CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update.
11 views 0 purchase
Course
CISSP
Institution
CISSP
CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest update.
What is the most effective defense against cross-site scripting attacks?
a) Limiting account privileges
b)User Authentication
c) Input validation
d)encryption
c) Input validation prevents cross-site s...
cissp exam practicestudy questions with accurate answers
graded a latest update what is the most effective defense against cross site scripting attacks a limiting account privileges buser
Written for
CISSP
All documents for this subject (307)
Seller
Follow
QuickPass
Reviews received
Content preview
CISSP - Exam Practice/Study Questions with accurate answers, graded A+. Latest
update.
What is the most effective defense against cross-site scripting attacks?
a) Limiting account privileges
b)User Authentication
c) Input validation
d)encryption
c) Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This
prevents the attacker from including the HTML ˂SCRIPT˃ tag in the input.
What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared
with others?
a) production
b) processing
c) revice
d) presentation
a) Production places the information in a format that may be shared with others.
What form of security planning is designed to focus on timeframes of approximately one year and may
include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even
acquisition plans?
a)strategic
b) operational
c) tactical
d)administrative
c.) tactical planning is designed to focus on timeframes of approximately one year and may include
scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition
plans.
Which is not a part of an electronic access control lock?
A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner
d -An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door
closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed
sensor to reenable the electromagnet.
,Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
a.Communications circuits
B. Workstations
C. Servers
D. Current data
d- current data
Which one of the following Data Encryption Standard (DES) operating modes can be used for large
messages with the assurance that an error early in the encryption/decryption process won't spoil results
throughout the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)
d -Output feedback (OFB) mode prevents early errors from interfering with future
encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout
the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large
amounts of data.
Which one of the following items is not a critical piece of information in the chain of evidence?
A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected
c -The chain of evidence does not require that the evidence collector know or document the relationship
of the evidence to the crime.
Which firewall type looks exclusively at the message header to determine whether to transmit or drop
data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering
a -A static packet-filtering firewall filters traffic by examining data from a message header.
What type of information is used to form the basis of an expert system's decision-making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind
c -Expert systems use a knowledge base consisting of a series of "if/then" statements to form decisions
based on the previous experience of human experts.
,What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES
encryption?
A. Birthday attack
B. Chosen ciphertext attack
C. Meet-in-the-middle attack
D. Man-in-the-middle attack
c -The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation
power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as
a standard for government communication.
Which of the following is most directly associated with providing or supporting perfect forward secrecy?
A. PBKDF2
B. ECDHE
C. HMAC
D. OCSP
B- Elliptic Curve Diffie-Hellman Ephemeral, or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE),
implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an
example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a
hashing function. OCSP is used to check for certificate revocation.
What is the best way to understand the meaning of the term 100-year flood plain?
A. A flood that occurs once every 100 years
B. A flood larger than any recorded in the past 100 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 100 (1%) of occurring in any single calendar year
D-Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of
the probability of their occurrence. An area rated as a 100-year flood plain has a 1 in 100 chance of
occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any
given calendar year, and so forth. Options A and B misrepresent the meaning of the 100-year interval
mentioned, while option C fails to address its probabilistic intent.
What is the formula used to compute the ALE?
A. ALE = AV EF ARO
B. ALE = ARO * EF
C. ALE = AV * ARO
D. ALE = EF * ARO
a -The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the
exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the
formula ALE = SLE * ARO. The other formulas displayed here do not accurately reflect this calculation.
Matthew and Richard want to communicate with each other using a public key cryptosystem. What is
the total number of keys they must have to successfully communicate?
A. 1
B. 2
, C. 3
D. 4
To use public key cryptography, Matthew and Richard must each have their own pair of public and
private cryptographic keys.
atunnel mode VPN is used to connect which types of systems?
A. Hosts and servers
B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers
c-Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is
used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.
___________________ is any hardware, software, or administrative policy or procedure that defines
and enforces access and restriction rights on an organizational level.
A. Logical control
B. Technical control
C. Access control
D. Administrative control
c- access control
Which of the following cryptographic attacks can be used when you have access to an encrypted
message but no other information?
A. Known plain-text attack
B. Frequency analysis attack
C. Chosen cipher-text attack
D. Meet-in-the-middle attack
b-Frequency analysis may be used on encrypted messages. The other techniques listed require
additional information, such as the plaintext or the ability to choose the ciphertext.
Which of the following approaches uses mathematical algorithms to analyze data, developing models
that may be used to predict future activity?
A. Expert systems
B. Data mining
C. Data warehousing
D. Information discovery
b- Data mining uses mathematical approaches to analyze data, searching for patterns that predict future
activity.
Vulnerabilities and risks are evaluated based on their threats against which of the following?
A. One or more of the CIA Triad principles
B. Data usefulness
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller QuickPass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.