CISSP : Certified Information Systems Security Professional : Part 08

CISSP : Certified Information Systems Security Professional : Part 08

1. The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using:

   • INSERT and DELETE
   • GRANT and REVOKE
   • PUBLIC and PRIVATE
   • ROLLBACK and TERMINATE

2. In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?

   • Development/Acquisition
   • Initiation
   • Implementation/Assessment
   • Disposal

3. What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

   • To ensure the organization’s controls and policies are working as intended
   • To ensure the organization can still be publicly traded
   • To ensure the organization’s executive team won’t be sued
   • To ensure the organization meets contractual requirements

4. What is the purpose of an Internet Protocol (IP) spoofing attack?

   • To send excessive amounts of data to a process, making it unpredictable
   • To intercept network traffic without authorization
   • To disguise the destination address from a target’s IP filtering devices
   • To convince a system that it is communicating with a known entity

5. At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

   • Link layer
   • Physical layer
   • Session layer
   • Application layer

6. In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

   • Transport layer
   • Application layer
   • Network layer
   • Session layer

7. Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

   • Layer 2 Tunneling Protocol (L2TP)
   • Link Control Protocol (LCP)
   • Challenge Handshake Authentication Protocol (CHAP)
   • Packet Transfer Protocol (PTP)

8. Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

   • Packet filtering
   • Port services filtering
   • Content filtering
   • Application access control

   Explanation:

   Reference: https://www.sans.org/reading-room/whitepapers/protocols/applying-osi-layer-network-model-information-security-1309 (10)

9. An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

   • Implement packet filtering on the network firewalls
   • Install Host Based Intrusion Detection Systems (HIDS)
   • Require strong authentication for administrators
   • Implement logical network segmentation at the switches

10. An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

    • Add a new rule to the application layer firewall
    • Block access to the service
    • Install an Intrusion Detection System (IDS)
    • Patch the application source code

11. Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

    • Intrusion Prevention Systems (IPS)
    • Intrusion Detection Systems (IDS)
    • Stateful firewalls
    • Network Behavior Analysis (NBA) tools

12. Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

    • WEP uses a small range Initialization Vector (IV)
    • WEP uses Message Digest 5 (MD5)
    • WEP uses Diffie-Hellman
    • WEP does not use any Initialization Vector (IV)
    Explanation:
    Reference: http://www.dummies.com/programming/networking/understanding-wep-weaknesses/

13. Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

    • Minimize malicious attacks from third parties
    • Manage resource privileges
    • Share digital identities in hybrid cloud
    • Define a standard protocol 

14. An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

    Which of the following is the BEST way to prevent future occurrences?

    • Remove the anonymity from the proxy
    • Analyze Internet Protocol (IP) traffic for proxy requests
    • Disable the proxy server on the firewall 
    • Block the Internet Protocol (IP) address of known anonymous proxies

15. A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.

    Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

    • Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.
    • Gratuitous ARP requires the use of insecure layer 3 protocols.
    • Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.
    • Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack. 

16. Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).

    Which of the following represents a valid measure to help protect the network against unauthorized access?

    • Implement path management
    • Implement port based security through 802.1x 
    • Implement DHCP to assign IP address to server systems
    • Implement change management

17. Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

    • Transport layer handshake compression
    • Application layer negotiation
    • Peer identity authentication 
    • Digital certificate revocation

18. A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.

    Which of the following is the GREATEST impact on security for the network?

    • The network administrators have no knowledge of ICS
    • The ICS is now accessible from the office network 
    • The ICS does not support the office password policy
    • RS422 is more reliable than Ethernet

19. What does a Synchronous (SYN) flood attack do?

    • Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state
    • Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
    • Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests
    • Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections 

20. Which of the following is considered best practice for preventing e-mail spoofing?

    • Cryptographic signature 
    • Uniform Resource Locator (URL) filtering
    • Spam filtering
    • Reverse Domain Name Service (DNS) lookup