CISSP : Certified Information Systems Security Professional : Part 12

CISSP : Certified Information Systems Security Professional : Part 12

CISSP : Certified Information Systems Security Professional : Part 12

  1. A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

    • Triple Data Encryption Standard (3DES)
    • Advanced Encryption Standard (AES)
    • Digital Signature Algorithm (DSA)
    • Rivest-Shamir-Adleman (RSA)

  2. The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?

    • Bulk data encryption and decryption
    • One-way secure hashing for user and message authentication
    • Secure key exchange for symmetric cryptography
    • Creating digital checksums for message integrity

  3. An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage, which can be

    • differentiated from a normal usage pattern
    • used to detect known violations
    • used to detect a masquerader
    • differentiated to detect all security violations

  4. Which of the following is the MOST effective countermeasure against Man-in-the-Middle (MITM) attacks while using online banking?

    • Transport Layer Security (TLS)
    • Secure Sockets Layer (SSL)
    • Pretty Good Privacy (PGP)
    • Secure Shell (SSH)

  5. Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

    • Redundant hardware, disk spanning, and patching
    • Load balancing, power reserves, and disk spanning
    • Backups, clustering, and power reserves
    • Clustering, load balancing, and fault-tolerant options

  6. Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available.

    Which of the following MUST Organization A do to properly classify and secure the acquired data?

    • Assign data owners from Organization A to the acquired data
    • Create placeholder accounts that represent former users from Organization B
    • Archive audit records that refer to users from Organization A
    • Change the data classification for data acquired from Organization B

  7. A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

    • Trusted third-party certification
    • Lightweight Directory Access Protocol (LDAP)
    • Security Assertion Markup language (SAML)
    • Cross-certification

    Explanation:

    Reference: https://www.netiq.com/documentation/access-manager-43/applications-configuration-guide/data/b1ka6lkd.html

  8. Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

    • Derived credential
    • Temporary security credential
    • Mobile device credentialing service
    • Digest authentication

  9. Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

    • Limit access to predefined queries
    • Segregate the database into a small number of partitions each with a separate security level
    • Implement Role Based Access Control (RBAC)
    • Reduce the number of people who have access to the system for statistical purposes

  10. What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

    • Audit logs
    • Role-Based Access Control (RBAC)
    • Two-factor authentication
    • Application of least privilege

  11. The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.

    Which elements are required?

    • Users, permissions, operations, and protected objects
    • Roles, accounts, permissions, and protected objects
    • Users, roles, operations, and protected objects 
    • Roles, operations, accounts, and protected objects

  12. Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

    • Application connection successes resulting in data leakage
    • Administrative costs for restoring systems after connection failure
    • Employee system timeouts from implementing wrong limits
    • Help desk costs required to support password reset requests 

  13. In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

    • Connect the device to another network jack
    • Apply remediation’s according to security requirements 
    • Apply Operating System (OS) patches
    • Change the Message Authentication Code (MAC) address of the network interface

  14. What is the second step in the identity and access provisioning lifecycle?

    • Provisioning
    • Review 
    • Approval
    • Revocation

  15. Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

    • Mandatory Access Controls (MAC)
    • Enterprise security architecture
    • Enterprise security procedures
    • Role Based Access Controls (RBAC) 

  16. Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

    • Single Sign-On (SSO) authentication support 
    • Privileged user authentication support
    • Password reset service support
    • Terminal Access Controller Access Control System (TACACS) authentication support

  17. An organization’s security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

    • Discretionary Access Control (DAC) 
    • Role Based Access Control (RBAC)
    • Media Access Control (MAC)
    • Mandatory Access Control (MAC)

  18. Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

    • Mutual authentication
    • Server authentication
    • User authentication
    • Streaming ciphertext data

  19. Which of the following is the FIRST step during digital identity provisioning?

    • Authorizing the entity for resource access
    • Synchronizing directories
    • Issuing an initial random password
    • Creating the entity record with the correct attributes

  20. Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

    • Remote access administration
    • Personal Identity Verification (PIV)
    • Access Control List (ACL)
    • Privileged Identity Management (PIM)