Professional Documents
Culture Documents
CISSP.exam.724q
CISSP
CISSP
Score: 800/1000
Version:
1
Licensed to Joseph McCray joe@strategicsec.com
Time Limit: 120 Minutes
Explanation:
An IDS can detect malicious behavior using two common methods. One way is to use knowledge-
based detection which is more frequently used. The second detection type is behavior-based
detection.
Incorrect Answers:
D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional
approaches are knowledge-based detection and behavior-based detection.
References:
Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security
Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 56
Question 2
Which of the following is used to create and modify the structure of your tables and other objects in
the database?
Explanation:
The Data Definition Language (DDL) is similar to a computer programming language and is used for
defining data structures, such as database schemas, database tables, and other database objects.
B: The Data Manipulation Language (DML) is used to retrieve, insert and modify database data. These
commands will be used by all database users during the routine operation of the database.
C: The SQL language consists of three components: the Data Definition Language (DDL), the Data
Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data
relational language.
D: The SQL language consists of three components: the Data Definition Language (DDL), the Data
Manipulation Language (DML), and the Data Control Language (DCL). It does not contain a data
identification language.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1177
Question 3
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to
the true ceiling and installs a white noise generator. What attack is the employee trying to protect
against?
Emanation Attacks
Social Engineering
Object reuse
Wiretapping
Explanation:
Explanation:
Shielding is used to protect against electromagnetic emanation by reducing the size and strength of
the propagated field. This makes shielding an effective method for decreasing or eliminating the
interference and crosstalk. White noise is also used to protect against electromagnetic emanation. It
achieves this by drowning out the small signal emanations that could normally be identified and used
by unauthorized users to steal data.
Incorrect Answers:
C: To protect against object reuse issues, you should wipe data from the subject media before reuse.
References:
Miller, David R, CISSP Training Kit, O’Reilly Media, 2013, Sebastopol, pp. 261, 262, 689
http://people.howstuffworks.com/wiretapping.htm
Question 4
Which disaster recovery plan test involves functional representatives meeting to review the plan in
detail?
Simulation test
Checklist test
Parallel test
Structured walk-through test
Explanation:
Explanation:
In a Structured walk-through test representatives from each department or functional area come
together and go over the plan to ensure its accuracy. The group reviews the objectives of the plan;
discusses the scope and assumptions of the plan; reviews the organization and reporting structure;
and evaluates the testing, maintenance, and training requirements described.
Incorrect Answers:
A: In a Simulation test the plan is not reviewed in detail. In a Simulation test all employees who
participate in operational and support functions, or their representatives, come together to practice
executing the disaster recovery plan based on a specific scenario.
B: A Checklist test, like a Structured walk-through test, has the aim to review the plan, but in a
Checklist test the functional representatives do not meet. Instead copies of the BCP are distributed
to the different departments and functional areas for review.
C: The purpose of a Parallel test is not to review the plan in detail. A parallel test is done to ensure
that the specific systems can actually perform adequately at the alternate offsite facility.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 955
Explanation:
It is preferable that both devices have the same speed when they are going to interoperate.
Incorrect Answers:
A: It is preferable that the devices have the same speed to interoperate well.