Exam (elaborations)
CISSP Cram Test Questions_ Domain 5 - Security Operations.
- Course
- Institution
CISSP Cram Test Questions_ Domain 5 - Security Operations.
[Show more]
Seller
Follow
EXAMQA
Reviews received
Content preview
CISSP Cram Test Questions: Domain 5 -Security Operations
Which of the following answer specifies the correct sequence of levels within the
Capability Maturity Model
(CMM)? - ANS-Initial, Managed, Defined, Quantitatively managed, optimized
Configuration Management controls what? - ANS-Auditing and controlling any changes
to the Trusted Computing Base.
If an operating system permits shared resources such as memory to be used
sequentially by multiple users/
application or subjects without a refresh of the objects/memory area, what security
problem is MOST likely to
exist? - ANS-Disclosure of residual data.
Operations Security seeks to primarily protect against which of the following? -
ANS-asset threats
Which of the following components are considered part of the Trusted Computing Base?
- ANS-trusted hardware, software and firmware
Which of the following is NOT an example of an operational control? - ANS-Auditing
Degaussing is used to clear data from all of the following medias except: -
ANS-Read-Only Media
It is a violation of the "separation of duties" principle when which of the following
individuals access the
software on systems implementing security? - ANS-systems programmer
When backing up an applications system's data, which of the following is a key question
to be answered first? - ANS-What records to backup
The number of violations that will be accepted or forgiven before a violation record is
produced is called which
of the following? - ANS-clipping level
,Which of the following is the most reliable, secure means of removing data from
magnetic storage media such
as a magnetic tape, or a cassette? - ANS-Degaussing
Which of the following is true related to network sniffing? - ANS-Sniffers allow an
attacker to monitor data passing across a network.
Which of the following is NOT a technique used to perform a penetration test? -
ANS-traffic padding
Which of the following is NOT a media viability control used to protect the viability of
data storage media? - ANS-clearing
Which of the following are the two commonly defined types of covert channels: -
ANS-Storage and Timing
Which of the following refers to the data left on the media after the media has been
erased? - ANS-remanence
Which of the following ensures that security is not breached when a system crash or
other system failure
occurs? - ANS-trusted recovery
Which of the following ensures that a TCB is designed, developed, and maintained with
formally controlled
standards that enforces protection at each stage in the system's life cycle? - ANS-life
cycle assurance
Which of the following is the lowest TCSEC class wherein the systems must support
separate operator and
system administrator roles? - ANS-B2
Which of the following are NOT a countermeasure to traffic analysis? -
ANS-Eavesdropping
Which of the following are the three classifications of RAID identified by the RAID
Advisory Board? - ANS-Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk
Systems, and Disaster Tolerant Disk
Systems.
, RAID Level 1 is commonly called which of the following? - ANS-mirroring
Which of the following is often implemented by a one-for-one disk to disk ratio? -
ANS-RAID Level 1
The main issue with Level 1 of RAID is which of the following? - ANS-It is very
expensive.
Which of the following effectively doubles the amount of hard drives needed but also
provides redundancy? - ANS-RAID Level 1
Which of the following is used to create parity information? - ANS-a hamming code
The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the
byte level while level 4 is
usually implemented at which of the following? - ANS-block level.
The spare drives that replace the failed drives are usually hot swappable, meaning they
can be replaced on the
server in which of the following scenarios? - ANS-system is up and running
RAID level 10 is created by combining which of the following? - ANS-level 0 (striping)
with level 1 (mirroring).
A hardware RAID implementation is usually: - ANS-platform-independent.
RAID levels 3 and 5 run: - ANS-faster on hardware.
When RAID runs as part of the operating system on the file server, it is an example of a:
- ANS-software implementation.
A server cluster looks like a: - ANS-single server from the user's point of view.
Which of the following backup methods makes a complete backup of every file on the
server every time it is
run? - ANS-full backup method.
Which backup method usually resets the archive bit on the files after they have been
backed up? - ANS-Incremental backup method.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMQA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
67232 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now