CISSP (Chapter 1) Flashcards Preview

CISSP > CISSP (Chapter 1) > Flashcards

Flashcards in CISSP (Chapter 1) Deck (48):
1

Which of the following provides an incorrect characteristic of a memory leak?

A. Common programming error
B. Common when languages that have no built-in automatic garbage collection are used
C. Common in applications written in Java
D. Common in applications written in C++

C

2

Which of the following is the best description pertaining to the “Trusted Computing Base”?

A. The term originated from the Orange Book and pertains to firmware.
B. The term originated from the Orange Book and addresses the security mechanisms that are only implemented by the operating system.
C. The term originated from the Orange Book and contains the protection mechanisms within a system.
D. The term originated from the Rainbow Series and addressed the level of significance each mechanism of a system portrays in a secure environment.

C

3

Which of the following is the best description of the security kernel and the reference monitor?

A. The reference monitor is a piece of software that runs on top of the security kernel. The reference monitor is accessed by every security call of the security kernel. The security kernel is too large to test and verify.
B. The reference monitor concept is a small program that is not related to the security kernel. It will enforce access rules upon subjects who attempt to access specific objects. This program is regularly used with modern operating systems.
C. The reference monitor concept is used strictly for database access control and is one of the key components in maintaining referential integrity within the system. It is impossible for the user to circumvent the reference monitor.
D. The reference monitor and security kernel are core components of modern operating systems. They work together to mediate all access between subjects and objects. They should not be able to be circumvented and must be called upon for every access attempt.

D

4

Which of the following models incorporates the idea of separation of duties and requires that all modifications to data and objects be done through programs?

A. State machine model
B. Bell-LaPadula model
C. Clark-Wilson model
D. Biba model

C

5

Which of the following best describes the hierarchical levels of privilege within the architecture of a computer system?

A. Computer system ring structure
B. Microcode abstraction levels of security
C. Operating system user mode
D. Operating system kernel mode

A

6

Which of the following is an untrue statement?

i. Virtual machines can be used to provide secure, isolated sandboxes for running untrusted applications.
ii. Virtual machines can be used to create execution environments with resource limits and, given the right schedulers, resource guarantees.
iii. Virtualization can be used to simulate networks of independent computers.
iv. Virtual machines can be used to run multiple operating systems simultaneously: different versions, or even entirely different systems, which can be on hot standby.

A. All of them
B. None of them
C. i, ii
D. ii, iii

B

7

Which of the following is the best means of transferring information when parties do not have a shared secret and large quantities of sensitive information must be transmitted?

A. Use of public key encryption to secure a secret key, and message encryption using the secret key
B. Use of the recipient’s public key for encryption, and decryption based on the recipient’s private key
C. Use of software encryption assisted by a hardware encryption accelerator
D. Use of elliptic curve encryption

A

8

Which algorithm did NIST choose to become the Advanced Encryption Standard (AES) replacing the Data Encryption Standard (DES)?

A. DEA
B. Rijndael
C. Twofish
D. IDEA

B

9

John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company.

In this scenario, fire is considered which of the following?

A. Vulnerability
B. Threat
C. Risk
D. Countermeasure

B

10

John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company.

In this scenario, the sprinkler system is considered which of the following?

A. Vulnerability
B. Threat
C. Risk
D. Countermeasure

D

11

John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company.

In this scenario, the likelihood and damage potential of a fire is considered which of the following?

A. Vulnerability
B. Threat
C. Risk
D. Countermeasure

C

12

A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place.

What is the single loss expectancy (SLE) for the facility suffering from a fire?

A. $80,000
B. $480,000
C. $320,000
D. 60 percent

B

13

A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place.

What is the annualized rate of occurrence (ARO)?

A. 1
B. 10
C. .1
D. .01

C

14

A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place.

What is the annualized loss expectancy (ALE)?

A. $480,000
B. $32,000
C. $48,000
D. .6

C

15

Which of the following is not a characteristic of Protected Extensible Authentication Protocol?

A. Authentication protocol used in wireless networks and point-to-point connections
B. Designed to provide improved secure authentication for 802.11 WLANs
C. Designed to support 802.1x port access control and Transport Layer Security
D. Designed to support password-protected connections

D

16

Which of the following best describes the Temporal Key Integrity Protocol’s (TKIP) role in the 802.11i standard?

A. It provides 802.1x and EAP to increase the authentication strength.
B. It requires the access point and the wireless device to authenticate to each other.
C. It sends the SSID and MAC value in ciphertext.
D. It adds more keying material for the RC4 algorithm.

D

17

Vendors have implemented various solutions to overcome the vulnerabilities of the wired equivalent protocol (WEP). Which of the following provides an incorrect mapping between these solutions and their characteristics?

A. LEAP requires a PKI.
B. PEAP only requires the server to authenticate using a digital certificate.
C. EAP-TLS requires both the wireless device and server to authenticate using digital certificates.
D. PEAP allows the user to provide a password

A

18

Encapsulating Security Payload (ESP), which is one protocol within the IPSec protocol suite, is primarily designed to provide which of the following?

A. Confidentiality
B. Cryptography
C. Digital signatures
D. Access control

A

19

Which of the following redundant array of independent disks implementations uses interleave parity?

A. Level 1
B. Level 2
C. Level 4
D. Level 5

D

20

Which of the following is not one of the stages of the dynamic host configuration protocol (DHCP) lease process?

i. Discover
ii. Offer
iii. Request
iv. Acknowledgment

A. All of them
B. None of them
C. i
D. ii

B

21

Which of the following has been deemed by the Internet Architecture Board as unethical behavior for Internet users?

A. Creating computer viruses
B. Monitoring data traffic
C. Wasting computer resources
D. Concealing unauthorized accesses

C

22

Most computer-related documents are categorized as which of the following types of evidence?

A. Hearsay evidence
B. Direct evidence
C. Corroborative evidence
D. Circumstantial evidence

A

23

During the examination and analysis process of a forensics investigation, it is critical that the investigator works from an image that contains all of the data from the original disk. The image must have all but which of the following characteristics?

A. Byte-level copy
B. Captured slack spaces
C. Captured deleted files
D. Captured unallocated clusters

A

24

__________ is a process of interactively producing more detailed versions of objects by populating variables with different values. It is often used to prevent inference attacks.

A. Polyinstantiation
B. Polymorphism
C. Polyabsorbtion
D. Polyobject

A

25

Tim is a software developer for a financial institution. He develops middleware software code that carries out his company’s business logic functions. One of the applications he works with is written in the C programming language and seems to be taking up too much memory as it runs over a period of time. Which of the following best describes what Tim needs to look at implementing to rid this software of this type of problem?

A. Bounds checking
B. Garbage collection
C. Parameter checking
D. Compiling

B

26

__________ is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program.

A. Agile testing
B. Structured testing
C. Fuzzing
D. EICAR

C

27

Which type of malware can change its own code, making it harder to detect with antivirus software?

A. Stealth virus
B. Polymorphic virus
C. Trojan horse
D. Logic bomb

B

28

What is derived from a passphrase?

A. A personal password
B. A virtual password
C. A user ID
D. A valid password

B

29

Which access control model is user-directed?

A. Nondiscretionary
B. Mandatory
C. Identity-based
D. Discretionary

D

30

Which item is not part of a Kerberos authentication implementation?

A. A message authentication code
B. A ticket-granting ticket
C. Authentication service
D. Users, programs, and services

A

31

If a company has a high turnover rate, which access control structure is best?

A. Role-based
B. Decentralized
C. Rule-based
D. Discretionary

A

32

In discretionary access control, who/what has delegation authority to grant access to data?

A. A user
B. A security officer
C. A security policy
D. An owner

D

33

Remote access security using a token one-time password generation is an example of which of the following?

A. Something you have
B. Something you know
C. Something you are
D. Two-factor authentication

A

34

What is a crossover error rate (CER)?

A. A rating used as a performance metric for a biometric system
B. The number of Type I errors
C. The number of Type II errors
D. The number reached when Type I errors exceed the number of Type II errors

A

35

What does a retina scan biometric system do?

A. Examines the pattern, color, and shading of the area around the cornea
B. Examines the patterns and records the similarities between an
individual’s eyes
C. Examines the pattern of blood vessels at the back of the eye
D. Examines the geometry of the eyeball

C

36

If you are using a synchronous token device, what does this mean?

A. The device synchronizes with the authentication service by using internal time or events.
B. The device synchronizes with the user’s workstation to ensure the credentials it sends to the authentication service are correct.
C. The device synchronizes with the token to ensure the timestamp is valid and correct.
D. The device synchronizes by using a challenge-response method with the authentication service.

A

37

What is a clipping level?

A. The threshold for an activity
B. The size of a control zone
C. Explicit rules of authorization
D. A physical security mechanism

A

38

Which intrusion detection system would monitor user and network behavior?

A. Statistical/anomaly-based
B. Signature-based
C. Static
D. Host-based

A

39

When should a Class C fire extinguisher be used instead of a Class A?

A. When electrical equipment is on fire
B. When wood and paper are on fire
C. When a combustible liquid is on fire
D. When the fire is in an open area

A

40

How does halon suppress fires?

A. It reduces the fire’s fuel intake.
B. It reduces the temperature of the area.
C. It disrupts the chemical reactions of a fire.
D. It reduces the oxygen in the area.

C

41

What is the problem with high humidity in a data processing environment?

A. Corrosion
B. Fault tolerance
C. Static electricity
D. Contaminants

A

42

What is the definition of a power fault?

A. Prolonged loss of power
B. Momentary low voltage
C. Prolonged high voltage
D. Momentary power outage

D

43

Who has the primary responsibility of determining the classification level for information?

A. The functional manager
B. Middle management
C. The owner
D. The user

C

44

Which best describes the purpose of the ALE calculation?

A. It quantifies the security level of the environment.
B. It estimates the loss potential from a threat.
C. It quantifies the cost/benefit result.
D. It estimates the loss potential from a threat in a one-year time span.

D

45

How do you calculate residual risk?

A. Threats × risks × asset value
B. (Threats × asset value × vulnerability) × risks
C. SLE × frequency
D. (Threats × vulnerability × asset value) × control gap

D

46

What is the Delphi method?

A. A way of calculating the cost/benefit ratio for safeguards
B. A way of allowing individuals to express their opinions anonymously
C. A way of allowing groups to discuss and collaborate on the best security approaches
D. A way of performing a quantitative risk analysis

B

47

What are the necessary components of a smurf attack?

A. Web server, attacker, and fragment offset
B. Fragment offset, amplifying network, and victim
C. Victim, amplifying network, and attacker
D. DNS server, attacker, and web server

C

48

What do the reference monitor and security kernel do in an operating system?

A. Intercept and mediate a subject attempting to access objects
B. Point virtual memory addresses to real memory addresses
C. House and protect the security kernel
D. Monitor privileged memory usage by applications

A