CISSP - Practice
• Project initiation
• Functional design analysis & planning
• Security requirements developed
• System design specifications
• Software developments
• Installation
• Maintenance support
• Revision and replacement - correct answer-System Development Life Cycle phase
0-1023 - correct answer-Well Known ports
1000 Volts - correct answer-Static charge damage Scramble Monitor Display
1024-49151 - correct answer-Registered ports as defined by IANA
1029 - correct answer-18 USC - Fraud and Related Activity in Connection with Access
Devices
1030 - correct answer-18 USC - Fraud and Related Activity in Connection with Computers
14443-1 - correct answer-ISO/IEC standard for smart card physical characteristics
14443-3 - correct answer-ISO/IEC standard for smart cards initialization and anticollision
14443-4 - correct answer-ISO/IEC standard for smart cards - Transmission protocol
1500 Volts - correct answer-Static charge damage Disk Drive, causing data loss
17000 Volts - correct answer-Static charge damage Permanent Chip
1994 U.S Communication Assistance for Law enforcement Act - correct answer-Requires all
communications carriers to make wiretaps possible
2 - correct answer-EAL Structurally tested
2-Phase Commit - correct answer-A distributed system's transaction control that requires
updates to complete or rollback
2000 Volts - correct answer-Static charge damage System Shutdown
3 - correct answer-EAL Methodically tested and checked
30 to 90 Days - correct answer-Most organizations enforce policies to change password
ranging from
,3DES - correct answer-Uses 48 rounds of computation and up to three different keys
4 - correct answer-EAL Methodically designed, tested, and reviewed
40 Volts - correct answer-Static charge damage Sensitive Circuits and Transistors
4000 Volts - correct answer-Static charge damage Printer Jam
49152-65535 - correct answer-Dynamic and/or private ports
5 - correct answer-EAL Semiformally designed and tested
5 Rules Of Evidence - correct answer-Evidence must be: admissible, authentic, complete,
accurate, and convincing
6 - correct answer-Semiformally verified design and tested
636 - correct answer-Many implementations run LDAP on SSL on this port
802.5 - correct answer-IEEE standard defines the Token Ring media access method
Access - correct answer-A flow of information between a subject and an object
Access Control - correct answer-The process of allowing only authorized users, programs, or
other computer systems, to observe, modify, or otherwise take possession of the resources
of a computer system. It also limit authorized users to some resources.
Access Control Process - correct answer-1- Defining resources
2- Determining users
3- Specifying how users use recourse
Accidental threats - correct answer-More than 3-4 of all security violations are linked to
insiders of a company are
Accreditation - correct answer-The managerial approval to operate a system based upon
knowledge of risk to operate
Accurate - correct answer-Pertaining to law, high degree of veracity
Acronym for American Standard Code for Information Interchange (ASCII) - correct
answer-Text that does not include special formatting features and therefore can be
exchanged and read by most computer systems
Activation - correct answer-To start business continuity processes
,Active Data - correct answer-Information residing on computer systems, that is readily visible
to the operating system with which it was created and is immediately accessible to users
without deletion, modification or reconstruction.
Administrative - correct answer-Covers standards of performance or conduct expected by
government agencies from companies, industries, certain officials
Administrative Control - correct answer-These include the developing and publishing of
policies, standards, procedures, guidelines, risk management, and security awareness
training
ADSL - correct answer-Delivers a max of 9 Mpbs downstream
Adware - correct answer-Unsolicited advertising software
Alarm Filtering - correct answer-The process of categorizing attack alerts produced from an
IDS in order to distinguish false positives from actual attacks
ALE - correct answer-ARO X SLE
ALE - correct answer-ARO X SLE
ALE - correct answer-SLE x ARO =
Algorithm - correct answer-Mathematical function that determines the cryptographic
operations
Algorithms - correct answer-The mathematical rules that dictate the functions of enciphering
and deciphering
Alternate Data Streams (File System Forks) - correct answer-A covert storage channel on
the file attribute
Alternate Site - correct answer-Location to perform the business function
Analysis - correct answer-Systematic assessment of threats and vulnerabilities that provides
a basis for effective management of risk.
Application Programming Interface - correct answer-A library of commands maintained by a
system for other programs to use, provides consistency and integrity for the programs
Archival Data - correct answer-Archival Data is information that is not directly accessible to
the user of a computer system but that the organization maintains for long-term storage and
record keeping purposes.
Assembler - correct answer-Converts a high level language into machine language
, Asset management - correct answer-Involved knowing and keeping all company's IT assets
up to date
Assurance - correct answer-Degree of confidence that certain security level provided
Asymmetric - correct answer-Encryption system using a pair of mathematically related
unequal keys
Asymmetric algorithms - correct answer-RSA, ECC, Diffie-Hellman, El Gamal, Knapsack,
and DSA
Asymmetric Key - correct answer-Provide authentication or nonrepudiation, but is slower
than its counterpart
Asynchronous - correct answer-Encrypt/Decrypt are processes in queues, key benefit
utilization of hardware devices and multiprocessor systems
Asynchronous communication - correct answer-Transfers data by sending bits of data in
irregular timing patterns
Atomicity - correct answer-Indivisible, data field must contain only one value that either all
transactions take place or none do
Atomicity, Consistency, Isolation, Durability - correct answer-A set of best practices for
programmers to seek in all application or data base design
Audit - correct answer-Ensured system accountability
Authentic, accurate, complete, convincing, admissible - correct answer-5 Rules of evidence
Authentication - Biometric - correct answer-one-to-one search to verify identity
Authentication Header - correct answer-Provides integrity, authentication, and (depend on
the the algorithm) nonrepudation
Bastion host - correct answer-A strongly protected computer that is in a network protected by
a
firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network
that can be directly accessed from networks
on the other side of the firewall
Binary - correct answer-Ertaining to a number system that has just two unique digits.
Birthday - correct answer-The attacker tries to create two messages with the same hashing
value, brute force
Bit - correct answer-A measurement of data. It is the smallest unit of data. A bit is either the
"1" or "0" component of the binary code.
