CISSP exam

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?A . Implement packet filtering on the network...

Who developed one of the first mathematical models of a multilevel-security computer system?A .  Diffie and Hellman.B .  Clark and Wilson.C .  Bell and LaPadula.D .  Gasser and Lipner.View AnswerAnswer: C Explanation: In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system. The following answers...

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?A . Intrusion Prevention Systems (IPS)B . Intrusion Detection Systems (IDS)C . Stateful firewallsD . Network Behavior Analysis (NBA) toolsView AnswerAnswer: D

Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?A .  Preventive/Administrative PairingB ....

Which of the following is the MOST secure method of building router tables?A . Distance vectorB . Link stateC . Border Gateway Protocol (BGP)D . StaticView AnswerAnswer: D

If your property insurance has Actual Cost Evaluation (ACV) clause your damaged property will be compensated:A . Based on the value of the item on the date of lossB . Based on new item for old regardless of condition of lost itemC . Based on value of item one month...

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?A . Transport layerB . Application layerC . Network layerD . Session layerView AnswerAnswer: A

Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?A .  Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.B .  The initial logon process is cumbersome to...

What security procedure forces an operator into collusion with an operator of a different category to have access to unauthorized data?A . Enforcing regular password changesB . Management monitoring of audit logsC . Limiting the specific accesses of operations personnelD . Job rotation of people through different assignmentsView AnswerAnswer: C

Which of the following would constitute the best example of a password to use for access to a system by a network administrator?A .  holidayB .  Christmas12C .  JennyD .  GyN19Za!View AnswerAnswer: D Explanation: GyN19Za! would be the best answer because it contains a mixture of upper and lower case...