CISSP+2014年最新全真回忆题(2011-2013年)

CISSP 2011－2013 Brain Dumps(本真題回憶建議答案僅供參考)PART I2014.01.03 Updated Single sign-on systems have a main strength and a main weakness. Choose the best answer exposing this strength and weakness.A. Users do not need to remember multiple passwords, but access to many systems can be obtained by cracking only one password, making it less secure.B. They allow the user to make use of very simple passwords; it puts undue burden on IT to administer the system.C. They force the user to make use of stronger passwords; it makes it easier for users but encourages little attention to security policies.D. They remove the burden of remembering multiple passwords from users; users need to type the same password when confronted with authentication requests for different resources.建議答案：AYour office is implementing an access control policy based on decentralized administration, which is controlled directly by the owners and creators of files. What is the major advantage and disadvantage of such an approach?A. It puts access control into the hands of those most accountable for the information, but requires security labels for enforcement.B. It puts access control into the hands of those most accountable for the information, but leads to inconsistencies in procedures and criteria.C. It puts access control into the hands of IT administrators, but leads to procedures and criteria that are too rigid and inflexible.D. It puts access control into the hands of IT administrators, but forces them to overly rely upon the file owners to implement the access controls IT puts in place.建議答案：BMost operating systems and applications allow for administrators to configure the data that will be captured in audit logs for security purposes. Which of the following is the least important item to be captured in audit logs?A. System performance output dataB. Last user who accessed the deviceC. Number of unsuccessful access attemptsD. Number of successful access attempts建議答案：AWhat is the difference between a session and a permanent cookie?A. Permanent cookies are stored in memory and session cookies are stored on theB. Session cookies are stored in memory and permanent cookies are stored on the hard driveC. Sensitive information should be held in permanent cookies, not sessionD. Session cookies are not erased when a computer is shut down建議答案：BMonica is the IT director of a large printing press. She has been made aware of several attempts of brute force password attacks within the past weeks. Which of the following reactions would suit Monica best?A. Reduce the clipping levelB. Find a more effective encryption mechanismC. Increase employee awareness through warning banners and trainingD. Implement spyware protection that is integrated into the current antivirus product建議答案：AWhy are biometric systems considered more accurate than many of the other types of authentication technologies in use today?A. They are less accurateB. They are harder to circumvent than other mechanismsC. Biometric systems achieve high CER valuesD. They have less Type I errors than Type II errors建議答案：BWhich of the following is UNTRUE of a database directory based on the X.500 standard?A. The directory has a tree structure to organize the entries using a parent-child configuration.B. Each entry has a unique name made up of attributes of a specific object.C. The attributes used in the directory are dictated by the defined schema.D. The unique identifiers are called fully qualified names.建議答案：DYou are comparing host based IDS with network based ID. Which of the following will you consider as an obvious disadvantage of host based IDS?A. It cannot analyze encrypted information.B. It is costly to remove.C. It is affected by switched networks.D. It is costly to manage.建議答案：DWhich of the following best describes the difference between content and context access control?A. Content access control is based on the sensitivity of the data and context access control is based on the prior operations.B. Content access control is based on the prior operations and context access control is based on the sensitivity of the data.C. Context pertains to the use of database views and content access control pertains to tracking the requestor 抯previous access requests.D. Context pertains to the use of the DAC model and content pertains to the use of the MAC model.建議答案：AWhy would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology?A. IEEE 802.5 protocol for Ethernet cannot support encryption.B. Ethernet is a broadcast technology.C. Hub and spoke connections are highly multiplexed.D. TCP/IP is an insecure protocol.建議答案：BHow does RADIUS allow companies to centrally control remote user access?A. Once a user is authenticated a profile is generated based on his security token, which outlines what he is authorized to do within the network.B. Once a user is authenticated a pre-configured profile is assigned to him, which outlines what he is authorized to do within the network.C. Once the RADIUS client authenticates the user, the RADIUS server assigns him a pre-configured profile.D. Once the RADIUS client authenticates the user, the client assigns the user a pre-configured profile.建議答案：BTo support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the following can be implemented to mitigate the risks on a corporate network?A. Implement strong centrally generated passwords to control use of the vulnerable applications.B. Implement a virtual private network (VPN) with controls on workstations joining the VPN.C. Ensure that only authorized trained users have access to workstations through physical access control.D. Ensure audit logging is enabled on all hosts and applications with associated frequent log reviews.建議答案：BIn the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network?A. The first bit of the ip address would be set to zeroB. The first bit of the ip address would be set to one and the second bit set to zeroC. The first two bits of the ip address would be set to one, and the third bit set to zeroD. The first three bits of the ip address would be set to one建議答案：CTACACS+ uses the TCP transport protocol. RADIUS only encrypts the user's password as it is being transmitted from the RADIUS client to the RADIUS server. Other information, as in the username, accounting, and authorized services, are passed in cleartext. TACACS+ encrypts all of this information between the client and the server and uses the UDP protocol. QUESTION 7 What are the purposes of Attribute Value Pairs and how do they different from RADIUS and Diameter?A. AVPs are the constructs that outline how two entities will communicate. Diameter has many more AVPs, which allow for the protocol to have more capabilities than RADIUS.B. AVPs are the protocol parameters used between communicating entities. Diameter has less AVPs, which allow for the protocol to have more capabilities than RADIUS.C. AVPs are the security mechanisms that provide confidentiality and integrity for data being passed back and forth between entities. Diameter has many more AVPs, which allow for the protocol to have more security capabilities than RADIUS.D. AVPs are part of the TCP protocol. Diameter uses AVPs, because it uses TCP and RADIUS uses UDP.建議答案：AIn what way can violation clipping levels assist in violation tracking and analysis?A. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurredB. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevantC. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged statusD. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations建議答案：AAs head of sales, Jim is the information owner for the sales department. Which of the following is not Jim's responsibility as information owner?A. Assigning information classificationsB. Dictating how data should be protectedC. Verifying the availability of dataD. Determining how long to retain data建議答案：CWhich of the following correctly describe Role based access control?A. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups.B. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure.C. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system.D. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL.建議答案：BWhat is a Land attack and what type of IDS can identify it based on its pattern and not behavior?A. Header has the same source and destination address and can be identified by a statisticalanomaly-based IDS.B. Header has no source and destination addresses and can be identified by a signature-based IDS.C. Header has the same source and destination address and can be identified by a traffic-based IDS.D. Header has the same source and destination address and can be identified by asignature-based IDS.建議答案：DWithin the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify bothA. The identity of a remote communicating entity and the authenticity of the source of the data that are received.B. The authenticity of a remote communicating entity and the path through which communications Are received.C. The location of a remote communicating entity and the path through which communications Are received.D. The identity of a remote communicating entity and the level of security of the path through Which data are received.建議答案：AGeorge is responsible for setting and tuning the thresholds for his company 抯behavior-based IDS. Which of the following outlines the possibilities of not doing this activity properly?A. If the threshold is set too low, non-intrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives).B. If the threshold is set too low, non-intrusive activities are considered attacks (false negatives). If the threshold is set too high, then malicious activities are not identified (false positives).C. If the threshold is set too high, non-intrusive activities are considered attacks (false positives). If the threshold is set too low, then malicious activities are not identified (false negatives).D. If the threshold is set too high, non-intrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives).建議答案：AOrganizations that implement two-factor authentication often do not adequately plan. One result of this is:a. Some users will lose their tokens, smart cards, or USB keysb. Some users will store their tokens, smart cards, or USB keys with their computers, thereby defeating one of the advantages of two-factor authenticationc. Users will have trouble understanding how to use two-factor authenticationd. The cost of implementation and support can easily exceed the cost of the product itself建議答案：DSteven's staff has asked for funding to implement technology that provides Mobile IP. Which of the following would be a reason for employing this type of technology? A. Employees can move from one network to another B. Peer-to-peer networks would not be allowed C. Security staff could carry out sniffing D. Users would not be allowed to move their wireless devices and still stay connected to the network建議答案：AOne reason an organization would consider a distributed application is:A. Some components are easier to operateB. Distributed applications have a simpler architecture than other types of applicationsC. Some application components are owned and operated by other organizationsD. Distributed applications are easier to secure建議答案：CAn organization is located in an area that experiences frequent power blackouts. What will the effect of an electric generator be in this circumstance?A. The organization will have a continuous supply of electric power.B. The organization will have to establish fuel supply contracts with at least two fuel suppliers.C. Electric utility blackouts will result in short electric power outages for the organization.D. An electric generator will be of no help in this situation.建議答案：CA resource server contains an access control system. When a user requests access to an object, the system examines the permission settings for the object and the permission settings for the user, and then makes a decision whether the user may access the object. The access control model that most closely resembles this is:A. Mandatory access control (MAC)B. Discretionary access control (DAC)C. Non-interferenceD. Role based access control (RBAC)建議答案：AA security manager is setting up resource permissions in an application. The security manager has discovered that he can establish objects that contain access permissions, and then assign individual users to those objects. The access control model that most closely resembles this is:a. Access matrixb. Mandatory access control (MAC)c. Discretionary access control (DAC)d. Role based access control (RBAC)建議答案：DA security officer has declared that a new information system must be certified before it can be used. This means:a. The system must be evaluated according to established evaluation criteriab. A formal management decision is required before the system can be usedc. Penetration tests must be performed against the systemd. A code review must be performed against the system建議答案：AA computer running the Windows operating system has nearly exhausted available physical memory for active processes. In order to avoid exhausting all available memory, what should the operating system begin doing?a. Swappingb. Pagingc. Killing old processesd. Running the garbage collector建議答案：BA network engineer who is examining telecommunications circuits has found one that is labeled as a DS-1. What is the maximum throughput that may be expected from this circuit?a. Approximately 7,000k chars/secb. Approximately 56k bits/secc. Approximately 170k chars/secd. Approximately 1,544M bits/sec建議答案：CA security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are:a. Application firewallsb. Source code controlc. Outside code reviewsd. Peer code reviews建議答案：CAn organization’s data classification policy includes handling procedures for data at each level of sensitivity. The IT department backs up all data onto magnetic tape, resulting in tapes that contain data at all levels of sensitivity. How should these backup tapes be handled?a. According to procedures for the lowest sensitivity levelb. According to procedures for the highest sensitivity levelc. According to procedures in between the lowest and highest sensitivity levelsd. Data handling procedures do not apply to backup media, only original media建議答案：BThe purpose of the Diffie-Hellman key exchange protocol is:a. To decrypt a symmetric encryption keyb. To encrypt a symmetric encryption keyc. To permit two parties who have never communicated to establish public encryption keysd. To permit two parties who have never communicated to establish a secret encryption key建議答案：DVoice recognition as a biometric authentication method is difficult to measure because:a. Many factors, including current health and respiration rate, make sampling difficultb. Computers are not yet fast enough to adequately sample a voice printc. Voice recognition does not handle accents welld. Impatience changes voice patterns, which leads to increased False Reject Rates建議答案：AThere are four ways of dealing with risk. In the graphic that follows, which method is missing and what is the purpose of this method?A. Risk transference. Share the risk with other entities.B. Risk reduction. Reduce the risk to an acceptable level.C. Risk rejection. Accept the current risk.D. Risk assignment. Assign risk to a specific owner.建議答案：AWhich of the following is NOT a good password deployment guideline?A. Passwords must not be the same as user id or login id.B. Passwords must be changed at least once every 60 days, depending on your environment.C. Password aging must be enforced on all systems.D. Password must be easy to memorize.建議答案：DWith Java, what can be embedded in a web browser, allowing programs to be executed as they are downloaded from the World Wide Web?A. JVMB. BytecodeC. InterpreterD. Just-in-time compiler建議答案：BWhich is NOT true about Covert Channel Analysis?A. It is an operational assurance requirement that is specified in the Orange Book.B. It is required for B2 class systems in order to protect against covert storage channels.C. It is required for B2 class systems to protect against covert timing channels.D. It is required for B3 class systems to protect against both covert storage and covert timing channels.建議答案：CThe SEI Software Capability Maturity Model is based on the premise that:A. Good software development is a function of the number of expert programmers in the organization.B. The maturity of an organizationês software processes cannot be measured.C. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes.D. Software development is an art that cannot be measured by conventional means.建議答案：CIn the legal field, there is a term that is used to describe a computer system so that everyone can agree on a common definition. The term describes a computer for the purposes of computer security as çany assembly of electronic equipment, hardware, software and firmware configured to collect, create, communicate, disseminate, process, store and control data or information.éThis definition includes peripheral items such as keyboards, printers, and additional memory. The term that corresponds to this definition is:A. A central processing unit (CPU)B. A microprocessorC. An arithmetic logic unit (ALU)D. An automated information system (AIS)建議答案：DWhat is the purpose of polyinstantiation?A. To restrict lower-level subjects from accessing low-level informationB. To make a copy of an object and modify the attributes of the second copyC. To create different objects that will react in different ways to the same inputD. To create different objects that will take on inheritance attributes from their class建議答案：BIn addition to ensuring that changes to the computer system take place in an identifiable and controlled environment, configuration management provides assurance that future changes:A. The application software cannot bypass system security features.B. Do not adversely affect implementation of the security policy.C. To do the operating system are always subjected to independent validation and verification.D. In technical documentation maintain an accurate description of the Trusted Computer Base. 建議答案：BWhich general TCSEC security class category describes that mandatory access policies be enforced in the TCB?A. AB. BC. CD. D建議答案：BAnother type of artificial intelligence technology involves genetic algorithms. Genetic algorithms are part of the general class known as:A. Neural networksB. Suboptimal computingC. Evolutionary computingD. Biological computing建議答案：CWhich of the following items BEST describes the standards addressed by Title II, Administrative Simplification, of the Health Insurance Portability and Accountability Act (U.S.Kennedy-Kassebaum Health Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)?A. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and PrivacyB. Transaction Standards, to include Code Sets; Security and Electronic Signatures and PrivacyC. Unique Health Identifiers; Security and Electronic Signatures and PrivacyD. Security and Electronic Signatures and Privacy建議答案：AWhich media control below is the BEST choice to prevent data remanence on magnetic tapes or floppy disks?A. Overwriting the media with new application dataB. Degaussing the mediaC. Applying a concentration of hydriodic acid (55% to 58% solution) to the gamma ferric oxide disk surfaceD. Making sure the disk is re-circulated as quickly as possible to prevent object reuse建議答案：BIn which way does a Secure Socket Layer (SSL) server prevent a "man-in-the-middle" attack?A. It uses signed certificates to authenticate the server's public key.B. A 128 bit value is used during the handshake protocol that is unique to the connection.C. It uses only 40 bits of secret key within a 128 bit key length.D. Every message sent by the SSL includes a sequence number within the message contents. 建議答案：AYou are running a packet sniffer on a network and see a packet with a long string of long string of "90 90 90 90...." in the middle of it traveling to an x86-based machine. This could be indicative of what?A. Over-subscription of the traffic on a backboneB. A source quench packetC. a FIN scanD. A buffer overflow建議答案：CWhich of the following statements pertaining to air conditioning for an information processing facility is correct?A. The AC units must be controllable from outside the areaB. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the roomC. The AC units must be n the same power source as the equipment in the room to allow for easier shutdownD. The AC units must be dedicated to the information processing facilities建議答案：DWhich of the following correctly describe "good" security practice?A. Accounts should be monitored regularly.B. You should have a procedure in place to verify password strength.C. You should ensure that there are no accounts without passwords.D. All of the choices.建議答案：DIn Unix, which file is required for you to set up an environment such that every used on the other host is a trusted user that can log into this host without authentication?A. /etc/shadowB ./etc/host.equivC. /etc/passwdD. None of the choices.建議答案：BWhich of the following would best describe the difference between white-box testing andblack-box testing?A. White-box testing is performed by an independent programmer teamB. Black-box testing uses the bottom-up approachC. White-box testing examines the program internal logical structureD. Black-box testing involves the business units建議答案：CWhich question is NOT true concerning Application Control?A. It limits end users use of applications in such a way that only particular screens are visibleB. Only specific records can be requested choiceC. Particular uses of application can be recorded for audit purposesD. Is non-transparent to the endpoint applications so changes are needed to the applications involved建議答案：DWhich one of the following control steps is usually NOT performed in data warehousing applications?A. Monitor summary tables for regular use.B. Control meta data from being used interactively.C. Monitor the data purging plan.D. Reconcile data moved between the operations environment and data warehouse.建議答案：ANormalizing data within a database includes all of the following except which?A. Eliminating repeating groups by putting them into separate tablesB. Eliminating redundant dataC. Eliminating attributes in a table that are not dependent on the primary key of that tableD. Eliminating duplicate key fields by putting them into separate tables建議答案：DWhich of the following statements pertaining to RADIUS is incorrect?A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancyC. Most RADIUS servers have built-in database connectivity for billing and reporting purposesD. Most RADIUS servers can work with DIAMETER servers.建議答案：DA database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take?A. Implement column-based access controlsB. Export the table to a data warehouse, including only the fields that the users are permitted to seeC. Clone the table, including only the fields that the users are permitted to seeD. Create a view that contains only the fields that the users are permitted to see建議答案：DAn organization that is building a disaster recovery capability needs to reengineer its application servers to meet new recovery requirements of 40-hour RPO and 24-hour RTO. Which of the following approaches will best meet this objective?A. Active/Passive server cluster with replicationB. Tape backup and restore to a hot siteC. Tape backup and restore to a cold siteD. Server cluster with shared storage建議答案：AWhich of the following statements pertaining to RADIUS is incorrect?A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancyC. Most RADIUS servers have built-in database connectivity for billing and reporting purposesD. Most RADIUS servers can work with DIAMETER servers.建議答案：DWhy is it important to understand the cost of downtime of critical business processes?A. Management will be able to make decisions about the cost of mitigating controls and contingency plansB. Management will be able to determine which processes are the most criticalC. Management will be able to establish a training budgetD. Management will be able to compare recovery costs with those in similar organizations建議答案：AWhat is the PRIMARY reason that reciprocal agreements between independent organizations for backup processing capability are seldom used?A. Lack of successful recoveries using reciprocal agreements.B. Legal liability of the host site in the event that the recovery fails.C. Dissimilar equipment used by disaster recovery organization members.D. Difficulty in enforcing the reciprocal agreement.建議答案：D。