Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide


Скачать книгу

16, 20 8.4.1 Commercial-off-the-shelf (COTS) 20 8.4.2 Open source 20 8.4.3 Third-party 20 8.4.4 Managed services (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS)) 16 8.5 Define and apply secure coding guidelines and standards 20, 21 8.5.1 Security weaknesses and vulnerabilities at the source-code level 21 8.5.2 Security of Application Programming Interfaces (APIs) 20 8.5.3 Secure coding practices 20 8.5.4 Software-defined security 20

      How to Contact the Publisher

      If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

      In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

      1 Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?PreventiveDeterrentDetectiveCorrective

      2 Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.Is difficult to guess or unpredictableMeets minimum length requirementsMeets specific complexity requirementsAll of the above

      3 Some adversaries use DoS attacks as their primary weapon to harm targets, whereas others may use them as weapons of last resort when all other attempts to intrude on a target fail. Which of the following is most likely to detect DoS attacks?Host-based IDSNetwork-based IDSVulnerability scannerPenetration testing

      4 Unfortunately, attackers have many options of attacks to perform against their targets. Which of the following is considered a denial-of-service (DoS) attack?Pretending to be a technical manager over the phone and asking a receptionist to change their passwordWhile surfing the web, sending to a web server a malformed URL that causes the system to consume 100 percent of the CPUIntercepting network traffic by copying the packets as they pass through a specific subnetSending message packets to a recipient who did not request them, simply to be annoying

      5 Hardware networking devices operate within the protocol stack just like protocols themselves. Thus, hardware networking devices can be associated with an OSI model layer related to the protocols they manage or control. At which layer of the OSI model does a router operate?Network layerLayer 1Transport layerLayer 5

      6 Which type of firewall automatically adjusts its filtering rules based on the content and context of the traffic of existing sessions?Static packet filteringApplication-level gatewayCircuit-level gatewayStateful inspection firewall

      7 A VPN can be a significant security improvement for many communication links. A VPN can be established over which of the following?Wireless LAN connectionRemote access dial-up connectionWAN linkAll of the above

      8 Adversaries will use any and all means to harm their targets. This includes mixing attack concepts together to make a more effective campaign. What type of malware uses social engineering to trick a victim into installing it?VirusWormTrojan horseLogic bomb

      9 Security is established by understanding the assets of an organization that need protection and understanding the threats that could cause harm to those assets. Then, controls are selected that provide protection for the CIA Triad of the assets at risk. The CIA Triad consists of what elements?Contiguousness, interoperable, arrangedAuthentication, authorization, accountabilityCapable, available, integralAvailability, confidentiality, integrity

      10 The security concept of AAA services describes the elements that are necessary to establish subject accountability. Which of the following is not a required component in the support of accountability?LoggingPrivacyIdentification verificationAuthorization

      11 Collusion is when two or more people work together to commit a crime or violate a company policy. Which of the following is not a defense against collusion?Separation of dutiesRestricted job responsibilitiesGroup user accountsJob rotation

      12 A data custodian is responsible for securing resources after ______________ has assigned the resource a security label.Senior managementThe data ownerAn auditorSecurity staff

      13 In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures used to gain a detailed understanding of the software development process?RepeatableDefinedManagedOptimizing

      14 Which one of the following is a layer of the ring protection scheme design concept that is not normally implemented?Layer 0Layer 1Layer 3Layer 4

      15 TCP operates at the Transport layer and is a connection-oriented protocol. It uses a special process to establish a session each time a communication takes place. What is the last phase of the TCP three-way handshake sequence?SYN flagged packetACK flagged packetFIN flagged packetSYN/ACK flagged packet

      16 The lack of secure coding practices has enabled an uncountable number of software vulnerabilities that hackers have discovered and exploited. Which one of the following vulnerabilities would be best countered by adequate parameter checking?Time-of-check to time-of-useBuffer overflowSYN floodDistributed denial of service (DDoS)

      17 Computers are based on binary mathematics. All computer functions are derived from the basic set of Boolean operations. What is the value of the logical operation shown here?X: 0 1 1 0 1 0Y: 0 0 1 1 0 1___________________X Å Y: ?0 1 0 1 1 10 0 1 0 0 00 1 1 1 1 11 0 0 1 0 1

      18 Which of the following are considered standard data type classifications used in either a government/military or a private sector organization? (Choose all that apply.)PublicHealthyPrivateInternalSensitiveProprietaryEssentialCertifiedCriticalConfidentialFor Your Eyes Only

      19 The General Data Protection Regulation (GDPR) has defined several roles in relation to the