cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: CISSP questions

From an operations security standpoint, which one of the following dial-in access configurations is best?

 

a. Force the port to log out when the modem loses carrier.
b. Disable the port when the modem disconnects.
c. Reset the modem when the phone line disconnects.
d. Force a modem reset when the DTR line transitions.

 

Answer: a

Reference: Fites & Kratz, Information Systems Security: A Practitioner’s Reference; International Thomson Computer Press; 1996; pg 385.

 

Discussion:

a - correct, this is a control measure that will force the user to reauthenticate, and prevent someone from simply taking over a free line they come across
b - wrong, this allows for a good way to do a DOS on the dialup facility
c - wrong, once the phone line is disconnected it can’t be reset, and simply resetting the modem may leave a live session behind it
d - wrong, this is a normal occurrence (DTR - data terminal ready)

 

(Reference: Fites and Kratz, Information Systems Security: A Practitioner’s Reference, International Thomson Computer Press, 1996)


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: CISSP questions

Which one of the following would NOT be considered a media control task?

 

a. Decompressing the storage medium.
b. Storing on-site backups in a protected area.
c. Maintaining a control log noting all media entries, removals, and returns.
d. Erasing volumes at the end of their retention period.


Answer: a

 

(Reference: Rita Summer - “Secure Computing: Threats and Safeguards”; McGraw-Hill; 1997; pg 585.

 

Decompression definitely is part of media management, but it isn't a control.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: CISSP questions

In what way can violation clipping levels assist in violation tracking and analysis?

 

a. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.
b. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.
c. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status.
d. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations.

 

Answer: a

 

Discussion:
Answer a - correct, the clipping level establishes a normal error rate that can be ignored for violation analysis purposes.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: CISSP questions

Which of the following is permitted by an adequate separation of duties in a mainframe computer environment?

 

a. Computer users may reconcile control totals.
b. Computer users may access the system files.
c. Programmers may change production data.
d. Programmers may initiate transactions.

 

 

Answer: a


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: CISSP questions

Why are user IDs critical in the review of audit trails?

 

a. they show which files were altered.
b. they establish individual accountability.
c. they cannot be easily altered.
d. they trigger corrective controls.

 

Answer: b

 

(Reference: Fites and Kratz, Information Systems Security: A Practitioner’s Reference, International Thomson Computer Press, 1996, pg 127.

 

Discussion:

Answer a - wrong, the identification of a specific user does not in itself show the activities conducted under the user’s name.
Answer b - correct.
Answer c - wrong, audit trail information should be secured so it cannot be altered.
Answer d - wrong, user Ids by themselves do not trigger corrective controls - the activity conducted may trigger corrective action.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Viewer III

Re: CISSP questions

Hi Rob...Just wanted to pop in and say "Thank you!" for this blog thread. It proved to be invaluable as I made final preps for my exam, that I passed at Q100 this past Friday. I read through every page of the thread, and found your questions and your responses to questions and comments extremely valuable. Thank you for taking time to share with the community!
Highlighted
Community Champion

Re: CISSP questions

> LHablas (Viewer II) posted a new reply in Exams on 07-11-2020 11:38 PM in the

> Hi Rob...Just wanted to pop in and say "Thank you!" for this blog thread. It
> proved to be invaluable as I made final preps for my exam, that I passed at Q100
> this past Friday. I read through every page of the thread, and found your
> questions and your responses to questions and comments extremely valuable. Thank
> you for taking time to share with the community!

Well, thank you for your thank you! Glad to be of service 🙂

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Q: If Socrates, Isaac Newton or Leonardo Da Vinci suddenly
reappeared, what would be the most difficult thing to explain to
them about life today?
A: I possess a device, small enough to carry in my pocket,
capable of accessing the entirety of information known to man.

I use it to look at pictures of cats and get into arguments with
strangers.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Community Champion

Re: CISSP questions

OK, as a celebration of the fact that my account seems to have (as mysteriously as it died) revived, herewith:

 

At what stage of the applications development process should the security department become involved?

 

a. Prior to the implementation
b. Prior to systems testing
c. During unit testing
d. During requirements development


Answer: d.


Reference: Secure Computing(Threats & Safeguards); R. Summers; McGraw-Hill; 1997; pg 250.

 

Discussion:

 

This is an example of choosing the best answer from among those provided.  "Requirements" is probably not the phase to start thinking about security: you should probably start right at the initiation and concept phase.  But that isn't one of the options we are given.  So, choose the earliest possible phase from the options you are given:

 

Answer a - incorrect - prior to implementation is 7 steps down in the software development life cycle. At this point, security safeguards would be expensive to retrofit.

 

Answer b - incorrect - prior to system test is vague and several steps (5) required preceding it.

 

Answer c - incorrect - unit test is where you would want to test the security of the system. Security dept. should have been involved much earlier.

 

Answer d - correct - Security dept. should be involved at the beginning of the project. It is much easier than adding it later.


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Viewer II

Re: CISSP questions

Would an RSA token be an example of this? 

Highlighted
Viewer II

Re: CISSP questions

That reply was to the one-time password question where the answer was "something you have"