(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple
Читать онлайн книгу.
botnet it was part of before. Where should Charles look for the malware that is causing this behavior?The operating system partitionThe system BIOS or firmwareThe system memoryThe installation media
70 Lauren implements ASLR to help prevent system compromises. What technique has she used to protect her system?EncryptionMandatory access controlMemory address randomizationDiscretionary access control
71 Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?Substitution cipherAESTransposition cipher3DES
72 The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What implementation attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?Chosen ciphertextBrute forceMan-in-the-middleMeet-in-the-middle
73 Grace would like to implement application control technology in her organization. Users often need to install new applications for research and testing purposes, and she does not want to interfere with that process. At the same time, she would like to block the use of known malicious software. What type of application control would be appropriate in this situation?BlacklistingGraylistingWhitelistingBluelisting
74 Warren is designing a physical intrusion detection system for use in a sensitive media storage facility and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement?Heartbeat sensorEmanation securityMotion detectorFaraday cage
75 John and Gary are negotiating a business transaction, and John must demonstrate to Gary that he has access to a system. He engages in an electronic version of the “magic door” scenario shown here. What technique is John using?Split-knowledge proofZero-knowledge proofLogical proofMathematical proof
76 After scanning all of the systems on his wireless network, Mike notices that one system is identified as an iOS device running a massively out-of-date version of Apple's mobile operating system. When he investigates further, he discovers that the device is an original iPad and that it cannot be updated to a current secure version of the operating system. What would be the best option for handling this device?Retire or replace the device.Isolate the device on a dedicated wireless network.Install a firewall on the tablet.Reinstall the OS.
77 Tonya believes that an attacker was able to eavesdrop on legitimate HTTPS communications between her users and remote web servers by engaging in a DNS poisoning attack. After conducting DNS poisoning, what technique would an attacker likely use to conduct this eavesdropping?Man-in-the-middleBrute-forceTimingMeet-in-the-middle
78 Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?RSA3DESAESBlowfish
79 Laura is responsible for securing her company's web-based applications and wants to conduct an educational program for developers on common web application security vulnerabilities. Where can she turn for a concise listing of the most common web application issues?CVENSAOWASPCSA
80 The Bell-LaPadula and Biba models implement state machines in a fashion that uses what specific state machine model?Information flowNoninterferenceCascadingFeedback
81 During a third-party vulnerability scan and security test, Danielle's employer recently discovered that the embedded systems that were installed to manage her company's new buildings have a severe remote access vulnerability. The manufacturer has gone out of business, and there is no patch or update for the devices. What should Danielle recommend that her employer do about the hundreds of devices that are vulnerable?Identify a replacement device model and replace every device.Turn off all of the devices.Move the devices to a secure and isolated network segment.Reverse engineer the devices and build an in-house patch.
82 What type of motion detector senses changes in the electromagnetic fields in monitored areas?InfraredWave patternCapacitancePhotoelectric
83 Mike has been tasked with preventing an outbreak of malware like Mirai, a botnet that targeted IP-based cameras and routers. What type of systems should be protected in his organization?ServersSCADAMobile devicesInternet of Things (IoT) devices
84 Which one of the following statements is correct about the Biba model of access control?It addresses confidentiality and integrity.It addresses integrity and availability.It prevents covert channel attacks.It focuses on protecting objects from integrity threats.
85 In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client?Ephemeral session keyClient's public keyServer's public keyServer's private key
86 Beth would like to include technology in a secure area of her data center to protect against unwanted electromagnetic emanations. What technology would assist her with this goal?Heartbeat sensorFaraday cage PiggybackingWPA2
87 In a virtualized computing environment, what component is responsible for enforcing separation between guest machines?Guest operating systemHypervisorKernelProtection manager
88 Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. What type of cloud computing environment is this service?SaaSPaaSIaaSCaaS
89 A component failure in the primary HVAC system leads to a high temperature alarm in the data center that Kim manages. After resolving the issue, what should Kim consider to prevent future issues like this?A closed loop chillerRedundant cooling systemsSwamp coolersRelocating the data center to a colder climate
90 Tommy is planning to implement a power conditioning UPS for a rack of servers in his data center. Which one of the following conditions will the UPS be unable to protect against if it persists for an extended period of time?FaultBlackoutSagNoise
91 Which one of the following humidity values is within the acceptable range for a data center operation?0 percent10 percent25 percent40 percent
92 Kristen's organization suffered a ransomware infection and has lost access to critical business data. She is considering paying the ransom to regain access to her data. Which of the following statements about this payment are correct? (Select all that apply.)Payment of the ransom may be illegal.Payment of the ransom may result in further demands for payments.Payment of the ransom guarantees access to the decryption key.Payment of the ransom may cause a data breach.
93 Alex's employer creates most of their work output as PDF files. Alex is concerned about limiting the audience for the PDF files to those individuals who have paid for them. What technology can he use to most effectively control the access to and distribution of these files?EDMEncryptionDigital signaturesDRM
94 As part of his team's forensic investigation process, Matt signs out drives and other evidence from an evidence storage facility before working with them. What type of documentation is he creating?CriminalChain of custodyCivilCYA
95 Todd believes that a digital certificate used by his organization has been compromised and he wants to add it to the certificate revocation list (CRL). What element of the certificate goes on the CRL?Serial numberPublic keyDigital signaturePrivate key
96 Alison is examining a digital certificate presented to her by her bank's website. Which one of the following requirements is not necessary for her to trust the digital certificate?She knows that the server belongs to the bank.She trusts the certificate authority.She verifies that the certificate is not listed on a CRL.She verifies the digital signature on the certificate.
97 Which one of the following is an example of a covert timing channel when used to exfiltrate information from an organization?Sending an electronic mail messagePosting a file on a peer-to-peer file sharing service Typing with the rhythm of Morse codeWriting data to a shared memory space
98 Which one of the following would be a reasonable application for the use of self-signed digital certificates?Digital commerce websiteBanking applicationInternal scheduling