Use the best ways of preparing for CISSP Exam Dumps with PassLeaderVCE ISC CISSP dump PDF [2021]
ISC CISSP exam candidates will surely pass the Exam if they consider the CISSP dumps learning material presented by PassLeaderVCE.
NEW QUESTION 567
What is the PRIMARY role of a scrum master in agile development?
- A. To match the software requirements to the delivery plan
- B. To choose the primary development language
- C. To project manage the software delivery
- D. To choose the integrated development environment
Answer: C
Explanation:
Section: Software Development Security
NEW QUESTION 568
Related to information security, confidentiality is the opposite of which of the following?
- A. disaster
- B. disposal
- C. closure
- D. disclosure
Answer: D
NEW QUESTION 569
RAID Level 1 mirrors the data from one disk to set of disks using which of the following techniques?
- A. Establishing dual connectivity to another disk or set of disks.
- B. Moving the data onto another disk or set of disks.
- C. Copying the data onto another disk or set of disks.
- D. Establishing dual addressing to another disk or set of disks.
Answer: C
Explanation:
Explanation: RAID 1 or Mirroring is a technique in which data is written to two duplicate disks simultaneously through a copy process. This way if one of the disk drives fails, the system can instantly switch to the other disk without any loss of data or service. Disk mirroring is used commonly in on-line database systems where it's critical that the data be accessible at all times. RAID means "Redundant Array of Inexpensive Disks".
NEW QUESTION 570
Which of the following computer aided software engineering (CASE) products is used for developing detailed designs, such as screen and report layouts?
- A. I-CASE
- B. Middle CASE
- C. Lower CASE
- D. Upper CASE
Answer: B
Explanation:
This is the proper name, you can search for "Middle CASE" on the Internet. "Middle CASE" its a CASE flavor and UML design tool that provides the required functionality like screen and report layouts and detailed designs. There are many well known vendors providing this kind of tools for the development process of Software.
NEW QUESTION 571
Which of the following uses a directed graph to specify the rights that a subject can transfer to an object, or that a subject can take from another subject?
- A. Bell-Lapadula model
- B. Access Matrix model
- C. Take-Grant model
- D. Biba model
Answer: C
Explanation:
The Take-Grant System is a model that helps in determining the protection rights (e.g., read or write) in a computer system. The Take-Grant system was introduced by Jones, Lipton, and Snyder to show that it is possible to decide on the safety of a computer system even when the number of subjects and objects are very large, or unbound. This can be accomplished in linear time based on the initial size of the system. The take-grant system models a protection system which consists of a set of states and state transitions. A directed graph shows the connections between the nodes of this system. These nodes are representative of the subjects or objects of the model. The directed edges between the nodes represent the rights that one node has over the linked node.
NEW QUESTION 572
Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:
- A. Incident Response
- B. Incident Evaluation
- C. Incident Recognition
- D. Incident Protection
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Incident Response includes notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects.
Incorrect Answers:
A: Incident Evaluation is the process that would be performed by the "appropriate parties" to determine the extent of the severity of an incident. Incident Evaluation is not the process of notifying the appropriate parties about the incident.
B: Incident Recognition is the initial realization that an incident has occurred. After an incident is recognized, the appropriate parties should be notified about the incident. Incident Recognition is not the process of notifying the appropriate parties about the incident.
C: Incident Protection is not a defined incident management process.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 187
NEW QUESTION 573
Covert channel is a communication channel that can be used for:
- A. Strengthening the security policy.
- B. Protecting the DMZ.
- C. Hardening the system.
- D. Violating the security policy.
Answer: D
Explanation:
Covert channel is a communication channel that allows transfer of information in a manner that violates the system's security policy.
NEW QUESTION 574
Which of the following is NOT part of user provisioning?
- A. Business process implementation
- B. Delegating user administration
- C. Maintenance and deactivation of user objects and attributes
- D. Creation and deactivation of user accounts
Answer: A
Explanation:
User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. User provisioning software may include one or more of the following components: change
propagation, self-service workflow, consolidated user administration, delegated user
administration, and federated change control.
User objects may represent employees, contractors, vendors, partners, customers, or other
recipients of a service.
Services may include electronic mail, access to a database, access to a file server or mainframe,
and so on
The following answers are all incorrect answers:
Creation and deactivation of user accounts
Maintenance and deactivation of user objects and attributes
Delegating user administration
The following reference(s) were/was used to create this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 179). McGraw-Hill .
Kindle Edition.
NEW QUESTION 575
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?
- A. The Bell-LaPadula integrity model
- B. The Take-Grant model
- C. The Biba integrity model
- D. The Clark Wilson integrity model
Answer: D
Explanation:
Explanation/Reference:
Explanation:
When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data (CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (Transformation Procedures) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her company's database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database.
Incorrect Answers:
A: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question.
B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. However, it does not define a constrained data item and a transformation procedure.
C: The Bell-LaPadula model does not deal with integrity.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 374
NEW QUESTION 576
When conveying the results of a security assessment, which of the following is the PRIMARY audience?
- A. Security Control Assessor (SCA)
- B. Information System Security Manager (ISSM)
- C. Information System Security Officer (ISSO)
- D. Authorizing Official (AO)
Answer: B
NEW QUESTION 577
Which of the following is the MOST difficult to enforce when using cloud computing?
- A. Data backup
- B. Data recovery
- C. Data disposal
- D. Data access
Answer: C
NEW QUESTION 578
Which of the following is an initial consideration when developing an information security management system?
- A. Identify the contractual security obligations that apply to the organizations
- B. Identify relevant legislative and regulatory compliance requirements
- C. Identify the level of residual risk that is tolerable to management
- D. Understand the value of the information assets
Answer: D
NEW QUESTION 579
How often should an independent review of the security controls be
performed, according to OMB Circular A-130?
- A. Every five years
- B. Every three years
- C. Never
- D. Every year
Answer: B
Explanation:
The correct answer is "Every three years". OMB Circular A-130 requires that a review of the security controls for each major government application be performed at least every three years. For general support systems,
OMB Circular A-130 requires that the security controls be reviewed
either by an independent audit or self review. Audits can be selfadministered or independent (either internal or external). The essential difference between a self-audit and an independent audit is
objectivity; however, some systems may require a fully independent
review. Source: Office of Management and Budget Circular A-130,
revised November 30, 2000 .
NEW QUESTION 580
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
- A. Needs a Public Key Infrastructure (PKI) to work
- B. IKE is used to setup Security Associations
- C. Pre shared key authentication is normally based on simple passwords
- D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
Answer: A
Explanation:
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security
association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.
IKE uses X.509 certificates for authentication which are either pre-shared or distributed using DNS
(preferably with DNSSEC) and a Diffie-Hellman key exchange to set up a shared session secret
from which cryptographic keys are derived.
Internet Key Exchange (IKE) Internet key exchange allows communicating partners to prove their
identity to each other and establish a secure communication channel, and is applied as an
authentication component of IPSec.
IKE uses two phases:
Phase 1: In this phase, the partners authenticate with each other, using one of the following:
Shared Secret: A key that is exchanged by humans via telephone, fax, encrypted e-mail, etc.
Public Key Encryption: Digital certificates are exchanged.
Revised mode of Public Key Encryption: To reduce the overhead of public key encryption, a nonce
(a Cryptographic function that refers to a number or bit string used only once, in security engineering) is encrypted with the communicating partner's public key, and the peer's identity is encrypted with symmetric encryption using the nonce as the key. Next, IKE establishes a temporary security association and secure tunnel to protect the rest of the key exchange. Phase 2: The peers' security associations are established, using the secure tunnel and temporary SA created at the end of phase 1.
The following reference(s) were used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 7032-7048). Auerbach Publications. Kindle Edition. and RFC 2409 at http://tools.ietf.org/html/rfc2409 and http://en.wikipedia.org/wiki/Internet_Key_Exchange
NEW QUESTION 581
In terms of the order of acceptance, which of the following technologies is the MOST accepted?
- A. Voice Pattern
- B. Keystroke pattern
- C. Hand geometry
- D. Signature
Answer: A
Explanation:
The order of acceptance has slightly changed in the past years. It was Iris that was the most accepted method three years ago but today we have Voice Pattern that is by far the most accepted. Here is the list from most accepted first to least accepted at the bottom of the list: Voice Pattern Keystroke pattern Signature Hand geometry Handprint Fingerprint Iris Retina pattern
NEW QUESTION 582
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
- A. SET (Secure Electronic Transaction)
- B. SSH ( Secure Shell)
- C. S/MIME (Secure MIME)
- D. SSL (Secure Sockets Layer)
Answer: A
Explanation:
As protocol was introduced by Visa and Mastercard to allow for more credit card
transaction possibilities. It is comprised of three different pieces of software, running on the
customer's PC (an electronic wallet), on the merchant's Web server and on the payment server of
the merchant's bank. The credit card information is sent by the customer to the merchant's Web
server, but it does not open it and instead digitally signs it and sends it to its bank's payment
server for processing.
The following answers are incorrect because :
SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides
terminal like access to remote computers.
S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail and for
providing secure data transmissions.
SSL is incorrect as it uses public key encryption and provides data encryption, server
authentication, message integrity, and optional client authentication.
Reference : Shon Harris AIO v3 , Chapter-8: Cryptography , Page : 667-669
NEW QUESTION 583
......
Full CISSP Practice Test and 990 unique questions with explanations waiting just for you, get it now: https://drive.google.com/open?id=1iMrdId9U2Z1g31jaiy2Eg2cemnI_S2mq
Accurate & Verified Answers As Seen in the Real Exam here: https://www.passleadervce.com/ISCCertification/reliable-CISSP-exam-learning-guide.html