CISSP exam

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?A . Common Vulnerabilities and Exposures (CVE)B . Common Vulnerability Scoring System (CVSS)C . Asset Reporting Format (ARF)D . Open Vulnerability and Assessment Language (OVAL)View AnswerAnswer: B

Which of the following is needed for System Accountability?A .  Audit mechanisms.B .  Documented design as laid out in the Common Criteria.C .  Authorization.D .  Formal verification of system design.View AnswerAnswer: A Explanation: Is a means of being able to track user actions. Through the use of audit logs and other...

A continuous information security monitoring program can BEST reduce risk through which of the following?A . Collecting security events and correlating them to identify anomaliesB . Facilitating system-wide visibility into the activities of critical user accountsC . Encompassing people, process, and technologyD . Logging both scheduled and unscheduled system changesView...

When two operators review and approve the work of each other, this is known as?A . Dual controlB . Two-man controlC . Two-fold controlD . Twin controlView AnswerAnswer: B

A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:A .  Concern that the laser beam may cause eye damage.B .  The iris pattern changes as a person grows older.C .  There is a...

In discretionary access environments, which of the following entities is authorized to grant information access to other people?A .  ManagerB .  Group LeaderC .  Security ManagerD .  Data OwnerView AnswerAnswer: D Explanation: In Discretionary Access Control (DAC) environments, the user who creates a file is also considered the owner and...

Configuration Management controls what?A . Auditing of changes to the Trusted Computing BaseB . Control of changes to the Trusted Computing BaseC . Changes in the configuration access to the Trusted Computing BaseD . Auditing and controlling any changes to the Trusted Computing BaseView AnswerAnswer: D

FOR THIS QUESTION, REFER TO THE FOLLOWING INFORMATION An organization is deciding if it needs Configuration Management Systems (CMS) supporting both operating systems and Software Configuration Management (SCM). Current practice is for development to support test and production systems and software by troubleshooting, upgrading, and patching the environment as necessary....

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?A . Host VM monitor audit logsB . Guest OS access controlsC . Host VM access controlsD . Guest OS audit logsView AnswerAnswer:...

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?A . Add a new rule to the application layer firewallB . Block access to the serviceC . Install an Intrusion Detection System (IDS)D...