Exam (elaborations)
CISSP – PRACTICE QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
- Course
- Institution
CISSP – PRACTICE QUESTIONS AND ANSWERS WITH SOLUTIONS 2024
[Show more]
Content preview
CISSP – PRACTICE QUESTIONS ANDANSWERS WITH SOLUTIONS 2024
Data Remanence - ANSWER The remains of partial or even the entire data set of digital information
Disaster Recovery Planning (DRP) - ANSWER Deals with restoring normal business operations after the
disaster takes place...works to get the business back to normal
Maximum tolerable downtime - ANSWER The maximum period of time that a critical business function
can be inoperative before the company incurs significant and long-lasting damage.
802.5 - ANSWER IEEE standard defines the Token Ring media access method
Recovery Time Objective - ANSWER The balance against the cost of recover and the cost of disruption
Resource Requirements - ANSWER portion of the BIA that lists the resources that an organization needs in
order to continue operating each critical business function.
Checklist - ANSWER Test is one in which copies of the plan are handed out to each functional area to
ensure the plan deal with their needs
Information Owner - ANSWER The one person responsible for data, its classification and control setting
Job Rotation - ANSWER To move from location to location, keeping the same function
Differential power analysis - ANSWER A side-channel attack carry-out on smart cards that examining the
power emission release during processing
Mitigate - ANSWER Defined as real-time monitoring and analysis of network activity and data for potential
vulnerabilities and attacks in
progress.
,Electromagnetic analysis - ANSWER A side-channel attack on smart cards that examine the frequencies
emitted and timing
Analysis - ANSWER Systematic assessment of threats and vulnerabilities that provides a basis for effective
management of risk.
Change Control - ANSWER Maintaining full control over requests, implementation, traceability, and proper
documentation of changes.
Containment - ANSWER Mitigate damage by isolating compromised systems from the network.
30 to 90 Days - ANSWER Most organizations enforce policies to change password ranging from
Isochronous - ANSWER Process must within set time constrains, applications are video related where audio
and video must match perfectly
Detection - ANSWER Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting - ANSWER Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance - ANSWER Mitigation of system or component loss or interruption through use of backup
capability.
Incremental - ANSWER A backup method use when time and space are a high importance
Secure HTTP - ANSWER Protocol designed to same individual message securely
Criminal - ANSWER Conduct that violates government laws developed to protect society
,Class C - ANSWER Has 256 hosts
RAID 0 - ANSWER Creates one large disk by using several disks
Trade secrets - ANSWER Deemed proprietary to a company and often include information that provides a
competitive edge, the information is protected as long the owner takes protective actions
X.400 - ANSWER Active Directory standard
Prevention - ANSWER Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID) - ANSWER A group of hard drives working as one storage
unit for the purpose of speed and fault tolerance
Proprietary - ANSWER Define the way in which the organization operates.
Gateway - ANSWER Used to connect two networks using dissimilar protocols at different layers of the OSI
model
Classification - ANSWER The assignment of a level of sensitivity to data (or information) that results in the
specification of controls for each level of classification.
Data Integrity - ANSWER The property that data meet with a priority expectation of quality and that the
data can be relied upon.
Alarm Filtering - ANSWER The process of categorizing attack alerts produced from an IDS in order to
distinguish false positives from actual attacks
Coaxial Cable - ANSWER A cable consisting of a core, inner conductor that is surrounding by an insulator,
an outer cylindrical conductor
, Concentrator - ANSWER Layer 1 network device that is used to connect network segments together, but
provides no traffic control (a hub).
Digital Signature - ANSWER An asymmetric cryptography mechanism that provides authentication.
Eavesdropping - ANSWER A passive network attack involving monitoring of traffic.
E-Mail Spoofing - ANSWER Forgery of the sender's email address in an email header.
Emanations - ANSWER Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics - ANSWER Bundles of long strands of pure glass that efficiently transmit light pulses over long
distances. Interception without detection is difficult.
Fraggle - ANSWER A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast
addresses.
Hijacking - ANSWER Interception of a communication session by an attacker.
Hub - ANSWER Layer 1 network device that is used to connect network segments together, but provides
no traffic control (a concentrator).
Injection - ANSWER An attack technique that exploits systems that do not perform input validation by
embedding partial SQL queries inside input.
Interception - ANSWER Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless
communication, emanations)
IP Address Spoofing - ANSWER Forging of an IP address.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Performance. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
76658 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now