Free Providing CertBus ISC CISSP VCE Exam Study Guides With New Update Exam Questions
CertBus 2020 Newest ISC CISSP ISC Certification Exam VCE and PDF Dumps for Free Download!
☆ CISSP ISC Certification Exam PDF and VCE Dumps : 970QAs Instant Download: https://www.certbus.com/CISSP.html [100% CISSP Exam Pass Guaranteed or Money Refund!!]
☆ Free view online pdf on CertBus free test CISSP PDF: https://www.certbus.com/online-pdf/CISSP.pdf
☆ CertBus 2020 Newest CISSP ISC Certification exam Question PDF Free Download from Google Drive Share: https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing
Following CISSP 970QAs are all new published by ISC Official Exam Center
Do not worry about that if you are stuck in the ISC Certification Latest CISSP study guide exam difficulties, CertBus will assist you all your way through the ISC Certification Latest CISSP vce dumps Certified Information Systems Security Professional exam with the most update ISC Certification Oct 11,2020 Hotest CISSP practice PDF and VCE dumps. CertBus exam Hotest CISSP practice preparation materials are the most comprehensive material, covering every key knowledge of Newest CISSP vce Certified Information Systems Security Professional exam.
CertBus – hottest CISSP certification practice questions and answers. help candidates get well prepared for their CISSP certification exams. CertBus CISSP certification dumps : oracle, ibm and many more. CertBus – CISSP certification exams – original questions and answers – success guaranteed. CertBus | CISSP certification materials | videos | study guides.
We CertBus has our own expert team. They selected and published the latest CISSP preparation materials from ISC Official Exam-Center: https://www.certbus.com/CISSP.html
Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?
A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.
B. The initial logon process is cumbersome to discourage potential intruders.
C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications.
D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems
Correct Answer: A
Explanation: Single Sign-On is a distrubuted Access Control methodology where an individual only has to authenticate once and would have access to all primary and secondary network domains. The individual would not be required to re-
authenticate when they needed additional resources. The security issue that this creates is if a fraudster is able to compromise those credential they too would have access to all the resources that account has access to.
All the other answers are incorrect as they are distractors.
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
Correct Answer: B
Explanation: The detective/technical control measures are intended to reveal the violations of security policy using technical means. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 35
What are cognitive passwords?
A. Passwords that can be used only once.
B. Fact or opinion-based information used to verify an individual\’s identity.
C. Password generators that use a challenge response scheme.
Correct Answer: B
Explanation: Cognitive passwords are fact or opinion-based information used to verify an individual\’s identity. Passwords that can be used only once are one-time or dynamic passwords. Password generators that use a challenge response
scheme refer to token devices.
A passphrase is a sequence of characters that is longer than a password and is transformed into a virtual password.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System and Methodology (page 2), /Documents/CISSP_Summary_2002/index.html.
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. True Rejection Rate (TRR) or Type III Error
Correct Answer: A
Explanation: The percentage of valid subjects that are falsely rejected is called the False Rejection Rate (FRR) or Type I Error.
Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 38
An access control policy for a bank teller is an example of the implementation of which of the following?
A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policy
Correct Answer: D
Explanation: The position of a bank teller is a specific role within the bank, so you would implement a role-based policy.
The following answers are incorrect: Rule-based policy. Is incorrect because this is based on rules and not the role of a of a bank teller so this would not be applicable for a specific role within an organization.
Identity-based policy. Is incorrect because this is based on the identity of an individual and not the role of a bank teller so this would not be applicable for a specific role within an organization.
User-based policy. Is incorrect because this would be based on the user and not the role of a bank teller so this would not be not be applicable for a specific role within an organization.
CISSP PDF DumpsCISSP VCE DumpsCISSP Study Guide
The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something:
A. you need.
B. you read.
C. you are.
D. you do.
Correct Answer: C
Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
What kind of certificate is used to validate a user identity?
A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate
Correct Answer: A
Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an
organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the
signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. The
permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be considered to be like a passport: it identifies the holder, tends to last for a long time, and should not be trivial to obtain. An AC is more
like an entry visa: it is typically issued by a different authority and does not last for as long a time. As acquiring an entry visa typically requires presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service providers and are typically applied to platforms such as Microsoft Smartphone (and related), Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the mobile terminal client distribution (ie. the mobile phone operating system or application environment) to include one or more root certificates each
associated with a set of capabilities or permissions such as “update firmware”, “access address book”, “use radio interface”, and the most basic one, “install and execute”. When a developer wishes to enable distribution and execution in one
of these controlled environments they must acquire a certificate from an appropriate CA, typically a large commercial CA, and in the process they usually have their identity verified using out-of-band mechanisms such as a combination of
phone call, validation of their legal entity through government and commercial databases, etc., similar to the high assurance SSL certificate vetting process, though often there are additional specific requirements imposed on would-be
Once the identity has been validated they are issued an identity certificate they can use to sign their software; generally the software signed by the developer or publisher\’s identity certificate is not distributed but rather it is submitted to
processor to possibly test or profile the content before generating an authorization certificate which is unique to the particular software release. That certificate is then used with an ephemeral asymmetric key-pair to sign the software as the
last step of preparation for distribution. There are many advantages to separating the identity and authorization certificates especially relating to risk mitigation of new content being accepted into the system and key management as well as
recovery from errant software which can be used as attack vectors.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 540
Which of the following statements pertaining to biometrics is FALSE?
A. User can be authenticated based on behavior.
B. User can be authenticated based on unique physical attributes.
C. User can be authenticated by what he knows.
D. A biometric system\’s accuracy is determined by its crossover error rate (CER).
Correct Answer: C
Explanation: As this is not a characteristic of Biometrics this is the rigth choice for this question. This is one of the three basic way authentication can be performed and it is not related to Biometrics. Example of something you know would be a
password or PIN for example.
Please make a note of the negative \’FALSE\’ within the question. This question may seem tricky to some of you but you would be amazed at how many people cannot deal with negative questions. There will be a few negative questions within
the real exam, just like this one the keyword NOT or FALSE will be in Uppercase to clearly indicate that it is negative.
Biometrics verifies an individual\’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of performing authentication (one to one matching) or identification (a one to many
matching). A biometric system scans an attribute or behavior of a person and compares it to a template store within an authentication server datbase, such template would be created in an earlier enrollment process. Because this system
inspects the grooves of a person\’s fingerprint, the pattern of someone\’s retina, or the pitches of someone\’s voice, it has to be extremely sensitive.
The system must perform accurate and repeatable measurements of anatomical or physiological characteristics. This type of sensitivity can easily cause false positives or false negatives. The system must be calibrated so that these false
positives and false negatives occur infrequently and the results are as accurate as possible.
There are two types of failures in biometric identification:
False Rejection also called False Rejection Rate (FRR) — The system fail to recognize a legitimate user. While it could be argued that this has the effect of keeping the protected area extra secure, it is an intolerable frustration to legitimate
users who are refused access because the scanner does not recognize them.
False Acceptance or False Acceptance Rate (FAR) — This is an erroneous recognition, either by confusing one user with another or by accepting an imposter as a legitimate user.
Unique Physical Attributes:
Fingerprint (Most commonly accepted)
Retina Scan (Most accurate but most intrusive)
(Dwell time (the time a key is pressed) and Flight time (the time between “key up” and the next “key down”).
(Stroke and pressure points)
Retina scan devices are the most accurate but also the most invasive biometrics system available today. The continuity of the retinal pattern throughout life and the difficulty in fooling such a device also make it a great long-term, high-security
option. Unfortunately, the cost of the proprietary hardware as well the stigma of users thinking it is potentially harmful to the eye makes retinal scanning a bad fit for most situations.
Remember for the exam that fingerprints are the most commonly accepted type of biometrics system.
The other answers are incorrect:
\’Users can be authenticated based on behavior.\’ is incorrect as this choice is TRUE as it pertains to BIOMETRICS.
Biometrics systems makes use of unique physical characteristics or behavior of users. \’User can be authenticated based on unique physical attributes.\’ is also incorrect as this choice is also TRUE as it pertains to BIOMETRICS. Biometrics
systems makes use of unique physical characteristics or behavior of users. \’A biometric system\’s accuracy is determined by its crossover error rate (CER)\’ is also incorrect as this is TRUE as it also pertains to BIOMETRICS. The CER is the
point at which the false rejection rates and the false acceptance rates are equal. The smaller the value of the CER, the more accurate the system.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25353-25356). Auerbach Publications. Kindle Edition.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25297-25303). Auerbach Publications. Kindle Edition.
Which of the following questions is less likely to help in assessing identification and authentication controls?
A. Is a current list maintained and approved of authorized users and their access?
B. Are passwords changed at least every ninety days or earlier if needed?
C. Are inactive user identifications disabled after a specified period of time?
D. Is there a process for reporting incidents?
Correct Answer: D
Explanation: Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational control) than to identification and authentication (technical control). Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self- Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32).
Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port?
A. Allow the packet to be processed by the network and record the event
B. Record selected information about the packets and drop the packets
C. Resolve the destination address and process the packet
D. Translate the source address and resend the packet
Correct Answer: B
Explanation: This question refers specificly to the LAND Attack. This question is testing your ability to recognize common attacks such as the Land Attack and also your understanding of what would be an acceptable action taken by your
Intrusion Detection System.
You must remember what is a LAND ATTACK for the purpose of the exam. You must also remember that an IDS is not only a passive device. In the context of the exam it is considered an active device that is MOSTLY passive. It can take
some blocking actions such as changing a rule on a router or firewall for example. In the case of the Land Attack and this specific question. It must be understand that most Operating System TCP/IP stack today would not be vulnerable to
such attack. Many of the common firewall could also drop any traffic with same Source IP/Port as the Destination IP/Port as well. So there is multiple layers where such an attack could be stopped. The downfall of IDS compared with IPS is
the fact they are usually reacting after the packets have been sent over the network. A single packet attack should as the Land Attack could be detected but would still complete and affect the destination target. This is where IPS could come
into play and stop the attack before it completes.
Techtarget on their SearchSecurity website has the following definition for this type of attack:
A land attack is a remote denial-of-service (DOS) attack caused by sending a packet to a machine with the source host/port the same as the destination host/port. This is a rather old attack and current patches should stop them for most
systems. This is one of the attacks you are expected to know within the CBK.
This question mention specifically what would the reaction of the IDS be? The choices presented and the question itself DOES NOT talk about IPS, WIDS, or other monitoring tools. It only mentions IDS. Restrict yourself to the context of the
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the CISSP exam successfully with our ISC materials. CertBus Certified Information Systems Security Professional exam PDF and VCE are the latest and most accurate. We have the best ISC in our team to make sure CertBus Certified Information Systems Security Professional exam questions and answers are the most valid. CertBus exam Certified Information Systems Security Professional exam dumps will help you to be the ISC specialist, clear your CISSP exam and get the final success.
CISSP Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing
CISSP ISC exam dumps (100% Pass Guaranteed) from CertBus: https://www.certbus.com/CISSP.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.