CISSP exam

What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?A .  False Rejection Rate (FRR) or Type I ErrorB .  False Acceptance Rate (FAR) or Type II ErrorC .  Crossover Error Rate (CER)D .  Failure to enroll rate (FTE or FER)View AnswerAnswer: C Explanation:...

Which of the following is the MOST effective attack against cryptographic hardware modules?A . Plain-textB . Brute forceC . Power analysisD . Man-in-the-middle (MITM)View AnswerAnswer: C

The authenticator within Kerberos provides a requested service to the client after validating which of the following?A .  timestampB .  client public keyC .  client private keyD .  server public keyView AnswerAnswer: A Explanation: The server also checks the authenticator and, if that timestamp is valid, it provides the requested...

When is a Business Continuity Plan (BCP) considered to be valid?A . When it has been validated by the Business Continuity (BC) managerB . When it has been validated by the board of directorsC . When it has been validated by all threat scenariosD . When it has been validated...

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?A . Preventive/Administrative PairingB . Preventive/Technical PairingC . Preventive/Physical PairingD . Detective/Technical PairingView AnswerAnswer: B

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?A . Change management processesB . User administration proceduresC . Operating System (OS) baselinesD . System backup documentationView AnswerAnswer: A

FOR THIS QUESTION, REFER TO THE FOLLOWING INFORMATION A high-tech organization is deploying a wireless network at their headquarters for its mobile workforce of 500 users. The Chief Information Officer (CIO) has specified two key requirements: - Requirement 1. Authenticated access to corporate network - Requirement 2. Support a wide...

Backup information that is critical to the organization is identified through aA . Vulnerability Assessment (VA).B . Business Continuity Plan (BCP).C . Business Impact Analysis (BIA).D . data recovery analysis.View AnswerAnswer: D

Which of the following control pairing include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks in?A...

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?A . Continuously without exception for all security controlsB . Before and after each change of the controlC . At a rate concurrent with the volatility of the security controlD . Only during system...