CISSP-ISSAP Topic 2
QUESTION NO: 51
Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security associations (SA)?
A. IPSec
B. L2TP
C. LEAP
D. ISAKMP
Answer: D
QUESTION NO: 52
Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?
A. Asymmetric encryption
B. Symmetric encryption
C. S/MIME
D. PGP
Answer: B
QUESTION NO: 53
Computer networks and the Internet are the prime mode of Information transfer today. Which of the following is a technique used for modifying messages, providing Information and Cyber security, and reducing the risk of hacking attacks during communications and message passing over the Internet?
A. Risk analysis
B. Firewall security
C. Cryptography
D. OODA loop
Answer: C
QUESTION NO: 54
An organization wants to allow a certificate authority to gain access to the encrypted data and create digital signatures on behalf of the user. The data is encrypted using the public key from a user’s certificate. Which of the following processes fulfills the above requirements?
A. Key escrow
B. Key storage
C. Key revocation
D. Key recovery
Answer: A
QUESTION NO: 55
Which of the following are the primary components of a discretionary access control (DAC) model? Each correct answer represents a complete solution. Choose two.
A. User’s group
B. File and data ownership
C. Smart card
D. Access rights and permissions
Answer: B,D
QUESTION NO: 56
Which of the following encryption modes can make protocols without integrity protection even more susceptible to replay attacks, since each block gets decrypted in exactly the same way?
A. Cipher feedback mode
B. Cipher block chaining mode
C. Output feedback mode
D. Electronic codebook mode
Answer: D
QUESTION NO: 57
You work as a technician for Trade Well Inc. The company is in the business of share trading. To enhance security, the company wants users to provide a third key (apart from ID and password) to access the company’s Web site. Which of the following technologies will you implement to accomplish the task?
A. Smart cards
B. Key fobs
C. VPN
D. Biometrics
Answer: B
QUESTION NO: 58
Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the
TCP/IP model?
A. The transport layer
B. The presentation layer
C. The session layerD. The application layer
Answer: A
QUESTION NO: 59
You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?
A. Smart card access to all areas with computers.
B. Use laptop locks.
C. Video surveillance on all areas with computers.
D. Appoint a security guard.
Answer: B
QUESTION NO: 60
The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical security devices can now be used for verification and historical analysis of the ATM robbery?
A. Key card
B. Biometric devices
C. Intrusion detection systems
D. CCTV Cameras
Answer: D
QUESTION NO: 61
You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the following should you use?
A. AES
B. SHA
C. MD5
D. DES
Answer: C
QUESTION NO: 62
Which of the following are the countermeasures against a man-in-the-middle attack? Each correct answer represents a complete solution. Choose all that apply.
A. Using public key infrastructure authentication.
B. Using basic authentication.
C. Using Secret keys for authentication.
D. Using Off-channel verification.
Answer: A,C,D
QUESTION NO: 63
Which of the following is an electrical event that shows that there is enough power on the grid to prevent from a total power loss but there is not enough power to meet the current electrical demand?
A. Power Surge
B. Power Spike
C. Blackout
D. Brownout
Answer: D
QUESTION NO: 64
Which of the following protocols is designed to efficiently handle high-speed data over wide area networks (WANs)?
A. PPP
B. X.25
C. Frame relay
D. SLIP
Answer: C
QUESTION NO: 65
Which of the following statements best describes a certification authority?
A. A certification authority is a technique to authenticate digital documents by using computer cryptography.
B. A certification authority is a type of encryption that uses a public key and a private key pair for data encryption.
C. A certification authority is an entity that issues digital certificates for use by other parties.
D. A certification authority is a type of encryption that uses a single key to encrypt and decrypt data.
Answer: C
QUESTION NO: 66
In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?
A. Hot Site
B. Mobile Site
C. Warm Site
D. Cold Site
Answer: A
QUESTION NO: 67
Which of the following should the administrator ensure during the test of a disaster recovery plan?
A. Ensure that the plan works properly
B. Ensure that all the servers in the organization are shut down.
C. Ensure that each member of the disaster recovery team is aware of their responsibility.
D. Ensure that all client computers in the organization are shut down.
Answer: A,C
QUESTION NO: 68
The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles does the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that apply.
A. Disaster recovery planning
B. SOA value proposition
C. Software assets reuse
D. Architectural components abstraction
E. Business traceability
Answer: B,C,D,E
QUESTION NO: 69
You want to connect a twisted pair cable segment to a fiber-optic cable segment. Which of the following networking devices will you use to accomplish the task?
A. Hub
B. Switch
C. Repeater
D. Router
Answer: C
QUESTION NO: 70
In your office, you are building a new wireless network that contains Windows 2003 servers. To establish a network for secure communication, you have to implement IPSec security policy on the servers. What authentication methods can you use for this implementation? Each correct answer represents a complete solution. Choose all that apply.
A. Public-key cryptography
B. Kerberos
C. Preshared keys
D. Digital certificates
Answer: B,C,D
QUESTION NO: 71
Which of the following two components does Kerberos Key Distribution Center (KDC) consist of? Each correct answer represents a complete solution. Choose two.
A. Data service
B. Ticket-granting service
C. Account service
D. Authentication service
Answer: B,D
QUESTION NO: 72
Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme? Each correct answer represents a complete solution. Choose all that apply.
A. Kerberos requires continuous availability of a central server.
B. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject’s passwords.
C. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
D. Kerberos requires the clocks of the involved hosts to be synchronized.
Answer: A,B,D
QUESTION NO: 73
An organization is seeking to implement a hot site and wants to maintain a live database server at the backup site. Which of the following solutions will be the best for the organization?
A. Electronic vaulting
B. Remote journaling
C. Remote mirroring
D. Transaction logging
Answer: C
QUESTION NO: 74
A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn’t know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password. What type of attack has just occurred?
A. Social Engineering attack
B. Brute Force attack
C. War dialing attack
D. Replay attack
Answer: A
QUESTION NO: 75
You work as a Network Administrator of a TCP/IP network. You are having a DNS resolution problem. Which of the following utilities will you use to diagnose the problem?
A. TRACERT
B. PING
C. IPCONFIG
D. NSLOOKUP
Answer: D
QUESTION NO: 76
The IPSec protocol is configured in an organization’s network in order to maintain a complete infrastructure for secured network communications. IPSec uses four components for this. Which of the following components reduces the size of data transmitted over congested network connections and increases the speed of such networks without losing data?
A. AH
B. ESP
C. IPcomp
D. IKE
Answer: C
QUESTION NO: 77
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?
A. Service-oriented architecture
B. Sherwood Applied Business Security Architecture
C. Service-oriented modeling framework
D. Service-oriented modeling and architecture
Answer: B
QUESTION NO: 78
A network is configured on a Bus topology. Which of the following conditions could cause a network failure? Each correct answer represents a complete solution. Choose all that apply.
A. A break in a network cable
B. 75 ohm terminators at open ends
C. A powered off workstation
D. An open-ended cable without terminators
Answer: A,B,D
QUESTION NO: 79
Which of the following is an input device that is used for controlling machines such as cranes, trucks, underwater unmanned vehicles, wheelchairs, surveillance cameras, and zero turning radius lawn mowers?
A. PS/2
B. Joystick
C. Microphone
D. AGP
Answer: B
QUESTION NO: 80
Which of the following types of attacks is often performed by looking surreptitiously at the keyboard or monitor of an employee’s computer?
A. Buffer-overflow attack
B. Man-in-the-middle attack
C. Shoulder surfing attack
D. Denial-of-Service (DoS) attack
Answer: C
QUESTION NO: 81
A digital signature is a type of public key cryptography. Which of the following statements are true about digital signatures? Each correct answer represents a complete solution. Choose all that apply.
A. In order to digitally sign an electronic record, a person must use his/her public key.
B. In order to verify a digital signature, the signer’s private key must be used.
C. In order to digitally sign an electronic record, a person must use his/her private key.
D. In order to verify a digital signature, the signer’s public key must be used.
Answer: C,D
QUESTION NO: 82
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?
A. Mutual
B. Anonymous
C. Multi-factor
D. Biometrics
Answer: C
QUESTION NO: 83
You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?
A. Eradication
B. Identification
C. Recovery
D. Containment
Answer: A
QUESTION NO: 84
In which of the following access control models can a user not grant permissions to other users to see a copy of an object marked as secret that he has received, unless they have the appropriate permissions?
A. Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Access Control List (ACL)
Answer: C
QUESTION NO: 85
Which of the following protocols provides connectionless integrity and data origin authentication of IP packets?
A. ESP
B. AH
C. IKE
D. ISAKMP
Answer: B
QUESTION NO: 86
The network you administer allows owners of objects to manage the access to those objects via access control lists. This is an example of what type of access control?
A. RBAC
B. MAC
C. CIA
D. DAC
Answer: D
QUESTION NO: 87
Which of the following processes is used to identify relationships between mission critical applications, processes, and operations and all supporting elements?
A. Critical path analysis
B. Functional analysis
C. Risk analysis
D. Business impact analysis
Answer: A
QUESTION NO: 88
Which of the following devices is a least expensive power protection device for filtering the electrical stream to control power surges, noise, power sags, and power spikes?
A. Line Conditioner
B. Surge Suppressor
C. Uninterrupted Power Supply (UPS)
D. Expansion Bus
Answer: C
QUESTION NO: 89
You work as a Project Manager for Tech Perfect Inc. You are creating a document which emphasizes the formal study of what your organization is doing currently and where it will be in the future. Which of the following analysis will help you in accomplishing the task?
A. Cost-benefit analysis
B. Gap analysis
C. Requirement analysis
D. Vulnerability analysis
Answer: B
QUESTION NO: 90
SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol? Each correct answer represents a complete solution. Choose all that apply.
A. Blowfish
B. DES
C. IDEA
D. RC4
Answer: A,B,C
QUESTION NO: 91
Which of the following firewalls inspects the actual contents of packets?
A. Packet filtering firewall
B. Stateful inspection firewall
C. Application-level firewall
D. Circuit-level firewall
Answer: C
QUESTION NO: 92
Which of the following statements about incremental backup are true? Each correct answer represents a complete solution. Choose two.
A. It is the fastest method of backing up data.
B. It is the slowest method for taking a data backup.
C. It backs up the entire database, including the transaction log.
D. It backs up only the files changed since the most recent backup and clears the archive bit.
Answer: A,D
QUESTION NO: 93
You work as a Network Administrator for Blue Bell Inc. The company has a TCP-based network. The company has two offices in different cities. The company wants to connect the two offices by using a public network. You decide to configure a virtual private network (VPN) between the offices. Which of the following protocols is used by VPN for tunneling?
A. L2TP
B. HTTPS
C. SSL
D. IPSec
Answer: A
QUESTION NO: 94
John works as a Network Administrator for NetPerfect Inc. The company has a Windows-based network. John has been assigned a project to build a network for the sales department of the company. It is important for the LAN to continue working even if there is a break in the cabling.
Which of the following topologies should John use to accomplish the task?
A. Star
B. Mesh
C. Bus
D. Ring
Answer: B
Topic 2, Volume B
QUESTION NO: 95
Which of the following encryption algorithms are based on block ciphers?
A. RC4
B. Twofish
C. Rijndael
D. RC5
Answer: B,C,D
QUESTION NO: 96
Adam works as a Network Administrator. He discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. Which of the following types of authentication mechanism is used here?
A. Pre-shared key authentication
B. Open system authentication
C. Shared key authentication
D. Single key authentication
Answer: C
QUESTION NO: 97
The OSI model is the most common networking model used in the industry. Applications, network functions, and protocols are typically referenced using one or more of the seven OSI layers. Of the following, choose the two best statements that describe the OSI layer functions. Each correct answer represents a complete solution. Choose two.
Layers 1 and 2 deal with application functionality and data formatting. These layers reside at the top of the model.
B. Layers 4 through 7 define the functionality of IP Addressing, Physical Standards, and Data Link protocols.
C. Layers 5, 6, and 7 focus on the Network Application, which includes data formatting and session control.
D. Layers 1, 2, 3, and 4 deal with physical connectivity, encapsulation, IP Addressing, and Error
Recovery. These layers define the end-to-end functions of data delivery.
Answer: C,D
QUESTION NO: 98
Which of the following is the technology of indoor or automotive environmental comfort?
A. HIPS
B. HVAC
C. NIPS
D. CCTV
Answer: B
QUESTION NO: 99
Which of the following protocols provides certificate-based authentication for virtual private networks (VPNs)?
A. PPTP
B. SMTP
C. HTTPS
D. L2TP
Answer: D
QUESTION NO: 100
Which of the following types of ciphers are included in the historical ciphers? Each correct answer represents a complete solution. Choose two.
A. Block ciphers
B. Transposition ciphers
C. Stream ciphers
D. Substitution ciphers
Answer: B,D
