Real CISSP Dumps - ISC Correct Answers updated on 2023 [Q100-Q116]

Use Real CISSP Dumps - ISC Correct Answers updated on 2023

ISC Certification CISSP Exam Practice Dumps

NEW QUESTION 100
Attack trees are MOST useful for which of the following?

• A. Evaluating Denial of Service (DoS) attacks
• B. Generating attack libraries
• C. Determining system security scopes
• D. Enumerating threats

Answer: D

NEW QUESTION 101
Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

• A. SSH
• B. FTP
• C. SSL
• D. S/MIME

Answer: C

Explanation:
The Secure Socket Layer (SSL) Protocol is primarily used to provide confidentiality
to the information sent across clients and servers.
For your exam you should know the information below:
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a
message transmitted over a public network such as the Internet.
SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL.
SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and
Transport Control Protocol (TCP) layers.
SSL is included as part of both the Microsoft and Netscape browsers and most Web server
products.
Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server
developers as well and became the de facto standard until evolving into Transport Layer Security.
The "sockets" part of the term refers to the sockets method of passing data back and forth
between a client and a server program in a network or between program layers in the same
computer. SSL uses the public-and-private key encryption system from RSA, which also includes
the use of a digital certificate. Later on SSL uses a Session Key along a Symmetric Cipher for the
bulk of the data.
TLS and SSL are an integral part of most Web browsers (clients) and Web servers. If a Web site is
on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as
requiring SSL access. Any Web server can be enabled by using Netscape's SSLRef program
library which can be downloaded for noncommercial use or licensed for commercial use.
TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a
client that handles SSL but not TLS.
The SSL handshake
A HTTP-based SSL connection is always initiated by the client using a URL starting with https://
instead of with http://. At the beginning of an SSL session, an SSL handshake is performed. This
handshake produces the cryptographic parameters of the session. A simplified overview of how
the SSL handshake is processed is shown in the diagram below.
SSL Handshake
Image Reference - http://publib.boulder.ibm.com/tividd/td/ITAME/SC32-1363-
00/en_US/HTML/handshak.gif
The client sends a client "hello" message that lists the cryptographic capabilities of the client
(sorted in client preference order), such as the version of SSL, the cipher suites supported by the
client, and the data compression methods supported by the client. The message also contains a
28-byte random number.
The server responds with a server "hello" message that contains the cryptographic method (cipher
suite) and the data compression method selected by the server, the session ID, and another
random number.
Note:
The client and the server must support at least one common cipher suite, or else the handshake
fails. The server generally chooses the strongest common cipher suite.
The server sends its digital certificate. (In this example, the server uses X.509 V3 digital
certificates with SSL.)
If the server uses SSL V3, and if the server application (for example, the Web server) requires a
digital certificate for client authentication, the server sends a "digital certificate request" message.
In the "digital certificate request" message, the server sends a list of the types of digital certificates
supported and the distinguished names of acceptable certificate authorities.
The server sends a server "hello done" message and waits for a client response. Upon receipt of
the server "hello done" message, the client (the Web browser) verifies the validity of the server's
digital certificate and checks that the server's "hello" parameters are acceptable.
If the server requested a client digital certificate, the client sends a digital certificate, or if no
suitable digital certificate is available, the client sends a "no digital certificate" alert. This alert is
only a warning, but the server application can fail the session if client authentication is mandatory.
The client sends a "client key exchange" message. This message contains the pre-master secret,
a 46-byte random number used in the generation of the symmetric encryption keys and the
message authentication code (MAC) keys, encrypted with the public key of the server.
If the client sent a digital certificate to the server, the client sends a "digital certificate verify"
message signed with the client's private key. By verifying the signature of this message, the server
can explicitly verify the ownership of the client digital certificate.
Note:
An additional process to verify the server digital certificate is not necessary. If the server does not
have the private key that belongs to the digital certificate, it cannot decrypt the pre-master secret
and create the correct keys for the symmetric encryption algorithm, and the handshake fails.
The client uses a series of cryptographic operations to convert the pre-master secret into a master
secret, from which all key material required for encryption and message authentication is derived.
Then the client sends a "change cipher spec" message to make the server switch to the newly
negotiated cipher suite. The next message sent by the client (the "finished" message) is the first
message encrypted with this cipher method and keys.
The server responds with a "change cipher spec" and a "finished" message of its own. The SSL handshake ends, and encrypted application data can be sent.
The following answers are incorrect: FTP - File Transfer Protocol (FTP) is a standard Internet protocol for transmitting files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers e-mail, FTP is an application protocol that uses the Internet's TCP/IP protocols. FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It's also commonly used to download programs and other files to your computer from other servers.
SSH - Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs, respectively.
S/MIME - S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the Rivest-Shamir-Adleman encryption system. S/MIME is included in the latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet Engineering Task Force (IETF).
Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 352 Official ISC2 guide to CISSP CBK 3rd Edition Page number 256 http://publib.boulder.ibm.com/tividd/td/ITAME/SC32-1363-00/en_US/HTML/ss7aumst18.htm
Topic 3, Information Security Governence and Risk Management

NEW QUESTION 102
While referring to Physical Security, what does Positive pressurization means?

• A. The pressure inside your sprinkler system is greater than zero.
• B. Causes the sprinkler system to go off.
• C. The air goes out of a room when a door is opened and outside air does not go into the room.
• D. A series of measures that increase pressure on employees in order to make them more productive.

Answer: C

Explanation:
Positive pressurization means that when an employee opens a door, the air goes out and outside air does not come in. From: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 3rd. Edition McGraw-Hill/Osborne, 2005, page 373.

NEW QUESTION 103
An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization?

• A. Statement on Auditing Standards (SAS) 70
• B. Service Organization Control (SOC) 2
• C. Service Organization Control (SOC) 1
• D. Statement on Auditing Standards (SAS) 70-1

Answer: B

NEW QUESTION 104
Which of the following is an advantage of a qualitative over quantitative risk analysis?

• A. It provides specific quantifiable measurements of the magnitude of the impacts
• B. It makes cost-benefit analysis of recommended controls easier
• C. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.

Answer: C

NEW QUESTION 105
Which is NOT a property of or issue with tape backup?

• A. The possibility that some data re-entry might need to be performed
  after a crash
• B. Slow data transfer during backups and restores
• C. One large disk created by using several disks
• D. Server disk space utilization expands

Answer: C

Explanation:
The correct answer is "One large disk created by using several disks". RAID level 0 striping is the process of creating a large disk out of several smaller disks.

NEW QUESTION 106
Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process?

• A. Gives more control into the revocation phase
• B. Lowers the amount of access requests after review
• C. Lowers the number of items to be reviewed
• D. Gives more fine-grained access analysis to accesses

Answer: C

NEW QUESTION 107
In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services?

Answer:

Explanation:

Explanation
LAN 4

NEW QUESTION 108
What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected.

• A. Network Based Intrusion Detection System (NIDS)
• B. Application Based Intrusion Detection Systems (AIDS)
• C. Host Based Intrusion Detection System (HIDS)
• D. Intrusion Prevention System (IPS)

Answer: D

Explanation:
Explanation/Reference:
Explanation:
An IPS detects intrusive activity and also prevents the traffic from gaining access to the target.
Incorrect Answers:
A, B, D: Intrusion Detection Systems detect intrusive activity and generates an alert. It does not take action when a possible intrusion is detected.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 255-266

NEW QUESTION 109
Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

• A. The cost of the control
• B. The nature of the risk
• C. The risk culture of the organization
• D. The impact of the control

Answer: D

Explanation:
Section: Mixed questions

NEW QUESTION 110
ARP and RARP map between which of the following?

• A. DNS addresses and IP addresses
• B. 32-bit hardware addresses and 48-bit IPv6 addresses
• C. 32-bit addresses in IPv4 and 48-bit hardware addresses
• D. 32-bit hardware addresses and 48-bit IPv4 addresses

Answer: C

Explanation:
An Ethernet address is a 48-bit address that is hard-wired into the NIC of the network node. ARP matches up the 32-bit IP address with this hardware address, which is technically referred to as the Media Access Control (MAC) address or the physical address. Pg. 87 Krutz: The CISSP Prep Guide.

NEW QUESTION 111
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?

• A. Telnet transactions.
• B. EDI transactions.
• C. Web transactions.
• D. Electronic Payment transactions.

Answer: C

Explanation:
SSL was developed Netscape Communications Corporation to improve security and
privacy of HTTP transactions.
SSL is one of the most common protocols used to protect Internet traffic.
It encrypts the messages using symmetric algorithms, such as IDEA, DES, 3DES, and Fortezza,
and also calculates the MAC for the message using MD5 or SHA-1. The MAC is appended to the
message and encrypted along with the message data.
The exchange of the symmetric keys is accomplished through various versions of Diffie-Hellmann
or RSA. TLS is the Internet standard based on SSLv3. TLSv1 is backward compatible with SSLv3.
It uses the same algorithms as SSLv3; however, it computes an HMAC instead of a MAC along
with other enhancements to improve security.
The following are incorrect answers:
"EDI transactions" is incorrect. Electronic Data Interchange (EDI) is not the best answer to this
question though SSL could play a part in some EDI transactions.
"Telnet transactions" is incorrect. Telnet is a character mode protocol and is more likely to be
secured by Secure Telnet or replaced by the Secure Shell (SSH) protocols.
"Eletronic payment transactions" is incorrect. Electronic payment is not the best answer to this
question though SSL could play a part in some electronic payment transactions.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 16615-16619). Auerbach Publications. Kindle Edition.
and
http://en.wikipedia.org/wiki/Transport_Layer_Security

NEW QUESTION 112
Which security action should be taken FIRST when computer personnel are terminated from their jobs?

• A. Reduce their physical access level to the facility
• B. Conduct an exit interview
• C. Remove their computer access
• D. Require them to turn in their badge

Answer: C

NEW QUESTION 113
Which of the following actions by the US government are NOT permitted
or required by the US Patriot Act, signed into law on October 26,
2001?

• A. Subpoena of electronic records
• B. Reporting of cash and wire transfers of $5,000 or more
• C. Search and seizure of information on live systems (including routers and servers), backups, and archives
• D. Monitoring of Internet communications

Answer: B

Explanation:
Wire and cash transfers of $10,000 or more in a single transaction
must be reported to government officials.
Actions in answers "Subpoena of electronic records", "Monitoring of Internet communications", and c are permitted under the Patriot Act.
In answers "Subpoena of electronic records" and "Monitoring of Internet communications", the government has new powers to subpoena electronic records and to monitor Internet traffic. In monitoring information, the government can require the assistance of ISPs and network operators. This monitoring can even extend into individual organizations. In the Patriot Act, Congress permits investigators to gather information about electronic mail without having to show probable cause that the person to be monitored had committed a crime or was intending to commit a crime. In
answer c, the items cited now fall under existing search and seizure
laws. A new twist is delayed notification of a search warrant. Under
the Patriot Act, if it suspected that notification of a search warrant
would cause a suspect to flee, a search can be conducted before notification of a search warrant is given.
In a related matter, the US and numerous other nations have
signed the Council of Europes Cybercrime Convention. In the
US, participation in the Convention has to be ratified by the Senate.
In essence, the Convention requires the signatory nations to spy on
their own residents, even if the action being monitored is illegal in
the country in which the monitoring is taking place.

NEW QUESTION 114
Guards are appropriate whenever the function required by the security program involves which of the following?

• A. The operation of access control devices
• B. The use of discriminating judgment
• C. The need to detect unauthorized access
• D. The use of physical force

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Guards are appropriate whenever immediate discriminating judgement is required by the security entity.
Guards are the oldest form of security surveillance. Guards still have a very important primary function in the physical security process, particularly in perimeter control. Because of a human's ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment, a guard can make determinations that hardware or automated security devices cannot make.
Incorrect Answers:
B: The use of physical force is not the most appropriate reason to use security guards. Therefore, this answer is incorrect.
C: The operation of access control devices typically does not require the use of security guards. Most access control devices are automatic electrical and mechanical devices that unlock and lock doors as required. Therefore, this answer is incorrect.
D: Security guards are not required to detect unauthorized access. There are many systems that can detect unauthorized access such as motion sensors etc. Therefore, this answer is incorrect.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 535

NEW QUESTION 115
What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects?

• A. Mandatory access control
• B. Discretionary access control
• C. Flow Model
• D. Non-discretionary access control

Answer: D

Explanation:
Explanation/Reference:
Explanation:
A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual's role in the organization (role-based) or the subject's responsibilities and duties (task-based). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual's role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Another type of non-discretionary access control is lattice-based access control. In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values.
To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object.
Incorrect Answers:
A: A flow model does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
B: Discretionary access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
C: Mandatory access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 48

NEW QUESTION 116
......

Get ready to pass the CISSP Exam right now using our ISC Certification Exam Package: https://pdfdumps.free4torrent.com/CISSP-valid-dumps-torrent.html