• Home
  • Articles
  • [2023] New CISSP exam dumps Use Updated ISC Exam [Q609-Q626]

[2023] New CISSP exam dumps Use Updated ISC Exam [Q609-Q626]

Share

[2023] New CISSP exam dumps Use Updated ISC Exam

Verified CISSP Dumps Q&As - CISSP Test Engine with Correct Answers


The CISSP certification is ideal for individuals who want to gain expertise in the field of cybersecurity and information security. It is also suitable for professionals who are looking to advance their careers in the field of information security. The CISSP certification is recognized by organizations worldwide, and it demonstrates the individual's knowledge and skills in the information security domain.


For more info visit:

ISC CISSP Exam Reference

 

NEW QUESTION # 609
Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

  • A. The SPI inspects traffic on a packet-by-packet basis.
  • B. The SPI inspects the traffic in the context of a session.
  • C. The SPI is capable of dropping packets based on a pre-defined rule set.
  • D. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.

Answer: B


NEW QUESTION # 610
Which one of the following is NOT a typical bus designation in a digital
computer?

  • A. Data
  • B. Address
  • C. Control
  • D. Secondary

Answer: D

Explanation:
The correct answer is Secondary, a distracter.


NEW QUESTION # 611
What does the simple integrity axiom mean in the Biba model?

  • A. No read down
  • B. No write up
  • C. No read up
  • D. No write down

Answer: A

Explanation:
The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity (no read down). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).


NEW QUESTION # 612
When the IDS detect attackers, the attackers are seamlessly transferred to a special host. This method is called:

  • A. Padded Cell
  • B. Vulnerability Analysis Systems
  • C. Honey Pot
  • D. File Integrity Checker

Answer: A

Explanation:
Padded cells take a different approach. Instead of trying to attract attackers with tempting data, a padded cell operates in tandem with traditional IDS. When the IDS detect attackers, it seamlessly transfers then to a special padded cell host.


NEW QUESTION # 613
An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

  • A. Survey the technical staff
  • B. Perform a compliance review
  • C. Perform a penetration test
  • D. Train the technical staff

Answer: C

Explanation:
Section: Security Operations


NEW QUESTION # 614
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

  • A. Client hardening and management is easier on clients than on servers.
  • B. Client-based attacks have higher financial impact.
  • C. Client privilege administration is inherently weaker than server privilege administration.
  • D. Client-based attacks are more common and easier to exploit than server and network based attacks.

Answer: D


NEW QUESTION # 615
DRAG DROP
A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Answer:

Explanation:


NEW QUESTION # 616
Which of the following statements pertaining to using Kerberos without any extension is false?

  • A. Kerberos is mostly a third-party authentication protocol.
  • B. Kerberos provides robust authentication.
  • C. A client can be impersonated by password-guessing.
  • D. Kerberos uses public key cryptography.

Answer: D

Explanation:
Kerberos is a trusted, credential-based, third-party authentication protocol that uses symmetric (secret) key cryptography to provide robust authentication to clients accessing services on a network. Because a client's password is used in the initiation of the Kerberos request for the service protocol, password guessing can be used to impersonate a client.
Here is a nice overview of HOW Kerberos is implement as described in RFC 4556:
1 Introduction
The Kerberos V5 protocol [RFC4120] involves use of a trusted third party known as the Key Distribution Center (KDC) to negotiate shared session keys between clients and services and provide mutual authentication between them.
The corner-stones of Kerberos V5 are the Ticket and the Authenticator. A Ticket encapsulates a symmetric key (the ticket session key) in an envelope (a public message) intended for a specific service. The contents of the Ticket are encrypted with a symmetric key shared between the service principal and the issuing KDC. The encrypted part of the Ticket contains the client principal name, among other items. An Authenticator is a record that can be shown to have been recently generated using the ticket session key in the associated Ticket. The ticket session key is known by the client who requested the ticket. The contents of the Authenticator are encrypted with the associated ticket session key. The encrypted part of an Authenticator contains a timestamp and the client principal name, among other items.
As shown in Figure 1, below, the Kerberos V5 protocol consists of the following message exchanges between the client and the KDC, and the client and the application service:
-
The Authentication Service (AS) Exchange
The client obtains an "initial" ticket from the Kerberos authentication server (AS), typically a Ticket Granting Ticket (TGT). The AS-REQ message and the AS-REP message are the request and the reply message, respectively, between the client and the AS.
-
The Ticket Granting Service (TGS) Exchange
The client subsequently uses the TGT to authenticate and request a service ticket for a particular service, from the Kerberos ticket-granting server (TGS). The TGS-REQ message and the TGS-REP message are the request and the reply message respectively between the client and the TGS.
-
The Client/Server Authentication Protocol (AP) Exchange
The client then makes a request with an AP-REQ message, consisting
of a service ticket and an authenticator that certifies the
client's possession of the ticket session key. The server may
optionally reply with an AP-REP message. AP exchanges typically
negotiate session-specific symmetric keys.
Usually, the AS and TGS are integrated in a single device also known
as the KDC.
+--------------+
+--------->| KDC |
AS-REQ / +-------| |
/ / +--------------+
/ / ^ |
/ |AS-REP / |
| | / TGS-REQ + TGS-REP
| | / /
| | / /
| | / +---------+
| | / /
| | / /
| | / /
| v / v
++-------+------+ +-----------------+
| Client +------------>| Application |
| | AP-REQ | Server |
| |<------------| |
+---------------+ AP-REP +-----------------+
Figure 1: The Message Exchanges in the Kerberos V5 Protocol
In the AS exchange, the KDC reply contains the ticket session key,
among other items, that is encrypted using a key (the AS reply key)
shared between the client and the KDC. The AS reply key is typically
derived from the client's password for human users. Therefore, for
human users, the attack resistance strength of the Kerberos protocol
is no stronger than the strength of their passwords.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems
(page 40).
And
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
4: Access Control (pages 147-151). and http://www.ietf.org/rfc/rfc4556txt


NEW QUESTION # 617
________ is a ________ attack that eavesdrops on communication. (Choose two)

  • A. Active
  • B. Passive
  • C. Wiretapping
  • D. Brute force
  • E. Password cracking

Answer: B,C

Explanation:
Wiretapping is a passive attack that eavesdrops on communication. It is only legal with prior consent or a warrant.


NEW QUESTION # 618
This backup method must be made regardless of whether Differential or Incremental methods are used.

  • A. Differential backup method
  • B. Tape backup method
  • C. Full Backup Method
  • D. Incremental backup method

Answer: C

Explanation:
Since the "Full" backup method provides a baseline for our systems for
Restore, the full backup must be done at least once regardless of the method you are using. Its very common to use full backups in combination with incremental or differential ones to decrease the backup time (however you increment the restore time), but there is no way to maintain a system only with incremental or differential backups. You always need to begin from your restore baseline, the Full Backup.


NEW QUESTION # 619
Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations?

  • A. The Federal Sentencing Guidelines of 1991.
  • B. The Economic Espionage Act of 1996.
  • C. The Computer Security Act of 1987.
  • D. The Computer Fraud and Abuse Act of 1986.

Answer: A

Explanation:
In 1991, U.S. Federal Sentencing Guidelines were developed to provide judges with courses of action in dealing with white collar crimes. These guidelines provided ways that companies and law enforcement should prevent, detect and report computer crimes. It also outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations.


NEW QUESTION # 620
Which of the following would be best suited to oversee the development of an information security policy?

  • A. Security Officers
  • B. System Administrators
  • C. Security administrators
  • D. End User

Answer: A

Explanation:
The security officer would be the best person to oversea the development of such
policies.
Security officers and their teams have typically been charged with the responsibility of creating the
security policies. The policies must be written and communicated appropriately to ensure that they
can be understood by the end users. Policies that are poorly written, or written at too high of an
education level (common industry practice is to focus the content for general users at the sixth- to
eighth-grade reading level), will not be understood.
Implementing security policies and the items that support them shows due care by the company
and its management staff. Informing employees of what is expected of them and the
consequences of noncompliance can come down to a liability issue.
While security officers may be responsible for the development of the security policies, the effort
should be collaborative to ensure that the business issues are addressed.
The security officers will get better corporate support by including other areas in policy
development. This helps build buy-in by these areas as they take on a greater ownership of the
final product. Consider including areas such as HR, legal, compliance, various IT areas and
specific business area representatives who represent critical business units.
When policies are developed solely within the IT department and then distributed without business
input, they are likely to miss important business considerations. Once policy documents have been
created, the basis for ensuring compliance is established. Depending on the organization,
additional documentation may be necessary to support policy. This support may come in the form
of additional controls described in standards, baselines, or procedures to help personnel with
compliance. An important step after documentation is to make the most current version of the
documents readily accessible to those who are expected to follow them. Many organizations place
the documents on their intranets or in shared file folders to facilitate their accessibility. Such
placement of these documents plus checklists, forms, and sample documents can make
awareness more effective.
For your exam you should know the information below:
End User - The end user is responsible for protecting information assets on a daily basis through
adherence to the security policies that have been communicated.
Executive Management/Senior Management - Executive management maintains the overall responsibility for protection of the information assets. The business operations are dependent upon information being available, accurate, and protected from individuals without a need to know.
Security Officer - The security officer directs, coordinates, plans, and organizes information security activities throughout the organization. The security officer works with many different individuals, such as executive management, management of the business units, technical staff, business partners, auditors, and third parties such as vendors. The security officer and his or her team are responsible for the design, implementation, management, and review of the organization's security policies, standards, procedures, baselines, and guidelines.
Information Systems Security Professional- Drafting of security policies, standards and supporting guidelines, procedures, and baselines is coordinated through these individuals. Guidance is provided for technical security issues, and emerging threats are considered for the adoption of new policies. Activities such as interpretation of government regulations and industry trends and analysis of vendor solutions to include in the security architecture that advances the security of the organization are performed in this role.
Data/Information/Business/System Owners - A business executive or manager is typically responsible for an information asset. These are the individuals that assign the appropriate classification to information assets. They ensure that the business information is protected with appropriate controls. Periodically, the information asset owners need to review the classification and access rights associated with information assets. The owners, or their delegates, may be required to approve access to the information. Owners also need to determine the criticality, sensitivity, retention, backups, and safeguards for the information. Owners or their delegates are responsible for understanding the risks that exist with regards to the information that they control. Data/Information Custodian/Steward - A data custodian is an individual or function that takes care of the information on behalf of the owner. These individuals ensure that the information is available to the end users and is backed up to enable recovery in the event of data loss or corruption. Information may be stored in files, databases, or systems whose technical infrastructure must be managed, by systems administrators. This group administers access rights to the information assets.
Information Systems Auditor- IT auditors determine whether users, owners, custodians, systems, and networks are in compliance with the security policies, procedures, standards, baselines, designs, architectures, management direction, and other requirements placed on systems. The auditors provide independent assurance to the management on the appropriateness of the security controls. The auditor examines the information systems and determines whether they are designed, configured, implemented, operated, and managed in a way ensuring that the organizational objectives are being achieved. The auditors provide top company management with an independent view of the controls and their effectiveness.
Business Continuity Planner - Business continuity planners develop contingency plans to prepare for any occurrence that could have the ability to impact the company's objectives negatively. Threats may include earthquakes, tornadoes, hurricanes, blackouts, changes in the economic/political climate, terrorist activities, fire, or other major actions potentially causing significant harm. The business continuity planner ensures that business processes can continue through the disaster and coordinates those activities with the business areas and information technology personnel responsible for disaster recovery.
Information Systems/ Technology Professionals- These personnel are responsible for designing security controls into information systems, testing the controls, and implementing the systems in production environments through agreed upon operating policies and procedures. The information systems professionals work with the business owners and the security professionals to ensure that the designed solution provides security controls commensurate with the acceptable criticality, sensitivity, and availability requirements of the application.
Security Administrator - A security administrator manages the user access request process and ensures that privileges are provided to those individuals who have been authorized for access by application/system/data owners. This individual has elevated privileges and creates and deletes accounts and access permissions. The security administrator also terminates access privileges when individuals leave their jobs or transfer between company divisions. The security administrator maintains records of access request approvals and produces reports of access rights for the auditor during testing in an access controls audit to demonstrate compliance with the policies.
Network/Systems Administrator - A systems administrator (sysadmin/netadmin) configures network and server hardware and the operating systems to ensure that the information can be available and accessible. The administrator maintains the computing infrastructure using tools and utilities such as patch management and software distribution mechanisms to install updates and test patches on organization computers. The administrator tests and implements system upgrades to ensure the continued reliability of the servers and network devices. The administrator provides vulnerability management through either commercial off the shelf (COTS) and/or non-COTS solutions to test the computing environment and mitigate vulnerabilities appropriately.
Physical Security - The individuals assigned to the physical security role establish relationships with external law enforcement, such as the local police agencies, state police, or the Federal Bureau of Investigation (FBI) to assist in investigations. Physical security personnel manage the installation, maintenance, and ongoing operation of the closed circuit television (CCTV) surveillance systems, burglar alarm systems, and card reader access control systems. Guards are placed where necessary as a deterrent to unauthorized access and to provide safety for the company employees. Physical security personnel interface with systems security, human resources, facilities, and legal and business areas to ensure that the practices are integrated.
Security Analyst - The security analyst role works at a higher, more strategic level than the previously described roles and helps develop policies, standards, and guidelines, as well as set various baselines. Whereas the previous roles are "in the weeds" and focus on pieces and parts of the security program, a security analyst helps define the security program elements and follows through to ensure the elements are being carried out and practiced properly. This person works more at a design level than at an implementation level.
Administrative Assistants/Secretaries - This role can be very important to information security; in many companies of smaller size, this may be the individual who greets visitors, signs packages in and out, recognizes individuals who desire to enter the offices, and serves as the phone screener for executives. These individuals may be subject to social engineering attacks, whereby the potential intruder attempts to solicit confidential information that may be used for a subsequent attack. Social engineers prey on the goodwill of the helpful individual to gain entry. A properly trained assistant will minimize the risk of divulging useful company information or of providing unauthorized entry.
Help Desk Administrator - As the name implies, the help desk is there to field questions from users that report system problems. Problems may include poor response time, potential virus infections, unauthorized access, inability to access system resources, or questions on the use of a program. The help desk is also often where the first indications of security issues and incidents will be seen. A help desk individual would contact the computer security incident response team (CIRT) when a situation meets the criteria developed by the team. The help desk resets passwords, resynchronizes/reinitializes tokens and smart cards, and resolves other problems with access control.
Supervisor - The supervisor role, also called user manager, is ultimately responsible for all user activity and any assets created and owned by these users. For example, suppose Kathy is the supervisor of ten employees. Her responsibilities would include ensuring that these employees understand their responsibilities with respect to security; making sure the employees' account information is up-to-date; and informing the security administrator when an employee is fired, suspended, or transferred. Any change that pertains to an employee's role within the company usually affects what access rights they should and should not have, so the user manager must inform the security administrator of these changes immediately.
Change Control Analyst Since the only thing that is constant is change, someone must make sure changes happen securely. The change control analyst is responsible for approving or rejecting requests to make changes to the network, systems, or software. This role must make certain that
the change will not introduce any vulnerabilities, that it has been properly tested, and that it is
properly rolled out. The change control analyst needs to understand how various changes can
affect security, interoperability, performance, and productivity. Or, a company can choose to just
roll out the change and see what happens.
The following answers are incorrect:
Systems Administrator - A systems administrator (sysadmin/netadmin) configures network and
server hardware and the operating systems to ensure that the information can be available and
accessible. The administrator maintains the computing infrastructure using tools and utilities such
as patch management and software distribution mechanisms to install updates and test patches
on organization computers. The administrator tests and implements system upgrades to ensure
the continued reliability of the servers and network devices. The administrator provides
vulnerability management through either commercial off the shelf (COTS) and/or non-COTS
solutions to test the computing environment and mitigate vulnerabilities appropriately.
End User - The end user is responsible for protecting information assets on a daily basis through
adherence to the security policies that have been communicated.
Security Administrator - A security administrator manages the user access request process and
ensures that privileges are provided to those individuals who have been authorized for access by
application/system/data owners. This individual has elevated privileges and creates and deletes
accounts and access permissions. The security administrator also terminates access privileges
when individuals leave their jobs or transfer between company divisions. The security
administrator maintains records of access request approvals and produces reports of access
rights for the auditor during testing in an access controls audit to demonstrate compliance with the
policies.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 109
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 108). McGraw-Hill.
Kindle Edition.


NEW QUESTION # 621
Which choice below is incorrect regarding when a BCP, DRP, or emergency management plan should be evaluated and modified?

  • A. Never; once it has been tested it should not be changed.
  • B. Annually, in a scheduled review.
  • C. After training drills, tests, or exercises.
  • D. After an emergency or disaster response.

Answer: A

Explanation:
Emergency management plans, business continuity plans, and disaster
recovery plans should be regularly reviewed, evaluated, modified,
and updateD. At a minimum, the plan should be reviewed at an
annual audit. It should also be re-evaluated:
After tests or training exercises, to adjust any discrepancies
between the test results and the plan
After a disaster response or an emergency recovery, as this is an
excellent time to amend the parts of the plan that were not
effective
When personnel, their responsibilities, their resources, or
organizational structures change, to familiarize new or reorganized
personnel with procedures
When polices, procedures, or infrastructures change
Source: Emergency Management Guide for Business and Industry
Federal Emergency Management Agency, August, 1998 and NFPA
1600 Standard on Disaster/Emergency Management and Business
Continuity National Fire Protection Association, 2000 edition.


NEW QUESTION # 622
Which type of control would password management classify as?

  • A. Preventive control
  • B. Detective control
  • C. Technical control
  • D. Compensating control

Answer: A

Explanation:
Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these controls include:
Access control software.
Antivirus software.
Library control systems.
Passwords and Password management.
Smart cards.
Encryption.
Dial-up access control and callback systems.
About Passwords: Passwords are used to verify that the user of an ID is the owner of the ID. The ID-password combination is unique to each user and therefore provides a means of holding users accountable for their activity on the system.
Fixed passwords that are used for a defined period of time are often easy for hackers to compromise; therefore, great care must be exercised to ensure that these passwords do not appear in any dictionary. Fixed passwords are often used to control access to specific data bases. In this use, however, all persons who have authorized access to the data base use the same password; therefore, no accountability can be achieved. Currently, dynamic or one-time passwords, which are different for each log-on, are preferred over fixed passwords. Dynamic passwords are created by a token that is programmed to generate passwords randomly. The management of those passwords is part of Preventive control.


NEW QUESTION # 623
A demilitarized zone is:

  • A. the network segment between the Internet and a private network
  • B. a militarized network segment
  • C. a part of a network perfectly safe from hackers
  • D. a firewall

Answer: A

Explanation:
The DMZ is a buffer between the protected and unprotected network.
"A part of a network perfectly safe from hackers" is incorrect. There is no such thing.
"A militarized network segment" is incorrect. While the term DMZ originated in the Korean War, it
has nothing to do with the military.
"A firewall" is incorrect. Firewalls can play an important part in building a DMZ but a DMZ is much
more than a firewall.
References: CBK, p. 850 AIO, p. 483


NEW QUESTION # 624
Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

  • A. The impact of the control
  • B. The risk culture of the organization
  • C. The cost of the control
  • D. The nature of the risk

Answer: A

Explanation:
Section: Mixed questions


NEW QUESTION # 625
Which of the following is the BEST way to verify the integrity of a software patch?

  • A. Automatic updates
  • B. Cryptographic checksums
  • C. Vendor assurance
  • D. Version numbering

Answer: B


NEW QUESTION # 626
......

Pass Your CISSP Dumps as PDF Updated on 2023 With 1481 Questions: https://testinsides.actualpdf.com/CISSP-real-questions.html

Related Articles

more
ISC CISSP Certification Practice Exam