CISSP-ISSAP : Information Systems Security Architecture Professional : Part 08
-
You work as a technician for Trade Well Inc. The company is in the business of share trading. To enhance security, the company wants users to provide a third key (apart from ID and password) to access the company’s Web site. Which of the following technologies will you implement to accomplish the task?
- Smart cards
- Key fobs
- VPN
- Biometrics
-
John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from the company for personal reasons. He wants to send out some secret information of the company. To do so, he takes an image file and simply uses a tool image hide and embeds the secret file within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since he is using the image file to send the data, the mail server of his company is unable to filter this mail. Which of the following techniques is he performing to accomplish his task?
- Email spoofing
- Social engineering
- Web ripping
- Steganography
-
Which of the following encryption methods does the SSL protocol use in order to provide communication privacy, authentication, and message integrity? Each correct answer represents a part of the solution. Choose two.
- Public key
- IPsec
- MS-CHAP
- Symmetric
-
Which of the following refers to a location away from the computer center where document copies and backup media are kept?
- Storage Area network
- Off-site storage
- On-site storage
- Network attached storage
-
Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?
- Network-based
- Anomaly-based
- File-based
- Signature-based
-
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
- Asymmetric encryption
- Symmetric encryption
- S/MIME
- PGP
-
Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security associations (SA)?
- IPSec
- L2TP
- LEAP
- ISAKMP
-
Which of the following are the initial steps required to perform a risk analysis process? Each correct answer represents a part of the solution. Choose three.
- Estimate the potential losses to assets by determining their value.
- Establish the threats likelihood and regularity.
- Valuations of the critical assets in hard costs.
- Evaluate potential threats to the assets.
-
Andrew works as a Network Administrator for Infonet Inc. The company’s network has a Web server that hosts the company’s Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.
- Synchronous
- Secret
- Asymmetric
- Symmetric
-
IPsec VPN provides a high degree of data privacy by establishing trust points between communicating devices and data encryption. Which of the following encryption methods does IPsec VPN use? Each correct answer represents a complete solution. Choose two.
- MD5
- LEAP
- AES
- 3DES
-
Which of the following is used to authenticate asymmetric keys?
- Digital signature
- MAC Address
- Demilitarized zone (DMZ)
- Password
-
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?
- Policy Access Control
- Mandatory Access Control
- Discretionary Access Control
- Role-Based Access Control
-
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?
- Denial-of-Service attack
- Vulnerability attack
- Social Engineering attack
- Impersonation attack
-
Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?
- Social engineering attack
- Cross site scripting attack
- Mail bombing
- Password guessing attack
-
Which of the following statements about a stream cipher are true? Each correct answer represents a complete solution. Choose three.
- It typically executes at a higher speed than a block cipher.
- It divides a message into blocks for processing.
- It typically executes at a slower speed than a block cipher.
- It divides a message into bits for processing.
- It is a symmetric key cipher.
-
Which of the following types of firewall functions at the Session layer of OSI model?
- Circuit-level firewall
- Application-level firewall
- Packet filtering firewall
- Switch-level firewall
-
You work as a Network Administrator for NetTech Inc. The company wants to encrypt its e-mails. Which of the following will you use to accomplish this?
- PGP
- PPTP
- IPSec
- NTFS
-
Which of the following terms refers to the method that allows or restricts specific types of packets from crossing over the firewall?
- Hacking
- Packet filtering
- Web caching
- Spoofing
-
Which of the following elements of planning gap measures the gap between the total potential for the market and the actual current usage by all the consumers in the market?
- Project gap
- Product gap
- Competitive gap
- Usage gapIP Security (IPSec)
-
Peter works as a Network Administrator for Net World Inc. The company wants to allow remote users to connect and access its private network through a dial-up connection via the Internet. All the data will be sent across a public network. For security reasons, the management wants the data sent through the Internet to be encrypted. The company plans to use a Layer 2 Tunneling Protocol (L2TP) connection. Which communication protocol will Peter use to accomplish the task?
- IP Security (IPSec)
- Microsoft Point-to-Point Encryption (MPPE)
- Pretty Good Privacy (PGP)
- Data Encryption Standard (DES)
Subscribe
0 Comments
Newest