100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISSP Cram Test Questions_ Domain 3 - Identity and Access Management $10.49   Add to cart

Exam (elaborations)

CISSP Cram Test Questions_ Domain 3 - Identity and Access Management

 5 views  0 purchase
  • Course
  • Institution

CISSP Cram Test Questions_ Domain 3 - Identity and Access Management

Preview 4 out of 46  pages

  • July 4, 2024
  • 46
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CISSP Exam Cram

Policy - ANS-A high-level document that dictates management intentions toward
security.

Trademark - ANS-A symbol, word, name, sound or thing that identifies the origin of a
product or service in a particular trade.

Patent - ANS-Documents a process or synthesis and grants the owner a legally
enforceable right to exclude others from using it

Copyright - ANS-A legal device that provides creator the right to control how the work is
used. For Life plus 70 years

Data Mining - ANS-The process of analyzing data to find and understand patterns and
relationships about the data.

Data Warehouse - ANS-A database that contains data from many other databases. This
allows for trend analysis and marketing decisions through data analytics

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1245-1246). Pearson Education.
Kindle Edition.

COBIT - ANS-is a framework to help provide governance and assurance.

Gregg, Michael. CISSP Exam Cram (Kindle Location 1292). Pearson Education. Kindle
Edition.

SAN - ANS-"a data storage system consisting of various storage elements, storage
devices, computer systems, and/or appliances, plus all the control software, all
communicating in efficient harmony over a network." A SAN appears to the client OS as
a local disk or volume that is available to be formatted and used locally as needed.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1324-1327). Pearson Education.
Kindle Edition.

Military Data Classification - ANS-Top Secret
Secret

,Sensitive but Unclassified
Unclassified or Official

Private Data Classification - ANS-Confidential
Private
Sensitive
Public

ISO 27001 - ANS-This standard describes requirements on how to establish,
implement, operate, monitor, review, and maintain an information security management
system (ISMS); it is based on British Standard 7799.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1806-1808). Pearson Education.
Kindle Edition.

ISO 27002 - ANS-This standard is considered a code of practice that describes ways to
develop a security program within the organization.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1808-1810). Pearson Education.
Kindle Edition.

ISO 27004 - ANS-ISO standard for security management

ISO 27003 - ANS-ISO standard focused on implementation

ISO 27799 - ANS-ISO standard focused on personal health info

ISO 27005 - ANS-ISO standard on how to implement solutions based upon risk
management

FISMA - ANS-Federal Info Security Management Act brought about a set of clear
guidelines for Info Security designed for protection of government IT and data

GLBA - ANS-Gramm-Leach-Bliley Act resulted in the most sweeping overhaul of
financial services regulation in the United States.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1750-1751). Pearson Education.
Kindle Edition.

,Link Encryption - ANS-encryption—The data is encrypted through the entire
communication path. Because all header information is encrypted each node must
decrypt and encrypt the routing information. Source and destination address cannot be
seen to someone sniffing traffic.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1686-1689). Pearson Education.
Kindle Edition.

End-to-End Encryption - ANS-Generally performed by the end user and as such can
pass through each node without further processing. However, source and destination
addresses are passed in clear text, so they can be seen to someone sniffing traffic.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1689-1691). Pearson Education.
Kindle Edition.

Pod Slurping - ANS-a technique for illicitly downloading or copying data from a
computer. Typically used for data exfiltration.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1612-1614). Pearson Education.
Kindle Edition.

TPM - ANS-the trusted platform module (TPM) chip. The TPM is a "slow" cryptographic
hardware processor which can be used to provide a greater level of security than
software encryption. A TPM chip installed on the motherboard of a client computer can
also be used for system state authentication. The TPM can also be used to store the
encryption keys.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1619-1622). Pearson Education.
Kindle Edition.

SED - ANS-Self-Encrypting Drives: Compliance—SEDs have the ability to offer built-in
encryption. This can help with compliance laws that many organizations must adhere to.
Strong security—SEDs make use of strong encryption. The contents of an SED are
always encrypted and the encryption keys are themselves encrypted and protected in
hardware. Ease of use—Users only have to authenticate to the drive when the device
boots up or when they change passwords/credentials. The encryption is not visible to
the user. Performance—As SEDs are not visible to the user and are integrated into
hardware, the system operates at full performance with no impact on user productivity.

, Gregg, Michael. CISSP Exam Cram (Kindle Locations 1636-1643). Pearson Education.
Kindle Edition.

DCMA - ANS-Digital Millenium Copyright Act makes it a crime to bypass anti-piracy
controls on software

ISO 9001 - ANS-a quality management standard that has widespread support and
attention. ISO 9001 describes how production processes are to be managed and
reviewed. It is not a standard of quality; it is about how well a system or process is
documented.

Gregg, Michael. CISSP Exam Cram (Kindle Locations 1816-1817). Pearson Education.
Kindle Edition.

CPTED - ANS-is Crime Prevention Through Environmental Design (CPTED). The
benefits of CPTED include the following: Natural access control Natural surveillance
Territorial reinforcement. The effect of CPTED is that it causes the criminal to feel an
increase in the threat of being discovered and provides natural surveillance that can
serve as a physical deterrent control.

What is the height of a fence to prevent a determined intruder? - ANS-8 feet high or
higher

What is the height of a fence considered for casual deterrence versus too tall to easily
climb - ANS-3-4 ft for casual, 6-7 for too tall

Mantrap - ANS-is used to prevent piggybacking and additional layers of defense can be
obtained by using guards and CCTV.

Name the 3 types of locks - ANS-Grade 3: residential/consumer
Grade 2: light-duty and heavy-duty residential
Grade 1: High-security

What replaced Halon? - ANS-FM-200, CEA-410, Argon

What is a Dry Pipe Sprinkler System - ANS-this sprinkler system contains no standing
water. The line contains compressed air. When the system is triggered the clapper valve
opens, air flows out of the system, and water flows in (see Figure 3.6). The benefit of
this type of system is that it reduces the risk of accidental flooding and gives some time
to cover or turn off electrical equipment; great for areas prone to freezing

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMQA. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

66579 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart