CISSP exam

Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?A .  Discretionary Access Control (DAC)B .  Mandatory Access control (MAC)C .  Non-Discretionary Access Control (NDAC)D .  Lattice-based Access controlView AnswerAnswer: C Explanation: Rule-based access control is a type of non-discretionary access...

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?A . Hardware and software compatibility issuesB . Applications’ critically and downtime toleranceC . Budget constraints and requirementsD . Cost/benefit analysis and business objectivesView AnswerAnswer: D Explanation: Reference: http://www.pearsonitcertification.com/articles/article.aspx?p=1329710&seqNum=3

Which of the following is true about Kerberos?A .  It utilizes public key cryptography.B .  It encrypts data after a ticket is granted, but passwords are exchanged in plain text.C .  It depends upon symmetric ciphers.D .  It is a second party authentication system.View AnswerAnswer: C Explanation: Kerberos depends on secret...

What is the purpose of an Internet Protocol (IP) spoofing attack?A . To send excessive amounts of data to a process, making it unpredictableB . To intercept network traffic without authorizationC . To disguise the destination address from a target’s IP filtering devicesD . To convince a system that it...

What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?A .  AuthenticationB .  IdentificationC .  AuthorizationD .  ConfidentialityView AnswerAnswer: B Explanation: Identification is the act of a user professing an identity to a system, usually in the form...

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?A . WEP uses a small range Initialization Vector (IV)B . WEP uses Message Digest 5 (MD5)C . WEP uses Diffie-HellmanD . WEP does not use any Initialization Vector (IV)View AnswerAnswer: A Explanation: Reference: http://www.dummies.com/programming/networking/understanding-wep-weaknesses/

Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:A .  Preventive/physicalB .  Detective/technicalC .  Detective/physicalD .  Detective/administrativeView AnswerAnswer: D Explanation: Additional detective/administrative controls are job rotation, the sharing of responsibilities, and reviews of audit records. Reference(s) used for this question: KRUTZ, Ronald L....

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?A . Examine the device for physical tamperingB . Implement more stringent baseline configurationsC . Purge or re-image the hard disk driveD . Change access codesView AnswerAnswer: D

Which of the following is addressed by Kerberos?A .  Confidentiality and IntegrityB .  Authentication and AvailabilityC .  Validation and IntegrityD .  Auditability and IntegrityView AnswerAnswer: A Explanation: Kerberos addresses the confidentiality and integrity of information. It also addresses primarily authentication but does not directly address availability. Reference(s) used for this question:...

The end result of implementing the principle of least privilege means which of the following?A .  Users would get access to only the info for which they have a need to knowB .  Users can access all systems.C .  Users get new privileges added when they change positions.D .  Authorization...