Announcements
April is Volunteer Appreciation Month! We want to thank all of our
volunteers for all the hard work they do! Join us in celebrating!
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Re: CISSP questions

An Access Control List (ACL) represents a set of subjects by using which of the following constructs?

a. Group
b. Capability
c. Key
d. Domain


Answer: a.
Reference: Fites & Kratz, pg 149

 

You can easily drop the key and domain answers here.  You might be a bit confused by the group and capability options.  Again, this is an example of "if you don't know it, it isn't necessarily the right answer."  ACLs almost always have options for groups, even if that isn't always the primary use.  Capability?  Well, that's kind of related.  It's an older term for what might now be described as an authorization that is digitally signed.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: CISSP questions

Which of the following is the LEAST important information to record when logging a security violation?

 

a. User’s name
b. Userid
c. Type of violation
d. Date and time of the violation


Answer: a

 

OK, an easy one for you today.  Just remember that the usere's name generally isn't known from direct evidence, but inferred from the userid.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: CISSP questions

What determines the assignment of data classifications in a mandatory access control philosophy?

a. The analysis of the users in conjunction with the audit department.
b. The assessment by the information security department.
c. The steward’s evaluation of the particular information element.
d. The requirement of the organization’s published security policy.

 


Answer: d.

 

Reference: Computer Security Basics; Russell & Gangemi; pg 72-74

 

While analysis by users, the audit department, the infosec office, and possibly a steward have places or responsibilities for access control, determination is at the direction of policy.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: CISSP questions

What role does biometrics have in logical access control?

 

a. Identification
b. Authorization
c. Authentication
d. Confirmation


Answer: c.

 

Reference: Computer Security Basics; Russell & Gangemi; pg 57-58.

 

OK, I know that there is going to be discussion on this one.  Authorization and confirmation are out, of course, but there are instances where biometrics are going to be used for identification (sometimes paired with authentication).  The principle to keep in mind here is: don't fight the exam.  The point is not to prove that you can come up with a counterexample, the point is what are most security professionals going to say.  And most security professionals are going to agree that the most important and significant role biometrics plays is in authentication.  After all, biometrics is the "something you are" that is the third pillar of authentication besides something you know and something you have.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468