CISSP QUIZ QUESTIONS.

What is denying by default?

Any access that isnt specifically permitted is denied

What does AAA stand for?

Authentication Authorization Accounting

What Level of system knowledge do you possess when you conduct white box
testing?

Full System Knowledge

Describe asynchronous tokens?

Token generating a response to challenges given

What are two types of Smart Cards?

Contact & Contact List

Name a behavioral biometric?

Signature, gate

Which remote access server users port 49 and is a CISCO proprietary software
program?

TACAS +

LDAP and Active Directory use the Directory Access Protocol from what
computing standard?

X.500

Sesame extends Kerberos functionality while removing Kerbeross biggest
weakness. What is that weakness?

Storage of Symmetric keys



What is a type 1 Biometric error?

To Sensitive (To High)

What does the OSI data link layer do to the bits coming up from the physical
layer?

Frames Them

What gathers up information from dozens to hundreds of logs, correlates
events , applies rules and filters, and reports?

Security Event Manager

What functionality does a network tap have?

Provides promiscuous access to a network

What wireless transmission technology is employed by Bluetooth?

802.15.1 Frequency Hopping

What wireless transmission technology is employed by 802.11b?

DSSS

802.3 is the?

Ethernet

True or False the cross talk in multimode fiber cables occurs when the signal
saturation is exceeded?

False

What transmission method uses a short fixed-length label that acts as a
shorthand representation of an IP packets header and is more efficient than
ATM?

Multi Protocol label switching

What comprises an integrated services digital network (ISDN) primary rate
interface (PRI)?

23B and 1D channels

At what OSI layer does SSL conduct its handshake (encryption negotiations)?


Session Layer

What are PUSH and SOMAP?

Risk assessment methodologies
PUSH= Preperation / Universe Definition /Scoring /Hitting the Mark
SOMAP= Security Officers Management and Analysis Project

What is the fourth phase in certification /accreditation?

Continuous Monitoring Phase

How does outsourcing differ from off shoring?

3
rd
Party for services
Previously provided in house / Offshore to another country

What is the opposite of due care?

Gross Negligence / Due Diligence management of due care , a step beyond due care

True or False, Editing the registry and resetting system time are within the
scope of the operators functions?

False

On a Unix or Linux system, the bin, nobody and IP accounts are known as?

System Accounts

Describe clearing /overwriting?

0s and 1s written over the entire hard drive

True or False, Write performance in RAID 5 is slower than RAID 1 or RAID 0?

True

If data was backed up from the hard drive to a CDROM and then to a tape,
which was the tertiary stage?

Tape

What type of software does remote journaling?

Database Management System

True or False, Change management is critical for the software lifecycle?

True

Is problem management concerned with prevention or is it concerned with
reaction to an incident?

Prevention

Why is there a conflict between incident management and problem
management?

Incident is concerned with restoring service as quickly as possible
Problem management is concerned with determining and eliminating the cause

Where is the archive bit of a file located?

Master File Table

What must the BCP/DRP project initiation phase have to be successful?

Senior Management Support

When is continuous availability required?

Max tolerable downtime = 0

P* M = C is the formula for what?

Calculate Financial Risk

What are the three possible locations of the emergency operations center?

Primary Building/ Site Relatively close/ Site farther away

Which type of alternate site requires little to no recovery?

Dual Data Center

Which type of dedicated alternate data site is the most expensive?

Dual Data Center
Given the choices of Hot, Warm, Cold: Which solutions could have you
recovered in approximately 48 hours?

Hot Site

True or False, RTO + WRT = MTD?

True

At what point in time is your DRP complete?

Ongoing Process

Which team is responsible for going to the alternate site and getting it
operational?

Backup activation team

What kind of law does Sharia law fall under?

Religious Law - based on religion

To qualify for a patent, an invention must?

Be New
Be Useful
Not be obvious

What is a community trademark?

A Community Trade Mark (CTM) is any trademark which is pending registration
or has been registered in the European Union as a whole (rather than on a national
level within the EU).

What is typo squatting?

Typo squatting, also called URL hijacking, is a form of cybersquatting which relies
on mistakes such as typographical errors made by Internet users when inputting a
website address into a web browser.

What is the fair use and first sale doctrine?

enables reselling of trademarked products after the trademark holder put the
products on the market. The doctrine is also referred to as the "right of first sale,"
"first sale rule," or "exhaustion rule."

What is slack space?

refers to the storage area of a hard drive from the end of a stored file to the end of
the file cluster in the hard drive.

What does the Uniform Computer Information Transaction Act do?

specifies a set of guidelines, and each of the States should decide if to pass it or not,
separately

If evidence is competent it means that it was?

Obtained Legally / "competent" means "relevant" and/or "material".

True or False, Exculpatory evidence proves guilt?

False /Exculpatory evidence is evidence favorable to the defendant in a criminal
trial that ... It is the opposite of inculpatory evidence, which tends to prove guilt

What is the most important (ISC)2 Ethics Canon?

Protect society, the commonwealth, and the infrastructure

What is territorial reinforcement?

the use of physical attributes that express ownership such as fencing, pavement
treatments, signage, and landscaping

What is natural access control?

the capacity to limit who can gain entry to a facility, and how

What is natural surveillance?

Any architectural design that enhances the chance that a potential offender will be,
or might be, seen is a form of natural surveillance.

Describe glare protection?

Protection from difficulty seeing in the presence of bright light such as direct or
reflected sunlight or artificial light such as car headlamps at night

Where might you find a class IV vehicular gate?

access requiring security personnel (prison, airport)

Name two Halon substitutes?

FM-200
INERGEN
CEA-308
CEA-410
NAF-S-III
FE-13
ARGON
ARGONITE


What does PIDAS stand for?
Perimeter Intrusion detection and assessment system

What is the most common form of security lighting?

Continuous

What do we call the distance between the nearest and farthest objects in a
scene that appear acceptably sharp (focused) in an image?

Depth of Field

What are two primary evacuation roles?

Safety warden
Meeting point leader