CISSP Asset Security Practice Exam Final File Trabslate Exam Set 3

Control of communications test equipment should be clearly addressed by security which of the following reasons?


Options are :

  • Test equipment is easily damaged.
  • None
  • Test equipment can scroll through the data passes through the network. (Correct)
  • Test equipment is difficult to replace if lost or stolen.
  • Test equipment must always be available to maintenance personnel.

Answer : Test equipment can scroll through the data passes through the network.

Which of the following is the best practice used to reduce the risk of co-operation?


Options are :

  • separation of Duties
  • of least privilege
  • None
  • Cycle (Correct)
  • Mandatory Vacations

Answer : Cycle

CISSP Security and Risk Management Certified Practice Exam Set 3

Security should be, above all, which of the following?


Options are :

  • Cost-effective. (Correct)
  • Examine both monetary and non-monetary terms.
  • Information related to the value.
  • None
  • Covering all identified

Answer : Cost-effective.

Which of the following access control models presents the user a safety report and the basis of the information?


Options are :

  • Role-based access control
  • Mandatory access control (Correct)
  • discretionary access control
  • None
  • discretionary Access Control

Answer : Mandatory access control

Passwords can be necessary to change monthly, quarterly, annually or at other intervals:


Options are :

  • Depending on the frequency of use of a password.
  • Depending on the criticality of the data protection need of password and frequency of use. (Correct)
  • not depending on the criticality of the data protection need of a password, but depending on the frequency of use.
  • None
  • Depending on the criticality of the data need to be protected.

Answer : Depending on the criticality of the data protection need of password and frequency of use.

Which of the following BEST is defined as an expansion pack security?


Options are :

  • Protective mechanisms are implemented as part of the information system
  • Layer Security.
  • None
  • Protective Mechanisms implemented after the computer system is in operation. (Correct)
  • Physical security is supplemented logical security measures.

Answer : Protective Mechanisms implemented after the computer system is in operation.

Which of the following would be the best defined as the absence or weakness of the safeguards that could be used?


Options are :

  • Threat
  • The vulnerability. (Correct)
  • Exposure.
  • None
  • The vulnerability.

Answer : The vulnerability.

Where the temperature does not damage the magnetic media begins to progress?


Options are :

  • None
  • 100 degrees Fahrenheit or 37.7 degrees (Correct)
  • 150 degrees Celsius or 65.5
  • 125 degrees Fahrenheit or 51.66
  • 175 degrees Fahrenheit or 79.4 degrees

Answer : 100 degrees Fahrenheit or 37.7 degrees

What would be the best define an encrypted channel?


Options are :

  • None
  • Open system should close the opening.
  • An undocumented backdoor that is left to the programmer operating system
  • Trojan horse
  • Audio communication channel which enables the transfer of information in a manner that violates the system's security policy. (Correct)

Answer : Audio communication channel which enables the transfer of information in a manner that violates the system's security policy.

Which of the following sets minimum national certification and accreditation with national security?


Options are :

  • TCSEC
  • NIACAP (Correct)
  • DIACA
  • HIPAA
  • None

Answer : NIACAP

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Virus scanning and content inspection S / MIME to encrypt e-mail without making any further treatment is:


Options are :

  • Only possible core recovery of all system keys
  • None
  • It is only possible if the X509 version 3 certificates are used
  • Not possible (Correct)
  • It is only possible to "brute force" decryption

Answer : Not possible

What is dumpster diving?


Options are :

  • Passing through another person's garbage to dispose of the document information and various other items that could be used for that person or company (Correct)
  • None
  • We are living in a waste bin
  • Performing a media analysis
  • performing forensics deleted items

Answer : Passing through another person's garbage to dispose of the document information and various other items that could be used for that person or company

Which of the following best describes the exploitation ,?


Options are :

  • An intentional hidden message or feature in an object such as a piece of software or a movie.
  • A chunk of data or a sequence of commands that use of the fault, the fault or vulnerability to provide an inadvertent or unexpected behavior occurs in computer programs. (Correct)
  • None
  • The state in which the program (either an application or a part of the operating system) ceases to fulfill the expected function and also stops responding to other parts ofthe system.
  • An abnormal state in which the process tries to store data outside of the corner of fixed length buffer.

Answer : A chunk of data or a sequence of commands that use of the fault, the fault or vulnerability to provide an inadvertent or unexpected behavior occurs in computer programs.

Who should decide how the company should approach security and what security measures should be taken?


Options are :

  • Senior management (Correct)
  • the data owner
  • Information security expert
  • None
  • Accountant

Answer : Senior management

What security model is dependent on the safety labels?


Options are :

  • Label-based access control
  • discretionary Access Control
  • Mandatory access control (Correct)
  • None
  • discretionary access control

Answer : Mandatory access control

Which of the following groups represent the leading source of computer crime losses?


Options are :

  • Employees (Correct)
  • industrial saboteurs
  • hackers
  • Foreign intelligence officers
  • None

Answer : Employees

CISSP-ISSAP Information Systems Security Architecture Exam Set 3

Which of the following security models are compared to the patient's condition to the classification of the object in such a way that specific rules may be applied to control the subject-to-object interactions happen?


Options are :

  • Bell-LaPadula model (Correct)
  • Access Matrix model
  • Take-Grant model
  • None
  • Biba model

Answer : Bell-LaPadula model

Which of the following best to define integral part of the calculation techniques for embedding discreet tags or labels of bits of digital data for detecting and extracting characters or later?


Options are :

  • The digital envelope (Correct)
  • steganography
  • None
  • Digital signature
  • Digital watermarking

Answer : The digital envelope

What shall determine the classification for the objects of the following access control models?


Options are :

  • Role-based access control
  • discretionary Access Control
  • None
  • Mandatory access control (Correct)
  • Identity-based access control

Answer : Mandatory access control

What can be described by the following conditions is a process to encrypt data to another file or media, a practice known as data security obscurity?


Options are :

  • None
  • ADS - Alternate data streams
  • steganography (Correct)
  • NTFS ADS
  • encryption

Answer : steganography

Failing to secure, or weakness in the system, which can possibly be called a (n)?


Options are :

  • threat
  • Risk
  • susceptibility (Correct)
  • None
  • Exposure

Answer : susceptibility

What can be defined as an event that can cause damage to computer systems?


Options are :

  • Threat (Correct)
  • weakness
  • Risk
  • None
  • vulnerability

Answer : Threat

Which of the following would be the most appropriate counter-measures to prevent possible infiltration and damage wardialing attacks?


Options are :

  • Requires user authentication (Correct)
  • Using a completely different numbers for voice and data accesses
  • Just make the necessary phone numbers are public
  • None
  • Monitoring and inspection of activity

Answer : Requires user authentication

CobiT developed within the framework of COSO. Which of the options below that best describe the main objectives of the COSO and purpose?


Options are :

  • COSO's main purpose is to define a sound risk management approach to financial companies.
  • COSO risk management system is used for the protection of federal systems.
  • COSO's main purpose is to help ensure fraudulent financial reporting may not happen in the organization (Correct)
  • COSO addresses corporate culture and policy development
  • None

Answer : COSO's main purpose is to help ensure fraudulent financial reporting may not happen in the organization

CISSP-ISSEP Information Systems Security Engineering Exam Set 1

Which of the following is used to generate authentication and confidentiality of e-mail messages?


Options are :

  • None
  • MD4
  • PGP (Correct)
  • IPSEC AH
  • Digital signature

Answer : PGP

Every access control model allows the owner of the resource to define what subjects can access specific resources based on their identity?


Options are :

  • Role-based Access Control
  • Discretionary Access Control (Correct)
  • Mandatory Access Control
  • Sensitive Access Control
  • None

Answer : Discretionary Access Control

Which of the following results of devastating business interruptions?


Options are :

  • Loss of Communication Related Links
  • loss Applications
  • Loss of Hardware / Software
  • loss of data (Correct)
  • None

Answer : loss of data

Kerberos can prevent attacks, which of the following?


Options are :

  • None
  • The process of attack.
  • The devastating attack.
  • Tunneling attack.
  • .Playback (latest) attack. (Correct)

Answer : .Playback (latest) attack.

Who of the following is responsible for ensuring that proper controls are in place to deal with integrity, confidentiality and availability of information systems and data?


Options are :

  • Business and functional leaders
  • The system and data owners (Correct)
  • Chief information Officer
  • Information security professionals
  • None

Answer : The system and data owners

Which of the following access control models based on sensitivity labels?


Options are :

  • Role-based access control
  • Mandatory access control (Correct)
  • None
  • Rule-based access control
  • discretionary Access Control

Answer : Mandatory access control

CISSP Security Engineering Certification Practical Exam Set 2

What are the three most important functions of digital signatures do?


Options are :

  • The authorization, Detection and Accountability
  • Integrity, confidentiality and authorization
  • None
  • Integrity, authentication and non-repudiation (Correct)
  • Authorization, Authentication and Non-Repudiation

Answer : Integrity, authentication and non-repudiation

What are the four areas that make up the CobiT?


Options are :

  • To design and implement, maintain and implement, deliver and support, as well as to monitor and evaluate
  • None
  • Acquire and implement, deliver and support, monitor and evaluate
  • .Plan and organize, acquire and implement, deliver and support, as well as to monitor and evaluate (Correct)
  • To design and implement, acquire and implement, support and procurement, as well as to monitor and evaluate

Answer : .Plan and organize, acquire and implement, deliver and support, as well as to monitor and evaluate

Which of the following is responsible for most of the security issues?


Options are :

  • personnel (Correct)
  • hackers
  • equipment failure
  • outside Espionage
  • None

Answer : personnel

IT security measures should be:


Options are :

  • to ensure that every resource of the organization is well-protected.
  • tailored to meet the organization's security objectives. (Correct)
  • can not be developed laminated manner.
  • None
  • be complicated.

Answer : tailored to meet the organization's security objectives.

Which of the following could be best defined as the probability of a threat agent taking advantage of the vulnerability?


Options are :

  • Residual value risk.
  • None
  • Countermeasure method.
  • Risk. (Correct)
  • Exposure.

Answer : Risk.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now