CISSP Domain 1:CISSP- Domain 2:CISSP (All Domains):
Official (ISC)²: CISSP:CISSP Domain 5:CISSP - Domain 1:
CISSP - Domain 1 Study Guide; CISSP Package Deal:
Updated A+ Guide Score Solution
Access control methodology that only uses access control lists to maintain subject
permissions for objects: - ANSWERDiscretionary access control
What is the least reliable value for a logical access control to use? -
ANSWERMandatory access control
What is best paired with a password to provide more secure authentication? -
ANSWERA fingerprint
A threat can be described as: - ANSWERAny event or action that could cause harm to
the organization
What would be the least reliable value for a logical access control to use? -
ANSWERPhysical location
What is performed in the assessment phase of risk management? -
ANSWERPenetration testing
What does not feed into the creation of a threat matrix? - ANSWERCost of replacing
water-damaged equipment
What refers to a device that has a small amount of secure storage and a
cryptographic processor - ANSWERSmart card
In order to protect the confidentiality of satellite communications you should
implement security mechanisms to: - ANSWEREncrypt satellite transmissions
A centralized approach to security has the primary advantage of: - ANSWERUniform
enforcement of security policies
The greatest advantage to a decentralized approach to security is: - ANSWERMore
adjustable to local laws and requirements
Transport of data to local hosts on a network is handled at this layer: - ANSWERData
Link Layer
User datagram protocol is: - ANSWERA connectionless, unreliable protocol
, Challenge handshake authentication protocol (CHAP) improves upon password
authentication protocol (PAP) by: - ANSWEREncrypting the password instead of
sending it in cleartext
IPSec virtual private networks (VPNs) established over asynchronous transfer mode
(ATM) permanent virtual circuits (PVCs) operate in OSI layer: - ANSWERNetwork
What is the BEST choice for sensitive business to business communication that
happens frequently but does not warrant a permanent connection - ANSWERSSL
virtual private network (SSL-VPN)
A corporate security policy requires that access to network forensics systems
because: - ANSWERThey can be used to intercept network traffic
A new manager is hired in your information security (IS) department. Human
resources has not yet completed the internal processes to have her user account
created in corporate systems. The new manager wants to review authentication logs
from one of your VPN servers. The BEST option is: - ANSWERDeny her access until
human resources has completed its processes
Written or internalized norms of an organization: - ANSWERStandards
Information security governance provides a mechanism for ensuring: - ANSWERThat
suitable information security activities are taking place to meet a company's business
goalsagainst established metrics
Which experience has the least amount of change: - ANSWERPolicies
Given an asset whose value is $100,000, the risk of a flood being once in every 15
years, and the projected damage of a flood on the asset being $20,000, what is the
annualized rate of occurrence (ARO) of this scenario? - ANSWER1/15
What could be the greatest challenge to implementing a new security strategy? -
ANSWERObtaining buy-in from employees
A vehicle or tool that exploits a weakness is a(n): - ANSWERThreat
Given an annualized loss expectancy (ALE) of $30,000, an annualized rate of
occurrence (ARO) of 0.2 and an asset value of $200,000, what is your exposure factor
(EF)? - ANSWER.75
Residual risk is: - ANSWERThe risk that remains after a control is put in place
Removing functions for back door access, ensuring that processes are running under
the lowest security context possible and removing unnecessary user accounts are
examples of - ANSWERSystem hardening
Official (ISC)²: CISSP:CISSP Domain 5:CISSP - Domain 1:
CISSP - Domain 1 Study Guide; CISSP Package Deal:
Updated A+ Guide Score Solution
Access control methodology that only uses access control lists to maintain subject
permissions for objects: - ANSWERDiscretionary access control
What is the least reliable value for a logical access control to use? -
ANSWERMandatory access control
What is best paired with a password to provide more secure authentication? -
ANSWERA fingerprint
A threat can be described as: - ANSWERAny event or action that could cause harm to
the organization
What would be the least reliable value for a logical access control to use? -
ANSWERPhysical location
What is performed in the assessment phase of risk management? -
ANSWERPenetration testing
What does not feed into the creation of a threat matrix? - ANSWERCost of replacing
water-damaged equipment
What refers to a device that has a small amount of secure storage and a
cryptographic processor - ANSWERSmart card
In order to protect the confidentiality of satellite communications you should
implement security mechanisms to: - ANSWEREncrypt satellite transmissions
A centralized approach to security has the primary advantage of: - ANSWERUniform
enforcement of security policies
The greatest advantage to a decentralized approach to security is: - ANSWERMore
adjustable to local laws and requirements
Transport of data to local hosts on a network is handled at this layer: - ANSWERData
Link Layer
User datagram protocol is: - ANSWERA connectionless, unreliable protocol
, Challenge handshake authentication protocol (CHAP) improves upon password
authentication protocol (PAP) by: - ANSWEREncrypting the password instead of
sending it in cleartext
IPSec virtual private networks (VPNs) established over asynchronous transfer mode
(ATM) permanent virtual circuits (PVCs) operate in OSI layer: - ANSWERNetwork
What is the BEST choice for sensitive business to business communication that
happens frequently but does not warrant a permanent connection - ANSWERSSL
virtual private network (SSL-VPN)
A corporate security policy requires that access to network forensics systems
because: - ANSWERThey can be used to intercept network traffic
A new manager is hired in your information security (IS) department. Human
resources has not yet completed the internal processes to have her user account
created in corporate systems. The new manager wants to review authentication logs
from one of your VPN servers. The BEST option is: - ANSWERDeny her access until
human resources has completed its processes
Written or internalized norms of an organization: - ANSWERStandards
Information security governance provides a mechanism for ensuring: - ANSWERThat
suitable information security activities are taking place to meet a company's business
goalsagainst established metrics
Which experience has the least amount of change: - ANSWERPolicies
Given an asset whose value is $100,000, the risk of a flood being once in every 15
years, and the projected damage of a flood on the asset being $20,000, what is the
annualized rate of occurrence (ARO) of this scenario? - ANSWER1/15
What could be the greatest challenge to implementing a new security strategy? -
ANSWERObtaining buy-in from employees
A vehicle or tool that exploits a weakness is a(n): - ANSWERThreat
Given an annualized loss expectancy (ALE) of $30,000, an annualized rate of
occurrence (ARO) of 0.2 and an asset value of $200,000, what is your exposure factor
(EF)? - ANSWER.75
Residual risk is: - ANSWERThe risk that remains after a control is put in place
Removing functions for back door access, ensuring that processes are running under
the lowest security context possible and removing unnecessary user accounts are
examples of - ANSWERSystem hardening
