Reference Solution for

CISSP.exam.724q
CISSP

CISSP

Certified Information Systems Security Professional

Score: 800/1000
Version:

1
Licensed to Joseph McCray joe@strategicsec.com
 Time Limit: 120 Minutes

2 Licensed to Joseph McCray joe@strategicsec.com

Exam A (5 questions)
Question 1
Which conceptual approach to intrusion detection system is the MOST common?

 Behavior-based intrusion detection

 Knowledge-based intrusion detection
 Statistical anomaly-based intrusion detection
 Host-based intrusion detection
Explanation:

Explanation:

An IDS can detect malicious behavior using two common methods. One way is to use knowledge-
based detection which is more frequently used. The second detection type is behavior-based
detection.

Incorrect Answers:

A: behavior-based detection is less common compared to knowledge-based detection.

C: A Statistical anomaly-based IDS is a behavioral-based system.

D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional
approaches are knowledge-based detection and behavior-based detection.

References:

Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security
Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56

Question 2
Which of the following is used to create and modify the structure of your tables and other objects in
the database?

 SQL Data Definition Language (DDL)

 SQL Data Manipulation Language (DML)
 SQL Data Relational Language (DRL)
 SQL Data Identification Language (DIL)
Explanation:

Explanation:

The Data Definition Language (DDL) is similar to a computer programming language and is used for
defining data structures, such as database schemas, database tables, and other database objects.

3 Licensed to Joseph McCray joe@strategicsec.com

Incorrect Answers:

B: The Data Manipulation Language (DML) is used to retrieve, insert and modify database data. These
commands will be used by all database users during the routine operation of the database.

C: The SQL language consists of three components: the Data Definition Language (DDL), the Data
Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data
relational language.

D: The SQL language consists of three components: the Data Definition Language (DDL), the Data
Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data
identification language.

References:

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1177

Question 3
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to
the true ceiling and installs a white noise generator. What attack is the employee trying to protect
against?

 Emanation Attacks
 Social Engineering
 Object reuse
 Wiretapping
Explanation:

Explanation:

Shielding is used to protect against electromagnetic emanation by reducing the size and strength of
the propagated field. This makes shielding an effective method for decreasing or eliminating the
interference and crosstalk. White noise is also used to protect against electromagnetic emanation. It
achieves this by drowning out the small signal emanations that could normally be identified and used
by unauthorized users to steal data.

Incorrect Answers:

B: Shielding and white noise are not countermeasures to Social Engineering.

C: To protect against object reuse issues, you should wipe data from the subject media before reuse.

D: Shielding and white noise are not countermeasures to Wiretapping.

References:

Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, pp. 261, 262, 689

4 Licensed to Joseph McCray joe@strategicsec.com

https://en.wikipedia.org/wiki/Social_engineering_(security)

http://people.howstuffworks.com/wiretapping.htm

Question 4
Which disaster recovery plan test involves functional representatives meeting to review the plan in
detail?

 Simulation test
 Checklist test
 Parallel test
 Structured walk-through test
Explanation:

Explanation:

In a Structured walk-through test representatives from each department or functional area come
together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan;
discusses the scope and assumptions of the plan; reviews the organization and reporting structure;
and evaluates the testing, maintenance, and training requirements described.

Incorrect Answers:

A: In a Simulation test the plan is not reviewed in detail. In a Simulation test all employees who
participate in operational and support functions, or their representatives, come together to practice
executing the disaster recovery plan based on a specific scenario.

B: A Checklist test, like a Structured walk-through test, has the aim to review the plan, but in a
Checklist test the functional representatives do not meet. Instead copies of the BCP are distributed
to the different departments and functional areas for review.

C: The purpose of a Parallel test is not to review the plan in detail. A parallel test is done to ensure
that the specific systems can actually perform adequately at the alternate offsite facility.

References:

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 955

5 Licensed to Joseph McCray joe@strategicsec.com

Question 5
Communications devices must operate:

 at different speeds to communicate.

 at the same speed to communicate.
 at varying speeds to interact.
 at high speed to interact.
Explanation:

Explanation:

It is preferable that both devices have the same speed when they are going to interoperate.

Incorrect Answers:

A: It is preferable that the devices have the same speed to interoperate well.

C: Communication is easier if the speeds of the devices do not change.

D: High speed is not a necessity for devices to be able to interact.

6 Licensed to Joseph McCray joe@strategicsec.com