Full Test Bank 3e CISSP Cert Guide Exam Questions 3e - Exam Pack | CISSP Cert Guide 3e Abernathy by Robin Abernathy. DOCX document preview.
Question ID: CISSP-2018-RA-01-4-023
Question: Which of the following is NOT specified as unethical behavior by the IAB?
A: Wasting computer resources
B: Compromising the privacy of others
C: Writing computer viruses
D: Disrupting the intended use of the Internet
Question ID: CISSP-2018-RA-01-4-024
Question: Destroying the integrity of computer-based information is considered unethical by which organization?
A: CEI
B: IEEE
C: IAB
D: FSGO
Question ID: CISSP-2018-RA-01-4-025
Question: The IAB code of ethics preamble does not contain which of the following statements?
A: Protect society.
B: Provide diligent and competent service to principals.
C: Advance and protect the profession.
D: Do not appropriate others intellectual output.
Question ID: CISSP-2018-RA-01-4-026
Question: What is the first step for the adoption of an organizational security policy once it is written?
A: Obtain management approval.
B: Conduct personnel training.
C: Develop the standards and procedures that support the policy.
D: Establish security baselines.
Question ID: CISSP-2018-RA-01-4-027
Question: Which security program document contains the most details and step-by-step instructions?
A: Guidelines
B: Procedures
C: Standards
D: Policies
Question ID: CISSP-2018-RA-01-4-028
Question: Which security program document is usually established after all the other documentation has been created and implemented?
A: Guidelines
B: Procedure
C: Baselines
D: Standards
Question ID: CISSP-2018-RA-01-4-029
Question: Which of the following is a guideline?
A: A document that states that user actions should be monitored
B: A document that mandates which user actions should be monitored
C: A document that covers exactly how to configure auditing
D: A document that covers how to handle security breaches
Question ID: CISSP-2018-RA-01-4-030
Question: You have been asked to assess the business continuity needs of a large organization of more than 5,000 employees. The organization includes several locations worldwide, and each location contains multiple departments. The organization’s management has asked you how to best implement an enterprisewide BCP. What would be the BEST suggestion?
A: Develop a separate BCP scope for each department.
B: Develop a single BCP scope for the entire organization.
C: Develop a separate BCP scope for each facility.
D: Develop a separate BCP scope for each facility and each department.
Question ID: CISSP-2018-RA-01-4-031
Question: Who is responsible for communicating the progress of the business continuity planning project to senior management?
A: Business unit managers
B: BCP team
C: BCP project manager or coordinator
D: Chief security officer (CSO)
E: Chief information officer (CIO)
Question ID: CISSP-2018-RA-01-4-032
Question: Who is responsible for making the financial decisions that impact the business continuity plan?
A: BCP team
B: BCP project manager or coordinator
C: Business unit managers
D: Senior management
Question ID: CISSP-2018-RA-01-4-033
Question: What is the primary purpose of a gap analysis when developing the business continuity plan?
A: To identify laws that affect the BCP
B: To identify where the organization is in the BCP and where it needs to be
C: To identify organizational policies that affect the BCP
D: To complete a draft of the BCP
Question ID: CISSP-2018-RA-01-4-034
Question: Which background check is the MOST important when hiring someone who will drive a motor vehicle?
A: Credit history
B: Driving record
C: Education verification
D: Immigration status
Question ID: CISSP-2018-RA-01-4-035
Question: Which background check is the MOST important when hiring someone who will work in a healthcare organization?
A: Credit history
B: Driving record
C: Drug and substance testing
D: Immigration status
Question ID: CISSP-2018-RA-01-4-036
Question: Which background check is the MOST important when hiring someone who will work with children?
A: Credit history
B: Driving record
C: Immigration status
D: Criminal history
Question ID: CISSP-2018-RA-01-4-037
Question: Which background check is the MOST important when hiring someone who will work in a financial institution?
A: Credit history
B: Driving record
C: Immigration status
D: Education verification
Question ID: CISSP-2018-RA-01-4-038
Question: Which background check is the MOST important when hiring someone in the defense industry?
A: Credit history
B: Suspected terrorist watch list
C: Driving record
D: Education verification
Question ID: CISSP-2018-RA-01-4-039
Question: Which factors should be considered when assessing asset value?
A: Asset procurement costs
B: Asset development costs
C: Asset maintenance costs
D: Statements a and b only
E: Statements b and c only
F: Statements a and c only
G: All the statements
Question ID: CISSP-2018-RA-01-4-040
Question: During a quantitative risk analysis, which measurements must you know to determine SLE?
A: AV
B: ARO
C: ALE
D: EF
E: Statements a and d only
F: Statements b and c only
G: All the statements
Question ID: CISSP-2018-RA-01-4-041
Question: During a quantitative risk analysis, which measurements must you know to determine ALE?
A: AV
B: ARO
C: SLE
D: EF
E: Statements a and d only
F: Statements b and c only
G: All the Statements
Question ID: CISSP-2018-RA-01-4-042
Question: When should an organization implement a control?
A: When the annual cost of the control is more than the SLE
B: When the annual cost of the control is less than the SLE
C: When the annual cost of the control is more than the ALE
D: When the annual cost of the control is less than the ALE
Question ID: CISSP-2018-RA-01-4-043
Question: Which of the following is NOT a disadvantage of quantitative risk analysis?
A: It uses more guesswork than qualitative risk analysis.
B: The equations used in it are difficult.
C: A lot of data needs to be gathered for the analysis.
D: It requires more time to complete than qualitative risk analysis.
Question ID: CISSP-2018-RA-01-4-044
Question: Which formula should you use to determine the cost benefit of implementing a particular safeguard?
A: AV × EF
B: (ALE before safeguard) – (ALE after safeguard) – (annual cost of safeguard)
C: SLE × ARO
D: ALE - annual cost of safeguard
Question ID: CISSP-2018-RA-01-4-045
Question: What is the single loss expectancy (SLE) of an asset valued at $10,000 with an exposure factor (EF) of 25%?
A: $40,000
B: $7,500
C: $2,500
D: $12,500
Question ID: CISSP-2018-RA-01-4-046
Question: What is the annual loss expectancy (ALE) of an asset that has a single loss expectancy (SLE) of $2,500 and an annualized rate of occurrence (ARO) of 10%?
A: $10,000
B: $2,750
C: $2,250
D: $250
Question ID: CISSP-2018-RA-01-4-047
Question: What is the equation used for calculating residual risk?
A: Total risk - countermeasures
B: ALE - countermeasures
C: (ALE before safeguard) – (ALE after safeguard) – (annual cost of safeguard)
D: SLE - ALE
Question ID: CISSP-2018-RA-01-4-048
Question: Which of the following procedures is an example of a technical control?
A: Backup control
B: Database management system
C: Identification and authentication of employees
D: Software testing
E: Antivirus management
F: A, D and E only
G: A and D only
H: B and E only
I: none of the above
Question ID: CISSP-2018-RA-01-4-049
Question: A loss of electricity is an example of which type of threat?
A: System threats
B: Natural threats
C: External threats
D: Internal threats
E: Man-made threats
Question ID: CISSP-2018-RA-01-4-050
Question: A hurricane is an example of which type of threat?
A: System threats
B: Natural threats
C: External threats
D: Internal threats
E: Man-made threats
Question ID: CISSP-2018-RA-01-4-051
Question: An employee entering a server room to which he is not allowed is an example of which type of threat?
A: System threats
B: Natural threats
C: External threats
D: Internal threats
E: Man-made threats
Question ID: CISSP-2018-RA-01-4-052
Question: What is the risk that exists before implementing countermeasures?
A: Legal liability
B: Residual risk
C: Downstream liability
D: Total risk
Question ID: CISSP-2018-RA-01-4-053
Question: The possibility of an employee following another employee into a restricted area is an example of which threat?
A: System threats
B: Natural threats
C: Man-made threats
D: External threats
E: Internal threats
F: C, D and E only
G: C and D only
Question ID: CISSP-2018-RA-01-4-054
Question: Which of the following is NOT an example of a man-made threat?
A: Robbery
B: Vandalism
C: Fraud
D: Tornado
Question ID: CISSP-2018-RA-01-4-055
Question: A flood is an example of which threat?
A: System threats
B: Natural threats
C: Man-made threats
D: External threats
E: Internal threats
F: C, D and E only
G: C and D only
Question ID: CISSP-2018-RA-01-4-056
Question: Which is NOT a politically motivated threat?
A: Strikes
B: Riots
C: Robberies
D: Civil Disobedience
Question ID: CISSP-2018-RA-01-4-057
Question: An accidental deletion of sensitive data is an example of which threat?
A: System threats
B: Natural threats
C: Man-made threats
D: External threats
E: Internal threats
F: C, D and E only
G: C and D only
Question ID: CISSP-2018-RA-01-4-058
Question: Which is NOT an external threat?
A: Improper access by an employee to the server room
B: Breaking through a perimeter fence
C: Entering the building through the ceiling
D: Following an employee through the security door
Question ID: CISSP-2018-RA-01-4-059
Question: Which of the following are threats from perimeter security?
A: System threats
B: Natural threats
C: Man-made threats
D: External threats
E: Internal threats
F: C, D and E only
G: C and D only
Question ID: CISSP-2018-RA-01-4-060
Question: Which of the following is NOT considered to be a human threat agent?
A: Terrorists
B: Tornadoes
C: Terminated personnel
D: Power failure
E: Malicious code
F: Statements a and c only
G: Statements b, d, and e only
Question ID: CISSP-2018-RA-01-4-061
Question: When a third party reviews the practices and policies of an organization to determine its compliance with a regulating body’s standards, with who should the results be communicated?
A: The general public
B: The government
C: The regulating body
D: The organization being reviewed
E: Statements b and c only
F: Statements b and d only
G: Statements c and d only
Question ID: CISSP-2018-RA-01-4-062
Question: If an organization is being assessed by a third party to determine the organization’s compliance with ITIL standards, what is the primary aspect of the organization that will be assessed?
A: Documents
B: Processes
C: Policies
D: Access controls
Question ID: CISSP-2018-RA-01-4-063
Question: Which of the following should NOT be included in security awareness training for senior management?
A: Technical security training
B: Legal issues
C: Liability issues
D: Shareholder expectations
Question ID: CISSP-2018-RA-01-4-064
Question: Which of the following should NOT be included in security awareness training for IT staff?
A: Technical security training
B: Legal issues
C: Incident handling and response
D: Levels of responsibility
Question ID: CISSP-2018-RA-01-4-065
Question: Which group should undergo the MOST rigorous security training?
A: Senior management
B: Legal department
C: IT staff
D: All staff
Question ID: CISSP-2018-RA-02-1-012
Question: Which security technique ensures that each transaction has certain properties before it is committed?
A: Database Views
B: Database locks
C: Polyinstantiation
D: OLTP ACID Test
Question ID: CISSP-2018-RA-02-1-013
Question: What characteristic is present when once verified, the transaction is committed and cannot be rolled back?
A: Atomicity
B: Durability
C: Consistency
D: Isolation
Question ID: CISSP-2018-RA-02-1-017
Question: What characteristic is present if transactions do not interact with other transactions until completion?
A: Atomicity
B: Durability
C: Consistency
D: Isolation
Question ID: CISSP-2018-RA-02-1-018
Question: Which security technique is used to prevent data inference violations?
A: Database Views
B: Database locks
C: Polyinstantiation
D: OLTP ACID Test
Question ID: CISSP-2018-RA-02-1-089
Question: What is an agreement between a company and a vendor where the vendor agrees to provide certain functions for a specified period?
A: DRP
B: BIA
C: SLA
D: BCP
Question ID: CISSP-2018-RA-02-1-131
Question: What is the least restrictive data classification level in commercial business?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-1-132
Question: What is the most restrictive data classification level in commercial business?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-1-133
Question: Which of the following would NOT be a user entitlement?
A: User’s role in the company
B: Assets available to the user
C: Permissions given to the user on a server
D: Access rights to areas of the facility
Question ID: CISSP-2018-RA-02-1-134
Question: You are responsible for documenting all aspects of your company’s security program. As part of this documentation, you need to record the classification level of all company data. Who should you consult to obtain this information?
A: Data custodian
B: Data owner
C: System owner
D: Security administrator
Question ID: CISSP-2018-RA-02-1-135
Question: Which of the following statements regarding encryption are TRUE?
A: Link encryption encrypts all data being transmitted over a particular medium.
B: End-to-end encryption allows attackers to learn more about a captured packet.
C: End-to-end encryption provides protection against packets sniffers.
D: Link encryption occurs at the physical and data link layers.
E: Statements a, b, and c only.
F: Statements a, b, and d only.
G: All the statements.
Question ID: CISSP-2018-RA-02-2-012
Question: Which security technique controls what a user or group of users can see when they access the database?
A: Database Views
B: Database locks
C: Polyinstantiation
D: OLTP ACID Test
Question ID: CISSP-2018-RA-02-2-013
Question: What characteristic is present if either all operations are complete or the database changes are rolled back?
A: Atomicity
B: Durability
C: Consistency
D: Isolation
Question ID: CISSP-2018-RA-02-2-017
Question: What characteristic is present if the transaction follows an integrity process that ensures that data is alike in all places where it exists?
A: Atomicity
B: Durability
C: Consistency
D: Isolation
Question ID: CISSP-2018-RA-02-2-018
Question: Which security technique prevents two users from accessing a record at the same time to prevent conflicting edits?
A: Database Views
B: Database locks
C: Polyinstantiation
D: OLTP ACID Test
Question ID: CISSP-2018-RA-02-2-131
Question: What is the most restrictive data classification level in military use?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-2-132
Question: What is the least restrictive data classification level in military use?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-2-133
Question: You are responsible for documenting all aspects of your company’s security program. As part of this documentation, you need to record the information classification and controls that are implemented on the company data. Who should you consult to obtain this information?
A: Data custodian
B: Data owner
C: System owner
D: Security administrator
Question ID: CISSP-2018-RA-02-2-134
Question: Which technology protects the contents of an encrypted hard drive by storing the decryption key in the host computer?
A: SET
B: PGP
C: S/MIME
D: TPM
Question ID: CISSP-2018-RA-02-2-135
Question: You need to ensure that a message that you are transmitting to another user is not altered. You decide to use a hashing algorithm. Which of the following should you implement?
A: SHA-256
B: 3DES
C: AES
D: El Gamal
Question ID: CISSP-2018-RA-02-3-066
Question: Your organization has several trade secrets. Which data classification level should be assigned to these assets?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-3-067
Question: Your organization is a government contractor that has access to the blueprints of several military helicopters. Which data classification level should be assigned to these assets?
A: Unclassified
B: Public
C: Confidential
D: Top secret
Question ID: CISSP-2018-RA-02-3-068
Question: Which criterion should be the primary concern when classifying data?
A: Data value
B: Data sensitivity
C: Data age
D: Data usefulness
Question ID: CISSP-2018-RA-02-3-069
Question: Which of the following components should be considered as part of any information classification system?
A: Access control measures
B: Backup/recovery
C: Physical security
D: Data encryption
E: Statements a, b, and c only
F: Statements a, b, and d only
G: All the statements
Question ID: CISSP-2018-RA-02-3-070
Question: What is the first step of a data classification program?
A: Specify the data classification criteria.
B: Define the classification levels.
C: Identify the data owners.
D: Identify the data custodian.
E: Develop the data classification security awareness program.
Question ID: CISSP-2018-RA-02-3-071
Question: When designing identity management, an administrator must manage four main aspects of an identity. Three of those issues are entities, attributes, and credentials. What is the fourth aspect?
A: Entitlements
B: Confidentiality
C: Authentication
D: Integrity
Question ID: CISSP-2018-RA-02-3-072
Question: Which role monitors user activities to ensure that the appropriate controls are in place?
A: Data custodian
B: Data owner
C: Auditor
D: Application owner
Question ID: CISSP-2018-RA-02-3-073
Question: Which statement is TRUE regarding link encryption?
A: Packets are decrypted at each device.
B: The user can select exactly what is encrypted.
C: It affects only the performance of the sending and receiving devices.
D: Packet headers are not encrypted.
Question ID: CISSP-2018-RA-02-4-066
Question: What is the last step of a data classification program?
A: Specify the data classification criteria.
B: Define the classification levels.
C: Identify the data owners.
D: Identify the data custodian.
E: Develop the data classification security awareness program.
Question ID: CISSP-2018-RA-02-4-067
Question: Of the given steps in a data classification program, which should occur prior to the others?
A: Specify the data classification criteria.
B: Indicate the controls required for each classification level.
C: Identify the data owners.
D: Identify the data custodian.
E: Develop the data classification security awareness program.
Question ID: CISSP-2018-RA-02-4-068
Question: Of the given steps in a data classification program, which should occur prior to the others?
A: Document data declassification procedures.
B: Indicate the controls required for each classification level.
C: Identify the data owners.
D: Identify the data custodian.
E: Develop the data classification security awareness program.
Question ID: CISSP-2018-RA-02-4-069
Question: In a commercial business, which information is usually considered private?
A: Number of personnel
B: Business financial information
C: Trade secrets
D: Medical information
Question ID: CISSP-2018-RA-02-4-070
Question: In the military, which information is usually considered unclassified?
A: Recruitment numbers
B: Military equipment blueprints
C: Troop deployment plans
D: Troop psychological data
Question ID: CISSP-2018-RA-02-4-071
Question: Which entity is responsible for classifying data?
A: data Owner
B: Organization
C: Management
D: Security analyst
Question ID: CISSP-2018-RA-02-4-072
Question: Which countermeasure is designed to control access to sensitive material?
A: Access Control Services
B: Integrity Services
C: Boundary Control Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-02-4-073
Question: You need to deploy an encryption system to protect all data on a confidential file server. You need to select the symmetric algorithm that provides the largest key size. Which algorithm should you select?
A: 3DES
B: RC6
C: Twofish
D: IDEA
Question ID: CISSP-2018-RA-03-1-021
Question: When discussing secure design which of the following terms refers to a template used to establish the audience, techniques, and assumptions made?
A: Architecture
B: Architectural description (AD)
C: Stakeholder
D: View
E: Viewpoint
Question ID: CISSP-2018-RA-03-1-022
Question: Which security service tracks the operation of the system processes?
A: Boundary Control Services
B: Access Control Services
C: Integrity Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-1-023
Question: Which of the following is a type of ROM where a program or low level instructions are installed?
A: PSW
B: PLD
C: FPGA
D: Firmware
Question ID: CISSP-2018-RA-03-1-024
Question: Which security service scrambles or encrypts information?
A: Boundary Control Services
B: Access Control Services
C: Integrity Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-1-025
Question: Which of the following is programmed by blowing fuse connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the junction?
A: Flash memory
B: PLD
C: FPGA
D: Firmware
Question ID: CISSP-2018-RA-03-1-026
Question: Which security service ensures that data has not been damaged or corrupted in transfer?
A: Boundary Control Services
B: Access Control Services
C: Integrity Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-1-027
Question: When discussing secure design which of the following describes those with an interest or concern that should be considered?
A: Architecture
B: Architectural description (AD)
C: Stakeholder
D: View
E: Viewpoint
Question ID: CISSP-2018-RA-03-1-028
Question: Which of the following occurs when a computer program incorrectly manages memory allocations?
A: Associative memory
B: Implied addressing
C: Absolute addressing
D: Cache
E: Indirect addressing
F: Logical address
G: Relative address
H: Memory leak
I: Virtual memory
Question ID: CISSP-2018-RA-03-1-029
Question: When discussing secure design which of the following describes the representation of the system from the perspective of someone the project will impact in some way?
A: Architecture
B: Architectural description (AD)
C: Stakeholder
D: View
E: Viewpoint
Question ID: CISSP-2018-RA-03-1-043
Question: Which types of extinguisher is not recommended for rooms where equipment will be damaged by the water?
A: Wet pipe
B: Dry pipe
C: Preaction
D: Deluge
Question ID: CISSP-2018-RA-03-1-044
Question: Which of the following is a prolonged high voltage?
A: Surge
B: Brownout
C: Fault
D: Blackout
Question ID: CISSP-2018-RA-03-1-045
Question: Which fire extinguisher type is used for flammable liquids?
A: Class A
B: Class B
C: Class C
D: Class D
E: Class K
Question ID: CISSP-2018-RA-03-1-047
Question: Which classification of threat is presented by a flood?
A: System
B: Natural
C: External
D: Internal
E: Man-made
Question ID: CISSP-2018-RA-03-1-048
Question: Which fire extinguisher type is used for combustible metals?
A: Class A
B: Class B
C: Class C
D: Class D
E: Class K
Question ID: CISSP-2018-RA-03-1-071
Question: In a PKI, what is a target?
A: A path to a public key
B: A public key that verifies the certificate used in a digital signature
C: An entity that seeks to have a certificate validated
D: An entity that verifies a public key chain
Question ID: CISSP-2018-RA-03-1-072
Question: In a PKI, what is a trust anchor?
A: A path to a public key
B: A public key that verifies the certificate used in a digital signature
C: An entity that seeks to have a certificate validated
D: An entity that verifies a public key chain
Question ID: CISSP-2018-RA-03-1-073
Question: An attacker gains information about the encryption algorithms from the cryptosystem that is implemented in the network. Which type of attack has occurred?
A: Known plaintext attack
B: Analytic attack
C: Side-channel attack
D: Replay attack
Question ID: CISSP-2018-RA-03-1-074
Question: An attacker monitors the traffic stream in a network and maliciously repeats or delays the transmission of valid data over the network. Which type of attack has occurred?
A: Known plaintext attack
B: Analytic attack
C: Side-channel attack
D: Replay attack
Question ID: CISSP-2018-RA-03-1-075
Question: Which algorithm uses a 64-bit block size?
A: DES
B: AES
C: RC6
D: RC4
Question ID: CISSP-2018-RA-03-1-076
Question: Which algorithm uses a 128-, 192-, or 256-bit block size?
A: DES
B: AES
C: RC6
D: RC4
Question ID: CISSP-2018-RA-03-1-077
Question: Which algorithm performs ONLY 4 rounds of computations?
A: HAVAL
B: Tiger
C: MD5
D: SHA-256
Question ID: CISSP-2018-RA-03-1-078
Question: Which algorithm performs 64 rounds of computations?
A: HAVAL
B: Tiger
C: MD5
D: SHA-256
Question ID: CISSP-2018-RA-03-1-091
Question: From whom does the greatest risk of malicious acts come?
A: Insiders
B: Third-party contractors
C: Hackers
D: Partners
Question ID: CISSP-2018-RA-03-1-136
Question: Which security model is concerned with data integrity?
A: Brewer-Nash Model
B: Lipner Model
C: Bell-LaPadula Model
D: Clark-Wilson Integrity Model
Question ID: CISSP-2018-RA-03-1-137
Question: Which model type focuses mainly on information flow?
A: State Machine model
B: Noninterference model
C: Matrix-based model
D: Multilevel Lattice model
E: Information Flow model
F: D and E
Question ID: CISSP-2018-RA-03-1-138
Question: Which of the following is a system component that enforces access controls on an object?
A: Reference monitor
B: Security perimeter
C: Security kernel
D: TCB
Question ID: CISSP-2018-RA-03-1-139
Question: Which of the following methods searches for a specific data value in memory rather than using a specific memory address?
A: Cache
B: Indirect addressing
C: Absolute addressing
D: Associative memory
E: Implied addressing
Question ID: CISSP-2018-RA-03-1-140
Question: Which term refers to the address at which a memory cell or storage element appears to reside from the perspective of an executing application program?
A: Memory leak
B: Relative address
C: Virtual memory
D: Logical address
Question ID: CISSP-2018-RA-03-1-141
Question: In which of the following does a platform act as a client or server or both?
A: Cloud computing
B: Data warehouse
C: Grid computing
D: Peer-to-peer computing
Question ID: CISSP-2018-RA-03-1-143
Question: Which of the following is an XML-based open standard data format for exchanging authentication and authorization data between parties?
A: XML
B: SAML
C: OWASP
D: OVAL
Question ID: CISSP-2018-RA-03-1-150
Question: Which mode of DES is used in IEEE 802.11i?
A: ECB
B: CBC
C: CFB
D: OFB
E: CTR
Question ID: CISSP-2018-RA-03-1-151
Question: Your organization must be able to send confidential messages to another organization over the Internet. You must ensure that the encryption scheme that you use can never be broken. You decide to use one-time pads when sending these confidential messages. Which of the following statements is TRUE regarding this encryption scheme?
A: Each pad can be used only one time.
B: Each pad must be shorter than the message it is securing.
C: The pads must be securely distributed and protected in storage.
D: The pads must be made up of random values.
E: options a, b, and c only
F: options a, b, and d only
G: options a, c, and d only
Question ID: CISSP-2018-RA-03-1-152
Question: Your organization has recently signed a contract with another organization. As part of this contract, you must establish a public key infrastructure (PKI) for added security during inter-organizational communication. Which mechanism in the PKI is issued to users and includes a public key?
A: Certification authority (CA)
B: Registration authority (RA)
C: Steganography
D: Digital certificate
Question ID: CISSP-2018-RA-03-1-153
Question: You need to ensure message integrity for data transmitted between two of your organization’s research offices. Which of the following CANNOT be used to provide message integrity?
A: Parity bits
B: CRCs
C: TPM
D: Checksums
Question ID: CISSP-2018-RA-03-1-154
Question: Your organization has decided to use an out-of-band method to distribute the keys it will be using to another organization. The encryption scheme will be used to protect all communication between the organizations. Which of the following is an example of this type of distribution?
A: Over e-mail
B: Using a PKI
C: Sending by courier
D: Over a text message
Question ID: CISSP-2018-RA-03-1-155
Question: Which of the following is NOT part of the cryptographic key life cycle?
A: Key creation
B: Key distribution
C: Key cost
D: Key revocation
E: Key length
F: Options a, b, and d only
G: Options c and e only
Question ID: CISSP-2018-RA-03-1-156
Question: Which cryptographic key life cycle term involves issuing keys to the entities that will use them?
A: Key creation
B: Key distribution
C: Key revocation
D: Key management
Question ID: CISSP-2018-RA-03-1-157
Question: Which cryptographic key life cycle step is covered by a CRL?
A: Key creation
B: Key distribution
C: Key revocation
D: Key management
Question ID: CISSP-2018-RA-03-1-158
Question: For which step of the cryptographic life cycle is the CA responsible?
A: Key creation
B: Key distribution
C: Key revocation
D: Key management
Question ID: CISSP-2018-RA-03-1-159
Question: Which of the following is responsible for managing keys issued to a single computer?
A: CRL
B: CA
C: RA
D: TPM
Question ID: CISSP-2018-RA-03-1-160
Question: What is the first step in the cryptographic life cycle?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
F: Termination
Question ID: CISSP-2018-RA-03-1-161
Question: What is the second step in the cryptographic life cycle?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
F: Termination
Question ID: CISSP-2018-RA-03-1-162
Question: What occurs in the cryptographic life cycle after creating and initializing the encryption?
A: Distribution
B: Activation
C: Inactivation
D: Termination
Question ID: CISSP-2018-RA-03-1-163
Question: What is the fourth step in the cryptographic life cycle?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
F: Termination
Question ID: CISSP-2018-RA-03-1-164
Question: What is the last step in the cryptographic life cycle?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
F: Termination
Question ID: CISSP-2018-RA-03-1-165
Question: Which step in the cryptographic life cycle occurs before termination and ensures that a key or certificate cannot be used?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
Question ID: CISSP-2018-RA-03-1-166
Question: You are in the process of removing a key from the distribution system. However the key still exists on several of the issuers. In which step of the cryptographic life cycle is this key currently operating?
A: Initialization
B: Creation
C: Distribution
D: Activation
E: Inactivation
F: Termination
Question ID: CISSP-2018-RA-03-1-167
Question: You have an encryption key that has been placed into an inactive state. Which of the following can perform with this key?
A: Encryption
B: Decryption
C: Verification
D: Signing
E: Options a and b only
F: Options a and d only
G: Options b and c only
H: Options b and d only
Question ID: CISSP-2018-RA-03-1-168
Question: You need to remove a key from being issued. However, you are concerned that data that has been encrypted using this key still exists. What should you do?
A: Activate the key.
B: Terminate the key.
C: Deactivate the key.
D: Verify the key.
Question ID: CISSP-2018-RA-03-1-169
Question: Which statement about cryptography is FALSE?
A: Asynchronous encryption occurs when encryption or decryption requests are processed from a queue.
B: Symmetric encryption is an encryption method whereby a single private key both encrypts and decrypts the data.
C: When using a digital signature, the message acts an input to a hash function, and the sender’s public key encrypts the hash value.
D: Key clustering occurs when different encryption keys generate the same ciphertext from the same plaintext message.
Question ID: CISSP-2018-RA-03-1-170
Question: Which statement about cryptography is TRUE?
A: Transposition is the process of changing a key value during each round of encryption.
B: Diffusion is the process of changing the location of the plaintext within the ciphertext.
C: Substitution is the process of shuffling or reordering the plaintext to hide the original message.
D: Confusion is the process of exchanging one byte in a message for another.
Question ID: CISSP-2018-RA-03-1-171
Question: Which advance in cryptographic history was created by IBM and used a Feistel cipher?
A: Lucifer
B: Enigma
C: Kerckhoff’s Principle
D: Vigenere cipher
Question ID: CISSP-2018-RA-03-1-172
Question: Which CPTED concept applies to the entrances of the facility?
A: Natural Access Control
B: Natural surveillance
C: Natural detection
D: Natural Territorials Reinforcement
Question ID: CISSP-2018-RA-03-1-173
Question: Which of the following fire extinguishing systems allows large amounts of water to be released into the room?
A: Dry pipe
B: Preaction
C: Wet pipe
D: Deluge
Question ID: CISSP-2018-RA-03-1-174
Question: Which type of glass is two sheets of glass with a plastic film between?
A: Standard
B: Laminated
C: Acrylic
D: Tempered
Question ID: CISSP-2018-RA-03-1-175
Question: Which type of glass is used in residential areas and is easily broken?
A: Standard
B: Laminated
C: Acrylic
D: Tempered
Question ID: CISSP-2018-RA-03-142
Question: Which type of malware displays advertisements while the application is executing?
A: Virus
B: Spyware
C: Trojan horse
D: Worm
E: Adware
Question ID: CISSP-2018-RA-03-2-021
Question: Which of the following refers to registers usually contained inside the CPU?
A: Associative memory
B: Implied addressing
C: Absolute addressing
D: Cache
E: Indirect addressing
F: Logical address
G: Relative address
H: Memory leak
I: Virtual memory
Question ID: CISSP-2018-RA-03-2-022
Question: Which security service accomplishes its goal by identifying components and services as trusted or not trusted?
A: Boundary Control Services
B: Access Control Services
C: Integrity Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-2-023
Question: Which of the following is a type of electrically programmable ROM?
A: Flash memory
B: PLD
C: FPGA
D: Firmware
Question ID: CISSP-2018-RA-03-2-024
Question: Which security service is deployed to control sensitive material while allowing users to do their job?
A: Boundary Control Services
B: Access Control Services
C: Integrity Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-2-025
Question: Which of the following is an integrated circuit with connections or internal logic gates that can be changed through a programming process?
A: Flash memory
B: PLD
C: FPGA
D: Firmware
Question ID: CISSP-2018-RA-03-2-026
Question: Which of the following searches for a specific data value in memory rather than using a specific memory address?
A: Associative memory
B: Implied addressing
C: Absolute addressing
D: Cache
E: Indirect addressing
F: Logical address
G: Relative address
H: Memory leak
I: Virtual memory
Question ID: CISSP-2018-RA-03-2-027
Question: When discussing secure design which of the following describes the organization of the system and the principles that guided design and evolution?
A: Architecture
B: Architectural description (AD)
C: Stakeholder
D: View
E: Viewpoint
Question ID: CISSP-2018-RA-03-2-028
Question: Which of the following is a location on the hard drive used temporarily for storage when memory space is low?
A: Associative memory
B: Implied addressing
C: Absolute addressing
D: Cache
E: Indirect addressing
F: Logical address
G: Relative address
H: Memory leak
I: Virtual memory
Question ID: CISSP-2018-RA-03-2-029
Question: When discussing secure design which of the following is composed of the set of documents that convey the design in a formal manner?
A: Architecture
B: Architectural description (AD)
C: Stakeholder
D: View
E: Viewpoint
Question ID: CISSP-2018-RA-03-2-040
Question: Which classification of threat is presented by a loss of power?
A: System
B: Natural
C: External
D: Internal
E: Man-made
Question ID: CISSP-2018-RA-03-2-041
Question: Which fire extinguisher type is used on flammable liquids?
A: Class A
B: Class B
C: Class C
D: Class D
E: Class K
Question ID: CISSP-2018-RA-03-2-042
Question: Which detection system operates by detecting changes in the light and thus is used in windowless areas?
A: Passive infrared
B: Electromechanical
C: Photometric
D: Acoustical
E: Wave motion
F: Capacitance
Question ID: CISSP-2018-RA-03-2-050
Question: Which classification of threat is presented by a threat to perimeter security?
A: System
B: Natural
C: External
D: Internal
E: Man-made
Question ID: CISSP-2018-RA-03-2-071
Question: In a PKI, what is a subject?
A: A path to a public key
B: A public key that verifies the certificate used in a digital signature
C: An entity that seeks to have a certificate validated
D: An entity that verifies a public key chain
Question ID: CISSP-2018-RA-03-2-072
Question: In a PKI, what is a verifier?
A: A path to a public key
B: A public key that verifies the certificate used in a digital signature
C: An entity that seeks to have a certificate validated
D: An entity that verifies a public key chain
Question ID: CISSP-2018-RA-03-2-073
Question: An attacker uses the plaintext and ciphertext versions of a message to discover the key used. Which type of attack has occurred?
A: Known plaintext attack
B: Analytic attack
C: Side-channel attack
D: Replay attack
Question ID: CISSP-2018-RA-03-2-074
Question: An attacker uses known structural weaknesses or flaws to determine the algorithm used. Which type of attack has occurred?
A: Known plaintext attack
B: Analytic attack
C: Side-channel attack
D: Replay attack
Question ID: CISSP-2018-RA-03-2-075
Question: Which algorithm uses a 32-, 64-, or 128-bit block size?
A: DES
B: AES
C: RC6
D: RC4
Question ID: CISSP-2018-RA-03-2-076
Question: Which algorithm is a stream cipher and does not have a block size?
A: DES
B: AES
C: RC6
D: RC4
Question ID: CISSP-2018-RA-03-2-077
Question: Which algorithm performs 3, 4, or 5 rounds of computations?
A: HAVAL
B: Tiger
C: MD5
D: SHA-256
Question ID: CISSP-2018-RA-03-2-078
Question: Which algorithm performs 24 rounds of computations?
A: HAVAL
B: Tiger
C: MD5
D: SHA-256
Question ID: CISSP-2018-RA-03-2-136
Question: Which model type maintains the proper security relationship between objects and subjects in each state of operation?
A: State Machine model
B: Noninterference model
C: Matrix-based model
D: Multilevel Lattice model
E: Information Flow model
F: D and E
Question ID: CISSP-2018-RA-03-2-137
Question: Which model type focuses on controlling information flows that relate two versions of the same object?
A: State Machine model
B: Noninterference model
C: Matrix-based model
D: Multilevel Lattice model
E: Information Flow model
F: D and E
Question ID: CISSP-2018-RA-03-2-138
Question: Which model type organizes tables of subjects and objects?
A: State Machine model
B: Noninterference model
C: Matrix-based model
D: Multilevel Lattice model
E: Information Flow model
F: D and E
Question ID: CISSP-2018-RA-03-2-139
Question: In which of the following methods is the address location that is specified in the program instruction contains the address of the final desired location?
A: Cache
B: Indirect addressing
C: Absolute addressing
D: Associative memory
E: Implied addressing
Question ID: CISSP-2018-RA-03-2-140
Question: Which of the following occurs when a computer program incorrectly manages memory allocations?
A: Memory leak
B: Relative address
C: Virtual memory
D: Logical address
Question ID: CISSP-2018-RA-03-2-141
Question: Which type of malware relies upon other application programs to execute it and infect a system?
A: Virus
B: Spyware
C: Trojan horse
D: Worm
E: Adware
Question ID: CISSP-2018-RA-03-2-142
Question: Which type of malware uses tracking cookies to collect and report on a user's activities?
A: Virus
B: Spyware
C: Trojan horse
D: Worm
E: Adware
Question ID: CISSP-2018-RA-03-2-143
Question: Which of the following is an open-source application security project?
A: XML
B: SAML
C: OWASP
D: OVAL
Question ID: CISSP-2018-RA-03-2-144
Question: What is another word for a concealment cipher?
A: Plaintext
B: Ciphertext
C: Running key cipher
D: Null cipher
Question ID: CISSP-2018-RA-03-2-145
Question: All the following are substitution ciphers EXCEPT which one?
A: Caesar cipher
B: Running key cipher
C: Vigenere cipher
D: Modulo 26 cipher
Question ID: CISSP-2018-RA-03-2-146
Question: Which of the following statements are TRUE regarding symmetric algorithms?
A: They are easy to break.
B: They are slower than asymmetric algorithms.
C: They include both stream-based and block ciphers.
D: They provide confidentiality, authentication, and nonrepudiation.
Question ID: CISSP-2018-RA-03-2-147
Question: Which of the following statements regarding stream-based and block ciphers are TRUE?
A: Stream-based ciphers use different keys for encryption and decryption.
B: Stream-based ciphers are generally cheaper to implement than block ciphers.
C: Block ciphers are generally less susceptible to security issues.
D: Block ciphers are generally used more in software implementations.
E: Options a, b, and c only
F: Options b, c, and d only
G: All of the options
Question ID: CISSP-2018-RA-03-2-148
Question: Which of the following is NOT a symmetric algorithm?
A: DES
B: Skipjack
C: Blowfish
D: RSA
E: All the options
F: None of the options
Question ID: CISSP-2018-RA-03-2-149
Question: Which of the following is NOT an asymmetric algorithm?
A: ECC
B: Knapsack
C: DSA
D: Diffie-Hellman
E: All the options
F: None of the options
Question ID: CISSP-2018-RA-03-2-150
Question: Which of the following statements regarding hybrid cryptography are TRUE?
A: The asymmetric algorithm provides the keys used for encryption.
B: The asymmetric keys are passed to the symmetric algorithm, which encrypts the asymmetric keys and automatically distributes them.
C: The message is encrypted with the symmetric key.
D: The receiver decrypts the asymmetric key and uses the asymmetric key to decrypt the message
Question ID: CISSP-2018-RA-03-2-151
Question: Which of the following is a stream cipher?
A: RC4
B: Blowfish
C: Twofish
D: RC5
E: RC6
Question ID: CISSP-2018-RA-03-2-152
Question: Which of the following symmetric algorithms performs the most rounds of transformation?
A: IDEA
B: Skipjack
C: Twofish
D: AES 256
Question ID: CISSP-2018-RA-03-2-153
Question: What is the slowest asymmetric algorithm?
A: Diffie-Hellman
B: RSA
C: El Gamal
D: ECC
Question ID: CISSP-2018-RA-03-2-154
Question: Which of the following statements regarding cryptography is FALSE?
A: Encryption provides confidentiality.
B: Hashing provides integrity and authentication.
C: Digital signatures provide authentication, nonrepudiation, and integrity.
D: Cryptography is not concerned with availability.
Question ID: CISSP-2018-RA-03-2-155
Question: Which of the following is NOT a mode used by block ciphers?
A: ECB
B: CBC
C: CFB
D: CTR
E: IV
Question ID: CISSP-2018-RA-03-2-156
Question: Which of the following factors should be considered when designing a key management process?
A: Key length
B: Key recovery
C: Key distribution
D: Key revocation
E: Key escrow
F: Options a, b, c, and d only
G: All the options
Question ID: CISSP-2018-RA-03-2-157
Question: Why should an organization implement a master decryption key?
A: To ensure that the key is not stolen
B: To ensure that the key can be distributed
C: To ensure that the key is strong enough
D: To ensure that the data can be recovered
Question ID: CISSP-2018-RA-03-2-158
Question: What is the purpose of a multiparty recovery key?
A: To ensure that the key is not stolen
B: To ensure that the key can be distributed
C: To ensure that the key is strong enough
D: To ensure that the key can be recovered
Question ID: CISSP-2018-RA-03-2-159
Question: In a PKI, which entity contains the public key of each member and makes the key portable?
A: Digital certificate
B: CA
C: RA
D: CRL
Question ID: CISSP-2018-RA-03-2-160
Question: When considering key distribution centers (KDCs) such as those used in Kerberos, which of the following statements are FALSE?
A: Session keys are distributed by the KDC.
B: Session keys are used only during a communication session.
C: The master key is only known by the KDC.
D: The master key encrypts traffic between the user and the KDC.
Question ID: CISSP-2018-RA-03-2-161
Question: You distribute parts of a key to different entities so that the key can be recovered later. Which entity is responsible for a part of the key?
A: Central authority
B: Trustee agents
C: End users
D: Administrators
Question ID: CISSP-2018-RA-03-2-162
Question: Which technology was created to help with the recovery of keys on a single computer?
A: KEK
B: TPM
C: KDC
D: CRL
Question ID: CISSP-2018-RA-03-2-163
Question: What should you do to the data that is protected by a key if the key is compromised and you need to revoke the key?
A: Re-sign all the data with the compromised key.
B: Re-sign all the data with a new key.
C: Decrypt the data with the compromised key.
D: Encrypt the data with the compromised key.
Question ID: CISSP-2018-RA-03-2-164
Question: Your organization has signed a contract with another organization to use key escrow. Where are the key recovery elements stored?
A: In a PKI
B: On a CA
C: At your organization
D: At a trusted third party
E: At the other organization
Question ID: CISSP-2018-RA-03-2-165
Question: Which statement regarding key management issues is FALSE?
A: Asymmetric algorithms must be longer than symmetric algorithms to achieve the same level of protection against attacks.
B: A longer key is more expensive to use in effort, time, and resources.
C: Only secret keys need to be protected against modification.
D: Only secret keys need to be protected against disclosure.
Question ID: CISSP-2018-RA-03-2-166
Question: Which factors affect the exposure risk of a key management system?
A: Key update process
B: Number of transactions
C: Number of key copies issued
D: Importance of the information being protected
E: Options a and b only
F: Options c and d only
G: All of the options
Question ID: CISSP-2018-RA-03-2-167
Question: Why should you assign a compromise date to a key that has been deactivated?
A: To know when you can re-activate the key
B: To know the lifetime of the key
C: To retrieve information signed before the compromise occurred
D: To know when you can delete the key
Question ID: CISSP-2018-RA-03-2-168
Question: When configuring the key lifetime, which factor should NOT be considered?
A: User role
B: Application being used
C: Service provided by the key
D: Randomness of the key
Question ID: CISSP-2018-RA-03-2-169
Question: What should you do if a user’s private key is lost?
A: Revoke both the user’s public and private key.
B: Revoke the user’s public key.
C: Revoke the user’s private key.
D: Deactivate the user’s public and private key.
Question ID: CISSP-2018-RA-03-2-170
Question: Which of the following is NOT a valid reason for revoking a key?
A: A key is lost.
B: A key is compromised.
C: The user transitions to a less trusted job role.
D: A key is too long.
Question ID: CISSP-2018-RA-03-2-171
Question: Your organization decides to use digital signatures to sign messages. Which security tenets are covered by this implementation?
A: Confidentiality
B: Authentication
C: Nonrepudiation
D: Integrity
E: Options a and b only
F: Options c and d only
G: Options b, c, and d only
Question ID: CISSP-2018-RA-03-2-172
Question: Your organization decides to use digital signatures to sign messages. In addition, the messages will be encrypted. Which security tenets are covered by this implementation?
A: Confidentiality
B: Authentication
C: Nonrepudiation
D: Integrity
E: Options a and b only
F: Options c and d only
G: Options b, c, and d only
H: All of the options
Question ID: CISSP-2018-RA-03-2-173
Question: Which CPTED concept promotes visibility of all areas?
A: Natural Access Control
B: Natural surveillance
C: Natural detection
D: Natural Territorials Reinforcement
Question ID: CISSP-2018-RA-03-2-174
Question: Which type of glass produces toxic fumes when burned?
A: Standard
B: Laminated
C: Acrylic
D: Tempered
Question ID: CISSP-2018-RA-03-2-175
Question: Which type of glass is created by heating the glass?
A: Standard
B: Laminated
C: Acrylic
D: Tempered
Question ID: CISSP-2018-RA-03-3-074
Question: Which countermeasure is designed to ensure that data moving through the operating system or application can be verified to not have been damaged or corrupted?
A: Access Control Services
B: Integrity Services
C: Boundary Control Services
D: Cryptography Services
E: Auditing and Monitoring Services
Question ID: CISSP-2018-RA-03-3-075
Question: Which model type concentrates on preventing the actions that take place at one level from altering the state presented to another level?
A: State Machine model
B: Noninterference model
C: Matrix-based model
D: Multilevel Lattice model
E: Information Flow model
F: D and E
Question ID: CISSP-2018-RA-03-3-076
Question: Which model separates objects into data and programs?
A: Brewer-Nash model
B: Lipner model
C: Bell-LaPadula model
D: The Graham –Denning model
Question ID: CISSP-2018-RA-03-3-077
Question: Which of the following is a multilevel security model?
A: Bell-LaPadula model
B: Brewer and Nash model
C: Brewer and Nash model
D: Graham –Denning model
Question ID: CISSP-2018-RA-03-3-078
Question: Which model introduced the concept of allowing access controls to change dynamically based on a user’s previous actions?
A: Brewer-Nash model
B: Lipner model
C: Bell-LaPadula model
D: Clark-Wilson Integrity model
Question ID: CISSP-2018-RA-03-3-079
Question: Which of the following is also known as the Chinese Wall model?
A: Bell-LaPadula model
B: Brewer and Nash model
C: Lipner model
D: Graham –Denning model
Question ID: CISSP-2018-RA-03-3-080
Question: Which model was the first mathematical model of a multilevel system?
A: Brewer-Nash model
B: Lipner model
C: Bell-LaPadula model
D: Clark-Wilson Integrity model
Question ID: CISSP-2018-RA-03-3-081
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels implies that the security assurance is performed in a formal and detailed manner?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-3-082
Question: Which Common Criteria Evaluation Assurance Level (EAL) provides moderate levels of security?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-3-083
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels refers to discretionary security protection?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-3-084
Question: Which of the following refers to registers usually contained inside the CPU?
A: Cache
B: Indirect addressing
C: Absolute addressing
D: Associative memory
E: Implied addressing
Question ID: CISSP-2018-RA-03-3-085
Question: Which of the following is a location on the hard drive?
A: Memory leak
B: Relative address
C: Virtual memory
D: Logical address
Question ID: CISSP-2018-RA-03-3-086
Question: Which of the following is a relatively small amount of high speed RAM?
A: Cache
B: Indirect addressing
C: Absolute addressing
D: Associative memory
E: Implied addressing
Question ID: CISSP-2018-RA-03-3-087
Question: Which of the following specifies its location by indicating its distance from another address?
A: Memory leak
B: Relative address
C: Virtual memory
D: Logical address
Question ID: CISSP-2018-RA-03-3-088
Question: Which type of malware spreads itself through network connections?
A: Virus
B: Spyware
C: Trojan horse
D: Worm
E: Adware
Question ID: CISSP-2018-RA-03-3-089
Question: Which type of virus includes protective code that prevents detection?
A: Stealth virus
B: Companion virus
C: Armored virus
D: Phage virus
Question ID: CISSP-2018-RA-03-3-090
Question: Which of the following harnesses the CPU power of multiple physical machines to perform a job?
A: Cloud computing
B: Data warehouse
C: Grid computing
D: Peer-to-peer computing
Question ID: CISSP-2018-RA-03-3-091
Question: Which type of malware is disguised as a useful utility?
A: Virus
B: Spyware
C: Trojan horse
D: Worm
E: Adware
Question ID: CISSP-2018-RA-03-3-092
Question: Which of the following is a repository of information from heterogeneous databases?
A: Cloud computing
B: Data warehouse
C: Grid computing
D: Peer-to-peer computing
Question ID: CISSP-2018-RA-03-3-093
Question: Which of the following is the most widely used web language?
A: XML
B: SAML
C: OWASP
D: OVAL
Question ID: CISSP-2018-RA-03-3-094
Question: Which of the following encryption algorithms support digital signatures and encryption?
A: RSA
B: 3DES
C: Blowfish
D: IDEA
Question ID: CISSP-2018-RA-03-3-095
Question: Which of the following encryption algorithms support digital signatures and encryption?
A: RC6
B: ECC
C: Diffie-Hellman
D: DES
Question ID: CISSP-2018-RA-03-3-096
Question: Your organization has decided to deploy encryption. Management wants to use an encryption algorithm that will also support digital signatures. Which of the following encryption algorithms should you deploy?
A: DSA
B: MD5
C: El Gamal
D: HAVAL
Question ID: CISSP-2018-RA-03-3-097
Question: Your organization has decided to deploy encryption. Management wants to use an encryption algorithm that also supports digital signatures. Which of the following encryption algorithms should you deploy?
A: Tiger
B: SHA
C: RC5
D: Knapsack
Question ID: CISSP-2018-RA-03-3-098
Question: What is a digital signature?
A: A hash value that has been encrypted with the sender’s private key
B: A hash value that has been encrypted with the sender’s public key
C: A message that has been encrypted with the sender’s private key
D: A message that has been encrypted with the sender’s public key
Question ID: CISSP-2018-RA-03-3-099
Question: What is the best way to provide nonrepudiation in an e-mail system?
A: Deploy PGP.
B: Use encryption.
C: Use digital signatures.
D: Deploy MIME.
Question ID: CISSP-2018-RA-03-3-100
Question: Which of the following is a standard that was designed only for digital signatures?
A: RSA
B: DSS
C: DES
D: IDEA
Question ID: CISSP-2018-RA-03-3-101
Question: What is the message digest size generated by DSS?
A: 128 bits
B: 160 bits
C: 192 bits
D: 256 bits
Question ID: CISSP-2018-RA-03-3-102
Question: Which of the following uses digital signatures?
A: SET
B: S-HTTP
C: HTTPS
D: SSH
Question ID: CISSP-2018-RA-03-3-103
Question: What is NOT provided by DSS?
A: Integrity
B: Digital signature
C: Authentication
D: Confidentiality
Question ID: CISSP-2018-RA-03-3-104
Question: A user contacts you regarding a message he is receiving on his Windows computer. When he tries to update a device driver, he receives a message stating that the driver is digitally signed by Microsoft. What should you advise the user to do?
A: Delete the driver.
B: Install the driver.
C: Scan the driver for viruses.
D: Compute the hash value of the driver file.
Question ID: CISSP-2018-RA-03-3-105
Question: How does a program generate a digital signature?
A: The program passes the file through a one-way hash function.
B: The program encrypts the file using an encryption algorithm.
C: The program signs the file with a digital certificate.
D: The program sends the file through an HTTPS connection.
Question ID: CISSP-2018-RA-03-3-106
Question: In which standard is Secure Hash Algorithm (SHA) vital?
A: DES
B: 3DES
C: DSS
D: HAVAL
Question ID: CISSP-2018-RA-03-3-107
Question: When you deploy an e-mail system that uses digital signatures, which security issue are you addressing?
A: Confidentiality
B: Non-repudiation
C: Integrity
D: Authentication
Question ID: CISSP-2018-RA-03-3-108
Question: Which layer of the OSI model provides nonrepudiation?
A: Application
B: Presentation
C: Session
D: Transport
Question ID: CISSP-2018-RA-03-3-109
Question: Which of the following provides nonrepudiation?
A: IPsec
B: TLS
C: PKI
D: WPA
Question ID: CISSP-2018-RA-03-3-110
Question: Which term is the ability to ensure that a party to a communication cannot deny the authenticity of his signature on a document?
A: Confidentiality
B: Integrity
C: Authentication
D: Nonrepudiation
Question ID: CISSP-2018-RA-03-3-111
Question: In providing nonrepudiation by using digital signatures, who CANNOT deny the authenticity of a communication?
A: Sender
B: Receiver
C: Sending organization
D: Receiving organization
Question ID: CISSP-2018-RA-03-3-112
Question: What is the main concern when providing nonrepudiation?
A: Sender identity
B: Data integrity
C: Data origin
D: Sender validity
Question ID: CISSP-2018-RA-03-3-113
Question: Which of the following can provide nonrepudiation?
A: 3DES
B: RSA
C: RC5
D: MD5
Question ID: CISSP-2018-RA-03-3-114
Question: You need to implement an algorithm that will provide nonrepudiation. Which algorithm should you use?
A: El Gamal
B: Blowfish
C: SHA-1
D: Tiger
Question ID: CISSP-2018-RA-03-3-115
Question: An organization needs to ensure that the senders of certain communications cannot deny that the communications were sent. You decide to implement an algorithm that provides nonrepudiation. Which algorithm should you implement?
A: IDEA
B: Twofish
C: ECC
D: HAVAL
Question ID: CISSP-2018-RA-03-3-116
Question: Which encryption algorithm could you implement to provide both nonrepudiation and confidentiality?
A: Tiger
B: DES
C: Diffie-Hellman
D: Knapsack
Question ID: CISSP-2018-RA-03-3-117
Question: Which of the following algorithms are used ONLY to provide nonrepudiation through the use of digital signatures?
A: DSA
B: RSA
C: Knapsack
D: Diffie-Hellman
Question ID: CISSP-2018-RA-03-3-118
Question: Which of the following algorithms can be used to create digital signatures that provide nonrepudiations but CANNOT also provide confidentiality?
A: Knapsack
B: DSA
C: El Gamal
D: ECC
Question ID: CISSP-2018-RA-03-3-119
Question: Your organization has decided to use the RSA algorithm. Which functions can this algorithm provide?
A: Encryption
B: Digital signature
C: Hashing
D: Key distribution
E: Options a, b, and d
F: Options b, c, and d
G: All of the options
Question ID: CISSP-2018-RA-03-3-120
Question: You decide to implement the ECC algorithm for your organization. Management wants to understand which functions are provided by this algorithm. Which of the following should you explain?
A: Encryption
B: Digital signature
C: Hashing
D: Key distribution
E: Options b, c, and d
F: Options a, b, and d
G: All the options
Question ID: CISSP-2018-RA-03-3-121
Question: An organization has implemented the Knapsack algorithm to provide encryption. You are hired as a security consultant. You need to explain to the organization the other functions that the Knapsack algorithm provides. Which functions should you explain?
A: Digital signature
B: Hashing
C: Key distribution
D: Options a and b only
E: Options b and c only
F: Options a and c only
G: All of the options
Question ID: CISSP-2018-RA-03-3-122
Question: You are the security analyst for your organization. While auditing the network’s security, you discover that an attacker has discovered the organization’s encryption key. After further research, it is determined that the attacker used several encrypted messages to obtain the key. Which type of attack did the attacker carry out?
A: Ciphertext-only attack
B: Known plaintext attack
C: Chosen plaintext attack
D: Chosen ciphertext
Question ID: CISSP-2018-RA-03-3-123
Question: Which if the following a set of recommendations for secure site design?
A: CPTED
B: OSHA
C: FISA
D: HIPAA
Question ID: CISSP-2018-RA-03-3-124
Question: Which CPTED concept attempts to extend the sense of ownership to the employees?
A: Natural Access Control
B: Natural surveillance
C: Natural detection
D: Natural Territorials Reinforcement
Question ID: CISSP-2018-RA-03-3-125
Question: Which lock type requires rotating the lock in a pattern?
A: Cipher
B: Warded
C: Tumbler
D: Combination
Question ID: CISSP-2018-RA-03-3-126
Question: In which of the following fire extinguishing systems is the water not held in the pipes but in a holding tank?
A: Dry pipe
B: Preaction
C: Wet pipe
D: Deluge
Question ID: CISSP-2018-RA-03-3-127
Question: Which of the following fire extinguishing systems is currently the recommended system for a computer room?
A: Dry pipe
B: Preaction
C: Wet pipe
D: Deluge
Question ID: CISSP-2018-RA-03-3-128
Question: Which of the following fire extinguishing systems use water contained in pipes to extinguish the fire?
A: Dry pipe
B: Preaction
C: Wet pipe
D: Deluge
Question ID: CISSP-2018-RA-03-3-129
Question: Which of the following is a prolonged power outage?
A: Fault
B: Surge
C: Blackout
D: Brownout
Question ID: CISSP-2018-RA-03-3-130
Question: Which of the following is a lock with a spring loaded bolt with a notch in it?
A: Combination lock
B: Tumbler lock
C: Warded lock
D: cipher lock
E: PAD
F: mantrap
G: cable lock
Question ID: CISSP-2018-RA-03-3-131
Question: Which of the following reacts faster to a fire than nonoptical devices do?
A: Heat activated sensor
B: Smoke activated sensor
C: Flame actuated sensor
D: Wet pipe extinguisher
Question ID: CISSP-2018-RA-03-3-132
Question: Which of the following connects to a laptop and then locks around an object?
A: Combination lock
B: Tumbler lock
C: Warded lock
D: Cipher lock
E: PAD
F: Mantrap
G: Cable lock
Question ID: CISSP-2018-RA-03-3-133
Question: Which of the following are not recommended for rooms where equipment will be damaged by water?
A: Heat activated sensor
B: Smoke activated sensor
C: Flame actuated sensor
D: Wet pipe extinguisher
Question ID: CISSP-2018-RA-03-3-134
Question: Which of the following uses a key pad that required the correct code?
A: Combination lock
B: Tumbler lock
C: Warded lock
D: Cipher lock
E: PAD
F: Mantrap
G: Cable lock
Question ID: CISSP-2018-RA-03-3-135
Question: Which of the following operates using a photoelectric device to detect variations in light?
A: Heat activated sensor
B: Smoke activated sensor
C: Flame actuated sensor
D: Wet pipe extinguisher
Question ID: CISSP-2018-RA-03-3-136
Question: Which of the following requires rotating the lock in a pattern, which if correct lines the tumblers up opening the lock?
A: Combination lock
B: Tumbler lock
C: Warded lock
D: Cipher lock
E: PAD
F: Mantrap
G: Cable lock
Question ID: CISSP-2018-RA-03-4-074
Question: Which Common Criteria Evaluation Assurance Level (EAL) provides extremely high levels of security?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-4-075
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels is used in environments that contain highly sensitive information and should be resistant to penetration attempts?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-4-076
Question: Which Common Criteria Evaluation Assurance Level (EAL) uses specialized security engineering to provide high levels of assurance?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-4-077
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels provides granular access control and establishes a level of accountability when subjects access objects?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-4-078
Question: Which Common Criteria Evaluation Assurance Level (EAL) describes a system that ignores security threats?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-4-079
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels is the lowest level to implement trusted facility management?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-4-080
Question: In which Common Criteria Evaluation Assurance Level (EAL) are good design practices used but security is not a high priority?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-4-081
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels is offered to systems that fail to meet the evaluation criteria?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-4-082
Question: In which Common Criteria Evaluation Assurance Level (EAL) is security implemented starting in early design?
A: EAL 1
B: EAL 2
C: EAL 3
D: EAL 4
E: EAL 5
F: EAL 6
G: EAL 7
Question ID: CISSP-2018-RA-03-4-083
Question: Which of the following Trusted Computer System Evaluation Criteria (TCSEC) rating levels is used to handle classified information?
A: A1
B: B1
C: B2
D: B3
E: C1
F: C2
G: D
H: A, C and D
Question ID: CISSP-2018-RA-03-4-084
Question: Which of the following addresses the entire primary memory space?
A: Cache
B: Indirect addressing
C: Absolute addressing
D: Associative memory
E: Implied addressing
Question ID: CISSP-2018-RA-03-4-085
Question: Which of the following is the communication channel between applications and the kernel?
A: Protection domain
B: Trusted path
C: Security kernel
D: Execution domain
Question ID: CISSP-2018-RA-03-4-086
Question: Which of the following is a memory space isolated from other running processes?
A: Protection domain
B: Trusted path
C: Security kernel
D: Execution domain
Question ID: CISSP-2018-RA-03-4-087
Question: Which of the following is an isolated area that is used by trusted processes?
A: Protection domain
B: Trusted path
C: Security kernel
D: Execution domain
Question ID: CISSP-2018-RA-03-4-088
Question: Which form of cloud computing has as its main security focus application access management?
A: PaaS
B: SaaS
C: IaaS
D: NaaS
Question ID: CISSP-2018-RA-03-4-089
Question: Which of the following is NOT a characteristic of public cloud computing?
A: Scalability
B: Virtualization
C: Reliability
D: Data control
Question ID: CISSP-2018-RA-03-4-090
Question: Which of the following is NOT a characteristic of private cloud computing?
A: No initial cost
B: Single sign-on
C: Customization
D: Data privacy
Question ID: CISSP-2018-RA-03-4-091
Question: Which form of cloud computing has as its main security focus VPNs?
A: PaaS
B: SaaS
C: IaaS
D: NaaS
Question ID: CISSP-2018-RA-03-4-092
Question: Which form of cloud computing has as its main security focus virtual machine management?
A: PaaS
B: SaaS
C: IaaS
D: NaaS
Question ID: CISSP-2018-RA-03-4-093
Question: Which of the following is a standard written in XML that provides open and publicly available security content?
A: XML
B: SAML
C: OWASP
D: OVAL
Question ID: CISSP-2018-RA-03-4-094
Question: During a recent security training seminar, the speaker discusses a specific type of attack in which an attacker uses the plaintext and ciphertext versions of a message to discover the key used. Which type of attack is being discussed?
A: Ciphertext-only attack
B: Known plaintext attack
C: Chosen plaintext attack
D: Chosen ciphertext
Question ID: CISSP-2018-RA-03-4-095
Question: A recent breach of security occurred on your organization’s network. A user received a plaintext message from an attacker. The user then forwarded the message as ciphertext to another user. The attacker was able to discover the key by comparing the two versions of the message. Which attack occurred?
A: Ciphertext-only attack
B: Known plaintext attack
C: Chosen plaintext attack
D: Chosen ciphertext
Question ID: CISSP-2018-RA-03-4-096
Question: An attacker was able to discover the encryption algorithm used by your organization by posing as a security analyst during a telephone call. Which type of attack is this considered?
A: Brute force attack
B: Birthday attack
C: Meet-in-the-middle attack
D: Social engineering
Question ID: CISSP-2018-RA-03-4-097
Question: You are hired as a security consultant by an organization that has recently undergone an extensive security attack. During the attack, the attackers used all possible keys until the key was discovered that successfully decrypted the ciphertext. Which type of attack occurred?
A: Brute force attack
B: Birthday attack
C: Meet-in-the-middle attack
D: Social engineering
Question ID: CISSP-2018-RA-03-4-098
Question: You are investigating a recent security breach that occurred on your company’s network. The attacker indicates that he discovered your organization’s encryption key by finding two messages that resulted in the same hash value. Which type of attack did this attacker perpetuate?
A: Brute force attack
B: Birthday attack
C: Meet-in-the-middle attack
D: Social engineering
Question ID: CISSP-2018-RA-03-4-099
Question: Recently an attacker carried out an attack against an organization’s block cipher. The attacker applied a brute force technique to both the plaintext and ciphertext. He encrypted plaintext and decrypt ciphertext using various keys to find a match of intermediate ciphertext. Which type of attack did the attacker attempt?
A: Chosen ciphertext
B: Birthday attack
C: Meet-in-the-middle attack
D: Social engineering
Question ID: CISSP-2018-RA-03-4-100
Question: What is another name for a side-channel attack?
A: Differential cryptanalysis
B: Linear cryptanalysis
C: Algebraic attacks
D: Frequency analysis
Question ID: CISSP-2018-RA-03-4-101
Question: Which of the following is a known plaintext attack?
A: Differential cryptanalysis
B: Linear cryptanalysis
C: Algebraic attacks
D: Frequency analysis
Question ID: CISSP-2018-RA-03-4-102
Question: Which attack tries to discover the key and algorithm used by exploiting the mathematical formula used?
A: Differential cryptanalysis
B: Linear cryptanalysis
C: Algebraic attacks
D: Frequency analysis
Question ID: CISSP-2018-RA-03-4-103
Question: Which type of attack usually involves the creation of a chart that lists all the letters of the alphabet alongside the number of times that letter occurs?
A: Differential cryptanalysis
B: Linear cryptanalysis
C: Algebraic attacks
D: Frequency analysis
Question ID: CISSP-2018-RA-03-4-104
Question: In a recent attack on your network, the attackers used the known structural weaknesses of encryptions systems to determine which encryption algorithm you used. Which type of attack did they carry out?
A: Dictionary attack
B: Replay attack
C: Analytical attack
D: Reverse engineering
Question ID: CISSP-2018-RA-03-4-105
Question: Which attack is a type of brute force attack?
A: Dictionary attack
B: Replay attack
C: Analytical attack
D: Reverse engineering
Question ID: CISSP-2018-RA-03-4-106
Question: Against which type of attack are timestamps and sequence numbers a good countermeasure?
A: Dictionary attack
B: Replay attack
C: Analytical attack
D: Reverse engineering
Question ID: CISSP-2018-RA-03-4-107
Question: A new encryption system has been developed by a leading company. An attacker purchases the new encryption system so that he can discover confidential information about it. Which type of attack is this?
A: Dictionary attack
B: Replay attack
C: Analytical attack
D: Reverse engineering
Question ID: CISSP-2018-RA-03-4-108
Question: You must implement an encryption algorithm on your network to protect confidential information. You want to implement the encryption system that provides the largest key size. Which encryption algorithm should you implement?
A: 3DES
B: AES
C: Blowfish
D: RC6
Question ID: CISSP-2018-RA-03-4-109
Question: You are hired by a new company as a security consultant. The company implements an encryption algorithm that protects confidential information. A technician tells you that he does not remember which algorithm it uses, but he knows that it performs 48 rounds of transformation. Which algorithm is being used?
A: 3DES
B: AES
C: Blowfish
D: RC6
Question ID: CISSP-2018-RA-03-4-110
Question: Which symmetric algorithm uses 256-bit block sizes?
A: 3DES
B: AES
C: Blowfish
D: RC6
Question ID: CISSP-2018-RA-03-4-111
Question: Your organization wants your advice on choosing an encryption algorithm for confidential data. Management indicates that it is trying to choose between using a block cipher and stream cipher. Which of the following statements is FALSE?
A: Block ciphers are harder to implement than stream ciphers.
B: Block ciphers have fewer security issues than stream ciphers.
C: Block ciphers employ both confusion and diffusion, while stream ciphers employ only confusion.
D: Stream-based ciphers are generally cheaper to implement than block ciphers
Question ID: CISSP-2018-RA-03-4-112
Question: You need to ensure that several files that are located on your organization’s file server are safe to use. As part of your security plan, you decide to use a hash function to record the files’ hash value. Before using these files, all users will be instructed to check the hash value first. Which algorithm should you use to provide this hash value?
A: Diffie-Hellman
B: MD5
C: ECC
D: RSA
Question ID: CISSP-2018-RA-03-4-113
Question: You need to determine the hash file of several files that you will be sending to a U.S. government agency. You need to use a hash function that is approved. Which algorithm should you use?
A: SHA-2
B: MD5
C: El Gamal
D: DSA
Question ID: CISSP-2018-RA-03-4-114
Question: Which hash function performs 120 rounds of computations?
A: SHA-2
B: SHA-3
C: MD5
D: HAVAL