CISSP Cert Library Topic 5

Which of the following are the two commonly defined types of covert channels: A. Storage and Timing B. Software and Timing C. Storage and Kernel D. Kernel and Timing

Answer : A Explanation: A covert storage channel involves direct or indirect reading of a storage location by another process. A covert timing channel depends upon being able to influence the rate that some ofther process is able to acquire resources, such as the CPU. A covert storage channel is a covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g. sectors on a disk) that is shared by two subjects at different security levels. A covert timing channel is a covert channel in which one process signals information to another by modulating its own use of system resources (e.g. CPU time) in such a way that this manipulation affects the real response time observed by the second process References: TIPTON, Harold F., The Official (ISC)2 Guide to the CISSP CBK (2007), page 550. and http://www.isg.rhul.ac.uk/~prai175/ISGStudentSem07/CovertChannels.ppt NEXT QUESTION

A hardware RAID implementation is usually: A. platform-independent. B. platform-dependent. C. operating system dependant. D. software dependant.

Answer : A Explanation: A hardware RAID implementation is usually platform-independent. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67. NEXT QUESTION

Which of the following refers to the data left on the media after the media has been erased? A. remanence B. recovery C. sticky bits D. semi-hidden

Answer : A Explanation: Actually the term "remanence" comes from electromagnetism, the study of the electromagnetics. Originally referred to (and still does in that field of study) the magnetic flux that remains in a magnetic circuit after an applied magnetomotive force has been removed. Absolutely no way a candidate will see anywhere near that much detail on any similar CISSP question, but having read this, a candidate won't be likely to forget it either. It is becoming increasingly commonplace for people to buy used computer equipment, such as a hard drive, or router, and find information on the device left there by the previous owner; information they thought had been deleted. This is a classic example of data remanence: the remains of partial or even the entire data set of digital information. Normally, this refers to the data that remain on media after they are written over or degaussed. Data remanence is most common in storage systems but can also occur in memory. Specialized hardware devices known as degaussers can be used to erase data saved to magnetic media. The measure of the amount of energy needed to reduce the magnetic field on the media to zero is known as coercivity. It is important to make sure that the coercivity of the degausser is of sufficient strength to meet object reuse requirements when erasing data. If a degausser is used with insufficient coercivity, then a remanence of the data will exist. Remanence is the measure of the existing magnetic field on the media; it is the residue that remains after an object is degaussed or written over. Data is still recoverable even when the remanence is small. While data remanence exists, there is no assurance of safe object reuse. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 4207-4210). Auerbach Publications. Kindle Edition. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19694-19699). Auerbach Publications. Kindle Edition. NEXT QUESTION

If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Data leakage through covert channels. D. Denial of service through a deadly embrace.

Answer : A Explanation: Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data. Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an application or process. Applications and services on a computer system may create or use objects in memory and in storage to perform programmatic functions. In some cases, it is necessary to share these resources between various system applications. However, some objects may be employed by an application to perform privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the data in those objects is not erased after use, they may become available to unauthorized users or processes. Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the user to step on somebody's session if the p y g p y p y security token/identify was maintained in that space. This is generally more malicious and intentional than accidental though. The MOST common issue would be Disclosure of residual data. The following answers are incorrect: Unauthorized obtaining of a privileged execution state. Is incorrect because this is not a problem with Object Reuse. Data leakage through covert channels. Is incorrect because it is not the best answer. A covert channel is a communication path. Data leakage would not be a problem created by Object Reuse. In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Lampson is defined as "(channels) not intended for information transfer at all, such as the service program's effect on system load." to distinguish it from Legitimate channels that are subjected to access controls by COMPUSEC. Denial of service through a deadly embrace. Is incorrect because it is only a detractor. References: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 4174-4179). Auerbach Publications. Kindle Edition. and https://www.fas.org/irp/nsa/rainbow/tg018.htm and http://en.wikipedia.org/wiki/Covert_channel NEXT QUESTION

A Differential backup process will: A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1 B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0 C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0 D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1

Answer : A Explanation: Archive bit 1 = On (the archive bit is set). Archive bit 0 = Off (the archive bit is NOT set). When the archive bit is set to ON, it indicates a file that has changed and needs to be backed up. Differential backups backup all files changed since the last full. To do this, they don't change the archive bit value when they backup a file. Instead the differential let's the full backup make that change. An incremental only backs up data since the last incremental backup. Thus is does change the archive bit from 1 (On) to 0 (Off). The following answers are incorrect: Backs up data labeled with archive bit 1 and changes the data label to archive bit 0. - This is the behavior of an incremental backup, not a differential backup. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0. - If the archive bit is set to 0 (Off), it will only be backed up via a Full backup. Everything else will ignore it. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1. - If the archive bit is set to 0 (Off), it will only be backed up via a Full backup. Everything else will ignore it. The following reference(s) were/was used to create this question: https://en.wikipedia.org/wiki/Archive_bit NEXT QUESTION

Crime Prevention Through Environmental Design (CPTED) is a discipline that: A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior.

Answer : A Explanation: Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It provides guidance about lost and crime prevention through proper facility contruction and environmental components and procedures. CPTED concepts were developed in the 1960s. They have been expanded upon and have matured as our environments and crime types have evolved. CPTED has been used not just to develop corporate physical security programs, but also for large-scale activities such as development of neighborhoods, towns, and cities. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns. It looks at microenvironments, such as offices and rest-rooms, and macroenvironments, like campuses and cities. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 435). McGraw- Hill. Kindle Edition. and CPTED Guide Book NEXT QUESTION

What are the four basic elements of Fire? A. Heat, Fuel, Oxygen, and Chain Reaction B. Heat, Fuel, CO2, and Chain Reaction C. Heat, Wood, Oxygen, and Chain Reaction D. Flame, Fuel, Oxygen, and Chain Reaction

Answer : A Explanation: Four elements must be presentin order for fire to exist. These elements are HEAT, FUEL, OXYGENand CHAIN REACTION. While not everything is p p , , y g known about the combustion process, it is generally accepted that fire is a chemical reaction. This reaction is dependent upon a material rapidly oxidizing, or uniting with oxygen so rapidly that it produces heat and flame. Until the advent of newer fire extinguishing agents, fire was thought of as a triangle with the three sides represented by heat, fuel, and oxygen. If any one of the three sides were to be taken away, the fire would cease to exist. Studies of modern fire extinguishing agents have revealed a fourth element - a self propagating chain reaction in the combustion process. As a result, the basic elements of fire are represented by the fire tetrahedron - HEAT, FUEL, OXYGEN and CHAIN REACTION. Fire Tetrahedron The theory of re extinguishment is based on removing any one or more of the four elements in the re tetrahedron to suppress the re. REMOVING THE HEAT In order to remove the heat, something must be applied to the re to absorb the heat or act as a heat exchanger. Water is not the only agent used to accomplish this, but it is the most common. REMOVING THE FUEL Under many circumstances, it is not practical to attempt to remove the fuel from the re. When dealing with ammable liquid res, valves can be shut o and storage vessels pumped to safe areas to help eliminate the supply of fuel to the re. Flammable gas res are completely extinguished by shutting o the fuel supply. REMOVE THE OXYGEN Oxygen as it exists in our atmosphere (21%) is su cient to support combustion in most re situations. Removal of the air or oxygen can be accomplished by separating it from the fuel source or by displacing it with an inert gas. Examples of separation would be foam on a ammable liquid re, a wet blanket on a trash re, or a tight tting lid on a skillet re. Agents such as CO2, nitrogen, and steam are used to displace the oxygen. INTERRUPT THE CHAIN REACTION Modern extinguishing agents, such as dry chemical and halons, have proven to be e ective on various res even though these agents do not remove heat, fuel, or oxygen. Dry chemical and halogenated agents are thought to suspend or bond with free radicals that are created in the combustion process and thus prevent them from continuing the chain reaction. It must be noted that Halon is now banned in most country or cities. The agreement banning Halon Production is called The Montreal Protocol. Click on the following link to see a nice video on re ghting and extinguishing agents, it cover key information you need to know for the exam. Resume of the class of Fires: Class of Fires All of the other answers are incorrect: References: Fire and Fire Extinguishment and http://code7700.com/ re.html

Which of the QUESTION following answers BEST indicates the most important part of a data backup NEXT plan? A. Testing the backups with restore operations B. An effective backup plan C. A reliable network infrastructure D. Expensive backup hardware

Answer : A Explanation: If you can't restore lost files from your backup system then your backup plan is useless. You could have the best backup system and plan available but if you are unable to restore files then the system can't assure data availability. Develop an effective disaster recovery plan and include in that plan a good backup strategy that meets the needs of your organization. Be sure to include periodic recovery practice operations to prove the effectiveness of the system. The following answers are incorrect: - An effective backup plan: This is vital but testing the plan with restores is vital to operate a network safely. - A reliable network infrastructure: This is incorrect because it is only part of what you need to have an effective backup and restore plan. - Expensive backup hardware: This is good to have but if you don't rest your restore plan and it doesn't work when you need it, it is useless. The following reference(s) was used to create this question: 2013. Official Security+ Curriculum. NEXT QUESTION

Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses

Answer : A Explanation: It involves changing data before , or as it is entered into the computer or in other words , it refers to the alteration of the existing data. The other answers are incorrect because : Salami techniques : A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. Trojan horses : A Trojan Horse is a program that is disguised as another program. Viruses :A Virus is a small application , or a string of code , that infects applications. Reference : Shon Harris , AIO v3 Chapter - 11 : Application and System Development , Page : 875-880 Chapter - 10 : Law , Investigation and Ethics , Page : 758-759 NEXT QUESTION

Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. Halon B. CO2 C. water D. soda acid

Answer : A Explanation: It must be noted that Halon is now banned from being produce or manufacture in most country or cities. Multiple countries have agreed to and signed The Montreal Protocol which disallow production of Halon. Data Centers that still have Halon loaded within their cylinders will replace it with a safe replacement such as FM200 or Innergen if they ever make use of it. Halon is a "Clean Agent." The National Fire Protection Association defines, a "Clean Agent" as "an electrically non- conducting, volatile, or gaseous fire extinguishant that does not leave a residue upon evaporation." Halon is a liquefied, compressed gas that stops the spread of fire by chemically disrupting combustion. Halon 1211 (a liquid streaming agent) and Halon 1301 (a gaseous flooding agent) leave no residue and are remarkably safe for human exposure. Halon is rated for class "B" (flammable liquids) and "C" (electrical fires), but it is also effective on class "A" (common combustibles) fires. Halon 1211 and Halon 1301 are low-toxicity, chemically stable compounds that, as long as they remain contained in cylinders, are easily recyclable. Halon is an extraordinarily effective fire extinguishing agent, even at low concentrations. According to the Halon Alternative Research Corporation: "Three things must come together at the same time to start a fire. The first ingredient is fuel (anything that can burn), the second is oxygen (normal breathing air is ample) and the last is an ignition source (high heat can cause a fire even without a spark or open flame). Traditionally, to stop a fire you need to remove one side of the triangle - the ignition, the fuel or the oxygen. Halon adds a fourth dimension to fire fighting - breaking the chain reaction. It stops the fuel, the ignition and the oxygen from dancing together by chemically reacting with them." A key benefit of Halon, as a clean agent, is its ability to extinguish fire without the production of residues that could damage the assets being protected. Halon has been used for fire and explosion protection throughout the 20th century, and remains an integral part of the safety plans in many of today's manufacturing, electronic and aviation companies. Halon protects computer and communication rooms throughout the electronics industry; it has numerous military applications on ships, aircraft and tanks and helps ensure safety on all commercial aircraft. Because Halon is a CFC, production of new Halon ceased in 1994. There is no cost effective means of safely and effectively disposing of the Halon. Therefore, recycling and reusing the existing supply intelligently and responsibly to protect y y p g , y g g g pp y g y p y p lives and property is the wisest solution. Sources: http://www.h3rcleanagents.com/support_faq_2.htm and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 335. And AIO v4 pg. 443 has a great chart on how the different extinguishers kill a fire NEXT QUESTION

Which of the following is the preferred way to suppress an electrical fire in an information center? A. CO2 B. CO2, soda acid, or Halon C. water or soda acid D. ABC Rated Dry Chemical

Answer : A Explanation: It must be noted that Halon is now banned in most countries or cities. The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as non-conductive. The agent evaporates and does not leave a residue on the equipment. CO2 can be hazardous to people so special care must be taken when implemented. Water may be a sound solution for large physical areas such as warehouses, but it is entirely inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen. In the past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes the ozone layer, and can injure nearby personnel. NOTE FROM CLEMENT: For the purpose of the exam do not go outside of the 4 choices presented. YES, it is true that there are many other choices that would be more adequate for a Data Centre. An agent such as IG-55 from Ardent would probably be a better choice than CO2, however it is NOT in the list of choices. You will also notice that Shon Harris and Krutz and Vines disagree on which one is the best. This is why you must do your own research to supplement the books, sometimes books could be opiniated as well. When in doubt refer to the official book and look at what is ISC2 view of the topic and which one ISC2 considers to be the best for the exam. ISC2 recommends also the following: Aero-K - uses an aerosol of microscopic potassium compounds in a carrier gas released from small canisters mounted on walls near the ceiling. The Aero-K generators are not pressurized until fire is detected. The Aero-K system uses multiple fire detectors and will not release until a fire is confirmed by two or more detectors (limiting accidental discharge). The gas is non-corrosive, so it does not damage metals or other materials. It does not harm electronic devices or media such as tape or discs. More important, Aero-K is nontoxic and does not injure personnel. FM-200 - is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure vision. It leaves no residue and has acceptable toxicity for use in occupied spaces at design concentration. FM-200 does not displace oxygen and, therefore, is safe for use in occupied spaces without fear of oxygen deprivation. The following are incorrect choices: Water or Soda/Acid & Halon: (old water extinguishers) will damage sensitive equipment as well as conduct electricity which could endanger the life of the person using such a fire extinghisher. Halon has been banned due to the Montreal Protocol. ABC rated Dry chemical extinguishers: They are suitable for electrically energized fires, but they are not acceptable on sensitive equipment. It is like throwing a couple kilograms of flour in around in a room. It is extremely hard to clean off o NEXT QUESTION

Critical areas should be lighted: A. Eight feet high and two feet out. B. Eight feet high and four feet out. C. Ten feet high and four feet out. D. Ten feet high and six feet out.

Answer : A Explanation: Lighting should be used to discourage intruders and provide safety for personnel, entrances, parking areas and critical sections. Critical areas should be illuminated 8 feet high and 2 feet out. Source: WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 4). NEXT QUESTION

Which of the following is a class A fire? A. common combustibles B. liquid C. electrical D. Halon

Answer : A Explanation: One of my student shared a tip with me on how to remember the classes of fire. He said that he thinks about my first name to do so. More specifically the first four letters of my first name which is CLEMent. C stands for Common Combustible (CLASS A) L stands for Liquid Fire (CLASS B) E stands for Electrical Fire (CLASS C) M stands for Metals that are burning (CLASS D) Esha Oyarijivbie has shared another tip with me: For another mnemonic: clem klm Show verb (used with object), verb (used without object), clemmed, clemming. British Dialect . to starve. I think this is a very poignant way to remember the classes of fires being that you want to know the difference in fires so that you can effectively "starve" the fire of its fuel. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 335. NEXT QUESTION

Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media? A. Degaussing B. Overwrite every sector of magnetic media with pattern of 1's and 0's C. Format magnetic media D. Delete File allocation table

Answer : A Explanation: PERMANENTLY is the keyword used in the question. You need to find out data removal method which remove data permanently from magnetic media. Degaussing is the most effective method out of all provided choices to erase sensitive data on magnetic media provided magnetic media is not require to be reuse. Some degaussers can destroy drives. The security professional should exercise caution when recommending or using degaussers on media for reuse. A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). For your exam you should know the information below: When media is to be reassigned (a form of object reuse), it is important that all residual data is carefully removed. Simply deleting files or formatting the media does not actually remove the information. File deletion and media formatting often simply remove the pointers to the information. Providing assurance for object reuse requires specialized tools and techniques according to the type of media on which the data resides. Specialized hardware devices known as degaussers can be used to erase data saved to magnetic media. The measure of the amount of energy needed to reduce the magnetic field on the media to zero is known as coercivity. It is important to make sure that the coercivity of the degausser is of sufficient strength to meet object reuse requirements when erasing data. If a degausser is used with insufficient coercivity, then a remanence of the data will exist. Remanence is the measure of the existing magnetic field on the media; it is the residue that remains after an object is degaussed or written over. Data is still recoverable even when the remanence is small. While data remanence exists, there is no assurance of safe object reuse. Some degaussers can destroy drives. The security professional should exercise caution when recommending or using degaussers on media for reuse. Software tools also exist that can provide object reuse assurance. These tools overwrite every sector of magnetic media with a random or predetermined bit pattern. Overwrite methods are effective for all forms of electronic media with the exception of read-only optical media. There is a drawback to using overwrite software. During normal write operations with magnetic media, the head of the drive moves back-and-forth across the media as data is written. The track of the head does not usually follow the exact path each time. The result is a miniscule amount of data remanence with each pass. With specialized equipment, it is possible to read data that has been overwritten. To provide higher assurance in this case, it is necessar NEXT QUESTION

RAID level 10 is created by combining which of the following? A. level 0 (striping) with level 1 (mirroring). B. level 0 (striping) with level 2 (hamming). C. level 0 (striping) with level 1 (clustering). D. level 0 (striping) with level 1 (hamming).

Answer : A Explanation: RAID Level 10 is created by combining level 0 (striping) with level 1 (mirroring). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. NEXT QUESTION

Which of the following is used to create parity information? A. a hamming code B. a clustering code C. a mirroring code D. a striping code

Answer : A Explanation: RAID Level 2 :- The parity information is created using a hamming code that detects errors and establishes which part of which drive is in error. Source: p p y g g p KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. NEXT QUESTION

The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios? A. system is up and running B. system is quiesced but operational C. system is idle but operational D. system is up and in single-user-mode

Answer : A Explanation: RAID Level 5 :- The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server while the system is up and running. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. NEXT QUESTION

The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. physical damage C. theft D. Tailgating

Answer : A Explanation: SYN flood is not a physical security issue. The main risks that physical security components combat are theft, interruptions to services, physical instrusion and damage, compromised system integrity, and unauthorized disclosure of information. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, page 291. NEXT QUESTION

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating? A. Security administrators B. Operators p C. Data owners D. Data custodians

Answer : A Explanation: Security administrator functions include user-oriented activities such as setting user clearances, setting initial password, setting other security characteristics for new users or changing security profiles for existing users. Data owners have the ultimate responsibility for protecting data, thus determining proper user access rights to data. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? A. Static electricity B. Electro-plating C. Energy-plating D. Element-plating

Answer : A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 333. NEXT QUESTION

Which of the following ensures that security is not breached when a system crash or other system failure occurs? A. trusted recovery B. hot swappable C. redundancy D. secure boot

Answer : A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 222. "System crash" and "system failure" are the key words. One "recovers" from a crash or failure. NEXT QUESTION

Which of the following is a class C fire? A. electrical B. liquid C. common combustibles D. soda acid

Answer : A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 335. NEXT QUESTION

Which of the following is NOT a media viability control used to protect the viability of data storage media? A. clearing B. marking C. handling D. storage

Answer : A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 231, 348. Marking, handling and storage are all media viability controls used to protect the viability of data storage media. NEXT QUESTION

Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder

Answer : A Explanation: The Answer: Magnetically striped cards are digitally encoded cards. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342. NEXT QUESTION

Of the various types of "Hackers" that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers? A. Suicide Hackers B. Black Hat Hackers C. White Hat Hackers D. Gray Hat Hackers

Answer : A Explanation: Suicide Hackers are a type of hackers without fear, who disregard the authority, the police, or law. Suicide Hackers hack for a cause important to them and find the end goal more important than their individual freedom. The term "Hacker" originally meant a Unix computer enthusiast but has been villainized in the media as a "Criminal Hacker" for a mass audience. A hacker used to be known as a good person who would add functionality within software or would make things work better. To most people today "Hacker" means criminal "Criminal Cracker", it is synonymous with Cracker or someone who get access to a system without the owner authorization. As seen in news reports in 2011 and later hackers associated with the "Anonymous" movement have attacked finance and/or credit card companies, stolen enough information to make contributions to worthy charities on behalf of organizations they see as contrary to the public good. These sorts of attackers/hackers could be considered suicide hackers. Some did get caught and prosecuted while carrying out their cause. Nobody can know if they knew their activities would land them in court and/or prison but they had to have known of the risk and proceeded anyway. The following answers are incorrect: Black Hat hackers are also known as crackers and are merely hackers who "violates computer security for little reason beyond maliciousness or for personal gain". Black Hat Hackers are "the epitome of all that the public fears in a computer criminal". Black Hat Hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. White Hat Hackers are law-abiding, reputable experts defending assets and not breaking laws. A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. Often, this type of 'white hat' hacker is called an ethical hacker. The International Council of Electronic Commerce Consultants, also known as the EC-Council has developed certifications, courseware, classes, and online training covering the diverse arena of Ethical Hacking. Note about White Hat: As reported by Adin Kerimov, a white hat would not be worried about going to jail as he is doing a test with authorization as well and he has a signed agreement. While this is a true point he BEST choice is Suicide Hackers for the purpose of the exam, a white hat hacker would not disregard law and the autority. . Gray Hat Hackers work both offensively and defensively and can cross the border between legal/ethical behavior and illegal/unethical behavior. A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying t NEXT QUESTION

Which of the following is NOT a precaution you can take to reduce static electricity? A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooring

Answer : A Explanation: The Answer: Power line conditioning is a protective measure against noise. It helps to ensure the transmission of clean power. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 334. NEXT QUESTION

Which of the following is currently the most recommended water system for a computer room? A. preaction B. wet pipe C. dry pipe D. deluge

Answer : A Explanation: The Answer: Preaction combines both the dry and wet pipe systems and allows manual intervention before a full discharge of water on the equipment occurs. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 334. NEXT QUESTION

The main issue with Level 1 of RAID is which of the following? A. It is very expensive. B. It is difficult to recover. C. It causes poor performance. D. It is relatively unreliable.

Answer : A Explanation: The main issue with RAID Level 1 is that the one-for-one ratio is very expensive-resulting in the highest cost per megabyte of data capacity. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. NEXT QUESTION

The main issue with RAID Level 1 is that the one-for-one ratio is: A. very expensive, resulting in the highest cost per megabyte of data capacity. B. very inexpensive, resulting in the lowest cost per megabyte of data capacity. C. very unreliable resulting in a greater risk of losing data. D. very reliable resulting in a lower risk of losing data.

Answer : A Explanation: The main issue with RAID Level 1 is that the one-for-one ratio is very expensive-resulting in the highest cost per megabyte of data capacity. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 90. RAID Level 0 - "Writes files in stripes across multiple disks without the use of parity informaiton. This technique allows for fast reading and writing to disk. However, without parity information, it is not possible to recover from a hard drive failure." Source: Official ISC2 Guide to the CISSP CBK. p. 657 NEXT QUESTION

The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following? A. block level. B. bridge level. C. channel level. D. buffer level.

Answer : A Explanation: The only difference is that level 3 is implemented at the byte level and level 4 is usually implemented at the block level. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66. NEXT QUESTION

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as? A. Dual Control B. Need to know C. Separation of duties D. Segragation of duties

Answer : A Explanation: The question mentions clearly "operating together". Which means the BEST answer is Dual Control. Two mechanisms necessary to implement high integrity environments where separation of duties is paramount are dual control or split knowledge. Dual control enforces the concept of keeping a duo responsible for an activity. It requires more than one employee available to perform a task. It utilizes two or more separate entities (usually persons), operating together, to protect sensitive functions or information. Whenever the dual control feature is limited to something you know., it is often called split knowledge (such as part of the password, cryptographic keys etc.) Split knowledge is the unique what each must bring and joined together when implementing dual control. To illustrate, let say you have a box containing petty cash is secured by one combination lock and one keyed lock. One employee is given the combination to the combo lock and another employee has possession of the correct key to the keyed lock. In order to get the cash out of the box both employees must be present at the cash box at the same time. One cannot open the box without the other. This is the aspect of dual control. On the other hand, split knowledge is exemplified here by the different objects (the combination to the combo lock and the correct physical key), both of which are unique and necessary, that each brings to the meeting. This is typically used in high value transactions / activities (as per the organizations risk appetite) such as: Approving a high value transaction using a special user account, where the password of this user account is split into two and managed by two different staff. Both staff should be present to enter the password for a high value transaction. This is often combined with the separation of duties principle. In this case, the posting of the transaction would have been performed by another staff. This leads to a situation where collusion of at least 3 people are required to make a fraud transaction which is of high value. Payment Card and PIN printing is separated by SOD principles. Now the organization can even enhance the control mechanism by implementing dual control / split knowledge. The card printing activity can be modified to require two staff to key in the passwords for initiating the printing process. Similarly, PIN printing authentication can also be made to be implemented with dual control. Many Host Security modules (HSM) comes with built in controls for dual controls where physical keys are required to initiate the PIN printing process. Managing encryption keys is another key area where dual control / split knowledge to be implemented. PCI DSS defines Dual Control as below. This is more from a cryptographic perspective, still useful: Dual Control: Process of using two or more separate entities (usually persons) operating in concert to protect sensitive functions or information. Both entities are equally responsible for t NEXT QUESTION

What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. y B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.

Answer : A Explanation: Vibration sensors are similar and are also implemented to detect forced entry. Financial institutions may choose to implement these types of sensors on exterior walls, where bank robbers may attempt to drive a vehicle through. They are also commonly used around the ceiling and flooring of vaults to detect someone trying to make an unauthorized bank withdrawal. Such sensors are proned to false positive. If there is a large truck with heavy equipment driving by it may trigger the sensor. The same with a storm with thunder and lighting, it may trigger the alarm even thou there are no adversarial threat or disturbance. The following are incorrect answers: All of the other choices are incorrect. Reference used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (pp. 495-496). McGraw-Hill . Kindle Edition. NEXT QUESTION

Which fire class can water be most appropriate for? A. Class A fires B. Class B fires C. Class C fires D. Class D fires

Answer : A Explanation: Water is appropriate for class A (common combustibles) fires. Class B fires (liquid) are best handled by CO2, soda acid or Halon. Class C fires (electrical) are best handled by CO2 and Halon. Fire class D is used for combustible metals like magnesium. Source: WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 3). NEXT QUESTION

A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault

Answer : B Explanation: A prolonged power outage is a blackout. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, p page 368. p g p g , , , , , NEXT QUESTION

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. Preventative control. B. Detective control C. Compensating control D. Corrective control

Answer : B Explanation: Detective security controls are like a burglar alarm. They detect and report an unauthorized or undesired event (or an attempted undesired event). Detective security controls are invoked after the undesirable event has occurred. Example detective security controls are log monitoring and review, system audit, file integrity checkers, and motion detection. Visual surveillance or recording devices such as closed circuit television are used in conjunction with guards in order to enhance their surveillance ability and to record events for future analysis or prosecution. When events are monitored, it is considered preventative whereas recording of events is considered detective in nature. Below you have explanations of other types of security controls from a nice guide produce by James Purcell (see reference below): Preventive security controls are put into place to prevent intentional or unintentional disclosure, alteration, or destruction (D.A.D.) of sensitive information. Some example preventive controls follow: Policy Unauthorized network connections are prohibited. Firewall Blocks unauthorized network connections. Locked wiring closet Prevents unauthorized equipment from being physically plugged into a network switch. Notice in the preceding examples that preventive controls crossed administrative, technical, and physical categories discussed previously. The same is true for any of the controls discussed in this section. Corrective security controls are used to respond to and fix a security incident. Corrective security controls also limit or reduce further damage from an attack. Examples follow: Procedure to clean a virus from an infected system A guard checking and locking a door left unlocked by a careless employee Updating firewall rules to block an attacking IP address Note that in many cases the corrective security control is triggered by a detective security control. Recovery security controls are those controls that put a system back into production after an incident. Most Disaster Recovery activities fall into this category. For example, after a disk failure, data is restored from a backup tape. Directive security controls are the equivalent of administrative controls. Directive controls direct that some action be taken to protect sensitive organizational information. The directive can be in the form of a policy, procedure, or guideline. Deterrent security controls are controls that discourage security violations. For instance, Unauthorized Access Prohibited signage may deter a trespasser from entering an area. The presence of security cameras might deter an employee from stealing equipment. A policy that states access to servers is monitored could deter unauthorized access. Compensating security controls are controls that provide an alternative to normal controls that cannot be used for some reason. For instance, a certain server cannot have antivirus software installed because it interferes with a critical applicat NEXT QUESTION

Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers

Answer : B Explanation: From Shon Harris AIO Fifth Edition: Protecting power can be done in three ways: through UPSs, power line conditioners, and backup sources. UPSs use battery packs that range in size and capacity. A UPS can be online or standby. Online UPS systems use AC line voltage to charge a bank of batteries. When in use, the UPS has an inverter that changes the DC output from the batteries into the required AC form and that regulates the voltage as it powers computer devices. Online UPS systems have the normal primary power passing through them day in and day out. They constantly provide power from their own inverters, even when the electric power is in proper use. Since the environment's electricity passes through this type of UPS all the time, the UPS device is able to quickly detect when a power failure takes place. An online UPS can provide the necessary electricity and picks up the load after a power failure much more quickly than a standby UPS. Standby UPS devices stay inactive until a power line fails. The system has sensors that detect a power failure, and the load is switched to the battery pack. The switch to the battery pack is what causes the small delay in electricity being provided. So an online UPS picks up the load much more quickly than a standby UPS, but costs more of course. NEXT QUESTION

Which of the following questions is less likely to help in assessing controls over hardware and software maintenance? A. Is access to all program libraries restricted and controlled? B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions? C. Is there version control? D. Are system components tested, documented, and approved prior to promotion to production?

Answer : B Explanation: Hardware and software maintenance access controls are used to monitor the installation of, and updates to, hardware and software to ensure that the system functions as expected and that a historical record of changes is maintained. Integrity verification programs are more integrity controls than software maintenance controls. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32). NEXT QUESTION

In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing

Answer : B Explanation: Network address hijacking allows an attacker to reroute data traffic from a network device to a personal computer. Also referred to as session hijacking, p j g p p j g, network address hijacking enables an attacker to capture and analyze the data addressed to a target system. This allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Session hijacking involves assuming control of an existing connection after the user has successfully created an authenticated session. Session hijacking is the act of unauthorized insertion of packets into a data stream. It is normally based on sequence number attacks, where sequence numbers are either guessed or intercepted. The following are incorrect answers: Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. See RFC 1918 for more details. Network Address Supernetting There is no such thing as Network Address Supernetting. However, a supernetwork, or supernet, is an Internet Protocol (IP) network that is formed from the combination of two or more networks (or subnets) with a common Classless Inter- Domain Routing (CIDR) prefix. The new routing prefix for the combined network aggregates the prefixes of the constituent networks. Network Address Sniffing This is another bogus choice that sound good but does not even exist. However, sniffing is a common attack to capture cleartext password and information unencrypted over the network. Sniffier is accomplished using a sniffer also called a Protocol Analyzer. A network sniffers monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming. Also sometimes called "network probes" or "snoops," sniffers examine network traffic, making a copy of the data but without redirecting or altering it. The following reference(s) were used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press ) (Kindle Locations 8641-8642). Auerbach Publications. Kindle Edition. http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm http://wiki.answers.com/Q/What_is_network_address_hijacking KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 239. NEXT QUESTION

Which of the following is NOT an example of an operational control? A. backup and recovery B. Auditing C. contingency planning D. operations procedures

Answer : B Explanation: Operational controls are controls over the hardware, the media used and the operators using these resources. Operational controls are controls that are implemented and executed by people, they are most often procedures. Backup and recovery, contingency planning and operations procedures are operational controls. Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational controls. NEXT QUESTION

Which of the following controls related to physical security is not an administrative control? A. Personnel controls B. Alarms C. Training D. Emergency response and procedures

Answer : B Explanation: Physical security involves administrative, technical and physical controls. All of the choices presented are part of Administrative Controls except Alarms p y y , p y p p p which is a technical control. Administrative Controls are mostly on paper. Senior management must decide what role security will play in the organization, including the security goals and objectives. These directives will dictate how all the supporting mechanisms will fall into place. Basically, senior management provides the skeleton of a security infrastructure and then appoints the proper entities to fill in the rest. Publishing the company security plan or security policy would be one of the first step under the administrative controls. Personnel controls are part of Administrative Controls, it indicate how employees are expected to interact with security mechanisms and address noncompliance issues pertaining to these expectations. These controls indicate what security actions should be taken when an employee is hired, terminated, suspended, moved into another department, or promoted. Specific procedures must be developed for each situation, and many times the human resources and legal departments are involved with making these decisions. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 242). McGraw- Hill . Kindle Edition. and Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 242). McGraw- Hill . Kindle Edition. NEXT QUESTION

While referring to Physical Security, what does Positive pressurization means? A. The pressure inside your sprinkler system is greater than zero. B. The air goes out of a room when a door is opened and outside air does not go into the room. C. Causes the sprinkler system to go off. D. A series of measures that increase pressure on employees in order to make them more productive.

Answer : B Explanation: Positive pressurization means that when an employee opens a door, the air goes out and outside air does not come in. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, page 373. NEXT QUESTION

Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. traverse-mode noise B. common-mode noise C. crossover-mode noise D. transversal-mode noise

Answer : B Explanation: The Answer: Common-mode noise is electrical noise between the hot and ground wire and between the neutral and ground wire. Common mode noise will disrupt the memory logic of the processor. Noise between neutral and ground creates problems since the theoretical zero voltage between neutral and ground is utilized by microprocessors and digital logic control systems as zero voltage reference. A voltage on the ground wire will disrupt the stored memory variables of today's fast microprocessors. Common mode noise can be incorrectly interpreted as data. This noise can cause what appears to be "software glitches", erratic performance of the equipment and partial or complete memory loss. Poor grounding also contributes significantly to common mode noise and this dynamic situation can change with building age, material corrosion, soil conditions and construction. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 332. The Official ISC2 Study book on page 461 says: EMI is categorized as either common-mode noise or traverse-mode noise. Common-Mode noise occurs between hot and ground wires. Traverse-mode noise occurs between hot and neutral wires. NEXT QUESTION

According to ISC2, what should be the fire rating for the internal walls of an information processing facility? p g y A. All walls must have a one-hour minimum fire rating. B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. C. All walls must have a two-hour minimum fire rating. D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.

Answer : B Explanation: The internal walls of your processing facility must be a floor to ceiling slab with a one-hour minimum fire rating. Any adjacent walls where records such as paper, media, etc. must have a two-hour minimum fire rating. There are different regulations that exists for external walls from state to state. This topic is to illustrate that proper thickness of wall really helps in case of fire. This was demonstrated with some of the large bush fire that took place in California, we could see a few homes that were still standing because they were made of cement and fire resistent material. The ASTM (American Society for Testing and Meterials) is the organization that performs testing of material and set standards in this specific area. Source: Chris Hare's CISSP Study Notes on Physical Security, based on ISC2 CBK document. Source: CISSP Certification Exam Study Guide - All you need to pass the exam Author: K. Wan ISBN: 9889732319 The CISSP and CAP Prep Guide By Ronald L. Krutz, Russell Dean Vines NEXT QUESTION

What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging

Answer : B Explanation: The main issue with media reuse is data remanence, where residual information still resides on a media that has been erased. Degaussing, purging and destruction are ways to handle media that contains data that is no longer needed or used. Source: WALLHOFF, John, CBK#10 Physical Security (CISSP Study Guide), April 2002 (page 5). NEXT QUESTION

An Intrusion Detection System (IDS) is what type of control? A. A preventive control. B. A detective control. C. A recovery control. D. A directive control.

Answer : B Explanation: These controls can be used to investigate what happen after the fact. Your IDS may collect information on where the attack came from, what port was use, and other details that could be used in the investigation steps. "Preventative control" is incorrect. Preventative controls preclude events or actions that might compromise a system or cause a policy violation. An intrusion prevention system would be an example of a preventative control. "Recovery control" is incorrect. Recover controls include processes used to return the system to a secure state after the occurrence of a security incident. Backups and redundant components are examples of recovery controls. "Directive controls" is incorrect. Directive controls are administrative instruments such as policies, procedures, guidelines, and aggreements. An acceptable use policy is an example of a directive control. References: CBK, pp. 646 - 647 NEXT QUESTION

The most prevalent cause of computer center fires is which of the following? p p g A. AC equipment B. Electrical distribution systems C. Heating systems D. Natural causes

Answer : B Explanation: When you consider top priority tickets for the data center, security, data protection, and power consumption rise to the top. But the one thing that every data center should have, that we often throw on the back burner, is fire protection. Right now, if you heard that your data center was engulfed in flames, you would likely sit in shock, especially if you were not equipped with the proper protection. Fortunately, you can avoid this reality by taking the proper steps to protect your data center. Dave Admirand, chief data center engineer at PTS Data Center Solutions (www.ptsdcs.com), says in his own experience, electrical fires are the most common types of fires in data centers. He says, "These are typically caused by electronic equipment failures or failures of the branch circuits powering the data center equipment, including UPS and air-conditioning equipmentif located in the data center. So what does the industry offer when it comes to fire detectors and extinguishing systems designed for the data center? According to Ziemba, there is a myriad of different smoke and heat detectors available, and some, he says, are so sophisticated that they can detectand help extinguisha fire even before it reaches the incipient, or flame, stage. He says, Detectors that provide early warning capabilities are very effective in this type of situation. Addressable control panels serve as the brains for the overall fire suppression system in that they receive the signals from the detectors, provide some type of warning to the occupants, and then discharge the system. The following Reference(s) were used for this question: http://xtralis.com/resources/article_level1/838/Processor_Editorial_- _Data_Center_Fire_Protection_January_5x_2007.pdf and http://www.interfire.org/features/electric_wiring_faults.asp NEXT QUESTION

Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels? A. RAID Level 0 B. RAID Level 1 C. RAID Level 2 D. RAID Level 7

Answer : C Explanation: RAID Level 2 is the correct answer. RAID Level 2 is not used in practice and was quickly superseded by the more flexible levels. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2003, John Wiley & Sons, Page 90. RAID Level 1 "This level duplicates all disk writes from one disk to another to create two identical drives. This technique is also known as data mirroring. Redundancy is provided at this level; when one hard drive fails, the other is still available. Mirroring also allows the redundancy of hard drive controllers, which is called duplexing." Source: Official ISC2 Guide to the CISSP CBK p. 657 RAID Level 0 "Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk. However, without the parity information, it is not possible to recover from a hard drive failure. This technique does not provide redundancy and should not be used for systems with high availability requirements. " Source: Official ISC2 Guide to the CISSP CBK p. 657 RAID Level 7 - non standard RAID level, please see the wikipedia articles for non standard RAID levels. NEXT QUESTION

The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. Critical-channel analysis B. Covert channel analysis C. Critical-path analysis D. Critical-conduit analysis

Answer : C Explanation: The effectiveness of security controls is measured by the probability of detection at the point where there is enough time for a response team to interrupt an adversary. The critical path is the adversary path with the lowest probability of interruption. An adversary path is an ordered sequence of actions against an asset that could result in it being compromised. Adversaries could normally be expected to take the easiest and most direct route. Early detection of unauthorised access enables a quicker response. Ideally interception should occur before access to the asset, but this depends on the asset and the security objectives. Interruption may not be required if tamper evidence is the objective for protecting the asset. See example below: Critical Path Analysis Physical Security THE CISSP EXAM AND PHYSICAL SECURITY Information security depends on the security and management of the physical space in which computer systems operate. The CISSP exam's Common Body of Knowledge addresses the challenges of securing the physical space, its systems and the people who work within it by use of administrative, technical and physical controls. The following topics are covered: Facilities management: The administrative processes that govern the maintenance and protection of the physical operations space, from site selection through emergency response. Risks, issues and protection strategies: Risk identi cation and the selection of security protection components. Perimeter security: Typical physical protection controls. Facilities management Facilities management is a complex component of corporate security that ranges from the planning of a secure physical site to the management of the physical information system environment. Facilities management responsibilities include site selection and physical security planning (i.e. facility construction, design and layout, re and water damage protection, antitheft mechanisms, intrusion detection and security procedures.) Protections must extend to both people and assets. The necessary level of protection depends on the value of the assets and data. As an exam candidate your must learn the concept of critical-path analysis as a means of determining a component's business function criticality relative to the cost of operation and replacement. Furthermore, students need to gain an understanding of the optimal location and physical attributes of a secure facility. Among the topics covered in this domain are site inspection, location, accessibility and obscurity, considering the area crime rate, and the likelihood of natural hazards such as oods or earthquakes. EXAM TIP: This topic could be either from a Physical Security perspective or from a Logical Security Perspective. From a logical perspective it is de ne as: An analysis that de nes relationships between mission critical applications. This type of analysis is performed to show what must happen to stay in busine NEXT QUESTION

Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? A. When the fire involves paper products B. When the fire is caused by flammable products C. When the fire involves electrical equipment D. When the fire is in an enclosed area

Answer : C Explanation: A Class C fire extinguisher is preferable when a fire involves electrical equipment including wiriing. Common Class C suppression includes: gas (i.e. Halon, FM- 200, Carbon Dioxide, etc) or soda acid. To aid in memorization of Fire Class write on a paper the classes A through D, simply think of my firstname which is CLEMENT then put the word CLEM vertically as shown below: Class A -> C = Combustible Class B -> L = Liquid Class C -> E = Electrical Class D -> M = Metals Below you will find a more detailed model. Class A = Combustible Type of Fire: Common Combustibles Elements of Fire: wood products, paper, and laminates Suppression Method: water, foam Class B = Liquid Type of Fire: Liquid Elements of Fire: Petroleum products and coolants Suppression Method: Gas, CO2, foam, dry powders. Class C = Electrical Type of Fire: Electrical Elements of Fire: Electrical equipment and wires Suppression Method: Gas, CO2, dry powders. Class D = Metals p yp q p pp , , yp Type of Fire: Combustible Metals Elements of Fire: Magnesium, sodium, potassium Suppression Method: Dry powder. The following answers are incorrect: When the fire involves paper products Class A fires involve paper products and would not require a Class C extinguisher. When the fire is caused by flammable products This is a distractor When the fire is in an enclosed area This is not the best answer, because a paper product fire could still be extinguished by a Class A extinguisher, even in an enclosed area. The following references was/were used to create this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 335). and https://en.wikipedia.org/wiki/Fire_classes NEXT QUESTION

Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. A trusted path B. A protection domain C. A covert channel D. A maintenance hook

Answer : C Explanation: A covert channel is an unintended communication path within a system, therefore it is not protected by the system's normal security mechanisms. Covert channels are a secret way to convey information. Covert channels are addressed from TCSEC level B2. The following are incorrect answers: A trusted path is the protected channel that allows a user to access the Trusted Computing Base (TCB) without being compromised by other processes or users. A protection domain consists of the execution and memory space assigned to each process. A maintenance hook is a hardware or software mechanism that was installed to permit system maintenance and to bypass the system's security protections. Reference used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 219). NEXT QUESTION

A momentary low voltage, from 1 cycle to a few seconds, is a: A. spike B. blackout C. sag D. fault

Answer : C Explanation: A momentary low voltage is a sag. A synonym would be a dip. Risks to electrical power supply: POWER FAILURE Blackout: complete loss of electrical power Fault: momentary power outage POWER DEGRADATION Brownout: an intentional reduction of voltage by the power company. Sag/dip: a short period of low voltage POWER EXCESS Surge: Prolonged rise in voltage - Spike: Momentary High Voltage In-rush current: the initial surge of current required by a load before it reaches normal operation. Transient: line noise or disturbance is superimposed on the supply circuit and can cause fluctuations in electrical power Refence(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 462). McGraw- Hill. Kindle Edition. NEXT QUESTION

A prolonged high voltage is a: A. spike B. blackout C. surge D. fault

Answer : C Explanation: A prolonged high voltage is a surge. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, page 368. NEXT QUESTION

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers

Answer : C Explanation: As script kiddies are low to moderately skilled hackers using available scripts and tools to easily launch attacks against victims. The other answers are incorrect because : Black hats is incorrect as they are malicious , skilled hackers. White hats is incorrect as they are security professionals. Phreakers is incorrect as they are telephone/PBX (private branch exchange) hackers. Reference : Shon Harris AIO v3 , Chapter 12: Operations security , Page : 830 NEXT QUESTION

According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? A. A1 B. B1 C. B2 D. B3

Answer : C Explanation: B2 security level requires that systems must support separate operator and system administrator roles. At B3 and A1, systems must clearly identify the functions of the security administrator to perform the security-related functions. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 220). Also: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). NEXT QUESTION

Fault tolerance countermeasures are designed to combat threats to which of the following? A. an uninterruptible power supply. B. backup and retention capability. C. design reliability. D. data integrity.

Answer : C Explanation: Fault tolerance countermeasures are designed to combat threats to design reliability. Tolerance and Reliability are almost synonymous, this was a good indication of the best choice. Reliability tools are tools such as fail over mechanism, load balancer, clustering tools, etc... None of the other answer would improve reliability. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air- conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: A. smoke boundry area B. fire detection area C. Plenum area D. Intergen area

Answer : C Explanation: In building construction, a plenum (pronounced PLEH-nuhm, from Latin meaning full) is a separate space provided for air circulation for heating, ventilation, and air- conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. A plenum may also be under a raised floor. In buildings with computer installations, the plenum space is often used to house connecting communication cables. Because ordinary cable introduces a toxic hazard in the event of fire, special plenum cabling is required in plenum areas. Source: y , p p g q p http://searchdatacenter.techtarget.com/sDefinition/0,,sid80_gci213716,00.html NEXT QUESTION

A periodic review of user account management should not determine: A. Conformity with the concept of least privilege. B. Whether active accounts are still being used. C. Strength of user-chosen passwords. D. Whether management authorizations are up-to-date.

Answer : C Explanation: Organizations should have a process for (1) requesting, establishing, issuing, and closing user accounts; (2) tracking users and their respective access authorizations; and (3) managing these functions. Reviews should examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up-to-date, whether required training has been completed, and so forth. These reviews can be conducted on at least two levels: (1) on an application-by-application basis, or (2) on a system wide basis. The strength of user passwords is beyond the scope of a simple user account management review, since it requires specific tools to try and crack the password file/database through either a dictionary or brute-force attack in order to check the strength of passwords. Reference(s) used for this question: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (page 28). NEXT QUESTION

This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. Checkpoint level B. Ceiling level C. Clipping level D. Threshold level

Answer : C Explanation: Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of such data. To make a violation listing effective, a clipping level must be established. The clipping level establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. This solution is particularly effective for small- to medium-sized installations. Organizations with large-scale computing facilities often track all violations and use statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times). If the number of violations being tracked becomes unmanageable, the first step in correcting the problems should be to analyze why the condition has occurred. Do users understand how they are to interact with the computer resource? Are the rules too difficult to follow? Violation tracking and analysis can be valuable tools in assisting an organization to develop thorough but useable controls. Once these are in place and records are produced that accurately reflect serious violations, tracking and analysis become the first line of defense. With this procedure, intrusions are discovered before major damage occurs and sometimes early enough to catch the perpetrator. In addition, business protection and preservation are strengthened. The following answers are incorrect: All of the other choices presented were simply detractors. The following reference(s) were used for this question: Handbook of Information Security Management NEXT QUESTION

What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.

Answer : C Explanation: Poor password selection is frequently a major security problem for any system's security. Administrators should obtain and use password-guessing programs frequently to identify those users having easily guessed passwords. Because password-cracking programs are very CPU intensive and can slow the system on which it is running, it is a good idea to transfer the encrypted passwords to a standalone (not networked) workstation. Also, by doing the work on a non-networked machine, any results found will not be accessible by anyone unless they have physical access to that system. Out of the four choice presented above this is the best choice. However, in real life you would have strong password policies that enforce complexity requirements and does not let the user choose a simple or short password that can be easily cracked or guessed. That would be the best choice if it was one of the choice presented. Another issue with password cracking is one of privacy. Many password cracking tools can avoid this by only showing the password was cracked and not showing what the password actually is. It is masking the password being used from the person doing the cracking. Source: National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 8. NEXT QUESTION

Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials

Answer : C Explanation: Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, facility management, personnel controls, training, and emergency response and procedures. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 3rd. Ed., Chapter 6, page 403. NEXT QUESTION

To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? A. Order an immediate refill with Halon 1201 from the manufacturer. B. Contact a Halon recycling bank to make arrangements for a refill. C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer. D. Order an immediate refill with Halon 1301 from the manufacturer.

Answer : C Explanation: The best choice is to find or replace the systems with a Non- Hydrochlorofluorocarbon compound. A safe replacement such as Innergen, FM-200, or other non ozone depleting agent would be used. The goal of the Montreal Protocol is the cessation of production of ozone depleting agents. The Montreal Protocol on Substances That Deplete the Ozone Layer is a landmark international agreement designed to protect the stratospheric ozone layer. The treaty was originally signed in 1987 and substantially amended in 1990 and 1992. The Montreal Protocol stipulates that the production and consumption of compounds that deplete ozone in the stratosphere--chlorofluorocarbons (CFCs), halons, carbon tetrachloride, and methyl chloroform--are to be phased out by 2000 (2005 for methyl chloroform). Scientific theory and evidence suggest that, once emitted to the atmosphere, these compounds could significantly deplete the stratospheric ozone layer that shields the planet from damaging UV-B radiation. The United Nations Environment Programme (UNEP) has prepared a Montreal Protocol Handbook that provides additional detail and explanation of the provisions. References: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. and http://ozone.unep.org/Publications/MP_Handbook/MP-Handbook-2009.pdf NEXT QUESTION

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? A. They are more cost-effective B. They offer a lack of corporate bias C. They use highly talented ex-hackers D. They ensure a more complete reporting

Answer : C Explanation: Two points are important to consider when it comes to ethical hacking: integrity and independence. By not using an ethical hacking firm that hires or subcontracts to ex-hackers of others who have criminal records, an entire subset of risks can be avoided by an organization. Also, it is not cost-effective for a single firm to fund the effort of the ongoing research and development, systems development, and maintenance that is needed to operate state-of- the-art proprietary and open source testing tools and techniques. External penetration firms are more effective than internal penetration testers because they are not influenced by any previous system security decisions, knowledge of the current system environment, or future system security plans. Moreover, an employee performing penetration testing might be reluctant to fully report security gaps. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Appendix F: The Case for Ethical Hacking (page 517). NEXT QUESTION

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of? A. Complexity B. Non-transparency C. Transparency D. Simplicity

Answer : C Explanation: The security controls and mechanisms that are in place must have a degree of transparency. This enables the user to perform tasks and duties without having to go through extra steps because of the presence of the security controls. Transparency also does not let the user know too much about the controls, which helps prevent him from figuring out how to circumvent them. If the controls are too obvious, an attacker can figure out how to compromise them more easily. Security (more specifically, the implementation of most security controls) has long been a sore point with users who are subject to security controls. Historically, security controls have been very intrusive to users, forcing them to interrupt their work flow and remember arcane codes or processes (like long passwords or access codes), and have generally been seen as an obstacle to getting work done. In recent years, much work has been done to remove that stigma of security controls as a detractor from the work process adding nothing but time and money. When developing access control, the system must be as transparent as possible to the end user. The users should be required to interact with the system as little as possible, and the process around using the control should be engineered so as to involve little effort on the part of the user. For example, requiring a user to swipe an access card through a reader is an effective way to ensure a person is authorized to enter a room. However, implementing a technology (such as RFID) that will automatically scan the badge as the user approaches the door is more transparent to the user and will do less to impede the movement of personnel in a busy area. In another example, asking a user to understand what applications and data sets will be required when requesting a system ID and then specifically requesting access to those resources may allow for a great deal of granularity when provisioning access, but it can hardly be seen as transparent. A more transparent process would be for the access provisioning system to have a role-based structure, where the user would simply specify the role he or she has in the organization and the system would know the specific resources that user needs to access based on that role. This requires less work and interaction on the part of the user and will lead to more accurate and secure access control decisions because access will be based on predefined need, not user preference. When developing and implementing an access control system special care should be taken to ensure that the control is as transparent to the end user as possible and interrupts his work flow as little as possible. The following answers were incorrect: All of the other detractors were incorrect. Reference(s) used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 6th edition. Operations Security, Page 1239-1240 Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations 25278-25 NEXT QUESTION

Which of the following components are considered part of the Trusted Computing Base? A. trusted hardware and firmware B. trusted hardware and software C. trusted hardware, software and firmware D. trusted computer operators and system managers

Answer : C Explanation: The trusted computing base (TCB) is a collection of all the hardware, software, and firmware components within a system that provide some type of security and enforce the systems security policy. The TCB does not address only operating system components, because a computer system is not made up of only an operating system. Hardware, software components, and firmware components can affect the system in a negative or positive manner, and each has a responsibility to support and enforce the security policy of that particular system. Some components and mechanisms have direct responsibilities in supporting the security policy, such as firmware that will not let a user boot a computer from a USB drive, or the memory manager that will not let processes overwrite other processes data. Then there are components that do not enforce the security policy but must behave properly and not violate the trust of a system. Examples of the ways in which a component could violate the systems security policy include an application that is allowed to make a direct call to a piece of hardware instead of using the proper system calls through the operating system, a process that is allowed to read data outside of its approved memory space, or a piece of software that does not properly release resources after use. To assist with the evaluation of secure products, TCSEC introduced the idea of the Trusted Computing Base (TCB) into product evaluation. In essence, TCSEC starts with the principle that there are some functions that simply must be working correctly for security to be possible and consistently enforced in a computing system. For p p py g y y p y p g y example, the ability to define subjects and objects and the ability to distinguish between them is so fundamental that no system could be secure without it. The TCB then are these fundamental controls implemented in a given system, whether that is in hardware, software, or firmware. Each of the TCSEC levels describes a different set of fundamental functions that must be in place to be certified to that level. The link below will take you to a one page document that describes the high-level requirements that any TCB would need to meet to achieve each division or class (essentially a subdivision) of the TCSEC rating. See details at: https://www.freepracticetests.org/documents/TCB.pdf Reference(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (pp. 359-360). McGraw-Hill. Kindle Edition. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17936-17943). Auerbach Publications. Kindle Edition. NEXT QUESTION

Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor

Answer : C Explanation: You data center should be located in the middle of the facility or the core of a building to provide protection from natural disasters or bombs and provide easier access to emergency crewmembers if necessary. By being at the core of the facility the external wall would act as a secondary layer of protection as well. Information processing facilities should not be located on the top floors of buildings in case of a fire or flooding coming from the roof. Many crimes and theft have also been conducted by simply cutting a large hole on the roof. They should not be in the basement because of flooding where water has a natural tendancy to flow down :-) Even a little amount of water would affect your operation considering the quantity of electrical cabling sitting directly on the cement floor under under your raise floor. The data center should not be located on the first floor due to the presence of the main entrance where people are coming in and out. You have a lot of high traffic areas such as the elevators, the loading docks, cafeteria, coffee shopt, etc.. Really a bad location for a data center. So it was easy to come up with the answer by using the process of elimination where the top, the bottom, and the basement are all bad choices. That left you with only one possible answer which is the third floor. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 5th Edition, Page 425. NEXT QUESTION

To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it? A. Rate-of-rise temperature sensor installed on the side wall B. Variable heat sensor installed above the suspended ceiling C. Fixed-temperature sensor installed in the air vent D. Rate-of-rise temperature sensor installed below the raised floors

Answer : D Explanation: "Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. Placing a sensor under the raise floor is also a good choice. However for complete coverage you would also add sensors on and above suspended ceilings and within air ducts as well. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable. It is not enough to have temperature monitoring, you should also have smoke detectors installed in the facility; they must be installed in the right places. Detectors should be installed both on and above suspended ceilings and below raised floors, because companies run many types of wires in both places that could start an electrical fire. No one would know about the fire until it broke through the floor or dropped ceiling if detectors were not placed in these areas. Smoke Detectors should also be located in enclosures and air ducts, because smoke can gather in these areas before entering other spaces. It is important that people are alerted about a fire as quickly as possible so that damage may be reduced, fire suppression activities may start quickly, and lives may be saved." NOTE: The question did not contain any specific details about the specifics of the ventilation system such as the usage of hot aisles versus cold aisles. So you must work with the details you have and find out which of the 4 choices is the best according to the question asking for the earliest warning. The following are incorrect answers: Rate-of-rise temperature sensor and on the side wall: is wrong as placing a smoke detector on a side wall is usually not as effective as placing it on or above the suspended ceiling, under raised floors or in air vents. Variable heat sensor and above the suspended ceiling: is wrong as there is no such thing as a variable heat sensor in smoke detection. However, you could place a smoke detector in the suspended ceiling. Fixed-temperature sensor and in the air vent: is wrong as a fixed-temperature sensor is not as sensitive as a rate-of-rise sensor and therefore does not warn you as quickly. An air vent is a good place to place a sensor because the ventilation system will pick up the smoke and the sensor will trigger at that point. Reference(s) used for this Question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 470) . McGraw- Hill. Kindle Edition. NEXT QUESTION

Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks

Answer : D Explanation: All of the above are considered technical controls except for locks, which are physical controls. Administrative, Technical, and Physical Security Controls Administrative security controls are primarily policies and procedures put into place to define and guide employee actions in dealing with the organization's sensitive information. For example, policy might dictate (and procedures indicate how) that human resources conduct background checks on employees with access to sensitive information. Requiring that information be classified and the process to classify and review information classifications is another example of an administrative control. The organization security awareness program is an administrative control used to make employees cognizant of their security roles and responsibilities. Note that administrative security controls in the form of a policy can be enforced or verified with technical or physical security controls. For instance, security policy may state that computers without antivirus software cannot connect to the network, but a technical control, such as network access control software, will check for antivirus software when a computer tries to attach to the network. Technical security controls (also called logical controls) are devices, processes, protocols, and other measures used to protect the C.I.A. of sensitive information. Examples include logical access systems, encryptions systems, antivirus systems, firewalls, and intrusion detection systems. Physical security controls are devices and means to control physical access to sensitive information and to protect the availability of the information. Examples are physical access systems (fences, mantraps, guards), physical intrusion detection systems (motion detector, alarm system), and physical protection systems (sprinklers, backup generator). Administrative and technical controls depend on proper physical security controls being in place. An administrative policy allowing only authorized employees access to the data center do little good without some kind of physical access control. From the GIAC.ORG website NEXT QUESTION

Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.

Answer : D Explanation: All of these are components of Configuration Management. The following answers are incorrect: Auditing of changes to the Trusted Computing Base. Is incorrect because it refers only to auditing the changes, but nothing about controlling them. Control of changes to the Trusted Computing Base. Is incorrect because it refers only to controlling the changes, but nothing about ensuring the changes will not lead to a weakness or fault in the system. Changes in the configuration access to the Trusted Computing Base. Is incorrect because this does not refer to controlling the changes or ensuring the changes will not lead to a weakness or fault in the system. NEXT QUESTION

Which of the following is not a preventive operational control? A. Protecting laptops, personal computers and workstations. B. Controlling software viruses. C. Controlling data media access and disposal. D. Conducting security awareness and technical training.

Answer : D Explanation: Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behaviour and their responsibilities in protecting the organization's mission is an example of a preventive management control, therefore not an operational control. Source: STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for Information Technology Systems, 2001 (page 37). NEXT QUESTION

What is the most secure way to dispose of information on a CD-ROM? A. Sanitizing B. Physical damage C. Degaussing D. Physical destruction

Answer : D Explanation: First you have to realize that the question is specifically talking about a CDROM. The information stored on a CDROM is not in electro magnetic format, so a degausser woud be inneffective. You cannot sanitize a CDROM but you might be able to sanitize a RW/CDROM. A CDROM is a write once device and cannot be overwritten like a hard disk or other magnetic device. Physical Damage would not be enough as information could still be extracted in a lab from the undamaged portion of the media or even from the pieces after the physical damage has been done. Physical Destruction using a shredder, your microwave oven, melting it, would be very effective and the best choice for a non magnetic media such as a CDROM. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?

Answer : D Explanation: Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational control) than to identification and authentication (technical control). Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32). NEXT QUESTION

Which of the following should be performed by an operator? A. Changing profiles B. Approving changes C. Adding and removal of users D. Installing system software

Answer : D Explanation: Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment. Source: MOSHER, Richard & ROTHKE, Ben, CISSP CBK Review presentation on domain 7. NEXT QUESTION

Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems D. Security Guards

Answer : D Explanation: One drawback of guards is that the cost of maintaining a guard function either internally or through an external service is expensive. Although some guards are contracted through a separate company, they should still be considered part of personnel and are the most expensive service of the choices provided. A guard can also potentially incur liability costs. The following answers are incorrect: procedural controls Procedural controls are not expensive, they often involve time to develop but are certainly not the most expensive countermeasure. hardware devices Hardware devices can be expensive, especially if they are biometric readers. However, there is a fairly fixed cost of ownership whereas guards could incur liability costs and can be a very costly 24x7 countermeasure. electronic systems Electronic systems can be expensive, especially if they are biometric readers. However, there is a fairly fixed cost of ownership whereas guards could incur liability costs and can be a very costly 24x7 countermeasure. The following reference(s) were/was used to create this question: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 340). NEXT QUESTION

Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords

Answer : D Explanation: Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: badges Badges are a physical control used to identify an individual. A badge can include a smart device which can be used for authentication and thus a Technical control, but the actual badge itself is primarily a physical control. locks Locks are a Preventative Physical control and has no Technical association. guards Guards are a Preventative Physical control and has no Technical association. The following reference(s) were/was used to create this question: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 35). NEXT QUESTION

Which RAID implementation is commonly called mirroring? A. RAID level 2 B. RAID level 3 C. RAID level 5 D. RAID level 1

Answer : D Explanation: RAID level 1 actually mirrors data from one disk or a set of disks to another disk or set of disks. Each drive is normally mirrored to an equal drive partner that is being updated at the same time, thus allowing to recover from the other drive should one drive fail. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 65). NEXT QUESTION

It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. security administrator B. security analyst C. systems auditor D. systems programmer

Answer : D Explanation: Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems. Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organizations change management control system. Because the security administrators job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities. References: OFFICIAL (ISC)2 GUIDE TO THE CISSP EXAM (2003), Hansche, S., Berti, J., Hare, H., Auerbach Publication, FL, Chapter 5 - Operations Security, section 5.3,Security Technology and Tools, Personnel section (page 32). KRUTZ, R. & VINES, R. The CISSP Prep Guide: Gold Edition (2003), Wiley Publishing Inc., Chapter 6: Operations Security, Separations of Duties (page 303). NEXT QUESTION

According to Requirement 3 of the Payment Card Industrys Data Security Standard (PCI DSS) there is a requirement to protect stored cardholder data. Which of the following items cannot be stored by the merchant? A. Primary Account Number B. Cardholder Name C. Expiration Date D. The Card Validation Code (CVV2)

Answer : D Explanation: Requirement 3 of the Payment Card Industrys Data Security Standard (PCI DSS) is to protect stored cardholder data. The public assumes merchants and p q y y y ( ) p p financial institutions will protect data on payment cards to thwart theft and prevent unauthorized use. But merchants should take note: Requirement 3 applies only if cardholder data is stored. Merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves. For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data. To prevent unauthorized storage, only council certified PIN entry devices and payment applications may be used. PCI DSS compliance is enforced by the major payment card brands who established the PCI DSS and the PCI Security Standards Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. PCI DSS Requirement 3 It details technical guidelines for protecting stored cardholder data. Merchants should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal, and/or regulatory purposes. Sensitive authentication data must never be stored after authorization even if this data is encrypted. Never store full contents of any track from the cards magnetic stripe or chip (referred to as full track, track, track 1, track 2, or magnetic stripe data). If required for business purposes, the cardholders name, PAN, expiration date, and service code may be stored as long as they are rotected in accordance with PCI DSS requirements. Never store the card-validation code (CVV) or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not-present transactions). Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is displayed. The first six and last four digits are the maximum number of digits that may be displayed. This requirement does not apply to those authorized with a specific need to see the full PAN, nor does it supersede stricter requirements in place for displays of cardholder data such as in a point-of-sale receipt. PCI Data Storage [1] These data elements must be protected if stored in conjunction with the PAN. This protection should be per PCI DSS requirements for general protection of the cardholder data environment. Additionally, other legislation (e.g., related to consumer personal data protection, privacy, identity theft, or data security) may require specific protection of this data, or proper disclosure of a companys practices if consumer related personal data is being collected during the course of business. PCI DSS, however, does not apply if PANs are not stored, processed, or transmitted. [2] Sensitive authentication NEXT QUESTION

Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? A. Palm Scan B. Hand Geometry C. Fingerprint D. Retina scan

Answer : D Explanation: Retina based biometric involves analyzing the layer of blood vessels situated at the back of the eye. An established technology, this technique involves using a low-intensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient if you wear glasses or are concerned about having close contact with the reading device. For these reasons, retinal scanning is not warmly accepted by all users, even though the technology itself can work well. For your exam you should know the information below: Biometrics Biometrics verifies an individuals identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification and not well received by society. Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric system can make authentication decisions based on an individuals behavior, as in signature dynamics, but these can change over time and possibly be forged. Biometric systems that base authentication decisions on physical attributes (such as iris, retina, or fingerprint) provide more accuracy because physical attributes typically dont change, absent some disfiguring injury, and are harder to impersonate Biometrics is typically broken up into two different categories. The first is the physiological. These are traits that are physical attributes unique to a specific individual. Fingerprints are a common example of a physiological trait used in biometric systems. The second category of biometrics is known as behavioral. The behavioral authentication is also known as continuous authentication. The behavioral/continuous authentication prevents session hijacking attack. This is based on a characteristic of an individual to confirm his identity. An example is signature Dynamics. Physiological is what you are and behavioral is what you do. When a biometric system rejects an authorized individual, it is called a Type I error (false rejection rate). When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate). The goal is to obtain low numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid. When comparing different biometric systems, many different variables are used, but one of the most important metrics is the crossover error rate (CER). This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the systems accuracy. A biometric system that delivers a CER of 3 will be more accurate than a system that delivers a CER of 4. Crossover error rate (CER) is also called NEXT QUESTION

Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions? A. C2 B. B1 C. B2 D. B3

Answer : D Explanation: The Security Administrator role is define only at level B3 (and A1). It requires the system to clearly identify functions of security administrator to perform security-related functions. TCSEC B2 level specifies that the system must support separation of operator and administrator roles. References: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book), DOD 5200.28-STD. December 1985 (also available here). The CISSP Prep Guide, Second Edition: Mastering the CISSP and ISSEP Exams By Ronald L. Krutz and Russell Dean Vines on Page 308 NEXT QUESTION

Operations Security seeks to primarily protect against which of the following? A. object reuse B. facility disaster C. compromising emanations D. asset threats

Answer : D Explanation: The correct answer is asset threats. A threat is any circumstance or event with the potential to cause harm. The most important reason for identifying threats is to know from what do the assets need protection and what is the likelihood that a threat will occur. Threats cannot be eliminated, but can be anticipated, and safeguards put in place to minimize their impact. Operations Security provides audit and monitoring for mechanisms, tools and facilities which permit the identification of security events and documentation of subsequent corrective actions. Source: State of Nebraska - Information Security Systems (ISS) Security Officer Instruction Guide. NEXT QUESTION

Which of the following statements pertaining to fire suppression systems is TRUE? A. Halon is today the most common choice as far as agent are concern because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire. B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers. C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire. D. Water Based extinguisher are NOT an effective fire suppression method for class C (electrical) fires.

Answer : D Explanation: Water Based fire extinguishers should never be used on Electrical Fire. If you do so, it will probably the last time you use such an extinguisher to put out an electrical fire as you will be electrocuted. Any liquid based agent should be avoided for Electrical Fire. CO2 systems are effective because they suppress the oxygen supply required to sustain the fire. Since oxygen is removed, it can be potentially lethal to people and gas masks do not provide protection against CO2. These systems are more appropriate for unattended facilities. The Montreal Protocol of 1987 states that Halon has been designated an ozone-depleting substance and due to the risk to the environment production was stopped January 1st, 1994. Companies that still have Halon systems have been asked to replace them with nontoxic extinguishers. The name of the agreement is called The Montreal Protocol. Soda acid is an effective fire suppression method for common combustibles and liquids, but not for electrical fires. TIP: Do remember the name of the agreement that was signed in Montreal where countries have agreed to stop production of Halon, it is called: The Montreal Protocol A student of mine told me that he thinks about me when he wish to remember the classes of fire, that scared me off a bit but his explanations made a lot of sense, here how he is using my first name to remember the classes of fire. My name is CLEMENT but he is using only the CLEM portion: C = Common Combustible L = Liquid Fire E = Electrical Fire M = Metals that are flammable HERE IS ANOTHER WAY TO REMEMBER THEM FROM HARRISON: A - Ash (common combustible) B - Bubble/Boil (Liquid) C - Circuit (Electrical) D - Metal. (Just remember it :) Reference(s) used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 6: Physical Security (page 313). NEXT QUESTION

Which of the following is not a critical security aspect of Operations Controls? A. Controls over hardware. B. Data media used. C. Operators using resources. D. Environmental controls.

Answer : D Explanation: While it is important that environmental concerns are addressed they are part of the Physical Security Domain. All of the other answers fall directly under Operations Security. NEXT QUESTION

An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called: A. a magnetic field. B. a degausser. C. magnetic remanence. D. magnetic saturation.

Answer : B Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

When RAID runs as part of the operating system on the file server, it is an example of a: A. software implementation. B. hardware implementation. C. network implementation. D. server implementation.

Answer : A Explanation: When RAID runs as part of the operating system on the file server, it is an example of a software implementation. RAID can also be implemented as hardware. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67. NEXT QUESTION

Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers

Answer : A Explanation: "Ultimately, people are the last line of defense for your companys assets" (Pastore & Dulaney, 2006, p. 529). Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101. Indianapolis, IN: Sybex. NEXT QUESTION

Which of the following is not an EPA-approved replacement for Halon? A. Bromine B. Innergen C. FM-200 D. FE-13

Answer : A Explanation: Halon is a compound consisting of bromine, fluorine, and carbon. Halons are used as fire extinguishing agents, both in built-in systems and in handheld portable fire extinguishers. Halon production in the U.S. ended on December 31, 1993, because they contribute to ozone depletion. Bromine being part of Halon is not a safe replacement for Halon. The following are some of the EPA-approved replacements for halon: Several substitutes have been approved by the SNAP program that may be considered as potential candidates for specific use conditions as cited in 40 CFR 82 Appendix A to Subpart G, Substitutes Subject to Use Restrictions and Unacceptable Substitutes. It should be noted that the following substitutions are merely comments on usage and not conditions. For example, the Army has considered the use of HFC-125 in the crew compartments of its ground combat vehicles. Also, the Army has installed IG-541 in normally occupied areas. The following substitutes are listed: Total Flooding Agents Acceptable Substitutes Water Mist Systems using Potable or Natural Sea Water [Foam] A (formerly identified as Water Mist Surfactant Blend A) This agent is not a clean agent, but is a low-density, short duration foam. Carbon Dioxide (Must meet NFPA 12 and OSHA 1910.162(b)5 requirements Water Sprinklers Total Flooding Agents Substitutes Acceptable Subject To Use Conditions Normally Occupied Areas C4F10 (PFC-410 or CEA-410) C3F8 (PFC-218 or CEA-308) HCFC Blend A (NAF S-III) HFC-23 (FE 13) HFC-227ea (FM 200) IG-01 (Argon) IG-55 (Aragonite) HFC-125 HFC-134a Normally Unoccupied Areas Powdered Aerosol C CF3I HCFC-22 HCFC-124 HFC-125 HFC-134a Gelled Halocarbon/Dry Chem. Suspension (PGA) Inert Gas/Powdered Aerosol Blend (FS 0140) IG-541 (Inergen) Unacceptable Substitutes HFC-32 The following were incorrect answers: The following are all safe replacement for Halon: FE-13 is an Halon replacement (Halon 1301) in total flooding and inerting applications where its low toxicity provides for improved safety margins, the protected spaces are large, the cylinder storage area is remote from the protected space, or where the temperatures are likely to go below 0C (32F). Of the clean agents available, DuPont FE-13 has the lowest toxicity and is the safest for protecting areas where people are present. DuPont FE-13 provides the ultimate in human safety while protecting high-value assets and business continuity with a clean agent. DuPont FE-13 is: safe for people a clean agent that does not leave a residue electrically nonconductive and noncorrosive an environmentally preferred alternative to Halon with zero ozone depletion potential (ODP) FM-200 is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure vision. It leaves no residue and has acceptable toxicity for use in occupied spaces at design concentration. FM-200 does not displace oxygen and, there NEXT QUESTION

The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. Static electricity B. Corrosion C. Energy-plating D. Element-plating

Answer : B Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 333. NEXT QUESTION

Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher? A. When the fire is in its incipient stage. B. When the fire involves electrical equipment. C. When the fire is located in an enclosed area. D. When the fire is caused by flammable products.

Answer : B Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? yp A. Relief valve B. Emergency valve C. Release valve D. Clapper valve

Answer : D Explanation: Dry pipe sprinkler systems commonly are used where he ambient temperature of the space they are protecting is expected to be less than 40 F (4.4 C). The sprinkler pipe is filled with compressed air or nitrogen that is released when a sprinkler opens and allows the dry pipe valve to open, filling the overhead pipes with water. This prevent the pipes from freezing in unattended facilities such as warehouses. What keeps water from entering the sprinkler pipes prematurely? The dry pipe valve is designed so that the pressure from the compressed air or nitrogen keeps the valve closed until it is needed. Clapper Valve Interior Look at the interior of the valve assembly in the photograph above. The waterway at the bottom is smaller than the air chamber above the clapper valve. This design enables it to enjoy the mechanical advantage of the di erential principle. The larger surface area under relatively low air pressure is able to hold back the water pressure from the smaller ori ce. In most dry pipe valves, this di erential principle operates on a ratio of about 1:6; one unit of air pressure will resist six units of water pressure. If, for example, the incoming water pressure were 60 psi (4.1 bar), the di erential principle created by the larger surface area would allow as little as 10 psi (0.7 bar) air pressure to keep the valve closed. Some low- di erential dry pipe valves operate with an air to water ressure ratio of 1:1.2. While the minimum air pressure will keep the dry pipe valve closed during normal conditions, most sprinkler tters will put an additional 20 psi (1.4 bar) air pressure on the system to prevent inadvertent valve operation in the event of a small air leak. The National Fire Protection Association (NFPA) 13, Standard for the installation of Automatic Sprinkler Systems, provides guidance on minimum air pressure that must be maintained. Another important feature of this dry pipe valve is the latching device pictured in the upper left hand corner. This attachment is designed to hold the heavy dry pipe valve in the open position once it operates so that it does not interfere with water owing to control a re 341/1041 position once it operates so that it does not interfere with water owing to control a re. For additional information, refer to NFPA 13, Standard for the Installation of Automatic Sprinkler Systems. All of the other choices presented within the question were only detractors and not good responses for this speci c question. Reference: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 336. And KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: GOLD EDITION, John Wiley & Sons, 2002, page 471. and The United State Fire Administration at http://www.usfa.dhs.gov/downloads/pdf/co ee- break/cb_fp_2010_20.pdf NEXT QUESTION

Which of the following statements pertaining to ethical hacking is incorrect? A. An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. B. Testing should be done remotely to simulate external threats. C. Ethical hacking should not involve writing to or modifying the target systems negatively. D. Ethical hackers never use tools that have the potential of affecting servers or services.

Answer : D Explanation: This means that many of the tools used for ethical hacking have the potential of exploiting vulnerabilities and causing disruption to IT system. It is up to the individuals performing the tests to be familiar with their use and to make sure that no such disruption can happen or at least shoudl be avoided. The first step before sending even one single packet to the target would be to have a signed agreement with clear rules of engagement and a signed contract. The signed contract explains to the client the associated risks and the client must agree to them before you even send one packet to the target range. This way the client understand that some of the test could lead to interruption of service or even crash a server. The client signs that he is aware of such risks and willing to accept them. The following are incorrect answers: An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. An ethical hacking firm's independence can be questioned if they sell security solutions at the same time as doing testing for the same client. There has to be independance between the judge (the tester) and the accuse (the client). Testing should be done remotely to simulate external threats Testing simulating a cracker from the Internet is often time one of the first test being done, this is to validate perimeter security. By performing tests remotely, the ethical hacking firm emulates the hacker's approach more realistically. Ethical hacking should not involve writing to or modifying the target systems negatively. Even though ethical hacking should not involve negligence in writing to or modifying the target systems or reducing its response time, comprehensive penetration testing has to be performed using the most complete tools available just like a real cracker would. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Appendix F: The Case for Ethical Hacking (page 520). NEXT QUESTION

At which temperature does damage start occurring to magnetic media? A. 100 degrees Fahrenheit or 37'7o Celsius B. 125 degrees Fahrenheit or 51.66 Celsius g C. 150 degrees Fahrenheit or 65,5o Celsius D. 175 degrees Fahrenheit or 79,4o Celsius

Answer : A Explanation: Magnetic media are affected from 100 degrees Fahrenheit or 37'7 Celsius. Disks are damaged at 150 degrees Fahrenheit or 65,5 Celsius Computer equipment at 175 degrees Fahrenheit or 79,4 Celsius, and Paper products at 350 degrees Fahrenheit or 176.66 Celsius. Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 10. NEXT QUESTION

Which of the following are the three classifications of RAID identified by the RAID Advisory Board? A. Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. B. Foreign Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. C. Failure Resistant Disk Systems (FRDSs), File Transfer Disk Systems, and Disaster Tolerant Disk Systems. D. Federal Resistant Disk Systems (FRDSs), Fault Tolerant Disk Systems, and Disaster Tolerant Disk Systems.

Answer : A Explanation: The RAID Advisory Board has defined three classifications of RAID: Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. NEXT QUESTION

A server cluster looks like a: A. single server from the user's point of view. B. dual server from the user's point of view. C. triple server from the user's point of view. D. quardle server from the user's point of view.

Answer : A Explanation: The cluster looks like a single server from the user's point of view. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67. NEXT QUESTION

A momentary high voltage is a: A. spike B. blackout C. surge D. fault

Answer : A Explanation: Too much voltage for a short period of time is a spike. Too much voltage for a long period of time is a surge. Not enough voltage for a short period of time is a sag or dip Not enough voltage for a long period of time is brownout A short power interruption is a fault A long power interruption is a blackout You MUST know all of the power issues above for the purpose of the exam. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, page 368. NEXT QUESTION

Which of the following is NOT a technique used to perform a penetration test? A. traffic padding B. scanning and probing C. war dialing D. sniffing

Answer : A Explanation: Traffic padding is a countermeasure to traffic analysis. Even if perfect cryptographic routines are used, the attacker can gain knowledge of the amount of traffic that was generated. The attacker might not know what Alice and Bob were talking about, but can know that they were talking and how much they talked. In certain circumstances this can be very bad. Consider for example when a military is organising a secret attack against another nation: it may suffice to alert the other nation for them to know merely that there is a lot of secret activity going on. As another example, when encrypting Voice Over IP streams that use variable bit rate encoding, the number of bits per unit of time is not obscured, and this can be exploited to guess spoken phrases. Padding messages is a way to make it harder to do traffic analysis. Normally, a number of random bits are appended to the end of the message with an indication at the end how much this random data is. The randomness should have a minimum value of 0, a maximum number of N and an even distribution between the two extremes. Note, that increasing 0 does not help, only increasing N helps, though that also means that a lower percentage of the channel will be used to transmit real data. Also note, that since the cryptographic routine is assumed to be uncrackable (otherwise the padding length itself is crackable), it does not help to put the padding anywhere else, e.g. at the beginning, in the middle, or in a sporadic manner. The other answers are all techniques used to do Penetration Testing. References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 233, 238. and https://secure.wikimedia.org/wikipedia/en/wiki/Padding_%28cryptography%29#Traffic_anal ysis NEXT QUESTION

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? A. Degaussing B. Parity Bit Manipulation C. Zeroization D. Buffer overflow

Answer : A Explanation: A "Degausser (Otherwise known as a Bulk Eraser) has the main function of reducing to near zero the magnetic flux stored in the magnetized medium. Flux density is measured in Gauss or Tesla. The operation is speedier than overwriting and done in one short operation. This is achieved by subjecting the subject in bulk to a series of fields of alternating polarity and gradually decreasing strength. The following answers are incorrect:Parity Bit Manipulation. Parity has to do with disk lerror detection, not data removal. A bit or series of bits appended to a character or block of characters to ensure that the information received is the same as the infromation that was sent. Zeroization. Zeroization involves overwrting data to sanitize it. It is time-consuming and not foolproof. The potential of restoration of data does exist with this method. Buffer overflow. This is a detractor. Although many Operating Systems use a disk buffer to temporarily hold data read from disk, its primary purpose has no connection to data removal. An overflow goes outside the constraints defined for the buffer and is a method used by an attacker to attempt access to a system. The following reference(s) were/was used to create this question: Shon Harris AIO v3. pg 908 Reference: What is degaussing. NEXT QUESTION

Which of the following backup method must be made regardless of whether Differential or Incremental methods are used? A. Full Backup Method. B. Incremental backup method. C. Supplemental backup method. D. Tape backup method.

Answer : A Explanation: A Full Backup must be made regardless of whether Differential or Incremental methods are used. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (pages 617-619). NEXT QUESTION

Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.

Answer : A Explanation: A photoelectric sensor does not "directly" sense motion there is a narrow beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, along with dry contact switches, are a type of perimeter intrusion detector. All of the other answers are valid types of motion detectors types. The content below on the different types of sensors is from Wikepedia: Indoor Sensors These types of sensors are designed for indoor use. Outdoor use would not be advised due to false alarm vulnerability and weather durability. Passive infrared detectors Passive Infrared Sensor The passive infrared detector (PIR) is one of the most common detectors found in household and small business environments because it o ers a ordable and reliable functionality. The term passive means the detector is able to function without the need to generate and radiate its own energy (unlike ultrasonic and microwave volumetric intrusion detectors that are active in operation). PIRs are able to distinguish if an infrared emitting object is present by rst learning the ambient temperature of the monitored space and then detecting a change in the temperature caused by the presence of an object. Using the principle of di erentiation, which is a check of presence or nonpresence, PIRs verify if an intruder or object is actually there. Creating individual zones of detection where each zone comprises one or more layers can achieve di erentiation. Between the zones there are areas of no sensitivity (dead zones) that are used by the sensor for comparison. Ultrasonic detectors Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic sound waves that are inaudible to humans. The Doppler shift principle is the underlying method of operation, in which a change in frequency is detected due to object motion. This is caused when a moving object changes the frequency of sound waves around it. Two conditions must occur to successfully detect a Doppler shift event: There must be motion of an object either towards or away from the receiver. The motion of the object must cause a change in the ultrasonic frequency to the receiver relative to the transmitting frequency. The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the area to be protected. The sound waves are re ected by solid objects (such as the surrounding oor, walls and ceiling) and then detected by the receiver. Because ultrasonic waves are transmitted through air, then hard- surfaced objects tend to re ect most of the ultrasonic energy, while soft surfaces tend to absorb most energy. When the surfaces are stationary, the frequency of the waves detected by the receiver will be equal to the transmitted frequency. However, a change in frequency will occur as a result of the Doppler principle, when a person or object is moving towards or Question from 729 ( Topic 5) detector. Such an event initiates an alarm signal. This techno away the What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire and the appropriate headquarters? NEXT station QUESTION A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm }{ Answer : D Explanation: Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm Boxes are installed at your business or building, they are wired directly into the fire station. Central station alarms are operated by private security organizations. It is very similar to a proprietary alarm system (see below). However, the biggest difference is the monitoring and receiving of alarm is done off site at a central location manned by non staff members. It is a third party. Proprietary alarms are similar to central stations alarms except that monitoring is performed directly on the protected property. This type of alarm is usually use to protect large industrials or commercial buildings. Each of the buildings in the same vincinity has their own alarm system, they are all wired together at a central location within one of the building acting as a common receiving point. This point is usually far away from the other building so it is not under the same danger. It is usually man 24 hours a day by a trained team who knows how to react under different conditions. A remote station alarm is a direct connection between the signal-initiating device at the protected property and the signal-receiving device located at a remote station, such as the fire station or usually a monitoring service. This is the most popular type of implementation and the owner of the premise must pay a monthly monitoring fee. This is what most people use in their home where they get a company like ADT to receive the alarms on their behalf. A remote system differs from an auxiliary system in that it does not use the municipal fire of police alarm circuits. Reference(s) used for this question: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211). and Great presentation J.T.A. Stone on SlideShare NEXT QUESTION

A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge g D. fault

Answer : A Explanation: A prolonged power supply that is below normal voltage is a brownout. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, page 368. NEXT QUESTION

In what way can violation clipping levels assist in violation tracking and analysis? A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

Answer : A Explanation: Companies can set predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised. This baseline is referred to as a clipping level. The following are incorrect answers: Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. This is not the best answer, you would not record ONLY security relevant violations, all violations would be recorded as well as all actions performed by authorized users which may not trigger a violation. This could allow you to indentify abnormal activities or fraud after the fact. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. It could record all security violations whether the user is a normal user or a privileged user. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations. The keyword "ALL" makes this question wrong. It may detect SOME but not all of violations. For example, application level attacks may not be detected. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1239). McGraw- Hill. Kindle Edition. and TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is best described as: A. Ownership B. Protecting specific areas with different measures C. Localized emissions D. Compromise of the perimeter

Answer : A Explanation: Crime prevention through Environmental Design (CPTED) is a concept that encourages individuals to feel ownership and respect for the territory they consider occupy. By encouraging the use of physical attributes that express ownership, the individual is more apt to protect and be aware in that environment The three main components of CPTED are: 1) natural access control - the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping 2) natural surveillance - the goal is make criminals feel uncomfortable by providing many ways observers could potentially see them 3) natural territorial reinforcement - creates physical designs that emphasize or extend the company's physical sphere of influence so users feel a sense of ownership of that space. The following answers are incorrect: Localized emissions is incorrect because it was a made up answer. Compromise of the perimeter is incorrect because territoriality is meant to protect the perimeter and the territory, not compromise it. Protecting specific areas with different measures is incorrect. Compartmentalized Areas would require specific protection to prevent intrusion. Territoriality deals with the protection of the entire facility and a sense of ownership, not the protection of a specific area only. The following reference(s) were/was used to create this question: ISC2 Official Guide to the CiSSP exam, p455, Shon Harris, All in One Exam Guide, p344- and AIO Version 5 (Shon Harris) page 411-412 NEXT QUESTION

Which of the following answers presents the MOST significant threat to network based IDS or IPS systems? A. Encrypted Traffic B. Complex IDS/IPS Signature Syntax C. Digitally Signed Network Packets D. Segregated VLANs

Answer : A Explanation: Discussion: Encrypted network packets present the biggest threat to an effective IDS/IPS plan because the network cannot easily (Or quickly) be decoded and examined. Encrypted packets can't be examined by the IDS to determine if there is a threat there so in most cases the traffic is just forwarded along with the potential threat. There is an industry where a company provides examination services for your network traffic, acting like a proxy server for all your network traffic. You simply send them copies of your certificates so they can decode the traffic. This is common in the financial industry where violating federal law or being sued by federal investigators for insider trading can lead to business collapse. The external company examines all the network traffic coming and going from your network for potential liabilities. The following answers are incorrect: - Complex IDS/IPS Signature syntax: IDS/IPS signatures can be complex but this isn't the MOST significant threat to the functionality of an IDS/IPS system. - Digitally Signed Network Packets: This is an incorrect answer because it isn't a threat to IDS/IPS systems looking for dangerous network traffic. Foremost because we don't commonly digitally sign each network packet we send. - Segregated VLANs: This is not a correct answer but VLANs can present barriers to IDS/IPS systems spotting dangerous traffic. There is an easy solution to VLANs and IDS/IPS systems and that would be simply placing an IDS/IPS sensor on that VLAN and set it up to send its traffic to the IDS/IPS management system. The following reference(s) was used to create this question: Gregg, Michael; Haines, Billy (2012-02-16). CASP: CompTIA Advanced Security Practitioner Study Guide Authorized Courseware: Exam CAS-001 (Pg. 138) Wiley. Kindle Edition. NEXT QUESTION

Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B2 B. B1 C. A1 D. A2

Answer : A Explanation: For the purpose of the exam you must know what is being introduced at each of the TCSEC rating. There is a fantastic one page guide that shows clearly what is being introduced at each of the layers. You can download a copy of the guide at: https://www.freepracticetests.org/documents/tcsec.pdf You can also download a nice document that covers the modes of operations at: https://www.freepracticetests.org/documents/modesofoperation.pdf References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 220. and http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (paragraph 3.2) NEXT QUESTION

This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): A. Hierarchical Storage Management (HSM). B. Hierarchical Resource Management (HRM). C. Hierarchical Access Management (HAM). D. Hierarchical Instance Management (HIM).

Answer : A Explanation: Hierarchical Storage Management (HSM) provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71. NEXT QUESTION

Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? A. White-Box Penetration Testing B. Black-Box Pen Testing C. Penetration Testing D. Gray-Box Pen Testing

Answer : A Explanation: In general there are three ways a pen tester can test a target system. - White-Box: The tester has full access and is testing from inside the system. - Gray- Box: The tester has some knowledge of the system he's testing. - Black-Box: The tester has no knowledge of the system. Each of these forms of testing has different benefits and can test different aspects of the system from different approaches. The following answers are incorrect: - Black-Box Pen Testing: This is where no prior knowledge is given about the target network. Only a domain name or business name may be given to the analyst. - Penetration Testing: This is half correct but more specifically it is white-box testing because the tester has full access. - Gray-Box Pen Testing: This answer is not right because Gray-Box testing you are given a little information about the target network. The following reference(s) was used to create this question: 2013. Official Security+ Curriculum. and tester is provided no information about the targets network or environment. The tester is simply left to his abilities Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 4742-4743). Auerbach Publications. Kindle Edition. NEXT QUESTION

Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system's life cycle? A. life cycle assurance y B. operational assurance C. covert timing assurance D. covert storage assurance

Answer : A Explanation: Life-cycle Assurance - Requirements specified in the Orange Book are: security testing, design specification and testing, configuration management, and trusted distribution. Operational Assurance - Concentrates on the product's architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 219. Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide 3rd Edition, McGraw- Hill/Osborne, 2005 (pages 904, 961). NEXT QUESTION

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation? A. Due care B. Due concern C. Due diligence D. Due practice

Answer : A Explanation: My friend JD Murray at Techexams.net has a nice definition of both, see his explanation below: Oh, I hate these two. It's like describing the difference between "jealously" and "envy." Kinda the same thing but not exactly. Here it goes: Due diligence is performing reasonable examination and research before committing to a course of action. Basically, "look before you leap." In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be "haphazard" or "not doing your homework." Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence." In summary, Due Diligence is Identifying threats and risks while Due Care is Acting upon findings to mitigate risks EXAM TIP: The Due Diligence refers to the steps taken to identify risks that exists within the environment. This is base on best practices, standards such as ISO 27001, ISO 17799, and other consensus. The first letter of the word Due and the word Diligence should remind you of this. The two letters are DD = Do Detect. In the case of due care, it is the actions that you have taken (implementing, designing, enforcing, updating) to reduce the risks identified and keep them at an acceptable level. The same apply here, the first letters of the work Due and the work Care are DC. Which should remind you that DC = Do correct. The other answers are only detractors and not valid. Reference(s) used for this question: CISSP Study Guide, Syngress, By Eric Conrad, Page 419 HARRIS, Shon, All-In-One CISSP Certification Exam Guide Fifth Edition, McGraw-Hill, Page 49 and 110. and Corporate; (Isc) (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press) (Kindle Locations 11494-11504). Taylor & Francis. Kindle Edition. and My friend JD Murray at Techexams.net NEXT QUESTION

Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the: A. Operations Security Domain. B. Operations Security Domain Analysis. C. Telecommunications and Network Security Domain. D. Business Continuity Planning and Disater Recovery Planning.

Answer : A Explanation: Physically securing the tapes from unauthorized access is obviously a security concern and is considered a function of the Operations Security Domain. p y y g p y y p y Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 71. NEXT QUESTION

RAID Level 1 is commonly called which of the following? A. mirroring B. striping C. clustering D. hamming

Answer : A Explanation: RAID Level 1 is commonly called mirroring. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. NEXT QUESTION

RAID levels 3 and 5 run: A. faster on hardware. B. slower on hardware. C. faster on software. D. at the same speed on software and hardware.

Answer : A Explanation: RAID levels 3 and 5 run faster on hardware. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 67. NEXT QUESTION

Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program. The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities. In regards to storage technology, what is the most suitable configuration for the server hard drives? A. Single hard disk (no RAID) B. RAID 0 C. RAID 1 D. RAID 10

Answer : A Explanation: Single hard disk does provide low cost requirement and no high availability but doesn't provide high performance RAID 1 (mirroring) provides the exact opposite of the needs : low performance, high cost and high availability RAID 10 provides performance but it is an expensive solution with high availability capacities The following reference(s) were/was used to create this question: Shon Harris, AIO 5th, Operations Security, Page 1086 NEXT QUESTION

Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access

Answer : A Explanation: The Answer: The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity. The following answers are incorrect: The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart lock, mantrap, etc. The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized physical access attempts and may deter social engineering attempts. The following reference(s) were/was used to create this question: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 339). Source: ISC2 Offical Guide to the CBK page 288-289. NEXT QUESTION

Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. differential backup method. p B. full backup method. C. incremental backup method. D. tape backup method.

Answer : A Explanation: The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup. Archive Bits Unless you've done a lot of backups in your time you've probably never heard of an Archive Bit. An archive bit is, essentially, a tag that is attached to every file. In actuality, it is a binary digit that is set on or off in the file, but that's crummy technical jargon that doesn't really tell us anything. For the sake of our discussion, just think of it as the flag on a mail box. If the flag is up, it means the file has been changed. If it's down, then the file is unchanged. Archive bits let the backup software know what needs to be backed up. The differential and incremental backup types rely on the archive bit to direct them. Backup Types Full or Normal The "Full" or "normal" backup type is the most standard. This is the backup type that you would use if you wanted to backup every file in a given folder or drive. It backs up everything you direct it to regardless of what the archive bit says. It also resets all archive bits (puts the flags down). Most backup software, including the built-in Windows backup software, lets you select down to the individual file that you want backed up. You can also choose to backup things like the "system state". Incremental When you schedule an incremental backup, you are in essence instructing the software to only backup files that have been changed, or files that have their flag up. After the incremental backup of that file has occured, that flag will go back down. If you perform a normal backup on Monday, then an incremental backup on Wednesday, the only files that will be backed up are those that have changed since Monday. If on Thursday someone deletes a file by accident, in order to get it back you will have to restore the full backup from Monday, followed by the Incremental backup from Wednesday. Differential Differential backups are similar to incremental backups in that they only backup files with their archive bit, or flag, up. However, when a differential backup occurs it does not reset those archive bits which means, if the following day, another differential backup occurs, it will back up that file again regardless of whether that file has been changed or not. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (pages 617-619). And: http://www.brighthub.com/computing/windows-platform/articles/24531.aspx NEXT QUESTION

Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

Answer : A Explanation: The Full Backup Method makes a complete backup of every file on the server every time it is run. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. NEXT QUESTION

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? A. clipping level B. acceptance level C. forgiveness level D. logging level

Answer : A Explanation: The correct answer is "clipping level". This is the point at which a system decides to take some sort of action when an action repeats a preset number of times. That action may be to log the activity, lock a user account, temporarily close a port, etc. Example: The most classic example of a clipping level is failed login attempts. If you have a system configured to lock a user's account after three failed login attemts, that is the "clipping level". The other answers are not correct because: Acceptance level, forgiveness level, and logging level are nonsensical terms that do not exist (to my knowledge) within network security. Reference: Official ISC2 Guide - The term "clipping level" is not in the glossary or index of that book. I cannot find it in the text either. However, I'm quite certain that it would be considered part of the CBK, despite its exclusion from the Official Guide. All in One Third Edition page: 136 - 137 NEXT QUESTION

An incremental backup process A. Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. B. Backs up the files that been modified since the last full backup. It does not change the archive bit value. C. Backs up all the data and changes the archive bit to 0. D. Backs up all the data and changes the archive bit to 1.

Answer : A Explanation: The following answers are incorrect: "Backs up the files that been modified since the last full backup. It does not change the archive bit value." This is incorrect because this describes the differential backup process. "Backs up all the data and changes the archive bit to 0." This is incorrect because this describes the full backup process. Backs up all the data and changes the archive bit to 1. This is incorrect because this describes neither the full backup process, differential backup process, or the incremental backup process. The following reference(s) were/was used to create this question: All-in-One CISSP Exam Guide Fourth Edition by Shon Harris pages 801-802 NEXT QUESTION

Which of the following is true related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.

Answer : A Explanation: The following answers are incorrect: Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. IP Spoofing is a network- based attack, which involves altering the source address of a computer to disguise the attacker and exploit weak authentication methods. Sniffers take over network connections. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login. Sniffers send IP fragments to a system that overlap with each other. Malformed Packet attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets. The following reference(s) were/was used to create this question: Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach, NY, NY 2001, Chapter 22, Hacker Tools and Techniques by Ed Skoudis. ISC2 OIG, 2007 p. 137-138, 419 NEXT QUESTION

Which backup method usually resets the archive bit on the files after they have been backed up? A. Incremental backup method. B. Differential backup method. C. Partial backup method. D. Tape backup method.

Answer : A Explanation: The incremental backup method usually resets the archive bit on the files after they have been backed up. An Incremental Backup will backup all the files that have changed since the last Full Backup (the first time it is run after a full backup was previously completed) or after an Incremental Backup (for the second backup and subsequent backups) and sets the archive bit to 0. This type of backup take less time during the backup phase but it will take more time to restore. The other answers are all incorrect choices. The following backup types also exists: Full Backup - All data are backed up. The archive bit is cleared, which means that it is set to 0. Differential Backup - Backup the files that have been modified since the last Full Backup. The archive bit does not change. Take more time while the backup phase is performed and take less time to restore. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69. NEXT QUESTION

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes

Answer : A Explanation: The questions specifically said: "within a different function" which eliminate Job Rotation as a choice. Management monitoring of audit logs is a detective control and it would not prevent collusion. Changing passwords regularly would not prevent such attack. This question validates if you understand the concept of separation of duties and least privilege. By having operators that have only the minimum access level they need and only what they need to do their duties within a company, the operations personnel would be force to use collusion to defeat those security mechanism. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Which of the following is often implemented by a one-for-one disk to disk ratio? A. RAID Level 1 B. RAID Level 0 C. RAID Level 2 D. RAID Level 5

Answer : A Explanation: This is often implemented by a one-for-one disk-to-disk ratio. RAID Level 2 provides redundancy by writing all data to two or more drives set. The performance of a level 1 array tends to be faster on reads and slower on writes compared to a single drive, but if either of the drive sets fails, no data is lost. This is a good entry-level redundant system, since only two drives are required as a minimum; however, since one drive is used to store a duplicate of the data, the cost per megabyte is high. This level is commonly referred to as mirroring. Please visit http://www.sohoconsult.ch/raid/raid1.html for a nice overview of RAID Levels. For the purpose of the exam you must be familiar with RAID 0 to 5, 10, and 50. References: http://www.sohoconsult.ch/raid/raid1.html and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. NEXT QUESTION

Which of the following answers is directly related to providing High Availability to your users? A. Backup data circuits B. Good hiring practices C. Updated Antivirus Software D. Senior Executive Support

Answer : A Explanation: When planning for high availability, any critical component of your data network should have some sort of redundancy or backup plan in case it does fail. Usually this involves things like backup data circuits, fault tolerant systems and otherwise redundant technology across the board. This can include items like these: - RAID array disks on servers so that if any single drive fails the server remains available. - Backup network connections. Many internet services providers provide these for a fee. - Backup power for all systems and circuits. - Fire suppression and evacuation plans. - A data backup practice to backup and restore data while storing backups offsite in a safe, remote location. Also critical to high availability is a well-planned and tested disaster recovery plan. You can either develop one, find one free online or pay a contract agency to develop one for you. The lines get a little blurry between fault tolerance and high availability because one is the direct result of the other but the questions on the exam should be pretty clear. The following answers are incorrect: - Good hiring practices: High Availability doesn't really involve good hiring practices but when you higher good technicians you availability would definitely improve. - Updated Antivirus Software: This isn't directly related to high availability, although it's a critical part of defense in depth. - Senior Executive Support: While this is important for funding equipment for high availability it isn't directly related to providing the high availability. The following reference(s) was used to create this question: 2013. Official Security+ Curriculum. NEXT QUESTION

Which of the following is NOT a proper component of Media Viability Controls? A. Storage B. Writing C. Handling D. Marking

Answer : B Explanation: Media Viability Controls include marking, handling and storage. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 231. NEXT QUESTION

What can be defined as a momentary low voltage? A. Spike p B. Sag C. Fault D. Brownout

Answer : B Explanation: A sag is a momentary low voltage. A spike is a momentary high voltage. A fault is a momentary power out and a brownout is a prolonged power supply that is below normal voltage. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 6: Physical security (page 299). NEXT QUESTION

Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. A passive system sensing device B. A transponder C. A card swipe D. A magnetic card

Answer : B Explanation: A transponder is a proximity identification device that does not require action by the user. The reader transmits signals to the device and the device responds with an access code. These transponder devices contain a radio receiver and transmitter, a storage place for the access code, control logic, and a battery. A passive device only uses the power from the reader to detect the presence of the card. Card swipes and smart cards are not proximity identification devices. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 6: Physical Security (page 323). NEXT QUESTION

How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.

Answer : B Explanation: Access controls are meant to protect facilities and computers as well as people. In some situations, the objectives of physical access controls and the protection of people's lives may come into conflict. In theses situations, a person's life always takes precedence. Many physical security controls make entry into and out of a facility hard, if not impossible. However, special consideration needs to be taken when this could affect lives. In an information processing facility, different types of locks can be used and piggybacking should be prevented, but the issue here with automatic locks is that they can either be configured as fail-safe or fail-secure. Since there should only be one access door to an information processing facility, the automatic lock to the only door to a man-operated room must be configured to allow people out in case of emergency, hence to be fail-safe (sometimes called fail-open), meaning that upon fire alarm activation or electric power failure, the locking device unlocks. This is because the solenoid that maintains power to the lock to keep it in a locked state fails and thus opens or unlocks the electronic lock. Fail Secure works just the other way. The lock device is in a locked or secure state with no power applied. Upon authorized entry, a solinoid unlocks the lock temporarily. Thus in a Fail Secure lock, loss of power of fire alarm activation causes the lock to remain in a secure mode. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 451). McGraw- Hill. Kindle Edition. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 20249-20251). Auerbach Publications. Kindle Edition. NEXT QUESTION

Degaussing is used to clear data from all of the following medias except: A. Floppy Disks B. Read-Only Media C. Video Tapes D. Magnetic Hard Disks

Answer : B Explanation: Atoms and Data Shon Harris says: "A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes" The latest ISC2 book says: "Degaussing can also be a form of media destruction. High-power degaussers are so strong in some cases that they can literally bend and warp the platters in a hard drive. Shredding and burning are effective destruction methods for non-rigid magnetic media. Indeed, some shredders are capable of shredding some rigid media such as an optical disk. This may be an effective alternative for any optical media containing nonsensitive information due to the residue size remaining after feeding the disk into the machine. However, the residue size might be too large for media containing sensitive information. Alternatively, grinding and pulverizing are acceptable choices for rigid and solid-state media. Specialized devices are available for grinding the face of optical media that either sufficiently scratches the surface to render the media unreadable or actually grinds off the data layer of the disk. Several services also exist which will collect drives, destroy them on site if requested and provide certification of completion. It will be the responsibility of the security professional to help, select, and maintain the most appropriate solutions for media cleansing and disposal." Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal (from the "all about degaussers link below). Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, "read-only media" includes items such as paper printouts and CD-ROM wich do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them. Not all clearing/ purging methods are applicable to all media for example, optical media is not susceptible to degaussing, and overwriting g p g g pp p , p p g g, g may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards. I will admit that this is a bit of a trick question. Determining the difference between "read- only media" and "read-only memory" is difficult for the question taker. However, I believe it is representative of the type of question you might one day see on an exam. The other answers are incorrect because: Floppy Disks, Magnetic Tapes, an NEXT QUESTION

Which of the following questions are least likely to help in assessing controls covering audit trails? A. Does the audit trail provide a trace of user actions? B. Are incidents monitored and tracked until resolved? C. Is access to online logs strictly controlled? D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Answer : B Explanation: Audit trails maintain a record of system activity by system or application processes and by user activity. In conjunction with appropriate tools and procedures, audit trails can provide individual accountability, a means to reconstruct events, detect intrusions, and identify problems. Audit trail controls are considered technical controls. Monitoring and tracking of incidents is more an operational control related to incident response capability. Reference(s) used for this question: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-50 to A- 51). NOTE: NIST SP 800-26 has been superceded By: FIPS 200, SP 800-53, SP 800-53A You can find the new replacement at: http://csrc.nist.gov/publications/PubsSPs.html However, if you really wish to see the old standard, it is listed as an archived document at: http://csrc.nist.gov/publications/PubsSPArch.html NEXT QUESTION

Which of the following effectively doubles the amount of hard drives needed but also provides redundancy? A. RAID Level 0 B. RAID Level 1 C. RAID Level 2 D. RAID Level 5

Answer : B Explanation: RAID Level 1 :- This level effectively doubles the amount of hard drives you need, therefore it is usually best for smaller capacity systems. See the following link for some nice animated graphics showing each of the RAID levels: http://www.acnc.com/raid Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65. and http://www.acnc.com/raid NEXT QUESTION

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices p D. Audio detectors

Answer : B Explanation: Capacitance detectors monitor an electrical field surrounding the object being monitored. They are used for spot protection within a few inches of the object, rather than for overall room security monitoring used by wave detectors. Penetration of this field changes the electrical capacitance of the field enough to generate and alarm. Wave pattern motion detectors generate a frequency wave pattern and send an alarm if the pattern is disturbed as it is reflected back to its receiver. Field-powered devices are a type of personnel access control devices. Audio detectors simply monitor a room for any abnormal sound wave generation and trigger an alarm. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 344). NEXT QUESTION

The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is not one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks

Answer : B Explanation: Countermeasures are used to mitigate the risks, threats, and vulnerabilities and are not areas that are protected. Security is very important to organizations p g , , p y y p g and their infrastructures, and physical security is no exception. Physical security encompasses a different set of threats, vulnerabilities, and risks than the other types of security that have been addressed so far. Physical security mechanisms include site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, and power andfire protection. Physical security mechanisms protect people, data, equipment, systems, facilities, and a long list of company assets. NEXT QUESTION

Which of the following are NOT a countermeasure to traffic analysis? A. Padding messages. B. Eavesdropping. C. Sending noise. D. Faraday Cage

Answer : B Explanation: Eavesdropping is not a countermeasure, it is a type of attack where you are collecting traffic and attempting to see what is being send between entities communicating with each other. The following answers are incorrect: Padding Messages. Is incorrect because it is considered a countermeasure you make messages uniform size, padding can be used to counter this kind of attack, in which decoy traffic is sent out over the network to disguise patterns and make it more difficult to uncover patterns. Sending Noise. Is incorrect because it is considered a countermeasure, tansmitting non- informational data elements to disguise real data. Faraday Cage Is incorrect because it is a tool used to prevent emanation of electromagnetic waves. It is a very effective tool to prevent traffic analysis. NEXT QUESTION

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. Detective Controls B. Preventative Controls C. Corrective Controls D. Directive Controls

Answer : B Explanation: In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217. NEXT QUESTION

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security? A. Administrative control mechanisms B. Integrity control mechanisms C. Technical control mechanisms D. Physical control mechanisms

Answer : B Explanation: Integrity Controls Mechanisms are not part of physical security. All of the other detractors were correct this one was the wrong one that does not belong to Physical Security. Below you have more details extracted from the SearchSecurity web site: Information security depends on the security and management of the physical space in which computer systems operate. Domain 9 of the CISSP exam's Common Body of Knowledge addresses the challenges of securing the physical space, its systems and the people who work within it by use of administrative, technical and physical controls. The following topics are covered: Facilities management: The administrative processes that govern the maintenance and protection of the physical operations space, from site selection through emergency response. Risks, issues and protection strategies: Risk identification and the selection of security protection components. Perimeter security: Typical physical protection controls. Facilities management Facilities management is a complex component of corporate security that ranges from the planning of a secure physical site to the management of the physical information system environment. Facilities management responsibilities include site selection and physical security planning (i.e. facility construction, design and layout, fire and water damage protection, antitheft mechanisms, intrusion detection and security procedures.) Protections must extend to both people and assets. The necessary level of protection depends on the value of the assets and data. CISSP candidates must learn the concept of critical-path analysis as a means of determining a component's business function criticality relative to the cost of operation and replacement. Furthermore, students need to gain an understanding of the optimal location and physical attributes of a secure facility. Among the topics covered in this domain are site inspection, location, accessibility and obscurity, considering the area crime rate, and the likelihood of natural hazards such as floods or earthquakes. This domain also covers the quality of construction material, such as its protective qualities and load capabilities, as well as how to lay out the structure to minimize risk of forcible entry and accidental damage. Regulatory compliance is also touched on, as is preferred proximity to civil protection services, such as fire and police stations. Attention is given to computer and equipment rooms, including their location, configuration (entrance/egress requirements) and their proximity to wiring distribution centers at the site. Physical risks, issues and protection strategies An overview of physical security risks includes risk of theft, service interruption, physical damage, compromised system integrity and unauthorized disclosure of information. Interruptions to business can manifest due to loss of power, services, telecommunications connectivity and water supply. These can also seriously compromise electronic s NEXT QUESTION

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. Key escrow B. Rotation of duties C. Principle of need-to-know D. Principle of least privilege

Answer : B Explanation: Job rotations reduce the risk of collusion of activities between individuals. Companies with individuals working with sensitive information or systems where there might be the opportunity for personal gain through collusion can benefit by integrating job rotation with segregation of duties. Rotating the position may uncover activities that the individual is performing outside of the normal operating procedures, highlighting errors or fraudulent behavior. Rotation of duties is a method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task. The following are incorrect answers: Key escrow is related to the protection of keys in storage by splitting the key in pieces that will be controlled by different departments. Key escrow is the process of ensuring a third party maintains a copy of a private key or key needed to decrypt information. Key escrow also should be considered mandatory for most organizations use of cryptography as encrypted information belongs to the organization and not the individual; however often an individuals key is used to encrypt the information. Separation of duties is a basic control that prevents or detects errors and irregularities by assigning responsibility for different parts of critical tasks to separate individuals, thus limiting the effect a single person can have on a system. One individual should not have the capability to execute all of the steps of a particular process. This is especially important in critical business areas, where individuals may have greater access and capability to modify, delete, or add data to the system. Failure to separate duties could result in individuals embezzling money from the company without the involvement of others. The need-to-know principle specifies that a person must not only be cleared to access classified or other sensitive information, but have requirement for such information to carry out assigned job duties. Ordinary or limited user accounts are what most users are assigned. They should be restricted only to those privileges that are strictly required, following the principle of least privilege. Access should be limited to specific objects following the principle of need-to-know. The principle of least privilege requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. Least privilege refers to granting users only the accesses that are required to perform their job functions. Some employees will require greater access than others based upon their job functions. For example, an individual performing data entry on a mainframe system may have no need for Internet access or the ability to run reports regarding the information that they are entering into the system. Conversely, a supervisor may have the need to run reports, but sho NEXT QUESTION

Which of the following is not appropriate in addressing object reuse? A. Degaussing magnetic tapes when they're no longer needed. B. Deleting files on disk before reusing the space. C. Clearing memory blocks before they are allocated to a program or data. D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

Answer : B Explanation: Object reuse requirements, applying to systems rated TCSEC C2 and above, are used to protect files, memory, and other objects in a trusted system from being accidentally accessed by users who are not authorized to access them. Deleting files on disk merely erases file headers in a directory structure. It does not clear data from the disk surface, thus making files still recoverable. All other options involve clearing used space, preventing any unauthorized access. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (page 119). NEXT QUESTION

Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of: A. Deterrent controls B. Output controls C. Information flow controls D. Asset controls

Answer : B Explanation: Output controls are used for two things: for verifying the integrity and protecting the confidentiality of an output. These are examples of proper output controls. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 6: Operations Security (page 218). NEXT QUESTION

Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?

Answer : B Explanation: Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical access controls except for the one regarding operating system configuration, which is a logical access control. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24). NEXT QUESTION

Which of the following type of lock uses a numeric keypad or dial to gain entry? A. Bolting door locks B. Cipher lock C. Electronic door lock D. Biometric door lock

Answer : B Explanation: The combination door lock or cipher lock uses a numeric key pad, push button, or dial to gain entry, it is often seen at airport gate entry doors and smaller server rooms. The combination should be changed at regular interval or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces risk of the combination being known by unauthorized people. A cipher lock, is controlled by a mechanical key pad, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry. The drawback is someone looking over a shoulder can see the combination. However, an electric version of the cipher lock is in production in which a display screen will automatically move the numbers around, so if someone is trying to watch the movement on the screen they will not be able to identify the number indicated unless they are standing directly behind the victim. Remember locking devices are only as good as the wall or door that they are mounted in and if the frame of the door or the door itself can be easily destroyed then the lock will not be effective. A lock will eventually be defeated and its primary purpose is to delay the attacker. For your exam you should know below types of lock Bolting door lock These locks required the traditional metal key to gain entry. The key should be stamped do not duplicate and should be stored and issued under strict management control. Biometric door lock An individual's unique physical attribute such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when sensitive facilities must be protected such as in the military. Electronic door lock This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism. The following were incorrect answers: Bolting door lock These locks required the traditional metal key to gain entry. The key should be stamped do not duplicate and should be stored and issued under strict management control. Biometric door lock An individual's unique body features such as voice, retina, fingerprint,, hand geometry or signature, activate these locks. This system is used in instances when extremely sensitive facilities must be protected such as in the military. Electronic door lock This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism. Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 376 and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25144-25150). Auerbach Public NEXT QUESTION

When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.

Answer : B Explanation: The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing, and destruction. There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS. Reference(s) use for this question: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (page 26). and A guide to understanding Data Remanence in Automated Information Systems NEXT QUESTION

Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations? A. Restrict access to main air intake points to persons who have a work-related reason to be there B. Maintain access rosters of maintenance personnel who are not authorized to work on the system C. Escort all contractors with access to the system while on site D. Ensure that all air intake points are adequately secured with locking devices

Answer : B Explanation: This is a DETAIL oriented question. While you may not know the answer to such questions, look for things that just do not seem logical. As far as the exam is concerned, there will be negative questions, most people will trip and miss the NOT keyword because they are reading too fast. In this case, by changing just a few key words, a correct answer becomes a wrong one. The book has "Maintain access rosters of pre-approved maintenance personnel authorized to work on the system" While you can theoretically keep rosters of people you don't want to work on the system, this not not really practical. A much better approach is to keep a list of those who ARE approved. HVAC is commonly overlooked from a physical security standpoint. From the ISC2 guide "Over the past several years there has been an increasing awareness dealing with anthrax and airborne attacks. Harmful agents introduced into the HVAC systems can rapidly spread throughout the structure and infect all persons exposed to the circulated air." On a practical real world note; for those who work in smaller shops without a dedicated maintenance team, where you have to outsource. It would be wise to make sure that NO ONE has access other than when you call them for service. If a maintenance technician shows up on your doorstep wanting access so they can service the equipment, CALL your vendors MAIN line using the number that YOU have and verify that they sent someone out. Don't take the technicians word for it, or you may just become a victim of social engineering. The following answers are incorrect: Restrict access to main air intake points to persons who have a work-related reason to be there Escort all contractors with access to the system while on site Ensure that all air intake points are adequately secured with locking devices The following reference(s) were/was used to create this question: Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press), Chapter 8, Physical and Enviromental Security "Enviromental Controls, HVAC" NEXT QUESTION

What is the most effective means of determining that controls are functioning properly within an operating system? A. Interview with computer operator B. Review of software control features and/or parameters C. Review of operating system manual D. Interview with product vendor

Answer : B Explanation: Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging. Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system's integrity. The operating system manual should provide information as to what settings can be used but will not likely give any hint as to how parameters are actually set. The product vendor and computer operator are not necessarily aware of the detailed setting of all parameters. The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented. A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, misconfigurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment. Reference(s) used for this question: Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Security Operations, Page 1054, for users with the Kindle edition look at Locations 851-855 and Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 102). NEXT QUESTION

Which of the following statements pertaining to secure information processing facilities is incorrect? A. Walls should have an acceptable fire rating. B. Windows should be protected with bars. C. Doors must resist forcible entry. D. Location and type of fire suppression systems should be known.

Answer : B Explanation: Windows are normally not acceptable in the data center. If they do exist, however, they must be translucent and shatterproof. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical security (page 329). NEXT QUESTION

Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)

Answer : C Explanation: It refers to the alteration of the existing data , most often seen before it is entered into an application.This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed. The other answers are incorrect because : IP Spoofing is not correct as the questions asks about the crime associated with the insiders. Spoofing is generally accomplished from the outside. Password sniffing is also not the BEST answer as it requires a lot of technical knowledge in understanding the encryption and decryption process. Denial of service (DOS) is also incorrect as most Denial of service attacks occur over the internet. Reference : Shon Harris , AIO v3 , Chapter-10 : Law , Investigation & Ethics , Page : 758- 760. NEXT QUESTION

Which of the following is true about a "dry pipe" sprinkler system? A. It is a substitute for carbon dioxide systems. B. It maximizes chances of accidental discharge of water. C. It reduces the likelihood of the sprinkler system pipes freezing. D. It uses less water than "wet pipe" systems.

Answer : C Explanation: A dry pipe system is used in areas where the water in the pipes is subject to freezing, and to minimize the chances of accidental discharge of water if the pipes would freeze in the winter time, and It minimizes chances of accidental discharge of water as well by not releasing the water until the pressure in the pipe would drop due to one of the sprinkler head being opened. A Dry Pipe system has the water being held back from charging the sprinkler pipe system by a special kind of check valve called a "dry pipe valve" or "clapper valve". A dry pipe system is also a system which the pipes are filled with pressurized air or nitrogen rather than water. The air uses a mechanical advantage which holds back a device known as a dry pipe valve or clapper valve that prevent the water from getting into the pipe when it is pressurized. A small amount of water, called priming water, is also inside the dry pipe system, which is filled with either air or nitrogen under pressure. The sprinkler pipe system is filled with pressurized air or nitrogen, which keeps the dry pipe valve closed using mechanical advantage. When any of the sprinkler valves open, the pressurized air or nitrogen is released, and the dropping pressure permits the dry pipe valve to open. It's primary use is to protect the sprinkler pipes from freezing. A Wet Pipe system has the pipes always charged with water, and the thermal-fusible link in each sprinkler head is holding back the water. If any sprinkler head is exposed to enough heat, for long enough, the link will break/melt and water will be discharged. A wet pipe system is generally used when there is no danger of the water in the pipes freezing or when there are no special conditions that require a special purpose sprinkler system. A Preaction Pipe system is used where accidental activation is undesired. It is similar to a Dry Pipe system, except one or more other interlocks, such as fire/heat sensors, are used in addition to sprinkler head opening and relieving the air pressure, which then permits the water to charge the sprinkler pipe system and flow through the open sprinkler head. This system has the added value of requiring a series of events before the water is actually permitted to flow, which can enable personnel to handle a small fire or incident without the flow of water. All of the other answers were NOT true so they were wrong choices The following reference(s) were/was used to create this question: Shon Harris, AIO v5, pg 444-445 and Ronald Krutz adn Russell Vines, The CISSP and CAP Prep Guide, pg 530 NEXT QUESTION

What is the minimum static charge able to cause disk drive data loss? A. 550 volts B. 1000 volts C. 1500 volts D. 2000 volts

Answer : C Explanation: A static charge of 1500 volts is able to cause disk drive data loss. A charge of 1000 volts is likely to scramble monitor display and a charge of 2000 volts can cause a system shutdown. It should be noted that charges of up to 20,000 volts or more are possible under conditions of very low humidity with non-static-free carpeting. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 10: Physical Security (page 333). NEXT QUESTION

This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? A. Processing Controls B. Output Controls C. Input Controls D. Input/Output Controls

Answer : C Explanation: Input Controls are used to ensure that transactions are properly entered into the system once. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 218. NEXT QUESTION

When backing up an applications system's data, which of the following is a key question to be answered first? A. When to make backups B. Where to keep backups C. What records to backup D. How to store backups

Answer : C Explanation: It is critical that a determination be made of WHAT data is important and should be retained and protected. Without determining the data to be backed up, the potential for error increases. A record or file could be vital and yet not included in a backup routine. Alternatively, temporary or insignificant files could be included in a backup routine unnecessarily. The following answers were incorrect: When to make backups Although it is important to consider schedules for backups, this is done after the decisions are made of what should be included in the backup routine. Where to keep backups The location of storing backup copies of data (Such as tapes, on- line backups, etc) should be made after determining what should be included in the backup routine and the method to store the backup. How to store backups The backup methodology should be considered after determining what data should be included in the backup routine. NEXT QUESTION

Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?

Answer : C Explanation: Physical security and environmental security are part of operational controls, and are measures taken to protect systems, buildings, and related supporting infrastructures against threats associated with their physical environment. All the questions above are useful in assessing physical and environmental protection except for the one regarding processes that ensuring that unauthorized individuals cannot access information, which is more a production control. Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages A-21 to A-24). NEXT QUESTION

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. Data fiddling B. Data diddling C. Salami techniques D. Trojan horses

Answer : C Explanation: Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 644. NEXT QUESTION

The Loki attack exploits a covert channel using which network protocol? A. TCP B. PPP C. ICMP D. SMTP

Answer : C Explanation: The Loki attack uses the ICMP protocol for communications between two systems, but ICMP was designed to be used only for sending status and error messages about the network. Because the Loki attack is using ICMP in an unintended manner, this constitues a covert channel attack. The following answers are incorrect: TCP, PPP, and SMTP are all incorrect. The following reference(s) were/was used to create this question: Shon Harris, AIO, 5th Edition, Chapter 12: Operations Security, p. 1107 NEXT QUESTION

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illiminated at nine feet high with at least three foot-candles B. Illiminated at eight feet high with at least three foot-candles C. Illiminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles

Answer : C Explanation: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high with at least two foot-candles. It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of two foot-candles. One footcandle 10.764 lux. The footcandle (or lumen per square foot) is a non-SI unit of illuminance. Like the BTU, it is obsolete but it is still in fairly common use in the United States, particularly in construction-related engineering and in building codes. Because lux and footcandles are different units of the same quantity, it is perfectly valid to convert footcandles to lux and vice versa. The name "footcandle" conveys "the illuminance cast on a surface by a one-candela source one foot away." As natural as this sounds, this style of name is now frowned upon, because the dimensional formula for the unit is not foot candela, but lumens per square foot. Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e. the illuminance cast on a surface by a one-candela source one meter away). A source that is farther away casts less illumination than one that is close, so one lux is less illuminance than one footcandle. Since illuminance follows the inverse-square law, and since one foot = 0.3048 m, one lux = 0.30482 footcandle 1/10.764 footcandle. TIPS FROM CLEMENT: Illuminance (light level) The amount of light, measured in foot-candles (US unit), that falls n a surface, either horizontal or vertical. Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than 3:1, no area less than 1 fc. All illuminance measurements are to be made on the horizontal plane with a certified light meter calibrated to NIST standards using traceable light sources. The CISSP Exam Cram 2 from Michael Gregg says: Lighting is a commonly used form of perimeter protection. Some studies have found that up to 80% of criminal acts at businesses and shopping centers happen in adjacent parking lots. Therefore, it's easy to see why lighting can be such an important concern. Outside lighting discourages prowlers and thieves. The National Institute of Standards and Technologies (NIST) states that, for effective perimeter control, buildings should be illuminated 8 feet high, with 2-foot candle power. Reference used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 325. and Shon's AIO v5 pg 459 and http://en.wikipedia.org/wiki/Foot-candle NEXT QUESTION

In Operations Security trusted paths provide: A. trustworthy integration into integrity functions. B. trusted access to unsecure paths. C. trustworthy interfaces into priviledged user functions. D. trustworthy interfaces into priviledged MTBF functions.

Answer : C Explanation: The following answers are incorrect: Integrity paths has no meaning in the context of this question. Trusted paths brings to mind the word integrity only in p g g yp g q p g g y y the context that the data was not changed and is in it's orginal condition. This question also has less to do with integration and more to do with actual implementation of a concept. There is less need to create trusted paths to something that is already not secure. MTBF is Mean Time Between Failure. This is not really related to a trusted path therefore not related to this question. The following reference(s) were/was used to create this question: "Trusted paths provide trustworthy interfaces into privledged user functions and are intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted." pp. 544 Official Guide to the CISSP CBK, Second Edition, copyright 2010, Edited by Harold F. Tipton, Trusted Paths and Fail Secure Mechanisms; NEXT QUESTION

What is the main objective of proper separation of duties? A. To prevent employees from disclosing sensitive information. p p y g B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with.

Answer : C Explanation: The primary objective of proper separation of duties is to ensure that one person acting alone cannot compromise the company's security in any way. A proper separation of duties does not prevent employees from disclosing information, nor does it ensure that access controls are in place or that audit trails are not tampered with. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 12: Operations Security (Page 808). NEXT QUESTION

What is the essential difference between a self-audit and an independent audit? A. Tools used B. Results C. Objectivity D. Competence

Answer : C Explanation: To maintain operational assurance, organizations use two basic methods: system audits and monitoring. Monitoring refers to an ongoing activity whereas audits are one-time or periodic events and can be either internal or external. The essential difference between a self-audit and an independent audit is objectivity, thus indirectly affecting the results of the audit. Internal and external auditors should have the same level of competence and can use the same tools. Source: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and , , gy ( ), p , Practices for Securing Information Technology Systems, September 1996 (page 25). y p p NEXT QUESTION

Which type of fire extinguisher is most appropriate for a digital information processing facility? A. Type A B. Type B C. Type C D. Type D

Answer : C Explanation: Type C fire extinguishers deal with electrical fires. They are most likely to be found around a digital information processing facility or data center. Type A is for common combustibles Type B is for liquids (petroleum products and coolants) Type D is used specifically for fighting flammable metal fires (eg: magnesium). Additionally Class K fires are caused by cooking oils and fats. They typically burn much hotter than Class B fires and are extinguished using wet chemical (alkali) fire extinguishers. To remember the 4 classes of fire and what they are you can think about my first name which is CLEMENT. See an example of this below: Class Type A Common combustible B Liquid C Electrical Fire D Metal Burning References: Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 6: Physical security (page 312). Underwriters Laboratory's Rating and Testing of Fire Extinguishers (UL 711). National Fire Protection Association's glossary. http://en.wikipedia.org/wiki/Fire_classes http://en.wikipedia.org/wiki/Fire_extinguisher http://en.wikipedia.org/wiki/Fire_retardant_foam NEXT QUESTION

Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow

Answer : C Explanation: Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel. System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system administrators. If misused, these privileges may be used to circumvent the systems security policy. As such, use of these privileges should be monitored through audit logs. Some of the privileges and responsibilities assigned to operators include: Implementing the initial program load: This is used to start the operating system. The boot process or initial program load p g p p g p g p g y p p g of a system is a critical time for ensuring system security. Interruptions to this process may reduce the integrity of the system or cause the system to crash, precluding its availability. Monitoring execution of the system: Operators respond to various events, to include errors, interruptions, and job completion messages. Volume mounting: This allows the desired application access to the system and its data. Controlling job flow: Operators can initiate, pause, or terminate programs. This may allow an operator to affect the scheduling of jobs. Controlling job flow involves the manipulation of configuration information needed by the system. Operators with the ability to control a job or application can cause output to be altered or diverted, which can threaten the confidentiality. Bypass label processing: This allows the operator to bypass security label information to run foreign tapes (foreign tapes are those from a different data center that would not be using the same label format that the system could run). This privilege should be strictly controlled to prevent unauthorized access. Renaming and relabeling resources: This is sometimes necessary in the mainframe environment to allow programs to properly execute. Use of this privilege should be monitored, as it can allow the unauthorized viewing of sensitive information. Reassignment of ports and lines: Operators are allowed to reassign ports or lines. If misused, reassignment can cause program errors, such as sending sensitive output to an unsecured location. Furthermore, an incidental port may be opened, subjecting the system to an attack through the creation of a new entry point into the system. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 19367-19395). Auerbach Publications. Kindle Edition. NEXT QUESTION

A momentary power outage is a: A. spike B. blackout C. surge D. fault

Answer : D Explanation: A momentary power outage is a fault. Power Excess Spike --> Too much voltage for a short period of time. Surge --> Too much voltage for a long period of time. Power Loss Fault --> A momentary power outage. Blackout --> A long power interruption. Power Degradation Sag or Dip --> A momentary low voltage. Brownout --> A prolonged power supply that is below normal voltage. Reference(s) used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw- Hill/Osborne, 2005, page 368. and https://en.wikipedia.org/wiki/Power_quality NEXT QUESTION

Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Transient Noise B. Faulty Ground C. Brownouts D. UPS

Answer : D Explanation: An uninterruptible power supply, also uninterruptible power source, UPS or battery/flywheel backup, is an electrical apparatus that provides emergency power to a load when the input power source, typically mains power, fails. A UPS differs from an auxiliary or emergency power system or standby generator in that it will provide near-instantaneous protection from input power interruptions, by supplying energy stored in batteries or a flywheel. The on-battery runtime of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment. A UPS is typically used to protect computers, data centers, telecommunication equipment or other electrical equipment where an unexpected power disruption could cause injuries, fatalities, serious business disruption or data loss. The primary role of any UPS is to provide short-term power when the input power source fails. However, most UPS units are also capable in varying degrees of correcting common utility power problems: Voltage spike or sustained Overvoltage Momentary or sustained reduction in input voltage. Noise, defined as a high frequency transient or oscillation, usually injected into the line by nearby equipment. Instability of the mains frequency. Harmonic distortion: defined as a departure from the ideal sinusoidal waveform expected on the line. NOTE: Some organization are constantly running off the UPS. Of course in such case if the online UPS would fail and you did not think about redundancy, it could contribute to failure instead of helping to avoid power failure. It was reported by a few quiz takers that standby UPS could create issues as well. I totally agree but this is more the exception than the norm. Any countermeasures, safeguards, or controls not deployed or maintained properly could introduce risks instead of minimizing their effect or preventing them. Once again, the question is not attempting to look at ALL possible issues and situations, you must remain within the context of the question, you look at the four choice and see which one is the best according to the question presented. Looking at the 4 choices presented along with this question, UPS is definitively the least likely to cause power issues. Reference used for this question: http://en.wikipedia.org/wiki/Uninterruptible_power_supply NEXT QUESTION

Configuration Management is a requirement for the following level(s) of the Orange Book? A. B3 and A1 B. B1, B2 and B3 C. A1 D. B2, B3, and A1

Answer : D Explanation: Configuration Management is a requirement only for B2, B3, and A1. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 223. NEXT QUESTION

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and p p, p windows are some of the examples of: , g g A. Administrative controls B. Logical controls C. Technical controls D. Physical controls

Answer : D Explanation: Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are all examples of Physical Security. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33. NEXT QUESTION

Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses? A. Digital Video Tape (DVT). B. Digital Analog Tape (DAT). C. Digital Voice Tape (DVT). D. Digital Audio Tape (DAT).

Answer : D Explanation: Digital Audio Tape (DAT) can be used to backup data systems in addition to its original intended audio uses. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 70. NEXT QUESTION

Which of the following rules is least likely to support the concept of least privilege? A. The number of administrative accounts should be kept to a minimum. B. Administrators should use regular accounts when performing routine operations like reading mail. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. D. Only data to and from critical systems and applications should be allowed through the firewall.

Answer : D Explanation: Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall. Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this. Reference(s) used for this question: National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 9. NEXT QUESTION

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget

Answer : D Explanation: Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni. NEXT QUESTION

Which of the following statements pertaining to air conditioning for an information processing facility is correct? A. The AC units must be controllable from outside the area. B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room. C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown. D. The AC units must be dedicated to the information processing facility.

Answer : D Explanation: The AC units used in a information processing facility (computer room) must be dedicated and controllable from within the area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out of the room. Source: Chris Hare's CISSP Study Notes on Physical Security, based on ISC2 CBK document. Available at http://www.ccure.org. NEXT QUESTION

Which of the following is not a component of a Operations Security "triples"? A. Asset B. Threat C. Vulnerability D. Risk

Answer : D Explanation: The Operations Security domain is concerned with triples - threats, vulnerabilities and assets. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 216. NEXT QUESTION

In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. Fail Soft B. Fail Open C. Fail Safe D. Fail Secure

Answer : D Explanation: The context of this question is VERY important. As you can see, the question is in the Physical Security context where they make reference to a door electronic access control mechanism. In case of a power failure the door electronic lock would usually default to being unlocked which is called Fail Safe in the physical security context. This allow people to evacuate the building and make their way to a secure meeting point. If the signal is ignored the door will NOT become unlocked as it usually does. People may be trapped inside or they may be expected to remain inside to defend the facility, think of employment such as ambassy security or other high security environment where your job description include risking your live to defend the facility and its occupant. This is referred to as Fail Secure. Everything will remain locked and people would not evacuate the facility. A synonym for Fail Secure is Fail Closed. Operations will be expected to ensure that fail-safe and fail-secure mechanisms are working correctly. While both are concerned with how a system behaves when it fails, they are often confused with each other. It is important for the security professional to distinguish between them: Fail-safe mechanisms focus on failing with a minimum of harm to personnel, facility, or systems. Fail-secure focuses on failing in a controlled manner to block access while the systems or facility is in an inconsistent state. For example, data center door systems will fail safe to ensure that personnel can escape the area when the electrical power fails. A fail-secure door would prevent personnel from using the door at all, which could put personnel in jeopardy. Fail-safe and fail-secure mechanisms will need to be maintained and tested on a regular basis to ensure that they are working as designed. The other answers presented were not correct choices. See some definitions below: Fail soft A system that experience a security issue would disable only the portion of the system being affected by the issue. The rest of the system would continue to function as expected. The component or service that failed would be isolated or protected from being abused. Fail Safe A fail-safe lock in the PHYSICAL security context will default to being unlocked in case of a power interruption. A fail-safe mechanisms in the LOGICAL security context will default to being locked in case of problems or issues. For example if you have a firewall and it cannot apply the policy properly, it will default to NO access and all will be locked not allowing any packet to flow through without being inspected. Fail open A Fail Open mean that the mechanism will default to being unlocked in case of a failure or problem. This is very insecure. If you have a door access control mechanism that fail open then it means that the door would be unlocked and anyone could get through. A logical security mechanism would grant access and there would be no access control in place. Fail closed A Fai NEXT QUESTION

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? A. 3' to 4' high. B. 6' to 7' high. C. 8' high and above with strands of barbed wire. D. Double fencing

Answer : D Explanation: The most commonly used fence is the chain linked fence and it is the most affordable. The standard is a six-foot high fence with two-inch mesh square openings. The material should consist of nine-gauge vinyl or galvanized metal. Nine-gauge is a typical fence material installed in residential areas. Additionally, it is recommended to place barbed wire strands angled out from the top of the fence at a 45 angle and away from the protected area with three strands running across the top. This will provide for a seven-foot fence. There are several variations of the use of top guards using V-shaped barbed wire or the use of concertina wire as an enhancement, which has been a replacement for more traditional three strand barbed wire top guards. The fence should be fastened to ridged metal posts set in concrete every six feet with additional bracing at the corners and gate openings. The bottom of the fence should be stabilized against intruders crawling under by attaching posts along the bottom to keep the fence from being pushed or pulled up from the bottom. If the soil is sandy, the bottom edge of the fence should be installed below ground level. For maximum security design, the use of double fencing with rolls of concertina wire positioned between the two fences is the most effective deterrent and cost- efficient method. In this design, an intruder is required to use an extensive array of ladders and equipment to breach the fences. Most fencing is largely a psychological deterrent and a boundary marker rather than a barrier, because in most cases such fences can be rather easily penetrated unless added security measures are taken to y , yp y enhance the security of the fence. Sensors attached to the fence to provide electronic monitoring of cutting or scaling the fence can be used. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 24416-24431). Auerbach Publications. Kindle Edition. NEXT QUESTION

Which of the following fire extinguishing systems incorporating a detection system is g g g y p g y currently the most recommended water system for a computer room? A. Wet pipe B. Dry pipe C. Deluge D. Preaction

Answer : D Explanation: The preaction system combines both the dry and wet pipe systems, by first releasing the water into the pipes when heat is detected (dry pipe), then releasing the water flow when the link in the nozzle melts (wet pipe). This allows manual intervention before a full discharge of water on the equipment occurs. This is currently the most recommended water system for a computer room. According to the ISC2 Official Study Guide: All buildings should be equipped with an effective fire suppression system, providing the building with around the clock protection. Traditionally, fire suppression systems employed arrays of water sprinklers that would douse a fire and surrounding areas. Sprinkler systems are classified into four different groups: wet, dry, preaction, and deluge. Wet systems have a constant supply of water in them at all times; these sprinklers once activated will not shut off until the water source is shut off. Dry systems do not have water in them. The valve will not release until the electric valve is stimulated by excess heat. Pre-action systems incorporate a detection system, which can eliminate concerns of water damage due to false activations. Water is held back until detectors in the area are activated. Deluge systems operate in the same function as the pre-action system except all sprinkler heads are in the open position. Water may be a sound solution for large physical areas such as warehouses, but it is entirely inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen. In the past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes the ozone layer, and can injure nearby personnel. Shon Harris in her latest study guide says: Four main types of water sprinkler systems are available: wet pipe, dry pipe, preaction, and deluge. Wet pipe Wet pipe systems always contain water in the pipes and are usually discharged by temperature control-level sensors. One disadvantage of wet pipe systems is that the water in the pipes may freeze in colder climates. Also, if there is a nozzle or pipe break, it can cause extensive water damage. These types of systems are also called closed head systems. Dry pipe In dry pipe systems, the water is not actually held in the pipes. The water is contained in a holding tank until it is released. The pipes hold pressurized air, which is reduced when a fire or smoke alarm is activated, allowing the water valve to be opened by the water pressure. Water is not allowed into the pipes that feed the sprinklers until an actual fire is detected. First, a heat or smoke sensor is activated; then, the water fills the pipes leading to the sprinkler heads, the fire alarm sounds, the electric power supply is disconnected, and finally water is allowed to flow from the sprinklers. These pipes are best used in colder climates because the pipes will NEXT QUESTION

What physical characteristic does a retinal scan biometric device measure? A. The amount of light reaching the retina B. The amount of light reflected by the retina C. The pattern of light receptors at the back of the eye D. The pattern of blood vessels at the back of the eye

Answer : D Explanation: The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part of the eye which senses light and transmits impulses through the optic nerve to the brain - the equivalent of film in a camera. Blood vessels used for biometric identification are located along the neural retina, the outermost of retina's four cell layers. The following answers are incorrect: The amount of light reaching the retina The amount of light reaching the retina is not used in the biometric scan of the retina. The amount of light reflected by the retina The amount of light reflected by the retina is not used in the biometric scan of the retina. The pattern of light receptors at the back of the eye This is a distractor The following reference(s) were/was used to create this question: Reference: Retina Scan Technology. ISC2 Official Guide to the CBK, 2007 (Page 161) NEXT QUESTION

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. Incident Evaluation B. Incident Recognition C. Incident Protection D. Incident Response p

Answer : D Explanation: These are core functions of the incident response process. "Incident Evaluation" is incorrect. Evaluation of the extent and cause of the incident is a component of the incident response process. "Incident Recognition" is incorrect. Recognition that an incident has occurred is the precursor to the initiation of the incident response process. "Incident Protection" is incorrect. This is an almost-right-sounding nonsense answer to distract the unwary. References: CBK, pp. 698 - 703 NEXT QUESTION