CISSP exam

Controlling access to information systems and associated networks is necessary for the preservation of their:A .  Authenticity, confidentiality and availabilityB .  Confidentiality, integrity, and availability.C .  integrity and availability.D .  authenticity,confidentiality, integrity and availability.View AnswerAnswer: B Explanation: Controlling access to information systems and associated networks is necessary for the preservation...

A database view is the results of which of the following operations?A .  Join and Select.B .  Join, Insert, and Project.C .  Join, Project, and Create.D .  Join, Project, and Select.View AnswerAnswer: D Explanation: 1 The formal description of how a relational database operates. 2 The mathematics which underpin SQL operations....

Which one of the following can be identified when exceptions occur using operations security detective controls?A . Unauthorized people seeing confidential reports.B . Unauthorized people destroying confidential reports.C . Authorized operations people performing unauthorized functions.D . Authorized operations people not responding to important console messages.View AnswerAnswer: C

In Mandatory Access Control, sensitivity labels attached to object contain what information?A .  The item's classificationB .  The item's classification and category setC .  The item's categoryD .  The items's need to knowView AnswerAnswer: B Explanation: The following is the correct answer the item's classification and category set. A Sensitivity label...

What kind of certificate is used to validate a user identity?A .  Public key certificateB .  Attribute certificateC .  Root certificateD .  Code signing certificateView AnswerAnswer: A Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a...

Which of the following is the MOST secure password technique?A . PassphraseB . One-time passwordC . Cognitive passwordD . CiphertextView AnswerAnswer: B

Which of the following is a potential drawback of using the defense-in-depth principle?A . Increased system complexityB . Increased component failure ratesC . Redundant components are requiredD . Lower intrusion detection performanceView AnswerAnswer: A

In Synchronous dynamic password tokens: A . The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).B .  The token generates a new non-unique password value at fixed time intervals (this password could be based...

In configuration management, what baseline configuration information MUST be maintained for each computer system?A . Operating system and version, patch level, applications running, and versions.B . List of system changes, test reports, and change approvalsC . Last vulnerability assessment report and initial risk assessment reportD . Date of last update,...

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:A .  Mandatory Access ControlB .  Discretionary Access ControlC .  Non-Discretionary Access ControlD .  Rule-based Access controlView AnswerAnswer: C Explanation: A central authority determines what subjects can have access to certain...