CISSP SAMPLE EXAMINATION
Answer Key
(correct
answers in bold)
1
b. Security officer has the capability to do it.
c. Group leader has the capability to do it.
d. Owner has the authority to do it.
2
b. Least privilege is the security principle that the users and processes in a system should have the least number of privileges--and for the shortest amount of time--needed to do their work.
c. Mandatory access control is an access policy, not a security principle.
d. Separation of duties is the security principle that it's better to assign pieces of security-related tasks to several specific individuals.
3
b. Fabricated answer.
c. Brute force is a basic form of attack by which the adversary enters username and passwords until successful (password is guessed).
d. Fabricated answer.
4
b. Coaxial is more difficult to tap, but can be intruded on without changing transmission characteristics.
c. Shielded coaxial is more difficult to tap, but can be intruded on without changing transmission characteristics.
d. Fiber optic cannot be tapped by induction or intrusion without altering transmission characteristics.
5
b. Hub and spoke is a star topology where all signals go through the hub, but not to all nodes.
c. Baseband is a data transmission technique that uses the entire bandwidth of a media, without modulating a digital signal. Ethernet, Token Ring and Arcnet use baseband transmission.
d. Token ring is a network architecture that passes an electronic character called a token among nodes connected in a circular, closed-loop cabling system.
6
b. Transport layer is Layer 4.
c. Network layer is Layer 3.
d. Presentation layer is Layer 6.
7
b. Fabricated option. Variables in related calculations, but not the correct variables for this equation.
c. Fabricated option. Variables in related calculations, but not the correct variables for this equation.
d. These are the correct variables for the equation.
8
b. Routine administration of all aspects of security is delegated, but top management must retain overall responsibility for security.
c. The data owner supports and implements information security, providing information categorization as appropriate.
d. The custodian supports and implements information security as appropriate.
9
b. Mutual exclusion is a principle whereby one task or person's responsibility does not depend upon the actions of another person to accomplish the task.
c. Need to know is a security principle stating that a user should have access only to the data that he or she needs to perform a particular function.
d. Least privilege is a security principle stating that a user or process should be granted the most restrictive set of privileges to perform a particular task.
10
b. Reboot is a method of restarting the entire computer system instead of a specific application.
c. Checkpoint facilitates restarts.
d. A journal is a log of activities internal to automated systems.
11
b. Intrusion detection software is used to review security logs.
c. System baselining is usually not done in security reviews.
d. Fabricated option.
12
b. A virus is a code fragment (not an independent program) that reproduces by attaching to another program.
c. A worm is an independent program that reproduces by copying itself from one system to another, usually over a network.
d. A Trojan horse is an independent program that appears to perform a useful function, but hides another unauthorized program inside it.
13
b. The RSA algorithm is the first full-fledged public-key algorithm used for encryption and digital signatures.
c. A third party often creates and distributes the key pairs, thereby acting as a key-distribution center.
d. RSA can produce a digital signature.
14
b. The difficulty of factoring large numbers is a characteristic of RSA, which uses prime numbers and an asymmetric-key algorithm.
c. This is a component of a symmetric-key algorithm.
d. Fabricated option.
15
b. 16 is the number of rounds of substitution and permutations.
c. 56 not 54 is the effective length of the key.
d. 64 is the block size.
16
b. This level addresses labeled security.
c. This level addresses controlled access.
d. This level addresses discretionary security.
17
b. Overflow can still take place, but what can be done after the compromise is limited by compartmentalization.
c. If input is accepted without adequately checking the bounds, an attacker can make arbitrary changes to the program state adjacent to the array.
d. Privileged mode has nothing to do with stack overflow.
18
b. Time of check/time of use is a class of asynchronous attacks where some control information is changed between the time the system security functions check the contents of variables and the time the variables actually are used during operations. System timing facilitates the listed exploits.
c. System bounds checking verifies that a computer program does not address storage locations outside of authorized limits and does not facilitate the listed exploits.
d. Passive monitoring is the observation of telecommunication traffic that does not alter the data within the system and does not facilitate the listed exploits.
19
b. Accountability includes authentication, audit trails, logs and periodic reviews of such data to trace actions to entities and, ultimately, to human beings who caused the actions.
c. Audit trail information is secured so information cannot be altered.
d. User IDs by themselves do not trigger corrective controls. The activity conducted under an ID may need to trigger a corrective action.
20
b. NAK attack is a penetration technique that capital- izes on potential weaknesses in an operating system that does not handle asynchronous interrupts properly, thus leaving the system in an unprotected state during interrupts.
c. Exhaustive attacks identify secret data by testing all possibilities until the information is identified (e.g., identification of a valid password by testing all possible passwords until a match is found).
d. Spoofing is an attack in which one person or process pretends to be a person or process that has more privileges.
21
b. Brute force attack is an attempt to try all possible cipher key combinations in order to find the one that unlocks the cipher text. It is not designed to cause the system to cease operations.
c. Satan is an intrusion detection system that can be used maliciously, but is not used to cause the system to cease operations.
d. Back door is a hidden software mechanism used to circumvent security controls, but is not included in software to cause the system to cease operations.
22
b. An important criteria but not the best option of the alternatives given.
c. A costly protection measure and not typically practiced.
d. An important criteria that must be met when considering off-site storage.
23
b. Remote journaling enables information to be transmitted over a communications link instead of sending tapes off-site.
c. Remote journaling enables capture of transactions to a remote computer system instead of multiple storage devices.
d. Remote journaling is the mode of operation that allows the record of all stored data items whose values are changed as a result of processing and the manipulation of data to be stored at a remote site via a communications link.
24
b. Computer-generated evidence is admissible if it is relevant and reliable. It is up to an expert witness or attorney to explain the evidence presented.
c. The amount of information collected does not determine its reliability.
d. Computer-generated evidence must follow the Chain of Custody to be considered reliable; otherwise, there is no way to detect tampering.
25
b. Contents of the memory will be lost if not dumped to a disk. This can be accomplished by opening the DOS Window and running DEBUG.
c. Contents of the hard drive remain after the power is turned off.
d. The owner's bootup disks may be programmed to destroy data on the PC if an appropriate code is not entered.
26
b. Entering information on an active Web page many not be malicious.
c. Creating a virus is not a crime until you distribute it.
d. Disruption of Internet communications is usually illegal or, at least, an activity that causes problems.
27
b. A power supply could be added and the data could be accessed and copied.
c. A cable lock can be severed and the laptop could be stolen, and the data contained therein could be accessed.
d. Encryption may protect the data from unauthorized access.
28
b. Proximity cards and objects utilize radio transmission and computer chips for identification.
c. Standard card edge connectors do not utilize transponder-based technology.
d. Bar-coded cards and objects use light and dark patterns interpreted by optics. Infrared cards also utilize light and dark patterns interpreted by optics.
29
b. Class C fire extinguishers are to be used for electrical fires.
c. Not enough information is given to determine the type of extinguisher for use in an enclosed area; e.g., another option may be more appropriate if personnel are present.
d. Not a distinguishing condition; Class A fire extinguishers are used for combustible solids; Class B fire extinguishers are used for combustible liquids, and Class C fire extinguishers are used for electrical fires.