The
Total CISSP Exam ®
Prep Book
Practice Questions, Answers,
and Test Taking Tips and Techniques
,Contents
Introduction ............................................................................................................1
SECTION I: PRACTICE STUDY QUESTIONS
1 Access Control Systems and Methodology Domain .............................11
2 Telecommunications and Network Security Domain...........................23
3 Security Management Practices Domain.................................................33
4 Applications and System Development Security Domain ...................45
5 Cryptography Domain ...............................................................................59
6 Security Architecture and Models Domain ............................................69
7 Operations Security Domain.....................................................................79
8 Business Continuity Planning and Disaster Recovery
Planning Domain ........................................................................................91
9 Law, Investigations, and Ethics Domain...............................................103
10 Physical Security Domain ........................................................................113
SECTION II: APPENDICES
Appendix A Bibliography.............................................................................127
Appendix B Sample CISSP Exam ................................................................133
Appendix C Sample CISSP Exam with Answers ......................................179
Index ....................................................................................................................277
xv
,PRACTICE STUDY I
QUESTIONS
, Chapter 1
Access Control Systems and
Methodology Domain
The Access Control domain addresses the collection of mechanisms that
permits system managers to exercise a directing or restraining influence over
the behavior, use, and content of a system. Access control permits management
to specify what users can do, what resources they can access, and what
operations they can perform on a system.
Given the realization that information is valuable and must be secured
against misuse, disclosure, and destruction, organizations implement access
controls to ensure the integrity and security of the information which they use
to make critical business decisions. Controlling access to computing resources
and information can take on many forms. However, regardless of the method
utilized, whether technical or administrative, access controls are fundamental to
a well-developed and well-managed information security program.
This domain addresses user identification and authentication, access control
techniques and the administration of those techniques, and the evolving and
innovative methods of attack against implemented controls.
Biometrics are used to identify and authenticate individuals and are rapidly
becoming a popular approach for imposing control over access to information
because they provide the ability to positively identify someone by their
personal attributes, typically a person’s voice, handprint, fingerprint, or retinal
pattern. Although biometric devices have been around for years, new inno-
vations continue to emerge. Understanding the potential as well as the limi-
tations of these important tools is necessary so that the technology can be
applied appropriately and most effectively. We will lay the foundation here
and follow up with more detail in Domain 10, Physical Security.
Nowhere is the use of access controls more apparently important than in
protecting the privacy, confidentiality, and security of patient healthcare infor-
mation. Outside North America, especially in European countries, privacy has
11
Total CISSP Exam ®
Prep Book
Practice Questions, Answers,
and Test Taking Tips and Techniques
,Contents
Introduction ............................................................................................................1
SECTION I: PRACTICE STUDY QUESTIONS
1 Access Control Systems and Methodology Domain .............................11
2 Telecommunications and Network Security Domain...........................23
3 Security Management Practices Domain.................................................33
4 Applications and System Development Security Domain ...................45
5 Cryptography Domain ...............................................................................59
6 Security Architecture and Models Domain ............................................69
7 Operations Security Domain.....................................................................79
8 Business Continuity Planning and Disaster Recovery
Planning Domain ........................................................................................91
9 Law, Investigations, and Ethics Domain...............................................103
10 Physical Security Domain ........................................................................113
SECTION II: APPENDICES
Appendix A Bibliography.............................................................................127
Appendix B Sample CISSP Exam ................................................................133
Appendix C Sample CISSP Exam with Answers ......................................179
Index ....................................................................................................................277
xv
,PRACTICE STUDY I
QUESTIONS
, Chapter 1
Access Control Systems and
Methodology Domain
The Access Control domain addresses the collection of mechanisms that
permits system managers to exercise a directing or restraining influence over
the behavior, use, and content of a system. Access control permits management
to specify what users can do, what resources they can access, and what
operations they can perform on a system.
Given the realization that information is valuable and must be secured
against misuse, disclosure, and destruction, organizations implement access
controls to ensure the integrity and security of the information which they use
to make critical business decisions. Controlling access to computing resources
and information can take on many forms. However, regardless of the method
utilized, whether technical or administrative, access controls are fundamental to
a well-developed and well-managed information security program.
This domain addresses user identification and authentication, access control
techniques and the administration of those techniques, and the evolving and
innovative methods of attack against implemented controls.
Biometrics are used to identify and authenticate individuals and are rapidly
becoming a popular approach for imposing control over access to information
because they provide the ability to positively identify someone by their
personal attributes, typically a person’s voice, handprint, fingerprint, or retinal
pattern. Although biometric devices have been around for years, new inno-
vations continue to emerge. Understanding the potential as well as the limi-
tations of these important tools is necessary so that the technology can be
applied appropriately and most effectively. We will lay the foundation here
and follow up with more detail in Domain 10, Physical Security.
Nowhere is the use of access controls more apparently important than in
protecting the privacy, confidentiality, and security of patient healthcare infor-
mation. Outside North America, especially in European countries, privacy has
11
