[Newest Version] Free CertBus ISC CISSP PDF and Exam Questions Download 100% Pass Exam

CertBus 2020 Real ISC CISSP ISC Certification Exam VCE and PDF Dumps for Free Download!

CISSP ISC Certification Exam PDF and VCE Dumps : 970QAs Instant Download: https://www.certbus.com/CISSP.html [100% CISSP Exam Pass Guaranteed or Money Refund!!]
☆ Free view online pdf on CertBus free test CISSP PDF: https://www.certbus.com/online-pdf/CISSP.pdf
☆ CertBus 2020 Real CISSP ISC Certification exam Question PDF Free Download from Google Drive Share: https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing

Following CISSP 970QAs are all new published by ISC Official Exam Center

There is no need to worry about the difficulties on the ISC Certification Aug 04,2020 Newest CISSP pdf exam preparation. CertBus will assist you pass your ISC Certification Newest CISSP vce dumps exam with up to date Newest CISSP study guide Certified Information Systems Security Professional PDF and VCE dumps. CertBus provides the most update real ISC Certification Hotest CISSP study guide exam preparation material, covering each and every aspect which real ISC Certification Latest CISSP free download exam requires. We ensure you 100% success in ISC Certification Hotest CISSP pdf exam.

as a leading CISSP exam study guides provider, CertBus provides the latest real test practice for hottest cisco, microsoft, comptia, vmware, ibm, hp, oracle, citrix exams. 100% real and latest. CertBus – provide the latest CISSP real exam practice questions and answers. latest microsoft, cisco, comptia,oracle,ibm,sun,juniper,hp and all CISSP certification dumps – CertBus.

We CertBus has our own expert team. They selected and published the latest CISSP preparation materials from ISC Official Exam-Center: https://www.certbus.com/CISSP.html

Question 1:

In Mandatory Access Control, sensitivity labels attached to object contain what information?

A. The item\’s classification

B. The item\’s classification and category set

C. The item\’s category

D. The items\’s need to know

Correct Answer: B

Explanation: The following is the correct answer: the item\’s classification and category set.

A Sensitivity label must contain at least one classification and one category set.

Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must contain at least one Classification and at least one Category. It is common in some environments for a single item to belong to multiple

categories. The list of all the categories to which an item belongs is called a compartment set or category set.

The following answers are incorrect:

The item\’s classification. Is incorrect because you need a category set as well.

The item\’s category. Is incorrect because category set and classification would be both be required.

The item\’s need to know. Is incorrect because there is no such thing. The need to know is indicated by the catergories the object belongs to. This is NOT the best answer.

Reference(s) used for this question:

OIG CBK, Access Control (pages 186 – 188)

AIO, 3rd Edition, Access Control (pages 162 – 163)

AIO, 4th Edition, Access Control, pp 212-214

Wikipedia – http://en.wikipedia.org/wiki/Mandatory_Access_Control

Question 2:

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

A. Discretionary Access

B. Least Privilege

C. Mandatory Access

D. Separation of Duties

Correct Answer: B

Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Question 3:

What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?

A. A capacity table

B. An access control list

C. An access control matrix

D. A capability table

Correct Answer: C

Explanation: The matrix lists the users, groups and roles down the left side and the resources and functions across the top. The cells of the matrix can either indicate that access is allowed or indicate the type of access. CBK pp 317 – 318

AIO3, p. 169 describes it as a table if subjects and objects specifying the access rights a certain subject possesses pertaining to specific objects.

In either case, the matrix is a way of analyzing the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL\’s, capability tables, etc.

“A capacity table” is incorrect.

This answer is a trap for the unwary — it sounds a little like “capability table” but is just there to distract you.

“An access control list” is incorrect.

“It [ACL] specifies a list of users [subjects] who are allowed access to each object” CBK, p. 188 Access control lists (ACL) could be used to implement the rules identified by an access control matrix but is different from the matrix itself.

“A capability table” is incorrect.

“Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject. For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on

the user\’s posession of a capability (or ticket) for the object.” CBK, pp. 191-192 To put it another way, as noted in AIO3 on p. 169, “A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the

object is bound to the ACL.” Again, a capability table could be used to implement the rules identified by an access control matrix but is different from the matrix itself.

CBK pp. 191-192, 317-318

AIO3, p. 169

Question 4:

Which of the following attacks could capture network user passwords?

A. Data diddling

B. Sniffing

C. IP Spoofing

D. Smurfing

Correct Answer: B

Explanation: A network sniffer captures a copy every packet that traverses the network segment the sniffer is connect to.

Sniffers are typically devices that can collect information from a communication medium, such as a network. These devices can range from specialized equipment to basic workstations with customized software.

A sniffer can collect information about most, if not all, attributes of the communication. The most common method of sniffing is to plug a sniffer into an existing network device like a hub or switch. A hub (which is designed to relay all traffic

passing through it to all of its ports) will automatically begin sending all the traffic on that network segment to the sniffing device. On the other hand, a switch (which is designed to limit what traffic gets sent to which port) will have to be

specially configured to send all traffic to the port where the sniffer is plugged in.

Another method for sniffing is to use a network tap–a device that literally splits a network transmission into two identical streams; one going to the original network destination and the other going to the sniffing device. Each of these methods

has its advantages and disadvantages, including cost, feasibility, and the desire to maintain the secrecy of the sniffing activity.

The packets captured by sniffer are decoded and then displayed by the sniffer. Therfore, if the username/password are contained in a packet or packets traversing the segment the sniffer is connected to, it will capture and display that

information (and any other information on that segment it can see).

Of course, if the information is encrypted via a VPN, SSL, TLS, or similar technology, the information is still captured and displayed, but it is in an unreadable format.

The following answers are incorrect:

Data diddling involves changing data before, as it is enterred into a computer, or after it is extracted.

Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication – or causing a system to respond to the wrong address. Smurfing would refer to the smurf attack, where an attacker sends spoofed

packets to the broadcast address on a gateway in order to cause a denial of service. The following reference(s) were/was used to create this question:

CISA Review manual 2014 Page number 321

Official ISC2 Guide to the CISSP 3rd edition Page Number 153

Question 5:

Which of the following is most relevant to determining the maximum effective cost of access control?

A. the value of information that is protected.

B. management\’s perceptions regarding data importance.

C. budget planning related to base versus incremental spending.

D. the cost to replace lost data.

Correct Answer: A

Explanation: The cost of access control must be commensurate with the value of the information that is being protected.

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 49


Question 6:

A network-based vulnerability assessment is a type of test also referred to as:

A. An active vulnerability assessment.

B. A routing vulnerability assessment.

C. A host-based vulnerability assessment.

D. A passive vulnerability assessment.

Correct Answer: A

Explanation: A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets to infer weaknesses from their responses.

Since the assessment is actively attacking or scanning targeted systems, network-based vulnerability assessment systems are also called active vulnerability systems.

There are mostly two main types of test:

PASSIVE: You don\’t send any packet or interact with the remote target. You make use of public database and other techniques to gather information about your target.

ACTIVE: You do send packets to your target, you attempt to stimulate response which will help you in gathering information about hosts that are alive, services runnings, port state, and more.

See example below of both types of attacks:

Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system. Passive attacks are hard to

detect, so in most cases methods are put in place to try to prevent them rather than to detect and stop them. Altering messages , modifying system files, and masquerading as another individual are acts that are considered active attacks

because the attacker is actually doing something instead of sitting back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active attack.


On the commercial vendors will sometimes use different names for different types of scans. However, the exam is product agnostic. They do not use vendor terms but general terms. Experience could trick you into selecting the wrong choice

sometimes. See feedback from Jason below:

“I am a system security analyst. It is my daily duty to perform system vulnerability analysis. We use Nessus and Retina (among other tools) to perform our network based vulnerability scanning. Both commercially available tools refer to a

network based vulnerability scan as a “credentialed” scan. Without credentials, the scan tool cannot login to the system being scanned, and as such will only receive a port scan to see what ports are open and exploitable”

Reference(s) used for this question:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 865). McGraw- Hill. Kindle Edition.


DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 10, march 2002 (page 97).

Question 7:

Which of the following are additional access control objectives?

A. Consistency and utility

B. Reliability and utility

C. Usefulness and utility

D. Convenience and utility

Correct Answer: B

Explanation: Availability assures that a system\’s authorized users have timely and uninterrupted access to the information in the system. The additional access control objectives are reliability and utility. These and other related objectives flow from the organizational security policy. This policy is a high-level statement of management intent regarding the control of access to information and the personnel who are authorized to receive that information. Three things that must be considered for the planning and implementation of access control mechanisms are the threats to the system, the system\’s vulnerability to these threats, and the risk that the threat may materialize

Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 32

Question 8:

Which of the following is the FIRST step in protecting data\’s confidentiality?

A. Install a firewall

B. Implement encryption

C. Identify which information is sensitive

D. Review all user access rights

Correct Answer: C

Explanation: In order to protect the confidentiality of the data.

The following answers are incorrect because :

Install a firewall is incorrect as this would come after the information has been identified for sensitivity levels.

Implement encryption is also incorrect as this is one of the mechanisms to protect the data once it has been identified.

Review all user access rights is also incorrect as this is also a protection mechanism for the identified information.

Reference : Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 126

Question 9:

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

A. Logon Banners

B. Wall poster

C. Employee Handbook

D. Written agreement

Correct Answer: D

Explanation: This is a tricky question, the keyword in the question is Internal users. There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous/external users.

Internal users should always have a written agreement first, then logon banners serve as a constant reminder.

Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the

system, who is authorized and unauthorized, and if it is an unauthorized user then he is fully aware of trespassing. Anonymous/External users, such as those logging into a web site, ftp server or even a mail server; their only notification

system is the use of a logon banner.

References used for this question:

KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 50 and

Shon Harris, CISSP All-in-one, 5th edition, pg 873

Question 10:

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

A. Accountability controls

B. Mandatory access controls

C. Assurance procedures

D. Administrative controls

Correct Answer: C

Explanation: Controls provide accountability for individuals accessing information. Assurance procedures ensure that access control mechanisms correctly implement the security policy for the entire life cycle of an information system. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 2: Access control systems (page 33).

CertBus exam braindumps are pass guaranteed. We guarantee your pass for the CISSP exam successfully with our ISC materials. CertBus Certified Information Systems Security Professional exam PDF and VCE are the latest and most accurate. We have the best ISC in our team to make sure CertBus Certified Information Systems Security Professional exam questions and answers are the most valid. CertBus exam Certified Information Systems Security Professional exam dumps will help you to be the ISC specialist, clear your CISSP exam and get the final success.

CISSP Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing

CISSP ISC exam dumps (100% Pass Guaranteed) from CertBus: https://www.certbus.com/CISSP.html [100% Exam Pass Guaranteed]

Why select/choose CertBus?

Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.

Brand Certbus Testking Pass4sure Actualtests Others
Price $45.99 $124.99 $125.99 $189 $69.99-99.99
Up-to-Date Dumps
Free 365 Days Update
Real Questions
Printable PDF
Test Engine
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back
Secure Payment
Privacy Protection