Type II errors occur when which of the following biometric system rates is high?
QUESTION NO: 13 Due are is not related to:
5) Optimizing. Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies
QUESTION NO: 33
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud simulates the tones of coins being deposited into a payphone?
A. Red Boxes B. Blue Boxes C. White Boxes D. Black Boxes
Answer: A
Explanation: The Red box basically simulates the sounds of coins being dropped into the coin slot of a payphone. The traditional Red Box consisting of a pair of Wien-bridge oscillators with the timing controlled by 555 timer chips.
The Blue Box, The mother of all boxes, The first box in history, which started the whole phreaking scene.
Invented by John Draper (aka "Captain Crunch") in the early 60s, who discovered that by sending a tone of 2600Hz over the telephone lines of AT&T, it was possible to make free calls.
A Black Box is a device that is hooked up to your phone that fixes your phone so that when you get a call, the caller doesn't get charged for the call. This is good for calls up to 1/2 hour, after 1/2 hour the Phone Co.
gets suspicious, and then you can guess what happens.
The White Box turns a normal touch tone keypad into a portable unit. This kind of box can be commonly found in a phone shop.
QUESTION NO: 34
What is the proper term to refer to a single unit of Ethernet data?
A. Ethernet segment B. Ethernet datagram C. Ethernet frame D. Ethernet packet
Answer: C
Explanation: Ethernet traffic is transported in units of a frame, where each frame has a definite beginning and end. Here is an Ethernet frame:
In this picture we define:
• Preamble Field used for synchronization, 64-bits
• Destination Address Ethernet address of the destination host, 48-bits
• Source Address Ethernet address of the source host, 48-bits
• Type of data encapsulated, e.g. IP, ARP, RARP, etc, 16-bits.
• Data Field Data area, 46-1500 bytes, which has
Destination Address Internet address of destination host Source Address Internet address of source host
• CRC Cyclical Redundancy Check, used for error detection
QUESTION NO: 35
Which of the following represents an ALE calculation?
A. Singe loss expectancy x annualized rate of occurrence.
B. Gross loss expectancy x loss frequency.
C. Actual replacement cost – proceeds of salvage.
D. Asset value x loss expectancy.
Answer: A
Explanation: ALE (Annualized Loss Expectancy) calculations are a component of every risk analysis process. ALE calculations when done properly portray risk accurately. ALE calculations provide meaningful cost/benefit analysis. ALE calculations are used to:
• Identify risks
• Plan budgets for information risk management
• Calculate loss expectancy in annualized terms
SLE x ARO = ALE
QUESTION NO: 36
IF an operating system permits executable objects to be used simultaneously by multiple users without a refresh of the objects, what security problem is most likely to exist?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.
Answer: A
Explanation: This is a well known issue knew by many programmers, since the operating system is allowing the executables to be used by many users in different sessions at the same time, and there is not refreshing every certain time, there will be a disclosure of residual data. To fix this we need to get sure that objects are refreshed frequently, for added security its better an OS that does not allow the use of an executable object by many users at the same time.
QUESTION NO: 37
Tape arrays use a large device with multiple (sometimes 32 or 64) tapes that are configured as a?
A. Single array B. Dual array C. Triple array D. Quadruple array
Answer: A
Explanation: This is the function of a tape robot/changer working on a media library / jukebox. We can get as many as 32 / 64 or even more tapes action as a single logical unit. You can have a robot that changes and retrieves the different tapes when they are needed, so you see the whole bunch of tapes as it’s a single logical storage solution for you. This kind of solutions are very expensive.
QUESTION NO: 38
Why would anomaly detection IDSs often generate a large number of false positives?
A. Because they can only identify correctly attacks they already know about.
B. Because they are application-based are more subject to attacks.
C. Because they cant identify abnormal behavior.
D. Because normal patterns of user and system behavior can vary wildly.
Answer: D
Explanation: One of the most obvious reasons why false alarms occur is because tools are stateless. To detect an intrusion, simple pattern matching of signatures is often insufficient. However, that's what most tools do. Then, if the signature is not carefully designed, there will be lots of matches. For example, tools detect attacks in sendmail by looking for the words "DEBUG" or "WIZARD" as the first word of a line. If this is in the body of the message, it's in fact innocuous, but if the tool doesn't differentiate between the header and the body of the mail, then a false alarm is generated.
Finally, there are many events happening in the course of the normal life of any system or network that can be mistaken for attacks. A lot of sysadmin activity can be catalogued as anomalous. Therefore, a clear correlation between attack data and administrative data should be established to cross-check that everything happening on a system is actually desired.
Normal patterns and user activities are usually confused with attacks by IDS devices, its expected that the 2nd generations IDS systems will decrease the percent of false positives.
QUESTION NO: 39
According to private sector data classification levels, how would salary levels and medical information be classified?
A. Public B. Sensitive C. Private D. Confidential
Answer: C
Explanation: According to the classification levels of the private sector, this information is classified as Private because this information is from a personal nature. There is no need for other employees to see details about your health or you salary range, this can lead to internal problems inside the company, problems like jealous employees.
QUESTION NO: 40
Which of the following is used in database information security to hide information?
A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation
Answer: B
Explanation: Polyinstantiation represents an environment characterized by information stored in more than one location in the database. This permits a security model with multiple levels-of-view and authorization.
The current problem with polyinstantiation is ensuring the integrity of the information in the database.
Without an effective method for the simultaneous updating of all occurrences of the same data element - integrity cannot be guaranteed.
QUESTION NO: 41
Which of the following evaluates the product against the specification?
A. Verification B. Validation C. Concurrence D. Accuracy
Answer: A
Explanation: This is the proper term, “Verification”, this term is used when we are making a comparison of a product against a specification. For example, you can have a product that is build on open standards, you can have a proof of that by making a “verification” of it against the standards or specifications included in those.
QUESTION NO: 42
Application Level Firewalls are commonly a host computer running proxy server software, which makes a?
A. Proxy Client B. Proxy Session C. Proxy System D. Proxy Server
Answer: D
Explanation: A proxy server is a server that sits between a client and server application, such as a Web browser and a source web server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the original source web server. Firewalls usually provides this kind of services to have more control over user request and allow / deny the traffic of those through the gateway. At this time the most common Proxy server is for HTTP protocol, we can also have proxies for SMTP and FTP.
QUESTION NO: 43
What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim’s machine on any open port that is listening?
A. Bonk attack B. Land attack C. Teardrop attack D. Smurf attack
Answer: B
Explanation: The Land attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim's machine on any open port that is listening. If the packet(s) contain the same destination and source IP address as the host, the victim's machine could hang or reboot.
In addition, most systems experience a total freeze up, where as CTRL-ALT-DELETE fails to work, the mouse and keyboard become non operational and the only method of correction is to reboot via a reset button on the system or by turning the machine off.
Vulnerable Systems:
This will affect almost all Windows 95, Windows NT, Windows for Workgroups systems that are not properly patched and allow Net Bios over TCP/IP.
In addition, machines running services such as HTTP, FTP, Identd, etc that do not filter packet(s), that contain the same source / destination IP address, can still be vulnerable to attack through those ports.
Prevention:
This attack can be prevented for open / listening ports by filtering inbound packets containing the same source / destination IP address at the router or firewall level.
For most home users not running a lot of services, and for those who use IRC, disabling the Identd server within their client will stop most attacks since the identd service (113) is becoming the most attacked service/port.
QUESTION NO: 44
The beginning and the end of each transfer during asynchronous communication data transfer are marked by?
Explanation: The ASYNCHRONOUS (ASYNC) format for data transmission is a procedure or protocol in which each information CHARACTER or BYTE is individually synchronized or FRAMED by the use of Start and Stop Elements, also referred to as START BITS and STOP BITS. The Asynchronous
Transmission Format is also known as START-STOP mode or CHARACTER mode. Each character or byte is framed as a separate and independent unit of DATA that may be transmitted and received at irregular and
independent time intervals. The characters or bytes may also be transmitted as a contiguous stream or series of characters.
QUESTION NO: 45
Most of unplanned downtime of information systems is attributed to which of the following?
A. Hardware failure B. Natural disaster C. Human error D. Software failure
Answer: A
Explanation: This is what the static’s says. Most of the downtime is cause of unexpected hardware failure.
Commonly you just replace the FRU (Field replazable unit) when they fail. Usually a well written software does not fail if the hardware is running correctly. The human errors are controllable and natural disasters are not very often. Hardware failure is very common, it’s a good practice to have spare disks, NIC and any other hardware FRU´s in your company to minimize the downtime with quick replacements.
QUESTION NO: 46
Raid that functions as part of the operating system on the file server A. Software implementation
B. Hardware implementation C. Network implementation D. Netware implementation
Answer: A
Explanation: This kind of RAID is totally depended on the operating system, this is because the server does not have any special hardware - RAID controller in the board. This kind of RAID implementation usually degrades performance because it takes many CPU cycles. A very common example of software RAID is the support for it on Windows 2000 Server, where you can create RAID 0,1 and 5 through heterogeneous disks, you can even make a RAID between one SCSI and one EIDE disk. The software implementation is
hardware independent always that the disks are recognized by the Operating System.
QUESTION NO: 47
During which phase of an IT system life cycle are security requirements developed?
A. Operation
B. Initiation C. Development D. Implementation
Answer: C
Explanation: The System Development Life Cycle is the process of developing information systems through investigation, analysis, design, implementation, and maintenance. The System Development Life Cycle (SDLC) is also known as Information Systems Development or Application Development. If you take a look at the standard IT system life cycle chart, you will see that everything that deals with security
requirements is done at the “development” stage. In this stage you can create the access controls, the form of authentication to use and all the other security requirements.
QUESTION NO: 48
Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of?
A. Deterrent controls B. Output controls
C. Information flow controls D. Asset controls
Answer: B
Explanation: Since we want to deal with printer reports, we are talking about output controls, Why, because printer produce output, and we can control it. As a best practice you can have people dedicated in the
company to receive the different print jobs in the printing center, and people that takes care of the
confidential information requiring a signature from the sender stating that the document was delivered to the owner in a timely and secure fashion.
QUESTION NO: 49
Non-Discretionary Access Control. A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on?
A. The societies role in the organization.
B. The individual’s role in the organization.
C. The group-dynamics as they relate to the individual’s role in the organization.
D. The group-dynamics as they relate to the master-slave role in the organization.
Answer: B
Explanation: An access control model defines a computer and/or network system's rules for user access to information resources. Access control models provide confidentiality, integrity and also provide
accountability through audit trails. An audit trail documents the access of an object by a subject with a record of what operations were performed. Operations include: read, write, execute and own.
Non-Discretionary Access Control is usually role-based, centrally administered with authorization decisions based on the roles individuals have within an organization (e.g. bank teller, loan officer, etc. in a banking model). A system's security administrator grants and/or revokes system privileges based on a user's role.
This model works well for corporations with a large turnover of personnel.
QUESTION NO: 50
An effective information security policy should not have which of the following characteristics?
A. Include separation of duties.
B. Be designed with a short-to mid-term focus.
C. Be understandable and supported by all stakeholders.
D. Specify areas of responsibility and authority.
Answer: B
Explanation: This is not a very good practice, specially for the CISSP examination, when you plan and develop the security policy for your enterprise you should always plan it with a long term focus. The policy should be created to be there for a long time, and you should only make revisions of it every certain time to comply with changes or things that could have changed.
In a security policy the duties should be well specified, be understandable by the people involved in it, and specify areas of responsibility.
QUESTION NO: 51
Which of the following statements pertaining to secure information processing facilities is incorrect?
A. Walls should have an acceptable fire rating.
B. Windows should be protected by bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.
Answer: B
Explanation: The correct answer can be determined through elimination. We need to have an acceptable fire rating for the walls, this is well known for any CISSP aspirant, its like that because we need to contain the fire as much as we can. We also need resistant doors so unauthorized people do not enter easily using the force. The people also need to know about fire suppression systems to be able to deal with a fire situation inside the facilities. As you can see, We should not protect windows with bars, this is a bad practice because, in the case of a fire, the people cannot get out of the building through the windows.
QUESTION NO: 52
Making sure that the data is accessible when and where it is needed is which of the following?
A. Confidentiality B. Integrity C. Acceptability D. Availability
Answer: D
Explanation: This is one of the pillars of network security. We can say that the data is available if we can access to it when we need it. This what is referred in the question, Availability refers to get access to data when and where you need it. Confidentiality deals with encryption and data protection against third party interception. Integrity deals with digital signatures and assures that the data has not changed. Acceptability is not a related term.
QUESTION NO: 53
Business continuity plan development depends most on?
A. Directives of Senior Management B. Business Impact Analysis (BIA) C. Scope and Plan Initiation D. Skills of BCP committee
Answer: B
Explanation: Business continuity is of course a vital activity. However, prior to the creation of a business continuity plan, it is essential to consider the potential impacts of disaster and to understand the underlying risks. It is now widely accepted that both business impact analysis and risk analysis are vital components of the business continuity process. However, many organizations are unsure of how to approach these
important disciplines.
BIA is important because it provides management level analysis by which an organization assesses the quantitative (financial) and qualitative (non-financial) impacts, effects and loss that might result if the organization were to suffer a Business Continuity E/I/C. The findings from a BIA are used to make decisions concerning Business Continuity Management strategy and solutions.
QUESTION NO: 54
Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?
A. Transport layer B. Network layer C. Data link layer D. Physical layer
Answer: D
Explanation: The Physical Layer is the layer that is concerned with the signaling of the message and the interface between the sender or receiver and the medium. The physical layer is generally defined by one of the standards bodies and carries a designation that indicates the characteristics of the connection. Among frequently used physical layers standards are EIA-232-D, ITU V.35, and some of the X series
(X.21/X.21bis, for example).
QUESTION NO: 55
Related to information security, availability is the opposite of which of the following?
A. Delegation B. Distribution C. Documentation D. Destruction
Answer: D
Explanation: This is the correct term, remember that Availability refers to get access to data when and where you need it. When we talk about destruction, we are saying the opposite, if your information is destroyed, you cant access to it neither when or where you want it. Delegation deals with permissions, distribution deals with deployment and documentation deals with information and how to´s. The term we are looking here is definitively “destruction”.
QUESTION NO: 56
Which of the following is a disadvantage of a behavior-based ID system?
A. The activity and behavior of the users while in the networked system may not be static enough to effectively implement a behavior-based ID system.
B. The activity and behavior of the users while in the networked system may be dynamic enough to effectively implement a behavior-based ID system.
C. The activity and behavior of the users while in the networked system may not be dynamic enough to effectively implement a behavior-based ID system.
D. The system is characterized by high false negative rates where intrusions are missed.
Answer: A
Explanation: Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection
Explanation: Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection