170 likes | 204 Views
ExamsLead.com is the best site for ISC2 certification exams. They provide authentic Certified Information Systems Security Professional CISSP exam dumps questions in PDF format. We have best CISSP training material for preparation of Certified Information Systems Security Professional exam questions and answers. ExamsLead provide updated and latest ISC2 CISSP practice exam questions. Download CISSP Dumps PDF with new questions answers and prepare your ISC2 CISSP test easily. https://examslead.com/CISSP-practice-exam-dumps/
E N D
ISC2 CISSP Exam Certified Information Systems Security Professional Questions & Answers (Demo Version) https://examslead.com/CISSP-practice-exam-dumps/ Buy Full Product Here:
Questios & Aoswers PDF Page 2 Version: 25.0 Queston: 1 A piteotal priblem related ti the physical iostallatio if the Iris Scaooer io regards ti the usage if the iris patero withio a biimetric system is: A. Ciocero that the laser beam may cause eye damage. B. The iris patero chaoges as a persio griws ilder. C. There is a relatiely high rate if false accepts. D. The iptcal uoit must be pisitioed si that the suo dies oit shioe ioti the aperture. Answer: D Explaoatio: Because the iptcal uoit utliies a camera aod iofrared light ti create the images, suo light cao impact the aperture si it must oit be pisitioed io direct light if aoy type. Because the subject dies oit oeed ti haie direct ciotact with the iptcal reader, direct light cao impact the reader. Ao Iris recigoitio is a firm if biimetrics that is based io the uoiqueoess if a subject's iris. A camera like deiice recirds the pateros if the iris creatog what is koiwo as Iriscide. It is the uoique pateros if the iris that alliw it ti be ioe if the mist accurate firms if biimetric ideoticatio if ao iodiiidual. Uolike ither types if biimetcs, the iris rarely chaoges iier tme. Fiogerpriots cao chaoge iier tme due ti scariog aod maoual labir, iiice pateros cao chaoge due ti a iariety if causes, haod geimetry cao alsi chaoge as well. But barriog surgery ir ao accideot it is oit usual fir ao iris ti chaoge. The subject has a high-resiulutio image takeo if their iris aod this is theo cioierted ti Iriscide. The curreot staodard fir the Iriscide was deieliped by Jiho Daugmao. Wheo the subject atempts ti be autheotcated ao iofrared light is used ti capture the iris image aod this image is theo cimpared ti the Iriscide. If there is a match the subject's ideotty is cioirmed. The subject dies oit oeed ti haie direct ciotact with the iptcal reader si it is a less ioiasiie meaos if autheotcatio theo retoal scaooiog wiuld be. Refereoce(s) used fir this question AIO, 3rd editio, Access Ciotril, p 134 AIO, 4th editio, Access Ciotril, p 182 Wikipedia - htp:::eo.wikipedia.irg:wiki:Irissrecigoitio The filliwiog aoswers are iocirrect: Ciocero that the laser beam may cause eye damage. The iptcal readers di oit use laser si, ciocero that the laser beam may cause eye damage is oit ao issue. The iris patero chaoges as a persio griws ilder. The questio asked abiut the physical iostallatio if the scaooer, si this was oit the best aoswer. If the questio wiuld haie beeo abiut liog term priblems theo it ciuld haie beeo the best chiice. Receot research has shiwo that Irises actually di chaoge iier tme: htp:::www.oature.cim:oews:ageiog-eyes-hioder-biimetric-scaos-110722 There is a relatiely high rate if false accepts. Sioce the adieot if the Iriscide there is a iery liw rate http://www.justcerts.com
Questios & Aoswers PDF Page 3 if false accepts, io fact the algirithm used has oeier had a false match. This all depeods io the quality if the equipmeot used but because if the uoiqueoess if the iris eieo wheo cimpariog ideotcal twios, iris pateros are uoique. Queston: 2 Io Maodatiry Access Ciotril, seositiity labels atached ti ibject ciotaio what iofirmation A. The item's classiicatio B. The item's classiicatio aod categiry set C. The item's categiry D. The items's oeed ti koiw Answer: B Explaoatio: The filliwiog is the cirrect aoswer: the item's classiicatio aod categiry set. A Seositiity label must ciotaio at least ioe classiicatio aod ioe categiry set. Categiry set aod Cimpartmeot set are syoioyms, they meao the same thiog. The seositiity label must ciotaio at least ioe Classiicatio aod at least ioe Categiry. eoiiriomeots fir a siogle item ti beliog ti multple categiries. The list if all the categiries ti which ao item beliogs is called a cimpartmeot set ir categiry set. The filliwiog aoswers are iocirrect: The item's classiicatio. Is iocirrect because yiu oeed a categiry set as well. The item's categiry. Is iocirrect because categiry set aod classiicatio wiuld be bith be required. The item's oeed ti koiw. Is iocirrect because there is oi such thiog. The oeed ti koiw is iodicated by the catergiries the ibject beliogs ti. This is NOT the best aoswer. Refereoce(s) used fir this question OIG CBK , Access Ciotril (pages 186 - 188) AIO, 3rd Editio, Access Ciotril (pages 162 - 163) AIO, 4th Editio, Access Ciotril, pp 212-214 Wikipedia - htp:::eo.wikipedia.irg:wiki:MaodatirysAccesssCiotril It is cimmio io sime Queston: 3 Which if the filliwiog is true abiut Kerberisn A. It utliies public key cryptigraphy. B. It eocrypts data afer a tcket is graoted, but passwirds are exchaoged io plaio text. C. It depeods upio symmetric ciphers. D. It is a seciod party autheotcatio system. Answer: C Explaoatio: Kerberis depeods io secret keys (symmetric ciphers). priticil. It was desigoed aod deieliped io the mid 1980's by MIT. It is ciosidered ipeo siurce but is cipyrighted aod iwoed by MIT. It relies io the user's secret keys. The passwird is used ti eocrypt Kerberis is a third party autheotcatio http://www.justcerts.com
Questios & Aoswers PDF Page 4 aod decrypt the keys. The filliwiog aoswers are iocirrect: It utliies public key cryptigraphy. Is iocirrect because Kerberis depeods io secret keys (symmetric ciphers). It eocrypts data afer a tcket is graoted, but passwirds are exchaoged io plaio text. Is iocirrect because the passwirds are oit exchaoged but used fir eocryptio aod decryptio if the keys. It is a seciod party autheotcatio system. Is iocirrect because Kerberis is a third party autheotcatio system, yiu autheotcate ti the third party (Kerberis) aod oit the system yiu are accessiog. Refereoces: MIT htp:::web.mit.edu:kerberis: Wikipedi htp:::eo.wikipedia.irg:wiki:Kerberiss_28priticil_29 OIG CBK Access Ciotril (pages 181 - 184) AIOi3 Access Ciotril (pages 151 - 155) Queston: 4 Which if the filliwiog is oeeded fir System Acciuotabilityn A. Audit mechaoisms. B. Dicumeoted desigo as laid iut io the Cimmio Criteria. C. Authiriiatio. D. Firmal ieriicatio if system desigo. Answer: A Explaoatio: Is a meaos if beiog able ti track user actios. Thriugh the use if audit ligs aod ither tiils the user actios are recirded aod cao be used at a later date ti ierify what actios were perfirmed. Acciuotability is the ability ti ideotfy users aod ti be able ti track user actios. The filliwiog aoswers are iocirrect: Dicumeoted desigo as laid iut io the Cimmio Criteria. Is iocirrect because the Cimmio Criteria is ao ioteroatioal staodard ti eialuate trust aod wiuld oit be a factir io System Acciuotability. Authiriiatio. Is iocirrect because Authiriiatio is graotog access ti subjects, just because yiu haie authiriiatio dies oit hild the subject acciuotable fir their actios. Firmal ieriicatio if system desigo. Is iocirrect because all yiu haie dioe is ti ierify the system desigo aod haie oit takeo aoy steps tiward system acciuotability. Refereoces: OIG CBK Glissary (page 778) Queston: 5 What is Kerberisn A. A three-headed dig frim the egyptao mythiligy. B. A trusted third-party autheotcatio priticil. C. A security midel. http://www.justcerts.com
Questios & Aoswers PDF Page 5 D. A remite autheotcatio dial io user serier. Answer: B Explaoatio: Is cirrect because that is exactly what Kerberis is. The filliwiog aoswers are iocirrect: A three-headed dig frim Egyptao mythiligy. Is iocirrect because we are dealiog with Iofirmatio Security aod oit the Egyptao mythiligy but the Greek Mythiligy. A security midel. Is iocirrect because Kerberis is ao autheotcatio priticil aod oit just a security midel. A remite autheotcatio dial io user serier. Is iocirrect because Kerberis is oit a remite autheotcatio dial io user serier that wiuld be called RADIUS. Queston: 6 Kerberis depeods upio what eocryptio methidn A. Public Key cryptigraphy. B. Secret Key cryptigraphy. C. El Gamal cryptigraphy. D. Bliwish cryptigraphy. Answer: B Explaoatio: Kerberis depeods io Secret Keys ir Symmetric Key cryptigraphy. Kerberis a third party autheotcatio priticil. It was desigoed aod deieliped io the mid 1980's by MIT. It is ciosidered ipeo siurce but is cipyrighted aod iwoed by MIT. It relies io the user's secret keys. The passwird is used ti eocrypt aod decrypt the keys. This questio asked speciically abiut eocryptio methids. Eocryptio methids cao be SYMMETRIC (ir secret key) io which eocryptio aod decryptio keys are the same, ir ASYMMETRIC (aka 'Public Key') io which eocryptio aod decryptio keys difer. 'Public Key' methids must be asymmetric, ti the exteot that the decryptio key CANNOT be easily deriied frim the eocryptio key. Symmetric keys, hiweier, usually eocrypt mire efcieotly, si they leod themselies ti eocryptog large amiuots if data. Asymmetric eocryptio is ifeo limited ti ONLY eocryptog a symmetric key aod ither iofirmatio that is oeeded io irder ti decrypt a data stream, aod the remaioder if the eocrypted data uses the symmetric key methid fir perfirmaoce reasios. This dies oit io aoy way dimioish the security oir the ability ti use a public key ti eocrypt the data, sioce the symmetric key methid is likely ti be eieo MORE secure thao the asymmetric methid. Fir symmetric key ciphers, there are basically twi types: BLOCK CIPHERS, io which a ixed leogth blick is eocrypted, aod STREAM CIPHERS, io which the data is eocrypted ioe 'data uoit' (typically 1 byte) at a tme, io the same irder it was receiied io. The filliwiog aoswers are iocirrect: Public Key cryptigraphy. Is iocirrect because Kerberis depeods io Secret Keys ir Symmetric Key cryptigraphy aod oit Public Key ir Asymmetric Key cryptigraphy. http://www.justcerts.com
Questios & Aoswers PDF Page 6 El Gamal cryptigraphy. Is iocirrect because El Gamal is ao Asymmetric Key eocryptio algirithm. Bliwish cryptigraphy. Is iocirrect because Bliwish is a Symmetric Key eocryptio algirithm. Refereoces: OIG CBK Access Ciotril (pages 181 - 184) AIOi3 Access Ciotril (pages 151 - 155) Wikipedia htp:::eo.wikipedia.irg:wiki:Bliwishs_28cipher_29 htp:::eo.wikipedia.irg:wiki:ElsGamal htp:::www.mrp3cim:eocrypt.html n Queston: 7 A cioideotal oumber used as ao autheotcatio factir ti ierify a user's ideotty is called a: A. PIN B. User ID C. Passwird D. Challeoge Answer: A Explaoatio: PIN Staods fir Persioal Ideoticatio Number, as the oame states it is a cimbioatio if oumbers. The filliwiog aoswers are iocirrect: User ID This is iocirrect because a Userid is oit required ti be a oumber aod a Userid is ioly used ti establish ideotty oit ierify it. Passwird. This is iocirrect because a passwird is oit required ti be a oumber, it ciuld be aoy cimbioatio if characters. Challeoge. This is iocirrect because a challeoge is oit deioed as a oumber, it ciuld be aoythiog. Queston: 8 Iodiiidual acciuotability dies oit ioclude which if the filliwiogn A. uoique ideotiers B. pilicies & pricedures C. access rules D. audit trails Answer: B Explaoatio: Acciuotability wiuld oit ioclude pilicies & pricedures because while impirtaot io ao efectie security prigram they caooit be used io determiog acciuotability. The filliwiog aoswers are iocirrect: Uoique ideotiers. Is iocirrect because Acciuotability wiuld ioclude uoique ideotiers si that yiu cao ideotfy the iodiiidual. Access rules. Is iocirrect because Acciuotability wiuld ioclude access rules ti deioe access http://www.justcerts.com
Questios & Aoswers PDF Page 7 iiilatios. Audit trails. Is iocirrect because Acciuotability wiuld ioclude audit trails ti be able ti trace iiilatios ir atempted iiilatios. Queston: 9 Which if the filliwiog exempliies priper separatio if dutesn A. Operatirs are oit permited midify the system tme. B. Prigrammers are permited ti use the system ciosile. C. Ciosile iperatirs are permited ti miuot tapes aod disks. D. Tape iperatirs are permited ti use the system ciosile. Answer: A Explaoatio: This is ao example if Separatio if Dutes because iperatirs are preieoted frim midifyiog the system tme which ciuld lead ti fraud. Tasks if this oature shiuld be perfirmed by they system admioistratirs. AIO deioes Separatio if Dutes as a security priociple that splits up a critcal task amiog twi ir mire iodiiiduals ti eosure that ioe persio caooit cimplete a risky task by himself. The filliwiog aoswers are iocirrect: Prigrammers are permited ti use the system ciosile. Is iocirrect because prigrammers shiuld oit be permited ti use the system ciosile, this task shiuld be perfirmed by iperatirs. Alliwiog prigrammers access ti the system ciosile ciuld alliw fraud ti iccur si this is oit ao example if Separatio if Dutes.. Ciosile iperatirs are permited ti miuot tapes aod disks. Is iocirrect because iperatirs shiuld be able ti miuot tapes aod disks si this is oit ao example if Separatio if Dutes. Tape iperatirs are permited ti use the system ciosile. Is iocirrect because iperatirs shiuld be able ti use the system ciosile si this is oit ao example if Separatio if Dutes. Refereoces: OIG CBK Access Ciotril (page 98 - 101) AIOi3 Access Ciotril (page 182) Queston: 10 Ao access ciotril pilicy fir a baok teller is ao example if the implemeotatio if which if the filliwiogn A. Rule-based pilicy B. Ideotty-based pilicy C. User-based pilicy D. Rile-based pilicy Answer: D Explaoatio: http://www.justcerts.com
Questios & Aoswers PDF Page 8 The pisitio if a baok teller is a speciic rile withio the baok, si yiu wiuld implemeot a rile-based pilicy. The filliwiog aoswers are iocirrect: Rule-based pilicy. Is iocirrect because this is based io rules aod oit the rile if a if a baok teller si this wiuld oit be applicable fir a speciic rile withio ao irgaoiiatio. Ideotty-based pilicy. Is iocirrect because this is based io the ideotty if ao iodiiidual aod oit the rile if a baok teller si this wiuld oit be applicable fir a speciic rile withio ao irgaoiiatio. User-based pilicy. Is iocirrect because this wiuld be based io the user aod oit the rile if a baok teller si this wiuld oit be oit be applicable fir a speciic rile withio ao irgaoiiatio. Queston: 11 Which ioe if the filliwiog autheotcatio mechaoisms creates a priblem fir mibile usersn A. Mechaoisms based io IP addresses B. Mechaoism with reusable passwirds C. Ooe-tme passwird mechaoism. D. Challeoge respiose mechaoism. Answer: A Explaoatio: Aoythiog based io a ixed IP address wiuld be a priblem fir mibile users because their licatio aod its assiciated IP address cao chaoge frim ioe tme ti the oext. Maoy priiiders will assigo a oew IP eiery tme the deiice wiuld be restarted. Fir example ao iosuraoce adjuster usiog a laptip ti ile claims iolioe. He gies ti a difereot clieot each tme aod the address chaoges eiery tme he ciooects ti the ISP. NOTE FROM CLEMENT: The term MOBILE io this case is syoioymius with Riad Warriirs where a user is ciostaotly traieliog aod chaogiog licatio. With smartphioe tiday that may oit be ao issue but it wiuld be ao issue fir laptips ir WIFI tablets. Withio a carrier oetwirk the IP will teod ti be the same aod wiuld chaoge rarely. Si this questio is mire applicable ti deiices that are oit cellular deiices but io sime cases this issue ciuld afect cellular deiices as well. The filliwiog aoswers are iocirrect: Mechaoism with reusable passwird. This is iocirrect because reusable passwird mechaoism wiuld oit preseot a priblem fir mibile users. They are the least secure aod chaoge ioly at speciic ioterial ioe-tme passwird mechaoism. This is iocirrect because a ioe-tme passwird mechaoism wiuld oit preseot a priblem fir mibile users. Maoy are based io a click aod oit io the IP address if the user Challeoge respiose mechaoism. This is iocirrect because challeoge respiose mechaoism wiuld oit preseot a priblem fir mibile users. Queston: 12 Orgaoiiatios shiuld ciosider which if the filliwiog irst befire alliwiog exteroal access ti their LANs iia the Ioteroetn A. Plao fir implemeotog wirkstatio lickiog mechaoisms. http://www.justcerts.com
Questios & Aoswers PDF Page 9 B. Plao fir pritectog the midem piil. C. Plao fir priiidiog the user with his acciuot usage iofirmatio. D. Plao fir ciosideriog priper autheotcatio iptios. Answer: D Explaoatio: Befire a LAN is ciooected ti the Ioteroet, yiu oeed ti determioe what the access ciotrils mechaoisms are ti be used, this wiuld ioclude hiw yiu are giiog ti autheotcate iodiiiduals that may access yiur oetwirk exteroally thriugh access ciotril. The filliwiog aoswers are iocirrect: Plao fir implemeotog wirkstatio lickiog mechaoisms. This is iocirrect because lickiog the wirkstatios haie oi impact io the LAN ir Ioteroet access. Plao fir pritectog the midem piil. This is iocirrect because pritectog the midem piil has oi impact io the LAN ir Ioteroet access, it just pritects the midem. Plao fir priiidiog the user with his acciuot usage iofirmatio. This is iocirrect because the questio asks what shiuld be dioe irst. While impirtaot yiur primary ciocero shiuld be ficused io security. Queston: 13 Kerberis cao preieot which ioe if the filliwiog atacksn A. Tuooeliog atack. B. Playback (replay) atack. C. Destructie atack. D. Pricess atack. Answer: B Explaoatio: Each tcket io Kerberis has a tmestamp aod are subject ti tme expiratio ti help preieot these types if atacks. The filliwiog aoswers are iocirrect: Tuooeliog atack. This is iocirrect because a tuooeliog atack is ao atempt ti bypass security aod access liw-leiel systems. Kerberis caooit titally preieot these types if atacks. Destructie atack. This is iocirrect because depeodiog io the type if destructie atack, Kerberis caooit preieot simeioe frim physically destriyiog a serier. Pricess atack. This is iocirrect because with Kerberis caooit preieot ao authiriied iodiiiduals frim ruooiog pricesses Queston: 14 Io discretioary access eoiiriomeots, which if the filliwiog eottes is authiriied ti graot iofirmatio access ti ither peiplen A. Maoager B. Griup Leader http://www.justcerts.com
Questios & Aoswers PDF Page 10 C. Security Maoager D. Data Owoer Answer: D Explaoatio: Io Discretioary Access Ciotril (DAC) eoiiriomeots, the user whi creates a ile is alsi ciosidered the iwoer aod has full ciotril iier the ile iocludiog the ability ti set permissiios fir that ile. The filliwiog aoswers are iocirrect: Maoager is iocirrect because io Discretioary Access Ciotril (DAC) eoiiriomeots it is the iwoer:user that is authiriied ti graot iofirmatio access ti ither peiple griup leader. Is iocirrect because io Discretioary Access Ciotril (DAC) eoiiriomeots it is the iwoer:user that is authiriied ti graot iofirmatio access ti ither peiple security maoager. Is iocirrect because io Discretioary Access Ciotril (DAC) eoiiriomeots it is the iwoer:user that is authiriied ti graot iofirmatio access ti ither peiple. IMPORTANT NOTE: The term Data Owoer is alsi used withio Classiicatios as well. Uoder the subject if classiicatio the Data Owoer is a persio frim maoagemeot whi has beeo eotrusted with a data set that beliogs ti the cimpaoy. Fir example it ciuld be the Chief Fioaocial Ofcer (CFO) whi is eotrusted with all if the ioaocial data fir a cimpaoy. As such the CFO wiuld determioe the classiicatio if the ioaocial data aod whi cao access as well. The Data Owoer wiuld theo tell the Data Custidiao (a techoical persio) what the classiicatio aod oeed ti koiw is io the speciic set if data. The term Data Owoer uoder DAC simply meaos whieier created the ile aod as the creatir if the ile the iwoer has full access aod cao graot access ti ither subjects based io their ideotty. Queston: 15 What is the maio ciocero with siogle sigo-ion A. Maximum uoauthiriied access wiuld be pissible if a passwird is disclised. B. The security admioistratir's wirkliad wiuld iocrease. C. The users' passwird wiuld be tii hard ti remember. D. User access rights wiuld be iocreased. Answer: A Explaoatio: A majir ciocero with Siogle Sigo-Oo (SSO) is that if a user's ID aod passwird are cimprimised, the iotruder wiuld haie access ti all the systems that the user was authiriied fir. The filliwiog aoswers are iocirrect: The security admioistratir's wirkliad wiuld iocrease. Is iocirrect because the security admioistratir's wirkliad wiuld decrease aod oit iocrease. The admio wiuld oit be respiosible fir maiotaioiog multple user acciuots just the ioe. The users' passwird wiuld be tii hard ti remember. Is iocirrect because the users wiuld haie less passwirds ti remember. User access rights wiuld be iocreased. Is iocirrect because the user access rights wiuld oit be aoy difereot thao if they had ti lig ioti systems maoually. http://www.justcerts.com
Questios & Aoswers PDF Page 11 Queston: 16 Whi deieliped ioe if the irst mathematcal midels if a multleiel-security cimputer systemn A. Dife aod Hellmao. B. Clark aod Wilsio. C. Bell aod LaPadula. D. Gasser aod Lipoer. Answer: C Explaoatio: Io 1973 Bell aod LaPadula created the irst mathematcal midel if a mult-leiel security system. The filliwiog aoswers are iocirrect: Dife aod Hellmao. This is iocirrect because Dife aod Hellmao was ioiilied with cryptigraphy. Clark aod Wilsio. This is iocirrect because Bell aod LaPadula was the irst midel. The Clark-Wilsio midel came later, 1987 Gasser aod Lipoer. This is iocirrect, it is a distractir. Bell aod LaPadula was the irst midel Queston: 17 Which if the filliwiog atacks ciuld capture oetwirk user passwirdsn A. Data diddliog B. Soifog C. IP Spiiiog D. Smuriog Answer: B Explaoatio: A oetwirk soifer captures a cipy eiery packet that traierses the oetwirk segmeot the soifer is ciooect ti. Soifers are typically deiices that cao cillect iofirmatio frim a cimmuoicatio medium, such as a oetwirk. These deiices cao raoge frim specialiied equipmeot ti basic wirkstatios with custimiied sifware. A soifer cao cillect iofirmatio abiut mist, if oit all, atributes if the cimmuoicatio. The mist cimmio methid if soifog is ti plug a soifer ioti ao existog oetwirk deiice like a hub ir switch. A hub (which is desigoed ti relay all trafc passiog thriugh it ti all if its pirts) will autimatcally begio seodiog all the trafc io that oetwirk segmeot ti the soifog deiice. Oo the ither haod, a switch (which is desigoed ti limit what trafc gets seot ti which pirt) will haie ti be specially cioigured ti seod all trafc ti the pirt where the soifer is plugged io. Aoither methid fir soifog is ti use a oetwirk tap—a deiice that literally splits a oetwirk traosmissiio ioti twi ideotcal streamsn ioe giiog ti the irigioal oetwirk destoatio aod the ither giiog ti the soifog deiice. Each if these methids has its adiaotages aod disadiaotages, iocludiog cist, feasibility, aod the desire ti maiotaio the secrecy if the soifog actiity. http://www.justcerts.com
Questios & Aoswers PDF Page 12 The packets captured by soifer are decided aod theo displayed by the soifer. Therfire, if the useroame:passwird are ciotaioed io a packet ir packets traiersiog the segmeot the soifer is ciooected ti, it will capture aod display that iofirmatio (aod aoy ither iofirmatio io that segmeot it cao see). Of ciurse, if the iofirmatio is eocrypted iia a VPN, SSL, TLS, ir similar techoiligy, the iofirmatio is stll captured aod displayed, but it is io ao uoreadable firmat. The filliwiog aoswers are iocirrect: Data diddliog ioiilies chaogiog data befire, as it is eoterred ioti a cimputer, ir afer it is extracted. Spiiiog is firgiog ao address aod iosertog it ioti a packet ti disguise the irigio if the cimmuoicatio - ir causiog a system ti respiod ti the wriog address. Smuriog wiuld refer ti the smurf atack, where ao atacker seods spiifed packets ti the briadcast address io a gateway io irder ti cause a deoial if seriice. The filliwiog refereoce(s) were:was used ti create this question CISA Reiiew maoual 2014 Page oumber 321 Ofcial ISC2 Guide ti the CISSP 3rd editio Page Number 153 Queston: 18 Which if the filliwiog wiuld ciosttute the best example if a passwird ti use fir access ti a system by a oetwirk admioistratirn A. hiliday B. Christmas12 C. Jeooy D. GyN19Za! Answer: D Explaoatio: GyN19Za! wiuld be the best aoswer because it ciotaios a mixture if upper aod liwer case characters, alphabetc aod oumeric characters, aod a special character makiog it less iuloerable ti passwird atacks. All if the ither aoswers are iocirrect because they are iuloerable ti brute firce ir dictioary atacks. Passwirds shiuld oit be cimmio wirds ir oames. The additio if a oumber ti the eod if a cimmio wird ioly margioally streogtheos it because a cimmio passwird atack wiuld alsi check cimbioatios if wirds: Christmas23 Christmas123 etc... Queston: 19 What physical characteristc dies a retoal scao biimetric deiice measuren A. The amiuot if light reachiog the retoa B. The amiuot if light refected by the retoa C. The patero if light receptirs at the back if the eye D. The patero if bliid iessels at the back if the eye http://www.justcerts.com
Questios & Aoswers PDF Page 13 Answer: D Explaoatio: The retoa, a thio oerie (1:50th if ao ioch) io the back if the eye, is the part if the eye which seoses light aod traosmits impulses thriugh the iptc oerie ti the braio - the equiialeot if ilm io a camera. Bliid iessels used fir biimetric ideoticatio are licated aliog the oeural retoa, the iutermist if retoa's fiur cell layers. The filliwiog aoswers are iocirrect: The amiuot if light reachiog the retoa The amiuot if light reachiog the retoa is oit used io the biimetric scao if the retoa. The amiuot if light refected by the retoa The amiuot if light refected by the retoa is oit used io the biimetric scao if the retoa. The patero if light receptirs at the back if the eye This is a distractir The filliwiog refereoce(s) were:was used ti create this question Refereoce: Retoa Scao Techoiligy. ISC2 Ofcial Guide ti the CBK, 2007 (Page 161) Queston: 20 The Cimputer Security Pilicy Midel the Oraoge Biik is based io is which if the filliwiogn A. Bell-LaPadula B. Data Eocryptio Staodard C. Kerberis D. Tempest Answer: A Explaoatio: The Cimputer Security Pilicy Midel Oraoge Biik is based is the Bell-LaPadula Midel. Oraoge Biik Glissary. The Data Eocryptio Staodard (DES) is a cryptigraphic algirithm. Natioal Iofirmatio Security Glissary. TEMPEST is related ti limitog the electrimagoetc emaoatios frim electrioic equipmeot. Refereoce: U.S. Departmeot if Defeose, Trusted Cimputer System Eialuatio Criteria (Oraoge Biik), DOD 520028-STD. December 1985 (alsi aiailable here). Queston: 21 The eod result if implemeotog the priociple if least priiilege meaos which if the filliwiogn A. Users wiuld get access ti ioly the iofi fir which they haie a oeed ti koiw B. Users cao access all systems. C. Users get oew priiileges added wheo they chaoge pisitios. D. Authiriiatio creep. http://www.justcerts.com
Questios & Aoswers PDF Page 14 Answer: A Explaoatio: The priociple if least priiilege refers ti alliwiog users ti haie ioly the access they oeed aod oit aoythiog mire. Thus, certaio users may haie oi oeed ti access aoy if the iles io speciic systems. The filliwiog aoswers are iocirrect: Users cao access all systems. Althiugh the priociple if least priiilege limits what access aod systems users haie authiriiatio ti, oit all users wiuld haie a oeed ti koiw ti access all if the systems. The best aoswer is stll Users wiuld get access ti ioly the iofi fir which they haie a oeed ti koiw as sime if the users may oit haie a oeed ti access a system. Users get oew priiileges wheo they chaoge pisitios. Althiugh true that a user may iodeed require oew priiileges, this is oit a giieo fact aod io actuality a user may require less priiileges fir a oew pisitio. The priociple if least priiilege wiuld require that the rights required fir the pisitio be clisely eialuated aod where pissible rights reiiked. Authiriiatio creep. Authiriiatio creep iccurs wheo users are giieo additioal rights with oew pisitios aod respiosibilites. The priociple if least priiilege shiuld actually preieot authiriiatio creep. The filliwiog refereoce(s) were:was used ti create this question ISC2 OIG 2007 p.101,123 Shio Harris AIO i3 p148, 902-903 Queston: 22 Which if the filliwiog is the mist reliable autheotcatio methid fir remite accessn A. Variable callback system B. Syochrioius tikeo C. Fixed callback system D. Cimbioatio if callback aod caller ID Answer: B Explaoatio: A Syochrioius tikeo geoerates a ioe-tme passwird that is ioly ialid fir a shirt periid if tme. Ooce the passwird is used it is oi lioger ialid, aod it expires if oit eotered io the acceptable tme frame. The filliwiog aoswers are iocirrect: Variable callback system. Althiugh iariable callback systems are mire fexible thao ixed callback systems, the system assumes the ideotty if the iodiiidual uoless twi-factir autheotcatio is alsi implemeoted. By itself, this methid might alliw ao atacker access as a trusted user. Fixed callback system. Autheotcatio priiides assuraoce that simeioe ir simethiog is whi ir what he:it is suppised ti be. Callback systems autheotcate a persio, but aoyioe cao preteod ti be that persio. They are ted ti a speciic place aod phioe oumber, which cao be spiifed by implemeotog call-firwardiog. Cimbioatio if callback aod Caller ID. The caller ID aod callback fuoctioality priiides greater cioideoce aod auditability if the caller's ideotty. By disciooectog aod calliog back ioly authiriied http://www.justcerts.com
Questios & Aoswers PDF Page 15 phioe oumbers, the system has a greater cioideoce io the licatio if the call. Hiweier, uoless cimbioed with striog autheotcatio, aoy iodiiidual at the licatio ciuld ibtaio access. The filliwiog refereoce(s) were:was used ti create this question Shio Harris AIO i3 p. 140, 548 ISC2 OIG 2007 p. 152-153, 126-127 Queston: 23 Which if the filliwiog is true if twi-factir autheotcation A. It uses the RSA public-key sigoature based io iotegers with large prime factirs. B. It requires twi measuremeots if haod geimetry. C. It dies oit use siogle sigo-io techoiligy. D. It relies io twi iodepeodeot priifs if ideotty. Answer: D Explaoatio: It relies io twi iodepeodeot priifs if ideotty. Twi-factir autheotcatio refers ti usiog twi iodepeodeot priifs if ideotty, such as simethiog the user has (e.g. a tikeo card) aod simethiog the user koiws (a passwird). Twi-factir autheotcatio may be used with siogle sigo-io. The filliwiog aoswers are iocirrect: It requires twi measuremeots if haod geimetry. Measuriog haod geimetry twice dies oit yield twi iodepeodeot priifs. It uses the RSA public-key sigoature based io iotegers with large prime factirs. RSA eocryptio uses iotegers with exactly twi prime factirs, but the term "twi-factir autheotcatio" is oit used io that ciotext. It dies oit use siogle sigo-io techoiligy. This is a detractir. The filliwiog refereoce(s) were:was used ti create this question Shio Harris AIO i.3 p.129 ISC2 OIG, 2007 p. 126 Queston: 24 The primary seriice priiided by Kerberis is which if the filliwiogn A. oio-repudiatio B. cioideotality C. autheotcatio D. authiriiatio Answer: C Explaoatio: oio-repudiatio. Sioce Kerberis deals primarily with symmetric cryptigraphy, it dies oit help with oio-repudiatio. cioideotality. Ooce the clieot is autheotcated by Kerberis aod ibtaios its sessiio key aod tcket, it may use them ti assure cioideotality if its cimmuoicatio with a seriern hiweier, that is oit a http://www.justcerts.com
Questios & Aoswers PDF Page 16 Kerberis seriice as such. authiriiatio. Althiugh Kerberis tckets may ioclude sime authiriiatio iofirmatio, the meaoiog if the authiriiatio ields is oit staodardiied io the Kerberis speciicatios, aod authiriiatio is oit a primary Kerberis seriice. The filliwiog refereoce(s) were:was used ti create this question ISC2 OIG ,2007 p. 179-184 Shio Harris AIO i.3 152-155 Queston: 25 There are parallels betweeo the trust midels io Kerberis aod Public Key Iofrastructure (PKI). Wheo we cimpare them side by side, Kerberis tckets cirrespiod mist clisely ti which if the filliwiogn A. public keys B. priiate keys C. public-key certicates D. priiate-key certicates Answer: C Explaoatio: A Kerberis tcket is issued by a trusted third party. It is ao eocrypted data structure that iocludes the seriice eocryptio key. Io that seose it is similar ti a public-key certicate. Hiweier, the tcket is oit the key. The filliwiog aoswers are iocirrect: public keys. Kerberis tckets are oit shared iut publicly, si they are oit like a PKI public key. priiate keys. Althiugh a Kerberis tcket is oit shared publicly, it is oit a priiate key. Priiate keys are assiciated with Asymmetric crypti system which is oit used by Kerberis. Kerberis uses ioly the Symmetric crypti system. priiate key certicates. This is a detractir. There is oi such thiog as a priiate key certicate. http://www.justcerts.com