CISSP Flash Cards, Questions and answers, rated A+

Document Content and Description Below

CISSP Flash Cards, Questions and answers, rated A+ What are the three encryption algorithms supported by the Digital Signature Standard? - ✔✔-DSA, RSA, and ECDSA What ITU standard describes ... the contents of a digital certificate? - ✔✔-X.509 What is the process by which you are issued a digital certificate? - ✔✔-Enrollment True or false? PEM provides protection against replay attacks. - ✔✔-False What protocol uses the RSA encryption algorithm to provide encrypted mail support for a number of common commercial email packages? - ✔✔-S/MIME True or false? S-HTTP secures individual messages between a client and a server. - ✔✔-True What cryptographic methods are used by the Secure Electronic Transaction (SET) protocol? - ✔✔-RSA public key cryptography and DES private key cryptography in connection with digital certificates What are the four components of IPsec? - ✔✔-Authentication Header (AH), Encapsulating Security Payload (ESP), IP Payload Compression protocol (IPComp), and Internet Key Exchange (IKE) What are some common reasons a certificate might need to be revoked? - ✔✔-The certificate was compromised, the certificate was erroneously issued, the certificate details changed, the private key was exposed, or there was a change of security association. What technology allows multiple users to make use of the same process without interfering with each other? - ✔✔-Multithreading What are some of the terms used to describe the CPU mode that gives access to the full range of supported instructions? - ✔✔-System mode, privileged mode, supervisory mode, and kernel mode What is the greatest security risk to RAM modules? - ✔✔-theft What addressing scheme supplies the CPU with the actual address of the memory location to be accessed? - ✔✔-Direct addressing Magnetic/optical media devices are classified as what type of memory? - ✔✔-Secondary Memory devices designed to retain their data when power is removed are known as ___________________. - ✔✔-nonvolatile What two ways can storage devices be accessed? - ✔✔-Randomly and sequentially What is another term often used for firmware? - ✔✔-Microcode Where are the operating system-independent primitive instructions that a computer needs to start and load the operating system stored? - ✔✔-BIOS or UEFI What concept ensures that data existing at one level of security is not visible to processes running at different security levels? - ✔✔-data hiding What are the important factors in personnel management? - ✔✔-Hiring practices, ongoing job performance reviews, and termination procedures Why is antivirus protection important? - ✔✔-Viruses are the most common form of security breach in the IT world. Any communications pathway can and is being exploited as a delivery mechanism for a virus or other malicious code. What is need to know? - ✔✔-Need to know is the requirement to have access to, knowledge of, or possession of data or a resource in order to perform specific work tasks. What are due care and due diligence? - ✔✔-Due care is using reasonable care to protect the interest of an organization. Due diligence is practicing the activities that maintain the due care effort. How are security and illegal activities related? - ✔✔-A secure environment should provide mechanisms to prevent the committal of illegal activities, which are actions that violate a legal restriction, regulation, or requirement. With what level of security precautions should backup media be treated? - ✔✔-Backup media should be handled with the same security precautions as any other asset with the same data classification. What are the goals of managing backup media? - ✔✔-Preventing disclosure, destruction, or alteration of data What are the processes that can be applied to used media in order to prepare the media for reuse in various environments? - ✔✔-Erasing, clearing, and overwriting media that will be used in the same classification environments; purging, sanitizing, and degaussing if media is used in different classification environments What are the classifications of security control types? - ✔✔-Preventive, deterrent, detective, corrective, recovery, compensation, directive What is the purpose of auditing? - ✔✔-To ensure compliance with security policy and to detect abnormalities, unauthorized occurrences, or outright crimes What types of activities are labeled as auditing? - ✔✔-Recording of event/occurrence data, examination of data, data reduction, use of event/occurrence alarm triggers, log analysis, logging, monitoring, using alerts, intrusion detection What is the purpose of compliance testing? - ✔✔-To ensure that all of the necessary and required elements of a security solution are properly deployed and functioning as expected How are audit trails used? - ✔✔-To reconstruct an event, to extract information about an incident, to prove or disprove culpability A portion of the ______________ is the logical and practical investigation of business processes and organizational policies. This process/policy review ensures that the stated and implemented business tasks, systems, and methodologies are practical, efficient, and cost-effective, but most of all (at least in relation to security governance) that they support security through the reduction of vulnerabilities and the avoidance, reduction, or mitigation of risk. - ✔✔-Documentation review How is the value of a safeguard to a company calculated? - ✔✔-The value of a safeguard to an organization is calculated by ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard [(ALE1 - ALE2) - ACS]. What types of activities can be used as penetration tests? - ✔✔-Information/intelligence gathering, war driving, sniffing, eavesdropping, radiation monitoring, dumpster diving, social engineering, port scanning, ping scanning, vulnerability scanning, war dialing, and actual compromise activities. What is malicious code? - ✔✔-Malicious code is any script or program that performs an unwanted, unauthorized, or unknown activity on a computer system. What resource is in greatest demand during the BCP testing, training, and maintenance process? - ✔✔- Manpower What are some of the qualitative factors that must be taken into account when assessing the cost of a disaster? - ✔✔-Loss of goodwill among client base, loss of employees after prolonged downtime, social/ethical responsibilities to the community, and negative publicity What are the two possible responses to a risk? - ✔✔-Acceptance and mitigation What is the goal of business continuity planning (BCP)? - ✔✔-To ensure the continuous operation of a business in the face of an emergency situation What are some of the elements that should be included in emergency response guidelines? - ✔✔- Immediate response procedures, notification procedures, and secondary response procedures What are the five steps of the business impact assessment process? - ✔✔-Identification of priorities, risk identification, likelihood assessment, impact assessment, resource prioritization What process brings order to the chaotic events surrounding the interruption of an organization's normal activities by an emergency? - ✔✔-Disaster recovery planning (DRP) What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended? A. Government-owned systems B. Federal interest systems C. Systems used in interstate commerce D. Systems located in the United States - ✔✔-C. Systems used in interstate commerce What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances? A. Privacy Act B. Electronic Communications Privacy Act C. Health Insurance Portability and Accountability Act D. Gramm-Leach-Bliley Act - ✔✔-A. Privacy Act What is the standard duration of patent protection in the United States? A. 14 years from the application date B. 14 years from the date the patent is granted C. 20 years from the application date D. 20 years from the date the patent is granted - ✔✔-C. 20 years from the application date What act updated the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA)? A. HITECH B. CALEA C. CFAA D. CCCA - ✔✔-A. HITECH What type of recovery site is particularly suited to workgroup recovery options? - ✔✔-Mobile site True or false? There is an accepted standards document defining the requirements for an electronic vaulting solution. - ✔✔-False What is the most common document type used for emergency response plans? - ✔✔-Checklists It is sometimes useful to separate disaster ___________________ tasks from disaster ___________________ tasks. - ✔✔-recovery, restoration (in either order) If a witness is not able to uniquely identify an object, how else may it be authenticated in court? - ✔✔- By establishing a chain of evidence Within the context of the EU GDPR, what is a data processor? A. The entity that processes personal data on behalf of the data controller B. The entity that controls processing of data C. The computing system that processes data D. The network that processes data - ✔✔-A. The European Union (EU) Global Data Protection Regulation (GDPR) defines a data processor as "a natural or legal person, public authority, agency, or other body, which processes personal data solely on behalf of the data controller." The data controller is the entity that controls processing of the data and directs the data processor. Within the context of the EU GDPR, the data processor is not a computing system or network. Which one of the following cannot be achieved by a secret key cryptosystem? A. Nonrepudiation B. Confidentiality C. Authentication D. Key distribution - ✔✔-A. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message. Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication? A. Cipher Block Chaining (CBC) B. Electronic Code Book (ECB) C. Cipher Feedback (CFB) D. Output feedback (OFB) - ✔✔-D. Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data. Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on? A. It contains diffusion. B. It contains confusion. C. is a one-way function. D. It complies with Kerchoff's principle - ✔✔-C. A one-way function is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values. How many keys are required to fully implement a symmetric algorithm with 10 participants? A. 10 B. 20 C. 45 D. 100 - ✔✔-C. The number of keys required for a symmetric algorithm is dictated by the formula (n*(n-1))/2, which in this case, where n = 10, is 45. What block size is used by the Advanced Encryption Standard? A. 32 bits B. 64 bits C. 128 bits D. Variable - ✔✔-C. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size. What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key? A. Vernam cipher B. Running key cipher C. Skipjack cipher D. Twofish cipher - ✔✔-B. Running key (or "book") ciphers often use a passage from a commonly available book as the encryption key. Which AES finalist makes use of prewhitening and postwhitening techniques? A. Rijndael B. Twofish C. Blowfish D. Skipjack - ✔✔-B. The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening. Which cryptographic algorithm forms the basis of the El Gamal cryptosystem? A. RSA B. Diffie-Hellman C. 3DES D. IDEA - ✔✔-B. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages. If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be? A. 1,024 bits B. 2,048 bits C. 4,096 bits D. 8,192 bits - ✔✔-C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit [Show More]

Last updated: 2 years ago

Preview 1 out of 27 pages