Which of the following is not an Orange Book-defined life cycle assurance requirement?
A. Security testing
B. Design specification and testing
C. Trusted distribution
D. System integrity
Explanation: Life cycle assurance is more than configuration management.
Reference: “Operational assurance focuses on the basic features and architecture of a system that
lend themselves to supporting security. There are five requirements or elements of operation
* System architecture
* System integrity
* Covert channel analysis
* Trusted facility management
* Trusted Recovery
Life cycle assurance focuses on the controls and standards that are necessary for designing,
building, and maintaining a system. The following are the four requirements or elements of life
* Security testing
* Design specification and testing
* Configuration Management
* Trusted distribution”
Pg 398 Tittel
What is another name for the Orange Book?
A. The Trusted Computer System Evaluation Criteria (TCSEC)
B. The Trusted Computing Base (TCB)
C. The Information Technology Security Evaluation Criteria (ITSEC)
D. The Common Criteria
The Trusted Computer System Evaluation Criteria (TCSEC) is a collection of criteria
used to grade or rate the security offered by a computer system product. The TCSEC is
sometimes referred to as “the Orange Book” because of its orange cover. The current
version is dated 1985 (DOD 5200.28-STD, Library No.S225,711) The TCSEC, its
interpretations and guidelines all have different color covers, and are sometimes known as
the “Rainbow Series”.
A password that is the same for each log-on session is called a?
A. “one-time password”
B. “two-time password”
C. static password
D. dynamic password
Explanation: A Static password is one that remains the same until its changed. Its like the
password that we use in the operating systems, you set it, and then you always use the same
password to logon to the system for the time of the session. This password will give us
access to the system and will be the vehicle to create our access token in a successful way to
get our privileges. A one-time password is only valid for one use, dynamic ones change
every certain condition is met, and two-time passwords can only be used two times. We can
provide certain times of access with this kind of passwords.
Which of the following backup methods is most appropriate for off-site archiving?
A. Incremental backup method.
B. Off-site backup method.
C. Full backup method.
D. Differential backup method.
Since we want to maintain the backups offsite, its always better to send FULL-Backups
because they contain a consistent base of the system. We perform the beginning of a restore
through a full backup. Remember that the backups stored offsite are in most cases in a
secure place, full backup in there are a best practice for any network administrator. With
incremental or differential backups we don’t have all we need to restore a system to a
consistent state. We need to start from the full backup. “Offsite Backup” is not a valid
Which of the following is not a weakness of symmetric cryptography?
A. Limited security
B. Key distribution
Explanation: In secret key cryptography, a single key is used for both encryption and
decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and
sends the cipher text to the receiver. The receiver applies the same key (or rule set) to
decrypt the message and recover the plaintext. Because a single key is used for both
functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and
the receiver ; that in fact, is the secret. The biggest difficulty with this approach, of course, is the
distribution of the key.
Symmetric encryption is around 1000 times faster than Asymmetric encryption, the second is
commonly used just to encrypt the keys for Symmetric Cryptography.
Which of the following is not a defined layer in the TCP/IP protocol model?
A. Application layer
B. Session layer
C. Internet layer
D. Network access layer
Explanation: The TCP/IP reference model is the network model used in the current
Internet architecture. It has its origins back in the 1960’s with the grandfather of the
Internet, the ARPANET. This was a research network sponsored by the Department of
Defense in the United States.
The reference model was named after two of its main protocols, TCP (Transmission Control
Protocol) and IP (Internet Protocol). They choose to build a packet-switched network based on a
connectionless internet layer. Here is a representation of it:
“The TCP/IP Protocol Model is similar to the OSI model, but it defines only the following four
layers instead of seven:
Application Layer. Consists of the applications and processes that use the network.
Host-to-Host Transport Layer. Provides end-to-end data delivery service to the Application
Internet Layer. Defines the IP datagram and handles the routing of data across networks.
Network Access or Link Layer. Consists of routines for accessing physical networks and the
Pg 112 Krutz: The CISSP Prep Guide: Gold Edition.
Rewritable and erasable (CDR/W) optical disk are sometimes used for backups that require short
time storage for changeable data, but require?
A. Faster file access than tape.
B. Slower file access than tape.
C. Slower file access than drive.
D. Slower file access than scale.
Explanation: This is true, when we use optical media like CD´s to make our backups we
need a constant throughput on the file access and data transfer inside the disk because of
the risk to get a buffer overrun error in the CD writer. If the buffer user by the CD burner
is empty and the Hard disk does not provide data for that time, the Backup will be
unsuccessful. This can be solved with a Technology known as “Burn Proof”.
Which one of the following is not a primary component or aspect of firewall systems?
A. Protocol filtering
B. Packet switching
C. Rule enforcement engine
D. Extended logging capability
Explanation: This is not a main function of a firewall, packet switching is a main feature of
a Switch (working only in the layer 2 of the OSI model). Firewall are network security
devices that can function through layer 2 to layer 7 of the OSI model. They usually include
rule engine that enforce the enterprise security policy of the company. They provide
protocol filtering to enforce our requirements through the forwarded or deny of traffic.
They also provide logging capabilities so we can analyze what is happening in a very low
level in our network.
What are database views used for?
A. To ensure referential integrity.
B. To allow easier access to data in a database.
C. To restrict user access to data in a database.
D. To provide audit trails.
Explanation: Through the use of a view we can provide security for the organization
restricting users access to certain data or to the real tables containing the information in
our database. For example, we can create a view that brings data from 3 tables, only
showing 2 of the 4 columns in each. Instead of giving access to the tables that contain the
information, we give access to the view, so the user can access this fixed information but
does not have privileges over the tables containing it. This provides security.
Which of the following Common Data Network Services is used to send and receive email
internally or externally through an email gateway device?
A. File services
B. Mail services
C. Print services
D. Client/Server services
Explanation: This functionality is provided through mail services, this service permits
collaboration between users in an internal and external level. We usually use two protocols,
“SMTP” in port TCP 25 to send the emails and “POP3” in port TCP 110 to receive them.
Currently there is another protocol that is gaining popularity, it is “IMAP4”. Print
services are used for printing documents and file services are used to share and access files
and folders inside the infrastructure.
Intrusion detection has which of the following sets of characteristics.
A. It is adaptive rather than preventive.
B. It is administrative rather than preventive.
C. It is disruptive rather than preventative.
D. It is detective rather than preventative.
Explanation: This is one of the features of intrusion detections, instead of being pro-active,
it has a reactive behavior. When we set an IDS system inside of our network or hosts, the
IDS agent is constantly monitoring in real time what activities are being performed in the
infrastructure. If the IDS founds a malicious activity taking place it can take actions
against it like disabling interfaces, alerting the administrators or sending network attacks
to the source to put it out of service.
As a difference to the detective behavior of IDS, we can also increase the security with practices
like hardening our systems ,this is considered a preventive practice.
Which type of password provides maximum security because a new password is required
for each now log-on is defined to as?
A. One-time or dynamic password
B. Cognitive password
C. Static password
D. Pass phrase
Explanation: “One-time” or “dynamic” password technology concept is having your
remote host already know a password that is not going to go over insecure channels and
when you connect, you get a challenge. You take the challenge information and password
and plug it into an algorithm which generates the response that should get the same answer
if the password is the same on the both sides. Therefore the password never goes over the
network, nor is the same challenge used twice. Unlike SecurID or SNK, with S/key you do
not share a secret with the host.
Other one time password technology is card systems where each user gets a card that generates
numbers that allow access to their account. Without the card, it is improbable to guess the
They in form of credit card-size memory cards or smart cards, or those resembling small
calculators, are used to supply static and dynamic passwords are called?
A. Token Ring
C. Token passing networks
Explanation: Tokens are usually used to provide authentication through “What we have”,
is most commonly implemented to provide two-factor authentication. For example,
SecurID requires two pieces of information, a password and a token. The token is usually
generated by the SecurID token – a small electronic device that users keep with them that
display a new number every 60 seconds. Combining this number with the users password
allows the SecurID server to determine whatever or not the user should be granted access.
Which of the following uses a directed graph to specify the rights that a subject can transfer to an
object, or that a subject can take from another subject?
A. Take-Grant model
B. Access Matrix model
C. Biba model
D. Bell-Lapadula model
Explanation: The Take-Grant System is a model that helps in determining the protection
rights (e.g., read or write) in a computer system. The Take-Grant system was introduced
by Jones, Lipton, and Snyder to show that it is possible to decide on the safety of a
computer system even when the number of subjects and objects are very large, or
unbound. This can be accomplished in linear time based on the initial size of the system.
The take-grant system models a protection system which consists of a set of states and state
transitions. A directed graph shows the connections between the nodes of this system.
These nodes are representative of the subjects or objects of the model. The directed edges
between the nodes represent the rights that one node has over the linked node.
Which of the following is the BEST way to prevent software license violations?
A. Implementing a corporate policy on copyright infringements and software use.
B. Requiring that all PCs be diskless workstations.
C. Installing metering software on the LAN so applications can be accessed through the metered
D. Regularly scanning used PCs to ensure that unauthorized copies of software have not been
loaded on the PC.
Explanation: Since its impossible to control all the efforts of the users to install software
without the proper licenses in their PC´s (Specially downloaded from the Internet), the best
way to prevent licenses violations is through regular audit to every single user PC to see
what’s the installed programs are and what’s the nature of them (Shareware, freeware,
licensed). We cant use LAN monitoring software because not all the applications are
network enabled, also, there is usually a policy about software installation, but the users do
not rely on them many times. It also a very nice practice to punish the users making
software license violations.
Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the
A. Data exchange in many businesses.
B. Data change in many businesses.
C. Data compression in many businesses.
D. Data interchange in many businesses.
Explanation: This is the primary use of this kind of devices, since they are very portable (a
medium-size external box) and they provide standard interfaces to the PC, they are usually
used in data exchange because of their high capacity in comparison to the 3.5 floppy
diskettes. We can make changes in the media used by this devices, but is not their primary
use. Compression is not the best feature of this devices, their usually depend on File system
compression. Absolutely, the best use of this boxes is for data exchange.
What are two types of system assurance?
A. Operational Assurance and Architecture Assurance.
B. Design Assurance and Implementation Assurance.
C. Architecture Assurance and Implementation Assurance.
D. Operational Assurance and Life-Cycle Assurance.
Software Systems Quality Assurance (SQA) is defined as a planned and systematic
approach to the evaluation of the quality of and adherence to software product standards,
processes, andprocedures. SQA includes the process of assuring that standards and
procedures are established and are followed throughout the software acquisition life cycle.
Compliance with agreed-upon standards and procedures is evaluated through process
monitoring, product evaluation, and audits. Software development and control processes
should include quality assurance approval points, where an SQA evaluation of the product
may be done in relation to the applicable standards. The 2 types available are : Operational
assurance (that specified that the operation compiles with the required) and Life-Cycle
assurance (that specifies that the system has passed through all the Software life-cycle).
Why does compiled code pose more risk than interpreted code?
A. Because malicious code can be embedded in the compiled code and can be difficult to detect.
B. Because the browser can safely execute all interpreted applets.
C. Because compilers are not reliable.
D. It does not. Interpreted code poses more risk than compiled code.
Explanation: Since the compiled code has already been translated to binary language (the
language understanded natively by the computers), its very difficult for us (the humans) to
detect malicious code inside an application, this is because its not apparently visible, you
have to find that malicious code through the behavior of the program. Instead, when we
talk about Interpreted code, we use a language interpreter, that is a piece of software that
allows the end-user to write a program in some human-readable language, and have this
program executed directly by the interpreter.
This is in contrast to language compilers, that translate the human-readable code into
machine-readable code, so that the end-user can execute the machine-readable code at a later
time.This is far more easier to detect malicious code inside the programs, you just need to see
what piece of code produced the undesired action.
Which model, based on the premise that the quality of a software product is a direct function of
the quality of its associated software development and maintenance processes, introduced five
levels with which the maturity of an organization involved in the software process is evaluated?
A. The Total Quality Model (TQM)
B. The IDEAL Model
C. The Software Capability Maturity Model
D. The Spiral Model
Explanation: The Capability Maturity Model for Software describes the principles and
practices underlying software process maturity and is intended to help software
organizations improve the maturity of their software processes in terms of an evolutionary
path from ad hoc, chaotic processes to mature, disciplined software processes. The CMM is
organized into five maturity levels:1) Initial. The software process is characterized as ad
hoc, and occasionally even chaotic. Few processes are defined, and success depends on
individual effort and heroics.2) Repeatable. Basic project management processes are
established to track cost, schedule, and functionality. The necessary process discipline is in
place to repeat earlier successes on projects with similar applications.3)Defined. The
software process for both management and engineering activities is documented,
standardized, and integrated into a standard software process for the organization. All
projects use an approved, tailored version of the organization’s standard software process
for developing and maintaining software.4) Managed. Detailed measures of the software
process and product quality are collected. Both the software process and products are
quantitatively understood and controlled.5) Optimizing. Continuous process improvement
is enabled by quantitative feedback from the process and from piloting innovative ideas
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud simulates
the tones of coins being deposited into a payphone?
A. Red Boxes
B. Blue Boxes
C. White Boxes
D. Black Boxes
The Red box basically simulates the sounds of coins being dropped into the coin slot of a
payphone. The traditional Red Box consisting of a pair of Wien-bridge oscillators with the
timing controlled by 555 timer chips.The Blue Box, The mother of all boxes, The first box
in history, which started the whole phreaking scene. Invented by John Draper (aka
“Captain Crunch”) in the early 60s, who discovered that by sending a tone of 2600Hz over
the telephone lines of AT&T, it was possible to make free calls.A Black Box is a device that
is hooked up to your phone that fixes your phone so that when you get a call, the caller
doesn’t get charged for the call. This is good for calls up to 1/2 hour, after 1/2 hour the
Phone Co. gets suspicious, and then you can guess what happens.The White Box turns a
normal touch tone keypad into a portable unit. This kind of box can be commonly found in
a phone shop.
What is the proper term to refer to a single unit of Ethernet data?
A. Ethernet segment
B. Ethernet datagram
C. Ethernet frame
D. Ethernet packet
Explanation: Ethernet traffic is transported in units of a frame, where each frame has a
definite beginning and end. Here is an Ethernet frame:
In this picture we define:
1. Preamble Field used for synchronization, 64-bits
2. Destination Address Ethernet address of the destination host, 48-bits
3. Source Address Ethernet address of the source host, 48-bits
4. Type of data encapsulated, e.g. IP, ARP, RARP, etc, 16-bits.
5. Data Field Data area, 46-1500 bytes, which has
Destination Address Internet address of destination host
Source Address Internet address of source host
6. CRC Cyclical Redundancy Check, used for error detection
Which of the following represents an ALE calculation?
A. Singe loss expectancy x annualized rate of occurrence.
B. Gross loss expectancy x loss frequency.
C. Actual replacement cost – proceeds of salvage.
D. Asset value x loss expectancy.
Explanation: ALE (Annualized Loss Expectancy) calculations are a component of every
risk analysis process. ALE calculations when done properly portray risk accurately. ALE
calculations provide meaningful cost/benefit analysis. ALE calculations are used to:
1. Identify risks
2. Plan budgets for information risk management
3. Calculate loss expectancy in annualized terms
SLE x ARO = ALE
IF an operating system permits executable objects to be used simultaneously by multiple users
without a refresh of the objects, what security problem is most likely to exist?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.
Explanation: This is a well known issue knew by many programmers, since the operating
system is allowing the executables to be used by many users in different sessions at the
same time, and there is not refreshing every certain time, there will be a disclosure of
residual data. To fix this we need to get sure that objects are refreshed frequently, for
added security its better an OS that does not allow the use of an executable object by many
users at the same time.
Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured
A. Single array
B. Dual array
C. Triple array
D. Quadruple array
Explanation: This is the function of a tape robot/changer working on a media library /
jukebox. We can get as many as 32 / 64 or even more tapes action as a single logical unit.
You can have a robot that changes and retrieves the different tapes when they are needed,
so you see the whole bunch of tapes as it’s a single logical storage solution for you. This
kind of solutions are very expensive.
Why would anomaly detection IDSs often generate a large number of false positives?
A. Because they can only identify correctly attacks they already know about.
B. Because they are application-based are more subject to attacks.
C. Because they cant identify abnormal behavior.
D. Because normal patterns of user and system behavior can vary wildly.
Explanation: One of the most obvious reasons why false alarms occur is because tools are
stateless. To detect an intrusion, simple pattern matching of signatures is often insufficient.
However, that’s what most tools do. Then, if the signature is not carefully designed, there
will be lots of matches. For example, tools detect attacks in sendmail by looking for the
words “DEBUG” or “WIZARD” as the first word of a line. If this is in the body of the
message, it’s in fact innocuous, but if the tool doesn’t differentiate between the header and
the body of the mail, then a false alarm is generated.
Finally, there are many events happening in the course of the normal life of any system or
network that can be mistaken for attacks. A lot of sysadmin activity can be catalogued as
anomalous. Therefore, a clear correlation between attack data and administrative data should be
established to cross-check that everything happening on a system is actually desired.
Normal patterns and user activities are usually confused with attacks by IDS devices, its
expected that the 2nd generations IDS systems will decrease the percent of false positives.
According to private sector data classification levels, how would salary levels and medical
information be classified?
Explanation: According to the classification levels of the private sector, this information is
classified as Private because this information is from a personal nature. There is no need
for other employees to see details about your health or you salary range, this can lead to
internal problems inside the company, problems like jealous employees.
Which of the following is used in database information security to hide information?
Explanation: Polyinstantiation represents an environment characterized by information
stored in more than one location in the database. This permits a security model with
multiple levels-of-view and authorization. The current problem with polyinstantiation is
ensuring the integrity of the information in the database. Without an effective method for
the simultaneous updating of all occurrences of the same data element – integrity cannot be
Which of the following evaluates the product against the specification?
Explanation: This is the proper term, “Verification”, this term is used when we are making
a comparison of a product against a specification. For example, you can have a product
that is build on open standards, you can have a proof of that by making a “verification” of
it against the standards or specifications included in those.
Application Level Firewalls are commonly a host computer running proxy server software,
which makes a?
A. Proxy Client
B. Proxy Session
C. Proxy System
D. Proxy Server
Explanation: A proxy server is a server that sits between a client and server application,
such as a Web browser and a source web server. It intercepts all requests to the real server
to see if it can fulfill the requests itself. If not, it forwards the request to the original source
web server. Firewalls usually provides this kind of services to have more control over user
request and allow / deny the traffic of those through the gateway. At this time the most
common Proxy server is for HTTP protocol, we can also have proxies for SMTP and FTP.
What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the
victim’s machine on any open port that is listening?
A. Bonk attack
B. Land attack
C. Teardrop attack
D. Smurf attack
Explanation: The Land attack involves the perpetrator sending spoofed packet(s) with the
SYN flag set to the victim’s machine on any open port that is listening. If the packet(s)
contain the same destination and source IP address as the host, the victim’s machine could
hang or reboot.
In addition, most systems experience a total freeze up, where as CTRL-ALT-DELETE fails to
work, the mouse and keyboard become non operational and the only method of correction is to
reboot via a reset button on the system or by turning the machine off.
This will affect almost all Windows 95, Windows NT, Windows for Workgroups systems that
are not properly patched and allow Net Bios over TCP/IP.
In addition, machines running services such as HTTP, FTP, Identd, etc that do not filter
packet(s), that contain the same source / destination IP address, can still be vulnerable to attack
through those ports.
This attack can be prevented for open / listening ports by filtering inbound packets containing
the same source / destination IP address at the router or firewall level.
For most home users not running a lot of services, and for those who use IRC, disabling the
Identd server within their client will stop most attacks since the identd service (113) is becoming
the most attacked service/port.
The beginning and the end of each transfer during asynchronous communication data transfer are
A. Start and Stop bits.
B. Start and End bits.
C. Begin and Stop bits.
D. Start and Finish bits.
Explanation: The ASYNCHRONOUS (ASYNC) format for data transmission is a
procedure or protocol in which each information CHARACTER or BYTE is individually
synchronized or FRAMED by the use of Start and Stop Elements, also referred to as
START BITS and STOP BITS. The Asynchronous Transmission Format is also known as
START-STOP mode or CHARACTER mode. Each character or byte is framed as a
separate and independent unit of DATA that may be transmitted and received at irregular
and independent time intervals. The characters or bytes may also be transmitted as a
contiguous stream or series of characters.
Most of unplanned downtime of information systems is attributed to which of the
A. Hardware failure
B. Natural disaster
C. Human error
D. Software failure
This is what the static’s says. Most of the downtime is cause of unexpected hardware
failure. Commonly you just replace the FRU (Field replazable unit) when they fail. Usually
a well written software does not fail if the hardware is running correctly. The human
errors are controllable and natural disasters are not very often. Hardware failure is very
common, it’s a good practice to have spare disks, NIC and any other hardware FRU´s in
your company to minimize the downtime with quick replacements.
Raid that functions as part of the operating system on the file server
A. Software implementation
B. Hardware implementation
C. Network implementation
D. Netware implementation
Explanation: This kind of RAID is totally depended on the operating system, this is
because the server does not have any special hardware – RAID controller in the board. This
kind of RAID implementation usually degrades performance because it takes many CPU
cycles. A very common example of software RAID is the support for it on Windows 2000
Server, where you can create RAID 0,1 and 5 through heterogeneous disks, you can even
make a RAID between one SCSI and one EIDE disk. The software implementation is
hardware independent always that the disks are recognized by the Operating System.
During which phase of an IT system life cycle are security requirements developed?
The System Development Life Cycle is the process of developing information systems
through investigation, analysis, design, implementation, and maintenance. The System
Development Life Cycle (SDLC) is also known as Information Systems Development or
Application Development. If you take a look at the standard IT system life cycle chart, you
will see that everything that deals with security requirements is done at the “development”
stage. In this stage you can create the access controls, the form of authentication to use and
all the other security requirements.
Ensuring that printed reports reach proper users and that receipts are signed before releasing
sensitive documents are examples of?
A. Deterrent controls
B. Output controls
C. Information flow controls
D. Asset controls
Explanation: Since we want to deal with printer reports, we are talking about output
controls, Why, because printer produce output, and we can control it. As a best practice
you can have people dedicated in the company to receive the different print jobs in the
printing center, and people that takes care of the confidential information requiring a
signature from the sender stating that the document was delivered to the owner in a timely
and secure fashion.
Non-Discretionary Access Control. A central authority determines what subjects can have access
to certain objects based on the organizational security policy. The access controls may be based
A. The societies role in the organization.
B. The individual’s role in the organization.
C. The group-dynamics as they relate to the individual’s role in the organization.
D. The group-dynamics as they relate to the master-slave role in the organization.
Explanation: An access control model defines a computer and/or network system’s rules
for user access to information resources. Access control models provide confidentiality,
integrity and also provide accountability through audit trails. An audit trail documents the
access of an object by a subject with a record of what operations were performed.
Operations include: read, write, execute and own.
Non-Discretionary Access Control is usually role-based, centrally administered with
authorization decisions based on the roles individuals have within an organization (e.g. bank
teller, loan officer, etc. in a banking model). A system’s security administrator grants and/or
revokes system privileges based on a user’s role. This model works well for corporations with a
large turnover of personnel.
An effective information security policy should not have which of the following characteristics?
A. Include separation of duties.
B. Be designed with a short-to mid-term focus.
C. Be understandable and supported by all stakeholders.
D. Specify areas of responsibility and authority.
Explanation: This is not a very good practice, specially for the CISSP examination, when
you plan and develop the security policy for your enterprise you should always plan it with
a long term focus. The policy should be created to be there for a long time, and you should
only make revisions of it every certain time to comply with changes or things that could
In a security policy the duties should be well specified, be understandable by the people involved
in it, and specify areas of responsibility.
Which of the following statements pertaining to secure information processing facilities is
A. Walls should have an acceptable fire rating.
B. Windows should be protected by bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.
Explanation: The correct answer can be determined through elimination. We need to have
an acceptable fire rating for the walls, this is well known for any CISSP aspirant, its like
that because we need to contain the fire as much as we can. We also need resistant doors so
unauthorized people do not enter easily using the force. The people also need to know
about fire suppression systems to be able to deal with a fire situation inside the facilities. As
you can see, We should not protect windows with bars, this is a bad practice because, in the
case of a fire, the people cannot get out of the building through the windows.
Making sure that the data is accessible when and where it is needed is which of the following?
Explanation: This is one of the pillars of network security. We can say that the data is
available if we can access to it when we need it. This what is referred in the question,
Availability refers to get access to data when and where you need it. Confidentiality deals
with encryption and data protection against third party interception. Integrity deals with
digital signatures and assures that the data has not changed. Acceptability is not a related
Business continuity plan development depends most on?
A. Directives of Senior Management
B. Business Impact Analysis (BIA)
C. Scope and Plan Initiation
D. Skills of BCP committee
Explanation: Business continuity is of course a vital activity. However, prior to the creation
of a business continuity plan, it is essential to consider the potential impacts of disaster and
to understand the underlying risks. It is now widely accepted that both business impact
analysis and risk analysis are vital components of the business continuity process.
However, many organizations are unsure of how to approach these important disciplines.
BIA is important because it provides management level analysis by which an organization
assesses the quantitative (financial) and qualitative (non-financial) impacts, effects and loss that
might result if the organization were to suffer a Business Continuity E/I/C. The findings from a
BIA are used to make decisions concerning Business Continuity Management strategy and
Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
Explanation: The Physical Layer is the layer that is concerned with the signaling of the
message and the interface between the sender or receiver and the medium. The physical
layer is generally defined by one of the standards bodies and carries a designation that
indicates the characteristics of the connection. Among frequently used physical layers
standards are EIA-232-D, ITU V.35, and some of the X series (X.21/X.21bis, for example).
Related to information security, availability is the opposite of which of the following?
Explanation: This is the correct term, remember that Availability refers to get access to
data when and where you need it. When we talk about destruction, we are saying the
opposite, if your information is destroyed, you cant access to it neither when or where you
want it. Delegation deals with permissions, distribution deals with deployment and
documentation deals with information and how to´s. The term we are looking here is
Which of the following is a disadvantage of a behavior-based ID system?
A. The activity and behavior of the users while in the networked system may not be static
enough to effectively implement a behavior-based ID system.
B. The activity and behavior of the users while in the networked system may be dynamic enough
to effectively implement a behavior-based ID system.
C. The activity and behavior of the users while in the networked system may not be dynamic
enough to effectively implement a behavior-based ID system.
D. The system is characterized by high false negative rates where intrusions are missed.
Explanation: Behavior-based intrusion detection techniques assume that an intrusion can
be detected by observing a deviation from normal or expected behavior of the system or
the users. The model of normal or valid behavior is extracted from reference information
collected by various means. The intrusion detection system later compares this model with
the current activity. When a deviation is observed, an alarm is generated. In other words,
anything that does not correspond to a previously learned behavior is considered intrusive.
The high false alarm rate is generally cited as the main drawback of behavior-based
techniques because the entire scope of the behavior of an information system may not be
covered during the learning phase. Also, behavior can change over time, introducing the
need for periodic online retraining of the behavior profile, resulting either in unavailability
of the intrusion detection system or in additional false alarms. To get the most out of this
kind of IDS you need to have very static behavior on your network and the user actions,
this is because any new thing is considered dangerous, providing many false-positives but
increased security. If you are in a very “dynamic” environment these kind of IDS system is
Which of the following statements pertaining to VPN protocol standards is false?
A. L2TP is a combination of PPTP and L2F.
B. L2TP and PPTP were designed for single point-to-point client to server communication.
C. L2TP operates at the network layer.
D. PPTP uses native PPP authentication and encryption services.
Explanation: The Layer 2 Tunnel Protocol (L2TP) is an emerging Internet Engineering
Task Force (IETF) standard that combines the best features of two existing tunneling
protocols: Cisco’s Layer 2 Forwarding (L2F) and Microsoft’s Point-to-Point Tunneling
Protocol (PPTP). L2TP is an extension to the Point-to-Point Protocol (PPP), which is an
important component for VPNs. VPNs allow users and telecommuters to connect to their
corporate intranets or extranets. VPNs are cost-effective because users can connect to the
Internet locally and tunnel back to connect to corporate resources. This not only reduces
overhead costs associated with traditional remote access methods, but also improves
flexibility and scalability.
PPTP and L2TP are Layer 2 tunneling protocols; both encapsulate the payload in a
Point-to-Point Protocol (PPP) frame to be sent across an intermediate network.
What is the most critical characteristic of a biometric identifying system?
A. Perceived intrusiveness
B. Storage requirements
Explanation: The principle of biometrics is to use some unique characteristic to identify
whether the person is who they say they are. Biometrics works by matching or verifying a
person’s unique traits with stored data in two categories: physiological characteristics and
those that are behavioral. Physical indicators include iris, fingerprint, facial, or hand
geometry. Behavior types are usually voiceprints, keystroke dynamics and handwritten
signatures. Most biometric technologies require special hardware to convert analog
measurements of signatures, voices, or patterns of fingerprints and palm prints, to digital
measurement, which computers can read.
The biggest characteristic and problem of biometric implementations today is the accuracy, we
must see the level of accuracy before buying a solution, because the technology is not perfect at
this time and it can be erroneous sometimes.
RAID Software can run faster in the operating system because neither use the hardware-level
parity drives by?
A. Simple striping or mirroring.
B. Hard striping or mirroring.
C. Simple hamming code parity or mirroring.
D. Simple striping or hamming code parity.
This is true, if we do not use parity in our RAID implementation, like RAID 1 (Mirroring)
or RAID 0 (Stripping) we can improve performance because the CPU does not need waste
cycles to make the parity calculations. For example this can be achieved in Windows 2000
server through the use of RAID 0 (No fault tolerance, just stripping in 64kb chunks) or
RAID 1 (Mirroring through a file system driver). This is not the case of RAID 5 that
actually use parity to provide fault tolerance.
The guarantee that the message sent is the message received, and that the message was not
intentionally or unintentionally altered is?
Explanation: Here are 2 definitions for Data Integrity:
1. The condition existing when data is unchanged from its source and has not been accidentally
or maliciously modified, altered, or destroyed.
2. The condition in which data are identically maintained during any operation, such as transfer,
storage, and retrieval.
Availability refers to get access to data when and where you need it. Confidentiality deals with
encryption and data protection against third party interception. Identity deals with authentication.
Which of the following is a preventive control?
A. Motion detectors
B. Guard dogs
C. Audit logs
D. Intrusion detection systems
Explanation: This is very obvious. Since we want to prevent something from happening, we
can go out and buy some Guard dogs to make the job. You are buying them because you
want to prevent something from happening. The intruder will see the dogs and will maybe
go back, this prevents an attack, this dogs are a form of preventive control. Motion
Detectors and IDS are real-time, Audit Logs are passive.
What uses a key of the same length as the message?
A. Running key cipher
B. One-time pad
D. Cipher block chaining
Explanation: The one time pad is the most secure, and one of the simplest of all
cryptographic methods. It was invented and patented just after World War I by Gilbert
Vernam (of AT&T) and Joseph Mauborgne (USA, later chief of the Signal Corps). The
fundamental features are that the sender and receiver each have a copy of an encryption
key, which is as long as the message to be encrypted, and each key is used for only one
message and then discarded. That key must be random, that is without pattern, and must
remain unknown to any attacker. In addition, the key must never be reused, otherwise the
cipher becomes trivially breakable. One of its features it’s the key length, it’s the same as
Which of the following protocols operates at the session layer (layer 5)?
Explanation: The socket method of network use is a message-based system, in which one
process writes a message to another. This is a long way from the procedural model.
The remote procedure call is intended to act like a procedure call, but to act across the network
transparently. The process makes a remote procedure call by pushing its parameters and a return
address onto the stack, and jumping to the start of the procedure. The procedure itself is
responsible for accessing and using the network. After the remote execution is over, the
procedure jumps back to the return address. The calling process then continues. RPC works at
the Session layer of the OSI model.
Which of the following are NOT a countermeasure to traffic analysis?
A. Padding messages
C. Sending noise
D. Covert channel analysis
Explanation: Lets do this with a elimination process. With padding messages you can
countermeasure traffic analysis because you add garbage information to the message to let
in end in a fixed length, this can confuse the analyzer. Sending noise on the communication
line could also countermeasure analysis because the analyzer don’t now how to
differentiate between real information and noise. You can also covert channel analysis.
Eavesdropping does not apply in this situation, its not considered a counter measure to
Which of the following layers of the ISO/OSI model do packet filtering firewalls operate
A. Application layer
B. Session layer
C. Network layer
D. Presentation layer
Explanation: Packet filtering firewalls work at the network level of the OSI model, or the
IP layer of TCP/IP. These firewalls are normally part of a router, which is a device that
receives and forwards packets to networks. “In a packet filtering firewall each packet is
compared to a set of criteria before it is forwarded. Depending on the packet and the
criteria, the firewall can drop the packet, forward it, or send a message to the originator.”
The criteria used to evaluate a packet include source, destination IP address, destination
port, and protocol used. These types of firewalls are low in cost and don’t have much of an
impact on the network’s performance.
A prolonged high voltage is?
Explanation: A surge is a prolonged spike, it occur when the power level rises above
normal levels and then drop back to normal in less than one second. A Spike occurs when
the power level rises above normal levels and stays there for more than 1 or 2 seconds.. A
blackout is the total loss of power and a fault is the opposite of a Spike, it’s a lowering in
the voltage, its usually around one second. The surge is the most dangerous from the listed
How do the Information Labels of Compartmented Mode Workstation differ from the Sensitivity
Levels of B3 evaluated systems?
A. Information Labels in CMW are homologous to Sensitivity Labels, but a different term was
chosen to emphasize that CMW’s are not described in the Orange Book.
B. Information Labels contain more information than Sensitivity Labels, thus allowing more
granular access decisions to be made.
C. Sensitivity Labels contain more information than Information Labels because B3+ systems
should store more sensitive data than workstations.
D. Information Labels contain more information than Sensitivity Labels, but are not used by the
Reference Monitor to determine access permissions.
Explanation: The primary goal of the compartmented mode workstation (CMW) project
was to articulate the security requirements that workstations must meet to process highly
classified intelligence data. As a basis for the validity of the requirements developed, a
prototype was implemented which demonstrated that workstations could meet the
requirements in an operationally useful manner while still remaining binary compatible
with off-the-shelf software. The security requirements not only addressed traditional
security concerns but also introduced concepts in areas such as labeling and the use of a
trusted window management system. The CMW labeling paradigm is based on associating
two types of security labels with objects: sensitivity levels and information labels.
Sensitivity levels describe the levels at which objects must be protected. Information labels
are used to prevent data over classification and also provide a mechanism for associating
with data those markings that are required for accurate data labeling, but which play no
role in access control decisions. The use of a trusted window manager allows users to easily
operate at multiple sensitivity levels and provides a convenient mechanism for
communicating security information to users in a relatively unobtrusive manner.
Information labels are not used by reference monitor, permissions are referenced in
In what security mode can a system be operating if all users have the clearance or authorization
and need-to-know to all data processed within the system?
A. Dedicated security mode.
B. System-high security mode.
C. Compartmented security mode.
D. Multilevel security mode.
Explanation: An information-system (IS) security mode of operation wherein each user
with direct or indirect
access to the system, its peripherals, remote terminals, or remote hosts, has all of the
Following: (a) a valid security clearance for all information within the system; (b) formal
access approval and signed nondisclosure agreements for all the information stored and/or
processed (including all compartments, sub compartments, and/or special access
programs); and (c) a valid need_to_know for all information contained within the IS. When
in the dedicated security mode, a system is specifically and exclusively dedicated to and
controlled for the processing of one particular type or classification of information, either
for full-time operation or for a specified period of time.
What are the three conditions that must be met by the reference monitor?
A. Confidentiality, availability and integrity.
B. Policy, mechanism and assurance.
C. Isolation, layering and abstraction.
D. Isolation, completeness and verifiability.
Explanation: These are three of the main characteristics of a Reference Monitor. You need
Isolation, because it cant be of public access, the less access the better. It must have a sense
of completeness to provide the whole information and process cycles. It must be verifiable,
to provide security, audit and accounting functions.
While referring to Physical Security, what does Positive pressurization means?
A. The pressure inside your sprinkler system is greater than zero.
B. The air goes out of a room when a door is opened and outside air does not go into the room.
C. Causes the sprinkler system to go off.
D. A series of measures that increase pressure on employees in order to make them more
Positive Pressurization is a condition that exists when more air is supplied to a space than
is exhausted, so the air pressure within that space is greater than that in surrounding
areas. This condition can cause the situation mentioned above in the answer B, you can
make air go out of a room but not enter to it from the outside.
The baseline sets certain thresholds for specific errors or mistakes allowed and the amount of
these occurrences that can take place before it is considered suspicious?
A. Checkpoint level
B. Ceiling level
C. Clipping level
D. Threshold level
Explanation: According to CISSP documentation, this is the proper term, The Clipping
level is used to determine suspicious occurrences that are a production of errors or
mistakes. Checkpoint level is not a related term. Ceiling level is not related to baselines.
Threshold level is attractive, but is not the correct term. Take a look at your CISSP
The most prevalent cause of computer center fires is which of the following?
A. AC equipment
B. Electrical distribution systems.
C. Heating systems
D. Natural causes
Explanation: According to static’s, this is the greatest cause, Electrical distribution
systems, specially those not installed through standards are very prone to fail and make
fire inside places. AC equipment its not very prone to make fire. Natural causes it’s a
possibility but is definitively not the most prevalent cause. Heating systems are a very rare
case of Fire beginners.
An offsite backup facility intended to operate an information processing facility, having no
computer or communications equipment, but having flooring, electrical writing, air conditioning,
etc. Is better known as a?
A. Hot site
B. Duplicate processing facility
C. Cold site
D. Warm site
Explanation: A cold site has all the appropriate power requirements, and floor space to
install the hardware and to enable you to recreate your computer environment, but does
not provide the actual equipment. Many of the companies that provide hot sites also
provide cold sites. It may be reasonable for your company to consider creating its won cold
site if your company has floor space available in another location than the home site. They
require much more outage than Hot sites before operations can be restored.
Which of the following are necessary components of a Multi-Level Security Policy?
A. Sensitivity Labels and a “system high” evaluation.
B. Sensitivity Labels and Discretionary Access Control.
C. Sensitivity Labels and Mandatory Access Control.
D. Object Labels and a “system high” evaluation.
Explanation: First implemented in Military organizations (and I think even today it’s
implemented there only), this model was a significant improvement in terms of security
policy implementation. This model made implementation of complex security policies very
simple. It’s specifications are present in the orange book from DoD. In this model, every
object is assigned a sensitivity label. Also, every user is assigned a sensitivity label. If a
user’s sensitivity label is greater than or equal to the sensitivity label, he is allowed access
to the object, otherwise, he is denied access. This methodology is used for creating a
hierarchy of access. We can say that this method is used for partitioning the organization
Multi-Level Security is considered a Mandatory Access Control method.
Which of the following, used to extend a network, has a storage capacity to store frames
and act as a store-and-forward device?
Explanation: A bridge is a network device that connects two similar network segments
together. The primary function of a bridge is to keep traffic separated on both sites of the
bridge. Traffic is allowed to pass through the bridge only if the transmission is intended for
a station in the opposite side. Bridges operate at the data link layer of the OSI model an
provides two different collision domains in Ethernet, but they only provide one broadcast
domain for layer 3 an up of the OSI model. The bridge can store frames and forward them
in many forms like Cut-through and Store and Forward.
Which of the following is addressed by Kerberos?
A. Authorization and authentication.
B. Validation and integrity.
C. Confidentiality and integrity.
Explanation: Kerberos is a network authentication protocol. It is designed to provide
strong authentication for client/server applications by using secret-key cryptography. A
free implementation of this protocol is available from the Massachusetts Institute of
Technology. Kerberos is available in many commercial products as well. Kerberos was
created by MIT as a solution to these network security problems. The Kerberos protocol
uses strong cryptography so that a client can prove its identity to a server (and vice versa)
across an insecure network connection. After a client and server has used Kerberos to
prove their identity, they can also encrypt (confidentiality) all of their communications to
assure privacy and data integrity as they go about their business.
Access Control techniques do not include which of the following choices?
A. Relevant Access Controls
B. Discretionary Access Control
C. Mandatory Access Control
D. Lattice Based Access Control
Explanation: Relevant Access Controls are not included as a Access Control Technique.
Lattice-based access control models were developed in the early 1970s to deal with the
confidentiality of military information. In the late 1970s and early 1980s, researchers applied
these models to certain integrity concerns. Later, application of the models to the Chinese Wall
policy, a confidentiality policy unique to the commercial sector, was demonstrated.
Discretionary control is the most common type of access control mechanism implemented in
computer systems today. The basis of this kind of security is that an individual user, or program
operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or
programs executing on their behalf) may have to information under the user’s control.
Discretionary Access control security differs from mandatory access control security in that it
implements the access control decisions of the user. Mandatory controls are driven by the results
of a comparison between the user’s trust level or clearance and the sensitivity designation of the
Why is public key cryptography recommended for use in the process of securing facsimiles
A. Keys are never transmitted over the network.
B. Data compression decreases key change frequency.
C. Key data is not recognizable from facsimile data.
D. The key is securely passed to the receiving machine.
Explanation: In this method of cryptography we use 2 keys, one to encrypt the data, and
another to decrypt it. In Public Key Cryptography, the users have a public and a private
key, the public key is of free distribution and is usually published in a directory, while the
private keys must be keep secure. This allows the keys to pass in a secure fashion to the
receiving machine, its because the public key is not confidential and can be send through a
secure channel. You need to use a certification authority to make this kind of cryptography
Database views are not used to:
A. Implement referential integrity.
B. Implement least privilege.
C. To implement content-dependent access restrictions.
D. Implement need-to-know.
Explanation: A View is a display of one or more table shows that shows the table data. You
can even retrieve part of the table and display the same to the user. Before a user is able to
use a view, they must have both, permission on the view and all dependent objects. Views
can also be used to implement security, for example you can create a view that only shows 3
of 5 columns contained in a table. Views are not used to provide integrity you can use
constraints, rule or other components of database systems.
Which of the following is most concerned with personnel security?
A. Management controls
B. Operational controls
C. Technical controls
D. Human resources controls.
Explanation: Personnel security always have to deal more with Operational controls,
Operational controls provide the guidelines and the correct procedures to implement the
different operations. Management controls are usually used only by managers. Human
resources and Technical Controls are not related to personal security as the question states.
See the different control definitions in your CISSP documentation.
Which of the following statements pertaining to the Trusted Computer System Evaluation
Criteria (TCSEC) is incorrect?
A. With TCSEC, functionality and assurance are evaluated separately.
B. TCSEC provides a means to evaluate the trustworthiness of an information system.
C. The Orange book does not cover networks and communications.
D. Data base management systems are not covered by the TCSEC.
Explanation: TCSEC does not separate functionality and assurance from evaluation. It
makes them a combined criteria. Just to remember, The Trusted Computer System
Evaluation Criteria (TCSEC) is a collection of criteria used to grade or rate the security
offered by a computer system product. The TCSEC is sometimes referred to as “the
Orange Book” because of its orange cover (Orange Book deals with networks and
communications). The current version is dated 1985 (DOD 5200.28-STD, Library
No.S225,711) The TCSEC, its interpretations and guidelines all have different color covers,
and are sometimes known as the “Rainbow Series”. Database management is also covered
The Orange Book is used to evaluate whether a product contains the security properties
the vendor claims it does and whether the product is appropriate for a specific application
or function. The Orange Book is used to review the functionality, effectiveness, and
assurance of a product during its evaluation, and it uses classes that were devised to
address typical patterns of security requirements.
– Shon Harris, “CISSP All-in-One Exam Guide”, 3rd Ed, p 302.
Which of the following could illegally capture network user passwords?
A. Data diddling
Explanation: Sniffing is the action of capture the information going over the network.
Most popular way of connecting computers is through Ethernet. Ethernet protocol works by
sending packet information to all the hosts on the same circuit. The packet header contains the
proper address of the destination machine. Only the machine with the matching address is
suppose to accept the packet. A machine that is accepting all packets, no matter what the packet
header says, is said to be in promiscuous mode. Because, in a normal networking environment,
account and password information is passed along Ethernet in clear-text, it is not hard for an
intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines
on the net by capturing password in an illegal fashion.
Which trusted facility management concept implies that two operators must review and approve
the work of each other?
A. Two-man control
B. Dual control
C. Double control
D. Segregation control
Explanation: The proper term for this trusted facility management concept is “Two-man
Control”, it means that two people must work and approve each others work to provide
increased security and eliminate the possibility of one of them to hurt the company. For
example they can only make changes to the system if both of them authenticate with their
retina at the same time at the data center and enter their secret password This kind of
work fashion is only used in highly secure environments, its not very common.
There are more than 20 books in the Rainbow Series. Which of the following covers password
A. Orange Book
B. Green Book
C. Red Book
D. Lavender Book
Explanation: The DoD Password Management Guideline was published at 12 April 1985, it
is also called the “Green Book” because of the color of its cover. Here is the password
definition according to it: “A character string used to authenticate an identity. Knowledge
of the password that is associated with a user ID is considered proof of authorization to use
the capabilities associated with that user ID.”
Which of the following is an ip address that is private? (i.e. reserved for internal networks, and
not a valid address to use on the Internet)?
Explanation: The IP address 172.16.42.5 is contained in a class B reserved network, IANA
reserved the 172.16.0.0 through 172.31.255.255 networks for internal use, this network its
not routable in Internet and its commonly used in intranets. Class B networks are used in
medium-sized networks. In class B networks, the two high order bits are always 10, and
then remaining bits are used to define 16.384 networks, each with as many as 65.534 hosts
attached. Examples of valid Class B networks include Microsoft and Exxon.
How fast is private key cryptography compared to public key cryptography?
A. 10 to 100 times faster.
B. 100 to 1000 times faster.
C. 1000 to 10000 times faster.
D. 10000 to 20000 times faster.
Explanation: Since Private Key encryption (Symmetric) only has one key for
encrypt-decrypt, you need to use an alternative way to pass the shared secret in a secure
manner, in our days, it’s usually done by telephone or some secure methods that not
involve the channel you are trying to secure. Also, since you need one different key to
encrypt-decrypt every connection, the number of keys gets huge in a little time, for
example, if we have 10 users trying to communicate between themselves, we have 100
different encryption keys to manage. There is an advantage for Private key encryption, the
encryption is very fast, about 1000 / 10000 times faster than asymmetric encryption.
The continual effort of making sure that the correct policies, procedures and standards are in
place and being followed is described as what?
A. Due care
B. Due concern
C. Due diligence
D. Due practice
Explanation: “Due care means that a company did all that it could have reasonable done to
try and prevent security breaches, and also took the necessary steps to ensure that if a
security breach did take place, the damages were reduced because of the controls or
countermeasures that existed. Due care means that a company practiced common sense
and prudent management practices with responsible actions. Due diligence meants that the
company properly investigated all of their possible weaknesses and vulnerabilities before
carrying out any due care practices.
The following list describes some of the actions required to show that due care is being properly
practiced in a corporation:
Adequate physical and logical access controls
Adequate telecommunication security, which could require encryption
Proper information, application, and hardware backups
Disaster recovery and business continuity plans
Periodic review, drills, tests, and improvement in disaster recovery and business continuity plans
Properly informing employees of expected behavior and ramifications of not following these
Developing a security policy, standards, procedures, and guidelines
Performing security awareness training
Running updated antivirus software
Periodically performing penetration test from outside and inside the network
Implementing dial-back or preset dialing features on remote access applications
Abiding by and updating external service level agreements (SLAs)
Ensuring that downstream security responsibilities are being met
Implementing measure that ensure software piracy is not taking place
Ensuring that proper auditing and reviewing of those audit logs are taking place
Conducting background checks on potential employees”
Pg. 616 Shon Harris: CISSP Certification All-in-One Exam Guide
Which tape format type is mostly used for home/small office backups?
A. Quarter Inch Cartridge drives (QIC)
B. Digital Linear Tapes (DLT)
C. 8mm tape
D. Digital Audio Tape (DAT)
Explanation: QIC technology utilizates belt-driven dual-hub cartridges containing integral
tape motion and guidance mechanisms, providing a rich spectrum of compatible solutions
across a wide range of PC system platforms. QIC reliability is unsurpassed by any other
removable storage technology. Reliability can be measured both in mean-time-between
failure (MTBF) and, more practically, as a function of drive duty cycles. QIC has a
worldwide installed base in excess of 15 million drives — more than twice that of any
alternate removable storage technology — a level of acceptance that would have been
unachievable without rock-solid reliability. QIC is the most common tape solution for
In an organization, an Information Technology security function should:
A. Be a function within the information systems function of an organization.
B. Report directly to a specialized business unit such as legal, corporate security or insurance.
C. Be lead by a Chief Security Officer and report directly to the CEO.
D. Be independent but report to the Information Systems function.
Explanation: This is one of the best practices because its not good to be lead and report to
the same person, in that case, that person could take possession of everything that is
happening and hurt the enterprise, we can’t let that to happen with security concerns. The
best practice is to always be lead by a different person that the one you report to, this can
be checked in real life. An advice, always try to report to the highest person you can inside
Who of the following is responsible for ensuring that proper controls are in place to address
integrity, confidentiality, and availability of IT systems and data?
A. Business and functional managers.
B. IT Security practitioners.
C. System and information owners.
D. Chief information officer.
Explanation: This is true, the people who own the information and the equipment are the
ones who need to ensure they are making everything to get integrity, confidentiality and
availability. The security professionals can develop policies and show how to keep the
environment secure, but it depends on the owners of the actual data to achieve the security.
The act of requiring two of the three factors to be used in the authentication process refers to?
A. Two-Factor Authentication
B. One-Factor Authentication
C. Bi-Factor Authentication
D. Double Authentication
Explanation: Two-Factor Authentication is a security process that confirms user identities
using two distinctive factors-something you know, such as a Personal Identification
Number (PIN), and something you have, such as a smart card or token.
The overall strength of Two-Factor Authentication lies in the combination of both factors,
something you know and something you have.
This type of backup management provides a continuous on-line backup by using optical or tape
“jukeboxes”, similar to WORMs, (Write Once, Read Many)
A. Hierarchical Storage Management (HSM).
B. Hierarchical Resource Management (HRM).
C. Hierarchical Access Management (HAM).
D. Hierarchical Instance Management (HIM).
Explanation: Hierarchical Storage Management originated in the mainframe world where
it was used to minimize storage costs. The HSM name signifies that the software has the
intelligence to move files along a hierarchy of storage devices that are ranked in terms of
cost per megabyte of storage, speed of storage and retrieval, and overall capacity limits.
Files are migrated along the hierarchy to less expensive forms of storage based on rules
tied to the frequency of data access. File migration and retrieval is transparent to users.
Two major factors, data access response time and storage costs determine the appropriate
combination of storage devices used in HSM. A typical three tier strategy may be
composed of hard drives as primary storage on the file servers, rewritable optical as the
secondary storage type, and tape as the final tertiary storage location. If faster access is
required, a hard drive can be considered as an alternative to optical for secondary storage,
and WORM (Write Once, Read Many) optical can also be implemented, in place of tape, as
the final storage destination.
Which of the following elements is not included in a Public Key Infrastructure (PKI)?
B. Lightweight Directory Access Protocol (LDAP)
C. Certificate revocation
D. Internet Key Exchange (IKE)
Explanation: Public key cryptography is one mechanism that is often used to fulfill the
security requirements necessary to conduct electronic transactions over public networks.
PKI (public key infrastructure) and cryptography based solutions are taking the lead in secure
e-commerce. PKI addresses nonrepudiation of identity using a dual-key encryption system that
allows users to uniquely sign documents with a digital signature. Public key cryptography uses
pairs of keys, each pair consisting of one public key and one private key. Information encrypted
with one key in the pair can only be decrypted with the other key. LDAP is issued to bring user
information and Timestamping to track changes over time. PKI also relies on certificated and
CRL (Certificate Revocation list) to discard compromised, expired digital certificates.
Which of the following best corresponds to the type of memory addressing where the address
location that is specified in the program instruction contains the address of the final desired
A. Direct addressing
B. Indirect addressing
C. Indexed addressing
D. Program addressing
Explanation: An addressing mode found in many processors’ instruction sets where the
instruction contains the address of a memory location which contains the address of the
operand (the “effective address”) or specifies a register which contains the effective
address. Indirect addressing is often combined with pre- or post- increment or decrement
addressing, allowing the address of the operand to be increased or decreased by one (or
some specified number) either before or after using it.
Creation and maintenance of intrusion detection systems and processes for the following is one
of them identify it:
A. Event nonrepudiation
B. Event notification
C. Netware monitoring
D. Guest access
Explanation: There is not much to explain or comment in here, when you administer an
IDS system you have to deal with the maintenance and creation of event notification
processes, this have to be reviewed every certain time. This is a well known topic for any
Intrusion detection system administrator. This notifications will save your life when your
network is being attacked and you get real time notifications that will allow you to shut
down your external interface before the attacker gets what he was looking for.
Which of the following is true related to network sniffing?
A. Sniffers allow an attacker to monitor data passing across a network.
B. Sniffers alter the source address of a computer to disguise and exploit weak authentication
C. Sniffers take over network connections.
D. Sniffers send IP fragments to a system that overlap with each other.
Explanation: Sniffing is the action of capture / monitor the traffic going over the network.
Because, in a normal networking environment, account and password information is passed
along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous
mode and by sniffing, compromise all the machines on the net by capturing password in an
Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol
A. User datagram protocol (UDP)
B. Internet protocol (IP)
C. Address resolution protocol (ARP)
D. Internet control message protocol (ICMP)
Explanation: UDP (User Datagram Protocol) is a communications method (protocol) that
offers a limited amount of service when messages are exchanged between computers in a
network that uses the Internet Protocol (IP). UDP is an alternative to the Transmission
Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the
Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit
(called a datagram) from one computer to another. Unlike TCP, however, UDP does not
provide the service of dividing a message into packets (datagrams) and reassembling it at
the other end. Specifically, UDP doesn’t provide sequencing of the packets that the data
arrives in. UDP is implemented at the Transport layer of the TCP/IP protocol model.
Which of the following is used to help business units understand the impact of a disruptive
A. A risk analysis.
B. A business impact assessment.
C. A vulnerability assessment.
D. A disaster recovery plan.
Explanation: A Business impact assessment can provide information in combination with
the BIA to the different business units about how can an attack impact or disrupt the
business. Every disaster recovery plan should include an study containing a BIA and a
Business impact assessment to better understand how is going to be in the case that a
business continuity disruptive event takes place.
A contingency plan should address?
A. Potential risks
B. Residual risks
C. Identified risks
D. All of the above
Explanation: This is true, as stated in CISSP documentation, you should address any
possible “Residual Risk” at your contingency plan to minimize business impact when you
are in a downtime situation. The identified Risks and the Potential Risks are not identified
there, they are identified earlier.
In the OSI/ISO model, at what level is SET (SECURE ELECTRONIC TRANSACTION
Explanation: This protocol was created by VISA and MasterCard as a common effort to
make the buying process over the Internet secure through the distribution line of those
companies. It is located in layer 7 of the OSI model, the application layer. SET uses a
system of locks and keys along with certified account IDs for both consumers and
merchants. Then, through a unique process of “encrypting” or scrambling the information
exchanged between the shopper and the online store, SET ensures a payment process that
is convenient, private and most of all secure.
A packet filtering firewall looks at the data packet to get information about the source and
destination addresses of an incoming packet, the session’s communications protocol (TCP, UDP
or ICMP), and the source destination application port for the?
A. Desired service
B. Dedicated service
C. Delayed service
D. Distributed service.
Explanation: This is true, the packets filters show the desired service port (Remember that
they are layer 3 devices), this is because you can have many different referenced port
number in the destination port field of the different packets. You have to look for the
well-known port numbers of the service desired. For example, look in port 80 for HTTP
and port 21 for FTP. This is the correct terminology, see the features of Packet Filters in
your CISSP documentation.
Packet Filtering Firewalls system is considered a?
A. First generation firewall.
B. Second generation firewall.
C. Third generation firewall.
D. Fourth generation firewall.
Explanation: Firewall technology is a young but quickly maturing industry. The first
generation of firewall architectures has been around almost as long as routers, first
appearing around 1985 and coming out of Cisco’s IOSsoftware division. These firewalls are
called packet filter firewalls. However, the first paper describing the screening process
used by packet filter firewalls did not appear until 1988, when Jeff Mogul from Digital
Equipment Corporation published his studies. At this time we are in the Fourth generation
of firewall devices and software.
When should a post-mortem review meeting be held after an intrusion has been properly taken
A. Within the first three months after the investigation of the intrusion is completed.
B. Within the first week after prosecution of intruders have taken place, whether successful or
C. Within the first month after the investigation of the intrusion is completed.
D. Within the first week of completing the investigation of the intrusion.
Explanation: As stated in CISSP documentation, you should make post mortem review
meetings after taking care of the intrusion, and no more than one week after the facts. Its
not a good practice to wait more than this time, it’s a matter of common sense too, three
months, one month, 2 weeks, its too much time.
Which of the following can be used as a covert channel?
A. Storage and timing.
B. Storage and low bits.
C. Storage and permissions.
D. Storage and classification.
Explanation: Those are the proper elements, you can use these two to achieve a covert
channel. Low bits is not a term related to covert channels. Permissions are related to
authentication, they do not achieve what the question wants. Also, classification is could not
selected as a correct choice.
Check your official CISSP documentation to see what can be used as a covert channel.
“An active variation on eavesdropping is called Covert Channel eavesdropping, which consists
of using a hidden unauthorized network connection to communicate unauthorized information. A
Covert Storage Channel operates by writing information to storage by one process and then
reading by using another process from a different security level. A Covert Timing Channel
signals information to another process by modulating its own resource use to affect the response
time of another.” Pg. 101 Krutz: The CISSP Prep Guide: Gold Edition
Which software development model is actually a meta-model that incorporates a number of the
software development models?
A. The Waterfall model.
B. The modified Waterfall model.
C. The Spiral model.
D. The Critical Patch Model (CPM).
The spiral model for software engineering has evolved to encompass the best features of
the classic waterfall model, while at the same time adding an element known as risk
analysis. The spiral model is more appropriate for large, industrial software projects and
has four main blocks/quadrants. Each release or version of the software requires going
through new planning, risk analysis, engineering and customer evaluation phases and this
is illustrated in the model by the spiral evolution outwards from the center. For each new
release of a software product, a risk analysis audit should be performed to decide whether
the new objectives can be completed within budget (time and costs), and decisions have to
be made about whether to proceed. The level of planning and customer evaluation is
missing from the waterfall model which is mainly concerned with small software programs.
The spiral model also illustrated the evolutionary development of software where a solution
may be initially proposed which is very basic (first time round the loop) and then later
releases add new features and possibly a more elaborate GUI.
What is not true with pre-shared key authentication within IKE / IPsec protocol:
A. Pre-shared key authentication is normally based on simple passwords.
B. Needs a PKI to work.
C. Only one preshared key for all VPN connections is needed.
D. Costly key management on large user groups.
Explanation: Pre-Shared Secret is usually used when both ends of the VPN lacks access to
a compatible certificate server. Once you have defined all the endpoints in your VPN, you
can establish a password that is used to authenticate the other end of the connection, this is
the Pre-Shared secret. Since you are using Pre-Shared key because you don’t have an
available / compatible certificate server, IPSEC and IKE do not need to use PKI in this
case (that actually provides the certificate server infrastructure).
Which question is NOT true concerning Application Control?
A. It limits end users of applications in such a way that only particular screens are visible.
B. Only specific records can be requested choice.
C. Particular uses of the application can be recorded for audit purposes.
D. Is non-transparent to the endpoint applications so changes are needed to the applications
Explanation: Application control provides a transparent feeling to endpoint applications
when changes are needed, this is one of the features of it. With application control you can
audit certain use of the applications involved and only specify record of your choice. There
is also the possibility to limit the end users applications to provide access to only certain
screens. Check your CISSP documentation about Application Control.
In order to ensure the privacy and integrity of the data, connections between firewalls over
public networks should use?
A. Screened subnets
B. Digital certificates
C. Encrypted Virtual Private Networks
Explanation: This is the correct answer, since firewall does not mean “VPN” we have to
select “Encrypted Virtual Private Networks”. With a VPN and encryption we can provide
secure communication in a transparent way for the users between the endpoints achieving
“Confidentiality”. This confidentiality is achieved through encryption, and this encryption
relies on encryption algorithms like AES, DES, CAST and others. Screened Subnet are not
related to secure data over public networks, it’s a place to put our network services
accessible from the outside. Digital certificates do not provide confidentiality, they only
What is necessary for a subject to have write access to an object in a Multi-Level Security
A. The subject’s sensitivity label must dominate the object’s sensitivity label.
B. The subject’s sensitivity label subordinates the object’s sensitivity label.
C. The subject’s sensitivity label is subordinated by the object’s sensitivity label.
D. The subject’s sensitivity label is dominated by the object’s sensitivity label.
What best describes a scenario when an employee has been shaving off pennies from multiple
accounts and depositing the funds into his own ban account?
A. Data fiddling
B. Data diddling
C. Data hiding
D. Data masking
Explanation: This kind of an attack involves altering the raw data just before it is
processed by a computer and then changing it back after the processing is completed. This
kind of attack was used in the past to make what is stated in the question, steal small
quantities of money and transfer them to the attackers account. See “Data deddling
crimes” on the Web.
The most correct answer is ‘Salami’, but since that is not an option the most correct answer is
“A salami attack is committing several small crimes with the hope that the overall larger crime
will go unnoticed. ….An example would be if an employee altered a banking software program
to subtract 5 cents from each of the bank’s customers’ accounts once a month and moved this
amount to the employee’s bank account. If this happened to all of the bank’s 50,000 customer
accounts, the intruder could make up to $ 30,000 a year.
Data diddling refers to the alteration of existing data. Many times this modification happens
before it is entered into an application or as soon as it completes processing and is outputted
from an application.
There was an incident in 1997, in Maryland, where a Taco Bell employee was sentenced to ten
years in jail because he reprogrammed the drive-up window cash register to ring up ever 42.99
order as one penny. He collected the full amount from the customer, put the penny in the till, and
pocketed the other $2.98. He made $3600 before his arrest.”
Pg. 602-603 Shon Harris: All-In-One CISSP Certification Exam Guide
Which of the following is unlike the other three?
A. El Gamal
C. Buffer Overflow
Explanation: Options B, C and D are all Denial of Service attacks. El Gamal is the
Diffie-Hellman key exchange algorithm and is usually described as an active exchange of
keys by two parties. The buffer overflow attack objective is consume the available memory
for the TCP/IP protocol stack to make the machine crash. Teardrop and Smurf are DoS
attacks that make use of spoofing.
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud
manipulates the line voltage to receive a tool-free call?
A. Red Boxes
B. Blue Boxes
C. White Boxes
D. Black Boxes
Explanation: A Black Box is a device that is hooked up to your phone that fixes your phone
so that when you get a call, the caller doesn’t get charged for the call. This is good for calls
up to 1/2 hour, after 1/2 hour the Phone Co. gets suspicious, and then you can guess what
The Red box basically simulates the sounds of coins being dropped into the coin slot of a
payphone. The traditional Red Box consisting of a pair of Wien-bridge oscillators with the
timing controlled by 555 timer chips. The Blue Box, The mother of all boxes, The first box in
history, which started the whole phreaking scene. Invented by John Draper (aka “Captain
Crunch”) in the early 60s, who discovered that by sending a tone of 2600Hz over the telephone
lines of AT&T, it was possible to make free calls.
The White Box turns a normal touch tone keypad into a portable unit. This kind of box can be
commonly found in a phone shop.
Which of the following groups represents the leading source of computer crime losses?
B. Industrial saboteurs
C. Foreign intelligence officers
Explanation: This can be checked at the computer crime static’s on the web. Most of the
attacks, actually 70% of them, come from inside the company, and 80% of them from
employees of it. This is a reality, when we protect our infrastructure be sure to give great
importance to internal security, we don’t when is one of the company employees going to
make a strike. Hackers are also important, but less than our own employees.
Which of the following steps should be performed first in a business impact analysis (BIA)?
A. Identify all business units within the organization.
B. Evaluate the impact of disruptive events.
C. Estimate the Recovery Time Objectives (RTO).
D. Evaluate the criticality of business functions.
Explanation: Remember that when we talk about a BIA (Business Impact Analysis), we are
analyzing and identifying possible issues about our infrastructure. It’s an analysis about
the business, the process that it relays on, the level of the systems and a estimative of the
financial impact, or in other words, how much many we loose with our systems down. The
first step on it should always be the identifying of the business units in the company. You
can then go to other requirements like estimate losses and downtime costs.
Which of the following embodies all the detailed actions that personnel are required to follow?
Explanation: As stated in the dictionary, here are 3 definitions of procedure:
1. A manner of proceeding; a way of performing or effecting something: standard procedure.
2. A series od steps taken to accomplish an end: a medical procedure; evacuation procedures.
3. A set of established forms or methods for conducting the affairs of an organized body such as
a business, club, or government.
Its pretty visible that this is the term we are looking for as stated in the questions, you can check
your CISSP documentation too.
Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer
effective usable length (up to two kilometers in some cases) is?
A. Coaxial cable
B. Twisted Pair cable
C. Axial cable
D. Fiber Optic cable
Explanation: Since fiber optics does not use electrical signals to transmit the information
(it uses lights that goes through the mirrored silvered cable from source to end), its not
affected by EMI (Electro Magnetic Interference) like other copper transmission methods
like 10base5 and 10base2, therefore EMI does not affect the possible transmission distance.
Fiber optics can have a great distance between end points, much greater than the copper
transmission methods. Examples of Fiber optics standards are: 100BaseFX and
Which of the following is the most reliable, secure means of removing data from magnetic
storage media such as a magnetic tape, or cassette?
B. Parity Bit Manipulation
D. Buffer overflow
Explanation: An alternating current (AC) bulk eraser (degausser) is used for complete
erasure of data and other signal on magnetic media. Degaussing is a process where
magnetic media is exposed to a powerful, alternating magnetic field. Degaussing removes
any previously written data, leaving the media in a magnetically randomized (blank) state.
The degausser must subject the media to an alternating magnetic field of sufficient
intensity to saturate the media and then by slowly withdrawing or reducing the field leaves
the magnetic media in a magnetically neutral state.
Which of the following is an advantage of prototyping?
A. Prototype systems can provide significant time and cost savings.
B. Change control is often less complicated with prototype systems.
C. It ensures that functions or extras are not added to the intended system.
D. Strong internal controls are easier to implement.
Explanation: The Prototype Phase is also called the “Proof of Concept” Phase. Whether
it’s called one or the other depends on what the creator is trying to “prove.” If the main
deliverable of the Phase includes a working version of the product’s technical features, it’s
a “prototype.” If the main deliverable just looks like it has the product’s technical features,
then it’s a “proof of concept.”
Prototypes can save time and money because you can test some functionality earlier in the
process. You don’t have to make the whole final product to begin testing it.
The IS security analyst’s participation in which of the following system development life cycle
phases provides maximum benefit to the organization?
A. System requirements definition.
B. System design.
C. Program development.
D. Program testing.
Controls are implemented to?
A. Eliminate risk and reduce the potential for loss.
B. Mitigate risk and eliminate the potential for loss.
C. Mitigate risk and reduce the potential for loss.
D. Eliminate risk and eliminate the potential for loss.
Explanation: That’s the essence of Controls, you put them in your environment to
minimize the impact of a potential loss, with them you can also mitigate the risk and obtain
the first through this.
Controls are a very good practice to secure an environment, they should be considered by any
security professional, CISSP or not, the risk should be minimized as much as you can.
A circuit level gateway is ________ when compared to an application level firewall.
A. Easier to maintain.
B. More difficult to maintain.
C. More secure.
Explanation: Since circuit level gateways are not as high in the OSI model for the
inspection as Application level firewalls, they are easier to maintain and configure.
Application layer firewalls are up to layer 7 of the OSI model and provide a great bunch of
options and complex configurations. Application layer firewalls are more secure than
circuit level gateway because they can track and analyze information up to layer 7, a
drawback to this, is that this functionality makes them slower.
In IPSec, if the communication mode is gateway-gateway or host-gateway:
A. Only tunnel mode can be used.
B. Only transport mode can be used.
C. Encapsulating Security Payload (ESP) authentication must be used.
D. Both tunnel and transport mode can be used.
Explanation: ESP or Encrypted Security Payload, is a header that when its added to an IP
datagram, protects the confidentiality, integrity and authenticity of the data. AH and ESP
can be used separately or together. As defined by the IETF, IPSec transport mode can only
be used when both the source and destination systems understand IPSEC. In most cases
you deploy IPSEC in tunnel mode. In this transport mode (gateway to gateway and
gateway to host) you must use ESP for authentication.
Which integrity model defines a constrained data item, an integrity verification procedure and a
A. The Take-Grant model
B. The Biba integrity model
C. The Clark Wilson integrity model
D. The Bell-LaPadula integrity model
Explanation: The Clark-Wilson model was developed to address security issues in
commercial environments. The model uses two categories of mechanisms to realize
integrity: well-formed transactions and separation of duty. It defines a constraint data
item, a integrity verification and a transformation of that object. A possible way to
represent a constraint that only certain trusted programs can modify objects is using
application:checksum condition, where the checksum ensures authenticity of the
application. Another way is using application:endorser condition, which indicates that a
valid certificate, stating that the application has been endorsed by the specified endorser,
must be presented. Static separation of duty is enforced by the security administrator when
assigning group membership. Dynamic separation of duty enforces control over how
permissions are used at the access time
Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is
A. In order to facilitate recover, a single plan should cover all locations.
B. There should be requirements for to form a committee to decide a course of action.
These decisions should be made ahead of time and incorporated into the plan.
C. In its procedures and tasks, the plan should refer to functions, not specific individuals.
D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a
Explanation: This is not the best practice, even more for the CISSP exam. Continuity /
recovery plans should be make for every location in separate. This is because when there is
a disaster, Its not usually in all the different locations, its better to have one plan for each of
it so you can use and follow only the plan of the affected site and don’t bother the other
What are suitable protocols for securing VPN connections?
A. S/MIME and SSH
B. TLS and SSL
C. IPsec and L2TP
D. PKCS# and X.509
Explanation: Both of them can be used to create and secure VPN’s. The Layer 2 Tunnel
Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that
combines the best features of two existing tunneling protocols: Cisco’s Layer 2 Forwarding
(L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension to
the Point-to-Point Protocol (PPP), which is an important component for VPNs. VPNs allow
users and telecommuters to connect to their corporate intranets or extranets. IPSec is a
series of guidelines for the protection of Internet Protocol (IP) communications. It specifies
ways for securing private information transmitted over public networks. Services
supported by IPSec include confidentiality (encryption), authenticity (proof of sender),
integrity (detection of data tampering) and replay protection (defense against unauthorized
re-sending of data). It work on layer 3 of the OSI model and is the most common protocols
used to create VPNs.
Which of the following questions is less likely to help in assessing identification and
A. Is a current list maintained and approved of authorized users and their access?
B. Are passwords changed at least every ninety days or earlier if needed?
C. Are inactive user identifications disabled after a specified period of time?
D. Is there a process for reporting incidents?
Explanation: We just some common sense to answer this question correctly, why are we
going to ask about process reporting for incidents?, does is help relating to identification
and authentication?, I don’t think so. There are other more interesting questions, password
deal with authentication, inactive user Ids are also related to identification. But the most
important to me, know if there is a list with authorized users and their current access, this
can help you to identify unauthorized activities.
The primary purpose for using one-way encryption of user passwords within a system is which
of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt.
B. It prevents an unauthorized person from reading or modifying the password list.
C. It minimizes the amount of storage required for user passwords.
D. It minimizes the amount of processing time used for encrypting passwords.
Explanation: This kind of encryption flavor increases security for passwords, if you use a
one way encryption algorithm, you know that the encryption is not reversible, you cannot
get the original value that you provided as a password from the resulting hash with any key
or algorithm. This increase security in the way that when a person see the password list, it
will only see the hash values and cannot read the original password or modify them without
The security of a computer application is most effective and economical in which of the
A. The system is optimized prior to the addition of security.
B. The system is procured off-the-shelf.
C. The system is customized to meet the specific security threat.
D. The system is designed originally to provide the necessary security.
Explanation: This is very obvious, if your system is designed from the ground up to provide
security, its going to be cheaper and more effective at the end, because you don’t need
re-analysis, re-coding, and re-structure of the internal code of the computer application. If
you don’t address security at the beginning you will also need to spend time and money
reviewing the code to try to put the security infrastructure in some place of it.
In the following choices there is one that is a typical biometric characteristics that is not used to
uniquely authenticate an individual’s identity?
A. Retina scans
B. Iris scans
C. Palm scans
D. Skin scans
Explanation: Answer A, B and C can be used to uniquely identify a person, but in the case
of the Skin, there are no unique characteristics that can differentiate two distinct
individuals in an acceptable accurate way. In the case of the IRIS and the Retina, there are
not two of them equal. In the case of the palm, every person has different marks on it. The
skin is common to all and does not have specific textures or marks to make it unique in
comparison to another individual.
Which of the following proves or disproves a specific act though oral testimony based on
information gathered through the witness’s five senses?
A. Direct evidence
B. Circumstantial evidence
C. Conclusive evidence
D. Corroborative evidence
Explanation: As stated in the CISSP documentation, “If you want to make achieve the
validation or revalidation of the oral testimony of a witness, you need to provide physical,
direct evidence to backup your statements and override the five senses of an oral
testimony”. Circumstantial or Corroborative evidence is not enough in this case, we need
direct, relevant evidence backing up the facts.
Which of the following would be defined as an absence of safeguard that could be exploited?
A. A threat
B. A vulnerability
C. A risk
D. An exposure
Explanation: In IT, a vulnerability is the weakness of a System to be exploited and
corrupted by a security hole. There is always a risk that our systems been vulnerable, with
security we cannot make the risk to be 0%, but we can decrease the possibility of a threat
becoming in a successful attack through one of those vulnerabilities. There is no system
without vulnerabilities, we need to patch our systems frequently to reduce the risk of a
threat through a vulnerability of one of our systems.
Which of the following is a LAN transmission protocol?
B. Ring topology
Reference: “LAN Transmission Methods. LAN data is transmitted from the sender to one or
more receiving stations using either a unicast, multicast, or broadcast transmission.” pg 528
Hansche: Official (ISC)2 Guide to the CISSP Exam
Why would a database be denormalized?
A. To ensure data integrity.
B. To increase processing efficiency.
C. To prevent duplication of data.
D. To save storage space.
Explanation: Denormalization is the process of attempting to optimize the performance of
data storage by adding redundant data. It is necessary because current DBMSs are not
fully relational. A fully relational DBMS would be able to preserve full normalization at
the logical level, while allowing it to be mapped to performance-tuned physical level.
Database designers often justify denormalization on performance issues, but they should
note that logical denormalization can easily break the consistency of the database, one of
the all-important ACID properties. However, a designer can achieve the performance benefits while retraining
consistency by performing denormalization at a physical level; such
denormalization is often called caching.
Under “Named Perils” form of Property insurance
A. Burden of proof that particular loss is covered is on Insurer.
B. Burden of proof that particular loss is not covered is on Insurer.
C. Burden of proof that particular loss is covered is on Insured.
D. Burden of proof that particular loss is not covered is on Insured.
Here is something on “Named Perils” for your understanding: “Named Perils is a formal
and specific listing of perils covered in a policy providing property insurance. A policy
covering for damage by fire is said to cover for “the named peril” of fire”. As you can see,
Answer C is correct.
The following is not true:
A. Since the early days of mankind humans have struggled with the problems of protecting
B. The addition of a PIN keypad to the card reader was a solution to unreported card or lost card
C. There has never been of problem of lost keys.
D. Human guard is an inefficient and sometimes ineffective method of protecting resources.
Explanation: This is absolutely false, this problem can be seen almost anywhere. There
have always been trouble with the lost of keys. Some of those looses are more important
than others, its not the same to lost the key of the company safe box, that lost the key of you
locker with that contains your shoes.
This is obviously an incorrect statement, answer C is the one in here.
“Unfortunately, using security guards is not a perfect solution. There are numerous
disadvantages to deploying, maintaining, and relying upon security guards. Not all environments
and facilities support security guards. This may be due actual human incompatibility with the
layout, design, location, and construction of the facility. Not all security guards are themselves
reliable. Prescreening, bonding, and training does not guarantee that you won’t end up with an
ineffective and unreliable security guard.” Pg 646 Tittel: CISSP Guide.
Which of the following statements pertaining to software testing approaches is correct?
A. A bottom-up approach allows interface errors to be detected earlier.
B. A top-down approach allows errors in critical modules to be detected earlier.
C. The test plan and results should be retained as part of the system’s permanent documentation.
D. Black box testing is predicted on a close examination of procedural detail.
Actualtests.com – The Power of Knowing
Explanation: This is an absolute best practice in the software testing field, you should
always have to keep all your testing approaches with the results as part of the product
documentation. This can help you in the case you have problems with some tasks or
components of the software in the future, you can check back your testing and results and
see if the system was making the tasks correctly and if anything changed from that
Which Orange Book evaluation level is described as “Structured Protection”?
Explanation: Class B2 corresponds to Structured Protection.
Division B – Mandatory Protection
Mandatory access is enforced by the use of security labels. The architecture is based on the
Bell-LaPadula security model and evidence of the reference monitor enforcement must be
B1: Labeled Security Each data object must contain a classification label and each subject must
have a clearance label. When a subject attempts to access an object, the system must compare the
subject and the object’s security labels to ensure the requested actions are acceptable. Data
leaving the system must also contain an accurate security label. The security policy is based on
an informal statement and the design specifications are reviewed and verified. It is intended for
environments that handle classified data.
B2: Structured Protection The security policy is clearly defined and documented and the system
design and implementation is subjected to more thorough review and testing procedures. This
class requires more stringent authentication mechanisms and well-defined interfaces between
layers. Subject and devices require labels, and the system must not allow covert channels. A
trusted path for logon and authentication processes must be in place, which means there are no
trapdoors. There is a separation of operator and administration functions within the system to
provide more trusted and protected operational functionality. Distinct address spaces must be
provided to isolated processes, and a covert channel analysis is conducted. This class adds
assurance by adding requirements to the design of the system. The environment that would
require B2 systems could process sensitive data that requires a higher degree of security. This
environment would require systems that are relatively resistant to penetration and compromise.
B3 Security Domains In this class, more granularity is provided in each protects mechanism and
the programming code that is not necessary to support the security is excluded. The design and
implementation should not provide too much complexity because as the complexity of a system
increases, the ability of the individuals who need to test, maintain, and configure it reduces; thus,
the overall security can be threatened. The reference monitor components must be small enough
to test properly and be tamperproof. The security administrator role is clearly defined and the
system must be able to recover from failures without its security level being compromised. When
the system starts up and loads its operating system and components, it must be done in an initial
secure state to ensure any weakness of the system cannon be taken advantage of in this slice of
time. An environment that requires B3 systems is a highly secured environment that processes
very sensitive information. It requires systems that are highly resistant to penetration.
Note: In class (B2) systems, the TCB is based on a clearly defined and documented formal
security policy model that requires the discretionary and mandatory access control enforcement
found in class (B1) systems be extended to all subjects and objects in the ADP system. In
addition, covert channels are addressed. The TCB must be carefully structured into
protection-critical and non-protection-critical elements. Class B corresponds to “Structured
Protection” inside the Orange Book.
Which of the following questions should any user not be able to answer regarding their
organization information security policy?
A. Who is involved in establishing the security policy?
B. Where is the organization security policy defined?
C. What are the actions that need to be performed in case of a disaster?
D. Who is responsible for monitoring compliance to the organization security policy?
Explanation: According to CISSP documentation, the actual definition and procedures
defined inside an organization disaster recovery policy are of private nature. Only people
working in the company and with a role inside it should know about those procedures. Its
not a good practice to be divulgating Disaster recovery procedures to external people.
Many times external people need to know who is involved in it, and who is responsible.
This could be the case of a vendor providing replacement equipment in case of disaster.
RAID Level 1 mirrors the data from one disk to set of disks using which of the following
A. Copying the data onto another disk or set of disks.
B. Moving the data onto another disk or set of disks.
C. Establishing dual connectivity to another disk or set of disks.
D. Establishing dual addressing to another disk or set of disks.