ebook img

CISSP Exam – Free Actual Q&As PDF

1144 Pages·26.175 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview CISSP Exam – Free Actual Q&As

1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics - Expert Veri�ed, Online, Free.  Happy New Year @ ExamTopics!  We �nally got rid of 2020 as we welcome the new 2021. Use coupon code NY2021YR to get 25% off of a 365-day contributor access, valid for all exams. * Valid thru January 28th 2021  Custom View Settings Topic 1 - Security and Risk Management https://www.examtopics.com/exams/isc/cissp/custom-view/ 1/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #1 Topic 1 Which of the following issues is NOT addressed by Kerberos? A. Availability B. Con�dentiality C. Integrity D. Authentication Correct Answer: A Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services. Kerberos addresses the con�dentiality and integrity of information. It does not address availability. Incorrect Answers: B: Kerberos does address con�dentiality. C: Kerberos does address integrity. D: Kerberos does address authentication. References: , Wiley Publishing, Indianapolis, 2007, p. 78   Secperson 6 months, 2 weeks ago A - it doesn't cover availability upvoted 1 times   emojiguy 5 months, 3 weeks ago Option A upvoted 1 times   imranrq 2 months, 3 weeks ago Answer is A. within Kerberos we have KDC, and KDC is a single point of failure. I ll go with A on this upvoted 2 times   RakRocky 2 months ago Availability not covered. upvoted 1 times   minga0102 4 weeks, 1 day ago i dont know what it is upvoted 1 times   CCNPWILL 3 weeks, 4 days ago how are you lost? the other three have to do with security. availability has nothing to do with security. Answer is A. upvoted 1 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 2/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #2 Topic 1 Which of the following statements is not listed within the 4 canons of the (ISC) Code of Ethics? A. All information systems security professionals who are certi�ed by (ISC) shall observe all contracts and agreements, express or implied. B. All information systems security professionals who are certi�ed by (ISC) shall render only those services for which they are fully competent and quali�ed. C. All information systems security professionals who are certi�ed by (ISC) shall promote and preserve public trust and con�dence in information and systems. D. All information systems security professionals who are certi�ed by (ISC) Correct Answer: D The social consequences of the programs that are written are not included in the ISC Code of Ethics Canon. Note: The ISC Code of Ethics Canon includes: ✑ Protect society, the common good, necessary public trust and con�dence, and the infrastructure. ✑ Act honorably, honestly, justly, responsibly, and legally. ✑ Provide diligent and competent service to principals. ✑ Advance and protect the profession. Incorrect Answers: A: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should observe all contracts and agreements. B: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should render only those services for which you are fully competent and quali�ed. C: The ISC Code of Ethics Canon states that you should protect the necessary public trust and the infrastructure/systems. References: https://www.isc2.org/ethics/default.aspx?terms=code of ethics   chykun 1 year, 5 months ago Option D is not complete. It reads "All Information systems security professionals who are certified by (ISC)" upvoted 3 times   oluchecpoint 1 year, 1 month ago D. All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write. upvoted 6 times   Steph_Jotunheim 10 months ago I agree with Chykun, why option D is incomplete ? upvoted 2 times   ShahParan 9 months, 3 weeks ago agreed with chykun, option D is incomplete upvoted 1 times   senator 8 months ago Explanation of answer informs on option D making since other options are in the canon of ethics upvoted 1 times   Alphainisde 7 months, 1 week ago option 4 should be - All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write. upvoted 3 times   maaexamtopics 5 months ago The Canon's state: Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect the profession. information and systems is not listed - the infrastructure is. upvoted 1 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 3/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #3 Topic 1 Regarding codes of ethics covered within the ISC CBK, within which of them is the phrase "Discourage unsafe practice" found? A. Computer Ethics Institute commandments B. (ISC) Code of Ethics C. Internet Activities Board's Ethics and the Internet (RFC1087) D. CIAC Guidelines Correct Answer: 2B The (ISC) Code of Ethics include the phrase Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures. Incorrect Answers: A: The phrase "Discourage unsafe practice" is not included in the Computer Ethics Institute commandments. It is included in the (ISC) Code of Ethics. C: The phrase "Discourage unsafe practice" is not included in RFC1087. It is included in the (ISC) Code of Ethics. D: The phrase "Discourage unsafe practice" is not included in CIAC Guidelines. It is included in the (ISC) Code of Ethics. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1064   Secperson 6 months, 2 weeks ago B. Discourage unsafe practice. Act honorably, honestly, justly, responsibly, and legally. upvoted 3 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 4/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #4 Topic 1 Which of the following is NOT a factor related to Access Control? A. integrity B. authenticity C. con�dentiality D. availability Correct Answer: B Authenticity is not a factor related to Access Control. Access controls are security features that control how users and systems communicate and interact with other systems and resources. Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and con�dentiality. Incorrect Answers: A: Integrity is a factor related to Access Control. C: Con�dentiality is a factor related to Access Control. D: Availability is a factor related to Access Control. References: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems   Secperson 6 months, 2 weeks ago B. Authenticity is different from authentication. Authenticity pertains to something being authentic, not necessarily having a direct correlation to access control. upvoted 3 times   CCNPWILL 3 weeks, 4 days ago I have to say the answer is D. looks quite obvious to me... Availability is not CIA and has nothing to do with access control or security of any kind. upvoted 2 times   xaccan 3 weeks ago Availability is not a CIA? Please study first. upvoted 2 times   n2062348 2 weeks, 4 days ago Isn't authenticity of subject a concern of access control? Availability is ensured through providing redundant software or hardware components. upvoted 1 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 5/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #5 Topic 1 Which of the following is the correct set of assurance requirements for EAL 5? A. Semiformally veri�ed design and tested B. Semiformally tested and checked C. Semiformally designed and tested D. Semiformally veri�ed tested and checked Correct Answer: C The EAL 5 requirement is: Semiformally designed and tested; this is sought when developing specialized Target of Evaluations for high-risk situations. Incorrect Answers: A: Semiformally veri�ed design and tested is EAL 7, not EAL 5. B: EAL 5 is not semiformally tested and checked. EAL 5 is semiformally designed and tested. D: Semiformally veri�ed tested and checked is similar to EAL 7, but it is not EAL 5. References: , 2nd Edition, CRC Press, New York, 2009, p. 668   Steph_Jotunheim 10 months, 4 weeks ago Hello I do not understand your anwser : A: Semiformally verified design and tested is EAL 7, not EAL 5. I believed it was EAL 6 BR Stephane upvoted 2 times   PlasticMind 10 months, 2 weeks ago EAL 6 includes semi-formally verified, designed an tested. EAL includes formally verified, designed and tested. Can we please updte the answer text? EAL 5 is still the correct answer here as it includes semi-formally designed and tested. Reference: https://searchdatacenter.techtarget.com/definition/Evaluation-Assurance-Level-EAL upvoted 2 times   PlasticMind 10 months, 2 weeks ago EAL 6 includes semi-formally verified, designed an tested. EAL 7 includes formally verified, designed and tested. Can we please updte the answer text? EAL 5 is still the correct answer here as it includes semi-formally designed and tested. Reference: https://searchdatacenter.techtarget.com/definition/Evaluation-Assurance-Level-EAL upvoted 1 times   walegxy 9 months, 4 weeks ago • EAL1 Functionally tested • EAL2 Structurally tested • EAL3 Methodically tested and checked • EAL4 Methodically designed, tested, and reviewed • EAL5 Semiformally designed and tested • EAL6 Semiformally verified design and tested • EAL7 Formally verified design and tested upvoted 17 times   Secperson 6 months, 2 weeks ago C. EAL 5: Semiformally designed and tested; this is sought when the requirement is for a high level of independently ensured security. upvoted 1 times   csco10320953 1 month, 4 weeks ago 7-Evaluation Assurance Levels EAL0-Inadequate assurance EAL1-Functionality tested EAL2-Structurally tested EAL3-Methodically designed ,tested EAL4-Methodically designed, tested and reviewed EAL5-Semiformally designed and tested EAL6-Semiformally verified designed and tested EAL7-Formally verified Designed and tested upvoted 1 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 6/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #6 Topic 1 Which of the following is needed for System Accountability? A. Audit mechanisms. B. Documented design as laid out in the Common Criteria. C. Authorization. D. Formal veri�cation of system design. Correct Answer: A Accountability is the ability to identify users and to be able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Incorrect Answers: B: Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. C: Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. D: Formal veri�cation involves Validating and testing highly trusted systems. It does not, however, involve System Accountability. References: , 6th Edition, McGraw-Hill, 2013, pp. 203, 248-250, 402.   Secperson 6 months, 2 weeks ago A. Accountability is the ability to identify users and to be able to track user actions. upvoted 1 times   CJ32 3 months ago Also known as Accounting, Accountability is tracking user's actions. Auditing mechanisms serve as that. Example: Audit Logs are used to log what is done the device/network. upvoted 1 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 7/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #7 Topic 1 The major objective of system con�guration management is which of the following? A. System maintenance. B. System stability. C. System operations. D. System tracking. Correct Answer: B Con�guration Management is de�ned as the identi�cation, control, accounting, and documentation of all changes that take place to system hardware, software, �rmware, supporting documentation, and test results throughout the lifespan of the system. A system should have baselines set pertaining to the systems hardware, software, and �rmware con�guration. The con�guration baseline will be tried and tested and known to be stable. Modifying the con�guration settings of a system could lead to system instability. System con�guration management will help to ensure system stability by ensuring a consistent con�guration across the systems. Incorrect Answers: A: System con�guration management could aid system maintenance. However, this is not a major objective of system con�guration management. C: System con�guration management will help to ensure system stability which will help in system operations. However, system operations are not a major objective of system con�guration management. D: System tracking is not an objective of system con�guration management. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 4   Panama 1 year ago it can be even system operation upvoted 2 times   Secperson 6 months, 2 weeks ago A. system maintenance, system need to be stable against specific baseline. upvoted 1 times   dtekum 6 months ago I would say System Operation upvoted 1 times   CJ32 4 months, 3 weeks ago I thought this was system operation as well. However, after doing research i found: A major objective with Configuration Management is stability. The changes to the system are controlled so that they don't lead to weaknesses or faults in th system upvoted 8 times   topcat 2 months, 3 weeks ago B - The aim is always stability upvoted 4 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 8/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #8 Topic 1 The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users? A. Writing computer viruses. B. Monitoring data tra�c. C. Wasting computer resources. D. Concealing unauthorized accesses. Correct Answer: C IAB considers wasting resources (people, capacity, and computers) through purposeful actions unethical. Note: The IAB considers the following acts unethical and unacceptable behavior: ✑ Purposely seeking to gain unauthorized access to Internet resources ✑ Disrupting the intended use of the Internet ✑ Wasting resources (people, capacity, and computers) through purposeful actions ✑ Destroying the integrity of computer-based information ✑ Compromising the privacy of others ✑ Negligence in the conduct of Internet-wide experiments Incorrect Answers: A: The IAB list of unethical behavior for Internet users does not include writing computer viruses. B: IAB does not consider monitoring data tra�c unethical. D: The IAB list of unethical behavior for Internet users does not include concealing unauthorized accesses. References: , 6th Edition, McGraw-Hill, New York, 2013, p. 1076   Secperson 6 months, 2 weeks ago C. Wasting resources upvoted 2 times https://www.examtopics.com/exams/isc/cissp/custom-view/ 9/1144 1/27/2021 CISSP Exam – Free Actual Q&As, Page 1 | ExamTopics Question #9 Topic 1 A deviation from an organization-wide security policy requires which of the following? A. Risk Acceptance B. Risk Assignment C. Risk Reduction D. Risk Containment Correct Answer: A A deviation from an organization-wide security policy is a risk. Once a company knows the risk it is faced with, it must decide how to handle it. Risk can be dealt with in four basic ways: transfer it, avoid it, reduce it, or accept it. One approach is to accept the risk, which means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept risk when the cost/bene�t ratio indicates that the cost of the countermeasure outweighs the potential loss value. In this question, if the deviation from an organization-wide security policy will remain, that is an example of risk acceptance. Incorrect Answers: B: Risk Assignment would be to transfer the risk. An example of this would be insurance where the risk is transferred to the insurance company. A deviation from an organization-wide security policy does not require risk assignment. C: Risk reduction would be to reduce the deviation from the organization-wide security policy. A deviation from an organization-wide security policy does not require risk reduction. D: A deviation from an organization-wide security policy does not require risk containment; it requires acceptance of the risk posed by the deviation. References: , 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98 https://www.examtopics.com/exams/isc/cissp/custom-view/ 10/1144

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.