Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

cissp > Security Architecture and Engineering > Flashcards

Security Architecture and Engineering Flashcards

This domain represents 13% of the CISSP exam. Security must be incorporated into the design of information systems, as well as being key to the facilities housing information systems and workers.

1
Q

Q. 1 What’s considered a sufficient fencing height to keep out casual intruders?

12 feet
3 to 4 feet
12 feet with one strand of barbed wire
8 feet with three strands of barbed wire
A

3 to 4 feet

[Security Engineering] Three to four feet is a sufficient height to deter casual physical intruders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Q. 2 How does soda acid aid in fire suppression?

It reduces the fire’s oxygen supply
It isolates the fire’s fuel supply
It lowers the temperature below what the fire needs to sustain itself
It extinguishes the fire through a chemical reaction
A

It isolates the fire’s fuel supply

[Security Engineering] Soda acid prevents the fire’s fuel supply from reacting with oxygen in the fire triangle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Q. 3 What’s the principal feature of a mantrap?

Its advanced metal detecting capability
Only one of its two doors can be opened at a time
The high speed by which people can enter and exit a facility
Its biometric identifying capabilities
A

Only one of its two doors can be opened at a time

[Security Engineering] A mantrap controls physical access by permitting only one door in a controlled pair to be open at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Q. 4 What’s one possible weakness of a BIOS password intended to protect hard disk data?

It may be possible to read the hard disk data by placing it in another computer
It might not provide disk encryption
The encryption used is generally weak
It can be defeated by connecting jumpers together on the system board
A

It may be possible to read the hard disk data by placing it in another computer

[Asset Security] Some BIOS passwords prevent only that particular computer from accessing the hard drive; therefore, they don’t actually protect the hard drive’s contents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Q. 5 The major hierarchical classes of security protection defined in the Orange Book (TCSEC) include which of the following? Drag and drop the correct answer(s) from top to bottom.

Compartmentalized protection
Discretionary protection
Mandatory protection
Total protection
Minimal protection
Verified protection
A

Discretionary protection
Mandatory protection
Minimal protection
Verified protection

[Security Engineering] The major hierarchical classes of security protection defined in the Orange Book (TCSEC) are Minimal protection (D), Discretionary protection (C), Mandatory protection (B), and Verified protection (A).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Q. 6 After a power failure, the security doors in a data center permit all personnel to access the facility. This is known as

Fail open
Fail closed
Control closed
Control open
A

Fail open

[Security Engineering] “Fail open” describes the condition in which an access controls permits access in the event of an abnormal condition, such as a power failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Q. 7 The model that assigns classification levels to materials and to individuals to determine who can view materials based upon their classification is known as

The DoD multilevel security model
The Bell-LaPadula model
The Clark-Wilson model
The information flow model
A

The Bell-LaPadula model

[Security Engineering] The Bell-LaPadula model is used to control access to information based on the classification of that information and the clearance level of the individual who wants to view it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Q. 8 An asymmetric cryptosystem is also known as a

Message digest
Hash function
Public key cryptosystem
Secret key cryptosystem
A

Public key cryptosystem

[Security Engineering] Asymmetric cryptosystems also are known as public key cryptosystems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Q. 9 To what height should a critical building be illuminated at night?

4 feet
8 feet
12 feet
24 feet
A

8 feet

[Security Engineering] Eight feet is a sufficient height to provide visibility of most physical intruder activities at night.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Q. 10 A database containing the data structures used by an application is known as

A data encyclopedia
A data dictionary
Metadata
A schema
A

A data dictionary

[Security Engineering] A data dictionary contains information about an application’s data structures, including table names, field names, indexes, and so on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Q. 11 The sum total of all protection mechanisms in a system is known as a

Trusted Computing Base
Protection domain
Trusted path
Summation Protection Mechanism
A

Trusted Computing Base

[Security Engineering] The Trusted Computing Base (TCB) is the complete set of hardware, firmware, and/or software components that are critical to a computer system’s security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Q. 12 An algorithm that’s easy to compute in the forward direction but difficult to compute backwards is known as

A block cipher
A stream cipher
A public key function
A one-way function
A

A one-way function

[Security Engineering] A one-way function is easy to compute in the forward direction but very difficult to run backwards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Q. 13 A chart of privileges and subjects is known as a(n)

Protection ring
Chart of accounts
Access control list
Access matrix
A

Access matrix

[Security Engineering] An access matrix is used to map subjects to capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Q. 14 The amount of effort required to break a given ciphertext is known as the

Work factor
Effort function
Cryptanalysis
Extraction
A

Work factor

[Security Engineering] Work factor describes the amount of time and/or effort required to break a ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Q. 15 What term refers to an object, such as memory space in a program or a storage block on media, that may present a risk of data remanence if it is not properly cleared?

Data residency
Data resiliency
Object reuse
Data at rest
A

Object reuse

[Asset Security] Object reuse is the term that refers to an object that may present a risk of data remanence if it is not properly cleared. Data residency refers to the physical or geographic location of data. Data resiliency refers to the persistent nature of data. Data at rest refers to data that is located on storage media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Q. 16 Which of the following are examples of third-generation programming languages? Drag and drop the correct answer(s) from top to bottom.

Klingon
BASIC
C/C++
Assembler
FORTRAN
Java
A

BASIC
C/C++
FORTRAN
Java

[Security Engineering] C/C++, BASIC, FORTRAN, and Java are all examples of third-generation programming languages. An assembler is a program used to convert software code to machine language. Klingon is a fictional language used by a fictional warlike humanoid alien species, not a programming language.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Q. 17 Why would a user’s public encryption key be widely distributed?

So that cryptographers can attempt to break it
Because it is encrypted
So that others can send encrypted messages to the user
So that the user can decrypt messages from any location
A

So that others can send encrypted messages to the user

[Security Engineering] In public key cryptography, the public key doesn’t reveal any information about the secret key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Q. 18 European ITSEC level F-C2 is equivalent to what U.S. TCSEC level?

D
C1
C2
B2
A

C2

[Security Engineering] The European ITSEC level F-C2 corresponds to U.S. TCSEC level C2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Q. 19 The purpose of an operating system is to

Manage hardware resources
Compile program code
Decompile program code
Present a graphic interface to users
A

Manage hardware resources

[Security Engineering] An operating system (OS) manages computer hardware and presents a consistent interface to application programs and tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Q. 20 Object-oriented databases

Are well-suited to the storage and manipulation of complex data types
Use fewer system resources than relational databases
Are easier to learn than relational databases
Have severe restrictions on the types and sizes of data elements
A

Are well-suited to the storage and manipulation of complex data types

[Security Engineering] Object-oriented databases are well-suited for complex and large data types, but consume far more system resources than relational databases and have steep learning curves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Q. 21 What’s one disadvantage of an organization signing its own certificates?

The certificate signing function is labor-intensive
People outside the organization may receive warning messages
The user identification process is labor-intensive
It’s much more expensive than having certificates signed by a CA
A

People outside the organization may receive warning messages

[Security Engineering] The lack of a top-level (root) signature on a certificate results in warning messages stating that the certificate cannot be verified because it lacks a top-level signature (unless the organization has been granted the authority to self-sign its own certificates).

22
Q

Q. 22 Which of the following are physical preventive controls? Drag and drop the correct answer(s) from top to bottom.

CCTV
Fencing
Warning signs
Guards

A

Fencing

Guards

23
Q

Q. 23 The method of encryption in which both sender and recipient possess a common encryption key is known as

Message digest
Hash function
Public key cryptography
Secret key cryptography
A

Secret key cryptography

Security Engineering] Secret key cryptography requires both parties to possess a common, secret key.

24
Q

Q. 24 Firmware is generally stored on

ROM or EPROM
Tape
RAM
Any removable media
A

ROM or EPROM

[Security Engineering] Firmware is lower-level software, installed on a system or device, that is seldom changed and updated relatively infrequently. Therefore, it is generally stored in more permanent memory, such as ROM or EPROM.

25
Q

Q. 25 Which of the following is NOT a purpose of a digital signature?

Authentication to a key server
Detecting unauthorized changes of data
Non-repudiation
Identifying the person who signed the data
A

Authentication to a key server

[Security Engineering] Digital signatures aren’t used for authentication to a key server.

26
Q

Q. 26 Reading down the columns of a message that has been written across is an example of

A columnar transposition cipher
Calculating the columnar hash
Calculating the checksum
Calculating the modulo
A

A columnar transposition cipher

[Security Engineering] In a columnar transposition cipher, the cryptographer writes across (horizontally), but the message is read down (vertically).

27
Q

Q. 27 One risk related to unknown SSL certificates in a browser session is

A man in the browser attack
A compromised WPA key
A compromised WEP key
A man in the middle attack
A

A man in the middle attack

[Security Engineering] Unknown SSL certificates encountered in a browser may be an indication of a malicious proxy that is decrypting and examining SSL traffic in a session.

28
Q

Q. 28 An evaluation of security features in an information system against a set of security requirements is known as a(n)

Protection
Certification
Accreditation
Verification
A

Certification

[Security Engineering] A certification is the formal evaluation of security features according to a set of security requirements.

29
Q

Q. 29 Which of the following are examples of security modes in a system? Drag and drop the correct answer(s) from top to bottom.

Compartmented
Dedicated
Authenticated
Privileged
Multilevel
Windows Compatibility
System High
A

Compartmented
Dedicated
Multilevel
System High

[Security Engineering] Dedicated, System High, Multilevel, and Compartmented are security modes used to control how users can access information depending on the classification of the information.

30
Q

Q. 30 How does water aid in fire suppression?

It reduces the fire’s oxygen supply
It isolates the fire’s fuel supply
It lowers the temperature below what the fire needs to sustain itself
It extinguishes the fire through a chemical reaction
A

It lowers the temperature below what the fire needs to sustain itself

[Security Engineering] Water primarily removes the heat element from the fire triangle. To some extent, water can also create a barrier separating the fuel and oxygen elements of the fire triangle.

31
Q

Q. 31 Object-oriented and relational are examples of

Types of programming languages
Types of database records
Types of database queries
Types of databases
A

Types of databases

[Security Engineering] Object-oriented and relational are types of databases.

32
Q

Q. 32 Why should a data center’s walls go all the way to the ceiling and not just stop at the suspended ceiling?

The walls will be stronger
The HVAC will run more efficiently
To prevent an intruder from entering the data center by climbing over the wall
The high wall will block more noise
A

To prevent an intruder from entering the data center by climbing over the wall

[Security Engineering] The primary reason for extending a wall from the floor to the ceiling in a data center is to prevent an intruder from gaining access above a suspended ceiling or below a raised floor.

33
Q

Q. 33 The substitution cipher that shifts characters by 13 positions, which is used by UNIX systems, is known as

Crypt
ROOT 13
ROT 13
ROTOR 13
A

ROT 13

[Security Engineering] UNIX used the simple substitution cipher called ROT 13 to obfuscate messages. It was most often used in newsgroups to hide off-color jokes from those who were easily offended and didn’t want to read them. ROT 13 wasn’t meant to be difficult to decrypt – only to make text unrecognizable on sight.

34
Q

Q. 34 How does CO2 aid in fire suppression?

It reduces the fire’s oxygen supply
It isolates the fire’s fuel supply
It lowers the temperature below what the fire needs to sustain itself
It extinguishes the fire through a chemical reaction
A

It reduces the fire’s oxygen supply

[Security Engineering] CO2 displaces oxygen long enough to stop a fire’s chemical reaction.

35
Q

Q. 35 The science of hiding the true meaning of messages from unintended recipients is known as

Cryptosystem
Cryptology
Cryptography
Enciphering
A

Cryptography

[Security Engineering] Cryptography is the art of hiding the meaning of messages so that unintended recipients can’t read those messages.

36
Q

Q. 36 What are the main types of water sprinkler systems used in fire suppression? Drag and drop the correct answer(s) from top to bottom.

Deluge
Dry pipe
Postaction
Rotating head
Preaction
Wet pipe
A

Deluge
Dry pipe
Preaction
Wet pipe

[Security Engineering] Dry pipe, wet pipe, deluge, and preaction are the main types of water sprinkler systems used in fire suppression.

37
Q

Q. 37 The Bell-LaPadula model is an example of

An accreditation model
A Take-Grant model
An integrity model
An access-control model
A

An access-control model

Security Engineering] Bell-LaPadula is an access control model.

38
Q

Q. 38 Which of the following is NOT an advantage of cipher locks over access-card locks?

Cipher locks are independent and work even when centralized systems can’t
A cipher lock may be more cost-effective than an access-card lock for one door
Cipher locks offer better centralized control than do access-card locks
Cipher locks are self-contained, requiring no external power or wiring
A

Cipher locks offer better centralized control than do access-card locks

[Security Engineering] Cipher locks usually do not provide centralized control.

39
Q

Q. 39 Tailgating is a term describing what activity?

Logging in to a server from two or more locations
Causing a PBX to permit unauthorized long distance calls
Following an employee through an uncontrolled access point
Following an employee through a controlled access point
A

Following an employee through a controlled access point

40
Q

Q. 40 In the event of a power failure, what does fail closed mean in the context of controlled building entrances?

Controlled entrances permit no one to pass
Controlled entrances permit people to pass without identification
The access control computer is down
Everyone is permitted to enter the building
A

Controlled entrances permit no one to pass

[Security Engineering] “Fail closed” refers to any controlling mechanism that defaults to a locked position if it fails, thereby permitting entry by no one (including authorized persons).

41
Q

Q. 41 A given symmetric cryptosystem uses a 64-bit key size. If an asymmetric cryptosystem is used instead, what key size is required to give the equivalent strength of the symmetric cryptosystem?

2048 bits
512 bits
64 bits
24 bits
A

512 bits

[Security Engineering] An asymmetric cryptosystem must use a 512-bit key size to match the strength of a symmetric cryptosystem using a 64-bit key.

42
Q

Q. 42 Data mining

Can be performed by privileged users only
Is generally performed after hours because it’s resource intensive
Refers to searches for correlations in a data warehouse
Is the term used to describe a hacker who has broken into a databas
A

Refers to searches for correlations in a data warehouse

[Security Engineering] Data mining describes searches for correlations, patterns, and trends in a data warehouse.

43
Q

Q. 43 What’s the purpose of memory protection?

It protects memory from malicious code
It prevents a program from being able to access memory used by another program
Memory protection is another term used to describe virtual memory backing store
It ensures that hardware refresh is frequent enough to maintain memory integrity
A

It prevents a program from being able to access memory used by another program

[Security Engineering] Memory protection is a machine-level security feature that prevents one program from being able to read or alter memory assigned to another program.

44
Q

Q. 44 A water sprinkler system characterized as always having water in the pipes is known as

Dry-pipe
Wet-pipe
Preaction
Discharge
A

Wet-pipe

[Security Engineering] A wet-pipe sprinkler system always has water in the pipes.

45
Q

Q. 45 Drain pipes that channel liquids away from a building are called

Positive drains
Neutral drains
Storm drains
Negative drains
A

Positive drains

[Security Engineering] Positive drains carry liquids away from a building.

46
Q

Q. 46 What’s the purpose of a back door?

Provides an alternate means of authentication
Permits a function when the security officer is absent
Used to bypass the guarded main entrance of a secure facility
Used to bypass one or more security controls
A

Used to bypass one or more security controls

[Software Development Security] A back door is used to circumvent security controls.

47
Q

Q. 47 Steganography isn’t easily noticed because

Monitor and picture quality are so good these days
Most PC speakers are turned off or disabled
The human eye cannot discern the noise that steganography introduces
Checksums can’t detect most steganographed images
A

The human eye cannot discern the noise that steganography introduces

[Security Engineering] Steganography is difficult to detect visually in an image.

48
Q

Q. 48 An unintended and unauthorized communication path is known as a

Covert channel
Back door
Front door
Side door
A

Covert channel

[Security Engineering] A covert channel is an unintended and unauthorized communication path.

49
Q

Q. 49 The security mode in which all users have the required clearance and authorization to access information is known as:

Dedicated
Compartmented
Trusted
Labeled
A

Dedicated

[Security Engineering] In a dedicated mode information system, all users have both the clearance and authorization to access information.

50
Q

Q. 50 The model that incorporates constrained data items and procedures for verifying and changing integrity states is known as

    The Bell-LaPadula integrity model
    The Clark-Wilson integrity model
    Your selection is incorrect
    The Wilson-Phillips integrity model
    The information flow mode
A

The Clark-Wilson integrity model

[Security Engineering] Clark-Wilson starts with a constrained data item (CDI), confirms integrity state by using the integrity verification procedure (IVP), and changes integrity state by using the transformation procedure (TP). Bell-LaPadula and information flow are access control models. Wilson Phillips (without a hyphen) is an awesome band from the 1990s!

51
Q

Q. 51 Why should computer and office equipment be checked in and checked out at a building entrance?

So that IT knows whether it’s available in the event of a disaster
Fixed asset personnel can keep location records up-to-date
To deter employees from trying to steal computer equipment
To account for what would otherwise be metal detector alarms
A

To deter employees from trying to steal computer equipment

[Security Engineering] Equipment check-in and check-out procedures can help deter theft.

cissp (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions