100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISSP Exam Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution $7.99   Add to cart

Exam (elaborations)

CISSP Exam Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution

 1 view  0 purchase
  • Course
  • Institution

CISSP Exam Questions with 100% Actual correct answers | verified | latest update | Graded A+ | Already Passed | Complete Solution

Preview 3 out of 22  pages

  • June 19, 2024
  • 22
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CISSP Exam
3 access/security control categories - correct answer-1. administrative: implemented by
creating org policy, procedure, regulation. user awareness/training also fall here
2. technical: implemented using hardware, software, firmware that restricts logical access to
a system
3. physical: locks, fences, walls, etc

abstraction mechanism - correct answer-"block box" doctrine that says users of an object
don't necessarily need to know the details of how the object works

access control matrix - correct answer-table of subjects and objects that indicates the
actions or functions that each subject can perform on each object; each column is an access
control list and each row is a capabilities list

accounting (accountability) - correct answer-reviewing log files to check for compliance and
violations in order to hold subjects accountable for their actions

Address Resolution Protocol (ARP) / Reverse ARP - correct answer-ARP is used to resolve
IP addresses into MAC addresses (while RARP is used to resolve MAC addresses into IP
addresses); both function using caching and broadcasting; sometimes exploited using ARP
cache poisoning - bogus info is inserted into the ARP cache to trigger default gateway
transmission

administrators - correct answer-responsible for granting appropriate access to personnel,
assigning permissions is the key function; typically use a role based control model

advisory policy - correct answer-discusses behaviors and activities that are acceptable and
defines consequences of violations (most fall into this category)

analytic attack - correct answer-algebraic manipulation that attempts to reduce the
complexity of the algorithm; focus on the logic of the algorithm itself

AND operation - correct answer-AND requires both inputs to be true, represented with the ^
symbol

annual rate of occurrence (ARO) - correct answer-number of losses suffered per year

annualized loss expectancy (ALE) - correct answer-yearly cost due to risk
SLE x ARO = ALE

application layer (layer 7) - correct answer-interfaces user applications, network services, or
OS with the protocol stack;

application level gateway firewall - correct answer-also called a proxy firewall; copies
packets from one network into another; copy process changes the source and destination

,addresses to protect identities; filters traffic based on the internet service used to transmit or
receive the data

asynchronous communication - correct answer-relies on a stop and start delimiter to manage
the transmission of data; best suited for smaller amounts of data as a result

auditing (monitoring) - correct answer-recording a log of the events and activities related to
the system and subjects

authentication - correct answer-verification that a person is who they say they are; ex:
entering a password or PIN, biometrics, etc - always a two step process with identifying

authorization - correct answer-verification of a person's access or privileges to applicable
data

Availability (CIA Triangle) - correct answer-ensures data is available when needed to
authorized users

baseband - correct answer-supports only a single communication channel; uses a direct
current applied to the cable; form of a digital signal

baseline - correct answer-a uniform way of implementing a standard

Bell-LaPadula Model - correct answer-developed in the 1970s; focused primarily on
confidentiality; 3 principles

1. simple security property: a subject may not read information at a higher sensitivity level
(no read up)
2. star security property: a subject may not write to an object at a lower sensitivity (no write
down)
3. discretionary security property: the system uses an access matrix to enforce discretionary
access control

Biba Model - correct answer-inverted Bell-LaPadula model; focused more on integrity; 2
principles

1. simple integrity property: a subject cannot read an object at a lower integrity level (no read
down)
2. star integrity property: a subject cannot modify an object at a higher integrity level (no
write up)

birthday attack - correct answer-aka collision attack or reverse hash matching; seeks to find
flaws in the one to one nature of hash functions

Brewer and Nash Model - correct answer-created to change dynamically based on a user's
previous activity; applies to a single integrated database, it seeks to create security domains
that are sensitive to the notion of conflict of interest

, known as a Chinese wall

broadband - correct answer-can support multiple simultaneous signals; uses frequency
modulation to support numerous channels; suitable for high throughput rates

broadcast transmission - correct answer-supports communication to all possible recipients

brouter - correct answer-combination devices comprising a router and a bridge; attempts to
route first but defaults to bridging if that fails; systems on either side are part of different
collision domains; used to connect network segments that use the same protocol

brute force attack - correct answer-attempts every possible combination for a key or
password; requires massive amounts of processing power

business continuity planning (BCP) - correct answer-assessing the risks to organizational
processes and crafting policies, plans, and procedures to minimize the impact of those risks

capabilities list - correct answer-maintains a row of security attributes for each controlled
object; not as flexible as a token, but provide for quicker lookups when a request is made

cascading (composition theory) - correct answer-input for one system comes from the output
of another system

certificate authorities - correct answer-neutral organizations that offer notarization services
for digital certificates; identity must be proven; assisted by registration authorities (RAs)

certificate enrollment - correct answer-identity proven to CA, other identification documents
could be requested, X.509 certificate created, CA then digitally signs the certificate

certificate revocation - correct answer-1. compromise (private key disclosure)
2. erroneously issued (issued without proper verification)
3. details of the cert have changed
4. security association has changed (termination, etc)

certificate verification - correct answer-verified by checking the digital signature using the
public key; key is authentic if =

1. the digital signature of the CA is authentic
2. you trust the CA
3. the certificate is not on the certificate revocation list (CRL)
4. the certificate actually contains the data you are trusting

change management - correct answer-ensure that any change does not lead to reduced or
compromised security; also responsible for roll backs; make all changes subject to detailed
documentation and auditing

chosen ciphertext - correct answer-the attacker has the ability to decrypt chosen portions of
the ciphertext message and use the decrypted portion to discover the key

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Hkane. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $7.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77988 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$7.99
  • (0)
  Add to cart