CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update.
11 vistas 0 veces vendidas
Grado
CISSP
Institución
CISSP
CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update.
What is the most effective defense against cross-site scripting attacks?
a) Limiting account privileges
b)User Authentication
c) Input validation
d)encryption
c) Input validation prevents cross-site s...
cissp exam practicestudy questions with accurate answers
graded a latest update what is the most effective defense against cross site scripting attacks a limiting account privileges buser
Escuela, estudio y materia
CISSP
Todos documentos para esta materia (308)
Vendedor
Seguir
QuickPass
Comentarios recibidos
Vista previa del contenido
CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest
update.
What is the most effective defense against cross-site scripting attacks?
a) Limiting account privileges
b)User Authentication
c) Input validation
d)encryption
c) Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This
prevents the attacker from including the HTML ˂SCRIPT˃ tag in the input.
What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared
with others?
a) production
b) processing
c) revice
d) presentation
a) Production places the information in a format that may be shared with others.
What form of security planning is designed to focus on timeframes of approximately one year and may
include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even
acquisition plans?
a)strategic
b) operational
c) tactical
d)administrative
c.) tactical planning is designed to focus on timeframes of approximately one year and may include
scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition
plans.
Which is not a part of an electronic access control lock?
A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner
d -An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door
closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed
sensor to reenable the electromagnet.
,Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
a.Communications circuits
B. Workstations
C. Servers
D. Current data
d- current data
Which one of the following Data Encryption Standard (DES) operating modes can be used for large
messages with the assurance that an error early in the encryption/decryption process won't spoil results
throughout the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)
d -Output feedback (OFB) mode prevents early errors from interfering with future
encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout
the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large
amounts of data.
Which one of the following items is not a critical piece of information in the chain of evidence?
A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected
c -The chain of evidence does not require that the evidence collector know or document the relationship
of the evidence to the crime.
Which firewall type looks exclusively at the message header to determine whether to transmit or drop
data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering
a -A static packet-filtering firewall filters traffic by examining data from a message header.
What type of information is used to form the basis of an expert system's decision-making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind
c -Expert systems use a knowledge base consisting of a series of "if/then" statements to form decisions
based on the previous experience of human experts.
,What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES
encryption?
A. Birthday attack
B. Chosen ciphertext attack
C. Meet-in-the-middle attack
D. Man-in-the-middle attack
c -The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation
power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as
a standard for government communication.
Which of the following is most directly associated with providing or supporting perfect forward secrecy?
A. PBKDF2
B. ECDHE
C. HMAC
D. OCSP
B- Elliptic Curve Diffie-Hellman Ephemeral, or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE),
implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an
example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a
hashing function. OCSP is used to check for certificate revocation.
What is the best way to understand the meaning of the term 100-year flood plain?
A. A flood that occurs once every 100 years
B. A flood larger than any recorded in the past 100 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 100 (1%) of occurring in any single calendar year
D-Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of
the probability of their occurrence. An area rated as a 100-year flood plain has a 1 in 100 chance of
occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any
given calendar year, and so forth. Options A and B misrepresent the meaning of the 100-year interval
mentioned, while option C fails to address its probabilistic intent.
What is the formula used to compute the ALE?
A. ALE = AV EF ARO
B. ALE = ARO * EF
C. ALE = AV * ARO
D. ALE = EF * ARO
a -The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the
exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the
formula ALE = SLE * ARO. The other formulas displayed here do not accurately reflect this calculation.
Matthew and Richard want to communicate with each other using a public key cryptosystem. What is
the total number of keys they must have to successfully communicate?
A. 1
B. 2
, C. 3
D. 4
To use public key cryptography, Matthew and Richard must each have their own pair of public and
private cryptographic keys.
atunnel mode VPN is used to connect which types of systems?
A. Hosts and servers
B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers
c-Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is
used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.
___________________ is any hardware, software, or administrative policy or procedure that defines
and enforces access and restriction rights on an organizational level.
A. Logical control
B. Technical control
C. Access control
D. Administrative control
c- access control
Which of the following cryptographic attacks can be used when you have access to an encrypted
message but no other information?
A. Known plain-text attack
B. Frequency analysis attack
C. Chosen cipher-text attack
D. Meet-in-the-middle attack
b-Frequency analysis may be used on encrypted messages. The other techniques listed require
additional information, such as the plaintext or the ability to choose the ciphertext.
Which of the following approaches uses mathematical algorithms to analyze data, developing models
that may be used to predict future activity?
A. Expert systems
B. Data mining
C. Data warehousing
D. Information discovery
b- Data mining uses mathematical approaches to analyze data, searching for patterns that predict future
activity.
Vulnerabilities and risks are evaluated based on their threats against which of the following?
A. One or more of the CIA Triad principles
B. Data usefulness
Los beneficios de comprar resúmenes en Stuvia estan en línea:
Garantiza la calidad de los comentarios
Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!
Compra fácil y rápido
Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.
Enfócate en lo más importante
Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable.
Así llegas a la conclusión rapidamente!
Preguntas frecuentes
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
100% de satisfacción garantizada: ¿Cómo funciona?
Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller QuickPass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for 12,20 €. You're not tied to anything after your purchase.