State information.
Question: 391.
Which of the following items should not be retained in an E-mail directory? A. Drafts of documents. B. Copies of documents. C. Permanent records. D. Temporary documents. Answer: C Explanation:
a good practice to have Permanent documents in your e-mail, this is because you don’t know if your –mail is always backed up, and maybe the document must be available in a corporate repository. There is not problem to have Copies, draft or temporary documents in your e-mail. The important ones for the company are the Permanent documents.
Question: 392.
Which of the following department managers would be best suited to oversee the development of an information security policy?
A. Information systems B. Human resources C. Business operations D. Security administration Answer: C Explanation:
He is the most appropriate manager, this is because he know the inns and outs of the business processes inside the company. Remember that he manages the business operations, and are those operations the ones that make the company live and generate the revenue. He knows who should access what and when. Security administrators develop the policy with the information provided by persons like the Business operations manager. Human Resources is not appropriate in this case, and the Information systems manager know about the technology, but not the business needs of the company.
Question: 393.
Which of the following countermeasures is not appropriate for war dialing attacks? A. Monitoring and auditing for such activity.
B. Disabling call forwarding.
C. Making sure only necessary phone numbers are made public. D. Using completely different numbers for voice and data accesses. Answer: B
Explanation:
War dialing, or scanning, has been a common activity in the computer underground and computer security industry for decades. Hollywood made war dialing popular with the 1983 movie, War Games, in which a teenager searching for a videogame company ultimately uncovers a government nuclear war warning system. The act of war dialing is extremely simple – a host computer dials a given range of telephone numbers using a modem. Every telephone number that answers with a modem and successfully connects to the host is stored in a log. Disabling call forwarding is not a useful countermeasure because it’s the attacker machine the one who
connects to the attacked system and forwarding is not an issue inside the attack. Answer A, C and D can be used as countermeasures to harder the war dial attack.
Question: 394.
Which of the following tools is less likely to be used by a hacker? A. I0phtcrack
B. Tripwire C. Crack
D. John the Ripper Answer: B
Explanation:
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintenance, and functionality. This tool is not usually used by hackers to attack, its usually used to defend against hackers attacks. L0phtcrack is a hacker utility to get passwords, Crack and John the Ripper are also password crackers.
Question: 395.
Which of the following logical access exposures involves changing data before, or as it is entered into the computer?
A. Data diddling B. Salami techniques C. Trojan horses D. Viruses Answer: A Explanation:
This kind of attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. This kind of attack was used in the past to steal small quantities of money and transfer them to the attackers account, there are many other uses too. Trojan horses open ports without the user knowledge to permit remote control and a Virus is a malicious piece of code that executed inside your computer.
Question: 396.
Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts?
A. Lower CASE B. Middle CASE C. Upper CASE D. I-CASE Answer: B Explanation:
This is the proper name, you can search for “Middle CASE” on the Internet. “Middle CASE” its a CASE flavor and UML design tool that provides the required functionality like screen and report layouts and detailed designs. There are many well known vendors providing this kind of tools for the development process of Software.
Question: 397.
What is called the number of columns in a table? A. Schema B. Relation C. Degree D. Cardinality Answer: C Page 137 of 401
Explanation:
In database terminology, is the same to say that the number of Degrees is “X” and that the number of columns is “X” inside a Table. This question is just trying to test our knowledge of rare, difficult to fin terminology. You can check this in the knowledgebase of Oracle. When we talk about degrees, we are just talking about columns. The schema is the structure of the database, and the relations are the way each table relates to others.
Question: 398.
Which of the following is the most reliable authentication device? A. Variable callback system
B. Smart Card system C. Fixed callback system
D. Combination of variable and fixed callback system. Answer: B
Explanation:
The smart card, an intelligent token, is a credit card sized plastic card embedded with an integrated circuit chip. It provides not only memory capacity, but computational capability as well. The selfcontainment of smart card makes it resistant to attack as it does not need to depend upon potentially vulnerable external resources. Because of this characteristic, smart cards are often used in different applications which require strong security protection and authentication. Option B is the most correct option, this is because Callback systems are not considered very reliable in the CISSP examination, Smart cards can also provide 2 mode authentication.
"Caller ID and callback options are great, but they are usually not practical because they require users to call in from a static phone number each time they access the network. Most users are accessing the network remotely because they are on the road and moving from place to place." Pg. 428 Shon Harris: All-In-One CISSP Certification Guide.
Question: 399.
Which of the following firewall rules is less likely to be found on a firewall installed between and organization internal network and the Internet?
A. Permit all traffic to and from local host. B. Permit all inbound ssh traffic
C. Permit all inbound tcp connections.
D. Permit all syslog traffic to log-server.abc.org. Answer: C
Explanation:
Option “C” is a very bad practice in a firewall connecting one of its interfaces to a public network like Internet. Since in that rule you are allowing all inbound TCP traffic, the hackers can send all the attacks they want to any TCP port, they can make port scanning, Syn Attacks, and many other dangerous DoS activities to our private network. Permit the traffic from local host is a best practice, our firewall is the local host. Permit SSH (Secure Shell) is also good because this protocol use cryptography.
Question: 400.
The Internet can be utilized by either?
A. Public or private networks (with a Virtual Private Networks). B. Private or public networks (with a Virtual Private Networks). C. Home or private networks (with a Virtual Private Networks).
D. Public or home networks (with a Virtual Private Networks). Answer: B
Explanation:
This is true, you can utilize Internet from a Private network and get access through an access translation method that gives you a valid IP address to make the request. Or you can access the Internet directly from a routable, public IP address contained in a public network. To increase security, you can create VPN´s to pass information between two endpoints with confidentiality through the Internet.
Question: 401.
This backup method must be made regardless of whether Differential or Incremental methods are used.
A. Full Backup Method
B. Incremental backup method C. Differential backup method D. Tape backup method Answer: A
Explanation:
Since the “Full” backup method provides a baseline for our systems for Restore, the full backup must be done at least once regardless of the method you are using. Its very common to use full backups in combination with incremental or differential ones to decrease the backup time (however you increment the restore time), but there is no way to maintain a system only with incremental or differential backups. You always need to begin from your restore baseline, the Full Backup.
Question: 402.
Why do buffer overflows happen?
A. Because buffers can only hold so much data.
B. Because input data is not checked for appropriate length at time of input. C. Because they are an easy weakness to exploit.
D. Because of insufficient system memory. Answer: B
Question: 403.
Which of the following should not be performed by an operator? A. Mounting disk or tape
B. Backup and recovery C. Data entry
D. Handling hardware Answer: C
Explanation:
This is very obvious, the operators are responsible of making operative tasks that deals with the hardware and software implementations, they can handle the hardware and put t in condition for the user, be in charge of the backup and restore procedures and Mounting the disk or tapes
for the backup. Those are all common tasks. When we talk about the data entry, is the user who has to make does, If the operator do that too, what is the user going to do?
Question: 404.
What security model is dependant on security labels? A. Discretionary access control
B. Label-based access control C. Mandatory access control D. Non-discretionary access control Answer: C
Explanation:
With mandatory controls, only administrators and not owners of resources may make
decisions that bear on or derive from policy. Only an administrator may change the category of a resource, and no one may grant a right of access that is explicitly forbidden in the access control policy. This kind of access control method is based on Security labels. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden).
Question: 405.
Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following?
A. Audit log capabilities B. Event capture capabilities C. Event triage capabilities D. Audit notification capabilities Answer: A
Explanation:
This is one of the weakest point of IDS systems installed on the individual hosts. Since much of the malicious activity could be circulating through the network, and this kind of IDS usually have small logging capabilities and of local nature. So any activity happening in the network could go unnoticed, and intrusions can’t be tracked as in depth as we could with an enterprise IDS solution providing centralized logging capabilities.
Question: 406.
Computer crime is generally made possible by which of the following? A. The perpetrator obtaining training & special knowledge.
B. Victim carelessness.
C. Collusion with others in information processing D. System design flaws.
Answer: B
Explanation:
This is a real problem, nobody thinks that can be victim of a computer crime until it is. There is a big problem relating to the people thinking about this kind of attacks. Computer crimes can be very important and can make great damage to enterprises. Computer Crime will decrease once people begin to think about the Risks and begin to protect their systems from the most common attacks.
Question: 407.
The structures, transmission methods, transport formats, and security measures that are used to provide integrity, availability, authentication, and confidentiality for transmissions over private and public communications networks and media includes?
A. The Telecommunications and Network Security domain. B. The Telecommunications and Netware Security domain. C. The Technical communications and Network Security domain. D. The Telnet and Network Security domain.
Answer: A
Explanation:
This is pretty straight forward. The four principal pillars of computer security: integrity, authentication, confidentiality and availability are all part of the network security and
telecommunication domain. Why? Because those pillars deal with that. We provide integrity through digital signatures, authentication through passwords, confidentiality through encryption and availability by fault tolerance and disaster recovery. All of those are networking and telecommunication components.
Question: 408.
Which of the following is the lowest TCSEC class where in the system must protected against covert storage channels (but not necessarily covert timing channels)?
A. B2 B. B1 C. B3 D. A1 Answer: A Explanation:
The B2 class referenced in the orange book is the formal security policy model based on device labels that can use DAC (Discretionary access controls) and MAC (Mandatory Access Controls). It provides functionality about covert channel control. It does not require covert timing channels. You can review the B2 section of the Orange Book.
Question: 409.
Which type of control is concerned with avoiding occurrences of risks? A. Deterrent controls B. Detective controls C. Preventive controls D. Compensating controls Answer: C Explanation:
Preventive controls deals with the avoidance of risk through the diminution of probabilities. Is like the example we read earlier about the dogs. Just to remember, Since we want to prevent something from happening, we can go out and buy some Guard dogs to make the job. You are buying them because you want to prevent something from happening. The intruder will see the dogs and will maybe go back, this prevents an attack, this dogs are a form of preventive control.
The basic function of an FRDS is to?
A. Protect file servers from data loss and a loss of availability due to disk failure. B. Persistent file servers from data gain and a gain of availability due to disk failure. C. Prudent file servers from data loss and a loss of acceptability due to disk failure. D. Packet file servers from data loss and a loss of accountability due to disk failure. Answer: A
Explanation:
FRDS systems will give us the functionality to protect our servers from disk failure an allow us to have highly available file services in our production servers. FRDS provides high availability against many types of disk failures and well known problems, if one disk goes down, the others still work providing no downtime. FRDS solutions are the preferred way to protect file servers against data corruption and loss. You can see more about FRDS in the Internet, search “FRDS System”.
Question: 411.
Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP Answer: D Explanation:
Internet Control Message Protocol. ICMP is used for diagnostics in the network. The Unix program, ping, uses ICMP messages to detect the status of other hosts in the net. ICMP
messages can either be queries (in the case of ping) or error reports, such as when a network is unreachable. This protocol resides in layer 3 of the OSI model (Network layer).
Question: 412.
This tape format can be used to backup data systems in addition to its original intended audio used by:
A. Digital Audio tape (DAT) B. Digital video tape (DVT) C. Digital Casio Tape (DCT) D. Digital Voice Tape (DVT) Answer: A
Explanation:
Digital Audio Tape (DAT or R-DAT) is a signal recording and playback medium introduced by Sony in 1987. In appearance it is similar to a compact audio cassette, using 1/8" magnetic tape enclosed in a protective shell, but is roughly half the size at 73 mm x 54 mm x 10.5 mm. As the name suggests the recording is digital rather than analog, DAT converting and recording at the same rate as a CD (44.1 kHz sampling rate and 16 bits quantization) without data compression. This means that the entire input signal is retained. If a digital source is copied then the DAT will produce an exact clone.
The format was designed for audio use, but through an ISO standard it has been adopted for general data storage, storing from 4 to 40 GB on a 120 meter tape depending on the standard and compression (DDS-1 to DDS-4). It is, naturally, sequential-access media and is commonly
used for backups. Due to the higher requirements for integrity in data backups a computer-grade DAT was introduced.
Question: 413.
By examining the “state” and “context” of the incoming data packets, it helps to track the protocols that are considered “connectionless”, such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in?
A. First generation firewall systems. B. Second generation firewall systems. C. Third generation firewall systems. D. Fourth generation firewall systems. Answer: C
Explanation:
Statefull inspection is a third generation firewall technology designed to be aware of, and inspect, not only the information being received, but the dynamic connection and transmission state of the information being received. Control decisions are made by analyzing and utilizing the following: Communication Information, Communication derived state, Application derived state and information manipulation. Here are some characteristics of Statefull Inspection technology on Firewalls:
1. Scan information from all layers in the packet.
2. Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it. 3. Provides tracking support for connectionless protocols through the use of session state databases.
4. Allow state information derived from other applications access through the firewall for Authorized services only, such as previously authenticated users.
5. Evaluate and manipulate flexible expressions based on communication and application derived
state information.
Question: 414.
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment. B. The use of physical force.
C. The operation of access control devices. D. The need to detect unauthorized access. Answer: A
Explanation:
This is the correct answer, we don’t have guards only to use physical force, that is not the real functionality of them if your security policy is well oriented. They are not only there to operate control devices and to detect unauthorized access, as stated in CISSP documentation, the appropriate function of a guard inside a security program is the use of discriminating judgment.
Question: 415.
A server cluster looks like a?
A. Single server from the user’s point of view. B. Dual server from the user’s point of view.
C. Tripe server from the user’s point of view. D. Quardle server from the user’s point of view. Answer: A
Explanation:
A “Cluster” is a grouping of machines running certain services providing high availability and fault tolerance fro them. In other words, they are grouped together as a means of fail over
support. From the users view, a cluster is a single server, but its only a logical one, you can have an array of 4 server in cluster all with the same IP address (/achieving correct resolution through ARP), there is no difference for the client.
Question: 416.
Which of the following are functions that are compatible in a properly segregated environment? A. Application programming and computer operation.
B. System programming and job control analysis. C. Access authorization and database administration. D. System development and systems maintenance. Answer: D
Explanation:
If you think about it, System development and system maintenance are perfectly compatible, you can develop in the systems for certain time, and when it time for a maintenance, you stop the development process an make the maintenance. It’s a pretty straight forward process. The other answers do not provide the simplicity and freedom of this option.
Question: 417.
Encryption is applicable to all of the following OSI/ISO layers except: A. Network layer
B. Physical layer C. Session layer D. Data link layer Answer: B
Explanation:
The Physical Layer describes the physical properties of the various communications media, as well as the electrical properties and interpretation of the exchanged signals. Ex: this layer defines the size of Ethernet coaxial cable, the type of BNC connector used, and the termination method. You cannot encrypt nothing at this layer because its physical, it is not protocol / software based.