CISSP Questions – Volume 02 – 201-400 Questions

QUESTION 201: 
A firewall can be classified as a: 
A. Directory based access control. 
B. Rule based access control. 
C. Lattice based access control. 
D. ID based access control. 
Answer: B 
Explanation: 
Rule based access control is based on a specific profile for each user. Information can 
be easily changed for only one user but this scheme may become a burden in a very large 
environment. A rule-based access control unit will intercept every request to the 
server and compare the source specific access conditions with the rights of the user in 
order to make an access decision. A good example could be a firewall. Here a set of 
rules defined by the network administrator is recorded in a file. Every time a 
connection is attempted (incoming or outgoing), the firewall software checks the rules 
file to see if the connection is allowed. If it is not, the firewall closes the 
connection. 
QUESTION 202: 
Which of the following are the two most well known access control models? 
A. Lattice and Biba 
B. Bell LaPadula and Biba 
C. Bell LaPadula and Chinese war 
D. Bell LaPadula and Info Flow 
Answer: B 
Explanation: 
The two most well known models are Bell&LaPadula [1973] and Biba[1977]. Both were 
designed in and for military environments. 
QUESTION 203: 
What security model implies a central authority that determines what subjects can have 
access to what objects? 
A. Centralized access control 
B. Discretionary access control 
C. Mandatory access control 
D. Non-discretionary access control 
Answer: D 
A role-based access control (RBAC) model, also called 
nondiscretionary access control, uses a centrally administrated set of controls to 
determine how subjects and objects interact. - Shon Harris, "CISSP All-in-One Exam 
Guide", 3rd Ed, p 165. 
QUESTION 204: 
Which of the following is best known for capturing security requirements of commercial 
applications? 
A. Lattice 
B. Biba 
C. Bell LaPadula 
D. Clark and Wilson 
Answer: D 
Explanation: 
This model attempts to capture security requirements of commercial applications. 
'Military' and 'Commercial' are shorthand for different ways of using computers. This 
model has emphasis on integrity: 
Internal consistency: properties of the internal state of a system 
External consistency: relation of the internal state of a system to the outside world 
QUESTION 205: 
Which of the following is a straightforward approach that provides access rights to 
subjects for objects? 
A. Access Matrix model 
B. Take-Grant Model 
C. Bell-LaPadula Model 
D. Biba Model 
Answer: A 
"The access matrix is a straightforward approach that provides access rights to subjects for 
objects. Access rights are of the type read, write, and execute. A subject is an active entity that is 
seeking rights to a resource or object. A subject can be a person, a program, or a process. An 
object is a passive entity, such as a file or a storage resource." Pg 272 Krutz: CISSP Prep Guide: 
Gold Edition. 
QUESTION 206: 
What is called the type of access control where there are pairs of elements that have the 
least upper bound of values and greatest lower bound of values? 
A. Mandatory model 
B. Discretionary model 
C. Lattice model 
D. Rule model 
Answer: C 
Lattice-based access control provides an upper bound and lower bound of access capabilities for 
every subject and object relationship. 
Pg 156 Shon Harris All-In-One CISSP Certification Exam Guide 
QUESTION 207: 
Which access control would a lattice-based access control be an example of? 
A. Mandatory access control 
B. Discretionary access control 
C. Non-discretionary access control 
D. Rule-based access control 
Answer: C 
"Lattice-based access control is a variation of nondiscretionary access controls. Lattice-based 
controls define upper and lower bounds of access for every relationship between object and 
subject. These boundaries can be arbitrary, but they usually follow the military or corporate 
security label levels. 
Subjects under lattice-based access controls are said to have the least upper bound and the 
greatest lower bound of access to labeled objects based on their assigned lattice position." 
Pg. 16 Tittel: CISSP Prep Guide 
QUESTION 208: 
Who developed one of the first mathematical models of a multilevel-security computer 
system? 
A. Diffie Hillman 
B. Clark and Wilson 
C. Bell and LaPadula 
D. Gasser and Lipner 
Answer: C 
QUESTION 209: 
Which of the following was the first mathematical model of multilevel security policy? 
A. Biba 
B. Take-Grant 
C. Bell-La Padula 
D. Clark Wilson 
Answer: C 
"In the 1970's, the U.S. military used time-sharing mainframe systems and was concerned about 
these systems and leakage of classified information. The Bell-LaPadula model was developed to 
address these concerns. It was the first mathematical model of a multilevel security policy used 
to define the concept of a secure state machine and modes of access and outline rules of access." 
Pg 212 Shon Harris: All-in-One CISSP Certification 
QUESTION 210: 
Which security model allows the data custodian to grant access privileges to other users? 
A. Mandatory 
B. Bell-LaPadula 
C. Discretionary 
D. Clark-Wilson 
Answer: C 
" Discretionary Access Control. The subject has authority, within certain limitations, to specify 
what objects are accessible." -Ronald Krutz The CISSP PREP Guide (gold edition) pg 46 
QUESTION 211: 
What is one issue NOT addressed by the Bell-LaPadula model? 
A. Information flow control 
B. Security levels 
C. Covert channels 
D. Access modes 
Answer: C 
Actualtests.com - The Power of Knowing 
CISSP 
As with any model, the Bell-LaPadula model has some weaknesses. These are the major ones. 
The model considers normal channels of the information exchange and does not address covert 
channels. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 275-276 
QUESTION 212: 
Which one of the following access control models associates every resource and every user of a resource with 
one of an ordered set of classes? 
A. Take-Grant model 
B. Biba model 
C. Lattice model 
D. Clark-Wilson model 
Answer: C 
With a lattice model you first have to define a set of security classes that can be assigned to users or 
objects...After 
you have defined set of security classes, you define a set flow operations showing when information can flow 
from 
one class to another - Roberta Bragg Cissp Certification Training Guide (que) pg 23 
QUESTION 213: 
What scheme includes the requirement that the system maintain the separation of duty 
requirement expressed in the access control triples? 
A. Bella 
B. Lattice 
C. Clark-Wilson 
D. Bell-LaPadula 
Answer: C 
Explanation: 
Separation of duty is necessarily determined by conditions external to the computer 
system. The Clark-Wilson scheme includes the requirement that the system maintain the 
separation of duty requirement expressed in the access control triples. Enforcement is 
on a per-user basis, using the user ID from the access control triple. 
QUESTION 214: 
The access matrix model consists of which of the following parts? (Choose all that apply) 
A. A function that returns an objects type. 
B. A list of subjects. 
C. A list of objects. 
Answer: A, B, C 
Explanation: 
The access matrix model consists of four major parts: 
A list of objects 
A list of subjects 
A function T that returns an object's type 
The matrix itself, with the objects making the columns and the subjects making the rows 
Note: This question seems to confuse access control matrix, Harris, 3rd Ed, p 169 with 
access control types, Ibid, p 188ff 
"An access control matrix is a table of subjects and objects indicating what actions ... 
subjects can take upon ... objects", Harris, 3rd Ed, p 169. 
It would be right if item "A" was "a function that returned an access right" 
QUESTION 215: 
The access matrix model has which of the following common implementations? 
A. Access control lists and capabilities. 
B. Access control lists. 
C. Capabilities. 
D. Access control list and availability. 
Answer: A 
Explanation: 
The two most used implementations are access control lists and capabilities. Access 
control lists are achieved by placing on each object a list of users and their 
associated rights to that object. 
QUESTION 216: 
The lattice-based model aims at protecting against: 
A. Illegal attributes. 
B. None of the choices. 
C. Illegal information flow among the entities. 
D. Illegal access rights 
Answer: C 
Explanation: 
The lattice-based model aims at protecting against illegal information flow among the 
entities. One security class is given to each entity in the system. A flow relation 
among the security classes is defined to denote that information in one class can flow 
into another class. 
QUESTION 217: 
Which of the following are the components of the Chinese wall model? 
A. Conflict if interest. 
B. All of the choices. 
C. Subject 
D. Company Datasets. 
Answer: B 
Explanation: 
The model has the following component: 
COMPONENT EXAMPLE 
Subject Analyst 
Object Data item for a single client 
Company Datasets Give for each company its own company dataset 
Conflict of interest classes Give for each object companies that have a conflict of 
interest 
Labels Company dataset + conflict of interest class 
Sanitized information No access restriction 
QUESTION 218: 
Enforcing minimum privileges for general system users can be easily achieved through the 
use of: 
A. TSTEC 
B. RBAC 
C. TBAC 
D. IPSEC 
Answer: B 
Explanation: 
Ensuring least privilege requires identifying what the user's job is, determining the 
minimum set of privileges required to perform that job, and restricting the user to a 
domain with those privileges and nothing more. By denying to subjects transactions that 
are not necessary for the performance of their duties, those denied privileges couldn't 
be used to circumvent the organizational security policy. Although the concept of least 
privilege currently exists within the context of the TCSEC, requirements restrict those 
privileges of the system administrator. Through the use of RBAC, enforced minimum 
privileges for general system users can be easily achieved. 
QUESTION 219: 
What is necessary for a subject to have write access to an object in a Multi-Level Security 
Policy? 
A. The subject's sensitivity label must dominate the object's sensitivity label 
B. The subject's sensitivity label subordinates the object's sensitivity label 
C. The subject's sensitivity label is subordinated by the object's sensitivity label 
D. The subject's sensitivity label is dominated by the object's sensitivity label 
Answer: D 
Reference: " 
"The Bell-LaPadula model has a simple security rule, which means that a subject cannot 
read data from a higher level (no read up). The *-property rule means that a subject 
cannot write to an object at a lower level (no write down)." - Shon Harris, "CISSP 
All-in-One Exam Guide", 3rd Ed, p 327. Therefore the object must be at the same or 
higher level. 
"The Bell-LaPadula model is an example of a multilevel security modelThe 
Bell-LaPadula model is an example of a multilevel security model..." - Shon Harris, 
"CISSP All-in-One Exam Guide", 3rd Ed, p 298. 
Simple security property. A subject can read an object if the access of the class of the 
subject dominates the access class of the object. Thus, a subject can read down but 
cannot read up." Pg 105 Hansche: Official (ISC)2 Guide to the CISSP Exam 
QUESTION 220: 
Which of the following security modes of operation involved the highest risk? 
A. Compartmented Security Mode 
B. Multilevel Security Mode 
C. System-High Security Mode 
D. Dedicated Security Mode 
Answer: B 
"Security Modes 
In a secure environment, information systems are configured to process information in one of 
four security modes. These modes are set out by the Department of Defense as follows: 
Systems running compartmental security mode may process two or more types of 
compartmented information. All system users must have an appropriate clearance to access all 
information processed by the system but do not necessarily have a need to know all of the 
information in the system. Compartments are subcategories or compartments within the different 
classification levels and extreme care is taken to preserve the information within the different 
compartments. The system may be classified at the Secret level but contain five different 
compartments, all classified Secret. If a user has only the need to know about two of the five 
different compartments to do their job, that user can access the system but can only access the 
two compartments. Compartmented systems are usually dedicated systems for each specific 
compartment to prevent the chance of any errors, because compartmentalization is the most 
secret of all the secrets. 
Systems running in the dedicated security mode are authorized to process only a specific 
classification level at a time, and all system users must have clearance and a need to know that 
information. 
Systems running in multilevel security mode are authorized to process information at more than 
one level of security even when all system users do not have appropriate clearances or a need to 
know for all information processed by the system. 
Systems running in system-high security mode are authorized to process only information that 
all system users are cleared to read and to have a valid need to know. These systems are not 
trusted to maintain separation between security levels, and all information processed by these 
systems must be handled as if it were classified at the same level as the most highly classified 
information processed by the system." 
Pg. 234 Tittel: CISSP Study Guide 
QUESTION 221: 
Controlled Security Mode is also known as: 
A. Multilevel Security Mode 
B. Partitioned Security Mode 
C. Dedicated Security Mode 
D. System-high Security Mode 
Answer: A 
Reference: pg 264 Krutz: CISSP Prep Guide: Gold Edition 
QUESTION 222: 
The unauthorized mixing of data of one sensitivity level and need-to-know with data of a 
lower sensitivity level, or different need-to-know, is called data 
A. Contamination 
B. Seepage 
C. Aggregation 
D. Commingling 
Answer: A ? 
WOW if you are reading these comments then you know I have disagreed with a bunch of the 
original answers!Well here is another.The original was Seepage.I think it is Contamination. 
"The intermixing of data at different sensitivity and need-to-know levels.The lower-level 
data is said to be contaminated by the higher-level data; thus contaminating 
(higher-level) data might 
not receive the required level of protection"-Ronald Krutz The CISSP PREP Guide (gold 
edition) pg 890 
QUESTION 223: 
Which one of the following should be employed to protect data against undetected 
corruption? 
A. Non-repudiation 
B. Encryption 
C. Authentication 
D. Integrity 
Answer: D 
QUESTION 224: 
Which of the following is a communication path that is not protected by the system's 
normal security mechanisms? 
A. A trusted path 
B. A protection domain 
C. A covert channel 
D. A maintenance hook 
Answer: C 
QUESTION 225: 
A channel within a computer system or network that is designed for the authorized 
transfer of information is identified as a(n)? 
A. Covert channel 
B. Overt channel 
C. Opened channel 
D. Closed channel 
Answer: B 
"An overt channel is a channel of communication that was developed specifically for 
communication purposes. Processes should be communicating through overt channels, not covert 
channels." Pg 237 Shon Harris: All-In-One CISSP Certification Guide. 
QUESTION 226: 
Covert channel is a communication channel that can be used for: 
A. Hardening the system. 
B. Violating the security policy. 
C. Protecting the DMZ. 
D. Strengthening the security policy. 
Answer: B 
Explanation: 
Covert channel is a communication channel that allows transfer of information in a 
manner that violates the system's security policy. 
QUESTION 227: 
What is an indirect way to transmit information with no explicit reading of confidential 
information? 
A. Covert channels 
B. Backdoor 
C. Timing channels 
D. Overt channels 
Answer: A 
Explanation: 
Covert channels: indirect ways for transmitting information with no explicit reading of 
confidential information. This kind of difficulties induced some researchers to 
re-think from scratch the whole problem of guaranteeing security in computer systems. 
QUESTION 228: 
Which one of the following describes a covert timing channel? 
A. Modulated to carry an unintended information signal that can only be detected by special, 
sensitive receivers. 
B. Used by a supervisor to monitor the productivity of a user without their knowledge. 
C. Provides the timing trigger to activate a malicious program disguised as a legitimate function. 
D. Allows one process to signal information to another by modulating its own use of system 
resources. 
Answer: D 
A covert channel in which one process signals information to another by modulating its own use 
of system resources (for example, CPU time) in such a way that this manipulation affects the real 
response time observed by the second process. - Shon Harris All-in-one CISSP Certification 
Guide pg 929 
QUESTION 229: 
Covert channel analysis is required for 
A. Systems processing Top Secret or classified information. 
B. A Trusted Computer Base with a level of trust B2 or above. 
C. A system that can be monitored in a supervisor state. 
D. Systems that use exposed communication links. 
Answer: B 
Table 6.6 Standards Comparison 
B2 Structured Protection (covert channel, device labels, subject sensitivity labels, trusted path, 
trusted facility management, configuration management) F4+E4 EAL5 - Roberta Bragg CISSP 
Certification Training Guide (que) pg 370 
QUESTION 230: 
In multi-processing systems, which one of the following lacks mandatory controls and is 
NORMALLY AVOIDED for communication? 
A. Storage channels 
B. Covert channels 
C. Timing channels 
D. Object channels 
Answer: B 
Covert channel - A communication path that enables a process to transmit information in a way 
that violates the system's security policy.- Shon Harris All-in-one CISSP Certification Guide pg 
929 
QUESTION 231: 
What security risk does a covert channel create? 
A. A process can signal information to another process. 
B. It bypasses the reference monitor functions. 
C. A user can send data to another user. 
D. Data can be disclosed by inference. 
Answer: B 
The risk is not that a process can signal another process. The risk is that the signaling 
bypasses the reference monitor functions 
(ie the communication is not screened by the security kernel that implements the 
reference monitor). 
QUESTION 232: 
What is the essential difference between a self-audit and an independent audit? 
A. Tools used 
B. Results 
C. Objectivity 
D. Competence 
Answer: C 
QUESTION 233: 
What is called the formal acceptance of the adequacy of a system's overall security by the 
management? 
A. Certification 
B. Acceptance 
C. Accreditation 
D. Evaluation 
Answer: C 
QUESTION 234: 
FIPS-140 is a standard for the security of: 
A. Cryptographic service providers 
B. Smartcards 
C. Hardware and software cryptographic modules 
D. Hardware security modules 
Answer: C 
QUESTION 235: 
Which of the following will you consider as the MOST secure way of authentication? 
A. Biometric 
B. Password 
C. Token 
D. Ticket Granting 
Answer: A 
Explanation: 
Biometric authentication systems take advantage of an individual's unique physical 
characteristics in order to authenticate that person's identity. Various forms of 
biometric authentication include face, voice, eye, hand, signature, and fingerprint, 
each have their own advantages and disadvantages. When combined with the use of a PIN 
it can provide two factors authentication. 
QUESTION 236: 
In biometric identification systems, at the beginning, it was soon apparent that truly 
positive identification could only be based on physical attributes of a person. This raised 
the necessicity of answering 2 questions: 
A. what was the sex of a person and his age 
B. what part of the body to be used and how to accomplish identification to be viable 
C. what was the age of a person and his income level 
D. what was the tone of the voice of a person and his habits 
Answer: B 
QUESTION 237: 
What is called the percentage of invalid subjects that are falsely accepted? 
A. False Rejection Rate (FRR) or Type I Error 
B. False Acceptance Rate (FAR) or Type II Error 
C. Crossover Error Rate (CER) 
D. True Acceptance Rate (TAR) or Type III error 
Answer: B 
QUESTION 238: 
Which of the following biometrics devices has the highs Crossover Error Rate (CER)? 
A. Iris scan 
B. Hang Geometry 
C. Voice pattern 
D. Fingerprints 
Answer: C 
QUESTION 239: 
Which of the following biometric parameters are better suited for authentication use over a 
long period of time? 
A. Iris pattern 
B. Voice pattern 
C. Signature dynamics 
D. Retina pattern 
Answer: A 
QUESTION 240: 
Which one of the following is the MOST critical characteristic of a biometrics system? 
A. Acceptability 
B. Accuracy 
C. Throughput 
D. Reliability 
Answer: B 
We don't agree with the original answer, which was throughput. Granted throughput is vital but 
Krutz lists accuracy is most important. 
In addition to the accuracy of the biometric systems, there are OTHER factors that must also be 
considered. These factors include the enrollment time, the throughput rate, and acceptability. 
-Ronald Krutz The CISSP PREP Guide (gold edition) pg 51 
QUESTION 241: 
Which of the following biometric devices has the lowest user acceptance level? 
A. Voice recognition 
B. Fingerprint scan 
C. Hand geometry 
D. Signature recognition 
Answer: B 
QUESTION 242: 
Biometric performance is most commonly measured in terms of: 
A. FRR and FAR 
B. FAC and ERR 
C. IER and FAR 
D. FRR and GIC 
Answer: A 
Explanation: 
Biometric performance is most commonly measured in two ways: False Rejection Rate 
(FRR), and False Acceptance Rate (FAR). The FRR is the probability that you are not 
authenticated to access your account. A strict definition states that the FRR is the 
probability that a mated comparison (i.e. 2 biometric samples of the same finger) 
incorrectly determines that there is no match. 
QUESTION 243: 
What is the most critical characteristic of a biometric identifying system? 
A. Perceived intrusiveness 
B. Storage requirements 
C. Accuracy 
D. Reliability 
Answer: C 
QUESTION 244: 
Which of the following biometric characteristics cannot be used to uniquely authenticate 
an individual's identity? 
A. Retina scans 
B. Iris scans 
C. Palm scans 
D. Skin scans 
Answer: D 
Biometrics: 
Fingerprints 
Palm Scan 
Hand Geometry 
Retina Scan 
Iris Scan 
Signature Dynamics 
Keyboard Dynamic 
Voice Print 
Facial Scan 
Hand Topology 
Pg. 128-130 Shon Harris All-In-One CISSP Certification Exam Guide 
QUESTION 245: 
In biometric identification systems, at the beginning, it was soon apparent that truly 
positive identification could only be based on physical attributes of a person. This raised 
the necessicity of answering 2 questions: 
A. What was the sex of a person and his age 
B. what part of body to be used and how to accomplish identification to be viable 
C. what was the age of a person and his income level 
D. what was the tone of the voice of a person and his habits 
Answer: B 
QUESTION 246: 
You are comparing biometric systems. Security is the top priority. A low ________ is most 
important in this regard. 
A. FAR 
B. FRR 
C. MTBF 
D. ERR 
Answer: A 
Explanation: 
When comparing biometric systems, a low false acceptance rate is most important when 
security is the priority. Whereas, a low false rejection rate is most important when 
convenience is the priority. All biometric implementations balance these two criteria. 
Some systems use very high FAR's such as 1 in 300. This means that the likelihood that 
the system will accept someone other than the enrolled user is 1 in 300. However, the 
likelihood that the system will reject the enrolled user (its FRR) is very low, giving 
them ease of use, but with low security. Most fingerprint systems should be able to run 
with FARs of 1 in 10,000 or better. 
QUESTION 247: 
Almost all types of detection permit a system's sensitivity to be increased or decreased 
during an inspection process. To have a valid measure of the system performance: 
A. The CER is used. 
B. the FRR is used 
C. the FAR is used 
D. none of the above choices is correct 
Answer: A 
"When a biometric system reject an authorized individual, it is called a Type 1 error. When the 
system accepts impostors who should be rejected, it is called a Type II error. The goal is to 
obtain low numbers for each type of error. When comparing different biometric systems, many 
different variables are used, but one of the most important variables is the crossover error rate 
(CER). This rating is stated in a percentage and represents the point at which the false rejection 
rate equals the false acceptance rate. This rating is the most important measurement when 
determining the system's accuracy." Pg 113 Shon Harris: All-in-One CISSP Certification 
QUESTION 248: 
The quality of finger prints is crucial to maintain the necessary: 
A. FRR 
B. ERR and FAR 
C. FAR 
D. FRR and FAR 
Answer: D 
Explanation: 
Another factor that must be taken into account when determining the necessary FAR and 
FRR for your organization is the actual quality of the fingerprints in your user 
population. ABC's experience with several thousand users, and the experience of its 
customers, indicates that a percentage of the populations do not have fingerprints of 
sufficient quality to allow for authentication of the individual. Approximately 2.5% of 
employees fall into this group in the general office worker population. For these 
users, a smart card token with password authentication is recommended. 
QUESTION 249: 
By requiring the user to use more than one finger to authenticate, you can: 
A. Provide statistical improvements in EAR. 
B. Provide statistical improvements in MTBF. 
C. Provide statistical improvements in FRR. 
D. Provide statistical improvements in ERR. 
Answer: C 
Explanation: 
Statistical improvements in false rejection rates can also be achieved by requiring the 
user to use more than one finger to authenticate. Such techniques are referred to as 
flexible verification. 
QUESTION 250: 
Which of the following is being considered as the most reliable kind of personal 
identification? 
A. Token 
B. Finger print 
C. Password 
D. Ticket Granting 
Answer: B 
Explanation: 
Every person's fingerprint is unique and is a feature that stays with the person 
throughout his/her life. This makes the fingerprint the most reliable kind of personal 
identification because it cannot be forgotten, misplaced, or stolen. Fingerprint 
authorization is potentially the most affordable and convenient method of verifying a 
person's identity. 
QUESTION 251: 
Which of the following methods is more microscopic and will analyze the direction of the 
ridges of the fingerprints for matching? 
A. None of the choices. 
B. Flow direct 
C. Ridge matching 
Actualtests.com - The Power of Knowing 
CISSP 
D. Minutia matching 
Answer: D 
Explanation: 
There are two approaches for capturing the fingerprint image for matching: minutia 
matching and global pattern matching. Minutia matching is a more microscopic approach 
that analyzes the features of the fingerprint, such as the location and direction of 
the ridges, for matching. The only problem with this approach is that it is difficult 
to extract the minutiae points accurately if the fingerprint is in some way distorted. 
The more macroscopic approach is global pattern matching where the flow of the ridges 
is compared at all locations between a pair of fingerprint images; however, this can be 
affected by the direction that the image is rotated. 
QUESTION 252: 
Which of the following are the types of eye scan in use today? 
A. Retinal scans and body scans. 
B. Retinal scans and iris scans. 
C. Retinal scans and reflective scans. 
D. Reflective scans and iris scans. 
Answer: B 
Explanation: 
There are two types of eye scan in use today for authentication purposes: retinal scans 
and iris scans. Retinal Scan technology maps the capillary pattern of the retina, a 
thin (1/50th inch) nerve on the back of the eye. To enroll, a minimum of five scans is 
required, which takes 45 seconds. The subject must keep his head and eye motionless 
within 1/2" of the device, focusing on a small rotating point of green light. 320 - 400 
points of reference are captured and stored in a 35-byte field, ensuring the measure is 
accurate with a negligible false rejection rate. 
This compares to 30-70 points of reference for a finger scan. Unfortunately a retinal 
scan is considerably more intrusive than an iris scans and many people are hesitant to 
use the device [Retina-scan]. In addition a significant number of people may be unable 
to perform a successful enrolment, and there exist degenerative diseases of the retina 
that alter the scan results over time. Despite these disadvantages, there are several 
successful implementations of this technology [Retina-scan]. 
QUESTION 253: 
Which of the following eye scan methods is considered to be more intrusive? 
A. Iris scans 
B. Retinal scans 
C. Body scans 
D. Reflective scans 
Answer: B 
Explanation: 
There are two types of eye scan in use today for authentication purposes: retinal scans 
and iris scans. Retinal Scan technology maps the capillary pattern of the retina, a 
thin (1/50th inch) nerve on the back of the eye. To enroll, a minimum of five scans is 
required, which takes 45 seconds. The subject must keep his head and eye motionless 
within 1/2" of the device, focusing on a small rotating point of green light. 320 - 400 
points of reference are captured and stored in a 35-byte field, ensuring the measure is 
accurate with a negligible false rejection rate. 
This compares to 30-70 points of reference for a finger scan. Unfortunately a retinal 
scan is considerably more intrusive than an iris scans and many people are hesitant to 
use the device [Retina-scan]. In addition a significant number of people may be unable 
to perform a successful enrolment, and there exist degenerative diseases of the retina 
that alter the scan results over time. Despite these disadvantages, there are several 
successful implementations of this technology [Retina-scan]. 
QUESTION 254: 
Which of the following offers greater accuracy then the others? 
A. Facial recognition 
B. Iris scanning 
C. Finger scanning 
D. Voice recognition 
Answer: B 
Explanation: 
Iris scanning offers greater accuracy than finger scanning, voice or facial 
recognition, hand geometry or keystroke analysis. It is safer and less invasive than 
retinal scanning, an important legal consideration [Nuger]. Any company thinking of 
using biometrics would do well to ensure that they comply with existing privacy laws. 
QUESTION 255: 
In addition to the accuracy of the biometric systems, there are other factors that must also 
be considered: 
A. These factors include the enrollment time and the throughput rate, but not acceptability. 
B. These factors do not include the enrollment time, the throughput rate, and acceptability. 
C. These factors include the enrollment time, the throughput rate, and acceptability. 
D. These factors include the enrollment time, but not the throughput rate, neither the 
acceptability. 
Answer: C 
In addition to the accuracy of the biometric systems, there are OTHER factors that must also be 
considered. These factors include the enrollment time, the throughput rate, and acceptability. 
-Ronald Krutz The CISSP PREP Guide (gold edition) pg 51 
QUESTION 256: 
What physical characteristics does a retinal scan biometric device measure? 
A. The amount of light reaching the retina 
B. The amount of light reflected by the retina 
C. The size, curvature, and shape of the retina 
D. The pattern of blood vessels at the back of the eye 
Answer: D 
QUESTION 257: 
Type II errors occur when which of the following biometric system rates is high? 
A. False accept rate 
B. False reject rate 
C. Crossover error rate 
D. Speed and throughput rate 
Answer: A 
There are three main performance issues in biometrics. These measures are as follows: 
False Rejection Rate (FRR) or Type 1 Error. The percentage of valid subjects that are falsely 
rejected. 
False Acceptance Rate (FAR) or Type 2 Error. The percentage of invalid subjects that are falsely 
accepted. 
Crossover Error Rate (CER). The percent in which the False Rejection Rate equals the False 
Acceptance Rate. 
pg 38 Krutz: The CISSP Prep Guide 
QUESTION 258: 
Which of the following are the valid categories of hand geometry scanning? 
A. Electrical and image-edge detection. 
B. Mechanical and image-edge detection. 
C. Logical and image-edge detection. 
D. Mechanical and image-ridge detection. 
Answer: B 
Explanation: 
Hand geometry reading (scanning) devices usually fall into one of two categories: 
mechanical or image-edge detection. Both methods are used to measure specific 
characteristics of a person's hand such as length of fingers and thumb, widths, and 
depth. 
QUESTION 259: 
In the world of keystroke dynamics, what represents the amount of time you hold down in 
a particular key? 
A. Dwell time 
B. Flight time 
C. Dynamic time 
D. Systems time 
Answer: A 
Explanation: 
Keystroke dynamics looks at the way a person types at a keyboard. Specifically, 
keyboard dynamics measures two distinct variables: "dwell time" which is the amount of 
time you hold down a particular key and "flight time" which is the amount of time it 
takes a person to switch between keys. Keyboard dynamics systems can measure one's 
keyboard input up to 1000 times per second. 
QUESTION 260: 
In the world of keystroke dynamics, what represents the amount of time it takes a person 
to switch between keys? 
A. Dynamic time 
B. Flight time 
C. Dwell time 
D. Systems time. 
Answer: B 
Explanation: 
Keystroke dynamics looks at the way a person types at a keyboard. Specifically, 
keyboard dynamics measures two distinct variables: "dwell time" which is the amount of 
time you hold down a particular key and "flight time" which is the amount of time it 
takes a person to switch between keys. Keyboard dynamics systems can measure one's 
keyboard input up to 1000 times per second. 
QUESTION 261: 
Which of the following are the benefits of Keystroke dynamics? 
A. Low cost 
B. Unintrusive device 
C. Transparent 
D. All of the choices. 
Answer: D 
Explanation: 
Keystroke dynamics is behavioral in nature. It works well with users that can "touch 
type". Key advantages in applying keyboard dynamics are that the device used in this 
system, the keyboard, is unintrusive and does not detract from one's work. Enrollment 
as well as identification goes undetected by the user. Another inherent benefit to 
using keystroke dynamics as an identification device is that the hardware (i.e. 
keyboard) is inexpensive. Currently, plug-in boards, built-in hardware and firmware, or 
software can represent keystroke dynamics systems. 
QUESTION 262: 
DSV as an identification method check against users: 
A. Fingerprints 
B. Signature 
C. Keystrokes 
D. Facial expression 
Answer: B 
Explanation: 
Signature identification, also known as Dynamic Signature Verification (DSV), is 
another natural fit in the world of biometrics since identification through one's 
signature occurs during many everyday transactions. Any process or transaction that 
requires an individual's signature is a prime contender for signature identification. 
QUESTION 263: 
Signature identification systems analyze what areas of an individual's signature? 
A. All of the choices EXCEPT the signing rate. 
B. The specific features of the signature. 
C. The specific features of the process of signing one's signature. 
D. The signature rate. 
Answer: A 
Explanation: 
Signature identification systems analyze two different areas of an individual's 
signature: the specific features of the signature and specific features of the process 
of signing one's signature. Features that are taken into account and measured include 
speed, pen pressure, directions, stroke length, and the points in time when the pen is 
lifted from the paper. 
QUESTION 264: 
What are the advantages to using voice identification? 
A. All of the choices. 
B. Timesaving 
C. Reliability 
D. Flexibility 
Answer: A 
Explanation: 
The many advantages to using voice identification include: 
Considered a "natural" biometric technology 
Provides eyes and hands-free operation 
Reliability 
Flexibility 
Timesaving data input 
Eliminate spelling errors 
Improved data accuracy 
QUESTION 265: 
What are the methods used in the process of facial identification? 
A. None of the choices. 
B. Detection and recognition. 
C. Scanning and recognition. 
D. Detection and scanning. 
Answer: B 
Explanation: 
The process of facial identification incorporates two significant methods: detection 
and recognition. 
QUESTION 266: 
In the process of facial identification, the basic underlying recognition technology of facial 
identification involves: 
A. Eigenfeatures of eigenfaces. 
B. Scanning and recognition. 
C. Detection and scanning. 
D. None of the choices. 
Answer: A 
Explanation: 
Recognition is comparing the captured face to other faces that have been saved and 
stored in a database. The basic underlying recognition technology of facial feature 
identification involves either eigenfeatures (facial metrics) or eigenfaces. The German 
word "eigen" refers to recursive mathematics used to analyze unique facial 
characteristics. 
QUESTION 267: 
What is known as the probability that you are not authenticated to access your account? 
A. ERR 
B. FRR 
C. MTBF 
D. FAR 
Answer: B 
Explanation: 
Biometric performance is most commonly measured in two ways: False Rejection Rate 
(FRR), and False Acceptance Rate (FAR). The FRR is the probability that you are not 
authenticated to access your account. A strict definition states that the FRR is the 
probability that a mated comparison (i.e. 2 biometric samples of the same finger) 
incorrectly determines that there is no match. 
QUESTION 268: 
What is known as the chance that someone other than you is granted access to your 
account? 
A. ERR 
B. FAR 
C. FRR 
D. MTBF 
Answer: B 
Explanation: 
The FAR is the chance that someone other than you is granted access to your account, in 
other words, the probability that a non-mated comparison (i.e. two biometric samples of 
different fingers) match. FAR and FRR numbers are generally expressed in terms of 
probability. 
QUESTION 269: 
What is typically used to illustrate the comparative strengths and weaknesses of each 
biometric technology? 
A. Decipher Chart 
B. Zephyr Chart 
C. Cipher Chart 
D. Zapper Chart 
Answer: B 
Explanation: 
The Zephyr Chart illustrates the comparative strengths and weaknesses of each biometric 
technology. The eight primary biometric technologies are listed around the outer 
border, and for each technology the four major evaluation criteria are ranked from 
outside (better) to inside (worse). Looking at dynamic signature verification (DSV) 
will illustrate how the Zephyr Chart works. 
QUESTION 270: 
In terms of the order of effectiveness, which of the following technologies is the most 
affective? 
A. Fingerprint 
B. Iris scan 
C. Keystroke pattern 
D. Retina scan 
Answer: B 
Explanation: 
The order of effectiveness has not changed for a few years. It is still the same today 
as it was three years ago. The list below present them from most effective to list 
effective: 
Iris scan 
Retina scan 
Fingerprint 
Hand geometry 
Voice pattern 
Keystroke pattern 
Signature 
QUESTION 271: 
In terms of the order of effectiveness, which of the following technologies is the least 
effective? 
A. Voice pattern 
B. Signature 
C. Keystroke pattern 
D. Hand geometry 
Answer: B 
Explanation: 
The order of effectiveness has not changed for a few years. It is still the same today 
as it was three years ago. The list below present them from most effective to list 
effective: 
Iris scan 
Retina scan 
Fingerprint 
Hand geometry 
Voice pattern 
Keystroke pattern 
Signature 
QUESTION 272: 
In terms of the order of acceptance, which of the following technologies is the MOST 
accepted? 
A. Hand geometry 
B. Keystroke pattern 
C. Voice Pattern 
D. Signature 
Answer: C 
Explanation: 
The order of acceptance has slightly changed in the past years. It was Iris that was 
the most accepted method three years ago but today we have Voice Pattern that is by far 
the most accepted. Here is the list from most accepted first to least accepted at the 
bottom of the list: 
Voice Pattern 
Keystroke pattern 
Signature 
Hand geometry 
Handprint 
Fingerprint 
Iris 
Retina pattern 
QUESTION 273: 
In terms of the order of acceptance, which of the following technologies is the LEAST 
accepted? 
A. Fingerprint 
B. Iris 
C. Handprint 
D. Retina patterns 
Answer: D 
Explanation: 
The order of acceptance has slightly changed in the past years. It was Iris that was 
the most accepted method three years ago but today we have Voice Pattern that is by far 
the most accepted. Here is the list from most accepted first to least accepted at the 
bottom of the list: 
Voice Pattern 
Keystroke pattern 
Signature 
Hand geometry 
Handprint 
Fingerprint 
Iris 
Retina pattern 
QUESTION 274: 
Which of the following biometric characteristics cannot be used to uniquely authenticate 
an individual's identity? 
A. Retina scans 
B. Iris scans 
C. Palm scans 
D. Skin scans 
Answer: D 
QUESTION 275: 
Which of the following is true of two-factor authentication? 
A. It uses the RSA public-key signature based algorithm on integers with large prime factors 
B. It requires two measurements of hand geometry 
C. It does not use single sign-on technology 
D. It relies on two independent proofs of identity 
Answer: D 
QUESTION 276: 
What is Kerberos? 
A. A three-headed dog from Egyptian Mythology 
B. A trusted third-party authentication protocol 
C. A security model 
D. A remote authentication dial in user server 
Answer: B 
QUESTION 277: 
Which of the following is true about Kerberos? 
A. It utilized public key cryptography 
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text 
C. It depends upon symmetric ciphers 
D. It is a second party authentication system 
Answer: C 
"Kerberos relies upon symmetric key cryptography, specifically Data Encryption Standard 
(DES), and provides end-to-end security for authentication traffic between the client and the Key 
Distribution Center (KDC)." Pg. 15 Tittel: CISSP Study Guide 
QUESTION 278: 
Kerberos depends upon what encryption method? 
A. Public Key cryptography 
B. Private Key cryptography 
C. El Gamal cryptography 
D. Blowfish cryptography 
Answer: B 
Kerberos uses symmetric key cryptography and provides end-to-end security, meaning that 
information being passed between a user and a service is protected without the need of an 
intermediate component. Although it allows the use of passwords for authentication, it was 
designed specifically to eliminate the need for transmitting passwords over the network. Most 
Kerberos implementations work with cryptography keys and shared secret keys (private keys) 
instead of passwords. Pg 148 Shon Harris All-In-One CISSP Certification Exam Guide 
QUESTION 279: 
The primary service provided by Kerberos is which of the following? 
A. non-repudiation 
B. confidentiality 
C. authentication 
D. authorization 
Answer: C 
QUESTION 280: 
Which of the following are authentication server systems with operational modes that can 
implement SS0? 
A. Kerberos, SESAME and KryptoKnight 
B. SESAME, KryptoKnight and NetSP 
C. Kerberos and SESAME 
D. Kerberos, SESAME, KryptoKnight, and NetSP 
Answer: D 
"Scripts, directory services, thin clients, Kerberos, SESAME, NetSP, scripted access, and 
KrtyptoKnight are examples of SSO mechanisms." 
Pg. 14 Tittel: CISSP Study Guide Second Edition 
QUESTION 281: 
Which of the following is a trusted, third party authentication protocol that was developed 
under Project Athena at MIT? 
A. Kerberos 
B. SESAME 
C. KryptoKnight 
D. NetSP 
Answer: A 
"Kerberos is an authentication protocol and was designed in the mid-1980s as part of MIT's 
Project Athena." Pg 129 Shon Harris: All-in-One CISSP Certification 
QUESTION 282: 
Which of the following is true about Kerberos? 
A. It utilizes public key cryptography 
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. 
C. It depends upon symmetric ciphers 
D. It is a second party authentication system 
Answer: C 
QUESTION 283: 
One of the differences between Kerberos and KryptoKnight is that there is: 
A. a mapped relationship among the parties takes place 
B. there is a peer-to-peer relationship among the parties with themselves. 
C. there is no peer-to-peer relationship among the parties and the KDC 
D. a peer-to-peer relationship among the parties and the KDC 
Answer: D 
"Krytponight 
The IBM Kryptonight system provides authentication, SSO, and key distribution services. It was 
designed to support computers with widely varying computational capabilities. KryptoKnight 
uses a trusted Key Distribution Center (KDC) that knows the secret key of each party. One of the 
differences between kerberos and KrytoKnight is that there is a peer-to-peer relationship among 
the parties and the KDC." 
Pg. 58 Krutz: The CISSP Prep Guide: Gold Edition 
QUESTION 284: 
Which of the following is the MOST secure network access control procedure to adopt when using a callback 
device? 
A. The user enters a userid and PIN, and the device calls back the telephone number that corresponds to the 
userid. 
B. The user enters a userid, PIN, and telephone number, and the device calls back the telephone number 
entered. 
C. The user enters the telephone number, and the device verifies that the number exists in its database before 
calling back. 
D. The user enters the telephone number, and the device responds with a challenge. 
Answer: A 
Explanation: Usually a request for a username and password takes place and the NAS may 
hang up the call in order to call the user back at a predefined phone number. This is a 
security activity that is used to try and ensure that only authenticated users are given 
access to the network and it reverse the long distance charges back to the 
company...However, this security measure can be compromised if someone implements call 
forwarding. - Shon Harris All-in-one CISSP Certification Guide pg 463 
QUESTION 285: 
What is called the access protection system that limits connections by calling back the 
number of a previously authorized location? 
A. Sendback system 
B. Callback forward systems 
C. Callback systems 
D. Sendback forward systems 
Answer: C 
"Callback systems provide access protection by calling back the number of a previously 
authorized location, but this control can be compromised by call forwarding." Pg 48 Krutz: 
CISSP Prep Guide: Gold Edition. 
QUESTION 286: 
A confidential number to verify a user's identity is called a: 
A. PIN 
B. userid 
C. password 
D. challenge 
Answer: A 
QUESTION 287: 
How are memory cards and smart cards different? 
A. Memory cards normally hold more memory than smart cards 
B. Smart cards provide a two-factor authentication whereas memory cards don't 
C. Memory cards have no processing power 
D. Only smart cards can be used for ATM cards 
Answer: C 
"The main difference between memory cards and smart cards is the processing power. A 
memory card holds information, but does not process information. A smart card has the 
necessary hardware and logic to actually process information." Pg 121 Shon Harris CISSP 
All-In-One Exam Guide 
QUESTION 288: 
They in form of credit card-size memory cards or smart cards, or those resembling small 
calculators, are used to supply static and dynamic passwords are called: 
A. Tickets 
B. Tokens 
C. Token passing networks 
D. Coupons 
Answer: B 
QUESTION 289: 
Tokens, as a way to identify users are subject to what type of error? 
A. Token error 
B. Decrypt error 
C. Human error 
D. Encrypt error 
Answer: C 
Explanation: 
Tokens are a fantastic way of ensuring the identity of a user. However, you must 
remember that no system is immune to "human error". If the token is lost with it's pin 
written on it, or if it were loaned with the corresponding pin it would allow for 
masquerading. This is one of the greatest threats that you have with tokens. 
QUESTION 290: 
Which of the following factors may render a token based solution unusable? 
A. Token length 
B. Card size 
C. Battery lifespan 
D. None of the choices. 
Answer: C 
Explanation: 
Another limitation of some of the tokens is their battery lifespan. For example, in the 
case of SecurID you have a token that has a battery that will last from 1 to 3 years 
depending on the type of token you acquired. Some token companies such as Cryptocard 
have introduced tokens that have a small battery compartment allowing you to change the 
battery when it is discharged. 
QUESTION 291: 
Memory only cards work based on: 
A. Something you have. 
B. Something you know. 
C. None of the choices. 
D. Something you know and something you have. 
Answer: D 
Explanation: 
Memory Only Card - This type of card is the most common card. It has a magnetic stripe 
on the back. These cards can offer two-factor authentication, the card itself 
(something you have) and the PIN (something you know). Everyone is familiar with the 
use of an ATM (Automated Teller Machine) card. These memory cards are very easy to 
counterfeit. There was a case in Montreal where a storeowner would swipe the card 
through for the transaction; he hould then swipe it through a card reader to get a 
copy while a small hidden camera was registering the PIN as the user was punching it 
on the pad. This scheme was quickly identified as the victims had one point in common; 
they all visited the same store. 
QUESTION 292: 
Which of the following is a disadvantage of a memory only card? 
A. High cost to develop. 
B. High cost to operate. 
C. Physically infeasible. 
D. Easy to counterfeit. 
Answer: D 
Explanation: 
Memory Only Card - This type of card is the most common card. It has a magnetic stripe 
on the back. These cards can offer two-factor authentication, the card itself 
(something you have) and the PIN (something you know). Everyone is familiar with the 
use of an ATM (Automated Teller Machine) card. These memory cards are very easy to 
counterfeit. There was a case in Montreal where a storeowner would swipe the card 
through for the transaction; he hould then swipe it through a card reader to get a 
copy, while a small hidden camera was registering the PIN as the user was punching it 
on the pad. This scheme was quickly identified as the victims had one point in common; 
they all visited the same store. 
QUESTION 293: 
The word "smart card" has meanings of: 
A. Personal identity token containing IC-s. 
B. Processor IC card. 
C. IC card with ISO 7816 interface. 
D. All of the choices. 
Answer: D 
Explanation: 
The word "smart card" has four different meanings (in order of usage frequency): 
IC card with ISO 7816 interface 
Processor IC card 
Personal identity token containing IC-s 
Integrated Circuit(s) Card is ad ID-1 type (specified in ISO 7810) card, into which has 
been inserted one or more integrated circuits. [ISO 7816] 
QUESTION 294: 
Processor card contains which of the following components? 
A. Memory and hard drive. 
B. Memory and flash. 
C. Memory and processor. 
D. Cache and processor. 
Answer: C 
Explanation: 
Processor cards contain memory and a processor. They have remarkable data processing 
capabilities. Very often the data processing power is used to encrypt/decrypt data, 
which makes this type of card a very unique personal identification token. Data 
processing also permits dynamic storage management, which enables the realization of 
flexible multifunctional cards. 
QUESTION 295: 
Which of the following offers advantages such as the ability to use stronger passwords, 
easier password administration, and faster resource access? 
A. Smart cards 
B. Single Sign-on (SSO) 
C. Kerberos 
D. Public Key Infrastructure (PKI) 
Answer: B 
QUESTION 296: 
What is the main concern with single sign-on? 
A. Maximum unauthorized access would be possible if a password is disclosed 
B. The security administrator's workload would increase 
C. The users' password would be to hard to remember 
D. User access rights would be increased 
Answer: A 
QUESTION 297: 
Which of the following describes the major disadvantage of many SSO implementations? 
A. Once a user obtains access to the system through the initial log-on they can freely roam the 
network resources without any restrictions 
B. The initial logon process is cumbersome to discourage potential intruders 
C. Once a user obtains access to the system through the initial log-on, they only need to logon 
to some applications. 
D. Once a user obtains access to the system through the initial log-on, he has to logout from all 
other systems 
Answer: A 
Reference: "The major disadvantage of many SSO implementations is that once a user obtains 
access to the system through the initial logon, the user can freely roam the network resources 
without any restrictions." pg 53 Krutz: CISSP Prep Guide: Gold Edition 
QUESTION 298: 
Which of the following addresses cumbersome situations where users need to log on 
multiple times to access different resources? 
A. Single Sign-On (SSO) systems 
B. Dual Sign-On (DSO) systems 
C. Double Sign-On (DS0) systems 
D. Triple Sign-On (TSO) systems 
Answer: A 
QUESTION 299: 
A method for a user to identify and present credentials only once to a system is known as: 
A. SEC 
B. IPSec 
C. SSO 
D. SSL 
Answer: C 
Explanation: 
Single Sign-On (SSO) - This is a method for a users to identify and present credentials 
only once to a system. Information needed for future system access to resources is 
forwarded by the initial System. 
BENEFITS 
More efficient user log-on process 
Users select stronger passwords 
Inactivity timeout and attempt thresholds applied uniformly closer to user point of 
entry 
Improved timely disabling of all network/computer accounts for terminated users 
QUESTION 300: 
Which of the following correctly describe the features of SSO? 
A. More efficient log-on. 
B. More costly to administer. 
C. More costly to setup. 
D. More key exchanging involved. 
Answer: A 
Explanation: 
Single Sign-On (SSO) - This is a method for a users to identify and present credentials 
only once to a system. Information needed for future system access to resources is 
forwarded by the initial System. 
BENEFITS 
More efficient user log-on process 
Users select stronger passwords 
Inactivity timeout and attempt thresholds applied uniformly closer to user point of 
entry 
Improved timely disabling of all network/computer accounts for terminated users 
QUESTION 301: 
What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access Dial-In 
User System, Terminal Access Controller Access Control System) to authenticate dial-in users? 
A. Single user logons are easier to manage and audit. 
B. Each session has a unique (one-time) password assigned to it. 
C. Audit and access information are not kept on the access server. 
D. Call-back is very difficult to defeat. 
Answer: C 
Explanation: 
TACACS integrates the authentication and authorization processes. XTACACS keeps the authentication, 
authorization and accounting processes separate. TACACS+ improves XTACACS by adding two-factor 
authentication. - Ed Tittle CISSP Study Guide (sybex) pg 745 
QUESTION 302: 
Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a 
network entity to verify both 
A. The identity of a remote communicating entity and the authenticity of the source of the data that are 
received. 
B. The authenticity of a remote communicating entity and the path through which communications are received. 
C. The location of a remote communicating entity and the path through which communications are received. 
D. The identity of a remote communicating entity and the level of security of the path through which data are 
received. 
Answer: A 
Explanation: 
OSI model needs to know the source of the data and that it is who it says it is. Path it the data take is not cared 
about 
unless source routing is used. The level of security is not cared about inherently by the receiving node (in 
general) 
unless configured. A is the best option in this question. 
QUESTION 303: 
Which of the following is the most reliable authentication device? 
A. Variable callback system 
B. Smart card system 
C. fixed callback system 
D. Combination of variable and fixed callback system 
Answer: B 
QUESTION 304: 
Which of the following are proprietarily implemented by CISCO? 
A. RADIUS+ 
B. TACACS 
C. XTACACS and TACACS+ 
D. RADIUS 
Answer: C 
Explanation: 
Cisco implemented an enhanced version of TACACS, known as XTACACS (extended 
TACACS), 
which was also compatible with TACACS. It allowed for UDP and TCP encoding. XTACACS 
contained several improvements: It provided accounting functionality to track length of 
login and which hosts a user connected to, and it also separated the authentication, 
authorization, and accounting processes such that they could be independently 
implemented. None of the three functions are mandatory. XTACACS is described in RFC 
1492. 
TACACS+ is the latest Cisco implementation. It is best described as XTACACS with 
improved attribute control (authorization) and accounting. 
QUESTION 305: 
What is a protocol used for carrying authentication, authorization, and configuration 
information between a Network Access Server and a shared Authentication Server? 
A. IPSec 
B. RADIUS 
C. L2TP 
D. PPTP 
Answer: B 
Explanation: 
RADIUS is a protocol for carrying authentication, authorization, and configuration 
information between a Network Access Server, which desires to authenticate its links 
and a shared Authentication Server. RADIUS is a standard published in RFC2138 as 
mentioned above. 
QUESTION 306: 
RADIUS is defined by which RFC? 
A. 2168 
B. 2148 
C. 2138 
D. 2158 
Answer: C 
Explanation: 
RADIUS is a protocol for carrying authentication, authorization, and configuration 
information between a Network Access Server, which desires to authenticate its links 
and a shared Authentication Server. RADIUS is a standard published in RFC2138 as 
mentioned above. 
QUESTION 307: 
In a RADIUS architecture, which of the following acts as a client? 
A. A network Access Server. 
B. None of the choices. 
C. The end user. 
D. The authentication server. 
Answer: A 
Explanation: 
A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible 
for passing user information to designated RADIUS servers, and then acting on the 
response, which is returned. 
QUESTION 308: 
In a RADIUS architecture, which of the following can ac as a proxy client? 
A. The end user. 
B. A Network Access Server. 
C. The RADIUS authentication server. 
D. None of the choices. 
Answer: C 
Explanation: 
A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of 
authentication servers. 
QUESTION 309: 
Which of the following statements pertaining to RADIUS is incorrect? 
A. A RADIUS server can act as a proxy server, forwarding client requests to other 
authentication domains. 
B. Most of RADIUS clients have a capability to query secondary RADIUS servers for 
redundancy 
C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes 
D. Most RADIUS servers can work with DIAMETER servers. 
Answer: D 
QUESTION 310: 
Which of the following is the weakest authentication mechanism? 
A. Passphrases 
B. Passwords 
C. One-time passwords 
D. Token devices 
Answer: B 
QUESTION 311: 
What is the PRIMARY use of a password? 
A. Allow access to files 
B. Identify the user 
C. Authenticate the user 
D. Segregate various user's accesses 
Answer: C 
QUESTION 312: 
Software generated passwords have what drawbacks? 
A. Passwords are not easy to remember. 
B. Password are too secure. 
C. None of the choices. 
D. Passwords are unbreakable. 
Answer: A 
Explanation: 
Passwords generated by a software package or some operating systems. These password 
generators are good at producing unique and hard to guess passwords, however you must 
ensure that they are not so hard that people can't remember them. If you force your 
users to write their passwords down then you are defeating the purpose of having strong 
password management. 
QUESTION 313: 
What are the valid types of one time password generator? 
A. All of the choices. 
B. Transaction synchronous 
C. Synchronous/PIN synchronous 
D. Asynchronous/PIN asynchronous 
Answer: A 
Explanation: 
One-time Passwords are changed after every use. Handheld password generator (tokens) 3 
basic types: Synchronous/PIN synchronous, Transaction synchronous, Asynchronous/PIN 
asynchronous. 
QUESTION 314: 
Which of the following will you consider as most secure? 
A. Password 
B. One time password 
C. Login phrase 
D. Login ID 
Answer: B 
Explanation: 
Each time the user logs in, the token generates a unique password that is synchronized 
with the network server. If anyone tries to reuse this dynamic password, access is 
denied, the event is logged and the network remains secure. 
QUESTION 315: 
What type of password makes use of two totally unrelated words? 
A. Login phrase 
B. One time password 
C. Composition 
D. Login ID 
Answer: C 
Explanation: 
Usage of two totally unrelated words or a series of unrelated characters, such as 
pizza!wood for example. Such a password is easy to remember but very hard to guess. It 
would require a cracker quite a bit of time to do a brute force attack on a password 
that is that long and that uses an extended character as well. 
QUESTION 316: 
Which of the following is the correct account policy you should follow? 
A. All of the choices. 
B. All active accounts must have a password. 
C. All active accounts must have a long and complex pass phrase. 
D. All inactive accounts must have a password. 
Answer: B 
Explanation: 
All active accounts must have a password. Unless you are using an application or 
service designed to be accessed without the need of a proper ID and password. Such 
service must however be monitored by other means (not a recommended practicE.) 
QUESTION 317: 
Which of the following are the advantages of using passphrase? 
A. Difficult to crack using brute force. 
B. Offers numerous characters. 
C. Easier to remember. 
D. All of the choices. 
Answer: D 
Explanation: 
The use of passphrases is a good way of having very strong passwords. A passphrase is 
easier to remember, it offers numerous characters, and it is almost impossible to crack 
using brute force with today's processing power. An example of a passphrase could be: 
"Once upon a time in the CISSP world" 
QUESTION 318: 
Which of the following are the correct guidelines of password deployment? 
A. Passwords must be masked. 
B. All of the choices. 
C. Password must have a minimum of 8 characters. 
D. Password must contain a mix of both alphabetic and non-alphabetic characters. 
Answer: B 
Explanation: 
Passwords must not be displayed in plain text while logging on. Passwords must be 
masked. Password must have a minimum of 8 characters. Password must contain a mix of 
both alphabetic and non-alphabetic characters. Passwords must be kept private, e.g. not 
shared, coded into programs, or written down. 
QUESTION 319: 
Why would a 16 characters password not desirable? 
A. Hard to remember 
B. Offers numerous characters. 
C. Difficult to crack using brute force. 
D. All of the choices. 
Answer: A 
Explanation: 
When the password is too hard to memorize, the user will actually write it down, which 
is totally insecure and unacceptable. 
QUESTION 320: 
Which of the following is NOT a good password deployment guideline? 
A. Passwords must not be he same as user id or login id. 
B. Password aging must be enforced on all systems. 
C. Password must be easy to memorize. 
D. Passwords must be changed at least once every 60 days, depending on your environment. 
Answer: C 
Explanation: 
Passwords must be changed at least once every 60 days (depending on your environment). 
Password aging or expiration must be enforced on all systems. Upon password expiration, 
if the password is not changed, only three grace logins must be allowed then the 
account must be disable until reset by an administrator or the help desk. Password 
reuse is not allowed (rotating passwords). 
QUESTION 321: 
Routing password can be restricted by the use of: 
A. Password age 
B. Password history 
C. Complex password 
D. All of the choices 
Answer: B 
Explanation: 
Passwords must be changed at least once every 60 days (depending on your environment). 
Password aging or expiration must be enforced on all systems. Upon password expiration, 
if the password is not changed, only three grace logins must be allowed then the 
account must be disable until reset by an administrator or the help desk. Password 
reuse is not allowed (rotating passwords). 
QUESTION 322: 
What should you do immediately if the root password is compromised? 
A. Change the root password. 
B. Change all passwords. 
C. Increase the value of password age. 
D. Decrease the value of password history. 
Answer: B 
Explanation: 
All passwords must be changed if the root password is compromised or disclosure is 
suspected. (This is a separate case; the optimal solution would be to reload the 
compromised computer. A computer that has been downgraded can never be upgraded to 
higher security level) 
QUESTION 323: 
Which of the following is the most secure way to distribute password? 
A. Employees must send in an email before obtaining a password. 
B. Employees must show up in person and present proper identification before obtaining a 
password. 
C. Employees must send in a signed email before obtaining a password. 
D. None of the choices. 
Answer: B 
Explanation: 
Employees must show up in person and present proper identification before obtaining a 
new or changed password (depending on your policy). After three unsuccessful attempts 
to enter a password, the account will be locked and only an administrator or the help 
desk can reactivate the involved user ID. 
QUESTION 324: 
Which of the following does not apply to system-generated passwords? 
A. Passwords are harder to remember for users 
B. If the password-generating algorithm gets to be known, the entire system is in jeopardy 
C. Passwords are more vulnerable to brute force and dictionary attacks. 
D. Passwords are harder to guess for attackers 
Answer: C 
QUESTION 325: 
Passwords can be required to change monthly, quarterly, or any other intervals: 
A. depending on the criticality of the information needing protection 
B. depending on the criticality of the information needing protection and the password's 
frequency of use 
C. depending on the password's frequency of use 
D. not depending on the criticality of the information needing protection but depending on the 
password's frequency of use 
Answer: B 
QUESTION 326: 
In SSL/TLS protocol, what kind of authentication is supported? 
A. Peer-to-peer authentication 
B. Only server authentication (optional) 
C. Server authentication (mandatory) and client authentication (optional) 
D. Role based authentication scheme 
Answer: C 
"The server sends a message back to the client indicating that a secure session needs to be 
established, and the client sends it security parameters. The server compares those security 
parameters to its own until it finds a match. This is the handshaking phase. The server 
authenticates to the client by sending it a digital certificate, and if the client decides to trust the 
server the process continues. The server can require the client to send over a digital certificate 
for mutual authentication, but that is rare." 
Pg. 523 Shon Harris: All-In-One CISSP Certification Exam Guide 
QUESTION 327: 
Which of the following correctly describe the difference between identification and 
authentication? 
A. Authentication is a means to verify who you are, while identification is what you are 
authorized to perform. 
B. Identification is a means to verify who you are, while authentication is what you are 
authorized to perform. 
C. Identification is another name of authentication. 
D. Identification is the child process of authentication. 
Answer: B 
Explanation: 
Identification is a means to verify who you are. Authentication is what you are 
authorized to perform, access, or do. User identification enables accountability. It 
enables you to trace activities to individual users that may be held responsible for 
their actions. Identification usually takes the form of Logon ID or User ID. Some of 
the Logon ID characteristics are: they must be unique, not shared, and usually non 
descriptive of job function. 
QUESTION 328: 
Identification establishes: 
A. Authentication 
B. Accountability 
C. Authorization 
D. None of the choices. 
Answer: B 
Explanation: 
Identification is a means to verify who you are. Authentication is what you are 
authorized to perform, access, or do. User identification enables accountability. It 
enables you to trace activities to individual users that may be held responsible for 
their actions. Identification usually takes the form of Logon ID or User ID. Some of 
the Logon ID characteristics are: they must be unique, not shared, and usually non 
descriptive of job function. 
QUESTION 329: 
Identification usually takes the form of: 
A. Login ID. 
B. User password. 
C. None of the choices. 
D. Passphrase 
Answer: A 
Explanation: 
Identification is a means to verify who you are. Authentication is what you are 
authorized to perform, access, or do. User identification enables accountability. It 
enables you to trace activities to individual users that may be held responsible for 
their actions. Identification usually takes the form of Logon ID or User ID. Some of 
the Logon ID characteristics are: they must be unique, not shared, and usually non 
descriptive of job function 
QUESTION 330: 
What is called the act of a user professing an identity to a system, usually in the form of a 
log-on ID? 
A. Authentication 
B. Identification 
C. Integrity 
D. Confidentiality 
Answer: B 
"Identification is the act of a user professing an identity to a system, usually in the form of a 
logon ID to the system." Pg 49 Krutz The CISSP Prep Guide. 
"Identification describes a method of ensuring that a subject (user, program, or process) is the 
entity it claims to be. Identification can be provided with the use of a username or account 
number. To be properly authenticated, the subject is usually required to provide a second piece 
to the credential set. This piece could be a password, passphrase, cryptographic key, personal 
identification number (PIN), anatomical attribute, or token." Pg 110 Shon Harris: All-in-One 
CISSP Certification 
QUESTION 331: 
What is called the verification that the user's claimed identity is valid and is usually 
implemented through a user password at log-on time? 
A. Authentication 
B. Identification 
C. Integrity 
D. Confidentiality 
Answer: A 
QUESTION 332: 
Identification and authentication are the keystones of most access control systems. 
Identification establishes: 
A. user accountability for the actions on the system 
B. top management accountability for the actions on the system 
C. EDP department accountability for the actions of users on the system 
D. authentication for actions on the system 
Answer: A 
QUESTION 333: 
Which one of the following authentication mechanisms creates a problem for mobile users? 
A. address-based mechanism 
B. reusable password mechanism 
C. one-time password mechanism 
D. challenge response mechanism
Answer: A 
QUESTION 334: 
Which of the following centralized access control mechanisms is not appropriate for mobile 
workers access the corporate network over analog lines? 
A. TACACS 
B. Call-back 
C. CHAP 
D. RADIUS 
Answer: B 
QUESTION 335: 
Authentication is typically based upon: 
A. Something you have. 
B. Something you know. 
C. Something you are. 
D. All of the choices. 
Answer: D 
Explanation: 
Authentication is a means of verifying the eligibility of an entity to receive specific 
categories of information. The entity could be individual user, machine, or software 
component. Authentication is typically based upon something you know, something you 
have, or something you are. 
QUESTION 336: 
A password represents: 
A. Something you have. 
B. Something you know. 
C. All of the choices. 
D. Something you are. 
Answer: B 
Explanation: 
The canonical example of something you know is a password or pass phrase. You might 
type or speak the value. A number of schemes are possible for obtaining what you know. 
It might be assigned to you, or you may have picked the value yourself. Constraints may 
exist regarding the form the value can take, or the alphabet from which you are allowed 
to construct the value might be limited to letters only. If you forget the value, you 
may not be able to authenticate yourself to the system. 
QUESTION 337: 
A smart card represents: 
A. Something you are. 
B. Something you know. 
C. Something you have. 
D. All of the choices. 
Answer: C 
Explanation: 
Another form of authentication requires possession of something such as a key, a smart 
card, a disk, or some other device. Whatever form it takes, the authenticating item 
should be difficult to duplicate and may require synchronization with systems other 
than the one to which you are requesting access. Highly secure environments may require 
you to possess multiple things to guarantee authenticity. 
QUESTION 338: 
Which of the following is the most commonly used check on something you know? 
A. One time password 
B. Login phrase 
C. Retinal 
D. Password 
Answer: D 
Explanation: 
Passwords even though they are always mentioned as being unsecured, necessary evils, 
that put your infrastructure at risk, are still commonly used and will probably be used 
for quite a few years. Good passwords can provide you with a good first line of 
defense. Passwords are based on something the user knows. They are used to authenticate 
users before they can access specific resources. 
QUESTION 339: 
Retinal scans check for: 
A. Something you are. 
B. Something you have. 
C. Something you know. 
D. All of the choices. 
Answer: A 
Explanation: 
Something you are is really a special case of something you have. The usual examples 
given include fingerprint, voice, or retinal scans. 
QUESTION 340: 
What type of authentication takes advantage of an individuals unique physical 
characteristics in order to authenticate that persons identity? 
A. Password 
B. Token 
C. Ticket Granting 
D. Biometric 
Answer: D 
Explanation: 
Biometric authentication systems take advantage of an individual's unique physical 
characteristics in order to authenticate that person's identity. Various forms of 
biometric authentication include face, voice, eye, hand, signature, and fingerprint, 
each have their own advantages and disadvantages. When combined with the use of a PIN 
it can provide two factors authentication. 
QUESTION 341: 
What is called an automated means of identifying or authenticating the identity of a living 
person based on physiological or behavioral characteristics? 
A. Biometrics 
B. Micrometrics 
C. Macrometrics 
D. MicroBiometrics
Answer: A 
QUESTION 342: 
Which of the following forms of authentication would most likely apply a digital signature 
algorithm to every bit of data that is sent from the claimant to the verifier? 
A. Dynamic authentication 
B. Continuous authentication 
C. Encrypted authentication 
D. Robust authentication 
Answer: C 
The correct answer is C. Unable to find any references to continuous encryption. 
"A digital signature is the encrypted hash value of a message." Pg 550 Shon Harris: CISSP 
All-In-One Certification Exam Guide. 
"There are other options to improve the security offered by password authentication: 
Use the strongest form of one-way encryption available for password storage. 
Never allow passwords to be transmitted in clear text or with weak encryption." Pg. 9 Tittel: 
CISSP Study Guide 
"[Kerberos] A complicated exchange of tickets (i.e., cryptographic messages) between the client, 
the server, and the TGS is used to prove identity and provide authentication between the client 
and server. This allows the client to request resources from the server while having full 
assurance that both entities are who they claim to be. The exchange of encrypted tickets also 
ensures that no logon credentials, session keys, or authentication messages are ever transmitted 
in the clear text." Pg 14 Tittel: CISSP Study Guide 
QUESTION 343: 
In which situation would TEMPEST risks and technologies be of MOST interest? 
A. Where high availability is vital. 
B. Where the consequences of disclose are very high. 
C. Where countermeasures are easy to implement 
D. Where data base integrity is crucial 
Answer: B 
Emanation eavesdropping. Receipt and display of information, which is resident on computers or 
terminals, through the interception of radio frequency (RF) signals generated by those computers 
or terminals. The U.S. government established a program called TEMPEST that addressed this 
problem by requiring a shielding and other emanation-reducing mechanisms to be employed on 
computers processing sensitive and classified government information. . -Ronald Krutz The 
CISSP PREP Guide (gold edition) pg 416 
QUESTION 344: 
Which one of the following addresses the protection of computers and components from electromagnetic 
emissions? 
A. TEMPEST 
B. ISO 9000 
C. Hardening 
D. IEEE 802.2 
Answer: A 
Receipt and Display of information, which is resident on computers or terminals, thorugh the 
interception of Radio Frequency (RF) signals generated by those computers or terminals. The 
U.S. government established a program called Tempest that addressed this problem by requiring 
shielding and other emanation-reducing mechanisms to be employed on computers processing 
sensitive and classified government information. -Ronald Krutz The CISSP PREP Guide (gold 
edition) pg 416 
QUESTION 345: 
Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant 
advantage? 
A. Defeat the TEMPEST safeguard 
B. Bypass the system security application. 
C. Gain system information without trespassing 
D. Undetectable active monitoring. 
Answer: D 
Tempest equipment is implemented to prevent intruders from picking up information through the 
airwaves with listening devices. - Shon Harris All-in-one CISSP Certification Guide pg 192. In 
Harris's other book CISSP PASSPORT, she talks about tempest in terms of spy movies and how 
a van outside is listening or monitoring to the activities of someone. This lends credence to the 
answer of C (trespassing) but I think D is more correct. In that all the listener must do is listen to 
the RF. Use your best judgment based on experience and knowledge. 
QUESTION 346: 
What name is given to the study and control of signal emanations from electrical and electromagnetic 
equipment? 
A. EMI 
B. Cross Talk 
C. EMP 
D. TEMPEST 
Answer: D 
QUESTION 347: 
TEMPEST addresses 
A. The vulnerability of time-dependent transmissions. 
B. Health hazards of electronic equipment. 
C. Signal emanations from electronic equipment. 
D. The protection of data from high energy attacks. 
Answer: C 
"Tempest is the study and control of spurious electrical signals that are emitted by electrical 
equipment." Pg 167 Shon Harris: All-In-One CISSP Certification Exam Guide 
QUESTION 348: 
Which one of the following is the MOST solid defense against interception of a network 
transmission? 
A. Frequency hopping 
B. Optical fiber 
C. Alternate routing 
D. Encryption 
Answer: B 
An alternative to conductor-based network cabling is fiber-optic cable. Fiber-optic cables 
transmit pulses of light rather than electricity. This has the advantage of being extremely fast and 
near impervious to tapping. 
Pg 85 Tittel: CISSP Study Guide. 
QUESTION 349: 
Which of the following media is MOST resistant to tapping? 
A. Microwave 
B. Twisted pair 
C. Coaxial cable 
D. Fiber optic 
Answer: D 
QUESTION 350: 
What type of wiretapping involves injecting something into the communications? 
A. Aggressive 
B. Captive 
C. Passive 
D. Active 
Answer: D 
Most communications are vulnerable to some type of wiretapping or eavesdropping. It can usually be done 
undetected and is referred to as a passive attack versus an active attack. - Shon Harris All-in-one CISSP 
Certification Guide pg 649 
"(I) An attack that intercepts and accesses data and other information contained in a flow in a 
communication system. (C) Although the term originally referred to making a mechanical 
connection to an electrical conductor that links two nodes, it is now used to refer to reading 
information from any sort of medium used for a link or even directly from a node, such as 
gateway or subnetwork switch. (C) "Active wiretapping" attempts to alter the data or otherwise 
affect the flow; "passive wiretapping" only attempts to observe the flow and gain knowledge of 
information it contains. (See: active attack, end-to-end encryption, passive attack.)" 
http://www.linuxsecurity.com/dictionary/dict-455.html 
QUESTION 351: 
Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized 
disclosure than switched Ethernet in a hub-and-spoke or star topology? 
A. IEEE 802.5 protocol for Ethernet cannot support encryption. 
B. Ethernet is a broadcast technology. 
C. Hub and spoke connections are highly multiplexed. 
D. TCP/IP is an insecure protocol. 
Answer: B 
Ethernet is broadcast and the question asks about a bus topology vs a SWITCHED Ethernet. 
Most switched Ethernet lans are divided by vlans which contain broadcasts to a single vlan, but 
remember only a layer 3 device can stop a broadcast. 
QUESTION 352: 
What type of attacks occurs when a smartcard is operating under normal physical 
conditions, but sensitive information is gained by examining the bytes going to and from 
the smartcard? 
A. Physical attacks. 
B. Logical attacks. 
C. Trojan Horse attacks. 
D. Social Engineering attacks. 
Answer: B 
Explanation: 
Logical attacks occur when a smartcard is operating under normal physical conditions, 
but sensitive information is gained by examining the bytes going to and from the 
smartcard. One example is the so-called "timing attack" described by Paul Kocher. In 
this attack, various byte patterns are sent to the card to be signed by the private 
key. Information such as the time required to perform the operation and the number of 
zeroes and ones in the input bytes are used to eventually obtain the private key. There 
are logical countermeasures to this attack but not all smartcard manufacturers have 
implemented them. This attack does require that the PIN to the card be known, so that 
many private key operations can be performed on chosen input bytes. 
QUESTION 353: 
What is an effective countermeasure against Trojan horse attack that targets smart cards? 
A. Singe-access device driver architecture. 
B. Handprint driver architecture. 
C. Fingerprint driver architecture. 
D. All of the choices. 
Answer: A 
Explanation: 
The countermeasure to prevent this attack is to use "single-access device driver" 
architecture. With this type of architecture, the operating system enforces that only 
one application can have access to the serial device (and thus the smartcard) at any 
given time. This prevents the attack but also lessens the convenience of the smartcard 
because multiple applications cannot use the services of the card at the same time. 
Another way to prevent the attack is by using a smartcard that enforces a "one private 
key usage per PIN entry" policy model. In this model, the user must enter their PIN 
every single time the private key is to be used and therefore the Trojan horse would 
not have access to the key. 
QUESTION 354: 
Which of the following could illegally capture network user passwords? 
A. Data diddling 
B. Sniffing 
C. Spoofing 
D. Smurfing 
Answer: B 
QUESTION 355: 
Which of the following statements is incorrect? 
A. Since the early days of mankind humans have struggled with the problems of protecting 
assets 
B. The addition of a PIN keypad to the card reader was a solution to unreported card or lost 
cards problems 
C. There has never been a problem of lost keys 
D. Human guard is an inefficient and sometimes ineffective method of protecting resources 
Answer: C 
QUESTION 356: 
A system uses a numeric password with 1-4 digits. How many passwords need to be tried 
before it is cracked? 
A. 1024 
B. 10000 
C. 100000 
D. 1000000 
Answer: B 
The largest 4 digit number is 9999. So 10,000 is the closest answer. 
QUESTION 357: 
Which of the following can be used to protect your system against brute force password 
attack? 
A. Decrease the value of password history. 
B. Employees must send in a signed email before obtaining a password. 
C. After three unsuccessful attempts to enter a password, the account will be locked. 
D. Increase the value of password age. 
Answer: C 
Explanation: 
Employees must show up in person and present proper identification before obtaining a 
new or changed password (depending on your policy). After three unsuccessful attempts 
to enter a password, the account will be locked and only an administrator or the help 
desk can reactivate the involved user ID. 
QUESTION 358: 
Which of the following is an effective measure against a certain type of brute force 
password attack? 
A. Password used must not be a word found in a dictionary. 
B. Password history is used. 
C. Password reuse is not allowed. 
D. None of the choices. 
Answer: A 
Explanation: 
Password reuse is not allowed (rotating passwords). Password history must be used to 
prevent users from reusing passwords. On all systems with such a facility the last 12 
passwords used will be kept in the history. All computer system users must choose 
passwords that cannot be easily guessed. Passwords used must not be a word found in a 
dictionary. 
QUESTION 359: 
Which type of attack will most likely provide an attacker with multiple passwords to 
authenticate to a system? 
A. Password sniffing 
B. Dictionary attack 
C. Dumpster diving 
D. Social engineering 
Answer: A 
QUESTION 360: 
Which of the following are measures against password sniffing? 
A. Passwords must not be sent through email in plain text. 
B. Passwords must not be stored in plain text on any electronic media. 
C. You may store passwords electronically if it is encrypted. 
D. All of the choices. 
Answer: D
Explanation: 
Passwords must not be sent through email in plain text. Passwords must not be stored in 
plain text on any electronic media. It is acceptable to store passwords in a file if it 
is encrypted with PGP or equivalent strong encryption (once again depending on your 
organization policy). All vendor supplied default passwords must be changed. 
QUESTION 361: 
Which one of the following conditions is NOT necessary for a long dictionary attack to succeed? 
A. The attacker must have access to the target system. 
B. The attacker must have read access to the password file. 
C. The attacker must have write access to the password file. 
D. The attacker must know the password encryption mechanism and key variable. 
Answer: C 
Explanation: 
The program encrypts the combination of characters and compares them to the encrypted entries 
in the password file. If a match is found, the program has uncovered a password. - Shon Harris 
All-in-one CISSP Certification Guide pg 199 
QUESTION 362: 
What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain 
access to a target computer system? 
A. Keyspace for the password. 
B. Expertise of the person performing the attack. 
C. Processing speed of the system executing the attack. 
D. Encryption algorithm used for password transfer. 
Answer: A 
Explanation: 
I am not sure of the answer on this question. B seems good but the reference below states that 
Keyspace (or length of password) is the main deterrent. I did not come across something that 
directly relates in my readings. 
"If an attacker mounts a trial-and-error attack against your password, a longer password gives the 
attacker a larger number of alternatives to try. If each character in the password may take on 96 
different values (typical of printable ASCII characters) then each additional character presents 
the attacker with 96 times as many passwords to try. If the number of alternatives is large 
enough, the trial-and-error attack might discourage the attacker, or lead to the attacker's 
detection." http://www.smat.us/sanity/riskyrules.html 
QUESTION 363: 
Which one of the following BEST describes a password cracker? 
A. A program that can locate and read a password file. 
B. A program that provides software registration passwords or keys. 
C. A program that performs comparative analysis. 
D. A program that obtains privileged access to the system. 
Answer: C 
Explanation: 
In a dictionary crack, L0phtCrack encrypts (i.e., hashes) all the passwords in a dictionary file 
you specify and compares every result with the password hash. If L0phtCrack finds any matches, 
it knows the password is the dictionary word. L0phtCrack comes with a default dictionary file, 
words-english. You can download additional files from the Internet or create a custom file. In the 
Tools Options dialog box, you can choose to run the dictionary attack against the LANMAN 
password hash, the NT LAN Manager (NTLM) password hash, or both (which is the default). 
In a hybrid crack, L0phtCrack extends the dictionary crack by appending numbers or symbols to 
each word in the dictionary file. For example, in addition to trying "Galileo," L0phtCrack also 
tries "Galileo24," "13Galileo," "?Galileo," "Galileo!," and so on. The default number of 
characters L0phtCrack tries is two, and you can change this number in the Tools Options dialog 
box. 
In a brute-force crack, L0phtCrack tries every possible combination of characters in a character 
set. L0phtCrack offers four character sets, ranging from alpha only to all alphanumeric plus all 
symbol characters. You can choose a character set from the Character Set drop-down box in the 
Tools Options dialog box or type a custom character set in the Character Set drop-down box. 
L0phtCrack saves custom sets in files with an .lc extension. You can also specify a character set 
in the password file, as the example in Figure 2 shows. 
Not B: A key generator is what is being described by the registration password or key answer. 
QUESTION 364: 
If a token and 4-digit personal identification number (PIN) are used to access a computer system and the 
token performs off-line checking for the correct PIN, what type of attack is possible? 
A. Birthday 
B. Brute force 
C. Man-in-the-middle 
D. Smurf 
Answer: B 
Explanation: 
Brute force attacks are performed with tools that cycle through many possible character, number, 
and symbol combinations to guess a password. Pg 134 Shon Harris CISSP All-In-One 
Certification Exam Guide. Since the token allows offline checking of PIN, the cracker can keep 
trying PINS until it is cracked. 
QUESTION 365: 
Which of the following actions can increase the cost of an exhaustive attack? 
A. Increase the age of a password. 
B. Increase the length of a password. 
C. None of the choices. 
D. Increase the history of a password. 
Answer: B 
Explanation: 
Defenses against exhaustive attacks involve increasing the cost of the attack by 
increasing the number of possibilities to be exhausted. For example, increasing the 
length of a password will increase the cost of an exhaustive attack. Increasing the 
effective length of a cryptographic key variable will make it more resistant to an 
exhaustive attack. 
QUESTION 366: 
Which of the following attacks focus on cracking passwords? 
A. SMURF 
B. Spamming 
C. Teardrop 
D. Dictionary 
Answer: D 
Explanation: 
Dictionaries may be used in a cracking program to determine passwords. A short 
dictionary attack involves trying a list of hundreds or thousands of words that are 
frequently chosen as passwords against several systems. Although most systems resist 
such attacks, some do not. In one case, one system in five yielded to a particular 
dictionary attack. 
QUESTION 367: 
Which of the following can best eliminate dial-up access through a Remote Access Server 
as a hacking vector? 
A. Using TACACS+ server 
B. Installing the Remote Access Server outside the firewall and forcing legitimate users to 
authenticate to the firewall. 
C. Setting modem ring count to at least 5 
D. Only attaching modems to non-networked hosts. 
Answer: B 
QUESTION 368: 
What is known as decoy system designed to lure a potential attacker away from critical systems? 
A. Honey Pots 
B. Vulnerability Analysis Systems 
C. File Integrity Checker 
D. Padded Cells 
Answer: A 
Explanation: 
Honey pots are decoy systems that are designed to lure a potential attacker away from 
critical systems. Honey pots are designed to: 
Divert an attacker from accessing critical systems, 
Collect information about the attacker's activity, and encourage the attacker to stay 
on the system long enough for administrators to respond. 
QUESTION 369: 
Which of the following will you consider as a program that monitors data traveling over a 
network? 
A. Smurfer 
B. Sniffer 
C. Fragmenter 
D. Spoofer 
Answer: B 
Explanation: 
A sniffer is a program and/or device that monitor data traveling over a network. 
Sniffers can be used both for legitimate network management functions and for stealing 
information off a network. Unauthorized sniffers can be extremely dangerous to a 
network's security because they are virtually impossible to detect 
QUESTION 370: 
Which of the following is NOT a system-sensing wireless proximity card? 
A. magnetically striped card 
B. passive device 
C. field-powered device 
D. transponder 
Answer: A 
QUESTION 371: 
Attacks on smartcards generally fall into what categories? 
A. Physical attacks. 
B. Trojan Horse attacks. 
C. Logical attacks. 
D. All of the choices, plus Social Engineering attacks. 
Answer: D 
Explanation: 
Attacks on smartcards generally fall into four categories: Logical attacks, Physical 
attacks, Trojan Horse attacks and Social Engineering attacks. 
QUESTION 372: 
Which of the following attacks could be the most successful when the security technology is 
properly implemented and configured? 
A. Logical attacks 
B. Physical attacks 
C. Social Engineering attacks 
D. Trojan Horse attacks 
Answer: C 
Explanation: 
Social Engineering attacks - In computer security systems, this type of attack is 
usually the most successful, especially when the security technology is properly 
implemented and configured. Usually, these attacks rely on the faults in human beings. 
An example of a social engineering attack has a hacker impersonating a network service 
technician. The serviceman approaches a low-level employee and requests their password 
for network servicing purposes. With smartcards, this type of attack is a bit more 
difficult. Most people would not trust an impersonator wishing to have their smartcard 
and PIN for service purposes. 
QUESTION 373: 
What type of attacks occurs when normal physical conditions are altered in order to gain 
access to sensitive information on the smartcard? 
A. Physical attacks 
B. Logical attacks 
C. Trojan Horse attacks 
D. Social Engineering attacks 
Answer: A 
Explanation: 
Physical attacks occur when normal physical conditions, such as temperature, clock 
frequency, voltage, etc, are altered in order to gain access to sensitive information 
on the smartcard. Most smartcard operating systems write sensitive data to the EEPROM 
area in a proprietary, encrypted manner so that it is difficult to obtain clear text 
keys by directly hacking into the EEPROM. Other physical attacks that have proven to be 
successful involve an intense physical fluctuation at the precise time and location 
where the PIN verification takes place. Thus, sensitive card functions can be performed 
even though the PIN is unknown. This type of attack can be combined with the logical 
attack mentioned above in order to gain knowledge of the private key. Most physical 
attacks require special equipment. 
QUESTION 374: 
Which one of the following is an example of electronic piggybacking? 
A. Attaching to a communications line and substituting data. 
B. Abruptly terminating a dial-up or direct-connect session. 
C. Following an authorized user into the computer room. 
D. Recording and playing back computer transactions. 
Answer: C 
Ok this is a weird little question. The term electronic is kinda of throwing me a bit. A lot of times piggybacking 
can 
be used in terms of following someone in a building. 
Piggyback - Gaining unauthorized access to a system via another user's legitimate connection. (see 
between-the-lines entry) 
Between-the-lines entry 0 Unauthorized access obtained by tapping the temporarily inactive terminal of a 
legitimate 
user. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 914, 885 
QUESTION 375: 
A system using Discretionary Access Control (DAC) is vulnerable to which one of the 
following attacks? 
A. Trojan horse 
B. Phreaking 
C. Spoofing 
D. SYN flood 
Answer: C 
An attempt to gain access to a system by posing as an authorized user. Synonymous with 
impersonating, masquerading, or mimicking.-Ronald Krutz The CISSP PREP Guide (gold 
edition) pg 921 
"Spoofing - The act of replacing the valid source and/or destination IP address and node numbers 
with false ones. 
Spoofing attack - any attack that involves spoofed or modified packets." - Ed Tittle CISSP Study 
Guide (sybex) 
QUESTION 376: 
Which of the following is an example of an active attack? 
A. Traffic analysis 
B. Masquerading 
C. Eavesdropping 
D. Shoulder surfing 
Answer: B 
QUESTION 377: 
What attack involves actions to mimic one's identity? 
A. Brute force 
B. Exhaustive 
C. Social engineering 
D. Spoofing 
Answer: D 
Explanation: 
Spoofing is an attack in which one person or process pretends to be a person or process 
that has more privileges. For example, user A can mimic behavior to make process B 
believe user A is user C. In the absence of any other controls, B may be duped into 
giving to user A the data and privileges that were intended for user C. 
QUESTION 378: 
Which access control model enables the owner of the resource to specify what subjects can 
access specific resources? 
A. Discretionary Access Control 
B. Mandatory Access Control 
C. Sensitive Access Control 
D. Role-based Access Control 
Answer: A 
QUESTION 379: 
The type of discretionary access control that is based on an individual's identity is called: 
A. Identity-based access control 
B. Rule-based access control 
C. Non-Discretionary access control 
D. Lattice-based access control 
Answer: A 
QUESTION 380: 
Which of the following access control types gives "UPDATE" privileges on Structured Query Language 
(SQL) database objects to specific users or groups? 
A. Supplemental 
B. Discretionary 
C. Mandatory 
D. System 
Answer: C 
Supplemental and System are not access control types. The most correct answer is mandatory 
opposed to discretionary. The descriptions below sound typical of how a sql accounting database 
controls access. 
"In a mandatory access control (MAC) model, users and data owners do not have as much 
freedom to determine who can access their files. Data owners can allow others to have access to 
their files, but it is the operating system that will make the final decision and can override the 
data owner's wishes." Pg. 154 Shon Harris CISSP All-In-One Certification Exam Guide 
"Rule-based access controls are a variation of mandatory access controls. A rule based systems 
uses a set of rules, restrictions or filters to determine what can and cannot occur on the system, 
such as granting subject access, performing an action on an object, or accessing a resource. Pg 
16 Tittle: CISSP Study Guide. 
QUESTION 381: 
With Discretionary access controls, who determines who has access and what privilege they 
have? 
A. End users. 
B. None of the choices. 
C. Resource owners. 
D. Only the administrators. 
Answer: C 
Explanation: 
Discretionary access controls can extend beyond limiting which subjects can gain what 
type of access to which objects. Administrators can limit access to certain times of 
day or days of the week. Typically, the period during which access would be permitted 
is 9 a.m. to 5 p.m. Monday through Friday. Such a limitation is designed to ensure that 
access takes place only when supervisory personnel are present, to discourage 
unauthorized use of data. Further, subjects' rights to access might be suspended when 
they are on vacation or leave of absence. When subjects leave an organization 
altogether, their rights must be terminated rather than merely suspended. Under this 
type of control, the owner determines who has access and what privilege they have. 
QUESTION 382: 
What defines an imposed access control level? 
A. MAC 
B. DAC 
C. SAC 
D. CAC 
Answer: A 
Explanation: 
MAC is defined as follows in the Handbook of Information Security Management: With 
mandatory controls, only administrators and not owners of resources may make decisions 
that bear on or derive from policy. Only an administrator may change the category of a 
resource, and no one may grant a right of access that is explicitly forbidden in the 
access control policy. 
QUESTION 383: 
Under MAC, who can change the category of a resource? 
A. All users. 
B. Administrators only. 
C. All managers. 
D. None of the choices. 
Answer: B 
Explanation: 
MAC is defined as follows in the Handbook of Information Security Management: With 
mandatory controls, only administrators and not owners of resources may make decisions 
that bear on or derive from policy. Only an administrator may change the category of a 
resource, and no one may grant a right of access that is explicitly forbidden in the 
access control policy. 
QUESTION 384: 
Under MAC, who may grant a right of access that is explicitly forbidden in the access 
control policy? 
A. None of the choices. 
B. All users. 
C. Administrators only. 
D. All managers. 
Answer: A 
Explanation: 
MAC is defined as follows in the Handbook of Information Security Management: With 
mandatory controls, only administrators and not owners of resources may make decisions 
that bear on or derive from policy. Only an administrator may change the category of a 
resource, and no one may grant a right of access that is explicitly forbidden in the 
access control policy. 
QUESTION 385: 
You may describe MAC as: 
A. Opportunistic 
B. Prohibitive 
C. None of the choices. 
D. Permissive 
Answer: B 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 386: 
Under MAC, which of the following is true? 
A. All that is expressly permitted is forbidden. 
B. All that is not expressly permitted is forbidden. 
C. All that is not expressly permitted is not forbidden. 
D. None of the choices. 
Answer: B 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 387: 
Under MAC, a clearance is a: 
A. Sensitivity 
B. Subject 
C. Privilege 
D. Object 
Answer: C 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 388: 
Under MAC, a file is a(n): 
A. Privilege 
B. Subject 
C. Sensitivity 
D. Object 
Answer: D 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 389: 
Under MAC, classification reflects: 
A. Sensitivity 
B. Subject 
C. Privilege 
D. Object 
Answer: A 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 390: 
MAC is used for: 
A. Defining imposed access control level. 
Actualtests.com - The Power of Knowing 
CISSP 
B. Defining user preferences. 
C. None of the choices. 
D. Defining discretionary access control level. 
Answer: A 
Explanation: 
As the name implies, the Mandatory Access Control defines an imposed access control 
level. MAC is defined as follows in the Handbook of Information Security Management: 
With mandatory controls, only administrators and not owners of resources may make 
decisions that bear on or derive from policy. Only an administrator may change the 
category of a resource, and no one may grant a right of access that is explicitly 
forbidden in the access control policy. 
QUESTION 391: 
With MAC, who may make decisions that bear on policy? 
A. None of the choices. 
B. All users. 
C. Only the administrator. 
D. All users except guests. 
Answer: C 
Explanation: 
As the name implies, the Mandatory Access Control defines an imposed access control 
level. MAC is defined as follows in the Handbook of Information Security Management: 
With mandatory controls, only administrators and not owners of resources may make 
decisions that bear on or derive from policy. Only an administrator may change the 
category of a resource, and no one may grant a right of access that is explicitly 
forbidden in the access control policy.
QUESTION 392: 
With MAC, who may NOT make decisions that derive from policy? 
A. All users except the administrator. 
B. The administrator. 
C. The power users. 
D. The guests. 
Answer: A 
Explanation: 
As the name implies, the Mandatory Access Control defines an imposed access control 
level. MAC is defined as follows in the Handbook of Information Security Management: 
With mandatory controls, only administrators and not owners of resources may make 
decisions that bear on or derive from policy. Only an administrator may change the 
category of a resource, and no one may grant a right of access that is explicitly 
forbidden in the access control policy. 
QUESTION 393: 
Under the MAC control system, what is required? 
A. Performance monitoring 
B. Labeling 
C. Sensing 
D. None of the choices 
Answer: B 
Explanation: 
It is important to note that mandatory controls are prohibitive (i.e., all that is not 
expressly permitted is forbidden), not permissive. Only within that context do 
discretionary controls operate, prohibiting still more access with the same 
exclusionary principle. In this type of control system decisions are based on privilege 
(clearance) of subject (user) and sensitivity (classification) of object (file). It 
requires labeling. 
QUESTION 394: 
Access controls that are not based on the policy are characterized as: 
A. Secret controls 
B. Mandatory controls 
C. Discretionary controls 
D. Corrective controls 
Answer: C 
Explanation: 
Access controls that are not based on the policy are characterized as discretionary 
controls by the U.S. government and as need-to-know controls by other organizations. 
The latter term connotes least privilege - those who may read an item of data are 
precisely those whose tasks entail the need. 
QUESTION 395: 
DAC are characterized by many organizations as: 
A. Need-to-know controls 
B. Preventive controls 
C. Mandatory adjustable controls 
D. None of the choices 
Answer: A 
Explanation: 
Access controls that are not based on the policy are characterized as discretionary 
controls by the U.S. government and as need-to-know controls by other organizations. 
The latter term connotes least privilege - those who may read an item of data are 
precisely those whose tasks entail the need. 
QUESTION 396: 
Which of the following correctly describe DAC? 
A. It is the most secure method. 
B. It is of the B2 class. 
C. It can extend beyond limiting which subjects can gain what type of access to which objects. 
D. It is of the B1 class. 
Answer: C 
Explanation: 
With DAC, administrators can limit access to certain times of day or days of the week. 
Typically, the period during which access would be permitted is 9 a.m. to 5 p.m. Monday 
through Friday. Such a limitation is designed to ensure that access takes place only 
when supervisory personnel are present, to discourage unauthorized use of data. 
Further, subjects' rights to access might be suspended when they are on vacation or 
leave of absence. When subjects leave an organization altogether, their rights must be 
terminated rather than merely suspended. 
QUESTION 397: 
Under DAC, a subjects rights must be ________ when it leaves an organization altogether. 
A. recycled 
B. terminated 
C. suspended 
D. resumed 
Answer: B 
Explanation: 
Discretionary access controls can extend beyond limiting which subjects can gain what 
type of access to which objects. Administrators can limit access to certain times of 
day or days of the week. Typically, the period during which access would be permitted 
is 9 a.m. to 5 p.m. Monday through Friday. Such a limitation is designed to ensure that 
access takes place only when supervisory personnel are present, to discourage 
unauthorized use of data. Further, subjects' rights to access might be suspended when 
they are on vacation or leave of absence. When subjects leave an organization 
altogether, their rights must be terminated rather than merely suspended. 
QUESTION 398: 
In a discretionary mode, which of the following entities is authorized to grant information 
access to other people? 
A. manager 
B. group leader 
C. security manager 
D. user 
Answer: D 
QUESTION 399: 
With RBAC, each user can be assigned: 
A. One or more roles. 
B. Only one role. 
C. A token role. 
D. A security token. 
Answer: A 
Explanation: 
With RBAC, security is managed at a level that corresponds closely to the 
organization's structure. Each user is assigned one or more roles, and each role is 
assigned one or more privileges that are permitted to users in that role. Roles can be 
hierarchical. 
QUESTION 400: 
With RBAC, roles are: 
A. Based on labels. 
B. All equal 
C. Hierarchical 
D. Based on flows. 
Answer: C 
Explanation: 
With RBAC, security is managed at a level that corresponds closely to the 
organization's structure. Each user is assigned one or more roles, and each role is 
assigned one or more privileges that are permitted to users in that role. Roles can be 
hierarchical.

Leave a Reply

Your email address will not be published. Required fields are marked *