Download ISC CISSP Mock Test Study Material [Q353-Q378]

Download ISC CISSP Mock Test Study Material

CISSP Questions Prepare with Learning Information

The CISSP certification is highly sought after by employers and can significantly enhance the career prospects of professionals in the field of information security. It is recognized by government agencies, corporations, and organizations worldwide as a standard for measuring an individual's knowledge and skills in the field of information security. Achieving CISSP certification requires hard work, dedication, and a commitment to ongoing professional development.

 

NEW QUESTION # 353
Which of the following defines the key exchange for Internet Protocol Security (IPSEC)?

• A. Internet Security Association Key Management Protocol (ISAKMP)
• B. Internet Key Exchange (IKE)
• C. Security Key Exchange (SKE)
• D. Internet Communication Messaging Protocol (ICMP)

Answer: A

Explanation:
Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled through manual process or automated a key management protocol. The Internet Security Association and Key management Protocol (ISAKMP) is an authentication and key exchange architecture that is independent of the type of keying mechanisms used. Pg 577 Shon Harris All-In-One CISSP Certification Exam Guide

NEW QUESTION # 354
Data leakage of sensitive information is MOST often concealed by which of the following?

• A. Secure Post Office Protocol (POP)
• B. Secure Hash Algorithm (SHA)
• C. Secure Sockets Layer (SSL)
• D. Wired Equivalent Privacy (WEP)

Answer: C

NEW QUESTION # 355
Which of the following s the MAIN security benefit of having continuous monitoring of a vendor?

• A. Improving vendor relationship
• B. Eliminate risk
• C. Reduced vendor cost
• D. Improved identification of issues and proactive planning

Answer: D

NEW QUESTION # 356
Who should measure the effectiveness of Information System security related controls in an organization?

• A. The business manager
• B. The systems auditor
• C. The central security manager
• D. The local security specialist

Answer: B

Explanation:
It is the systems auditor that should lead the effort to ensure that the security controls are in place and effective. The audit would verify that the controls comply with polices, procedures, laws, and regulations where applicable. The findings would provide these to senior management.
The following answers are incorrect:
the local security specialist. Is incorrect because an independent review should take place by a third party. The security specialist might offer mitigation strategies but it is the auditor that would ensure the effectiveness of the controls the business manager. Is incorrect because the business manager would be responsible that the controls are in place, but it is the auditor that would ensure the effectiveness of the controls the central security manager.
Is incorrect because the central security manager would be responsible for implementing the controls, but it is the auditor that is responsibe for ensuring their effectiveness.

NEW QUESTION # 357
Which disaster recovery/emergency management plan testing type
below is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

• A. Full-scale exercise
• B. Table-top exercise test
• C. Evacuation drill
• D. Walk-through drill

Answer: B

Explanation:
In a table-top exercise, members of the emergency management
group meet in a conference room setting to discuss their responsibilities and how they would react to emergency scenarios. Disaster recovery/emergency management plan testing scenarios have several levels, and can be called different things. The primary hierarchy
of disaster/emergency testing plan types is shown below.
Checklist review. Plan is distributed and reviewed by business
units for its thoroughness and effectiveness.
Table-top exercise or structured walk-through test. Members of
the emergency management group meet in a conference room
setting to discuss their responsibilities and how they would
react to emergency scenarios by stepping through the plan.
Walk-through drill or simulation test. The emergency management
group and response teams actually perform their emergency
response functions by walking through the test, without
actually initiating recovery procedures. More thorough than the
table-top exercise.
Functional drills. Test specific functions such as medical
response, emergency notifications, warning and communications
procedures, and equipment, although not necessarily all
at once. Also includes evacuation drills, where personnel walk
the evacuation route to a designated area where procedures for
accounting for the personnel are tested.
Parallel test or full-scale exercise. A real-life emergency situation
is simulated as closely as possible. Involves all of the participants
that would be responding to the real emergency, including
community and external organizations. The test may
involve ceasing some real production processing.
Source: Emergency Management Guide for Business and Industry,
Federal Emergency Management Agency, August 1998 and
Computer Security Basics, by Deborah Russell and G.T. Gangemi, Sr.
(OReilly, 1992).

NEW QUESTION # 358
Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

• A. Obtain the recipients private key.
• B. Obtain the recipient's digital certificate.
• C. Encrypt attachments.
• D. Digitally sign foe message.

Answer: B

Explanation:
The action that must be performed when using Secure Multipurpose Internet Mail Extension (S/MIME) before sending an encrypted message to a recipient is to obtain the recipient's digital certificate. S/MIME is a standard that enables the secure transmission of email messages over the Internet, using encryption and digital signatures. To encrypt a message using S/MIME, the sender needs to obtain the recipient's digital certificate, which contains the recipient's public key and identity information. The sender can then use the recipient's public key to encrypt the message, ensuring that only the recipient can decrypt it with their private key. The recipient's digital certificate can be obtained from a trusted source, such as a certificate authority, a directory service, or a previous message from the recipient. Obtaining the recipient's digital certificate is a prerequisite for sending an encrypted message using S/MIME. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 3: Security Engineering, page 132; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 3:
Security Engineering, page 194]

NEW QUESTION # 359
Which of the following does not address Database Management Systems (DBMS) Security?

• A. Partitioning
• B. Cell suppression
• C. Padded cells
• D. Perturbation

Answer: C

Explanation:
Padded cells complement Intrusion Detection Systems (IDSs) and are not related to DBMS security. Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan. Cell suppression is a technique used against inference attacks by not revealing information in the case where a statistical query produces a very small result set. Perturbation also addresses inference attacks but involves making minor modifications to the results to a query. Partitioning involves splitting a database into two or more physical or logical parts; especially relevant for multilevel secure databases. Source: LaROSA, Jeanette (domain leader), Application and System Development Security CISSP Open Study Guide, version 3.0, January 2002.

NEW QUESTION # 360
Which of the following is the MOST common method of memory protection?

• A. Error correction
• B. Segmentation
• C. Compartmentalization
• D. Virtual Local Area Network (VLAN) tagging

Answer: B

Explanation:
The most common method of memory protection is segmentation. Segmentation is a technique that divides the memory space into logical segments, such as code, data, stack, and heap. Each segment has its own attributes, such as size, location, access rights, and protection level. Segmentation can help to isolate and protect the memory segments from unauthorized or unintended access, modification, or execution, as well as to prevent memory corruption, overflow, or leakage. Compartmentalization, error correction, and VLAN tagging are not methods of memory protection, but of information protection, data protection, and network protection, respectively. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5: Security Engineering, page 589; Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 3: Security Architecture and Engineering, page 370.

NEW QUESTION # 361
As an analog of confidentiality labels, integrity labels in the Biba model are assigned according to which of the following rules?

• A. Objects are assigned integrity labels according to their trustworthiness; subjects are assigned classes according to the harm that would be done if the data were modified improperly.
• B. Subjects are assigned classes according to their trustworthiness; objects are assigned integrity labels according to the harm that would be done if the data were modified improperly.
• C. Integrity labels are assigned according to the harm that would occur from unauthorized disclosure of the information.
• D. Objects are assigned integrity labels identical to the corresponding confidentiality labels.

Answer: B

Explanation:
As subjects in the world of confidentiality are assigned clearances
related to their trustworthiness, subjects in the Biba model are
assigned to integrity classes that are indicative of their trustworthiness.
Also, in the context of confidentiality, objects are
assigned classifications related to the amount of harm that would be
caused by unauthorized disclosure of the object. Similarly, in the
integrity model, objects are assigned to classes related to the amount
of harm that would be caused by the improper modification of the
object. Answer a is incorrect since integrity properties and
confidentiality properties are opposites. For example, in the Bell-
LaPadula model, there is no prohibition against a subject at one
classification reading information from a lower level of
confidentiality. However, when maintenance of the integrity of data
is the objective, reading of information from a lower level of
integrity by a subject at a higher level of integrity risks
contaminating data at the higher level of integrity. Thus, the simple
and * -properties in the Biba model are complements of the
corresponding properties in the Bell-LaPadula model. Recall that the
Simple Integrity Property states that a subject at one level of integrity is not permitted to observe (read) an object of a lower integrity (no read down). Also, the *- Integrity Property states that an object at one level of integrity is not permitted to modify (write to) an object of a higher level of integrity (no write up).
* Answer "Objects are assigned integrity labels according to their trustworthiness; subjects are assigned classes according to the harm that would be done if the data were modified improperly" is incorrect since the words object and subject are interchanged.
* In answer "Integrity labels are assigned according to the harm that would occur from unauthorized disclosure of the information", unauthorized disclosure refers to confidentiality and not to integrity.

NEW QUESTION # 362
A DMZ is also known as a:

• A. bastion host.
• B. three legged firewall.
• C. screened subnet.
• D. place to attract hackers.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
With a screened subnet, two firewalls are used to create a DMZ.
Incorrect Answers:
B: The three legged model is just one way of implementing a DMZ. A DMZ can be implemented in different ways.
C: A place to attract hackers is called a honeypot, not a DMZ.
D: A bastion host is not a DMZ. It is a computer that is fully exposed to attack.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 646

NEW QUESTION # 363
The Widget company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their company. As part of the external audit they brought in an technology expert, who incidentally was a new CISSP. The auditor's expert asked to see their last risk analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assesment that was signed by both the Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and no where else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available.
Who owns the risk with regards to the data that is being backed up and where it is stored?

• A. Only the most Senior Management such as the Chief Executive Officer
• B. Only the Chief Financial Officer
• C. Both the Chief Financial Officer and Technology Manager
• D. Only The Technology Manager

Answer: B

Explanation:
One of the more important questions that face people working within an organization is who owns the risk? The answer really isn't straightforward because it depends upon the situation and what kind of risk is being discussed. Senior management owns the risk present during the operation of the organization, but there may be times when senior management also relies upon data custodians or business units managers to conduct work, and it is during these times that these other elements of the organization also shoulder some of the responsibility of risk ownership.
What does Risk Owner mean: According to the ISO Guide 73:2009, definition 3.5.1.5 and the vocabulary of the ISO31000 standard, risk owner is defined as "person or entity with the accountability and authority to manage a risk". So senior management would be ultimately responsible because responsibilities cannot be delegated. However, mamangement can assign department manager who are accountable and have the authority to manage the risk.
Dissecting this question:
This question makes you think a bit because normally, it would be the Chief Executive Officer.
However, in this scenario it was pretty clear that they drafted a quick report and put something
down to make it look like they spent time on it. Because the Chief Financial Officer was the one
that signed off on it, they are the one that stuck their neck out legally and would be the one
ultimately responsible (unless of course the Chief Financial Officer could prove in a court of law
that the other company officers knew about the false report).
The Chief Executive Officer could theortically be held responsible, but the Chief Financial Officer
signed off on it instead and accepted the risks.
The Technology Manager, while clearly in collusion with the Chief Financial Officer to draft a quick
report, is not an officer of the company and in turn would not be legally responsible. The Manager
in fact did alert management of the risk and it was up to them to accept it.
NOTE ABOUT TERMINOLOGY:
One of our very active contributor (Jason), has sent us the following feedback:
Hi, One to watch out for relating to this question in the exam, with the recent ISO27001 updates in
2013, there is a replacement of 'asset ownership' terminology with the new term 'risk ownership'.
The Chief Financial Officer is the 'risk owner' according to the new updated ISO27001 standard.
See link for year 2013 revisions for ISO27001
http://www.neupart.com/media/138936/iso27001rev2013riskmgmtprocess.pdf Note on page 3: 'In
the new version 'asset owner' is renamed 'risk owner' and you are only required to identify risks in
relation to the confidentiality, integrity and availability. Cheers Jason.
My reply: Unfortunately ISC2 does not use up to the minute content on their current exam. The
CBK has been updated only every 3 years or more in the past. So do not expect the new
terminology from the latest ISO Standards to show up on your exam yet. Maybe in the future but
for sure not in 2014.
The following answers are incorrect:
-Senior Management such as the Chief Executive Officer
-Both the Chief Financial Officer and Technology Manager
-Only The Technology Manager
The following reference(s) were/was used to create this question:
Reference: Harris, Shon (2010-01-15). CISSP All-in-One Exam Guide, Fifth Edition (p. 78).
McGraw-Hill. Kindle Edition.

NEW QUESTION # 364
Which of the following documents specifies services from the client's viewpoint?

• A. Service level agreement (SLA)
• B. Service Level Requirement (SLR)
• C. Business impact analysis (BIA)
• D. Service level report

Answer: A

NEW QUESTION # 365
Which RAID implementation is commonly called mirroring?

• A. RAID level 1
• B. RAID level 5
• C. RAID level 3
• D. RAID level 2

Answer: A

Explanation:
RAID level 1 actually mirrors data from one disk or a set of disks to another disk or set of disks. Each drive is normally mirrored to an equal drive partner that is being updated at the same time, thus allowing to recover from the other drive should one drive fail. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 65).

NEW QUESTION # 366
Which of the following is an example of a Time of Check/Time of Use (TOQTOU) problem?

• A. A user logs on with a valid profile which is revoked without termination of the session.
• B. A user session is not validated until after the log on.
• C. A user whose profile has been revoked logs on using the password of a valid user of the system.
• D. A user session is terminated immediately after the user profile is revoked.

Answer: B

NEW QUESTION # 367
The main differences between a software process assessment and a software capability evaluation are:

• A. Software process assessments and software capability evaluations are essentially identical, and there are no major differences between the two.
• B. Software capability evaluations determine the state of an
  organizations current software process and are used to gain support
  from within the organization for a software process improvement
  program; software process assessments are used to identify
  contractors who are qualified to develop software or to monitor the
  state of the software process in a current software project.
• C. Software process assessments determine the state of an
  organizations current software process and are used to gain support
  from within the organization for a software process improvement
  program; software capability evaluations are used to identify
  contractors who are qualified to develop software or to monitor the
  state of the software process in a current software project.
• D. Software process assessments are used to develop a risk profile for
  source selection; software capability evaluations are used to develop
  an action plan for continuous process improvement.

Answer: C

Explanation:
The other answers are distracters. If, in
answer "Software process assessments are used..." the terms software process assessments and software capability evaluations were interchanged, that result would also be correct.
It would then read, Software capability evaluations are used to develop a risk profile for source selection; software process assessments are used to develop an action plan for continuous process improvement.

NEW QUESTION # 368
A continuous information security-monitoring program can BEST reduce risk through which of the following?

• A. Encompassing people, process, and technology
• B. Logging both scheduled and unscheduled system changes
• C. Facilitating system-wide visibility into the activities of critical user accounts
• D. Collecting security events and correlating them to identify anomalies

Answer: A

Explanation:
A continuous information security monitoring program can best reduce risk through encompassing people, process, and technology. A continuous information security monitoring program is a process that involves maintaining the ongoing awareness of the security status, events, and activities of a system or network, by collecting, analyzing, and reporting the security data and information, using various methods and tools. A continuous information security monitoring program can provide several benefits, such as:
* Improving the security and risk management of the system or network by identifying and addressing the security weaknesses and gaps
* Enhancing the security and decision making of the system or network by providing the evidence and information for the security analysis, evaluation, and reporting
* Increasing the security and improvement of the system or network by providing the feedback and input for the security response, remediation, and optimization
* Facilitating the compliance and alignment of the system or network with the internal or external
* requirements and standards
A continuous information security monitoring program can best reduce risk through encompassing people, process, and technology, because it can ensure that the continuous information security monitoring program is holistic and comprehensive, and that it covers all the aspects and elements of the system or network security.
People, process, and technology are the three pillars of a continuous information security monitoring program, and they represent the following:
* People: the human resources that are involved in the continuous information security monitoring program, such as the security analysts, the system administrators, the management, and the users. People are responsible for defining the security objectives and requirements, implementing and operating the security tools and controls, and monitoring and responding to the security events and incidents.
* Process: the procedures and policies that are followed in the continuous information security monitoring program, such as the security standards and guidelines, the security roles and responsibilities, the security workflows and tasks, and the security metrics and indicators. Process is responsible for establishing and maintaining the security governance and compliance, ensuring the security consistency and efficiency, and measuring and evaluating the security performance and effectiveness.
* Technology: the tools and systems that are used in the continuous information security monitoring program, such as the security sensors and agents, the security loggers and collectors, the security analyzers and correlators, and the security dashboards and reports. Technology is responsible for supporting and enabling the security functions and capabilities, providing the security visibility and awareness, and delivering the security data and information.
The other options are not the best ways to reduce risk through a continuous information security monitoring program, but rather specific or partial ways that can contribute to the risk reduction. Collecting security events and correlating them to identify anomalies is a specific way to reduce risk through a continuous information security monitoring program, but it is not the best way, because it only focuses on one aspect of the security data and information, and it does not address the other aspects, such as the security objectives and requirements, the security controls and measures, and the security feedback and improvement. Facilitating system-wide visibility into the activities of critical user accounts is a partial way to reduce risk through a continuous information security monitoring program, but it is not the best way, because it only covers one element of the system or network security, and it does not cover the other elements, such as the security threats and vulnerabilities, the security incidents and impacts, and the security response and remediation. Logging both scheduled and unscheduled system changes is a specific way to reduce risk through a continuous information security monitoring program, but it is not the best way, because it only focuses on one type of the security events and activities, and it does not focus on the other types, such as the security alerts and notifications, the security analysis and correlation, and the security reporting and documentation.

NEW QUESTION # 369
Which of the following statements about the "Intranet" is NOT true?

• A. It is usually restricted to a community of users
• B. It is unrestricted and publicly available.
• C. it can work with MANS or WANS
• D. It is an add-on to a local area network.

Answer: B

Explanation:
"An intranet is a 'private' network that uses Internet technologies, such as TCP/IP. The company has Web servers and client machines using Web browsers, and it uses the TCP/IP protocol suite. The Web pages are written in Hypertext Markup Language (HTML) or Extensible Markup Language (XML) and are accessed via HTTP." Pg 395 Shon Harris: All-In-One CISSP Certification Guide.

NEW QUESTION # 370
Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Answer:

Explanation:

NEW QUESTION # 371
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?

• A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
• B. The inability to turn the drive around in the chamber for the second pass due to human error.
• C. Inadequate record keeping when sanitizing media.
• D. Degausser products may not be properly maintained and operated.

Answer: D

NEW QUESTION # 372
In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?

• A. Analysis and tracking
• B. Containment
• C. Triage
• D. Recovery

Answer: A

Explanation:
In this step, your main objective is to examine and analyze what has occurred and focus on determining the root cause of the incident.
Recovery is incorrect as recovery is about resuming operations or bringing affected systems back into production
Containment is incorrect as containment is about reducing the potential impact of an incident.
Triage is incorrect as triage is about determining the seriousness of the incident and filtering out false positives
Reference:
Official Guide to the CISSP CBK, pages 700-704

NEW QUESTION # 373
The World Trade Organization's (WTO) agreement on Trade-Related Aspects of
Intellectual Property Rights (TRIPS) requires authors of computer software to be given the

• A. right to disguise the software's geographic origin.
• B. ability to tailor security parameters based on location.
• C. ability to confirm license authenticity of their works.
• D. right to refuse or permit commercial rentals.

Answer: D

NEW QUESTION # 374
Which of the following can reproduce itself without the help of system applications or resources?

• A. Virus
• B. Trojan
• C. Backdoor
• D. Worm
• E. Logic bomb

Answer: D

Explanation:
Worms can reproduce themselves without the help of system applications or resources.

NEW QUESTION # 375
What is the MAIN purpose of a security assessment plan?

• A. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation
• B. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures
• C. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
• D. Provide technical information to executives to help them understand information security postures and secure funding.

Answer: C

NEW QUESTION # 376
Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

• A. Vulnerability management
• B. Life cycle management
• C. Software Development Life Cycle (SDLC)
• D. Penetration testing

Answer: A

Explanation:
Section: Mixed questions
Explanation/Reference: https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security- operations/vulnerability-and-patch-management/#gref

NEW QUESTION # 377
Normalizing data within a database includes all of the following except which?

• A. Eliminating attributes in a table that are not dependent on the primary key of that table
• B. Eliminating repeating groups by putting them into separate tables
• C. Eliminating duplicate key fields by putting them into separate tables
• D. Eliminating redundant data

Answer: C

Explanation:
"Data Normalization
Normalization is an important part of database design that ensures that attributes in a table
depend only on the primary key. This process makes it easier to maintain data and have
consistent reports.
Normalizing data in the database consists of three steps:
1.)Eliminating any repeating groups by putting them into separate tables
2.)Eliminating redundant data (occurring in more than one table)
3.)Eliminating attributes in a table that are not dependent on the primary key of that table"
Pg. 62 Krutz: The CISSP Prep Guide: Gold Edition

NEW QUESTION # 378
......

What is ISC CISSP Certification Exam

The ISC CISSP certification is an international standard for information security professionals. It is the only certified CISSP-ISSMP credential that is recognized by the U.S. Department of Homeland Security, United States Computer Emergency Readiness Team (US-CERT), and the National Institute of Standards and Technology (NIST).

The CISSP certification was developed by the International Information Systems Security Certification Consortium (ISC) and is widely considered one of the most difficult certifications to attain. The CISSP exam tests for knowledge of concepts such as network security, software security, cryptography, physical security, and general security principles. Candidates must pass a rigorous 8-hour long exam and demonstrate proficiency in at least 10 out of 12 knowledge areas. By passing the CISSP certification exam with the help of CISSP Dumps, professionals can prove that they have the knowledge and skills related to information security that are essential for enterprise security leaders. The CISSP certification is defined as conforming to the requirements of the National Council of Examiners for Engineering and Surveying (NCEES), the American Society for Testing and Materials (ASTM), and the International Information Systems Security Certification Consortium (ISC).

 

Most Reliable ISC CISSP Training Materials: https://www.verifieddumps.com/CISSP-valid-exam-braindumps.html

Practice Material for CISSP Exam Question Preparation: https://drive.google.com/open?id=1-4Y5IQHPkqIG0BUX_FuptyOn6ISoIytU