CISSP

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?A . Hashing the data before encryptionB . Hashing the data after encryptionC . Compressing the data after encryptionD . Compressing the data before encryptionView AnswerAnswer: D

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?A . WEP uses a small range Initialization Vector (IV)B . WEP uses Message Digest 5 (MD5)C . WEP uses Diffie-HellmanD . WEP does not use any Initialization Vector (IV)View AnswerAnswer: A

Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?A . Cross Origin Resource Sharing (CORS)B . WebSocketsC . Document Object Model (DOM) treesD . Web Interface Definition Language (IDL)View AnswerAnswer: B

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?A . Implement packet filtering on the network...

A continuous information security monitoring program can BEST reduce risk through which of the following?A . Collecting security events and correlating them to identify anomaliesB . Facilitating system-wide visibility into the activities of critical user accountsC . Encompassing people, process, and technologyD . Logging both scheduled and unscheduled system changesView...

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?A . Derived credentialB . Temporary security credentialC . Mobile device credentialing serviceD . Digest authenticationView AnswerAnswer: A

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?A . Common Vulnerabilities and Exposures (CVE)B . Common Vulnerability Scoring System (CVSS)C . Asset Reporting Format (ARF)D . Open Vulnerability and Assessment Language (OVAL)View AnswerAnswer: B

What is the purpose of an Internet Protocol (IP) spoofing attack?A . To send excessive amounts of data to a process, making it unpredictableB . To intercept network traffic without authorizationC . To disguise the destination address from a target’s IP filtering devicesD . To convince a system that it...

Which of the following is MOST important when assigning ownership of an asset to a department?A . The department should report to the business ownerB . Ownership of the asset should be periodically reviewedC . Individual accountability should be ensuredD . All members should be trained on their responsibilitiesView AnswerAnswer:...

Topic 5, . Identity and Access Management (IAM) A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?A . Trusted third-party certificationB . Lightweight Directory Access Protocol (LDAP)C . Security...