CISSP Cert Library Topic 4

Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision

Answer : A Explanation: The Internet Security Glossary (RFC2828) defines aggregation as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000. NEXT QUESTION

Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table? A. primary key B. candidate key C. secondary key D. foreign key

Answer : A Explanation: A primary key is a unique identifier in the table that unambiguously points to an individual tuple or record in the table. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. NEXT QUESTION

Which of the following is used to create and modify the structure of your tables and other objects in the database? A. SQL Data Definition Language (DDL) B. SQL Data Manipulation Language (DML) C. SQL Data Relational Language (DRL) D. SQL Data Identification Language (DIL)

Answer : A Explanation: The SQL Data Definition Language (DDL) is used to create, modify, and delete views and relations (tables). Data Definition Language The Data Definition Language (DDL) is used to create and destroy databases and database objects. These commands will primarily be used by database administrators during the setup and removal phases of a database project. Let's take a look at the structure and usage of four basic DDL commands: CREATE Installing a database management system (DBMS) on a computer allows you to create and manage many independent databases. For example, you may want to maintain a database of customer contacts for your sales department and a personnel database for your HR department. The CREATE command can be used to establish each of these databases on your platform. For example, the command: CREATE DATABASE employees creates an empty database named "employees" on your DBMS. After creating the database, your next step is to create tables that will contain data. (If this doesn't make sense, you might want to read the article Microsoft Access Fundamentals for an overview of tables and databases.) Another variant of the CREATE command can be used for this purpose. The command: CREATE TABLE personal_info (first_name char(20) not null, last_name char(20) not null, employee_id int not null) establishes a table titled "personal_info" in the current database. In our example, the table contains three attributes: first_name, last_name and employee_id. Don't worry about the other information included in the command -- we'll cover that in a future article. USE The USE command allows you to specify the database you wish to work with within your DBMS. For example, if we're currently working in the sales database and want to issue some commands that will affect the employees database, we would preface them with the following SQL command: USE employees It's important to always be conscious of the database you are working in before issuing SQL commands that manipulate data. ALTER Once you've created a table within a database, you may wish to modify the definition of it. The ALTER command allows you to make changes to the structure of a table without deleting and recreating it. Take a look at the following command: ALTER TABLE personal_info ADD salary money null This example adds a new attribute to the personal_info table -- an employee's salary. The "money" argument specifies that an employee's salary will be stored using a dollars and cents format. Finally, the "null" keyword tells the database that it's OK for this field to contain no value for any given employee. DROP The final command of the Data Definition Language, DROP, allows us to remove entire database objects from our DBMS. For example, if we want to permanently remove the personal_info table that we created, we'd use the following command: DROP TABLE personal_info Similarly, the command below would be used to remove the entire employees database: DROP DATABASE employees Use this co NEXT QUESTION

Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both? A. object-relational database B. object-oriented database C. object-linking database D. object-management database

Answer : A Explanation: The object-relational database is the marriage of object-oriented and relational technologies and combines the attributes of both. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48. NEXT QUESTION

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks. D. DSS combines the use of models with non-traditional data access and retrieval functions.

Answer : B Explanation: DSS emphasizes flexibility in the decision-making approach of users. It is aimed at solving less structured problems, combines the use of models and analytic techniques with traditional data access and retrieval functions and supports semi-structured decision-making tasks. DSS is sometimes referred to as the Delphi Method or Delphi Technique: The Delphi technique is a group decision method used to ensure that each member gives an honest opinion of what he or she thinks the result of a particular threat will be. This avoids a group of individuals feeling pressured to go along with others thought processes and enables them to participate in an independent and anonymous way. Each member of the group provides his or her opinion of a certain threat and turns it in to the team that is performing the analysis. The results are compiled and distributed to the group members, who then write down their comments anonymously and return them to the analysis group. The comments are compiled and redistributed for more comments until a consensus is formed. This method is used to obtain an agreement on cost, loss values, and probabilities of occurrence without individuals having to agree verbally. Here is the ISC2 book coverage of the subject: One of the methods that uses consensus relative to valuation of information is the consensus/modified Delphi method. Participants in the valuation exercise are asked to comment anonymously on the task being discussed. This information is collected and disseminated to a participant other than the original author. This participant comments upon the observations of the original author. The information gathered is discussed in a public forum and the best course is agreed upon by the group (consensus). EXAM TIP: The DSS is what some of the books are referring to as the Delphi Method or Delphi Technique. Be familiar with both terms for the purpose of the exam. The other answers are incorrect: 'DSS is aimed at solving highly structured problems' is incorrect because it is aimed at solving less structured problems. 'DSS supports only structured decision-making tasks' is also incorrect as it supports semi- structured decision-making tasks. 'DSS combines the use of models with non-traditional data access and retrieval functions' is also incorrect as it combines the use of models and analytic techniques with traditional data access and retrieval functions. Reference(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 91). McGraw-Hill. Kindle Edition. and Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the ( ) , (p ) , ( ) ( ) CISSP CBK, Third Edition : Information Security Governance and Risk Management ((ISC)2 Press) (Kindle Locations 1424-1426). Auerbach Publications. Kindle Edition. NEXT QUESTION

Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets

Answer : B Explanation: Effective user involvement is the most critical factor in ensuring that the application meets business objectives. A great way of getting early input from the user community is by using Prototyping. The prototyping method was formally introduced in the early 1980s to combat the perceived weaknesses of the waterfall model with regard to the speed of development. The objective is to build a simplified version (prototype) of the application, release it for review, and use the feedback from the users review to build a second, better version. This is repeated until the users are satisfied with the product. t is a four-step process: initial concept, design and implement initial prototype, refine prototype until acceptable, and complete and release final version. There is also the Modified Prototype Model (MPM. This is a form of prototyping that is ideal for Web application development. It allows for the basic functionality of a desired system or component to be formally deployed in a quick time frame. The maintenance phase is set to begin after the deployment. The goal is to have the process be flexible enough so the application is not based on the state of the organization at any given time. As the organization grows and the environment changes, the application evolves with it, rather than being frozen in time. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12101-12108 and 12099-12101). Auerbach Publications. Kindle Edition. and Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 296). NEXT QUESTION

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data.

Answer : B Explanation: The best way to properly verify an application or system during a stress test would be to expose it to "live" data that has been sanitized to avoid exposing any sensitive information or Personally Identifiable Data (PII) while in a testing environment. Fabricated test data may not be as varied, complex or computationally demanding as "live" data. A production environment should never be used to test a product, as a production environment is one where the application or system is being put to commercial or operational use. It is a best practice to perform testing in a non-production environment. Stress testing is carried out to ensure a system can cope with production workloads, but as it may be tested to destruction, a test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment. If only test data is used, there is no certainty that the system was adequately stress tested. NEXT QUESTION

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining

Answer : C Explanation: Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity. The incorrect answers are: Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object. Inference is the ability of users to infer or deduce information about data at sensitivity levels for which they do not have access privilege. Data mining refers to searching through a data warehouse for data correlations. Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 261). KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Database Security Issues (page 358). Topic 5, Security Operations NEXT QUESTION

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed.

Answer : C Explanation: In an online transaction processing system (OLTP) all transactions are recorded as they occur. When erroneous or invalid transactions are detected the transaction can be recovered by reviewing the logs. As explained in the ISC2 OIG: OLTP is designed to record all of the business transactions of an organization as they occur. It is a data processing system facilitating and managing transaction-oriented applications. These are characterized as a system used by many concurrent users who are actively adding and modifying data to effectively change real-time data. OLTP environments are frequently found in the finance, telecommunications, insurance, retail, transportation, and travel industries. For example, airline ticket agents enter data in the database in real-time by creating and modifying travel reservations, and these are increasingly joined by users directly making their own reservations and purchasing tickets through airline company Web sites as well as discount travel Web site portals. Therefore, millions of people may be accessing the same flight database every day, and dozens of people may be looking at a specific flight at the same time. The security concerns for OLTP systems are concurrency and atomicity. Concurrency controls ensure that two users cannot simultaneously change the same data, or that one user cannot make changes before another user is finished with it. In an airline ticket system, it is critical for an agent processing a reservation to complete the transaction, especially if it is the last seat available on the plane. Atomicity ensures that all of the steps involved in the transaction complete successfully. If one step should fail, then the other steps should not be able to complete. Again, in an airline ticketing system, if the agent does not enter a name into the name data field correctly, the transaction should not be able to complete. OLTP systems should act as a monitoring system and detect when individual processes abort, automatically restart an aborted process, back out of a transaction if necessary, allow distribution of multiple copies of application servers across machines, and perform dynamic load balancing. A security feature uses transaction logs to record information on a transaction before it is processed, and then mark it as processed after it is done. If the system fails during the transaction, the transaction can be recovered by reviewing the transaction logs. Checkpoint restart is the process of using the transaction logs to restart the machine by running through the log to the last checkpoint or good transaction. All transactions following the last checkpoint are applied before allowing users to access the data again. Wikipedia has nice coverage on what is OLTP: Online transaction processing, or OLTP, refers to a class of systems that facilitate and manage transaction-oriented applications, typically for data entry and retrieval transaction processing. The term is somewhat ambiguous; some u NEXT QUESTION

What allows a relation to contain multiple rows with a same primary key? A. RDBMS B. Polymorphism C. Polyinstantiation D. It is not possible

Answer : C Explanation: In databases, polyinstantiation is database-related SQL (structured query language) terminology. It allows a relation to contain multiple rows with the same primary key; the multiple instances are distinguished by their security levels. It occurs because of mandatory policy. Depending on the security level established, one record contains sensitive information, and the other one does not, that is, a user will see the record's information depending on his/her level of confidentiality previously dictated by the company's policy. The following answers are incorrect: An RDBMS is a DBMS in which data is stored in tables and the relationships among the data are also stored in tables. The data can be accessed or reassembled in many different ways without having to change the table forms. Polymorphism based on the Greek roots poly and morph, meaning many and forms, respectively): allows the ability to overload operators, performing different methods depending on the context of the input message. It is not possible The following reference(s) were/was used to create this question: http://en.wikipedia.org/wiki/Polyinstantiation https://en.wikipedia.org/wiki/Relational_database_management_system https://en.wikipedia.org/wiki/Polymorphism_%28computer_science%29 http://my.safaribooksonline.com/book/certification/cissp/9781597495639 NEXT QUESTION

Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing

Answer : C Explanation: Regression testing is the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be the same as the data used in the original test. Unit testing refers to the testing of an individual program or module. Pilot testing is a preliminary test that focuses only on specific and predetermined aspects of a system. Parallel testing is the process of feeding test data into two systems and comparing the results. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300). NEXT QUESTION

Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes.

Answer : C Explanation: Running the source comparison program between control and current source periodically allows detection, not prevention, of unauthorized changes in the production environment. Other options are preventive controls. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 309). NEXT QUESTION

The description of the database is called a schema. The schema is defined by which of the following? A. Data Control Language (DCL). B. Data Manipulation Language (DML). C. Data Definition Language (DDL). D. Search Query Language (SQL).

Answer : C Explanation: The description of the database is called a schema, and the schema is defined by a Data Definition Language (DDL). A data definition language (DDL) or data description language (DDL) is a syntax similar to a computer programming language for defining data structures, especially database schemas. The data definition language concept and name was first introduced in relation to the Codasyl database model, where the schema of the database was written in a language syntax describing the records, fields, and sets of the user data model. Later it was used to refer to a subset of Structured Query Language (SQL) for creating tables and constraints. SQL-92 introduced a schema manipulation language and schema information tables to query schemas. These information tables were specified as SQL/Schemata in SQL:2003. The term DDL is also used in a generic sense to refer to any formal language for describing data or information structures. Data Definition Language (DDL) statements are used to define the database structure or schema. CREATE - to create objects in the database ALTER - alters the structure of the database DROP - delete objects from the database TRUNCATE - remove all records from a table, including all spaces allocated for the records are removed COMMENT - add comments to the data dictionary RENAME - rename an object The following answers were incorrect: DCL Data Control Language. Also for Statement The Data Control Language (DCL) is a subset of the Structured Query Language (SQL) that allows database administrators to configure security access to relational databases. It complements the Data Definition Language (DDL), which is used to add and delete database objects, and the Data Manipulation Language (DML), which is used to retrieve, insert and modify the contents of a database. DCL is the simplest of the SQL subsets, as it consists of only three commands: GRANT, REVOKE, and DENY. Combined, these three commands provide administrators with the flexibility to set and remove database permissions in an extremely granular fashion. DML The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands will be used by all database users during the routine operation of the database. The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands will be used by all database users during the routine operation of the database. Some of the command are: INSERT - Allow addition of data SELECT - Used to query data from the DB, one of the most commonly used command. UPDATE - Allow update to existing Data SQL Structure Query Language Abbreviation of structured , y p g Q Q y g g query language, and pronounced either see-kwell or as separate letters. SQL is a standardized query language for requesting information from a database. The original version called SEQUEL (structured English query language) was designed by an IBM research center in 1974 and 1975. SQL was first introd NEXT QUESTION

What is called the number of columns in a table? A. Schema B. Relation C. Degree D. Cardinality

Answer : C Explanation: The number of columns in a relation (a table) is the degree whereas the cardinality is the number of rows. The schema is the description of the database. p ( ) g y p Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 45). NEXT QUESTION

Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail.

Answer : C Explanation: The test plan and results should always be retained as part of the system's permanent documentation. A bottom-up approach to testing begins testing of atomic units, such as programs or modules, and works upwards until a complete system testing has taken place. It allows errors in critical modules to be found early. A top-down approach allows for early detection of interface errors and raises confidence in the system, as programmers and users actually see a working system. White box testing is predicated on a close examination of procedural detail. Black box testing examines some aspect of the system with little regard for the internal logical structure of the software. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300). Top Down Testing: An approach to integration testing where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs. Tested components are then used to test lower level components. The process is repeated until the lowest level components have been tested. Bottom Up Testing: An approach to integration testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested. Black Box Testing: Testing based on an analysis of the specification of a piece of software without reference to its internal workings. The goal is to test how well the component conforms to the published requirements for the component. NEXT QUESTION

Which of the following virus types changes some of its characteristics as it spreads? A. Boot Sector B. Parasitic C. Stealth D. Polymorphic

Answer : D Explanation: A Polymorphic virus produces varied but operational copies of itself in hopes of evading anti-virus software. The following answers are incorrect: boot sector. Is incorrect because it is not the best answer. A boot sector virus attacks the boot sector of a drive. It describes the type of attack of the virus and not the characteristics of its composition. parasitic. Is incorrect because it is not the best answer. A parasitic virus attaches itself to other files but does not change its characteristics. stealth. Is incorrect because it is not the best answer. A stealth virus attempts to hide changes of the affected files but not itself. NEXT QUESTION

The security of a computer application is most effective and economical in which of the following cases? A. The system is optimized prior to the addition of security. B. The system is procured off-the-shelf. C. The system is customized to meet the specific security threat. D. The system is originally designed to provide the necessary security.

Answer : D Explanation: The earlier in the process that security is planned for and implement the cheaper it is. It is also much more efficient if security is addressed in each phase of the development cycle rather than an add-on because it gets more complicated to add at the end. If security plan is developed at the beginning it ensures that security won't be overlooked. The following answers are incorrect: The system is optimized prior to the addition of security. Is incorrect because if you wait to implement security after a system is completed the cost of adding security increases dramtically and can become much more complex. The system is procured off-the-shelf. Is incorrect because it is often difficult to add security to off-the shelf systems. The system is customized to meet the specific security threat. Is incorrect because this is a distractor. This implies only a single threat. NEXT QUESTION

Which of the following is not a defined maturity level within the Software Capability Maturity Model? A. Repeatable B. Defined C. Managed D. Oriented

Answer : D Explanation: The five defined maturity levels of the CMM are: Initial, repeatable, defined, managed and optimizing. Reference used for this question: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 254). NEXT QUESTION

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? A. project initiation and planning phase B. system design specifications phase C. development and documentation phase D. in parallel with every phase throughout the project

Answer : D Explanation: The other answers are not correct because: You are always looking for the "best" answer. While each of the answers listed here could be considered correct in that each of them require input from the security staff, the best answer is for that input to happen at all phases of the project. Reference: Official ISC2 Guide page: 556 All in One Third Edition page: 832 833 NEXT QUESTION

SQL commands do not include which of the following? A. Select, Update B. Grant, Revoke C. Delete, Insert D. Add, Relist

Answer : D Explanation: There are no such commands within the Structure Query Language (SQL). SQL commands include Select, Update, Delete, Insert, Grant, Replace, p Q y g g ( Q ) Q , p , , , , p , Restore, and Revoke to name only a few of the common one. Reference(s) used for this question: http://technet.microsoft.com/en-us/library/ms186862.aspx and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. and http://www.sqlcommands.net/ and http://www.cs.utexas.edu/~mitra/csFall2012/cs329/lectures/sql.html NEXT QUESTION

A persistent collection of interrelated data items can be defined as which of the following? A. database B. database management system C. database security D. database shadowing

Answer : A }{ Answer : A Explanation: A database can be defined as a persistent collection of interrelated data items. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. NEXT QUESTION

Which of the following would not correspond to the number of primary keys values found in a table in a relational database? A. Degree B. Number of tuples C. Cardinality D. Number of rows

Answer : A }{ Answer : A Explanation: The degree of a table represents the number of columns in a table. All other elements represent the number of rows, or records, thus the number of unique primary keys values within the table. NOTE FROM DAN: You can have multiple columns that in aggregate make up the Primary Key, but you only have one PK. Primary Keys The first type of key well discuss is the primary key. Every database table should have one or more columns designated as the primary key. The value this key holds should be unique for each record in the database. For example, assume we have a table called Employees that contains personnel information for every employee in our firm. Wed need to select an appropriate primary key that would uniquely identify each employee. Your first thought might be to use the employees name. This wouldnt work out very well because its conceivable that youd hire two employees with the same name. A better choice might be to use a unique employee ID number that you assign to each employee when theyre hired. Some organizations choose to use Social Security Numbers (or similar government identifiers) for this task because each employee already has one and theyre guaranteed to be unique. However, the use of Social Security Numbers for this purpose is highly controversial due to privacy concerns. (If you work for a government organization, the use of a Social Security Number may even be illegal under the Privacy Act of 1974.) For this reason, most organizations have shifted to the use of unique identifiers (employee ID, student ID, etc.) that dont share these privacy concerns. Once you decide upon a primary key and set it up in the database, the database management system will enforce the uniqueness of the key. If you try to insert a record into a table with a primary key that duplicates an existing record, the insert will fail. Most databases are also capable of generating their own primary keys. Microsoft Access, for example, may be configured to use the AutoNumber data type to assign a unique ID to each record in the table. While effective, this is a bad design practice because it leaves you with a meaningless value in each record in the table. Why not use that space to store something useful? Foreign Keys The other type of key that well discuss in this course is the foreign key. These keys are used to create relationships between tables. Natural relationships exist between tables in most database structures. Returning to our employees database, lets imagine that we wanted to add a table containing departmental information to the database. This new table might be called Departments and would contain a large amount of information about the department as a whole. Wed also want to include information about the employees in the department, but it would be redundant to have the same information in two tables (Employees and Departments). Instead, we can create a relationship between the two tables. Lets assume that the Departments table uses the D NEXT QUESTION

A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt.

Answer : A Explanation: A Pseudo flaw is something that looks like it is vulnerable to attack, but really acts as an alarm or triggers automatic actions when an intruder attempts to exploit the flaw. The following answers are incorrect: An omission when generating Psuedo-code. Is incorrect because it is a distractor. Used for testing for bounds violations in application programming. Is incorrect, this is a testing methodology. A normally generated page fault causing the system to halt. This is incorrect because it is distractor. NEXT QUESTION

In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement? A. A bind value B. An assimilation value C. A reduction value D. A resolution value

Answer : A Explanation: A bind value is a value that can be bound to a placeholder declared within an SQL statement. Usage of Bind Values or Variable can improve the security within your database. Below you have an example using the Oracle database that shows usage without bind variables versus usage with bind variables. Many of the security benefits are listed. Bind Variables/Values Bind variables are placeholders for literal values in an SQL query being sent to the server. Take the example query above: in the old way, data was generally passed to Oracle directly, via Tcl string interpolation. So in the example above, the actual query we send would look like this: select foo, bar, baz from some_table, some_other_table where some_table.id=some_other_table.id and some_table.condition_p = 'foo' There are a few problems with this: first, if the literal value is a huge string, then we waste a lot of time in the database server doing useless parsing. Second, if the literal value contains characters like single quotes, we have to be careful to double-quote them, because not quoting them will lead to surprising errors. Third, no type checking occurs on the literal value. Finally, if the Tcl variable is passed in or between web forms or otherwise subject to external modification, there is nothing keeping malicious users from setting the Tcl variable to some string that changes the query textually. This type of attack, called SQL smuggling, can be very damaging - entire tables can be exposed or have their contents deleted, for example. Another very important reason for using bind variables is performance. Oracle caches all previously parsed queries. If there are values in the where clause, that is how the query is cached. It also performs bind variable susbstitution after parsing the SQL statement. This means that SQL statements that use bind variables will always match (assuming all else is the same) while SQL statements that do not use bind variables will not match unless the values in the statement are exactly the same. This will improve performance considerably. To fix all these problems, we replace literal values in the query with a placeholder character, and then send the data along after. So the query looks like this: select foo, bar, baz from some_table, some_other_table where some_table.id = some_other_table.id and some_table.condition_p =? The '?' character means "This will be filled in later with literal data". In use, you might write code that looks like this: set statement [prepare_query " select foo, bar, baz from some_table, some_other_table where some_table.id = some_other_table.id and some_table.condition_p =? "] [bind_param $statement 1 $tcl_var] References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47 see also an example for Oracle at: http://docstore.mik.ua/orelly/linux/dbi/ch05_03.htm NEXT QUESTION

In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query? A. query plan B. relational plan C. database plan D. structuring plan

Answer : A Explanation: A query plan is comprised of implementation procedures that correspond to each of the low-level operations in that query. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. NEXT QUESTION

Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? A. Bind variables B. Assimilation variables C. Reduction variables D. Resolution variables

Answer : A Explanation: Bind variables are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. NEXT QUESTION

Which of the following is one of the oldest and most common problem in software development that is still very prevalent today? A. Buffer Overflow B. Social Engineering C. Code injection for machine language D. Unassembled reversable DOS instructions.

Answer : A Explanation: Buffer overflows occurs when a program fills up the buffer of memory allocated with more data than the buffer can hold. When the program begins to p p g p y p g g write beyond the end of the buffer, the program's execution path can be changed, or data can be written into areas used by the operationg system itself. This can lead to the insertion of malicous code that can be used to gain administrative privileges to the program or system. It is important to note you must always apply the principle of least privilege while running a process, program, or application. This way if a buffer overflow is attempted there will be a need to escalate privileges in order to take advantage of the system. Reference: TIPTON, Harold F., The Official (ISC)2 Guide to the CISSP CBK (2007), page 549 . NEXT QUESTION

In a database management system (DBMS), what is the "cardinality?" A. The number of rows in a relation. B. The number of columns in a relation. C. The set of allowable values that an attribute can take. D. The number of relations in a database.

Answer : A Explanation: Cardinality is the "number" of rows in a relation. The rows of the table represent records or tuples. Degree is the "number" of columns in a relation. The individual columns of the table represent the attributes. A relation is the basis of a relational database and is represented by a two-dimensional table. The domain of a relation is the set of allowable values that an attribute can take. Sources: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#4 Applications & Systems Development Security (page 1), /Documents/CISSP_Summary_2002/index.html. KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 2: Relational Database Security (page 59). NEXT QUESTION

Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests

Answer : A Explanation: Change control sub-phase includes Recreating and analyzing the problem, Determining the interface that is presented to the user, and Establishing the priorities of requests. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252). NEXT QUESTION

Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases C. Relational Data Bases D. Data base management systems (DBMS)

Answer : A Explanation: Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to OODB. The Object-Oriented Data Bases (OODB) database model stores data as objects. The OODB objects are a collection of public and private data items and the set of operations that can be executed on the data. Because the data objects contain their own operations, any call to data potentially has the full range of database functions available. The object- oriented model does not necessarily require a high-level language like SQL, because the functions (or methods) are contained within the objects. An advantage of not having a query language allows the object-oriented DBMS to interact with applications without the language overhead. Relational models are starting to add object- oriented functions and interfaces, to create an object-relational model. An object-relational database system is a hybrid system: a relational DBMS that has an object- oriented interface built on top of the original software. This can be accomplished either by a separate interface or by adding additional commands to the current system. The hybrid model allows organizations to maintain their current relational database software and, at the same time, provide an upgrade path for future technologies. Relational Database Management Model (RDBMS) The majority of organizations use software based on the relational database management model. The relational database has become so dominant in database management systems that many people consider it to be the only form of database. (This may create problems when dealing with other table-oriented database systems that do not provide the integrity functions required in a true relational database.) The relational model is based on set theory 8 and predicate logic 9 and provides a high level of abstraction. The use of set theory allows data to be structured in a series of tables that have columns representing the variables and rows that contain specific instances of data. These tables are organized using normal forms. The relational model outlines how programmers should design the DBMS so that different database systems used by the organization can communicate with each other. Reference(s) used for this p g g y y g () question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12356-12365). Auerbach Publications. Kindle Edition. and Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1175). McGraw- Hill. Kindle Edition. NEXT QUESTION

A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections. What is malware that can spread itself over open network connections? A. Worm B. Rootkit C. Adware D. Logic Bomb

Answer : A Explanation: Computer worms are also known as Network Mobile Code, or a virus-like bit of code that can replicate itself over a network, infecting adjacent computers. A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. A notable example is the SQL Slammer computer worm that spread globally in ten minutes on January 25, 2003. I myself came to work that day as a software tester and found all my SQL servers infected and actively trying to infect other computers on the test network. A patch had been released a year prior by Microsoft and if systems were not patched and exposed to a 376 byte UDP packet from an infected host then system would become compromised. Ordinarily, infected computers are not to be trusted and must be rebuilt from scratch but the vulnerability could be mitigated by replacing a single vulnerable dll called sqlsort.dll. Replacing that with the patched version completely disabled the worm which really illustrates to us the importance of actively patching our systems against such network mobile code. The following answers are incorrect: - Rootkit: Sorry, this isn't correct because a rootkit isn't ordinarily classified as network mobile code like a worm is. This isn't to say that a rootkit couldn't be included in a worm, just that a rootkit isn't usually classified like a worm. A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. - Adware: Incorrect answer. Sorry but adware isn't usually classified as a worm. Adware, or advertising-supported software, is any software package which automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. The term is sometimes used to refer to software that displays unwanted advertisements. - Logic Bomb: Logic bombs like adware or rootkits could be spread by worms if they exploit the right service and gain NEXT QUESTION

In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance

Answer : A Explanation: Contingency planning requirements should be considered at every phase of SDLC, but most importantly when a new IT system is being conceived. In the initiation phase, system requirements are identified and matched to their related operational processes, allowing determination of the system's appropriate recovery priority. Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 12). and The Official ISC2 Guide to the CBK, Second Edition, Application Security, page 180-185 NEXT QUESTION

Debbie from finance called to tell you that she downloaded and installed a free wallpaper program that sets the wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer's IP Address and port and see a site selling prescription drugs. Apart from the wallpaper changing software, what did Debbie ... from finance install without her knowledge? A. Trojan horse B. Network mobile code C. Virus D. Logic Bomb

Answer : A Explanation: Debbie installed an application that has installed a web server and is acting as website server for a possibly criminal organization. A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers without the user knowledge. A Trojans often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. The Trojan and backdoors are not themselves easily detectable, but if they carry out significant computing or communications activity may cause the computer to run noticeably slowly. Malicious programs are classified as Trojans if they do not attempt to inject themselves into other files (computer virus) or otherwise propagate themselves (worm). A computer may host a Trojan via a malicious program a user is duped into executing (often an e-mail attachment disguised to be unsuspicious, e.g., a routine form to be filled in) or by drive-by download. The following answers are incorrect: - Network mobile code: This is incorrect because network mobile code is usually called a worm and that is malicious software that infects adjacent hosts which are unpatched against the vulnerability the worm exploits. - Virus: A "Virus" is a generic term these days used to describe malware but isn't a specific enough term to describe what happened here? - Logic Bomb: These are malware which, when a certain event occurs can be triggered to action. It could be a date, the creation or deletion of a file, visiting a website; basically anything a user can do can be something that triggers a logic bomb. However, this term isn't specific enough to describe what happened to Debbie's computer. The following reference(s) was used to create this question: and http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 NEXT QUESTION

Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations? A. foreign key to primary key B. foreign key to candidate key C. candidate key to primary key D. primary key to secondary key

Answer : A Explanation: Foreign key to primary key matches are important because they represent references from one relation to another and establish the connections among these relations. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 46. NEXT QUESTION

Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code.

Answer : A Explanation: From a security standpoint, a compiled program is less desirable than an interpreted one because malicious code can be resident somewhere in the compiled code, and it is difficult to detect in a very large program. NEXT QUESTION

Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. foreign key B. candidate key C. primary key D. secondary key

Answer : A Explanation: If an attribute in one relation has values matching the primary key in another relation, this attribute is called a foreign key. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. NEXT QUESTION

Which of the following is commonly used for retrofitting multilevel security to a database management system? A. trusted front-end. B. trusted back-end. C. controller. D. kernel.

Answer : A Explanation: If you are "retrofitting" that means you are adding to an existing database management system (DBMS). You could go back and redesign the entire DBMS but the cost of that could be expensive and there is no telling what the effect will be on existing applications, but that is redesigning and the question states retrofitting. The most cost effective way with the least effect on existing applications while adding a layer of security on top is through a trusted front-end. Clark-Wilson is a synonym of that model as well. It was used to add more granular control or control to database that did not provide appropriate controls or no controls at all. It is one of the most popular model today. Any dynamic website with a back-end database is an example of this today. Such a model would also introduce separation of duties by allowing the subject only specific rights on the objects they need to access. The following answers are incorrect: trusted back-end. Is incorrect because a trusted back- end would be the database management system (DBMS). Since the question stated "retrofitting" that eliminates this answer. controller. Is incorrect because this is a distractor and has nothing to do with "retrofitting". kernel. Is incorrect because this is a distractor and has nothing to do with "retrofitting". A security kernel would provide protection to devices and processes but would be inefficient in protecting rows or columns in a table. NEXT QUESTION

Java follows which security model: A. least priviledge B. Sand box C. CIA D. OSI

Answer : B Explanation: Java follows a sand box security model. If a java program operates with the sand box it is considered safe. However, hackers have found ways to make Java run outside of the sand box and thus is unsafe. The following answers are incorrect: A. least priviledge - minimum rights required to perform an authorized task are given. This is to limit damage or access to sensitive or confidential data. B. CIA - stands for Confidentiality, Integrity and Availability. These are the fundamental principles of security. D. OSI - this is a model is guideline on how devices/applications on a network are to communicate with each other. This is defined in a seven layer approach. The following reference(s) were/was used to create this question: NEXT QUESTION

Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation

Answer : A Explanation: In most projects the conditions for failure are established at the beginning of the project. Thus risk management should be established at the commencement of the project with a risk assessment during project initiation. As it is clearly stated in the ISC2 book: Security should be included at the first phase of development and throughout all of the phases of the system development life cycle. This is a key concept to understand for the purpose for the exam. The most useful time is to undertake it at project initiation, although it is often valuable to update the current risk analysis at later stages. Attempting to retrofit security after the SDLC p j , g p y g p g y is completed would cost a lot more money and might be impossible in some cases. Look at the family of browsers we use today, for the past 8 years they always claim that it is the most secure version that has been released and within days vulnerabilities will be found. Risks should be monitored throughout the SDLC of the project and reassessed when appropriate. The phases of the SDLC can very from one source to another one. It could be as simple as Concept, Design, and Implementation. It could also be expanded to include more phases such as this list proposed within the ISC2 Official Study book: Project Initiation and Planning Functional Requirements Definition System Design Specification Development and Implementation Documentations and Common Program Controls Testing and Evaluation Control, certification and accreditation (C&A) Transition to production (Implementation) And there are two phases that will extend beyond the SDLC, they are: Operation and Maintenance Support (O&M) Revisions and System Replacement (Disposal) Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 291). and The Official ISC2 Guide to the CISSP CBK , Second Edition, Page 182-185 NEXT QUESTION

Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)? A. Initial, Managed, Defined, Quantitatively managed, optimized B. Initial, Managed, Defined, optimized, Quantitatively managed C. Initial, Defined, Managed, Quantitatively managed, optimized D. Initial, Managed, Quantitatively managed, Defined, optimized

Answer : A Explanation: Maturity model A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainable produce required outcomes. Image Source - http://www.cmmilevels.com/cmmi-levels.jpg A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example, for comparative assessment of di erent organizations where there is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations' software development processes. Structure The model involves ve aspects: Maturity Levels: a 5-level process maturity continuum - where the uppermost (5th) level is a notional ideal state where processes would be systematically managed by a combination of process optimization and continuous process improvement. Key Process Areas: a Key Process Area identi es a cluster of related activities that, when performed together, achieve a set of goals considered important. Goals: the goals of a key process area summarize the states that must exist for that key process area to have been implemented in an e ective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the organization has established at that maturity level. The goals signify the scope, boundaries, and intent of each key process area. Common Features: common features include practices that implement and institutionalize a key process area. There are ve types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation. Key Practices: The key practices describe the elements of infrastructure and practice that contribute most e ectively to the implementation and institutionalization of the area. Levels There are ve levels de ned along the continuum of the model and, according to the SEI: "Predictability, e ectiveness, and control of an organization's software processes are believed to improve as the organization moves up these ve levels. While not rigorous, the empirical evidence to date supports this belief". Initial (chaotic, ad hoc, individual heroics) - the starting point for use of a new or undocumented repeat process. Repeatable - the process is at least documented su ciently such that repeating the same steps may be attempted. De ned - the process is de ned/con rmed as a standard business process, and decomposed to levels 0, 1 and 2 (the last being Work Instructions). Managed - the process is quantitatively managed in accordance with agreed-upon metrics. Optimizing - process management includes deliberate process optimization/improvement Within each of these maturity 281/1041 includes deliberate process optimization/improvement. Within each of these maturity levels are Key Process Areas which characteristic that level, and for each such area there are ve factors: goals, commitment, ability, m NEXT QUESTION

Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? A. Normalization B. Assimilation C. Reduction D. Compaction

Answer : A Explanation: Normalization is an important part of database design that ensures that attributes in a table depend only on the primary key. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. NEXT QUESTION

With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases (ORDB) C. Relational Data Bases D. Data base management systems (DBMS)

Answer : A Explanation: OODB has the characteristics of ease of reusing code and analysis, reduced maintenance, and an easier transition from analysis of the problem to design and implementation. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 47. NEXT QUESTION

Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement.

Answer : A Explanation: Prototype systems can provide significant time and cost savings, however they also have several disadvantages. They often have poor internal controls, change control becomes much more complicated and it often leads to functions or extras being added to the system that were not originally intended. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 306). NEXT QUESTION

What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming

Answer : A Explanation: RAD stands for Rapid Application Development. RAD is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality. RAD is a programming system that enables programmers to quickly build working programs. In general, RAD systems provide a number of tools to help build graphical user interfaces that would normally take a large development effort. Two of the most popular RAD systems for Windows are Visual Basic and Delphi. Historically, RAD systems have tended to emphasize reducing development time, sometimes at the expense of generating in- efficient executable code. Nowadays, though, many RAD systems produce extremely faster code that is optimized. Conversely, many traditional programming environments now come with a number of visual tools to aid development. Therefore, the line between RAD systems and other development environments has become blurred. Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 307) http://www.webopedia.com NEXT QUESTION

Examine the following characteristics and identify which answer best indicates the likely cause of this behavior: - Core operating system files are hidden - Backdoor access for attackers to return - Permissions changing on key files - A suspicious device driver - Encryption applied to certain files without explanation - Logfiles being wiped A. Kernel-mode Rootkit B. User-mode Rootkit C. Malware D. Kernel-mode Badware

Answer : A Explanation: Rootkits are software that is designed to get, keep and provide access to attackers by hooking into key components of the operating system like the kernel or system drivers. Rootkits commonly try to hide their presence by affecting operating system functionality and can subvert detection software like Antivirus Scanners. Removing a rootkit may be impossible because the software can irrevocably change components of the operating system. The OS may need to be completely reinstalled to remove the infestation. At any rate, a computer infected with ANY malware should never be trusted again and infestation should be mitigated by a completely new install of the OS from trusted media. The following answers are incorrect: - User-Mode Rootkit: This isn't correct because User-mode rootkits don't include device drivers. - Malware: This isn't a bad answer but it isn't as specific as the correct answer. Malware is a very broad term that describes any software that is written to do something nefarious. - Kernel-mode Badware: This isn't really a computer term. But it should be. The following reference(s) was used to create this question: 2013. Official Security+ Curriculum. NEXT QUESTION

Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls

Answer : A Explanation: Sensitivity labels are a preventive security application controls, such as are firewalls, reference monitors, traffic padding, encryption, data classification, one-time passwords, contingency planning, separation of development, application and test environments. The incorrect answers are: Detective security controls - Intrusion detection systems (IDS), monitoring activities, and audit trails. Compensating administrative controls - There no such application control. Preventive accuracy controls - data checks, forms, custom screens, validity checks, contingency planning, and backups. Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 264). KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Application Controls, Figure 7.1 (page 360). NEXT QUESTION

Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? A. primary key B. secondary key C. foreign key D. candidate key

Answer : A Explanation: Similarly, the Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 46. NEXT QUESTION

Which of the following defines the software that maintains and provides access to the database? A. database management system (DBMS) B. relational database management system (RDBMS) C. database identification system (DBIS) D. Interface Definition Language system (IDLS)

Answer : A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. NEXT QUESTION

What is one disadvantage of content-dependent protection of information? A. It increases processing overhead. B. It requires additional password entry. C. It exposes the system to data locking. D. It limits the user's individual address space.

Answer : A Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model

Answer : A Explanation: The Capability Maturity Model (CMM) is a service mark owned by Carnegie Mellon University (CMU) and refers to a development model elicited from actual data. The data was collected from organizations that contracted with the U.S. Department of Defense, who funded the research, and became the foundation from which CMU created the Software Engineering Institute (SEI). Like any model, it is an abstraction of an existing system. The Capability Maturity Model (CMM) is a methodology used to develop and refine an organization's software development process. The model describes a five-level evolutionary path of increasingly organized and systematically more mature processes. CMM was developed and is promoted by the Software Engineering Institute (SEI), a research and development center sponsored by the U.S. Department of Defense (DoD). SEI was founded in 1984 to address software engineering issues and, in a broad sense, to advance software engineering methodologies. More specifically, SEI was established to optimize the process of developing, acquiring, and maintaining heavily software-reliant systems for the DoD. Because the processes involved are equally applicable to the software industry as a whole, SEI advocates industry-wide adoption of the CMM. The CMM is similar to ISO 9001, one of the ISO 9000 series of standards specified by the International Organization for Standardization (ISO). The ISO 9000 standards specify an effective quality system for manufacturing and service industries; ISO 9001 deals specifically with software development and maintenance. The main difference between the two systems lies in their respective purposes: ISO 9001 specifies a minimal acceptable quality level for software processes, while the CMM establishes a framework for continuous process improvement and is more explicit than the ISO standard in defining the means to be employed to that end. CMM's Five Maturity p p p g p y y Levels of Software Processes At the initial level, processes are disorganized, even chaotic. Success is likely to depend on individual efforts, and is not considered to be repeatable, because processes would not be sufficiently defined and documented to allow them to be replicated. At the repeatable level, basic project management techniques are established, and successes could be repeated, because the requisite processes would have been made established, defined, and documented. At the defined level, an organization has developed its own standard software process through greater attention to documentation, standardization, and integration. At the managed level, an organization monitors and controls its own processes through data collection and analysis. At the optimizing level, processes are constantly being improved through monitoring feedback from current processes and introducing innovative processes to better serve the organization's particular needs. When it is applied to an existing organization's software development processes, it allows an e NEXT QUESTION

What would you call an attack where an attacker can influence the state of the resource between check and use? This attack can happen with shared resources such as files, memory, or even variables in multithreaded programs. This can cause the software to perform invalid actions when the resource is in an unexpected state. The steps followed by this attack are usually the following: the software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. A. TOCTOU attack B. Input checking attack C. Time of Check attack D. Time of Use attack

Answer : A Explanation: The TOCTTOU acronym expands to "Time Of Check To Time Of Use". It is a type of File Access Race Condition. The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state. This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs. See the reference below for more details and examples of how this attack could be carried out. WHAT ARE RACE CONDITIONS: A race condition or race hazard is the behavior of an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended. The term originates with the idea of two signals racing each other to influence the output first. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs. Race conditions arise in software when an application depends on the sequence or timing of processes or threads for it to operate properly. As with electronics, there are critical race conditions that result in invalid execution and bugs as well as non-critical race-conditions that result in unanticipated behavior. Critical race conditions often happen when the processes or threads depend on some shared state. Operations upon shared states are critical sections that must be mutually exclusive. Failure to obey this rule opens up the possibility of corrupting the shared state. Race conditions have a reputation of being difficult to reproduce and debug, since the end result is nondeterministic and depends on the relative timing between interfering threads. Problems occurring in production systems can therefore disappear when running in debug mode, when additional logging is added, or when attaching a debugger, often referred to as a "Heisenbug". It is therefore better to avoid race conditions by careful software design rather than attempting to fix them afterwards. The following answers are incorrect: All of the other choices are incorrect and only bogus detractors The following p g g y g reference(s) were/was used to create this question: http://cwe.mitre.org/data/definitions/367.html and https://www.owasp.org/index.php/File_Access_Race_Condition:_TOCTOU and http://en.wikipedia.org/wiki/Race_condition g NEXT QUESTION

Which of the following can be defined as the set of allowable values that an attribute can take? A. domain of a relation B. domain name service of a relation C. domain analysis of a relation D. domains, in database of a relation

Answer : A Explanation: The domain of a relation is the set of allowable values that an attribute can take. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. NEXT QUESTION

Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple? A. primary key B. candidate key C. foreign key D. secondary key

Answer : A Explanation: The following answers were NOT correct: Candidate Key: A candidate key is a combination of attributes that can be uniquely used to identify a database record without any extraneous data. Each table may have one or more candidate keys. One of these candidate keys is selected as the table primary key. Foreign Key: A foreign key is a field in a relational table that matches the primary key column of another table. The foreign key can be used to cross-reference tables. Secondary key: The term secondary key is a key that is used strictly for data-retrieval purposes. A secondary key is sometimes defined as a "data item value that identifies a set of records." It is important to note that a secondary key does not need to have unique values in a table; in this respect, secondary keys differ from primary keys (and candidate keys and superkeys). References: A candidate key is an attribute that is a unique identifier within a given table. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. Candidate Key Ref: http://databases.about.com/cs/specificproducts/g/candidate.htm Feedback from Jerry: A candidate key is one of several alternative columns in a table that may be chosen as a primary key. The PRIMARY KEY IS the unique identifier. The foundation of a relational database is the establishiment and reliance on a unique primary key, not candidate keys. Primary key is a more correct answer to this question than candidate key. Secondary key ref: http://www.gslis.utexas.edu/~wyllys/DMPAMaterials/keys.html NEXT QUESTION

Which one of the following is NOT a check for Input or Information Accuracy in Software Development security? A. Review check B. Range Check C. Relationship Check D. Reasonableness check

Answer : A Explanation: There is no method called Review Check. To check input accuracy, data validation and verification checks should be incorporated into appropriate applications. Character checks compare input characters against the expected type of characters, such as numbers or letters. This is sometimes also known as sanity checking. Range checks verify input data against predetermined upper and lower limits. Relationship checks compare input data to data on a master record file. Reasonableness checks compare input data to an expected standardanother form of sanity checking. Transaction limits check input data against administratively set ceilings on specified transactions. The following answers are incorrect: The are incorrect because THEY ARE all methods of Input checks Range check - Verify input against predetermined upper and lower limits Relationship check - compare input data to data on a master record file Reasonableness check - compare input data to an expected standard The following reference(s) were/was used to create this question: Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Software Development Security ((ISC)2 Press) (Kindle Locations 2554-2558). Auerbach Publications. Kindle Edition. NEXT QUESTION

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks? A. Web Applications B. Intrusion Detection Systems C. Firewalls D. DNS Servers

Answer : A Explanation: XSS or Cross-Site Scripting is a threat to web applications where malicious code is placed on a website that attacks the use using their existing authenticated session status. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end users browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page. Mitigation: - Configure your IPS - Intrusion Prevention System to detect and suppress this traffic. - Input Validation on the web application to normalize inputted data. - Set web apps to bind session cookies to the IP Address of the legitimate user and only permit that IP Address to use that cookie. See the XSS (Cross Site Scripting) Prevention Cheat Sheet See the Abridged XSS Prevention Cheat Sheet See the DOM based XSS Prevention Cheat Sheet See the OWASP Development Guide article on Phishing. See the OWASP Development Guide article on Data Validation. The following answers are incorrect: - Intrusion Detection Systems: Sorry. IDS Systems aren't usually the target of XSS attacks but a properly-configured IDS/IPS can "detect and report on malicious string and suppress the TCP connection in an attempt to mitigate the threat. - Firewalls: Sorry. Firewalls aren't usually the target of XSS attacks. - DNS Servers: Same as above, DNS Servers aren't usually targeted in XSS attacks but they play a key role in the domain name resolution in the XSS attack process. The following reference(s) was used to create this question: https://www.owasp.org/index.php/Cross- site_Scripting_%28XSS%29 NEXT QUESTION

Why would a database be denormalized? A. To ensure data integrity B. To increase processing efficiency C. To prevent duplication of data D. To save storage space

Answer : B Explanation: A database is denormalized when there is a need to improve processing efficiency. There is, however, a risk to data integrity when this occurs. Since it implies the introduction of duplication, it will not likely allow saving of storage space. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 109). NEXT QUESTION

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs

Answer : B Explanation: A polymorphic virus has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software. The particularity of a stealth virus is that it tries to hide its presence after infecting a system. A Trojan horse is a set of unauthorized instructions that are added to or replacing a legitimate program. A logic bomb is a set of instructions that is initiated when a specific event occurs. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (page 786). NEXT QUESTION

In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. Functional Requirements Phase B. Testing and evaluation control C. Acceptance Phase D. Postinstallation Phase

Answer : B Explanation: A project management tool that can be used to plan, execute, and control a software development project is the systems development life cycle (SDLC). The SDLC is a process that includes systems analysts, software engineers, programmers, and end users in the project design and development. Because there is no industry-wide SDLC, an organization can use any one, or a combination of SDLC methods. The SDLC simply provides a framework for the phases of a software development project from defining the functional requirements to implementation. Regardless of the method used, the SDLC outlines the essential phases, which can be shown together or as separate elements. The model chosen should be based on the project. For example, some models work better with long-term, complex projects, while others are more suited for short-term projects. The key element is that a formalized SDLC is utilized. The number of phases can range from three basic phases (concept, design, and implement) on up. The basic phases of SDLC are: Project initiation and planning Functional requirements definition System design specifications Development and implementation Documentation and common program controls Testing and evaluation control, (certification and accreditation) Transition to production (implementation) The system life cycle (SLC) extends beyond the SDLC to include two additional phases: Operations and maintenance support (post- installation) Revisions and system replacement The following answers are incorrect: Functional Requirements Phase Acceptance Phase Postinstallation Phase The following reference(s) were/was used to create this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 11790-11809). Auerbach Publications. Kindle Edition. NEXT QUESTION

Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

Answer : B Explanation: Buffer Overflow attack takes advantage of improper parameter checking within the application. This is the classic form of buffer overflow and occurs p g p p p g pp because the programmer accepts whatever input the user supplies without checking to make sure that the length of the input is less than the size of the buffer in the program. The buffer overflow problem is one of the oldest and most common problems in software development and programming, dating back to the introduction of interactive computing. It can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to write beyond the end of the buffer, the programs execution path can be changed, or data can be written into areas used by the operating system itself. This can lead to the insertion of malicious code that can be used to gain administrative privileges on the program or system. As explained by Gaurab, it can become very complex. At the time of input even if you are checking the length of the input, it has to be check against the buffer size. Consider a case where entry point of data is stored in Buffer1 of Application1 and then you copy it to Buffer2 within Application2 later on, if you are just checking the length of data against Buffer1, it will not ensure that it will not cause a buffer overflow in Buffer2 of Application2. A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the exam: It should be noted that the CISSP is not required to be an expert programmer or know the inner workings of developing application software code, like the FORTRAN programming language, or how to develop Web applet code using Java. It is not even necessary that the CISSP know detailed security-specific coding practices such as the major divisions of buffer overflow exploits or the reason for preferring str(n)cpy to strcpy in the C language (although all such knowledge is, of course, helpful). Because the CISSP may be the person responsible for ensuring that security is included in such developments, the CISSP should know the basic procedures and concepts involved during the design and development of software programming. That is, in order for the CISSP to monitor the software development process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security strengths and weaknesses of various application development processes. The following are incorrect answers: "Because buffers can only hold so much data" is incorrect. This is certainly true but is not the best answer because the finite size of the buffer is not the problem -- the problem is that the programmer did not check the size of the input before moving it into the buffer. "Because they are an easy weakness to exploit" is incorrect. This answer is sometimes true but is not the best answer because the root cause of the buffer overflow is that the programmer did not check the s NEXT QUESTION

Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment

Answer : B Explanation: Debugging provides the basis for the programmer to correct the logic errors in a program under development before it goes into production. Source: p gg g p p g g p g p g p Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 298). NEXT QUESTION

What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? A. Object Reuse B. Covert Channel C. Security domain D. Data Transfer

Answer : B Explanation: In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Lampson is defined as (channels) not intended for information transfer at all, such as the service program's effect on system load, to distinguish it from Legitimate channels that are subjected to access controls by COMPUSEC. For more details see: http://en.wikipedia.org/wiki/Covert_channel The following answers are incorrect: Object Reuse Security Domain Data Transfer The following reference(s) were/was used to create this question: ISC2 Review V 8.00 page 440 http://en.wikipedia.org/wiki/Covert_channel NEXT QUESTION

Which of the following translates source code one command at a time for execution on a computer? A. A translator B. An interpreter p C. A compiler D. An assembler

Answer : B Explanation: Interpreters translate one command at a time during execution, as opposed to compilers and assemblers where source code for the whole application is transformed to executable code before being executed. A translator is a generic term for the others. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (page 751). NEXT QUESTION

Which of the following characteristics pertaining to databases is not true? A. A data model should exist and all entities should have a significant name. B. Justifications must exist for normalized data. C. No NULLs should be allowed for primary keys. D. All relations must have a specific cardinality.

Answer : B Explanation: Justifications should be provided when data is denormalized, not when it is normalized, because it introduces risk of data inconsistency. Denormalization is usually introduced for performance purposes. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 108). NEXT QUESTION

What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level? A. Data mining B. Polyinstantiation C. Cell suppression D. Noise and perturbation

Answer : B Explanation: Polyinstantiation enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking that the information actually means something else. Data mining is the process of extracting and processing the information held in a data warehouse into something useful. Cell suppression is a technique used to hide specific cells that contain information that could be used in inference attacks. Noise and perturbation is a technique of inserting bogus data to misdirect an attacker. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (page 727). NEXT QUESTION

Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation

Answer : B Explanation: Polyinstantiation enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. When this information is inserted into a database, lower-level subjects need to be restricted from this information. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking that the information actually means something else. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (page 727). NEXT QUESTION

The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years. The following items have been on the list for many year. What of the choices below represent threats that have been at the top of the list for many years? A. Cross Site Scripting and Dynamic Unicode injection attacks B. SQL injection and Cross Site Scripting attacks C. SQL Injection and Weak Authentication and Session Management attacks D. Cross Site Scripting and Security Misconfigurations attacks

Answer : B Explanation: SQL injection and other database related raw content injections with LDAP, XML through dynamic SQL queries indicate the highest risks to information systems with web and database tiered systems. Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attackers hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victims browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. Several organizations have developed frameworks for secure web development. One of the most common is the Open Web Application Security Project (OWASP). OWASP has several guides available for web application development including: Development Guide Code Review Guide Testing Guide Top Ten web application security vulnerabilities OWASP Mobile Given the prevalence of web-based and cloud-based solutions, OWASP provides an accessible and thorough framework with processes for web application security. The information security professional should be familiar with the top ten web application vulnerabilities and also how to mitigate them. The following answers are incorrect: Cross Site Scripting and Dynamic Unicode injection attacks SQL Injection and Weak Authentication and Session Management attacks Cross Site Scripting and Security Misconfigurations attacks The following reference(s) were/was used to create this question: Open Web Application Security Project (OWASP) Top Ten List. and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12878-12891). Auerbach Publications. Kindle Edition. NEXT QUESTION

With SQL Relational databases where is the actual data stored? A. Views B. Tables C. Schemas and sub-schemas D. Index-sequential tables

Answer : B Explanation: SQL is a relational database Query language. SQL stands for structured query language. Schemas describe how the tables and views are structured - careful design is required so that the SQL database runs in an efficient manner. Tables are made up of rows and columns and contain the actual data. Views represent how you want to look at the data. They are not concerned with where the data is, but rather what data you want to view and how you want to see it. You can even join more than one table together. However, the less efficient the views, the longer it takes to retrieve your report. Sub- schemas may be used to establish user privileges to see data. NEXT QUESTION

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing

Answer : B Explanation: Security testing makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems. Recovery testing checks the system's ability to recover after a software or hardware failure. Stress/volume testing involves testing an application with large quantities of data in order to evaluate performance during peak hours. Interface testing evaluates the connection of two or more components that pass information from one area to another. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300). NEXT QUESTION

Which of the following represents a relation, which is the basis of a relational database? A. One-dimensional table B. Two-dimensional table C. Three-dimensional table D. Four-dimensional table

Answer : B Explanation: The relational models is based on set theory and predicate logic and provide a high level of abstraction. The use of set theory allows data to be structured in a series of table that have columns representing the variables and rows that contain specific instances of data. Source: Page 605, OIG 2007 The representation in columns and rows represents the two dimensional table. A relation is the basis of a relational database and is represented by a two dimensional table. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. NEXT QUESTION

Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy

Answer : B Explanation: Software Development Verification vs. Validation: Verification determines if the product accurately represents and meets the design specifications given to the developers. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met and closely followed by the development team. Validation determines if the product provides the necessary solution intended real-world problem. It validates whether or not the final product is what the user expected in the first place and whether or not it solve the problem it intended to solve. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met. From DITSCAP: 6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify compliance with the security requirements and evaluate vulnerabilities. 6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate. NOTE: DIACAP has replace DITSCAP but the definition above are still valid and applicable for the purpose of the exam. Reference(s) used for this question: Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw- Hill. Kindle Edition. and http://iase.disa.mil/ditscap/DITSCAP.html NEXT QUESTION

Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD? A. Probabilistic B. Oriented C. Deviation D. Classification

Answer : B Explanation: The Oriented approach does not correctly describe a KDD approach. The main approaches of KDD according to CBK are: Probabilistic approach: uses graphical representation models to compare different knowledge representations. The models are based on probabilities and data independencies. The probabilistic models are useful for applications involving uncertainty, such as those used in planning and control systems. Statistical approach: uses rule discovery and is based on data relationships. Learning algorithm can automatically select useful data relationship paths and attributes. These paths and attributes are then used to construct rules for discovering meaningful information. This approach is used to generalize patterns in the data and to construct rules from the noted patterns. An example of the statistical approach is OLAP. Classification approach: groups data according to similarities. One example is a pattern discovery and data-cleaning model that reduces a large database to only a few specific records. By eliminating redundant and non-important data, the discovery of patterns in the data is simplified. Deviation and trend analysis: uses filtering techniques to detect patterns. An example is an intrusion detection system that filters a large volume of data so that only the pertinent data is analyzed. Neural networks: methods used to develop classification, regression, association, and segmentation models. A neural net method organizes data into nodes that are arranged in layers, and links between the nodes have specific weighting classifications. The neural net is helpful in detecting the associations among the input patterns or relationships. It is also considered a learning system because new information is utomatically incorporated into the system. However, the value and relevance of the decisions made by the neural network are only as good as the experience it is given. The greater the experience, the better the decision. Note that neural nets have a specific problem in terms of an individuals ability to substantiate processing in that they are subject to superstitious knowledge, which is a tendency to identify relations when no relations actually exist. More sophisticated neural nets are less subject to this problem. Expert system approach: uses a knowledge base (a collection of all the data, or knowledge, on a particular matter) and a set of algorithms and/or rules that infer new facts from knowledge and incoming data. The knowledge base could be the human experience that is available in an organization. Because the system reacts to a set of rules, if the rules are faulty, the response will also be faulty. Also, because human decision is removed from the point of action, if an error were to occur, the reaction time from a human would be longer. Hybrid approach: a combination of more than one approach that provides a more powerful and useful system. The following answers are incorrect: The other options describes some NEXT QUESTION

Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. Interface errors are detected earlier. B. Errors in critical modules are detected earlier. C. Confidence in the system is achieved earlier. D. Major functions and processing are tested earlier.

Answer : B Explanation: The bottom-up approach to software testing begins with the testing of atomic units, such as programs and modules, and work upwards until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that there is no need for stubs or drivers and errors in critical modules are found earlier. The other choices refer to advantages of a top down approach which follows the opposite path. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299). NEXT QUESTION

What is the appropriate role of the security analyst in the application system development or acquisition project? A. policeman p B. control evaluator & consultant C. data owner D. application user

Answer : B Explanation: The correct answer is "control evaluator & consultant". During any system development or acquisition, the security staff should evaluate security controls and advise (or consult) on the strengths and weaknesses with those responsible for making the final decisions on the project. The other answers are not correct because: policeman - It is never a good idea for the security staff to be placed into this type of role (though it is sometimes unavoidable). During system development or acquisition, there should be no need of anyone filling the role of policeman. data owner - In this case, the data owner would be the person asking for the new system to manage, control, and secure information they are responsible for. While it is possible the security staff could also be the data owner for such a project if they happen to have responsibility for the information, it is also possible someone else would fill this role. Therefore, the best answer remains "control evaluator & consultant". application user - Again, it is possible this could be the security staff, but it could also be many other people or groups. So this is not the best answer. Reference: Official ISC2 Guide page: 555 - 560 All in One Third Edition page: 832 - 846 NEXT QUESTION

Which of the following is often the greatest challenge of distributed computing solutions? A. scalability B. security C. heterogeneity D. usability

Answer : B Explanation: The correct answer to this "security". It is a major factor in deciding if a centralized or decentralized environment is more appropriate. Example: In a centralized computing environment, you have a central server and workstations (often "dumb terminals") access applications, data, and everything else from that central servers. Therefore, the vast majority of your security resides on a centrally managed server. In a decentralized (or distributed) environment, you have a collection of PC's each with their own operating systems to maintain, their own software to maintain, local data storage requiring protection and backup. You may also have PDA's and "smart phones", data watches, USB devices of all types able to store data... the list gets longer all the time. It is entirely possible to reach a reasonable and acceptable level of security in a distributed environment. But doing so is significantly more difficult, requiring more effort, more money, and more time. The other answers are not correct because: scalability - A distributed computing environment is almost infinitely scalable. Much more so than a centralized environment. This is therefore a bad answer. heterogeneity - Having products and systems from multiple vendors in a distributed environment is significantly easier than in a centralized environment. This would not be a "challenge of distributed computing solutions" and so is not a good answer. usability - This is potentially a challenge in either environment, but whether or not this is a problem has very little to do with whether it is a centralized or distributed environment. Therefore, this would not be a good answer. Reference: Official ISC2 Guide page: 313-314 All in One Third Edition page: (unavailable at this time) NEXT QUESTION

Who can best decide what are the adequate technical security controls in a computer- based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user

Answer : B Explanation: The data or information owner also referred to as "Data Owner" would be the best person. That is the individual or officer who is ultimately responsible for the protection of the information and can therefore decide what are the adequate security controls according to the data sensitivity and data criticality. The auditor would be the best person to determine the adequacy of controls and whether or not they are working as expected by the owner. The function of the auditor is to come around periodically and make sure you are doing what you are supposed to be doing. They ensure the correct controls are in place and are being maintained securely. The goal of the auditor is to make sure the organization complies with its own policies and the applicable laws and regulations. Organizations can have internal auditors and/ or external auditors. The external auditors commonly work on behalf of a regulatory body to make sure compliance is being met. For example CobiT, which is a model that most information security auditors follow when evaluating a security program. While many security professionals fear and dread auditors, they can be valuable tools in ensuring the overall security of the organization. Their goal is to find the things you have missed and help you understand how to fix the problem. The Official ISC2 Guide (OIG) says: IT auditors determine whether users, owners, custodians, systems, and networks are in compliance with the security policies, procedures, standards, baselines, designs, architectures, management direction, and other requirements placed on systems. The auditors provide independent assurance to the management on the appropriateness of the security controls. The auditor examines the information systems and determines whether they are designed, configured, implemented, operated, and managed in a way ensuring that the organizational objectives are being achieved. The auditors provide top company management with an independent view of the controls and their effectiveness. Example: Bob is the head of payroll. He is therefore the individual with primary responsibility over the payroll database, and is therefore the information/data owner of the payroll database. In Bob's department, he has Sally and Richard working for him. Sally is responsible for making changes to the payroll database, for example if someone is hired or gets a raise. Richard is only responsible for printing paychecks. y p g g p y , p g y p p gp y Given those roles, Sally requires both read and write access to the payroll database, but Richard requires only read access to it. Bob communicates these requirements to the system administrators (the "information/data custodians") and they set the file permissions for Sally's and Richard's user accounts so that Sally has read/write access, while Richard has only read access. So in short Bob will determine what controls are required, what is the sensitivily and criticality of the Data. Bob will communicate this to the custodians who will im NEXT QUESTION

A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? A. Replace the file with the original version from master media p g B. Proceed with automated disinfection C. Research the virus to see if it is benign D. Restore an uninfected version of the patched file from backup media

Answer : D Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Which of the following represents the rows of the table in a relational database? A. attributes B. records or tuples C. record retention D. relation

Answer : B Explanation: The rows of the table represent records or tuples and the columns of the table represent the attributes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 45. Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 11: Application and System Development (pages 795). NEXT QUESTION

Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development.

Answer : B Explanation: The test environment must be controlled and stable in order to ensure that development projects are tested in a realistic environment which, as far as possible, mirrors the live environment. Reference(s) used for this question: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 309). NEXT QUESTION

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy

Answer : B Explanation: Verification vs. Validation: Verification determines if the product accurately represents and meets the specifications. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met. Validation determines if the product provides the necessary solution intended real-world problem. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met. From DITSCAP: 6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify compliance with the security requirements and evaluate vulnerabilities. 6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate. You must also be familiar with Verification and Validation for the purpose of the exam. A simple definition for Verification would be whether or not the developers followed the design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end user needs and can be use for a specific purpose. Wikipedia has an informal description that is currently written as: Validation can be expressed by the query "Are you building the right thing?" and Verification by "Are you building it right? NOTE: DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined both a verification and a validation phase, the DIACAP only has a validation phase. It may not make a difference in the answer for the exam; however, DIACAP is the cornerstone policy of DOD C&A and IA efforts today. Be familiar with both terms just in case all of a sudden the exam becomes updated with the new term. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw- Hill. Kindle Edition. http://iase.disa.mil/ditscap/DITSCAP.html https://en.wikipedia.org/wiki/Verification_and_validation For the definition of "validation" in DIACAP, Click Here Further sources for the phases in DIACAP, Click Here NEXT QUESTION

During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation

Answer : C Explanation: The software development life cycle (SDLC) (sometimes referred to as the System Development Life Cycle) is the process of creating or altering software systems, and the models and methodologies that people use to develop these systems. The NIST SP 800-64 revision 2 has within the description section of para 3.2.1: This section addresses security considerations unique to the second SDLC phase. Key security activities for this phase include: Conduct the risk assessment and use the results to supplement the baseline security controls; Analyze security requirements; Perform functional and security testing; Prepare initial documents for system certification and accreditation; and Design security architecture. Reviewing this publication you may want to pick development/acquisition. Although initiation would be a decent choice, it is correct to say during this phase you would only brainstorm the idea of security requirements. Once you start to develop and acquire hardware/software components then you would also develop the security controls for these. The Shon Harris reference below is correct as well. Shon Harris' Book (All- in-One CISSP Certification Exam Guide) divides the SDLC differently: - Project initiation - Functional design analysis and planning - System design specifications - Software development - Installation - Maintenance support - Revision and replacement According to the author (Shon Harris), security requirements should be developed during the functional design analysis and planning phase. SDLC POSITIONING FROM NIST 800-64 SDLC Positioning in the enterprise Information system security processes and activities provide valuable input into managing IT systems and their development, enabling risk identification, planning and mitigation. A risk management approach involves continually balancing the protection of agency information and assets with the cost of security controls and mitigation strategies throughout the complete information system development life cycle (see Figure 2-1 above). The most effective way to implement risk management is to identify critical assets and operations, as well as systemic vulnerabilities across the agency. Risks are shared and not bound by organization, revenue source, or topologies. Identification and verification of critical assets and operations and their interconnections can be achieved through the system security planning process, as well as through the compilation of information from the Capital Planning and Investment Control (CPIC) and Enterprise Architecture (EA) processes to establish insight into the agencys vital business operations, their supporting assets, and existing interdependencies and relationships. With critical assets and operations identified, the organization can and should perform a business impact analysis (BIA). The purpose of the BIA is to relate systems and assets with the critical services they provide and assess the consequences of their disruption. By identi NEXT QUESTION

Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance

Answer : C Explanation: A security policy is an important document to develop while designing an information system. The security policy begins with the organization's basic commitment to information security formulated as a general policy statement. The policy is then applied to all aspects of the system design or security solution. The policy identifies security goals (e.g., confidentiality, integrity, availability, accountability, and assurance) the system should support, and these goals guide the procedures, standards and controls used in the IT security architecture design. The policy also should require definition of critical assets, the perceived threat, and security-related roles and responsibilities. Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800- 27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 6). NEXT QUESTION

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. virus. B. worm. C. Trojan horse. D. trapdoor.

Answer : C Explanation: A trojan horse is any code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it. A p j y pp p p p p Trojan often also includes a trapdoor as a means to gain access to a computer system bypassing security controls. Wikipedia defines it as: A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the nature of the Trojan, typically causing loss or theft of data, and possible system harm. The term is derived from the story of the wooden horse used to trick defenders of Troy into taking concealed warriors into their city in ancient Greece, because computer Trojans often employ a form of social engineering, presenting themselves as routine, useful, or interesting in order to persuade victims to install them on their computers. The following answers are incorrect: virus. Is incorrect because a Virus is a malicious program and is does not appear to be harmless, it's sole purpose is malicious intent often doing damage to a system. A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". worm. Is incorrect because a Worm is similiar to a Virus but does not require user intervention to execute. Rather than doing damage to the system, worms tend to self- propagate and devour the resources of a system. A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. trapdoor. Is incorrect because a trapdoor is a means to bypass security by hiding an entry point into a system. Trojan Horses often have a trapdoor imbedded in them. References: http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29 and http://en.wikipedia.org/wiki/Computer_virus and http://en.wikipedia.org/wiki/Computer_worm and http://en.wikipedia.org/wiki/Backdoor_%28computing%29 NEXT QUESTION

Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units

Answer : C Explanation: Black-box testing observes the system external behavior, while white-box testing is a detailed exam of a logical path, checking the possible conditions. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299). NEXT QUESTION

Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE? A. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. B. It uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. C. It provides the same functionality as DCOM, but it is more proprietary than DCOM. D. It is a set of management services with a communication layer based on RPC.

Answer : C Explanation: DCE does provide the same functionality as DCOM, but DCE is an open standard developed by the Open Software Foundation (OSF) and DCOM was developed by Microsoft, DCOM is more proprietary in nature. DCE is the Distributed Computing Environment, from the Open Software Foundation. (It is called "the DCE" by sticklers for grammatical consistency.) (The Open Software Foundation is now called the Open Group. Here are some of the advantages of DCE: First, DCE provides services that can be found in other computer networking environments, but packages them so as to make them much easier to use. For example, the DCE Remote Procedure Call (RPC) facility provides a way of communicating between software modules running on different systems that is much simpler to code than older methods, such as using socket calls. Second, DCE provides new capabilities that go beyond what was available previously. The DCE Security Service provides a reliable way of determining if a user of a distributed system should be allowed to perform a certain action, for example. This is very useful for most distributed applications, yet the design and implementation effort entailed in providing such a capability would be prohibitive for an individual developer. Third, DCE integrates components in a manner that makes them more valuable together than separately. For example, the DCE RPC uses threads in such a way that a developer can implement a multi-threaded server without ever explicitly creating or destroying a thread. Finally, DCE supports both portability and interoperability by providing the developer with capabilities that hide differences among the various hardware, software and networking elements an application will deal with in a large network. For example, the RPC automatically converts data from the format used by one computer to that used by another. Portability is a measure of the ease with which a piece of software that executes on one type of computer can be made to execute on a different type of computer. Interoperability is a measure of the ability of computers of yp p yp p p y y p different types to participate in the same distributed system. Reference(s) used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 11: Application and System Development (page 773). and The DCE Frequently Asked Questions NEXT QUESTION

Business rules can be enforced within a database through the use of A. Proxy B. Redundancy C. Views D. Authentication

Answer : C Explanation: In database theory, a view consists of a stored query accessible as a virtual table in a relational database or a set of documents in a document-oriented database composed of the result set of a query or map and reduce functions. Unlike ordinary tables (base tables) in a relational database, a view does not form part of the physical schema: it is a dynamic, virtual table computed or collated from data in the database. Changing the data in a table alters the data shown in subsequent invocations of the view. In some NoSQL databases views are the only way to query data. Views can provide advantages over tables: Views can represent a subset of the data contained in a table Views can join and simplify multiple tables into a single virtual table Views can act as aggregated tables, where the database engine aggregates data (sum, average etc.) and presents the calculated results as part of the data Views can hide the complexity of data; for example a view could appear as Sales2000 or Sales2001, transparently partitioning the actual underlying table Views take very little space to store; the database contains only the definition of a view, not a copy of all the data it presents Depending on the SQL engine used, views can provide extra security Views can limit the degree of exposure of a table or tables to the outer world Just as functions (in programming) can provide abstraction, so database users can create abstraction by using views. In another parallel with functions, database users can manipulate nested views, thus one view can aggregate data from other views. Without the use of views the normalization of databases above second normal form would become much more difficult. Views can make it easier to create lossless join decomposition. The following answers are incorrect: Proxy In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly. Redundancy Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe. There are four major forms of redundancy, these are: Hardware redund NEXT QUESTION

At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development

Answer : D Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management.

Answer : C Explanation: Inadequate user participation in defining the system's requirements. Most projects fail to meet the needs of the users because there was inadequate input in the initial steps of the project from the user community and what their needs really are. The other answers, while potentially valid, are incorrect because they do not represent the most common problem assosciated with information systems failing to meet the needs of users. References: All in One pg 834 Only users can define what their needs are and, therefore, what the system should accomplish. Lack of adequate user involvement, especially in the systems requirements phase, will usually result in a system that doesn't fully or adequately address the needs of the user. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 296). NEXT QUESTION

Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded.

Answer : C Explanation: JAVA was developed so that the same program could be executed on multiple hardware and operating system platforms, it is not Architecture Specific. The following answers are incorrect: Object-oriented. Is not correct because JAVA is object-oriented. It should use the object- oriented programming methodology. Distributed. Is incorrect because JAVA was developed to be able to be distrubuted, run on multiple computer systems over a network. Multithreaded. Is incorrect because JAVA is multi-threaded that is calls to subroutines as is the case with object-oriented programming. NEXT QUESTION

Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs.

Answer : C Explanation: Live or actual field data is not recommended for use in the testing procedures because both data types may not cover out of range situations and the correct outputs of the test are unknown. Live data would not be the best data to use because of the lack of anomalies and also because of the risk of exposure to your live data. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 251). NEXT QUESTION

Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning

Answer : C Explanation: Padded cells complement Intrusion Detection Systems (IDSs) and are not related to DBMS security. Padded cells are simulated environments to which IDSs seamlessly transfer detected attackers and are designed to convince an attacker that the attack is going according to the plan. Cell suppression is a technique used against inference attacks by not revealing information in the case where a statistical query produces a very small result set. Perturbation also addresses inference attacks but involves making minor modifications to the results to a query. Partitioning involves splitting a database into two or more physical or logical parts; especially relevant for multilevel secure databases. Source: LaROSA, Jeanette (domain leader), Application and System Development Security CISSP Open Study Guide, version 3.0, January 2002. NEXT QUESTION

Which of the following attack includes social engineering, link manipulation or web site forgery techniques? A. smurf attack B. Traffic analysis C. Phishing D. Interrupt attack

Answer : C Explanation: Phishing technique include social engineering, link manipulation or web site forgery techniques. For your exam you should know the information below: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Spear phishing - Phishing attempts directed at specific individuals or companies have been termed spearphishing.Attackers may gather personal information about their target to increase their probability of success. Link manipulation Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the tags) suggest a reliable destination, when the link actually goes to the phishers' site. The following example link, //en.wikipedia.org/wiki/Genuine, appears to direct the user to an article entitled "Genuine"; clicking on it will in fact take the user to the article entitled "Deception". In the lower left hand corner of most browsers users can preview and verify where the link is going to take them. Hovering your cursor over the link for a couple of seconds may do a similar thing, but this can still be set by the phisher through the HTML tooltip tag. Website forgery Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL. An attacker can even use flaws in a trusted website's own scripts against the victim.These types of attacks (known as cross-site scripting) are p NEXT QUESTION

Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees? A. smurf attack B. Traffic analysis C. Phishing D. Interrupt attack

Answer : C Explanation: Phishing techniques include social engineering, link manipulation, spear phishing, whaling, vishing, or web site forgery techniques. For your exam you should know the information below: Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Spear phishing Phishing attempts directed at specific individuals or companies have been termed spearphishing. Attackers may gather personal information about their target to increase their probability of success. Link manipulation Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the tags) suggest a reliable destination, when the link actually goes to the phishers' site. The following example link, //en.wikipedia.org/wiki/Genuine, appears to direct the user to an article entitled "Genuine"; clicking on it will in fact take the user to the article entitled "Deception". In the lower left hand corner of most browsers users can preview and verify where the link is going to take them. Hovering your cursor over the link for a couple of seconds may do a similar thing, but this can still be set by the phisher through the HTML tooltip tag. Website forgery Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL. An attacker can even use flaws in a trusted website's own scripts against the victim.These types of attacks (k NEXT QUESTION

When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed.

Answer : C Explanation: Security must be considered in information system design. Experience has shown it is very difficult to implement security measures properly and successfully after a system has been developed, so it should be integrated fully into the system life-cycle process. This includes establishing security policies, understanding the resulting security requirements, participating in the evaluation of security products, and finally in the engineering, design, implementation, and disposal of the system. Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 7). NEXT QUESTION

In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.

Answer : C Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. NEXT QUESTION

What does "System Integrity" mean? A. The software of the system has been implemented as designed. B. Users can't tamper with processes they do not own. C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly. D. Design specifications have been verified against the formal top-level specification.

Answer : C Explanation: System Integrity means that all components of the system cannot be tampered with by unauthorized personnel and can be verified that they work properly. The following answers are incorrect: The software of the system has been implemented as designed. Is incorrect because this would fall under Trusted system distribution. Users can't tamper with processes they do not own. Is incorrect because this would fall under Configuration Management. Design specifications have been verified against the formal top-level specification. Is incorrect because this would fall under Specification and verification. References: AIOv3 Security Models and Architecture (pages 302 - 306) DOD TCSEC - http://www.cerberussystems.com/INFOSEC/stds/d520028.htm NEXT QUESTION

Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements

Answer : C Explanation: The Product design phase deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification. Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary). Detailed design is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts. software plans and requirements is incorrect because it deals with addressesing threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans. Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252). KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346). NEXT QUESTION

Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? A. The Total Quality Model (TQM) B. The IDEAL Model C. The Software Capability Maturity Model D. The Spiral Model

Answer : C Explanation: The Software Capability Maturity Model (CMM) is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes. It introduces five maturity levels that serve as a foundation for conducting continuous process improvement and as an ordinal scale for measuring the maturity of the organization involved in the software processes. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 254). NEXT QUESTION

Which of the following represents the best programming? A. Low cohesion, low coupling B. Low cohesion, high coupling C. High cohesion, low coupling D. High cohesion, high coupling

Answer : C Explanation: The best programming uses the most cohesive modules possible, but because different modules need to pass data and communicate, they usually cannot be totally cohesive. Also, the lower the coupling, the better the software design, because it promotes module independence. The more independent a component is, the less complex the application is and the easier it is to modify and troubleshoot. Source: WALLHOFF, John, CBK#4 Applications & Systems Development Security (CISSP Study Guide), April 2002 (page 7). NEXT QUESTION

Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation

Answer : C Explanation: The operation phase of an IT system is concerned with user authentication. Authentication is the process where a system establishes the validity of a transmission, message, or a means of verifying the eligibility of an individual, process, or machine to carry out a desired action, thereby ensuring that security is not compromised by an untrusted source. It is essential that adequate authentication be achieved in order to implement security policies and achieve security goals. Additionally, level of trust is always an issue when dealing with cross-domain interactions. The solution is to establish an authentication policy and apply it to cross- domain interactions as required. Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 15). NEXT QUESTION

Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM)

Answer : C Explanation: The spiral model is actually a meta-model that incorporates a number of the software development models. This model depicts a spiral that incorporates the various phases of software development. The model states that each cycle of the spiral involves the same series of steps for each part of the project. CPM refers to the Critical Path Methodology. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 246). NEXT QUESTION

Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining

Answer : D Explanation: Backward-chaining mode - the expert system backtracks to determine if a given hypothesis is valid. Backward-chaining is generally used when there are a large number of possible solutions relative to the number of inputs. Incorrect answers are: In a forward-chaining mode, the expert system acquires information and comes to a conclusion based on that information. Forward-chaining is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs. Blackboard is an expert system-reasoning methodology in which a solution is generated by the use of a virtual blackboard, wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated. Lateral-chaining mode - No such expert system mode. Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 259). KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Expert Systems (page 354). NEXT QUESTION

Normalizing data within a database could includes all or some of the following except which one? A. Eliminate duplicative columns from the same table. B. Eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key C. Eliminated Functional dependencies on non-key fields by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. D. Eliminating duplicate key fields by putting them into separate tables.

Answer : D Explanation: 1. Eliminate duplicative columns from the same table. 2. Eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key. 3. Eliminated Functional dependencies on non-key fields by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. In creating a database, normalization is the process of organizing it into tables in such a way that the results of using the database are always unambiguous and as intended. Normalization may have the effect of duplicating data within the database and often results in the creation of additional tables. (While normalization tends to increase the duplication of data, it does not introduce redundancy, which is unnecessary duplication.) Normalization is typically a refinement process after the initial exercise of identifying the data objects that should be in the database, identifying their relationships, and defining the tables required and the columns within each table. A simple example of normalizing data might consist of a table showing: Customer Item purchased Purchase price Thomas Shirt $40 Maria Tennis shoes $35 Evelyn Shirt $40 Pajaro Trousers $25 If this table is used for the purpose of keeping track of the price of items and you want to delete one of the customers, you will also delete a price. Normalizing the data would mean understanding this and solving the problem by dividing this table into two tables, one with information about each customer and a product they bought and the second about each product and its price. Making additions or deletions to either table would not affect the other. Normalization degrees of relational database tables have been defined and include: First normal form (1NF). This is the "basic" level of normalization and generally corresponds to the definition of any database, namely: It contains two-dimensional tables with rows and columns. Each column corresponds to a sub- object or an attribute of the object represented by the entire table. Each row represents a unique instance of that sub-object or attribute and must be different in some way from any other row (that is, no duplicate rows are possible). All entries in any column must be of the same kind. For example, in the column labeled "Customer," only customer names or numbers are permitted. An entity is in First Normal Form (1NF) when all tables are two-dimensional with no repeating groups. A row is in first normal form (1NF) if all underlying domains contain atomic values only. 1NF eliminates repeating groups by putting each into a separate table and connecting them with a one-to-many relationship. Make a separate table for each set of related attributes and uniquely identify each record with a primary key. Eliminate duplicative columns from the same table. Create separate tables for each group of related data and identify each row with a unique column or set of columns (the primary key). Se NEXT QUESTION

What can be defined as: It confirms that users needs have been met by the supplied solution? A. Accreditation B. Certification C. Assurance D. Acceptance

Answer : D Explanation: Acceptance confirms that users needs have been met by the supplied solution. Verification and Validation informs Acceptance by establishing the evidence set against acceptance criteria - to determine if the solution meets the users needs. Acceptance should also explicitly address any integration or interoperability requirements involving other equipment or systems. To enable acceptance every user and system requirement must have a 'testable' characteristic. Accreditation is the formal acceptance of security, adequacy, authorization for operation and acceptance of existing risk. Accreditation is the formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode using a prescribed set of safeguards to an acceptable level of risk. Certification is the formal testing of security safeguards and assurance is the degree of confidence that the implemented security measures work as intended. The certification is a Comprehensive evaluation of the technical and nontechnical security features of an IS and other safeguards, made in support of the accreditation process, to establish the extent to which a particular design and implementation meets a set of specified ecurity requirements. Assurance is the descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality. For example, an evaluation may require that all source code is kept in a change management system, or that full functional testing is performed. The Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to the next. The requirements for particular targets or types of products are documented in the Security Targets (ST) and Protection Profiles (PP), respectively. Source: ROTHKE, Ben, CISSP CBK Review presentation on domain 4, August 1999. and Official ISC2 Guide to the CISSP CBK, Second Edition, on page 211. and http://www.aof.mod.uk/aofcontent/tactical/randa/content/randaintroduction.htm NEXT QUESTION

A shared resource matrix is a technique commonly used to locate: A. Malicious code B. Security flaws C. Trap doors D. Covert channels

Answer : D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The following p y g y g g properties must hold for a storage channel to exist: 1. Both sending and receiving process must have access to the same attribute of a shared object. 2. The sending process must be able to modify the attribute of the shared object. 3. The receiving process must be able to reference that attribute of the shared object. 4. A mechanism for initiating both processes and properly sequencing their respective accesses to the shared resource must exist. Note: Similar properties for timing channel can be listed The following answers are incorrect: All other answers were not directly related to discovery of Covert Channels. The following reference(s) were/was used to create this question: Auerbach Publications, Auerbach Publications (Test Series) - CRC Press LLC, Page No. and http://www.cs.ucsb.edu/~sherwood/cs290/papers/covert-kemmerer.pdf and http://www.cs.utexas.edu/~byoung/cs361/lecture16.pdf and http://www.cs.utexas.edu/~byoung/cs361/lecture16.pdf NEXT QUESTION

Which of the following is an advantage of using a high-level programming language? A. It decreases execution times for programs B. It allows programmers to define syntax C. It requires programmer-controlled storage management D. It enforces coding standards

Answer : D Explanation: Coding standards are enforced because a specific order to statements are required and there is required syntax that also must be used. High-Level languages are easier to read because of the english like statements. See extract below from the Official ISC2 Guide (OIG) to the CISSP CBK : In the development phase, programmers have the option of writing code in several different programming languages. A programming language is a set of rules telling the computer what operations to perform. Programming languages have evolved in generations, and each language is characterized into one of the generations. Those in the lower level are closer in form to the binary language of the computer. Both machine and assembly languages are considered low-level languages. As the languages become easier and y g g p y g g g g g g more similar to the language people use to communicate, they become higher level. High-level languages are easier to use than low- level languages and can be used to produce programs more quickly. In addition, high-level languages may be said to be beneficial because they enforce coding standards and can provide more security. On the other hand, higher level languages automate certain functions, and provide complicated operations for the program, implemented by the programming environment or tool, the internal details of which may be poorly understood by the programmer. Therefore, it is possible that high-level languages may introduce security vulnerabilities in ways that are not apparent to the developer. Programming languages are frequently referred to by generations. The first generation is generally held to be the machine language, opcodes (operating codes), and object code used by the computer itself. These are very simple instructions that can be executed directly by the CPU of a computer. Each type of computer has its own machine language. However, the blizzard of hexadecimal or binary code is difficult for people to understand. A second generation of assembly language was created, which uses symbols as abbreviations for major instructions. The third generation, usually known as high-level language, uses meaningful words (generally English) as the commands. COBOL, FORTRAN, BASIC, and C are examples of this type. Above this point there may be disagreement on definitions. Fourth-generation languages, sometimes known as very high-level languages, are represented by query languages, report generators, and application generators. Fifth-generation languages, or natural language interfaces, require expert systems and artificial intelligence. The intent is to eliminate the need for programmers to learn a specific vocabulary, grammar, or syntax. The text of a natural language statement very closely resembles human speech. NOTE FROM CLEMENT: The use of the word Standard above is synonymous with Conventions Code conventions are important to programmers for a number of reasons: 80% of the lifetime cost of a piece of software goes to maintenance. Hardly any NEXT QUESTION

Which of the following is a Microsoft technology for communication among software components distributed across networked computers? A. DDE B. OLE C. ODBC D. DCOM

Answer : D Explanation: DCOM (Distributed Component Object Model) defines how distributed components interact and provides an architecture for interprocess communication (IPC). Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure. It has been deprecated in favor of the Microsoft .NET Remoting, a part of their .NET Framework. The addition of the "D" to COM was due to extensive use of DCE/RPC (Distributed Computing Environment/Remote Procedure Calls) more specifically Microsoft's enhanced version, known as MSRPC. Shon Harris describes it as: Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. The model was created by Microsoft and outlines standardized APIs, component naming schemes, and communication standards. So if I am a developer and I want my application to be able to interact with the Windows operating system and the different applications developed for this platform, I will follow the COM outlined standards. Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network . So this is how the client/ server- based activities are carried out by COM-based operating systems and/ or applications. The following are incorrect answers: DDE (Dynamic Data Exchange) enables different applications to share data and send commands to each other directly. The primary function of DDE is to allow Windows applications to share data. For example, a cell in Microsoft Excel could be linked to a value in another application and when the value changed, it would be automatically updated in the Excel spreadsheet. The data communication was established by a simple, three- segment model. Each program was known to DDE by its "application" name. Each application could further organize information by groups known as "topic" and each topic could serve up individual pieces of data as an "item". For example, if a user wanted to pull a value from Microsoft Excel which was contained in a spreadsheet called "Book1.xls" in the cell in the first row and first column, the application would be "Excel", the topic "Book1.xls" and the item "r1c1". A common use of DDE is for custom-developed applications to control off-the-shelf software. For example, a custom in-house application might use DDE to open a Microsoft Excel spreadsheet and fill it with data, by opening a DDE conversation with Excel and sending it DDE commands. Today, however, one could also use the Exce NEXT QUESTION

At which of the basic phases of the System Development Life Cycle are security requirements formalized? A. Disposal B. System Design Specifications C. Development and Implementation D. Functional Requirements Definition

Answer : D Explanation: During the Functional Requirements Definition the project management and systems development teams will conduct a comprehensive analysis of current and possible future functional requirements to ensure that the new system will meet end-user needs. The teams also review the documents from the project initiation phase and make any revisions or updates as needed. For smaller projects, this phase is often subsumed in the project initiation phase. At this point security requirements should be formalized. The Development Life Cycle is a project management tool that can be used to plan, execute, and control a software development project usually called the Systems Development Life Cycle (SDLC). The SDLC is a process that includes systems analysts, software engineers, programmers, and end users in the project design and development. Because there is no industry-wide SDLC, an organization can use any one, or a combination of SDLC methods. The SDLC simply provides a framework for the phases of a software development project from defining the functional requirements to implementation. Regardless of the method used, the SDLC outlines the essential phases, which can be shown together or as separate elements. The model chosen should be based on the project. For example, some models work better with long-term, complex projects, while others are more suited for short-term projects. The key element is that a formalized SDLC is utilized. The number of phases can range from three basic phases (concept, design, and implement) on up. The basic phases of SDLC are: Project initiation and planning Functional requirements definition System design specifications Development and implementation Documentation and common program controls Testing and evaluation control, (certification and accreditation) Transition to production (implementation) The system life cycle (SLC) extends beyond the SDLC to include two additional phases: Operations and maintenance support (post-installation) Revisions and system replacement System Design Specifications This phase includes all activities related to designing the system and software. In this phase, the system architecture, system outputs, and system interfaces are designed. Data input, data flow, and output g g y p , y , y p , y g p , , p requirements are established and security features are designed, generally based on the overall security architecture for the company. Development and Implementation During this phase, the source code is generated, test scenarios and test cases are developed, unit and integration testing is conducted, and the program and system are documented for maintenance and for turnover to acceptance testing and production. As well as general care for software quality, reliability, and consistency of operation, particular care should be taken to ensure that the code is analyzed to eliminate common vulnerabilities that might lead to security exploits and other risks. Documentation and Common Program Controls These are controls used wh NEXT QUESTION

Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors. C. Exceptional condition handling errors. D. Input validation errors.

Answer : D Explanation: In an input validation error, the input received by a system is not properly checked, resulting in a vulnerability that can be exploited by sending a certain p p , p y y p p y , g y p y g input sequence. There are two important types of input validation errors: buffer overflows (input received is longer than expected input length) and boundary condition error (where an input received causes the system to exceed an assumed boundary). A race condition occurs when there is a delay between the time when a system checks to see if an operation is allowed by the security model and the time when the system actually performs the operation. In an access validation error, the system is vulnerable because the access control mechanism is faulty. In an exceptional condition handling error, the system somehow becomes vulnerable due to an exceptional condition that has arisen. Source: DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 1.0, march 2002 (page 105). NEXT QUESTION

Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases.

Answer : D Explanation: Risk is defined as the combination of the probability that a particular threat source will exploit, or trigger, a particular information system vulnerability and the resulting mission impact should this occur. Previously, risk avoidance was a common IT security goal. That changed as the nature of the risk became better understood. Today, it is recognized that elimination of all risk is not cost-effective. A cost-benefit analysis should be conducted for each proposed control. In some cases, the benefits of a more secure system may not justify the direct and indirect costs. Benefits include more than just prevention of monetary loss; for example, controls may be essential for maintaining public trust and confidence. Direct costs include the cost of purchasing and installing a given technology; indirect costs include decreased system performance and additional training. The goal is to enhance mission/business capabilities by managing mission/business risk to an acceptable level. Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 8). NEXT QUESTION

What is the BEST definition of SQL injection. A. SQL injection is a database problem. B. SQL injection is a web Server problem. C. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch. D. SQL injection is an input validation problem.

Answer : D Explanation: SQL injection is execution of unexpected SQL in the database as a result of unsanitized user input being accepted and used in the application code to form p Q j p Q p g p pp the SQL statement.It is a coding problem which affects inhouse, open source and commercial software. The following answers are incorrect: SQL injection is a database problem. SQL injection is a web Server problem. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch. The following reference(s) were/was used to create this question: https://security.berkeley.edu/sites/default/files/uploads/SQLi_Prevention.pdf (page 9 and 10) NEXT QUESTION

Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

Answer : D Explanation: Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, Auerbach. NEXT QUESTION

What is NOT included in a data dictionary? A. Data Element Definitions B. Schema Objects C. Reference Keys D. Structured Query Language

Answer : D Explanation: Structured Query Language (SQL) is a standard programming language used to allow clients to interact with a database. Although SQL can be used to p Q y g g ( Q ) p g g g g g Q access the data dictionary, it is NOT a part of the data dictionary. A data dictionary, or metadata repository, as defined in the IBM Dictionary of Computing, is a "centralized repository of information about data such as meaning, relationships to other data, origin, usage, and format." The term may have one of several closely related meanings pertaining to databases and database management systems (DBMS): a document describing a database or collection of databases an integral component of a DBMS that is required to determine its structure a piece of middleware that extends or supplants the native data dictionary of a DBMS METADATA & DATA DICTIONARY In addition to facilitating the effective retrieving of information, metadata can also manage restricted access to information. Metadata can serve as a gatekeeper function to filter access and thus provide security controls. One specialized form of metadata is the data dictionary, a central repository of information regarding the various databases that may be used within an enterprise. The data dictionary does not provide direct control of the databases, or access control functions, but does give the administrator a full picture of the various bodies of information around the company, potentially including the sensitivity and classification of material held in different objects. Therefore, the data dictionary can be used in risk management and direction of protective resources. A data dictionary is a central collection of data element definitions, schema objects, and reference keys. The schema objects can contain tables, views, indexes, procedures, functions, and triggers. A data dictionary can contain the default values for columns, integrity information, the names of users, the privileges and roles for users, and auditing information. It is a tool used to centrally manage parts of a database by controlling data about the data (referred to as metadata) within the database. It provides a cross-reference between groups of data elements and the databases. The database management software creates and reads the data dictionary to ascertain what schema objects exist and checks to see if specific users have the proper access rights to view them The following answers were incorrect: All of the other options were included within the data dictionary, only SQL is NOT part of the Data Dictionary. The following reference(s) were/was used to create this question: Harris, Shon (2012-10-25). CISSP All-in- One Exam Guide, 6th Edition , Software Development, Page 1178. For kindle users see Kindle Locations 23951-23957. Corporate; (Isc) (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press), Software Development Security, Page 667. For Kindle users see Kindle Locations 5950-5954. http://en.wikipedia.org/wiki/Data_dictionary NEXT QUESTION

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. project initiation and planning phase B. system design specification phase C. development & documentation phase D. acceptance phase

Answer : D Explanation: The Answer: "acceptance phase". Note the question asks about an "evaluation report" - which details how the system evaluated, and an "accreditation statement" which describes the level the system is allowed to operate at. Because those two activities are a part of testing and testing is a part of the acceptance phase, the only answer above that can be correct is "acceptance phase". The other answers are not correct because: The "project initiation and planning phase" is just the idea phase. Nothing has been developed yet to be evaluated, tested, accredited, etc. The "system design specification phase" is essentially where the initiation and planning phase is fleshed out. For example, in the initiation and planning phase, we might decide we want the system to have authentication. In the design specification phase, we decide that that authentication will be accomplished via username/password. But there is still nothing actually developed at this point to evaluate or accredit. The "development & documentation phase" is where the system is created and documented. Part of the documentation includes specific evaluation and accreditation criteria. That is the criteria that will be used to evaluate and accredit the system during the "acceptance phase". In other words - you cannot evaluate or accredit a system that has y g p p y y not been created yet. Of the four answers listed, only the acceptance phase is dealing with an existing system. The others deal with planning and creating the system, but the actual system isn't there yet. Reference: Official ISC2 Guide Page: 558 - 559 All in One Third Edition page: 832 - 833 (recommended reading) NEXT QUESTION

For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell- LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. *-Property and Polymorphism B. Strong *-Property and Polyinstantiation C. Simple Security Property and Polymorphism D. Simple Security Property and Polyinstantiation

Answer : D Explanation: The Simple Security Property states that a subject at a given clearance may not read an object at a higher classification, so unclassified APFEL could not read FIGCO's top secret cargo information. Polyinstantiation permits a database to have two records that are identical except for their classifications (i.e., the primary key includes the classification). Thus, APFEL's new unclassified record did not collide with the real, top secret record, so APFEL was not able to learn about FIGs pineapples. The following answers are incorrect: *-Property and Polymorphism The *-property states that a subject at a given clearance must not write to any object at a lower classification, which is irrelevant here because APFEL was trying to read data with a higher classification. Polymorphism is a term that can refer to, among other things, viruses that can change their code to better hide from anti-virus programs or to objects of different types in an object- oriented program that are related by a g, g p g j yp j p g y common superclass and can, therefore, respond to a common set of methods in different ways. That's also irrelevant to this question. Strong *-Property and Polyinstantiation Half-right. The strong *-property limits a subject of a given clearance to writing only to objects with a matching classification. APFEL's attempt to insert an unclassified record was consistent with this property, but that has nothing to do with preventing APFEL from reading top secret information. Simple Security Property and Polymorphism Also half-right. See above for why Polymorphism is wrong. The following reference(s) were/was used to create this question: HARRIS, Shon, CISSP All-in-one Exam Guide, Third Edition, McGraw-Hill/Osborne, 2005 Chapter 5: Security Models and Architecture (page 280) Chapter 11: Application and System Development (page 828) NEXT QUESTION

Which of the following is not an element of a relational database model? A. Relations , tuples , attributes and domains B. Data Manipulation Language (DML) on how the data will be accessed and manipulated C. Constraints to determine valid ranges and values D. Security structures called referential validation within tables

Answer : D Explanation: The Three Parts of the Relational Model The relational model can be considered as having three parts and these are covered in sequence below: 1. Structural: defines the core of the data and the relationships involved. The model structure is described in terms of relations , tuples , attributes and domains . 2. Manipulative: defines how the data in the model will be accessed and manipulated. This concerns how relations in the model will be manipulated to produce other relations, which in turn provide the answer to some question posed by a user of the data. The manipulation is achieved though relational algebra or relational calculus . 3. Constraints: defines limits on the model. The constraints determine valid ranges and values of data to be included in the model. Reference used for this question: http://www.diranieh.com/Database/RelationalDatabaseModel.htm#Relational%20Model:%2 0Data%20Manipulation and www.macs.hw.ac.uk/~trinder/DbInfSystems/l4RelModel2up.pdf and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. NEXT QUESTION

Operations Security seeks to primarily protect against which of the following? A. object reuse B. facility disaster C. compromising emanations D. asset threats

Answer : D Explanation: The most important reason for identifying threats is to know from what do the assets need protection and what is the likelihood that a threat will occur. Threats cannot be eliminated, but can be anticipated, and safeguards put in place to minimize their impact. Operations Security provides audit and monitoring for mechanisms, tools and facilities which permit the identification of security events and documentation of subsequent corrective actions. Source: State of Nebraska - Information Security Systems (ISS) Security Officer Instruction Guide. NEXT QUESTION

The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? A. computer-aided development and imaging. B. computer-aided duplexing and imaging. C. computer-aided processing and imaging. D. computer-aided design and imaging.

Answer : D Explanation: The object-relational and object-oriented models are better suited to managing complex data such as required for computer-aided design and imaging. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44. NEXT QUESTION

Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. Implementation B. System feasibility y y C. Product design D. Software plans and requirements

Answer : D Explanation: The software plans and requirements phase addresses threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities, cost/benefit analysis, level of protection desired, test plans. Implementation is incorrect because it deals with Installing security software, running the system, acceptance testing, security software testing, and complete documentation certification and accreditation (where necessary). System Feasibility is incorrect because it deals with information security policy, standards, legal issues, and the early validation of concepts. Product design is incorrect because it deals with incorporating security specifications, adjusting test plans and data, determining access controls, design documentation, evaluating encryption options, and verification. Sources: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 252). KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Security Life Cycle Components, Figure 7.5 (page 346). NEXT QUESTION

Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs.

Answer : D Explanation: This is the most serious risk of inadequate systems development life cycle methodolgy. The following answers are incorrect because : The project will be p q y p y gy g p j completed late is incorrect as it is not most devastating as the above answer. The project will exceed the cost estimates is also incorrect when compared to the above correct answer. The project will be incompatible with existing systems is also incorrect when compared to the above correct answer. Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 290). NEXT QUESTION

A database view is the results of which of the following operations? A. Join and Select. B. Join, Insert, and Project. C. Join, Project, and Create. D. Join, Project, and Select.

Answer : D Explanation: What is Relational Algebra: 1. The formal description of how a relational database operates. 2. The mathematics which underpin SQL operations. A number of operations can be performed in relational algebra to build relations and operate on the data. Five operations are primitives (Select, Project, Union, Difference and Product) and the other operations can be defined in terms of those five. A View is defined from the operations of Join, Project, and Select. For the purpose of the exam you must remember the following terms from relational algebra and their SQL equivalent: Tuple = Row, Entry Attribute = Column Relation or Based relation = Table See the extract below from the ISC2 book: Each table, or relation, in the relational model consists of a set of attributes and a set of tuples (rows) or entries in the table. Attributes correspond to a column in a table. Attributes are unordered left to right, and thus are referenced by name and not by position. All data values in the relational model are atomic. Atomic values mean that at every row/column position in every table there is always exactly one data value and never a set of values. There are no links or pointers connecting tables; thus, the representation of relationships is contained as data in another table. A tuple of a table corresponds to a row in the table. Tuples are unordered top to bottom because a relation is a mathematical set and not a list. Also, because tuples are based on tables that are mathematical sets, there are no duplicate tuples in a table (sets in mathematics by definition do not include duplicate elements). The primary key is an attribute or set of attributes that uniquely identifies a specific instance of an entity. Each table in a database must have a primary key that is unique to that table. It is a subset of the candidate key. Reference used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12262-12269). Auerbach Publications. Kindle Edition. and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 46. and http://db.grussell.org/slides/rel%20algebra%201.ppt NOTE: SQL offers three classes of operators: select, project, and join. The select operator serves to shrink the table vertically by eliminating unwanted rows (tuples). The project operator serves to shrink the table horizontally by removing unwanted columns (attributes). And the join operator allows the dynamic linking of two tables that share a common column value. The join operation is achieved by stating the selection criteria for two tables and equating them with their common columns. Most commercial implementations of SQL do not support a y g q g p Q pp project operation, instead projections are achieved by specifying the columns desired in the output. This is why the Project operator is not well known as it is fading away from most data NEXT QUESTION