CISSP exam

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted . Which of the following is MOST likely occurring?A . A dictionary attackB...

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?A . Personal Identity Verification (PIV)B . Cardholder Unique Identifier (CHUID) authenticationC . Physical Access Control System (PACS) repeated attempt detectionD . Asymmetric Card Authentication Key (CAK) challenge-responseView AnswerAnswer: A

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?A . ConfidentialityB . IntegrityC . IdentificationD . AvailabilityView AnswerAnswer: A

Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?A . PhysicalB . SessionC . TransportD . Data-LinkView AnswerAnswer: C

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation . What MUST an administrator review to audit a user’s access to data files?A . Host VM monitor audit logsB . Guest OS access controlsC . Host VM access controlsD . Guest OS audit logsView...

Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?A . An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.B . An explanation of who can be contacted at the organization collecting the information...

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementationView AnswerAnswer: A Explanation: Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?A . Continuously without exception for all security controlsB . Before and after each change of the controlC . At a rate concurrent with the volatility of the security controlD . Only during system...

What is the purpose of an Internet Protocol (IP) spoofing attack?A . To send excessive amounts of data to a process, making it unpredictableB . To intercept network traffic without authorizationC . To disguise the destination address from a target’s IP filtering devicesD . To convince a system that it...

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?A . Intrusion Prevention Systems (IPS)B . Intrusion Detection Systems (IDS)C . Stateful firewallsD . Network Behavior Analysis (NBA) toolsView AnswerAnswer: D