CISSP Definitions with Questions
What are the primary security roles? 1) Auditor
5) Operator/User 2) Custodian 6) Owner 3) IT/Security Staff 7) Senior Management 4) Object 8) Subject A) 4, 3, 6, 2, 5, 1 B) 7, 3, 6, 2, 5, 1 C) 7, 3, 6, 2, 8, 1 D) 7, 3, 8, 2, 5, 1 B
To fully evaluate risks and take proper precautions, you must analyze: 1) Assets
7) Realized Risk 2) Asset Valuation 8) Safeguards 3) Threats 9) Countermeasures 4) Vulnerabilities 10) Attacks 5) Exposure 11) Breaches 6) Risk A) 1, 2, 3, 4, 5, 6, 8, 9, 10 B) 1, 2, 3, 4, 5, 6, 7, 8, 9 C) 1, 2, 3, 4, 5,6, 8, 9, 11 D) All of them D
A policy that allows employees to bring their own personal mobile devices to work and may allow them to use those devices to connect to business resources and/or the internet through the company network. Although this may improve employee morale and job satisfaction, it increases security risk to the organization. If the policy is open-ended, any device may be allowed to connect to the company network. Not all mobile devices have sufficient security features, and thus such a policy allows noncompliant devices onto the production network. This is likely the least secure option for the organization since company data and applications will be on the personal mobile device, it exposes the organization's network to malicious code from the PEDs, and the devices will have the widest range of variation and security capabilities (or more likely the lack of security capabilities). Additionally, this option potentially exposes the worker's PII on the device to the organization. A) Bring your own device B) Choose your own device C) Corporate-Owned, Business-Only D) Corporate Owned, Personally Enabled
A
An open-source hardware and software organization that creates single-board 8-bit microcontrollers for building digital devices. This has limited RAM, a single USB port, and I/O pins for controlling additional electronics (such as servo motors or LED lights) and does not include an OS. Instead, it can execute C++ programs specifically written to its limited instruction set. A) Arduino B) Field-programmable Gate Array C) Raspberry PI D) Real-time OS
A
Applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe. A) Confidential B) Secret C) Top Secret D) Unclassified
A
Assess the organization's controls that might impact the accuracy of financial reporting. A) SOC 1 Engagements B) SOC 2 Engagements C) SOC 3 Engagements D) SOC 4 Engagements
A
Cover only a specific point in time, rather than an extended period. A) Type I Reports B) Type II Reports C) Type III Reports D) Type IV Reports
A
Identifies the accuracy of a biometric method A) Crossover Error Rate B) False Acceptance Rate C) False Rejection Rate D) None of the above
A
In the Electronic Discovery reference model, this displays the information to witnesses, the court, and other parties. A) Presentation B) Preservation C) Processing D) Production
A
Limits of memory a process cannot exceed when reading or writing. A) Bounds B) Confinement C) Isolation D) Restriction
A
May be erased with electrical current. A) EEPROM B) EPROM / UVEPROM C) RAM D) ROM
A
Minimum age that web sites can collect information about children. A) 13 B) 15 C) 16 D) 18
A
Most costly to manage than other IDS because they require administrative attention on each system. Cannot detect network attacks on other systems. Will often consume a significant amount of system resources, degrading performance. Easier for an intruder to discover and disable. A) HIDS B) HIPS C) NIDS D) NIPS
A
Practicing the individual activities that maintain the due diligence effort. A) Due Care B) Due Diligence C) Threat Hunting D) Threat Modeling
A
Private Class A IP Address Range A) 10.0.0.0-10.255.255.255 B) 172.16.0.0-172.31.255.255 C) 182.16.0.0 - 182.16.255.255 D) 192.168.0.0-192.168.255.255
A
Provides assurances as to the identity of the user. One scheme is the challenge-response protocol, where the user is asked to encrypt a message using a key known to only the communicating parties. This can be achieved with both symmetric and asymmetric cryptosystems. A) Authentication B) Confidentiality C) Integrity D) Nonrepudiation
A
Stores all files that have been modified since the time of the most recent full backup. Only files that have the archive bit turned on, enabled, or set to 1 are duplicated. However, this process does not change the archive bit. A) Differential Backups B) Disk to Disk Backups C) Full Backups D) Incremental Backups
A
The means to evaluate and filter the payload contents of a communication rather than only on the header values. This type of filtering is able to block domain names, malware, spam, malicious scripts, abusive contents, or other identifiable elements in the payload of a communication. This is often integrated with Application-layer firewalls and/or stateful inspection firewalls. Also called Payload Inspection, or Content Filtering. A) Deep Packet Inspection B) Next Generation Firewall C) Next Generation Secure Web Gateway D) TCP Wrapper
A
The use of more than one processor to increase computing power. A) Multiprocessing B) Multistate C) Multitasking D) Multithreading
A
This cryptographic attack attempts to reduce the complexity of the algorithm. These focus on the logic of the algorithm itself. A) Analytic Attack B) Brute-Force Attack C) Fault Injection Attack D) Implementation Attack
A
This is a multifunction device (MFD) or unified threat management (UTM) composed of several security features in addition to a firewall; integrated components can include application filtering, deep packet inspection, TLS offloading and/or inspection (aka TLS termination proxy), domain name and URL filtering, IDS, IPS, web content filtering, QoS management, bandwidth throttling/management, NAT, VPN anchoring, authentication services, identity management, and antivirus/antimalware scanning. A) Next Generation Firewall B) Stateful Inspection Firewall C) Stateless Inspection Firewall D) Static Packet Filtering Firewall
A
This is a network service used to support file sharing between dissimilar systems. A) Network File System B) Post Office Protocol C) SMTP D) Telnet
A
This storage is the same as memory. A) Primary Storage B) Random Access Storage C) Secondary Storage D) Sequential Access Storage
A
What is the CAST-256 Key Size? A) 128, 160, 192, 224, 256 B) 128, 192, 256 C) 20 - 2,048 D) 32 - 448
A
What is the Personal Information Exchange format storage format? A) Binary B) Structured C) Text D) Zip
A
What is the Two Fish Block Size? A) 128 B) 32, 64, 128 C) 64 D) N/A Stream Cipher
A
help developers easily store usernames and passwords and retrieve them when a user revisits a website. A) Credential Management Systems B) Just-in-Time Provisioning C) Session Management Systems D) Single Sign-On
A
A subject may not write information to an object at a lower sensitivity level (no write-down). This is also known as the Confinement Property. A) Access Control Matrix B) * (star) Security Property C) Discretionary Security Property D) Simple Security Property
B
A system that typically has pseudo flaws and fake data to lure intruders. Administrators can observe attackers' activity and they are not in the live network. A) Warning Banners B) Honey Pots C) Honey Networks D) Antimalware
B
An integrated circuit (IC) or chip that has all of the elements of a computer integrated into a single chip. This often includes the main CPU, RAM, a GPU, Wi-Fi, wired networking, peripheral interfaces (such as USB), and power management. In most cases, the only item missing compared to a full computer is bulk storage. A) Containerization B) System on a Chip C) Embedded Systems D) Microcontrollers
B
Any data stored on media such as hard drives or external media. A) Encryption B) Data at Rest C) Data in Transit D) Data in Use
B
Any type of portable or nonportable device that has native network capabilities. These may be embedded systems or used to create embedded systems. They are often static systems. A) Static Systems B) Network-enabled Devices C) Cyber-physical Systems D) High-performance computing
B
Automated or Manual systems designed to detect an attempted physical intrusion, breach, or attack; the use of an unauthorized entry/point; or the occurrence of some specific event at an unauthorized or abnormal time. May include security guards, automated access controls, and motion detectors as well as other specialty monitoring devices. A) IPS B) IDS C) NDS D) HDS
B
Based on the idea to structure the physical environment and surroundings to influence individual decisions that potential offenders make before committing any criminal acts. A) Critical Path Analysis B) Crime Prevention through Environmental Design C) Key Element in Designing a Facility D) Site Selection
B
Computer scientists and mathematicians believe that it is extremely to solve and that this difficult problem, known as the elliptic curve discrete logarithm problem, forms the basis of elliptic curve cryptography. It is widely believed that this problem is harder to solve than both the prime factorization problem. A) Diffie-Hellman B) Elliptic Curve Cryptography C) Merkle-Hellman Knapsack D) Offline Distribution
B
Computer systems generate characteristic footprints of activity, such as changes in processor utilization, power consumption, or electromagnetic radiation. This cryptographic attack seeks to use this information to monitor system activity and retrieve information that is actively being encrypted. A) Implementation Attack B) Side-Channel Attack C) Statistical Attack D) Timing Attack
B
Data can be written to this type of chip only once. A) EEPROM B) PROM C) RAM D) ROM
B
Grants the right to keep and bear arms. A) First Amendment B) Second Amendment C) Third Amendment D) Fourth Amendment
B
Improves internet access performance and controls what websites users can visit. Can record details of specific sites a user visits and how much time they spend on the site. Also records when users try to access prohibited sites. A) Change Logs B) Proxy Logs C) Application Logs D) Firewall Logs
B
In STRIDE, this is any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage. A) Spoofing B) Tampering C) Repudiation D) Information Disclosure
B
In common criteria, this answers the question if every logical test in the code has been executed under all sets of input. A) Branch Coverage B) Condition Coverage C) Function Coverage D) Loop Coverage
B
In the Change Management Process, this is the last step in the process. A) Approve/reject the change B) Document the change C) Request the change D) Review the change
B
In the Electronic Discovery reference model, this ensures that potentially discoverable information is protected against alteration or deletion. A) Presentation B) Preservation C) Processing D) Production
B
In this phase of SW-CMM, basic lifecycle management processes are introduced. Reuse of code in an organized fashion begins to enter the picture, and repeatable results are expected from similar projects. SEI defines the key process areas for this level as Requirements Management, Software Project Planning, Software Project Tracking and Oversight, Software Subcontract Management, Software Quality Assurance, and Software Configuration Management. A) Level 1 - Initial B) Level 2 - Repeatable C) Level 3 - Defined D) Level 4 - Managed
B
One way to have IPv6 and IPv4 can coexist on the same network is to use this method and have systems use this method to convert between IPv4 and IPv6 network segments similar to how NAT converts between internal and external addresses. A) Dual Stack B) Network Address Translation - Protocol Translation C) Tunneling D) None of the above
B
Opens a full connection to the remote system on the specified port. This scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan. Most other scan types require the ability to send raw packets, and a user may be restricted by the operating system from sending handcrafted packets. A) TCP ACK Scan B) TCP Connect Scan C) TCP SYN Scan D) UDP Scanning
B
Performs a zero-knowledge proof process known as Dragonfly Key Exchange, which in itself is a derivative of Diffie-Hellman. This process uses a preset password and the MAC address of the client an AP to perform authentication and session key exchange. A) MAC Filtering B) Simultaneous Authentication of Equals C) Site Survey D) Wi-Fi Protected Setup
B
The process of replacing some data elements with pseudonyms or aliases. Removes privacy data so that a dataset can be shared. However, the original data remains available in a separate dataset. A) Anonymization B) Pseudonymization C) Substituting D) Tokenization
B
This execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server. A) Anything as a Service B) Function as a Service C) Infrastructure as a Service D) Integration Platform as a Service
B
This is a remote access, multilayer switch used to connect distant networks over WAN links. Aka WAN switch or WAN router. A) Jump box B) LAN Extenders C) Modems D) Repeaters, Concentrators, and Amplifiers
B
Under this rule's Breach Notification Rule, HIPAA-covered entities that experience a data breach must notify affected individuals of the breach and must also notify both the secretary of health and human services and the media when the breach affects more than 500 individuals. A) European Union Privacy Law B) Health Information Technology for Economic and Clinical Health C) Health Insurance Portability and Accountability Act of 1996 D) Privacy Act
B
Used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. These manage traffic based on logical IP addressing. They can function using statically defined routing tables, or they can employ a dynamic routing system. A) Repeaters, Concentrators, and Amplifiers B) Routers C) Sensor D) Switches
B
What is the Two Fish Key Size? A) 0 - 2,040 B) 1-256 C) 112 or 168 D) 128
B
What is the hash value length of RIPEMD-160? A) 128 B) 160 C) 256 / sec 128 D) 320 / sec 160
B
When the information or privilege required to perform an operation is divided among multiple users, no single person has sufficient privileges to compromise the security of an environment. A) Separation of duties B) Split Knowledge C) Work Function D) Zero-Knowledge Proof
B
Which key should I use to verify the signature on a message, use: A) Recipient's Public Key B) Senders Public Key C) Your Private Key D) Your Public Key
B
An incident does not occur and is not detected. A) False Negative B) False Positive C) True Negative D) True Positive
C
Can often discover the source of an attack by performing Reverse Address Resolution Protocol (RARP) or reverse DNS Lookups. A) HIDS B) HIPS C) NIDS D) NIPS
C
Cryptographic systems of symbols that operate on words or phrases and are sometimes secret but do not always provide confidentiality. A) Ciphertext B) Ciphers C) Codes D) Decrypt
C
Employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission. The modulated signals are perpendicular (orthogonal) and thus do not cause interference with one another. Ultimately, requires a smaller frequency set (aka channel bands) but can offer greater data throughput. A) Direct Sequence Spread Spectrum B) Frequency Hopping Spread Spectrum C) Orthogonal Frequency-Division Multiplexing D) Spread Spectrum
C
Evaluates the security of software without running it by analyzing either the source code or the compiled application. Static analysis usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows. A) Interface Testing B) Misuse Case Testing C) Static Testing D) Static Software Testing
C
In SAMM, this function includes incident management, environment management, and operational management. A) Governance B) Implementation C) Operations D) Verification
C
In the Electronic Discovery reference model, this locates the information that may be responsive to a discovery request when the organization believes that litigation is likely. A) Analysis B) Collection C) Identification D) Information Governance
C
In this phase, software developers operate according to a set of formal, documented software development processes. All development projects take place within the constraints of the new standardized management model. SEI defines the key process areas for this level as Organization Process Focus, Organization Process Definition, Training Program, Integrated Software Management, Software Product Engineering, Intergroup Coordination, and Peer Reviews. A) Level 1 - Initial B) Level 2 - Repeatable C) Level 3 - Defined D) Level 4 - Managed
C
Names, Slogans, and logos that identify a company, product, or service. A) Copyrights B) Patents C) Trademarks D) Trade Secrets
C
Often third-party entities that process data for an organization at the direction of the data controller. A) Data Administrators B) Data Custodian C) Data Processors D) Data User or Subject
C
Place these elements in the proper order: 1) Accountability 2) Authentication 3) Authorization 4) Auditing 5) Identification A) 1, 5, 2, 3, 4 B) 3, 2, 4, 5, 1 C) 5, 2, 3, 4, 1 D) 2, 1, 3, 4, 5
C
Risk management focuses on achieving objectives rather than just reacting to external threats; increased strategic planning is geared toward business success rather than just avoiding incidents; and lessons learned are reintegrated into the process. A) Defined B) Integrated C) Optimized D) Preliminary
C
Specifies the maximum amount of data that may be lost during a disaster and should be used to guide backup strategies. A) Maximum Tolerable Downtime B) Maximum Recovery Time C) Recovery Point Objective D) Recovery Time Objective
C
Starting with a baseline, this detection type looks for events with suspicious properties. It uses rules and/or algorithms to look for commands which may indicate malicious intent. A) Anomaly-based Detection B) Behavior-based Detection C) Heuristics-based Detection D) Knowledge-based Detection
C
The imaginary boundary that separates the TCB from the rest of the system. The TCB components communicate within non-TCB components using trusted paths. A) Reference Monitor B) Security Kernel C) Security Perimeter D) Trusted Computing Base
C
The most a process runs in when it is confined through the use of memory bounds. A) Bounds B) Confinement C) Isolation D) Restriction
C
These attacks allow an attacker to impersonate a user with the captured hash of a user's password instead of the user's password. Pass-the-hash attacks typically exploit NTLM vulnerabilities, but attackers also use similar attacks against other protocols, including Kerberos. A) Brute-Force / Dictionary B) Kerberos Exploitation C) Pass-the-hash D) Spoofing
C
This cryptographic attack attempts to compromise the integrity of a cryptographic device by causing some type of external fault. For example, they might use high-voltage electricity, high or low temperature, or other factors to cause a malfunction that undermines the security of the device. A) Analytic Attack B) Brute-Force Attack C) Fault Injection Attack D) Implementation Attack
C
This is a communications device that covers or modulates between an analog carrier signal and digital information in order to support computer communications of PSTN lines. These have generally been replaced by digital broadband technologies, including cable modems, DSL modems, 802.11 wireless, and various forms of wireless devices. A) Jump box B) LAN Extenders C) Modems D) Repeaters, Concentrators, and Amplifiers
C
This is a protocol used to pull email messages from an inbox on an email server down to an email client. Also offers the ability to retrieve only headers from an email server as well as to delete messages directly off the email server (i.e., server archiving). Only use if encrypted with TLS. A) Dynamic Host Configuration Protocol B) File Transfer Protocol C) Internet Message Access Protocol D) Line Printer Daemon
C
This offers an alternative approach to disk striping with parity. It functions in the same manner as RAID-5 but stores parity information on two disks, protecting against the failure of two separate disks but requiring a minimum of four disks to implement. A) RAID-1 B) RAID-5 C) RAID-6 D) RAID-10
C
This type of security system analyzes packets on an individual basis against the filtering ACLs or rules. The context of the communication (that is, any previous packets) is not used to make an allow or deny decision on the current packet. A) Next Generation Firewall B) Stateful Inspection Firewall C) Stateless Inspection Firewall D) Static Packet Filtering Firewall
C
Volatile and lose their contents when the computer is powered off. A) EEPROM B) EPROM / UVEPROM C) RAM D) ROM
C
What is the IDEA (used in PGP) Block Size? A) 128 B) 32, 64, 128 C) 64 D) N/A Stream Cipher
C
What is the Privacy Enhanced Mail Certificate File Extension(s)? A) .der, .crt, .cer B) .p7b C) .pem, .crt D) .pfx, .p12
C
What is the hash value length of RIPEMD-256? A) 128 B) 160 C) 256 / sec 128 D) 320 / sec 160
C
What stage of PASTA is Application Decomposition and Analysis (ADA)? A) Stage I B) Stage II C) Stage III D) Stage IV
C
What stage of PASTA is Attack Modeling & Simulation (AMS)? A) Stage IV B) Stage V C) Stage VI D) Stage VII
C
When the company purchases the mobile devices that can support security compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on the devices. This often requires workers to carry a second device for personal use. This is the best option for both the organization as well as the individual worker. The option maintains clear separation between work activities and personal activities, since the device is for work use exclusively. This option protects company resources from personal activity risks, and it protects personal data from unauthorized or unethical organizational access. Yes, it is a hassle to carry a second device for personal activities, but that inconvenience is well worth the security benefits for both parties. A) Bring your own device B) Choose your own device C) Corporate-Owned, Business-Only D) Corporate Owned, Personally Enabled
C
An application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. This is a form of port-based access control. A) Deep Packet Inspection B) Next Generation Firewall C) Next Generation Secure Web Gateway D) TCP Wrapper
D
In SAMM, the set of activities undertaken by the organization to confirm that code meets business and security requirements. A) Governance B) Implementation C) Operations D) Verification
D
In common criteria, this answers the question if every loop in the code has been executed under conditions that cause execution multiple times, only one, and not at all. A) Branch Coverage B) Condition Coverage C) Function Coverage D) Loop Coverage
D
In this phase of SW-CMM, a process of continuous improvement occurs. Sophisticated software development processes are in place that ensure that feedback from one phase reaches to the previous phase to improve future results. SEI defines the key process areas for this level as Defect Prevention, Technology Change Management, and Process Change Management. A) Level 2 - Repeatable B) Level 3 - Defined C) Level 4 - Managed D) Level 5 - Optimized
D
Network Container bits: A) OSI Layer 4 B) OSI Layer 3 C) OSI Layer 2 C) OSI Layer 1
D
One where the source code and other internal logic is hidden from the public. A) Open System B) Open Source C) Closed System D) Closed Source
D
Permits multiple concurrent tasks to be performed within a single process. A) Multiprocessing B) Multistate C) Multitasking D) Multithreading
D
The role of this is to inform and guide the design, development, implementation, testing, and maintenance of a particular system. This type of policy tightly targets a single implementation effort. A) Covert Channels B) Hardware Segmentation C) Process Isolation D) System Security Policy
D
These are used to strengthen the communication signal over a cable segment as well as connect network segments that use the same protocol. Systems on either side of these are part of the same collision domain and broadcast domain. A) Jump box B) LAN Extenders C) Modems D) Repeaters, Concentrators, and Amplifiers
D
This cyphertext-only attack counts the characters in the ciphertext to reverse substitution ciphers. A) Birthday Attack B) Brute-Force Attacks C) Cipher Text-Only Attacks D) Frequency Analysis
D
This is a network service that is used to spool print jobs and send print jobs to printers. A) Dynamic Host Configuration Protocol B) File Transfer Protocol C) Internet Message Access Protocol D) Line Printer Daemon
D
To allow a system to continue to operate after a component fails. A) Fail-Closed B) Fail-Open C) Fail-Safe D) Fail-Soft
D
Uses techniques such as code reviews, evaluate the security of software without running it by analyzing either the source code or the compiled application. A) Interface Testing B) Misuse Case Testing C) Static Testing D) Static Software Testing
D
What is the IEEE standard for Bluetooth network communications? A) 802.10 B) 802.11 C) 802.12 D) 802.15
D
What port does Point-to-Point Tunneling Protocol use? A) TCP 443 B) TCP 465 C) TCP 880 D) TCP 1723
D