LibCat » Книги » Приключения » unrecognised » Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Здесь есть возможность читать онлайн «Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests
Автор:
Mike Chapple
Жанр:
unrecognised / на английском языке
Год:
неизвестен
ISBN:
нет данных
Рейтинг книги:
3 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 60
- 1
- 2
- 3
- 4
- 5

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Full-length practice tests covering all CISSP domains for the ultimate exam prep The
is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
Test your knowledge of the 2021 exam domains Identify areas in need of further study Gauge your progress throughout your exam preparation Practice test taking with Sybex’s online test environment containing the questions from the book The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

82 The system that Ian has built replaces data in a database field with a randomized string of characters that remains the same for each instance of that data. What technique has he used?Data maskingTokenizationAnonymizationDES

83 Juanita's company processes credit cards and wants to select appropriate data security standards. What data security standard is she most likely to need to use and comply with?CC-ComplyPCI-DSSGLBAGDPR

84 What is the best method to sanitize a solid-state drive (SSD)?ClearingZero fillDisintegrationDegaussingFor questions 85–87, please refer to the following scenario:As shown in the following security lifecycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. Using your knowledge of data roles and practices, answer the following questions based on the NIST framework process.

85 What data role will own responsibility for step 1, the categorization of information systems; to whom will they delegate step 2; and what data role will be responsible for step 3?Data owners, system owners, custodiansData processors, custodians, usersBusiness owners, administrators, custodiansSystem owners, business owners, administrators

86 If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role?Step 1Step 2Step 3Step 4

87 What data security role is primarily responsible for step 5?Data ownersData processorsCustodiansUsers

88 Susan’s organization performs a secure disk wipe process on hard drives before they are sent to a third-party organization to be shredded. What issue is her organization attempting to avoid?Data retention that is longer than defined in policyMishandling of drives by the third partyClassification mistakesData permanence

89 Mike wants to track hardware assets as devices and equipment are moved throughout his organization. What type of system can help do this without requiring staff to individually check bar codes or serial numbers?A visual inventoryWiFi MAC address trackingRFID tagsSteganography

90 Retaining and maintaining information for as long as it is needed is known as what?Data storage policyData storageAsset maintenanceRecord retention

91 Which of the following activities is not a consideration during data classification?Who can access the dataWhat the impact would be if the data was lost or breachedHow much the data cost to createWhat protection regulations may be required for the data

92 What type of encryption is typically used for data at rest?Asymmetric encryptionSymmetric encryptionDESOTP

93 Which data role is tasked with apply rights that provide appropriate access to staff members?Data processorsBusiness ownersCustodiansAdministrators

94 What element of asset security is often determined by identifying an asset's owner?It identifies the individual(s) responsible for protecting the asset.It provides a law enforcement contact in case of theft.It helps establish the value of the asset.It determines the security classification of the asset.

95 Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?Ensure that the tapes are handled the same way the original media would be handled based on their classification.Increase the classification level of the tapes because they are leaving the possession of the company.Purge the tapes to ensure that classified data is not lost.Decrypt the tapes in case they are lost in transit.

96 Which of the following does not describe data in motion?Data on a backup tape that is being shipped to a storage facilityData in a TCP packetData in an e-commerce transactionData in files being copied between locations

97 A new law is passed that would result in significant financial harm to your company if the data that it covers was stolen or inadvertently released. What should your organization do about this?Select a new security baseline.Relabel the data.Encrypt all of the data at rest and in transit.Review its data classifications and classify the data appropriately.

98 Which of the following data roles are typically found inside of a company instead of as a third-party contracting relationship? (Select all that apply.)Data ownersData controllersData custodiansData processors

99 What commercial data classification is most appropriate for data contained on corporate websites?PrivateSensitivePublicProprietary

100 Match each of the numbered data elements shown here with one of the lettered categories. You may use the categories once, more than once, or not at all. If a data element matches more than one category, choose the one that is most specific.Data elementsMedical recordsTrade secretsSocial Security numbersDriver's license numbersCategoriesProprietary dataProtected health informationPersonally identifiable information

Chapter 3 Security Architecture and Engineering (Domain 3)

SUBDOMAINS:

3.1 Research, implement and manage engineering processes using secure design principles

3.2 Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)

3.3 Select controls based upon system security requirements

3.4 Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)

3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements

3.6 Select and determine cryptographic solutions

3.7 Understand methods of cryptanalytic attacks

3.8 Apply security principles to site and facility design

3.9 Design site and facility security controls

1 Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users' access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme's competitors. What security model best fits Matthew's needs?Clark-WilsonBibaBell-LaPadulaBrewer-Nash

2 Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?IncipientSmokeFlameHeat

3 Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?CCTVIPSTurnstilesFaraday cages

4 Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?24812

5 Fran's company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran's company considering?SaaSIaaSCaaSPaaS

6 Bob is a security administrator with the U.S. federal government and wants to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?DSAHAVALRSAECDSA

7 Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?HarrySallyServerDocument

8 Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?Keep the website offline until the investigation is complete.Take the virtualization platform offline as evidence.Take a snapshot of the compromised system and use that for the investigation.Ignore the incident and focus on quickly restoring the website.