• Home
  • Articles
  • [Feb 06, 2022] Get New CISSP Certification Practice Test Questions Exam Dumps [Q488-Q512]

[Feb 06, 2022] Get New CISSP Certification Practice Test Questions Exam Dumps [Q488-Q512]

Share

[Feb 06, 2022] Get New CISSP Certification Practice Test Questions Exam Dumps

Real CISSP Exam Dumps Questions Valid CISSP Dumps PDF

NEW QUESTION 488
A business continuity plan is an example of which of the following?

  • A. Compensating control
  • B. Preventive control
  • C. Detective control
  • D. Corrective control

Answer: D

Explanation:
Business Continuity Plans are designed to minimize the damage done by the event,
and facilitate rapid restoration of the organization to its full operational capacity. They are for use
"after the fact", thus are examples of corrective controls.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and
Disaster Recovery Planning (page 273).
and
Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Location
8069). Elsevier Science (reference). Kindle Edition.
and

 

NEW QUESTION 489
What is a subject-oriented, integrated, time-variant, non-volatile
collection of data in support of managements decision-making
process?

  • A. Data model
  • B. Data warehouse
  • C. Data mart
  • D. Data model

Answer: B

Explanation:
This definition of a data warehouse is that of Bill Inmon, a pioneer in the field. To create a data warehouse, data is taken from an operational database, redundancies are removed, and the data is cleaned up in general. This activity is referred to as normalizing the data. Then the data is placed into a relational database and can be analyzed using On-Line Analytical Processing (OLAP) and statistical modeling tools. The data warehouse can be used as a Decision Support System (DSS), for example, by performing a time series analysis of the data. The data in the data warehouse must be maintained to ensure that it is timely and valid. The term data scrubbing refers to maintenance of the data warehouse by deleting information that is unreliable or no longer relevant. *A data mart, answer a, is a database that is comprised of data or relations that have been extracted from the data warehouse. Information in the data mart is usually of interest to a particular group of people. For example, a data mart may be developed for all health care-related data. *Answers Data model and Data model are distracters, although a data model, in this context, sometimes refers to the result of analyzing relationships among enterprise-wide data items.

 

NEW QUESTION 490
During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as?

  • A. Important
  • B. Vital
  • C. Critical
  • D. Urgent

Answer: C

Explanation:
Here are some examples of MTD values suggested by Shon Harris:
NonEssential 30 Days
Normal 7 Days
Important 72 Hours
Urgent 24 Hours
Critical Minutes to hours
The following answers were all incorrect:
Important Urgent Vital
The following reference(s) were/was used to create this question: Chapter 9: Business Continuity and Disaster Recovery CISSP Certification All-in-One Exam Guide, 4th Edition, Shon Harris

 

NEW QUESTION 491
Which of the following is NOT a criterion for access control?

  • A. Transactions
  • B. Keystroke monitoring
  • C. Identity
  • D. Role

Answer: B

Explanation:
Keystroke monitoring is associated with the auditing function and
not access control. For answer a, the identity of the user is a criterion for access control. The identity must be authenticated as part of the
I & A process.
Answer Role refers to role-based access control where
access to information is determined by the user's job function or role
in the organization.
Transactions refer to access control through entering an account number or a transaction number, as may be required for bill payments by telephone, for example.

 

NEW QUESTION 492
An acceptable biometric throughput rate is:

  • A. Five subjects per minute.
  • B. Ten subjects per minute.
  • C. One subject per two minutes.
  • D. Two subjects per minute.

Answer: B

 

NEW QUESTION 493
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

  • A. systems integration.
  • B. quality assurance.
  • C. risk management.
  • D. change management.

Answer: D

 

NEW QUESTION 494
According to the Orange Book, which security level is the first to require trusted recovery?

  • A. B3
  • B. B1
  • C. A1
  • D. B2

Answer: A

Explanation:
"Trusted recovery is required only for B3 and A1 level systems." Pg 305 Krutz:
CISSP Prep Guide: Gold Edition.

 

NEW QUESTION 495
Which of the following is NOT true of the Kerberos protocol?

  • A. The KDC is aware of all systems in the network and is trusted by all of them
  • B. The initial authentication steps are done using public key algorithm.
  • C. Only a single login is required per session.
  • D. It performs mutual authentication

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Kerberos uses shared secret keys and tickets for the initial authentication, not a public key algorithm.
Incorrect Answers:
A: Kerberos is an example of a single sign-on system for distributed environments, and therefore only requires a single login per session.
C: the foundation of Kerberos security is trust that clients and services have in the integrity of the KDC.
D: Kerberos provides mutual authentication in that both the user and the server verify each other's identity.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 209-213
https://en.wikipedia.org/wiki/Kerberos_(protocol)

 

NEW QUESTION 496
The use of private and public encryption keys is fundamental in the implementation of which of the following?

  • A. Diffie-Hellman algorithm
  • B. Message Digest 5 (MD5)
  • C. Secure Sockets Layer (SSL)
  • D. Advanced Encryption Standard (AES)

Answer: A

Explanation:
Section: Security Architecture and Engineering

 

NEW QUESTION 497
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets?

  • A. Internet Security Association and Key Management Protocol (ISKAMP)
  • B. Simple Key-Management for Internet Protocols (SKIP)
  • C. Diffie-Hellman Key Distribution Protocol
  • D. IPsec Key Exchange (IKE)

Answer: B

Explanation:
Reference: pg 117 Krutz

 

NEW QUESTION 498
What is a common problem when using vibration detection devices for perimeter control?

  • A. They are vulnerable to non-adversarial disturbances.
  • B. They must be buried below the frost line.
  • C. They can be defeated by electronic means.
  • D. Signal amplitude is affected by weather conditions.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
A common problem when using vibration detection devices for perimeter control is false alarms. For example, someone could lean on the fence and trigger an alarm.
Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected.
PIDAS is very sensitive and can cause many false alarms.
Incorrect Answers:
B: Vibration detection devices for perimeter control are not commonly defeated by electronic means.
Therefore, this answer is incorrect.
C: Signal amplitude being affected by weather conditions is not common problem when using vibration detection devices for perimeter control. Therefore, this answer is incorrect.
D: It is not true that vibration detection devices for perimeter control must be buried below the frost line.
Therefore, this answer is incorrect.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 487

 

NEW QUESTION 499
What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/ victim IP address.

  • A. Fraggle Attack
  • B. LAND Attack
  • C. Smurf Attack
  • D. Replay Attack

Answer: C

Explanation:
Explanation/Reference:
Explanation:
In a Smurf Attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victim's network broadcast address. This means that each system on the victim's subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packets-which is the victim's address. All of these response packets go to the victim system and overwhelm it because it is being bombarded with packets it does not necessarily know how to process. The victim system may freeze, crash, or reboot.
Incorrect Answers:
B: A fraggle attack is a variation of a Smurf attack where an attacker sends a large amount of UDP traffic to ports 7 (echo) and 19 (chargen) to an IP Broadcast Address, with the intended victim's spoofed source IP address.
C: A LAND attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address to an open port as both source and destination. This causes the machine to reply to itself continuously.
D: A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 587

 

NEW QUESTION 500
Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?

  • A. Process isolation
  • B. Data hiding and abstraction
  • C. Use of discrete layering and Application Programming Interfaces (API)
  • D. Virtual Private Network (VPN)

Answer: C

Explanation:
Reference: https://books.google.com.pk/books?id=LnjxBwAAQBAJ pg=PT504&lpg=PT504& dq=CISSP+mechanism+used+to+limit+the+range+of+objects+available+to+a+given+subject+within+diff
&source=bl&ots=V-LJY4mkZy sig=ACfU3U1adsKRObtT_l3tYTCLfHjS6gvLtg&hl=en&sa=X& ved=2ahUKEwi_jIPw16npAhWsxoUKHVoSA4AQ6AEwAHoECBMQAQ#v=onepage& q=CISSP%20mechanism%20used%20to%20limit%20the%20range%20of%20objects%20available%20
&f=false

 

NEW QUESTION 501
DRAG DROP
Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Answer:

Explanation:

 

NEW QUESTION 502
Which of the following BEST provides for non-repudiation od user account actions?

  • A. Centralized authentication system
  • B. Managed Intrusion Detection System (IDS)
  • C. Centralized logging system
  • D. File auditing system

Answer: C

 

NEW QUESTION 503
Primary storage is the:

  • A. Memory, such as magnetic disks, that provide non-volatile storage.
  • B. Memory where information must be obtained by sequentially searching from the beginning of the memory space.
  • C. Memory used in conjunction with real memory to present a CPU with a larger, apparent address space.
  • D. Memory directly addressable by the CPU, which is for the storage of instructions and data that are associated with the program being executed.

Answer: D

Explanation:
*Answer "Memory, such as magnetic disks, that provide non-volatile storage" refers to secondary storage.
*Answer "Memory used in conjunction with real memory to present a CPU with a larger, apparent address space" refers to virtual memory, and answer "Memory where information must be obtained by sequentially searching from the beginning of the memory space" refers to sequential memory.

 

NEW QUESTION 504
Which of the following statements pertaining to software testing approaches is correct?

  • A. The test plan and results should be retained as part of the system's permanent documentation.
  • B. Black box testing is predicted on a close examination of procedural detail.
  • C. A top-down approach allows errors in critical modules to be detected earlier.
  • D. A bottom-up approach allows interface errors to be detected earlier.

Answer: A

Explanation:
This is an absolute best practice in the software testing field, you should always have to keep all your testing approaches with the results as part of the product documentation. This can help you in the case you have problems with some tasks or components of the software in the future, you can check back your testing and results and see if the system was making the tasks correctly and if anything changed from that environment.

 

NEW QUESTION 505
Which of the following is not a weakness of symmetric cryptography?

  • A. Scalability
  • B. Limited security
  • C. Speed
  • D. Key distribution

Answer: C

Explanation:
In secret key cryptography, a single key is used for both encryption and decryption. The sender uses the key (or some set of rules) to encrypt the plaintext and sends the cipher text to the receiver. The receiver applies the same key (or rule set) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.
Symmetric encryption is around 1000 times faster than Asymmetric encryption, the second is commonly used just to encrypt the keys for Symmetric Cryptography.

 

NEW QUESTION 506
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

  • A. Application access control
  • B. Content filtering
  • C. Port services filtering
  • D. Packet filtering

Answer: D

Explanation:
Section: Communication and Network Security
Explanation/Reference: https://www.sans.org/reading-room/whitepapers/protocols/applying-osi-layer-network-model- information-security-1309 (10)

 

NEW QUESTION 507
The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

  • A. Users, permissions, operations, and protected objects
  • B. Roles, operations, accounts, and protected objects
  • C. Users, roles, operations, and protected objects
  • D. Roles, accounts, permissions, and protected objects

Answer: C

Explanation:
Section: Identity and Access Management (IAM)

 

NEW QUESTION 508
Which of the following mail standards relies on a "Web of Trust"?

  • A. Privacy Enhanced Mail (PEM)
  • B. MIME Object Security Services (MOSS)
  • C. Pretty Good Privacy (PGP)
  • D. Secure Multipurpose Internet Mail extensions (S/MIME)

Answer: C

Explanation:
"PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a "web of trust" in its key management approach. Each user generates and distributes his or her public key, and users sign each other's public keys, which creates a community of users who trust each other. This is different than the CA approach where no one trusts each other, they only trust the CA.

 

NEW QUESTION 509
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

  • A. Countermeasures and mitigations for vulnerabilities
  • B. A data flow diagram for the application and attack surface analysis
  • C. Application interface entry and endpoints
  • D. The likelihood and impact of a vulnerability

Answer: B

Explanation:
Section: Mixed questions

 

NEW QUESTION 510
Ablock cipher:

  • A. Is an asymmetric key algorithm.
  • B. Breaks a message into fixed length units for encryption.
  • C. Encrypts by operating on a continuous data stream.
  • D. Converts a variable-length of plaintext into a fixed length ciphertext.

Answer: B

Explanation:
The correct answer is "Breaks a message into fixed length units for encryption".
Answer "Encrypts by operating on a continuous data stream" describes a stream cipher.
Answer "Is an asymmetric key algorithm" is incorrect because a block cipher applies to symmetric key algorithms; and answer "Converts a variable-length of plaintext into a fixed length ciphertext" describes a hashing operation.

 

NEW QUESTION 511
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?

  • A. Lattice-based Access control
  • B. Discretionary Access Control (DAC)
  • C. Mandatory Access control (MAC)
  • D. Non-Discretionary Access Control (NDAC)

Answer: D

Explanation:
Rule-based access control is a type of non-discretionary access control because this access is determined by rules and the subject does not decide what those rules will be, the rules are uniformly applied to ALL of the users or subjects.
In general, all access control policies other than DAC are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in this category have rules that are not established at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by users, but only through administrative action.
Both Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC) fall within Non Discretionary Access Control (NDAC). If it is not DAC or MAC then it is most likely NDAC.
IT IS NOT ALWAYS BLACK OR WHITE
The different access control models are not totally exclusive of each others. MAC is making use of Rules to be implemented. However with MAC you have requirements above and beyond having simple access rules. The subject would get formal approval from management, the subject must have the proper security clearance, objects must have labels/sensitivity levels attached to them, subjects must have the proper security clearance.
If all of this is in place then you have MAC.
BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES:
MAC = Mandatory Access Control
Under a mandatory access control environment, the system or security administrator will define what permissions subjects have on objects. The administrator does not dictate user's access but simply configure the proper level of access as dictated by the Data Owner.
The MAC system will look at the Security Clearance of the subject and compare it with the object sensitivity level or classification level. This is what is called the dominance relationship.
The subject must DOMINATE the object sensitivity level. Which means that the subject must have a security clearance equal or higher than the object he is attempting to access.
MAC also introduce the concept of labels. Every objects will have a label attached to them indicating the classification of the object as well as categories that are used to impose the need to know (NTK) principle. Even thou a user has a security clearance of Secret it does not mean he would be able to access any Secret documents within the system. He would be allowed to access only Secret document for which he has a Need To Know, formal approval, and object where the user belong to one of the categories attached to the object.
If there is no clearance and no labels then IT IS NOT Mandatory Access Control.
Many of the other models can mimic MAC but none of them have labels and a dominance relationship so they are NOT in the MAC category.
NISTR-7316 Says:
Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the "simple security rule," or "no read up." Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential.
This rule is called the "*-property" (pronounced "star property") or "no write down." The *- property is required to maintain system security in an automated environment. A variation on this rule called the "strict *-property" requires that information can be written at, but not above, the subject's clearance level. Multilevel security models such as the Bell-La Padula
Confidentiality and Biba Integrity models are used to formally specify this kind of MAC policy.
DAC = Discretionary Access Control
DAC is also known as: Identity Based access control system.
The owner of an object is define as the person who created the object. As such the owner has the discretion to grant access to other users on the network. Access will be granted based solely on the identity of those users.
Such system is good for low level of security. One of the major problem is the fact that a user who has access to someone's else file can further share the file with other users without the knowledge or permission of the owner of the file. Very quickly this could become the wild west as there is no control on the dissemination of the information.
RBAC = Role Based Access Control
RBAC is a form of Non-Discretionary access control.
Role Based access control usually maps directly with the different types of jobs performed by employees within a company.
For example there might be 5 security administrator within your company. Instead of creating each of their profile one by one, you would simply create a role and assign the administrators to the role. Once an administrator has been assigned to a role, he will
IMPLICITLY inherit the permissions of that role.
RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such as a very large help desk for example.
RBAC or RuBAC = Rule Based Access Control
RuBAC is a form of Non-Discretionary access control.
A good example of a Rule Based access control device would be a Firewall. A single set of rules is imposed to all users attempting to connect through the firewall.
NOTE FROM CLEMENT:
Lot of people tend to confuse MAC and Rule Based Access Control.
Mandatory Access Control must make use of LABELS. If there is only rules and no label, it cannot be Mandatory Access Control. This is why they call it Non Discretionary Access control (NDAC).
There are even books out there that are WRONG on this subject. Books are sometimes opiniated and not strictly based on facts.
In MAC subjects must have clearance to access sensitive objects. Objects have labels that contain the classification to indicate the sensitivity of the object and the label also has categories to enforce the need to know.
Today the best example of rule based access control would be a firewall. All rules are imposed globally to any user attempting to connect through the device. This is NOT the case with MAC.
I strongly recommend you read carefully the following document:
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316pdf
It is one of the best Access Control Study document to prepare for the exam. Usually I tell people not to worry about the hundreds of NIST documents and other reference. This document is an exception. Take some time to read it.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 33
And
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316pdf
And
Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle
Locations 651-652). Elsevier Science (reference). Kindle Edition.

 

NEW QUESTION 512
......


There is the registration process for ISC CISSP Certification Exam

ISC CISSP Certification Exam Registration ISC CISSP members may access the examination on-line for a reduced fee. To register, visit ISC CISSP Exam. To register for your exam online, you must provide certain information about yourself. There is no charge for this option. The information you provide will be used only to verify your identity and determine whether or not you are eligible to take the exam.

As elaborated in CISSP Dumps, you will be able to choose between three options:

  • Register as an ISC Member
  • Register through a local testing center in the U.S. or Canada
  • Register as a Non-Member

The advantages of obtaining the ISC CISSP Certification

ISC CISSP Certification Benefits ISC recognizes the importance of professional development for current CISSPs. The ISC CISSP CBK Review Program was introduced to provide CISSPs with the opportunity to earn continuing professional education (CPE) credits or retain their certification status. ISC also offers the CPE library, which contains informative, educational content on various information security topics. Certified CISSPs receive additional opportunities to network with peers, get involved with industry events, learn new skills, and continue to acquire knowledge in the field of information security.

ISC's CISSP certification holds many advantages for those who obtain it. First, it is beneficial for companies because they are able to hire more secure employees. Secondly, obtaining the certification will make you eligible to receive incentives offered by Microsoft, Google, and other IT firms. Thirdly, individuals who obtain the certification are able to work in more advanced positions. Fourth, the credential is accepted worldwide and your compensation level will increase as a result of this recognition. Finally, ISC offers continuing professional education credits that give you an opportunity to earn credits or maintain your credentials with the program also offering informative CPE library content on various information security topics which can be accessed by certified professionals.

CISSP stands for Certified Information Systems Security Professional. It is a certification that shows that an individual possesses comprehensive, technical knowledge of the information security field. The CISSP preparation material preparation is available in numerous varieties online. You can use this CISSP exam material like CISSP Dumps, to pass your CISSP examination with great ease. The main purpose of the CISSP certification is to confirm professional competence in information security management and to enhance it continuously by learning new skills and techniques of cybersecurity.

 

CISSP Exam Dumps - PDF Questions and Testing Engine: https://freedownload.prep4sures.top/CISSP-real-sheets.html

Related Articles

more
ISC CISSP Certification Practice Exam