CISSPPDFで合格させるスゴ問題集でCISSP最新のリアル試験問題 [Q22-Q38]

Share

CISSPPDFで合格させるスゴ問題集でCISSP最新のリアル試験問題

有効なCISSPテスト解答CISSP試験PDF問題を試そう

質問 22
Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

  • A. Passwords are passed in cleartext
  • B. Authorizations are not included in the server response
  • C. The authentication session can be replayed
  • D. Unsalted hashes are passed over the network

正解: A

 

質問 23
Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

  • A. Layer 2
  • B. Layer 6
  • C. Layer 4
  • D. Layer 5

正解: C

 

質問 24
The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do?

  • A. Gram temporary access to the former application owner's account
  • B. Restrict access to the system until a replacement application owner rs hired.
  • C. Assign a temporary application owner to the system.
  • D. Prevent changes to the confidential data until a replacement application owner is hired.

正解: C

 

質問 25
This type of password recovery is considered more difficult and must work through all possible combinations of numbers and characters.

  • A. Dictionary
  • B. Brute force
  • C. Passive
  • D. Hybrid
  • E. Active

正解: B

解説:
Brute force cracking is considered more difficult and must work through all possible combinations of numbers and characters.

 

質問 26
The top speed of ISDN BRI is 256 KBS.(True/False)

  • A. True
  • B. False

正解: B

解説:
The top speed of ISDN BRI is 128 KBS. Its two primary channels are each capable
of carrying 64 KBS so the combined top speed is 128 KBS.

 

質問 27
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?

  • A. Illiminated at nine feet high with at least three foot-candles
  • B. Illiminated at eight feet high with at least two foot-candles
  • C. Illuminated at nine feet high with at least two foot-candles
  • D. Illiminated at eight feet high with at least three foot-candles

正解: B

解説:
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high with at least two
foot-candles.
It can also be referred to as illuminating to a height of eight feet, with a BRIGHTNESS of two foot-
candles.
One footcandle 10.764 lux. The footcandle (or lumen per square foot) is a non-SI unit of
illuminance. Like the BTU, it is obsolete but it is still in fairly common use in the United States,
particularly in construction-related engineering and in building codes. Because lux and footcandles
are different units of the same quantity, it is perfectly valid to convert footcandles to lux and vice
versa.
The name "footcandle" conveys "the illuminance cast on a surface by a one-candela source one
foot away." As natural as this sounds, this style of name is now frowned upon, because the
dimensional formula for the unit is not foot
candela, but lumens per square foot.
Some sources do however note that the "lux" can be thought of as a "metre-candle" (i.e. the
illuminance cast on a surface by a one-candela source one meter away). A source that is farther
away casts less illumination than one that is close, so one lux is less illuminance than one
footcandle. Since illuminance follows the inverse-square law, and since one foot = 0.3048 m, one
lux = 0.30482 footcandle 1/10.764 footcandle.
TIPS FROM CLEMENT:
Illuminance (light level) - The amount of light, measured in foot-candles (US unit), that falls n a
surface, either horizontal or vertical.
Parking lots lighting needs to be an average of 2 foot candles; uniformity of not more than 3:1, no
area less than 1 fc.
All illuminance measurements are to be made on the horizontal plane with a certified light meter
calibrated to NIST standards using traceable light sources.
The CISSP Exam Cram 2 from Michael Gregg says:
Lighting is a commonly used form of perimeter protection.
Some studies have found that up to 80% of criminal acts at businesses and shopping centers
happen in adjacent parking lots. Therefore, it's easy to see why lighting can be such an important
concern.
Outside lighting discourages prowlers and thieves.
The National Institute of Standards and Technologies (NIST) states that, for effective perimeter
control, buildings should be illuminated 8 feet high, with 2-foot candle power.
Reference used for this question:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page
325. and Shon's AIO v5 pg 459 and http://en.wikipedia.org/wiki/Foot-candle

 

質問 28
Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?

  • A. Initiation
  • B. Operation/Maintenance
  • C. Development/acquisition
  • D. Implementation

正解: B

解説:
The operation phase of an IT system is concerned with user authentication.
Authentication is the process where a system establishes the validity of a transmission, message,
or a means of verifying the eligibility of an individual, process, or machine to carry out a desired
action, thereby ensuring that security is not compromised by an untrusted source.
It is essential that adequate authentication be achieved in order to implement security policies and
achieve security goals. Additionally, level of trust is always an issue when dealing with cross-
domain interactions. The solution is to establish an authentication policy and apply it to cross-
domain interactions as required.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST
Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 15).

 

質問 29
Which security model uses an access control triple and also require separation of duty?

  • A. Bell-LaPadula
  • B. DAC
  • C. Clark-Wilson
  • D. Lattice

正解: C

解説:
The following answers are incorrect:
DAC
Bell-LaPadula
Lattice
The following reference(s) were/was used to create this question:
Separation of duty is necessarily determined by conditions external to the computer system.
The Clark-Wilson scheme includes as a requirement maintenance of separation of duty as
expressed in the access control triples.
Enforcement is on a per-user basis, using the user ID from the access control triple.

 

質問 30
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

  • A. Data Link Layer.
  • B. Inspection Layer.
  • C. Application Layer.
  • D. Network or Transport Layer.

正解: D

解説:
Explanation/Reference:
Explanation:
A stateful firewall filters traffic based on OSI Layer 3 (Network layer) and Layer 4 (Transport layer).
Incorrect Answers:
B: A stateful firewall does not operate at the Application layer. It work at the Network or Transport Layer.
C: There is no inspection layer in the OSI model.
D: A stateful firewall does not operate at the Data link layer. It work at the Network or Transport Layer.
References:
Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham,
2012, p. 63

 

質問 31
Which of the following is NOT a Software CMM maturity level?

  • A. Behavioral
  • B. Managed
  • C. Initial
  • D. Repeatable

正解: A

解説:
The word behavioral is a distracter. The five software process maturity levels are:
Initial the software process is ad hoc and most processes are
undefined.
Repeatable fundamental project management processes are in
place.
Defined the software process for both management and
engineering functions is documented, standardized, and
integrated into the organization.
Managed the software process and product quality are
measured, understood, and controlled.
Optimizing continuous process improvement is being
performed.

 

質問 32
Which one of the following properties of a transaction processing system ensures that once a transaction completes successfully (commits), the update service even if there is a system failure?

  • A. Consistency
  • B. Isolation
  • C. Atomicity
  • D. Durability

正解: D

 

質問 33
Which backup method does not reset the archive bit on files that are backed up?

  • A. Additive backup method
  • B. Full backup method
  • C. Incremental backup method
  • D. Differential backup method

正解: D

解説:
The differential backup method only copies files that have changed since the last full backup was performed. It is additive in the fact that it does not reset the archive bit so all changed or added files are backed up in every differential backup until the next full backup. The "additive backup method" is not a common backup method.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 69).

 

質問 34
Which of the following best describes the Secure Electronic Transaction (SET) protocol?

  • A. Originated by VISA and MasterCard as an Internet credit card protocol using SSL.
  • B. Originated by VISA and MasterCard as an Internet credit card protocol.
  • C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.
  • D. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.

正解: D

解説:
This protocol was created by VISA and MasterCard as a common effort to make the buying process over the Internet secure through the distribution line of those companies. It is located in layer 7 of the OSI model.
SET uses a system of locks and keys along with certified account IDs for both consumers and merchants. Then, through a unique process of "encrypting" or scrambling the information exchanged between the shopper and the online store,
SET ensures a payment process that is convenient, private and most of all secure.
Specifically, SET:
*
Establishes industry standards to keep your order and payment information confidential.
*
Increases integrity for all transmitted data through encryption.
*
Provides authentication that a cardholder is a legitimate user of a branded payment card account.
*
Provides authentication that a merchant can accept branded payment card transactions through its relationship with an acquiring financial institution.
*
Allows the use of the best security practices and system design techniques to protect all legitimate parties in an electronic commerce transaction.
The SET process relies strongly on the use of certificates and digital signatures for the process of authentication and integrity of the information.

 

質問 35
Which statement below is accurate about the difference between issuespecific and system-specific policies?

  • A. System-specific policy is much more technically focused.
  • B. Issue-specific policy commonly addresses only one system.
  • C. System-specific policy is similar to program policy.
  • D. Issue-specific policy is much more technically focused.

正解: A

解説:
Often, managerial computer system security policies are categorized
into three basic types:
Program policy used to create an organization's computer security
program
Issue-specific policies used to address specific issues of concern
to the organization
System-specific policies technical directives taken by management
to protect a particular system
Program policy and issue-specific policy both address policy from
a broad level, usually encompassing the entire organization. However,
they do not provide sufficient information or direction, for
example, to be used in establishing an access control list or in training users on what actions are permitted. System-specific policy fills this need. System-specific policy is much more focused, since it addresses
only one system.
Table A.1 helps illustrate the difference between these three types
of policies. Source: National Institute of Standards and Technology, An
Introduction to Computer Security: The NIST Handbook Special Publica-
tion 800-12.

image002

 

質問 36
Who first described the DoD multilevel military security policy in abstract, formal terms?

  • A. Whitfield Diffie and Martin Hellman
  • B. Rivest, Shamir and Adleman
  • C. David Clark and David Wilson
  • D. David Bell and Leonard LaPadula

正解: D

解説:
It was David Bell and Leonard LaPadula who, in 1973, first described the DoD multilevel military security policy in abstract, formal terms. The Bell-LaPadula is a Mandatory Access Control (MAC) model concerned with confidentiality. Rivest, Shamir and Adleman (RSA) developed the RSA encryption algorithm. Whitfield Diffie and Martin Hellman published the Diffie-Hellman key agreement algorithm in 1976. David Clark and David Wilson developed the Clark-Wilson integrity model, more appropriate for security in commercial activities. Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly, July 1992 (pages 78,109).

 

質問 37
What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

  • A. Monitors all processes and activities on the host system only
  • B. Virtually eliminates limits associated with encryption
  • C. It can be very invasive to the host operating system
  • D. They have an increased level of visibility and control compared to NIDS

正解: C

解説:
The biggest drawback of HIDS, and the reason many organizations resist its use, is that it can be very invasive to the host operating system. HIDS must have the capability to monitor all processes and activities on the host system and this can sometimes interfere with normal system processing.
HIDS versus NIDS
A host-based IDS (HIDS) can be installed on individual workstations and/ or servers to watch for inappropriate or anomalous activity. HIDSs are usually used to make sure users do not delete system files, reconfigure important settings, or put the system at risk in any other way.
So, whereas the NIDS understands and monitors the network traffic, a HIDS's universe is limited to the computer itself. A HIDS does not understand or review network traffic, and a
NIDS does not "look in" and monitor a system's activity. Each has its own job and stays out of the other's way.
The ISC2 official study book defines an IDS as:
An intrusion detection system (IDS) is a technology that alerts organizations to adverse or unwanted activity. An IDS can be implemented as part of a network device, such as a router, switch, or firewall, or it can be a dedicated IDS device monitoring traffic as it traverses the network. When used in this way, it is referred to as a network IDS, or NIDS.
IDS can also be used on individual host systems to monitor and report on file, disk, and process activity on that host. When used in this way it is referred to as a host-based IDS, or
HIDS.
An IDS is informative by nature and provides real-time information when suspicious activities are identified. It is primarily a detective device and, acting in this traditional role, is not used to directly prevent the suspected attack.
What about IPS?
In contrast, an intrusion prevention system (IPS), is a technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. An IPS permits a predetermined set of functions and actions to occur on a network or system; anything that is not permitted is considered unwanted activity and blocked. IPS is engineered specifically to respond in real time to an event at the system or network layer.
By proactively enforcing policy, IPS can thwart not only attackers, but also authorized users attempting to perform an action that is not within policy. Fundamentally, IPS is considered an access control and policy enforcement technology, whereas IDS is considered network monitoring and audit technology.
The following answers were incorrect:
All of the other answer were advantages and not drawback of using HIDS
TIP FOR THE EXAM:
Be familiar with the differences that exists between an HIDS, NIDS, and IPS. Know that
IDS's are mostly detective but IPS are preventive. IPS's are considered an access control and policy enforcement technology, whereas IDS's are considered network monitoring and audit technology.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Locations
5817-5822). McGraw-Hill. Kindle Edition.
and
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Access Control ((ISC)2 Press), Domain1, Page 180-188 or on the kindle version look for
Kindle Locations 3199-3203 Auerbach Publications.

 

質問 38
......

CISSP問題集はあなたの合格を必ず保証します:https://www.jpntest.com/shiken/CISSP-mondaishu

CISSPテスト問題集とオンライン試験エンジン:https://drive.google.com/open?id=1_N049T1NPFvR-vTnOHNNSbB_pJ_sIbFv

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡