law also protects some items not commonly found in other state laws, including medical records and health insurance information. These laws are separate and distinct from privacy laws, such as the California Consumer Privacy Act (CCPA), which regulates the handling of personal information more broadly.

Question 3

Q

Question 7 tb787631.CISSPPT3E.c01.007
Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?

A. Due diligence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule

Answer

A

C. Prudent man rule

The prudent man rule requires that senior executives take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation. The rule originally applied to financial matters, but the Federal Sentencing Guidelines applied them to information security matters in the United States in 1991.

Question 4

Q

Question 9 tb787631.CISSPPT3E.c01.009
Wanda is working with one of her organization’s European Union business partners to facilitate the exchange of customer information. Wanda’s organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?

A. Binding corporate rules
B. Privacy Shield
C. Standard contractual clauses
D. Safe harbor

Answer

A

C. Standard contractual clauses

The European Union provides standard contractual clauses that may be used to facilitate data transfer. That would be the best choice in a case where two different companies are sharing data. If the data were being shared internally within a company, binding corporate rules would also be an option. The EU/U.S. Privacy Shield was a safe harbor agreement that would previously have allowed the transfer but is no longer valid.

Question 5

Q

Question 10 tb787631.CISSPPT3E.c01.010
Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?

A. GLBA
B. SOX
C. HIPAA
D. FERPA

Answer

A

A. GLBA

The Gramm-Leach-Bliley Act (GLBA) contains provisions regulating the privacy of customer financial information. It applies specifically to financial institutions. The Sarbanes Oxley (SOX) Act regulates the financial reporting activities of publicly traded companies. The Health Insurance Portability and Accountability Act (HIPAA) regulates the handling of protected health information (PHI). The Family Educational Rights and Privacy Act (FERPA) regulates the handling of student educational records.

Question 6

Q

Question 15 tb787631.CISSPPT3E.c01.015
You are completing a review of the controls used to protect a media storage facility in your organization and would like to properly categorize each control that is currently in place. Which of the following control categories accurately describe a fence around a facility? (Select all that apply.)

A. Physical
B. Detective
C. Deterrent
D. Preventive

Answer

A

A. Physical
C. Deterrent
D. Preventive

Question 7

Q

Question 17 tb787631.CISSPPT3E.c01.017
Vincent believes that a former employee took trade secret information from his firm and brought it with him to a competitor. He wants to pursue legal action. Under what law could he pursue charges?

A. Copyright law
B. Lanham Act
C. Glass-Steagall Act
D. Economic Espionage Act

Answer

A

D. Economic Espionage Act

The Economic Espionage Act imposes fines and jail sentences on anyone found guilty of stealing trade secrets from a U.S. corporation. It gives true teeth to the intellectual property rights of trade secret owners. Copyright law does not apply in this situation because there is no indication that the information was copyrighted. The Lanham Act applies to trademark protection cases. The Glass-Steagall Act was a banking reform act that is not relevant in this situation.

Question 8

Q

Question 19 tb787631.CISSPPT3E.c01.019
Brenda’s organization recently completed the acquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be part of the organizational processes addressed during the acquisition?

A. Consolidation of security functions
B. Integration of security tools
C. Protection of intellectual property
D. Documentation of security policies

Answer

A

C. Protection of intellectual property

The protection of intellectual property is a greater concern during a divestiture, where a subsidiary is being spun off into a separate organization, than an acquisition, where one firm has purchased another. Acquisition concerns include consolidating security functions and policies as well as integrating security tools.

Question 9

Q

Question 22 tb787631.CISSPPT3E.c01.022
Which one of the following actions might be taken as part of a business continuity plan?

A. Restoring from backup tapes
B. Implementing RAID
C. Relocating to a cold site
D. Restarting business operations

Answer

A

B. Implementing RAID

RAID technology provides fault tolerance for hard drive failures and is an example of a business continuity action. Restoring from backup tapes, relocating to a cold site, and restarting business operations are all disaster recovery actions.

Question 10

Q

Question 25 tb787631.CISSPPT3E.c01.025
Laura has been asked to perform an SCA. What type of organization is she most likely in?

A. Higher education
B. Banking
C. Government
D. Healthcare

Answer

A

C. Government

A security controls assessment (SCA) most often refers to a formal U.S. government process for assessing security controls and is often paired with a Security Test and Evaluation (ST&E) process. This means that Laura is probably part of a government organization or contractor.

Question 11

Q

Question 32 tb787631.CISSPPT3E.c01.032
Gina is working to protect a logo that her company will use for a new product they are launching. She has questions about the intellectual property protection process for this logo. What U.S. government agency would be best able to answer her questions?

A. USPTO
B. Library of Congress
C. NSA
D. NIST

Answer

A

A. USPTO

First, you must realize that a trademark is the correct intellectual property protection mechanism for a logo. Therefore, Gina should contact the United States Patent and Trademark Office (USPTO), which bears responsibility for the registration of trademarks. The Library of Congress administers the copyright program. The National Security Agency (NSA) and the National Institute for Standards and Technology (NIST) play no role in intellectual property protection.

Question 12

Q

Question 38 tb787631.CISSPPT3E.c01.038
Florian receives a flyer from a U.S. federal government agency announcing that a new administrative law will affect his business operations. Where should he go to find the text of the law?

A. United States Code
B. Supreme Court rulings
C. Code of Federal Regulations
D. Compendium of Laws

Answer

A

C. Code of Federal Regulations

The Code of Federal Regulations (CFR) contains the text of all administrative laws promulgated by federal agencies. The United States Code contains criminal and civil law. Supreme Court rulings contain interpretations of law and are not laws themselves. The Compendium of Laws does not exist.

Question 13

Q

Question 40 tb787631.CISSPPT3E.c01.040
Which one of the following individuals would be the most effective organizational owner for an information security program?

A. CISSP-certified analyst
B. Chief information officer (CIO)
C. Manager of network security
D. President and CEO

Answer

A

B. Chief information officer (CIO)

The owner of information security programs may be different from the individuals responsible for implementing the controls. This person should be as senior an individual as possible who is able to focus on the management of the security program. The president and CEO would not be an appropriate choice because an executive at this level is unlikely to have the time necessary to focus on security. Of the remaining choices, the CIO is the most senior position who would be the strongest advocate at the executive level.

Question 14

Q

Question 43 tb787631.CISSPPT3E.c01.043
Gary is analyzing a security incident and, during his investigation, encounters a user who denies having performed an action that Gary believes he did perform. What type of threat has taken place under the STRIDE model?

A. Repudiation
B. Information disclosure
C. Tampering
D. Elevation of privilege

Answer

A

A. Repudiation

Repudiation threats allow an attacker to deny having performed an action or activity without the other party being able to prove differently. There is no evidence that the attacker engaged in information disclosure, tampering, or elevation of privilege.

Question 15

Q

Question 1 tb787631.CISSPPT3E.c03.016
Please refer to the following scenario:

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
If Alice wants to send Bob a message that is encrypted for confidentiality, what key does she use to encrypt the message?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

Answer

A

C. Bob’s public key

In an asymmetric cryptosystem, the sender of a message encrypts the message using the recipient’s public key. The recipient may then decrypt that message using their own private key, which only they should possess.

Question 16

Q

Question 2 tb787631.CISSPPT3E.c03.023
Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
A. AH
B. ESP
C. IKE
D. ISAKMP

Answer

A

B. ESP

The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

Question 17

Q

tb787631.CISSPPT3E.c03.099
Ron is investigating a security incident that took place at a highly secure government facility. He believes that encryption keys were stolen during the attack and finds evidence that the attackers used dry ice to freeze an encryption component. What type of attack was likely attempted?
A. Side channel attack
B. Brute-force attack
C. Timing attack
D. Fault injection attack

Answer

A

D. Fault injection attack

In a fault injection attack, the attacker attempts to compromise the integrity of a cryptographic device by causing some type of external fault. For example, they might use high-voltage electricity, high or low temperature, or other factors to cause a malfunction that undermines the security of the device. Side-channel attacks seek to use information about system activity and retrieve information that is actively being encrypted. Brute-force attacks attempt every possible valid combination for a key or password. In a timing attack, the attacker measures precisely how long cryptographic operations take to complete, gaining information about the cryptographic process that may be used to undermine its security.

Question 18

Q

tb787631.CISSPPT3E.c03.025
Joanna wants to review the status of the industrial control systems her organization uses for building control. What type of systems should she inquire about access to?
A. SCADA
B. DSS
C. BAS
D. ICS-CSS

Answer

A

A. SCADA

Supervisory Control and Data Acquisition systems, or SCADA systems, provide a graphical interface to monitor industrial control systems (ICS). Joanna should ask about access to her organization’s SCADA systems.

Question 19

Q

Question 5 tb787631.CISSPPT3E.c03.062
A hacker recently violated the integrity of data in James’s company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file’s contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place?
A. Social engineering
B. TOCTOU
C. Data diddling
D. Parameter checking

Answer

A

B. TOCTOU

In a time of check to time of use (TOCTOU) attack, the attacker exploits the difference in time between when a security control is verified and the data protected by the control is actually used.

Question 20

Q

Question 6 tb787631.CISSPPT3E.c03.078
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
A. RSA
B. 3DES
C. AES
D. Blowfish

Answer

A

A. RSA

Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only RSA is asymmetric and supports digital signature capabilities.

Question 21

Q

Question 7 tb787631.CISSPPT3E.c03.030
Colin is the chief privacy officer for a non-profit organization and is assisting with the team’s transition to a Privacy by Design approach. Under this approach, which is not one of the Privacy by Design principles that the team should embrace?
A. Proactive, not reactive
B. Privacy as the default setting
C. End-to-end security
D. Defense in depth

Answer

A

D. Defense in depth

While defense in depth is a strong security principle, it is not a component of Privacy by Design. The following are the seven principles of the Privacy by Design model:
Proactive, not reactive; preventive, not remedial
Privacy as the default setting
Privacy embedded into design
Full functionality—positive-sum, not zero-sum
End-to-end security—full lifecycle protection
Visibility and transparency—keep it open
Respect for user privacy—keep it user-centric

Question 22

Q

Gary intercepts a communication between two individuals and suspects that they are exchanging secret messages. The content of the communication appears to be the image captured. What type of technique may the individuals use to hide messages inside this image?

A. Visual cryptography
B. Steganography
C. Cryptographic hashing
D. Transport layer security

Answer

A

B. Steganography

Steganography is the art of using cryptographic techniques to embed secret messages within other content. Some steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.

Question 23

Q

Question 9 tb787631.CISSPPT3E.c03.031
What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection?
A. Security through obscurity
B. Kerckhoffs’ principle
C. Defense in depth
D. Heisenburg principle

Answer

A

B. Kerckhoffs’ principle

Kerckhoffs’ principle says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

Question 24

Q

Question 10 tb787631.CISSPPT3E.c03.071
Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
A. Substitution cipher
B. AES
C. Transposition cipher
D. 3DES

Answer

A

C. Transposition cipher

This message was most likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequency distribution so that it did not mirror that of the English language. This type of attack, where the attacker only has access to an encrypted message, is also known as a ciphertext-only attack.

Question 25

Q

Question 11 tb787631.CISSPPT3E.c03.060
Robert is investigating a security breach and discovers the Mimikatz tool installed on a system in his environment. What type of attack has likely taken place?
A. Password cracking
B. Pass the hash
C. MAC spoofing
D. ARP poisoning

Answer

A

B. Pass the hash

The use of the Mimikatz tool is indicative of an attempt to capture user password hashes for use in a pass-the-hash attack against Microsoft Active Directory accounts.

Question 26

Q

Question 12 tb787631.CISSPPT3E.c03.049
During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. Which one of the following actions should she take first?
A. Remove the key from the bucket.
B. Notify all customers that their data may have been exposed.
C. Request a new certificate using a new key.
D. Nothing, because the private key should be accessible for validation.

Answer

A

C. Request a new certificate using a new key.

The first thing Casey should do is notify her management, but after that, replacing the certificate and using proper key management practices with the new certificate’s key should be at the top of her list.

Question 27

Q

Question 13 tb787631.CISSPPT3E.c03.012
In the figure shown here, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance, and the file has a Confidential classification. What principle of the Biba model is being enforced?

A data flow diagram starts with a circle on the left, which represents an entity, Sally. A rounded rectangle is on the right, which represents another entity, Data File. An arrow labeled, Read Request, points from the circle to the rounded rectangle. A cross inscribed in a circle is on the arrow.

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property

Answer

A

B. Simple Integrity Property

The Simple Integrity Property states that an individual may not read a file classified at a lower security level than the individual’s security clearance.

Question 28

Q

Question 14 tb787631.CISSPPT3E.c03.044
Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle’s security clearance requirements?
A. Kyle must have a clearance for the highest level of classification processed by the system, regardless of his access.
B. Kyle must have access approval for all information processed by the system.
C. Kyle must have a valid need to know for all information processed by the system.
D. Kyle must have a valid security clearance.

Answer

A

C. Kyle must have a valid need to know for all information processed by the system.

For systems running in System High mode, the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all, information processed by the system.

Question 29

Q

Question 15 tb787631.CISSPPT3E.c03.082
What type of motion detector senses changes in the electromagnetic fields in monitored areas?
A. Infrared
B. Wave pattern
C. Capacitance
D. Photoelectric

Answer

A

C. Capacitance

Capacitance motion detectors monitor the electromagnetic field in a monitored area, sensing disturbances that correspond to motion.

Question 30

Q

Question 16 tb787631.CISSPPT3E.c03.053
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. They would like the system to be set up so that any pair of arbitrary users may communicate privately. How many total keys will they need?
A. 500
B. 1,000
C. 2,000
D. 4,950

Answer

A

C. 2,000

Asymmetric cryptosystems use a pair of keys for each user. In this case, with 1,000 users, the system will require 2,000 keys.

Question 31

Q

Question 17 tb787631.CISSPPT3E.c03.072
The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What implementation attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?
A. Chosen ciphertext
B. Brute force
C. Man-in-the-middle
D. Meet-in-the-middle

Answer

A

D. Meet-in-the-middle

The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute-force manner to identify the encryption key in approximately double the time of a brute-force attack against the basic DES algorithm.

Question 32

Q

Question 18 tb787631.CISSPPT3E.c03.067
In a software as a service cloud computing environment, who is normally responsible for ensuring that appropriate firewall controls are in place to protect the application?
A. Customer’s security team
B. Vendor
C. Customer’s networking team
D. Customer’s infrastructure management team

Answer

A

B. Vendor

In a software as a service environment, the customer has no access to any underlying infrastructure, so firewall management is a vendor responsibility under the cloud computing shared responsibility model.

Question 33

Q

Question 19 tb787631.CISSPPT3E.c03.048
In an infrastructure as a service (IaaS) environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service?
A. Customer’s security team
B. Customer’s storage team
C. Customer’s vendor management team
D. Vendor

Answer

A

D. Vendor

In an infrastructure as a service environment, security duties follow a shared responsibility model. Since the vendor is responsible for managing the storage hardware, the vendor would retain responsibility for destroying or wiping drives as they are taken out of service. However, it is still the customer’s responsibility to validate that the vendor’s sanitization procedures meet their requirements prior to utilizing the vendor’s storage services.

Question 34

Q

Question 20 tb787631.CISSPPT3E.c03.001
Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme’s competitors. What security model best fits Matthew’s needs?
A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash

Answer

A

D. Brewer-Nash

The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.

Question 35

Q

Question 21 tb787631.CISSPPT3E.c03.091
Which one of the following humidity values is within the acceptable range for a data center operation?
A. 0 percent
B. 10 percent
C. 25 percent
D. 40 percent

Answer

A

D. 40 percent

Data center humidity should be maintained between 40 percent and 60 percent. Values below this range increase the risk of static electricity, while values above this range may generate moisture that damages equipment.

Question 36

Q

Question 22 tb787631.CISSPPT3E.c03.074
Warren is designing a physical intrusion detection system for use in a sensitive media storage facility and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement?
A. Heartbeat sensor
B. Emanation security
C. Motion detector
D. Faraday cage

Answer

A

A. Heartbeat sensor

Heartbeat sensors send periodic status messages from the alarm system to the monitoring center. The monitoring center triggers an alarm if it does not receive a status message for a prolonged period of time, indicating that communications were disrupted.

Question 37

Q

Question 23 tb787631.CISSPPT3E.c03.015
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
A. MD5
B. 3DES
C. SHA1
D. SHA 256

Answer

A

D. SHA 256

Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1 was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list.

Question 38

Q

Question 24 tb787631.CISSPPT3E.c03.065
Johnson Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter from the database and totaled them up to determine the total sales volume. What type of attack occurred?
A. Social engineering
B. Inference
C. Aggregation
D. Data diddling

Answer

A

C. Aggregation

In an aggregation attack, individual(s) use their access to specific pieces of information to piece together a larger picture that they are not authorized to access.

Question 39

Q

Question 25 tb787631.CISSPPT3E.c03.034
In the figure shown here, Sally is blocked from writing to the data file by the Biba integrity model. Sally has a Secret security clearance, and the file is classified Top Secret. What principle is preventing her from writing to the file?

A data flow diagram starts with a circle on the left, which represents an entity, Sally. A rounded rectangle is on the right, which represents another entity, Data File. An arrow labeled, Write Request, points from the circle to the rounded rectangle. A cross inscribed in a circle is on the arrow.

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property

Answer

A

D. *-Integrity Property

The *-Integrity Property states that a subject cannot modify an object at a higher integrity level than that possessed by the subject.

Question 40

Q

Question 26 tb787631.CISSPPT3E.c03.014
Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
A. TCB
B. TPM
C. NIACAP
D. RSA

Answer

A

B. TPM

The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.

Question 41

Q

Question 27 tb787631.CISSPPT3E.c03.038
Jake works for a research organization that is seeking to deploy a grid computing system that will perform cycle scavenging on user workstations to conduct research tasks that require high-performance computing. What is the most significant risk associated with this operation?
A. Data confidentiality
B. Isolation breach
C. Data integrity
D. Data availability

Answer

A

B. Isolation breach

The system can be designed in a manner that protects the confidentiality, integrity, and availability of data. The research workstations included in the grid are from internal users, minimizing the risk of distributing the data. However, an isolation breach in the distributed computing client could be catastrophic, allowing someone who compromises the controller to assume control of every device in the organization.

Question 42

Q

Question 28 tb787631.CISSPPT3E.c03.075
John and Gary are negotiating a business transaction, and John must demonstrate to Gary that he has access to a system. He engages in an electronic version of the “magic door” scenario shown here. What technique is John using?

An illustration shows a man standing before a horizontal narrow opening. The opening branches out upward and downward, then curves back downward and upward, respectively, to complete a closed tube like space shaped like a human eye. The line of sight of the man points downward through the narrow opening, to the inner wall of the downward branch. Another curved arrow points through the upward branch. At the point of the upper branch, where the branch begins to curve downward, a silhouette of a man is located. The eye of the silhouette is labeled, 1. The point of the lower branch, where the branch begins to curve upward, is labeled, 2. A door is situated inside the closed tube, such that the doorknob on the door is located horizontally in line to the man’s eye.

A. Split-knowledge proof
B. Zero-knowledge proof
C. Logical proof
D. Mathematical proof

Answer

A

B. Zero-knowledge proof

In a zero-knowledge proof, one individual demonstrates to another that they can achieve a result that requires sensitive information without actually disclosing the sensitive information.

Question 43

Q

Question 29 tb787631.CISSPPT3E.c03.032
Ryan is developing a physical access plan for his organization’s data center and wants to implement the security control indicated by the arrow in this diagram. What is the name of this control?

An enclosed square space consists of walls on each of the four sides, formed by six adjacently erected rectangles on each side. There are two gaps in the walls, one each on the bottom side and the left side. In the bottom side, the fourth rectangle from the left is replaced by a revolving door. In the left side, the first rectangle from the top is replaced by a doorway. A downward arrow points to the doorway. The top right corner of the enclosed space contains a smaller enclosed space.

A. Mantrap
B. Turnstile
C. Intrusion prevention system
D. Portal

Answer

A

A. Mantrap

Mantraps use two sets of doors to control access to a facility. This may be used to prevent piggybacking by monitoring use of the mantrap to allow only a single individual to enter a facility at a time. They may also be used to allow manual inspection of individuals or perform other security screening. Mantraps are also commonly known as access control vestibules.

Question 44

Q

Question 30 tb787631.CISSPPT3E.c03.081
During a third-party vulnerability scan and security test, Danielle’s employer recently discovered that the embedded systems that were installed to manage her company’s new buildings have a severe remote access vulnerability. The manufacturer has gone out of business, and there is no patch or update for the devices. What should Danielle recommend that her employer do about the hundreds of devices that are vulnerable?
A. Identify a replacement device model and replace every device.
B. Turn off all of the devices.
C. Move the devices to a secure and isolated network segment.
D. Reverse engineer the devices and build an in-house patch.

Answer

A

C. Move the devices to a secure and isolated network segment..

The most reasonable choice presented is to move the devices to a secure and isolated network segment. This will allow the devices to continue to serve their intended function while preventing them from being compromised. All of the other scenarios either create major new costs or deprive her organization of the functionality that the devices were purchased to provide.

Question 45

Q

Question 31 tb787631.CISSPPT3E.c03.097
Which one of the following is an example of a covert timing channel when used to exfiltrate information from an organization?
A. Sending an electronic mail message
B. Posting a file on a peer-to-peer file sharing service
C. Typing with the rhythm of Morse code
D. Writing data to a shared memory space

Answer

A

C. Typing with the rhythm of Morse code

Covert channels use surreptitious communications’ paths. Covert timing channels alter the use of a resource in a measurable fashion to exfiltrate information. If a user types using a specific rhythm of Morse code, this is an example of a covert timing channel. Someone watching or listening to the keystrokes could receive a secret message with no trace of the message left in logs.

Question 46

Q

Question 32 tb787631.CISSPPT3E.c03.017
Please refer to the following scenario:

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
When Bob receives the encrypted message from Alice, what key does he use to decrypt the message’s plaintext content?

A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key

Answer

A

D. Bob’s private key

When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is the only one who should be able to decrypt it, thus preserving confidentiality.

Question 47

Q

Question 33 tb787631.CISSPPT3E.c03.021
Which one of the following is not an attribute of a hashing algorithm?
A. They require a cryptographic key.
B. They are irreversible.
C. It is very difficult to find two messages with the same hash value.
D. They take variable-length input.

Answer

A

A. They require a cryptographic key.

Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.

Question 48

Q

Question 34 tb787631.CISSPPT3E.c03.079
Laura is responsible for securing her company’s web-based applications and wants to conduct an educational program for developers on common web application security vulnerabilities. Where can she turn for a concise listing of the most common web application issues?
A. CVE
B. NSA
C. OWASP
D. CSA

Answer

A

C. OWASP

The Open Web Application Security Project (OWASP) produces an annual list of the top ten web application security issues that developers and security professionals around the world rely upon for education and training purposes. The OWASP vulnerabilities form the basis for many web application security testing products.

Question 49

Q

Question 35 tb787631.CISSPPT3E.c03.070
Lauren implements ASLR to help prevent system compromises. What technique has she used to protect her system?
A. Encryption
B. Mandatory access control
C. Memory address randomization
D. Discretionary access control

Answer

A

C. Memory address randomization

Lauren has implemented address space layout randomization, a memory protection methodology that randomizes memory locations, which prevents attackers from using known address spaces and contiguous memory regions to execute code via overflow or stack smashing attacks.

Question 50

Q

Question 1 tb787631.CISSPPT3E.c03.004
Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?
A. 2
B. 4
C. 8
D. 12

Answer

A

B. 4

In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.

Question 51

Q

Question 2 tb787631.CISSPPT3E.c03.011
What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?
A. Maintenance hook
B. Cross-site scripting
C. SQL injection
D. Buffer overflow

Answer

A

A. Maintenance hook

Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls. If not removed prior to finalizing code, they pose a significant security vulnerability if an attacker discovers the maintenance hook.

Question 52

Q

Question 3 tb787631.CISSPPT3E.c03.046
Philip is developing a new security tool that will be used by individuals in many different subsidiaries of his organization. He chooses to use Docker to deploy the tool to simplify configuration. What term best describes this approach?
A. Virtualization
B. Abstraction
C. Simplification
D. Containerization

Answer

A

D. Containerization

All of these terms accurately describe this use of technology. However, the use of Docker is best described as a containerization technology, so this is the best possible answer choice.

Question 53

Q

Question 4 tb787631.CISSPPT3E.c03.095
Todd believes that a digital certificate used by his organization has been compromised and he wants to add it to the certificate revocation list (CRL). What element of the certificate goes on the CRL?
A. Serial number
B. Public key
C. Digital signature
D. Private key

Answer

A

A. Serial number

The certificate revocation list contains the serial numbers of digital certificates issued by a certificate authority that have later been revoked.

Question 54

Q

Question 5 tb787631.CISSPPT3E.c03.024
Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
A. Nonrepudiation
B. Authentication
C. Integrity
D. Confidentiality

Answer

A

D. Confidentiality

The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality protects against this risk. Nonrepudiation is when the recipient of a message can prove the originator’s identity to a third party. Authentication is a means of proving one’s identity. Integrity demonstrates that information has not been modified since transmission.

Question 55

Q

Question 6 tb787631.CISSPPT3E.c03.026
In the figure shown here, Harry’s request to write to the data file is blocked. Harry has a Secret security clearance, and the data file has a Confidential classification. What principle of the Bell-LaPadula model blocked this request?

A data flow diagram starts with a circle on the left, which represents an entity, Harry. A rounded rectangle is on the right, which represents another entity, Data File. An arrow labeled, Write Request, points from the circle to the rounded rectangle. A cross inscribed in a circle is on the arrow.

A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. Discretionary Security Property

Answer

A

C. *-Security Property

The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property.

Question 56

Q

Question 7 tb787631.CISSPPT3E.c03.080
The Bell-LaPadula and Biba models implement state machines in a fashion that uses what specific state machine model?
A. Information flow
B. Noninterference
C. Cascading
D. Feedback

Answer

A

A. Information flow

The information flow model applies state machines to the flow of information. The Bell-LaPadula model applies the information flow model to confidentiality while the Biba model applies it to integrity.

Question 57

Q

Question 8 tb787631.CISSPPT3E.c03.047
In the ring protection model shown here, what ring contains the operating system’s kernel?

A figure shows four concentric rings. The rings are labeled, from the innermost to the outermost ring, as follows: RING 0, RING 1, RING 2, and RING 3.

A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 3

Answer

A

A. Ring 0

The kernel lies within the central ring, Ring 0. Conceptually, Ring 1 contains other operating system components. Ring 2 is used for drivers and protocols. User-level programs and applications run at Ring 3. Rings 0 through 2 run in privileged mode while Ring 3 runs in user mode. It is important to note that many modern operating systems do not fully implement this model.

Question 58

Q

Question 9 tb787631.CISSPPT3E.c03.061
Tom is a cryptanalyst and is working on breaking a cryptographic algorithm’s secret key. He has a copy of an intercepted message that is encrypted, and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in?
A. Chosen ciphertext
B. Chosen plaintext
C. Known plaintext
D. Brute force

Answer

A

C. Known plaintext

In a known plaintext attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate that ciphertext. In a chosen plaintext attack, the attacker has the ability to choose the plaintext to be encrypted. In a chosen ciphertext attack, the attacker can choose the ciphertext output. In a brute-force attack, the attacker simply tries all possible key combinations.

Question 59

Q

Question 11 tb787631.CISSPPT3E.c03.078
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
A. RSA
B. 3DES
C. AES
D. Blowfish

Answer

A

A. RSA

Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only RSA is asymmetric and supports digital signature capabilities.

Question 60

Q

Question 12 tb787631.CISSPPT3E.c03.022
What type of fire suppression system fills with water after a valve opens when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?
A. Wet pipe
B. Dry pipe
C. Deluge
D. Preaction

Answer

A

D. Preaction

A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Question 61

Q

Question 13 tb787631.CISSPPT3E.c03.068
Alice has read permissions on an object, and she would like Bob to have those same rights. Which one of the rules in the Take-Grant protection model would allow her to complete this operation?
A. Create rule
B. Remove rule
C. Grant rule
D. Take rule

Answer

A

C. Grant rule

The grant rule allows a subject to grant rights that it possesses on an object to another subject.

Question 62

Q

Question 14 tb787631.CISSPPT3E.c03.036
Which of the following statements about system development are correct? (Select all that apply.)
A. Systems should be designed to operate in a secure manner if the user performs no other configuration.
B. Systems should be designed to fall back to a secure state if they experience an error.
C. Systems should be designed to incorporate security as a design feature.
D. Systems should be designed in a manner that keeps their functionality as simple as possible.

Answer

A

A. Systems should be designed to operate in a secure manner if the user performs no other configuration.
B. Systems should be designed to fall back to a secure state if they experience an error.
C. Systems should be designed to incorporate security as a design feature.
D. Systems should be designed in a manner that keeps their functionality as simple as possible.

All of these statements are correct. The idea that systems should be designed to operate in a secure manner if the user performs no other configuration is the secure defaults principle. The idea that systems should be designed to fall back to a secure state if they experience an error is the fail securely principle. The idea that systems should be designed to incorporate security as a design feature is the security by design principle. The idea that systems should be designed in a manner that keeps their functionality as simple as possible is the keep it simple principle.

Question 63

Q

Question 15 tb787631.CISSPPT3E.c03.029
Matt’s organization recently adopted a zero-trust network architecture. Under this approach, which one of the following criteria would be LEAST appropriate to use when granting a subject access to resources?
A. Password
B. Two-factor authentication
C. IP address
D. Biometric scan

Answer

A

C. IP address

In a zero-trust network architecture, access control decisions should never be made based upon a system’s location on the network. Therefore, an IP address should never be used and would be the least appropriate of these options. While the other options have differing levels of security (two-factor authentication is clearly stronger than a password or biometrics alone), they do not violate the principles of a zero-trust network architecture.

Question 64

Q

Question 16 tb787631.CISSPPT3E.c03.027
Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
A. IDEA
B. Diffie-Hellman
C. RSA
D. MD5

Answer

A

B. Diffie-Hellman

The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network. IDEA and RSA are encryption algorithms. MD5 is a hashing function.

Answer 65

A

A. Payment of the ransom may be illegal.
B. Payment of the ransom may result in further demands for payments.

Payment of a ransom often results in the release of a decryption key, but this is not guaranteed by any means. There is also no link between the payment of a ransom and a future data breach, as an attacker may choose to release confidential information regardless of whether the ransom was paid. Depending upon applicable jurisdictions, payment of a ransom may be illegal under corrupt practices laws or embargoes against terrorist organizations. For example, the U.S. Office of Foreign Assets Control (OFAC) issued an advisory in 2020 stating that ransom payments may violate sanctions. Payment of a ransom may also cause attackers to consider the victim a “mark” and demand future payments in exchange for continued access to their data.

Answer 66

A

C. Nonrepudiation

Nonrepudiation occurs when the recipient of a message is able to demonstrate to a third party that the message came from the purported sender.

Answer 67

A

C. Parameter checking

Parameter checking, or input validation, is used to ensure that input provided by users to an application matches the expected parameters for the application. Developers may use parameter checking to ensure that input does not exceed the expected length, preventing a buffer overflow attack.

Answer 68

A

A. MD5

The MD5 hash algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments. The AES, PGP, and WPA3 algorithms are all still considered secure.

Answer 69

A

C. The application plane

The application plane of a software-defined network (SDN) is where applications run that use application programming interfaces (APIs) to communicate with the SDN about needed resources. The control plane receives instructions and sends them to the network. The last common plane is the devices themselves.

Answer 70

A

B. VLANs

VLANs can be used to logically separate groups of network ports while still providing access to an uplink. Per-room VPNs would create significant overhead for support as well as create additional expenses. Port security is used to limit what systems can connect to ports, but it doesn’t provide network security between systems. Finally, while firewalls might work, they would add expense and complexity without adding any benefits over a VLAN solution.

Answer 71

A

C. It tunnels layer 2 connections over a layer 3 network, stretching them across the underlying layer 3 network.

VXLAN tunnels layer 2 connections over a layer 3 network, in essence extending a LAN over distances or networks that it might not otherwise function over. It does not remove the distance limitations of Ethernet cables, nor does it allow multiple subnets to use the same IP space—that requires NAT or other technologies that remap addresses to avoid conflicts.

Answer 72

A

B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.

Disabling SSID broadcast can help prevent unauthorized personnel from attempting to connect to the network. Since the SSID is still active, it can be discovered by using a wireless sniffer. Encryption keys are not related to SSID broadcast, beacon frames are used to broadcast the SSID, and it is possible to have multiple networks with the same SSID.

Answer 73

A

C. 1, 4, 3, 2

In order, the layers are: Application layer, Transport layer, Internet layer, and Network Access layer.

Answer 74

A

A. Encryption, access control, nonrepudiation and message authentication.

IPsec, or Internet Protocol Security, can provide encryption, access control, nonrepudiation, and message authentication using public key cryptography. It does not provide authorization, protocol convergence, content distribution, or the other items listed.

Answer 75

A

A. MIME

Fibre Channel over Ethernet (FCoE), Internet Small Computer Systems Interface (iSCSI), and Voice over Internet Protocol (VoIP) are all examples of converged protocols that combine specialized protocols with standard protocols like TCP/IP. MIME, Multipurpose Internet Mail Extensions, is not a converged protocol.

Answer 76

A

B. RADIUS

The Remote Access Dial In User Service (RADIUS) protocol was originally designed to support dial-up modem connections but is still commonly used for VPN-based authentication. HTTPS is not an authentication protocol. ESP and AH are IPsec protocols but do not provide authentication services for other systems.

Answer 77

A

B. Use WPA3 in SAE mode.

WPA3’s new SAE (simultaneous authentication of equals) mode improves on WPA2’s PSK mode by allowing for secure authentication between clients and the wireless network without enterprise user accounts. If Ben needed to worry about support for WPA3, which may not be available to all systems that may want to connect, he might have to choose WPA2. A captive portal is often used with open guest networks, and Enterprise mode requires user accounts.

Answer 78

A

C. PEAP, because it provides encryption and doesn’t suffer from the same vulnerabilities that LEAP does

Of the three answers, PEAP is the best solution. It encapsulates EAP in a TLS tunnel, providing strong encryption. LEAP is a Cisco proprietary protocol that was originally designed to help deal with problems in WEP. LEAP’s protections have been defeated, making it a poor choice. EAP-TLS is secure but requires client certificates, making it difficult to deploy and manage.

Answer 79

A

B. A captive portal

A captive portal is a popular solution that you may be familiar with from hotels and coffee shops. They combine the ability to gather data from customers with an open network, so customer data will not be encrypted. This avoids the need to distribute network passwords but means that customers must ensure their own traffic is encrypted if they are worried about security.

Answer 80

A

A. SCADA devices that are now connected to the network can now be attacked over the network.

Multilayer protocols like DNP3 allow SCADA and other systems to use TCP/IP-based networks to communicate. Many SCADA devices were never designed to be exposed to a network, and adding them to a potentially insecure network can create significant risks. TLS or other encryption can be used on TCP packets, meaning that even serial data can be protected. Serial data can be carried via TCP packets because TCP packets don’t care about their content; it is simply another payload. Finally, TCP/IP does not have a specific throughput as designed, so issues with throughput are device-level issues.

Answer 81

A

B. VXLAN

VXLAN is an encapsulation protocol that carries VLANs across routable networks, making two different network locations appear to be on the same segment despite distance and network differences. SD-WAN is a software-defined wide area network, a way to manage and control wide area network connections. iSCSI is a storage protocol over IP, and VMWAN was made up for this question.

Answer 82

A

B. A two-tier firewall

The firewall in the diagram has two protected zones behind it, making it a two-tier firewall design.

Answer 83

A

B. CHAP

The Challenge-Handshake Authentication Protocol, or CHAP, is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks. LEAP provides reauthentication but was designed for WEP, while PAP sends passwords unencrypted. EAP is extensible and was used for PPP connections, but it doesn’t directly address the listed items.

Answer 84

A

B. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.

LEAP, the Lightweight Extensible Authentication Protocol, is a Cisco proprietary protocol designed to handle problems with TKIP. Unfortunately, LEAP has significant security issues as well and should not be used. Any modern hardware should support WPA2 and technologies like PEAP or EAP-TLS. Using WEP, the predecessor to WPA and WPA2, would be a major step back in security for any network.

Answer 85

A

B. Enhanced subscriber identity protection
C. Mutual authentication capabilities

5G technology includes both a new mutual authentication capability and additional protections for subscriber identities. It does not have specific anti-jamming security features and does not specifically use multifactor authentication.

Answer 86

A

D. A broken network cable

A broken network cable is a layer 1 problem. If you encounter a problem like this and aren’t sure, look for the answer that has a different situation or set of assumptions. Here you have three questions that occur at the network (layer 3), all of which have software or protocol implications. A broken network cable is a completely different type of issue and should stand out. Be careful, though! The exam is likely to give you two potentially valid answers to choose from, so work to get rid of the two least likely answers and spend your time on the remaining options.

Answer 87

A

C. AES

WPA2’s CCMP encryption scheme is based on AES. As of the writing of this book, there have not been any practical real-world attacks against WPA2. DES has been successfully broken, and neither 3DES nor TLS is used for WPA2.

Answer 88

A

C. PPTP, L2F, L2TP, IPsec

PPTP, L2F, L2TP, and IPsec are the most common VPN protocols. TLS is also used for an increasingly large percentage of VPN connections and may appear at some point in the CISSP exam. PPP is a dial-up protocol, LTP is not a protocol, and SPAP is the Shiva Password Authentication Protocol sometimes used with PPTP.

Answer 89

A

C. CAM table flooding

Valerie is most likely trying to prevent CAM table flooding by preventing large numbers of MAC addresses from being used on a single port. If CAM table flooding is successful, switches will not know where to send traffic and resort to sending all traffic to every port, potentially exposing traffic to attackers. IP spoofing and VLAN hopping are not prevented by port security, which focuses on hardware (MAC) addresses. MAC aggregation was made up for this question.

Answer 90

A

B. AES encryption

Zigbee uses AES to protect network traffic, providing integrity and confidentiality controls. It does not use 3DES, and ROT13 is a simple rotational cipher you might find in a cereal box or secret decoder ring.

Answer 91

A

C. The session initialization connection is unencrypted and could be viewed.

This diagram shows the use of SIP instead of SIPS, meaning that the session initialization protocol is not encrypted. Fortunately, the voice data via secure real-time transport protocol, or SRTP is encrypted. Mikayla should look into using SIPS in addition to SRTP.

Answer 92

A

C. An IPS, location B

An intrusion protection system can scan traffic and stop both known and unknown attacks. A web application firewall, or WAF, is also a suitable technology, but placing it at location C would only protect from attacks via the organization’s VPN, which should only be used by trusted users. A firewall typically won’t have the ability to identify and stop cross-site scripting attacks, and IDS systems only monitor and don’t stop attacks.

Answer 93

A

C. SIPS

SIPS, the secure version of the Session Initialization Protocol for VoIP, adds TLS encryption to keep the session initialization process secure. SVOIP and PBSX are not real protocols, but SRTP is the secure version of RTP, the Real time Transport Protocol.

Answer 94

A

B. A virtual network

A virtual network can be used to combine existing networks or to divide a network into multiple segments. Melissa can use a virtual network to combine existing networks and then use software-defined networking capabilities to allocate and manage network resources. iSCSI is a converged storage protocol. An SD-WAN is a software-defined wide area network, and this question does not specify LAN or WAN technologies. A CDN is a content distribution network and helps with load and denial-of-service attacks.

Answer 95

A

A. S/MIME

S/MIME supports both signed messages and a secure envelope method. While the functionality of S/MIME can be replicated with other tools, the secure envelope is an S/MIME-specific concept. MOSS, or MIME Object Security Services, and PEM can also both provide authentication, confidentiality, integrity, and nonrepudiation, while DKIM, or Domain Keys Identified Mail, is a domain validation tool.

Answer 96

A

A. Use a dedicated VLAN for VoIP phones and devices.
B. Require the use of SIPS and SRTP.

Wayne should consider the use of a dedicated VLAN for VoIP devices to help separate them from other networked devices, and he should also require the use of SIPS and SRTP, both secure protocols that will keep his VoIP traffic encrypted. Requiring the use of VPN for all remote VoIP devices is not necessary if SIPS and SRTP are in use, and a specific IPS for VoIP is not a typical deployment in most organizations.

Answer 97

A

B. Implement and use a locally hosted service.

If a business need requires messaging, using a local messaging server is the best option. This prevents traffic from traveling to a third-party server and can offer additional benefits such as logging, archiving, and control of security options like the use of encryption.

Answer 98

A

B. BitTorrent

BitTorrent is an example of a peer-to-peer (P2P) content delivery network. It is commonly used for legitimate purposes to distribute large files like Linux ISOs and other freely distributed software packages and files in addition to its less legitimate uses. CloudFlare, CloudFront, and Akamai’s Edge are all hosted CDNs.

Answer 99

A

A. The network uses predefined rules to optimize performance.
B. The network conducts continuous monitoring to support better performance.
C. The network uses self-learning techniques to respond to changes in the network.

SD-WAN implementations typically perform all of these functions, combining active data collection via monitoring and response via self-learning and machine intelligence techniques, and then applying predefined rules to take action to make the network perform as desired. SD-WAN does not imply or require that all connections are managed by the organization’s primary internet service provider. In fact, SD-WANs are often used to handle multiple ISPs to allow for failover and redundancy.

Answer 100

A

B. Zigbee

Zigbee is designed for this type of low-power, Internet of Things network, and would be the best option for Chris. Some versions of Bluetooth are designed to operate in low-power mode as well, but Bluetooth isn’t in this list of answers. WiFi requires more power, NFC is very short range and would not work across a building or room, and infrared requires line of sight and is rarely used for that reason.

Answer 101

A

D. PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

PEAP provides encryption for EAP methods and can provide authentication. It does not implement CCMP, which was included in the WPA2 standard. LEAP is dangerously insecure and should not be used due to attack tools that have been available since the early 2000s.

Answer 102

A

B. Use Bluetooth only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it’s not in active use.

Since Bluetooth doesn’t provide strong encryption, it should only be used for activities that are not confidential. Bluetooth PINs are four-digit codes that often default to 0000. Turning it off and ensuring that your devices are not in discovery mode can help prevent Bluetooth attacks.

Answer 103

A

A. VLAN hopping; use physically separate switches.

VLAN hopping between the voice and computer VLANs can be accomplished when devices share the same switch infrastructure. Using physically separate switches can prevent this attack. Encryption won’t help with VLAN hopping because it relies on header data that the switch needs to read (and this is unencrypted), while Caller ID spoofing is an inherent problem with VoIP systems. A denial of service is always a possibility, but it isn’t specifically a VoIP issue and a firewall may not stop the problem if it’s on a port that must be allowed through.

Answer 104

A

A. The Transport layer

The Transport layer provides logical connections between devices, including end-to-end transport services to ensure that data is delivered. Transport layer protocols include TCP, UDP, SSL, and TLS.

Answer 105

A

B. The volume of data

Endpoint security solutions face challenges due to the sheer volume of data that they can create. When each workstation is generating data about events, this can be a massive amount of data. Endpoint security solutions should reduce the number of compromises when properly implemented, and they can also help by monitoring traffic after it is decrypted on the local host. Finally, non-TCP protocols are relatively uncommon on modern networks, making this a relatively rare concern for endpoint security system implementations.

Answer 106

A

C. JPEG, ASCII, and MIDI

Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols.

Answer 107

A

A. NFS, SQL, and RPC

Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols.

Answer 108

A

B. TCP, UDP, and TLS

Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols.

Answer 109

A

D. HTTP, FTP, and SMTP

Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data. That means that standards like JPEG, ASCII, and MIDI are used at the Presentation layer for data. TCP, UDP, and TLS are used at the Transport layer; NFS, SQL, and RPC operate at the Session layer; and HTTP, FTP, and SMTP are Application layer protocols.

Answer 110

A

Layer 6, the Presentation layer, transforms data from the Application layer into formats that other systems can understand by formatting and standardizing the data.

Answer 111

A

C. A collision domain

A collision domain is the set of systems that could cause a collision if they transmitted at the same time. Systems outside a collision domain cannot cause a collision if they send at the same time. This is important, as the number of systems in a collision domain increases the likelihood of network congestion due to an increase in collisions. A broadcast domain is the set of systems that can receive a broadcast from each other. A subnet is a logical division of a network, while a supernet is made up of two or more networks.

Answer 112

A

D. VPN users should only connect from managed PCs.

Remote PCs that connect to a protected network need to comply with security settings and standards that match those required for the internal network. The VPN concentrator logically places remote users in the protected zone behind the firewall, but that means user workstations (and users) must be trusted in the same way that local workstations are.

Answer 113

A

D. 802.11ac

He should choose 802.11ac, which supports theoretical speeds up to 3.4 Gbps. 802.11n supports up to 600 Mbps, 802.11g and 802.11 a are only capable of 54 Mbps.

Answer 114

A

C. SMS messages may be received by more than one phone.

SMS messages are not encrypted, meaning that they could be sniffed and captured. While using two factors is more secure than a single factor, SMS is one of the less secure ways to implement two-factor authentication because of this. SMS messages can be spoofed, can be received by more than one phone, and are typically stored on the recipient’s phone. The primary threat here, however, is the unencrypted message itself.

Answer 115

A

A. IP address conflicts

Using the same IP range for an on-site and cloud-hosted data center can be helpful when designing a flat network, but addresses must be carefully managed and allocated even in a space as big as the 10.0.0.0/24 range. If addresses are not properly managed, conflicts may arise that could disrupt production services. MAC address conflicts should not arise unless addresses are manually changed or virtual machines are replicated without changing their MAC addresses. There is nothing in the problem to suggest routing issues.

Answer 116

A

C. Use TLS for all traffic for the collaboration platform.

Most modern applications support TLS throughout their communications allowing clients to securely connect to the service and to encrypt communications. VPN, either in software or hardware form, will be more complex and unwieldy. Software-based VPN would be more flexible, and hardware-based VPN would be more expensive and more complex. SIPS and SRTP are appropriate for a VoIP environment, but are not generally a complete solution for a modern multimedia collaboration platform like Microsoft Teams, Zoom, or WebEx.

Answer 117

A

D. WPA3

WPA3, the replacement for WPA2, adds security features including a new mode called simultaneous authentication of equals that replaces the pre-shared key mode from WPA2 with a more secure option. Overall, it provides security improvements, but may not be immediately implemented due to time for hardware and software to fully support it. WPA2 has been the most commonly deployed wireless security standard having replaced WPA and WEP.

Brainscape's Knowledge GenomeTM

CISSP OPT 3rd ED Sybex -- Wrong Only Flashcards

Brainscape's Knowledge Genome^TM