CISSP Study
What is BOND an acronym for?
"Bandwidth on Demand". An aggregation of multiple communications channels or frequencies to increase data throughput.
What is the formula for Annualized Loss Expectancy? (ALE)
*ALE = SLE x ARO*
What is the Speed of T1?
1.544 megabits per second
Whch wireless standards use the 5 GHz band?
5 GHz is the frequency band in which wireless a, optionally n, and ac run.
What signal technology do 802.11a, 802.11g and 802.11n use?
802.11 *a*, *g* and *n* use Orthogonal Frequency Division Multiplexing or OFDM.
What signal technology does 802.11b use?
802.11b uses Digital Sequence Spread Spectrum or DSSS.
In IPv6, what kind of address is designated ::1?
::1 is the IPv6 loopback address, equivalent to 127.0.0.1 in IPv4
What is a Blackout?
A Blackout is a long power loss.
What is a Brownout?
A Brownout is a long power drop.
What is a Fault?
A Fault is a short power loss.
What is a Sag?
A Sag is a short power drop.
What is a Spike?
A Spike is a short power surge.
What is a switch?
A switch is a network device which creates a *separate collision domain on each port*, while remaining within a single broadcast domain.
What Kind of Authentication is Somewhere You Are?
An example of this would be authentication through GPS coordinates on a cellphone or other mobile device in your possession.
At what layer of the OSI model are Bits found?
Bits are found at Layer 1: the Physical Layer.
What signal technology does Bluetooth use?
Bluetooth uses Frequency Hopping Spread Spectrum, or FHSS.
What is Bluetooth's Practical Maximum Range?
Bluetooth's maximum practical range is roughly 33 feet.
What electronic devices and WiFi standards run in the 2.4 GHz range?
Bluetooth, microwaves, some older wireless phones as well as wireless standards b, g, and n all run in the 2.4GHz range. Unlike the others in this list, wireless n also has the option of running at 5GHz.
What do 802.11a and 802.11n share and how do they differ?
Both are 802.11a and 802.11n are WiFi standards which can run at 5GHz, and yet they are not interoperable.
Is ATM Packet, Circuit or Cell Switched?
Cell Switched: 53 bytes
What is Channel Bonding?
Channel bonding is a feature in 802.11n that allows for the use of multiple simultaneous frequencies to increase usable bandwidth.
Which DES mode can propagate encryption errors?
Cipher Block Chaining (CBC).
Is T1 Packet, Circuit or Cell Switched?
Circuit Switched
What is Circumstantial Evidence?
Circumstantial evidence indirectly establishes a fact through inference.
What is the most common legal system in the world?
Civil Law (or tort law)
What is Civil Law?
Civil law is does not rely on case rulings and precedents. It is usually between individual plaintiffs and defendants.
What legal system do the US and UK base their laws on?
Common Law (or statutory law)
What is Common Law?
Common law is legislated, relying on case rulings and precedents. Common law usually has a governmental body as the plaintiff, not a company or an individual. Most criminal proceedings fall under common law. Common law can also be referred to as statutory law (based on statute).
What is Corroborative Evidence?
Corroborative Evidence supports other evidence, and it may include expert testimony.
What is Customary Law?
Customary law is not legislated, but instead reflects best practices of a community or business sector. Customary law can also include ingrained cultural practices which do not rely on the interpretation of religious doctrines.
What does the acronym DSSS stand for?
DSSS is Direct Sequence Spread Spectrum.
At what OSI layers are Data Streams found?
Data Streams are found At the top 3 layers of the OSI model: Session, Presentation and Application.
What is the Speed of T3?
Data on a T3 line travels at 44.736 megabits per second; normally rounded up to 45.
What is the Speed of E1?
Data on an E1 line travels at 2.048 megabits per second.
What is Direct Evidence?
Direct Evidence includes eyewitness accounts and descriptions.
What is Diversity in wireless networking?
Diversity is a method for improving the *reliability* of a WiFi transmission by using two or more communication channels.
What is the Speed of E3?
E3 = 34.368 megabits per second
Which mode of ESP encrypts only the data payload?
ESP Transport Mode encrypts only the data payload.
Which mode of ESP encrypts the entire packet?
ESP Tunnel Mode encrypts the entire packet.
Which DES mode can leave patterns in ciphertext?
Electronic Code Book is the DES mode which can leave patterns in ciphertext.
Backing up data remotely over the wire is known as?
Electronic Vaulting.
What does the IPv6 prefix FC00 designate?
FC00 is the first hextet of an IPv6 centrally-assigned unique local address or ULA.
What does the IPv6 prefix FD00 designate?
FD00 is the first hextet of an IPv6 *locally-configured* unique local address or ULA
What kind of IPv6 address begins with the hextet FE80?
FE80 is the first hextet of an IPv6 link-local address: equivalent to an IPv4 APIPA address.
What does the prefix IPv6 hextet FEC0 designate?
FEC0 is the first hextet of an IPv6 site-local address or SLA, equivalent to IPv4 private addresses. RFC 3879 degrades IPv6 site-local addresses in favor of the *locally assigned* unique local addresses, or ULA.
What kind of IPv6 address begins with the hextet FF01?
FF01 is the first hextet of an IPv6 multicast address.
What does the acronym FHSS stand for?
FHSS is Frequency Hopping Spread Spectrum.
At what layer of the OSI model are Frames found?
Frames are found at the Data Link Layer.
How does HTTPS encrypt?
HTTPS encrypts the entire comm channel using TLS.
What is IEE 802.11?
IEEE 802.11 is WiFi.
What is IEEE 802.15?
IEEE 802.15 is Bluetooth.
What is IEEE 802.20?
IEEE 802.20 is mobile broadband on cellphones also known as MBWA (Mobile Broadband Wireless Access).
What kind of IPv6 addresses begin with 2000, 2001, 2002, 2003, etc.?
IPv6 global unicast address. These are equivalent to unique public IPv4 routable addresses.
What is ITIL?
ITIL stands for *Information Technology (IT) Infrastructure Library.* It is a set of best practices at the heart of IT service management, and was originally developed in the UK. ITIL has become ISO/IEC standard 20000.
What is ISO 27002?
It is a code of practice that provides *GUIDANCE*, providing an internationally accepted framework for best practice in Information Security Management (ISM) and systems interoperability. It also provides guidance for a certification-ready ISMS (Information Security Management System).
What is ISO 27001?
It is a vendor-neutral and technology-independent *SPECIFICATION* for an Information Security Management System (ISMS). Although it mandates the use of ISO 27002 as a source of guidance on controls, it does not preclude choosing controls from other sources as well.
What does MIMO stand for?
MIMO is an acronym which stands for Multiple Input, Multiple Output. It is a technology which employs multiple transmitters and receiver antennae to increase data throughput. MIMO was Introduced with wireless n.
What is RAID 1?
Mirrored Set.
What is Mixed Law?
Mixed Law is a combination of any two types of law (except for Administrative Law) *Usually Common Law + Civil Law*, but can also combine *Religious Law and Customary Law*.
What does the acronym OFDM stand for?
OFDM is Orthogonal Frequency Division Multiplexing
What is an alternate location for storing backup media known as?
Off-site storage is the name for when backup media is stored at an alternate location.
What is a PDU?
PDU stands for Protocol Data Unit
Is Frame Relay Packet, Circuit or Cell Switched?
Packet Switched
At what layer of the OSI model are Packets found?
Packets are found at the Network Layer.
Which ports are identified as the System/Well-Known Ports?
Ports 0-1023.
Which ports are identified as the Registered/User Ports?
Ports 1024-49151.
Which ports are identified as the Dynamic/Private/Ephemeral Ports?
Ports 49152-65535.
What is Real Evidence?
Real Evidence is Physical evidence, like a hard disk drive.
What is Religious Law?
Religious law is based on the interpretation of religious doctrines.
What is keeping data current at an alternate site known as?
Remote journaling is the process of keeping data current at an alternate site. Unlike electronic vaulting, this is a continuous process. Also, remotely journaling will generally store only transaction logs, not data.
In risk management, what is the formula for "Residual Risk" (RR)?
Residual Risk = Total Risk x Countermeasures
What is Risk Assessment?
Risk Assessment is the evaluation of threats to determine vulnerabilities.
What is Risk Management?
Risk management is determining the cost-effectiveness of mitigating a risk.
How does S-HTTP encrypt?
S-HTTP encrypts Individual messages.
What is the formula for calculating Single Loss Expectancy (SLE)?
SLE= EF x AV
At what OSI layer is a Segment found?
Segments are found at the Transport Layer.
What type of Authentication is Something You Are?
Something You Are is also known as Type 3 Authentication. Type 3 Authentication generally refers to biometric authentication methods.
What type of Authentication is Something You Have?
Something You Have is also known at Type 2 Authentication or Transient Authentication. It usually refers to a physical token, such as a Common Access Card (CAC) in the DoD.
What type of Authentication is Something You Know?
Something You Know is also known as Type 1 Authentication. A Password is a typical example of Type 1 Authentication.
What is RAID 4?
Striped Blocks with Parity
What is RAID 3?
Striped Bytes with Parity
What is RAID 10?
Striped Mirror (nested RAID).
What contingency or emergency planning discipline focuses on the restoration of specific IT services?
The Disaster Recovery Plan (DRP). It is a subset of the Business Continuity Plan (BCP).
What step comes last in the development of a Business Contingency Plan (BCP)?
The IT Contingency Plan
What is the Recovery Point Objective?
The Recovery Point Objective amount of time business can endure system unavailability or data loss. Recovery Point Objective is a temporal measure used to determine how often systems should be backed up.
Who resumes critical business operations at the alternate site?
The Recovery Team resumes critical business operations at the alternate site.
What is the Recovery Time Objective?
The Recovery Time Objective defines how quickly we must be back up and running.
Who returns the primary site to normal business operations?
The Salvage team returns the primary site to normal business operations.
What is the first step in the Business Continuity Planning (BCP) process?
The first step in BCP planning is to determine scope.
What Kind of Authentication is Something You Do?
This can be referred to as behavioral biometrics. An example of this is typing keystroke rhythm, determined by measuring key dwell (how long you rest on a key) and flight time (the time it takes you to get from one key to the next).
How do you create ciphertext in binary?
To create ciphertext in binary, XOR the original plaintext with the generated keystream.
What is a VLAN?
VLAN is short for Virtual Area Network, in which virtual subnets are segregated using switch ports, eliminating the need for physical moves, adds and changes.
What is Vulnerability Assessment?
Vulnerability Assessment is the process of quantifying asset weaknesses.
What is it called when a biometric system denies access to an authorized person?
When a biometric system denies access to an authorized person, that is known as a False Negative, or a Type 2 Biometric Error.
What is it called when a biometric system grants access to an unauthorized person?
When a biometric system grants access to an unauthorized person, that is known as a False Positive, or a Type 1 Biometric Error.
What is IEEE 802.16?
WiMax - cellphone broadband using microwave towers. It is an acronym standing for *"Worldwide Interoperability for Microwave Access".*
What avoidance technology is built into WiFi standard 802.11a?
Wireless a is the WiFi standard with RADAR (Radio Detection and Ranging) avoidance technology built in to it.
Which wireless standard can run in both the 2.4GHz and 5GHz frequency bands?
Wireless n can run in both the 2.4GHz and the 5GHz frequency bands.
What is RAID 0?
a Striped Set.
How do you compute XOR on two bits?
if only one of the values is true, then the result is true. Otherwise, false.