Authentic ISC CISSP Exam Dumps PDF - Mar-2026 Updated
CISSP Dumps Special Discount for limited time Try FOR FREE
ISC CISSP (Certified Information Systems Security Professional) Exam is a globally recognized certification for information security professionals. It is considered one of the most prestigious and sought-after certifications in the field of cybersecurity. CISSP exam covers a wide range of topics, including security and risk management, asset security, security engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
NEW QUESTION # 229
What is a limitation of TCP Wrappers?
- A. They are too expensive.
- B. It stops packets before they reach the application layer, thus confusing some proxy servers.
- C. It cannot control access to running UDP services.
- D. The hosts.* access control system requires a complicated directory tree.
Answer: C
Explanation:
TCP Wrappers can control when a UDP server starts but has little control afterwards because UDP packets can be sent randomly.
The following answers are incorrect:
It stops packets before they reach the application layer, thus confusing some proxy servers. Is incorrect because the TCP Wrapper acts as an ACL restricting packets so would not confuse a proxy server because the packets would not arrive and would not be a limitation.
The hosts.* access control system requires a complicated directory tree. Is incorrect because a simple directory tree is involved.
They are too expensive. Is incorrect because TCP Wrapper is considered open source with a BSD licensing scheme.
NEW QUESTION # 230
On Linux, LOMAC is implemented as:
- A. Virtual addresses
- B. Kernel built in functions
- C. Registers
- D. Loadable kernel module
Answer: D
Explanation:
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
"Security Kernel - The hardware, firmware, and software elements of a trusted computing base (TCB) that implements the reference monitor concept. It must mediate all accesses between subjects and objects, be protected from modification, and be verifiable as correct." - Shon Harris All-in-one CISSP Certification Guide pg 355
NEW QUESTION # 231
Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?
- A. Employee system timeouts from implementing wrong limits
- B. Application connection successes resulting in data leakage
- C. Administrative costs for restoring systems after connection failure
- D. Help desk costs required to support password reset requests
Answer: D
NEW QUESTION # 232
During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
- A. Encrypt communications between the servers
- B. Filter outgoing traffic at the perimeter firewall
- C. Implement server-side filtering
- D. Encrypt the web server traffic
Answer: C
NEW QUESTION # 233
Which of the following is a network intrusion detection technique?
- A. Network spoofing
- B. Port scanning
- C. Statistical anomaly
- D. Perimeter intrusion
Answer: B
NEW QUESTION # 234
Covered entities (certain health care providers, health plans, and health care clearinghouses) are not required to comply with the HIPAA Privacy Rule until the compliance date. Covered entities may, of course, decide to:
- A. compulsorily protect patient health information before this date
- B. after taking permission, voluntarily protect patient health information before this date
- C. unvoluntarily protect patient health information before this date
- D. voluntarily protect patient health information before this date
Answer: D
NEW QUESTION # 235
Which of the following is MOST appropriate for protecting confidentiality of data stored on a hard drive?
- A. Message Digest 5 (MD5)
- B. Secure Hash Algorithm 2 (SHA-2)
- C. Triple Data Encryption Standard (3DES)
- D. Advanced Encryption Standard (AES)
Answer: D
NEW QUESTION # 236
Which of the following is NOT a disadvantage of Single Sign On (SSO)?
- A. SSO could be single point of failure and total compromise of an organization asset
- B. SSO improves an administrator's ability to manage user's account and authorization to all associated system
- C. Support for all major operating system environment is difficult
- D. The cost associated with SSO development can be significant
Answer: B
Explanation:
Single sign-on (SSO)is a Session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
SSO Advantages include
-Multiple passwords are no longer required
-
It improves an administrator's ability to manage user's accounts and authorization to all associated systems
-
It reduces administrative overhead in resetting forgotten password over multiple platforms and applications
-
It reduces time taken by users to logon into multiple application and platform
SSO Disadvantages include
-Support for all major operating system is difficult
-
The cost associated with SSO development can be significant when considering the nature and extent of interface development and maintenance that may be necessary
-
The centralize nature of SSO presents the possibility of a single point of failure and total compromise of an organization's information asset.
The following reference(s) were/was used to create this question: CISA review manual 2014 Page number 332
NEW QUESTION # 237
Which of the following statements pertaining to disaster recovery is incorrect?
- A. The disaster recovery plan should include how the company will return from the alternate site to the primary site
- B. When returning to the primary site, the most critical applications should be brought back first
- C. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site.
- D. A salvage team's task is to ensure that the primary site returns to normal processing conditions
Answer: B
NEW QUESTION # 238
What is the main problem of the renewal of a root CA certificate?
- A. It requires the authentic distribution of the new root CA certificate to all PKI participants
- B. It requires key recovery of all end user keys
- C. It requires issuance of the new root CA certificate
- D. It requires the collection of the old root CA certificates from all the users
Answer: A
Explanation:
The main task here is the authentic distribution of the new root CA certificate as new trust anchor to all the PKI participants (e.g. the users).
In some of the rollover-scenarios there is no automatic way, often explicit assignment of trust from each user is needed, which could be very costly.
Other methods make use of the old root CA certificate for automatic trust establishment
(see PKIX-reference), but these solutions works only well for scenarios with currently valid root CA certificates (and not for emergency cases e.g. compromise of the current root CA certificate).
The rollover of the root CA certificate is a specific and delicate problem and therefore are often ignored during PKI deployment.
Reference: Camphausen, I.; Petersen, H.; Stark, C.: Konzepte zum Root CA
Zertifikatswechsel, conference Enterprise Security 2002, March 26-27, 2002, Paderborn;
RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
NEW QUESTION # 239
Which tape format type is mostly used for home/small office backups?
- A. Digital Linear Tapes (DLT)
- B. Quarter Inch Cartridge drives (QIC)
- C. Digital Audio Tape (DAT)
- D. 8mm tape
Answer: B
Explanation:
QIC technology utilizates belt-driven dual-hub cartridges containing integral tape motion and guidance mechanisms, providing a rich spectrum of compatible solutions across a wide range of PC system platforms. QIC reliability is unsurpassed by any other removable storage technology. Reliability can be measured both in mean-time-between failure (MTBF) and, more practically, as a function of drive duty cycles. QIC has a worldwide installed base in excess of 15 million drives -- more than twice that of any alternate removable storage technology
-- a level of acceptance that would have been unachievable without rock-solid reliability. QIC is the most common tape solution for SOHO.
NEW QUESTION # 240
Mark's manager has tasked him with researching an intrusion detection system for a new dispatching center. Mark identifies the top five products and compares their ratings. Which of the following is the evaluation criteria most in use today for these types of purposes?
- A. ITSEC
- B. Red Book
- C. Common Criteria
- D. Orange Book
Answer: C
Explanation:
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 4.
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use.
Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure.
The following answers are incorrect:
All of the other choices were incorrect and not common scheme being used today. CC originated out of three standards:
ITSEC - The European standard, developed in the early 1990s by France, Germany, the Netherlands and the UK. It too was a unification of earlier work, such as the two UK approaches (the CESG UK Evaluation Scheme aimed at the defence/intelligence market and the DTI Green Book aimed at commercial use), and was adopted by some other countries, e.g. Australia.
CTCPEC - The Canadian standard followed from the US DoD standard, but avoided several problems and was used jointly by evaluators from both the U.S. and Canada. The CTCPEC standard was first published in May 1993.
TCSEC - The United States Department of Defense DoD 5200.28 Std, called the Orange Book and parts of the Rainbow Series. The Orange Book originated from Computer Security work including the Ware Report, done by the National Security Agency and the National Bureau of Standards (the NBS eventually became NIST) in the late 1970s and early 1980s. The central thesis of the Orange Book follows from the work done by Dave Bell and Len LaPadula for a set of protection mechanisms.
CC was produced by unifying these pre-existing standards, predominantly so that companies selling computer products for the government market (mainly for Defence or Intelligence use) would only need to have them evaluated against one set of standards. The CC was developed by the governments of Canada, France, Germany, the Netherlands, the UK, and the U.S.
The following reference(s) were/was used to create this question: http://en.wikipedia.org/wiki/Common_Criteria
NEW QUESTION # 241
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its
20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?
- A. Security Assertion Markup language (SAML)
- B. Cross-certification
- C. Trusted third-party certification
- D. Lightweight Directory Access Protocol (LDAP)
Answer: A
Explanation:
Explanation/Reference:
Reference: https://www.netiq.com/documentation/access-manager-43/applications-configuration-guide/ data/b1ka6lkd.html
NEW QUESTION # 242
The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:
- A. The reference monitor.
- B. Mandatory Access Control.
- C. The Security Kernel.
- D. Discretionary Access Control.
Answer: A
Explanation:
The reference monitor concept is an abstract machine that ensures that all subjects have the necessary access rights before accessing objects. Therefore, the kernel will mediates all accesses to objects by subjects and will do so by validating through the reference monitor concept.
The kernel does not decide whether or not the access will be granted, it will be the
Reference Monitor which is a subset of the kernel that will say YES or NO.
All access requests will be intercepted by the Kernel, validated through the reference monitor, and then access will either be denied or granted according to the request and the subject privileges within the system.
1. The reference monitor must be small enough to be full tested and valided
2. The Kernel must MEDIATE all access request from subjects to objects
3. The processes implementing the reference monitor must be protected
4. The reference monitor must be tamperproof
The following answers are incorrect:
The security kernel is the mechanism that actually enforces the rules of the reference monitor concept.
The other answers are distractors.
Shon Harris, All In One, 5th Edition, Security Architecture and Design, Page 330 also see
http://en.wikipedia.org/wiki/Reference_monitor
NEW QUESTION # 243
Which access control model provides upper and lower bounds of access capabilities for a subject?
- A. Lattice-based access control
- B. Content-dependent access control
- C. Biba access control
- D. Role-based access control
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Lattice-based access control is a mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. Every pair of elements has a highest lower bound and a lowest upper bound of access rights.
Incorrect Answers:
A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned.
C: Biba is a security model, rather than an access control model. It centers on preventing information from flowing from a low integrity level to a high integrity level
D: Content-dependent access control is when the access decisions depend upon the value of an attribute of the object itself.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 224, 377, G-9
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.41.5365
NEW QUESTION # 244
The protocol of the Wireless Application Protocol (WAP), which performs
functions similar to SSL in the TCP/IP protocol, is called the:
- A. Wireless Application Environment (WAE).
- B. Wireless Session Protocol (WSP).
- C. Wireless Transaction Protocol (WTP).
- D. Wireless Transport Layer Security Protocol (WTLS).
Answer: D
Explanation:
The correct answer is "Wireless Transport Layer Security Protocol (WTLS)". SSL performs
security functions in TCP/IP.
The other answers refer to protocols in the WAP protocol stack also, but
their primary functions are not security.
NEW QUESTION # 245
A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?
- A. System processor
- B. System analyst
- C. System security officer
- D. System custodian
Answer: D
NEW QUESTION # 246
DRAG DROP
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
Answer:
Explanation:
NEW QUESTION # 247
This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?
- A. Opinion evidence
- B. Corroborative evidence
- C. Secondary evidence
- D. Circumstantial evidence
Answer: B
Explanation:
This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. Corrobative evidence takes many forms.
In a rape case for example, this could consist of torn clothing, soiled bed sheets, 911 emergency calls tapes, and prompt complaint witnesses.
There are many types of evidence that exist. Below you have explanations of some of the most common types: Physical Evidence
Physical evidence is any evidence introduced in a trial in the form of a physical object, intended to prove a fact in issue based on its demonstrable physical characteristics. Physical evidence can conceivably include all or part of any object.
In a murder trial for example (or a civil trial for assault), the physical evidence might include DNA left by the attacker on the victim's body, the body itself, the weapon used, pieces of carpet spattered with blood, or casts of footprints or tire prints found at the scene of the crime. Real Evidence Real evidence is a type of physical evidence and consists of objects that were involved in a case or actually played a part in the incident or transaction in question.
Examples include the written contract, the defective part or defective product, the murder weapon, the gloves used by an alleged murderer. Trace evidence, such as fingerprints and firearm residue, is a species of real evidence. Real evidence is usually reported upon by an expert witness with appropriate qualifications to give an opinion. This normally means a forensic scientist or one qualified in forensic engineering.
Admission of real evidence requires authentication, a showing of relevance, and a showing that the object is in "the same or substantially the same condition" now as it was on the relevant date. An object of real evidence is authenticated through the senses of witnesses or by circumstantial evidence called chain of custody.
Documentary Documentary evidence is any evidence introduced at a trial in the form of documents. Although this term is most widely understood to mean writings on paper (such as an invoice, a contract or a will), the term actually include any media by which information can be preserved. Photographs, tape recordings, films, and printed emails are all forms of documentary evidence.
Documentary versus physical evidence A piece of evidence is not documentary evidence if it is presented for some purpose other than the examination of the contents of the document. For example, if a blood-spattered letter is introduced solely to show that the defendant stabbed the author of the letter from behind as it was being written, then the evidence is physical evidence, not documentary evidence. However, a film of the murder taking place would be documentary evidence (just as a written description of the event from an eyewitness). If the content of that same letter is then introduced to show the motive for the murder, then the evidence would be both physical and documentary.
Documentary Evidence Authentication Documentary evidence is subject to specific forms of authentication, usually through the testimony of an eyewitness to the execution of the document, or to the testimony of a witness able to identify the handwriting of the purported author. Documentary evidence is also subject to the best evidence rule, which requires that the original document be produced unless there is a good
reason not to do so.
The role of the expert witness
Where physical evidence is of a complexity that makes it difficult for the average person to
understand its significance, an expert witness may be called to explain to the jury the proper
interpretation of the evidence at hand.
Digital Evidence or Electronic Evidence
Digital evidence or electronic evidence is any probative information stored or transmitted in digital
form that a party to a court case may use at trial.
The use of digital evidence has increased in the past few decades as courts have allowed the use
of e-mails, digital photographs, ATM transaction logs, word processing documents, instant
message histories, files saved from accounting programs, spreadsheets, internet browser
histories, databases, the contents of computer memory, computer backups, computer printouts,
Global Positioning System tracks, logs from a hotel's electronic door locks, and digital video or
audio files.
While many courts in the United States have applied the Federal Rules of Evidence to digital
evidence in the same way as more traditional documents, courts have noted very important
differences. As compared to the more traditional evidence, courts have noted that digital evidence
tends to be more voluminous, more difficult to destroy, easily modified, easily duplicated,
potentially more expressive, and more readily available. As such, some courts have sometimes
treated digital evidence differently for purposes of authentication, hearsay, the best evidence rule,
and privilege. In December 2006, strict new rules were enacted within the Federal Rules of Civil
Procedure requiring the preservation and disclosure of electronically stored evidence.
Demonstrative Evidence
Demonstrative evidence is evidence in the form of a representation of an object. This is, as
opposed to, real evidence, testimony, or other forms of evidence used at trial.
Examples of demonstrative evidence include photos, x-rays, videotapes, movies, sound
recordings, diagrams, forensic animation, maps, drawings, graphs, animation, simulations, and
models. It is useful for assisting a finder of fact (fact-finder) in establishing context among the facts
presented in a case. To be admissible, a demonstrative exhibit must "fairly and accurately"
represent the real object at the relevant time.
Chain of custody
Chain of custody refers to the chronological documentation, and/or paper trail, showing the
seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic.
Because evidence can be used in court to convict persons of crimes, it must be handled in a
scrupulously careful manner to avoid later allegations of tampering or misconduct which can
compromise the case of the prosecution toward acquittal or to overturning a guilty verdict upon
appeal.
The idea behind recoding the chain of custody is to establish that the alleged evidence is fact
related to the alleged crime - rather than, for example, having been planted fraudulently to make
someone appear guilty.
Establishing the chain of custody is especially important when the evidence consists of fungible
goods. In practice, this most often applies to illegal drugs which have been seized by law
enforcement personnel. In such cases, the defendant at times disclaims any knowledge of
possession of the controlled substance in question.
Accordingly, the chain of custody documentation and testimony is presented by the prosecution to
establish that the substance in evidence was in fact in the possession of the defendant.
An identifiable person must always have the physical custody of a piece of evidence. In practice,
this means that a police officer or detective will take charge of a piece of evidence, document its
collection, and hand it over to an evidence clerk for storage in a secure place. These transactions,
and every succeeding transaction between the collection of the evidence and its appearance in
court, should be completely documented chronologically in order to withstand legal challenges to
the authenticity of the evidence. Documentation should include the conditions under which the
evidence is gathered, the identity of all evidence handlers, duration of evidence custody, security
conditions while handling or storing the evidence, and the manner in which evidence is transferred
to subsequent custodians each time such a transfer occurs (along with the signatures of persons
involved at each step).
Example
An example of "Chain of Custody" would be the recovery of a bloody knife at a murder scene:
Officer Andrew collects the knife and places it into a container, then gives it to forensics technician
Bill. Forensics technician Bill takes the knife to the lab and collects fingerprints and other evidence
from the knife. Bill then gives the knife and all evidence gathered from the knife to evidence clerk
Charlene. Charlene then stores the evidence until it is needed, documenting everyone who has
accessed the original evidence (the knife, and original copies of the lifted fingerprints).
The Chain of Custody requires that from the moment the evidence is collected, every transfer of
evidence from person to person be documented and that it be provable that nobody else could
have accessed that evidence. It is best to keep the number of transfers as low as possible.
In the courtroom, if the defendant questions the Chain of Custody of the evidence it can be proven
that the knife in the evidence room is the same knife found at the crime scene. However, if there are discrepancies and it cannot be proven who had the knife at a particular point in time, then the Chain of Custody is broken and the defendant can ask to have the resulting evidence declared inadmissible.
"Chain of custody" is also used in most chemical sampling situations to maintain the integrity of the sample by providing documentation of the control, transfer, and analysis of samples. Chain of custody is especially important in environmental work where sampling can identify the existence of contamination and can be used to identify the responsible party.
REFERENCES: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 23173-23185). Auerbach Publications. Kindle Edition. http://en.wikipedia.org/wiki/Documentary_evidence http://en.wikipedia.org/wiki/Physical_evidence http://en.wikipedia.org/wiki/Digital_evidence http://en.wikipedia.org/wiki/Demonstrative_evidence http://en.wikipedia.org/wiki/Real_evidence http://en.wikipedia.org/wiki/Chain_of_custody
NEW QUESTION # 248
Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?
- A. Memory review
- B. Code review
- C. Message division
- D. Buffer division
Answer: B
Explanation:
Section: Security and Risk Management
NEW QUESTION # 249
When microcomputers were first developed, the instruction fetch time
was much longer than the instruction execution time because of the
relatively slow speed of memory accesses. This situation led to the
design of the:
- A. Very-Long-Instruction-Word (VLIW) processor
- B. Complex Instruction Set Computer (CISC)
- C. Superscalar processor
- D. Reduced Instruction Set Computer (RISC)
Answer: B
Explanation:
The logic was that since it took a long time to fetch an instruction
from memory relative to the time required to execute that
instruction in the CPU, then the number of instructions required to
implement a program should be reduced. This reasoning naturally
resulted in densely coded instructions with more decode and
execution cycles in the processor. This situation was ameliorated by
pipelining the instructions wherein the decode and execution cycles
of one instruction would be overlapped in time with the fetch cycle
of the next instruction.
* Answer "Reduced Instruction Set Computer (RISC)", RISC, evolved when packaging and memory technology advanced to the point where there was not much difference in memory access times and processor execution times. Thus, the objective of the RISC architecture was to reduce the
number of cycles required to execute an instruction. Accordingly,
this increased the number of instructions in the average program by
approximately 30%, but it reduced the number of cycles per
instruction on the average by a factor of four. Essentially, the RISC
architecture uses simpler instructions but makes use of other
features such as optimizing compilers to reduce the number of
instructions required and large numbers of general purpose registers
in the processor and data caches.
* The superscalar processor, answer "Superscalar processor",
allows concurrent execution of instructions in the same pipelined
stage. A scalar processor is defined as a processor that executes one
instruction at a time. The term superscalar denotes multiple,
concurrent operations performed on scalar values as opposed to
vectors or arrays that are used as objects of computation in array
processors.
* For answer "Very-Long-Instruction-Word (VLIW) processor" multiple, concurrent operations are performed in a single instruction. Because multiple operations are performed in one instruction rather than using multiple instructions, the number of
instructions is reduced relative to those in a scalar processor.
However, for this approach to be feasible, the operations in each
VLIW instruction must be independent of each other.
NEW QUESTION # 250
In a relational database, security is provided to the access of data through:
- A. Views.
- B. Candidate keys.
- C. Attributes.
- D. Joins.
Answer: A
Explanation:
The correct answer is Views. Candidate keys, are the set of
unique keys from which the primary key is selected. Answer joins
indicates operations that can be performed on the database, and the
attributes denote the columns in the relational table.
NEW QUESTION # 251
Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)?
- A. There must not be personal data record-keeping systems whose very existence is secret.
- B. Access to and use of the Internet is a privilege and should be treated as such by all users of the systems.
- C. Users should execute responsibilities in a manner consistent with the highest standards of their profession.
- D. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent.
Answer: B
Explanation:
Explanation/Reference:
Explanation:
RFC 1087 is called "Ethics and the Internet." This RFC outlines the concepts pertaining to what the IAB considers unethical and unacceptable behavior.
Incorrect Answers:
B: RFC 1087 is not related to profession conduct. It concerns Ethics and the Internet.
C: RFC 1087 does not address personal data record keeping.
D: RFC 1087 does not concern consent of use of private data. It is related to Ethics and the Internet.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1064
NEW QUESTION # 252
What does the simple integrity axiom mean in the Biba model?
- A. No read up
- B. No write up
- C. No read down
- D. No write down
Answer: C
Explanation:
The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity (no read down).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 205).
NEW QUESTION # 253
......
Obtaining the CISSP certification is a significant achievement that can enhance an individual’s career prospects and increase their earning potential. It demonstrates to employers and clients that the individual has the knowledge and skills required to design, develop, and manage a comprehensive information security program. Certified Information Systems Security Professional (CISSP) certification is also a requirement for many high-level information security roles, such as Chief Information Security Officer (CISO) and Security Consultant. Overall, the CISSP certification is a valuable asset for anyone pursuing a career in information security.
CISSP Dumps for success in Actual Exam: https://pdfdumps.free4torrent.com/CISSP-valid-dumps-torrent.html