LibCat » Книги » Приключения » unrecognised » Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

Здесь есть возможность читать онлайн «Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests
Автор:
Mike Chapple
Жанр:
unrecognised / на английском языке
Год:
неизвестен
ISBN:
нет данных
Рейтинг книги:
3 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 60
- 1
- 2
- 3
- 4
- 5

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

Full-length practice tests covering all CISSP domains for the ultimate exam prep The
is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.
The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.
Test your knowledge of the 2021 exam domains Identify areas in need of further study Gauge your progress throughout your exam preparation Practice test taking with Sybex’s online test environment containing the questions from the book The CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests — читать онлайн ознакомительный отрывок

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

65 When the e-commerce application creates an account for a Google user, where should that user's password be stored?The password is stored in the e-commerce application's database.The password is stored in memory on the e-commerce application's server.The password is stored in Google's account management system.The password is never stored; instead, a salted hash is stored in Google's account management system.

66 Which of the following is responsible for user authentication for Google users?The e-commerce application.Both the e-commerce application and Google servers.Google servers.The diagram does not provide enough information to determine this.

67 What type of attack is the creation and exchange of state tokens intended to prevent?XSSCSRFSQL injectionXACML

68 Questions like “What is your pet's name?” are examples of what type of identity proofing?Knowledge-based authenticationDynamic knowledge-based authenticationOut-of-band identity proofingA Type 3 authentication factor

69 Madhuri creates a table that includes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempts to access an object, the systems check the table to ensure that the subject has the appropriate rights to the objects. What type of access control system is Madhuri using?A capability tableAn access control listAn access control matrixA subject/object rights management system

70 During a review of support tickets, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?Two-factor authenticationBiometric authenticationSelf-service password resetPassphrases

71 Brian's large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unencrypted information transferred during authentication. How should Brian implement encryption for RADIUS?Use the built-in encryption in RADIUS.Implement RADIUS over its native UDP using TLS for protection.Implement RADIUS over TCP using TLS for protection.Use an AES256 pre-shared cipher between devices.

72 Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?KerberosOAuthOpenIDLDAP

73 Ben's organization has had an issue with unauthorized access to applications and workstations during the lunch hour when employees aren't at their desk. What are the best types of session management solutions for Ben to recommend to help prevent this type of access?Use session IDs for all access and verify system IP addresses of all workstations.Set session timeouts for applications and use password-protected screensavers with inactivity timeouts on workstations. Use session IDs for all applications, and use password-protected screensavers with inactivity timeouts on workstations.Set session timeouts for applications and verify system IP addresses of all workstations.

74 What type of authentication scenario is shown in the following diagram?Hybrid federationOn-premise federationCloud federationKerberos federation

75 Chris wants to control access to his facility while still identifying individuals. He also wants to ensure that the individuals are the people who are being admitted without significant ongoing costs. Which solutions from the following options would meet all of these requirements? (Select all that apply.)Security guards and photo identification badgesRFID badges and readers with PIN padsMagstripe badges and readers with PIN padsSecurity guards and magstripe readers

76 A device like Yubikey or Titan Security Key is what type of Type 2 authentication factor?A tokenA biometric identifierA smart cardA PIV

77 What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API?SAMLShibbolethOpenID ConnectHiggins

78 Jim wants to implement an access control scheme that will ensure that users cannot delegate access. He also wants to enforce access control at the operating system level. What access control mechanism best fits these requirements?Role-based access controlDiscretionary access controlMandatory access controlAttribute-based access control

79 The security administrators at the company that Susan works for have configured the workstation she uses to allow her to log in only during her work hours. What type of access control best describes this limitation?Constrained interfaceContext-dependent controlContent-dependent controlLeast privilege

80 Ben uses a software-based token that changes its code every minute. What type of token is he using?AsynchronousSmart cardSynchronousStatic

81 Firewalls are an example of what type of access control mechanism?Mandatory access controlAttribute-based access controlDiscretionary access controlRule-based access control

82 Michelle works for a financial services company and wants to register customers for her web application. What type of authentication mechanism could she use for the initial login if she wants to quickly and automatically verify that the person is who they claim to be without having a previous relationship with them?Request their Social Security number.Use knowledge-based authentication. Perform manual identity verification.Use a biometric factor.

83 Megan's company wants to use Google accounts to allow users to quickly adopt their web application. What common cloud federation technologies will Megan need to implement? (Select all that apply.)KerberosOpenIDOAuthRADIUS

84 Session ID length and session ID entropy are both important to prevent what type of attack?Denial of serviceCookie theftSession guessingMan-in-the-middle attacks

85 The access control system for Naomi's organization checks if her computer is fully patched, if it has a successful clean anti-malware scan, and if the firewall is turned on among other security validations before it allows her to connect to the network. If there are potential issues, she is not permitted to connect and must contact support. What type of access control scheme best describes this type of process?MACRule-based access controlRole-based access controlRisk-based access control

86 Isabelle wants to prevent privilege escalation attacks via her organization's service accounts. Which of the following security practices is best suited to this?Remove unnecessary rights.Disable interactive login for service accounts.Limit when accounts can log in.Use meaningless or randomized names for service accounts.

87 What danger is created by allowing the OpenID relying party to control the connection to the OpenID provider?It may cause incorrect selection of the proper OpenID provider.It creates the possibility of a phishing attack by sending data to a fake OpenID provider. The relying party may be able to steal the client's username and password.The relying party may not send a signed assertion.

88 Jim is implementing a cloud identity solution for his organization. What type of technology is he putting in place?Identity as a serviceEmployee ID as a serviceCloud-based RADIUSOAuth

89 Kristen wants to control access to an application in her organization based on a combination of staff member's job titles, the permissions each group of titles need for the application, and the time of day and location. What type of control scheme should she select?ABACDACMACRole BAC

90 When Alex sets the permissions shown in the following image as one of many users on a Linux server, what type of access control model is he leveraging?Role-based access controlRule-based access controlMandatory access control (MAC)Discretionary access control (DAC)

91 Joanna leads her organization's identity management team and wants to ensure that roles are properly updated when staff members change to new positions. What issue should she focus on for those staff members to avoid future issues with role definition?RegistrationPrivilege creepDeprovisioningAccountability