Random CISSP

Question 1

Sniffing attack

Answer 1

A sniffing attack uses a sniffer (also called a packet analyzer or protocol analyzer) to capture data and can be used to read passwords sent across a network in cleartext.

Question 2

A side-channel attack

Answer 2

is a passive, noninvasive attack used against smart cards. Methods include power monitoring, timing, and fault analysis attacks.

Question 3

role-based access control

Answer 3

A role-based access control policy grants specific privileges based on roles, and roles are frequently job based or task based.

Question 4

Discretionary access controls

Answer 4

Discretionary access controls allow owners of information to control privileges

Question 5

mandatory access controls

Answer 5

mandatory access controls use labels to control privileges

Question 6

Clipping levels

Answer 6

Clipping is a form of nonstatistical sampling that reduces the amount of logged data based on a clipping-level threshold.

Question 7

Log analysis reviews

Answer 7

Log analysis reviews log information looking for trends, patterns, and abnormal or unauthorized events.

Question 8

Audit trails are considered to be what type of security control

Answer 8

Passive detective

Question 9

Audit trails

Answer 9

Audit trails are a passive form of detective security control.

Question 10

Synchronous token

Answer 10

A synchronous token generates one-time passwords and displays them in an LCD, and this password is synchronized with an authentication server.

Question 11

asynchronous token

Answer 11

An asynchronous token uses a challenge-response process to generate the token.

Question 12

Type 1 biometric error

Answer 12

A Type 1 error occurs when a valid subject is not authenticated and is also known as a false negative authentication.

Question 13

Type 2 biometric error

Answer 13

A Type 2 error occurs when an invalid subject is authenticated. This is also known as a false positive authentication.

Question 14

crossover error rate

Answer 14

The crossover error rate (also called equal error rate) compares the rate of Type 1 errors to Type 2 errors and provides a measurement of the accuracy of the biometric system.

Question 15

What is the best choice to support federated identity management systems?

Answer 15

Service Provisioning Markup Language (SPML)

Question 16

Service Provisioning Markup Language (SPML)

Answer 16

SPML is an XML-based framework used to exchange user information for single sign on (SSO) between organizations within a federated identity management system.

Question 17

Access control matrix

Answer 17

An access control matrix includes multiple subjects and objects and lists subjects’ access to various objects.

Question 18

federation

Answer 18

refers to a group of companies that share a federated identity management system for single sign-on.

Question 19

User entitlement audit

Answer 19

A user entitlement audit can detect when users have more privileges than necessary.

Question 20

A Type 2 authentication factor

Answer 20

is “something you have,” including a smart card, token device, or memory card.

Question 21

Type 3 authentication

Answer 21

is “something you are,” and some behavioral biometrics include “something you do.”

Question 22

Type 1 authentication

Answer 22

“something you know.”

Question 23

All of the following are needed for system accountability except for one. Which one is not needed?
A) Identification
B) Authentication
C) Auditing
D) Authorization

Answer 23

Authorization

Question 24

What type of access controls rely upon the use of labels?

Answer 24

Mandatory

Question 25

A VPN can be established over what types of connections?

Answer 25

A) Wireless LAN connection
B) Remote access dial-up connection
C) WAN link

Question 26

Which of the following IP addresses is not a private IP address as defined by RFC 1918?
A) 10.0.0.18
B) 169.254.1.119
C) 172.31.8.204
D) 192.168.6.43

Answer 26

The 169.254.x.x subnet is in the APIPA range, which is not part of RFC 1918.

Question 27

network segmentation

Answer 27

security practice of dividing a computer network into smaller, isolated segments to enhance security, manage traffic, and improve performance.

Question 28

4 types of network segmentation

Answer 28

Physical
Logical
Role-Based
Policy-Based

Question 29

Which of the following is not an example of network segmentation?
A) Intranet
B) DMZ
C) Extranet
D) VPN

Answer 29

VPN

Question 30

permanent virtual circuit (PVC)

Answer 30

A permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.

Question 31

Control Transparency

Answer 31

characteristic of a service, security control, or access mechanism it is unseen by users.

Question 32

addresses in RFC 1918

Answer 32

0.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255.

Question 33

Frame Relay

Answer 33

Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.

Question 34

Which of the following is not defined in RFC 1918 as one of the private IP address ranges that are not routed on the Internet?
A) 169.172.0.0-169.191.255.255
B) 192.168.0.0-192.168.255.255
C) 10.0.0.0-10.255.255.255
D) 172.16.0.0-172.31.255.255

Answer 34

169.172.0.0-169.191.255.255 is a public IP address range.

Question 35

Dynamic packet filtering

Answer 35

Dynamic packet-filtering firewalls enable the real-time modification of the filtering rules based on traffic content.

Question 36

Stateful inspection firewalls

Answer 36

Stateful inspection firewalls are able to grant a broader range of access for authorized users and activities and actively watch for and block unauthorized users and activities.

Question 37

IPSec

Answer 37

standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.