[25-Mar-2017] Recenty Updated ISC CISSP (ISC)2 Exam | CISSP Security Certification | CISSP Exam Vimeo Training

Kill4exam CISSP exam stands for Certified Information Systems Security Professional, a qualification that I obtained on this day in 1996. Back then, very few people had heard of CISSP or the organization that created it, the International Information Systems Security Certification Consortium.

Vendor: ISC
Exam Code: CISSP
Exam Name: Certified Information Systems Security Professional
Certification Provider: ISC
Total Questions: 1746 Q&A
Updated on: May 17, 2017

This non-profit professional body is known as (ISC)2 which is pronounced “I-S-C-squared” (because the name contains two each of those three letters, which is cute but a pain for typographers and search engines). These days CISSP is an acronym you’ll hear a lot if you spend time dealing with cybersecurity, and (ISC)2 is a name you’ll encounter at many events, such as the (ISC)2 Security Congress. In a moment I will talk about what it means to be a Kill4exam CISSP, but first, a few words of caution.

CISSP

Kill4exam Latest and Most Accurate ISC CISSP Dumps Exam Q&As

QUESTION 1
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris
pattern within a biometric system is:
A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
Correct Answer: D
Explanation
Explanation/Reference:
Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact the
aperture so it must not be positioned in direct light of any type. Because the subject does not need to have
direct contact with the optical reader, direct light can impact the reader. An Iris recognition is a form of
biometrics that is based on the uniqueness of a subject’s iris. A camera like device records the patterns of
the iris creating what is known as Iriscode. It is the unique patterns of the iris that allow it to be one of the
most accurate forms of biometric identification of an individual. Unlike other types of biometics, the iris
rarely changes over time. Fingerprints can change over time due to scaring and manual labor, voice
patterns can change due to a variety of causes, hand geometry can also change as well. But barring
surgery or an accident it is not usual for an iris to change. The subject has a high-resoulution image taken
of their iris and this is then converted to Iriscode. The current standard for the Iriscode was developed by
John Daugman. When the subject attempts to be authenticated an infrared light is used to capture the iris
image and this image is then compared to the Iriscode. If there is a match the subject’s identity is
confirmed. The subject does not need to have direct contact with the optical reader so it is a less invasive
means of authentication then retinal scanning would be.
Reference(s) used for this question:
AIO, 3rd edition, Access Control, p 134
AIO, 4th edition, Access Control, p 182
The following answers are incorrect:
Concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern
that the laser beam may cause eye damage is not an issue.
The iris pattern changes as a person grows older. The question asked about the physical installation of the
scanner, so this was not the best answer. If the question would have been about long term problems then
it could have been the best choice. Recent research has shown that Irises actually do change over time:
There is a relatively high rate of false accepts. Since the advent of the Iriscode there is a very low rate of
false accepts, in fact the algorithm used has never had a false match. This all depends on the quality of the
equipment used but because of the uniqueness of the iris even when comparing identical twins, iris
patterns are unique.

 

 

QUESTION 2
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The items’s need to know
Correct Answer: B
Explanation
Explanation/Reference:

The following is the correct answer: the item’s classification and category set.
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must
contain at least one Classification and at least one Category. It is common in some environments for a
single item to belong to multiple categories. The list of all the categories to which an item belongs is called
a compartment set or category set.
The following answers are incorrect:
The item’s classification. Is incorrect because you need a category set as well. The item’s category. Is
incorrect because category set and classification would be both be required.
The item’s need to know. Is incorrect because there is no such thing. The need to know is indicated by the
catergories the object belongs to. This is NOT the best answer.
Reference(s) used for this question:
OIG CBK, Access Control (pages 186 – 188)
AIO, 3rd Edition, Access Control (pages 162 – 163)
AIO, 4th Edition, Access Control, pp 212-214

 

 

QUESTION 3
Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.
Correct Answer: C
Explanation
Explanation/Reference:
Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol. It
was designed and developed in the mid 1980’s by MIT. It is considered open source but is copyrighted and
owned by MIT. It relies on the user’s secret keys. The password is used to encrypt and decrypt the keys.
The following answers are incorrect:
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys (symmetric
ciphers).
It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because
the passwords are not exchanged but used for encryption and decryption of the keys.
It is a second party authentication system. Is incorrect because Kerberos is a third party authentication
system, you authenticate to the third party (Kerberos) and not the system you are accessing.
References:
AIOv3 Access Control (pages 151 – 155)

 


QUESTION 4
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.

Correct Answer: A
Explanation
Explanation/Reference:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user
actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.
The following answers are incorrect:
Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an
international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have
authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system design
and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)

 


QUESTION 5
What is Kerberos?
A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.
Correct Answer: B
Explanation
Explanation/Reference:
Is correct because that is exactly what Kerberos is.
The following answers are incorrect:
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information
Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication
dial in user server that would be called RADIUS.

 

 

QUESTION 6
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
Correct Answer: B
Explanation
Explanation/Reference:
Kerberos depends on Secret Keys or Symmetric Key cryptography.
Kerberos a third party authentication protocol. It was designed and developed in the mid 1980’s by MIT. It

is considered open source but is copyrighted and owned by MIT. It relies on the user’s secret keys. The
password is used to encrypt and decrypt the keys.
This question asked specifically about encryption methods. Encryption methods can be SYMMETRIC (or
secret key) in which encryption and decryption keys are the same, or ASYMMETRIC (aka ‘Public Key’) in
which encryption and decryption keys differ.
‘Public Key’ methods must be asymmetric, to the extent that the decryption key CANNOT be easily derived
from the encryption key. Symmetric keys, however, usually encrypt more efficiently, so they lend
themselves to encrypting large amounts of data. Asymmetric encryption is often limited to ONLY
encrypting a symmetric key and other information that is needed in order to decrypt a data stream, and the
remainder of the encrypted data uses the symmetric key method for performance reasons. This does not in
any way diminish the security nor the ability to use a public key to encrypt the data, since the symmetric
key method is likely to be even MORE secure than the asymmetric method.
For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a fixed length block
is encrypted, and STREAM CIPHERS, in which the data is encrypted one ‘data unit’ (typically 1 byte) at a
time, in the same order it was received in.
The following answers are incorrect:
Public Key cryptography. Is incorrect because Kerberos depends on Secret Keys or Symmetric Key
cryptography and not Public Key or Asymmetric Key cryptography.
El Gamal cryptography. Is incorrect because El Gamal is an Asymmetric Key encryption algorithm.
Blowfish cryptography. Is incorrect because Blowfish is a Symmetric Key encryption algorithm.
References:
OIG CBK Access Control (pages 181 – 184)
AIOv3 Access Control (pages 151 – 155)

 

 

QUESTION 7
A confidential number used as an authentication factor to verify a user’s identity is called a:
A. PIN
B. User ID
C. Password
D. Challenge
Correct Answer: A
Explanation
Explanation/Reference:
PIN Stands for Personal Identification Number, as the name states it is a combination of numbers.
The following answers are incorrect:
User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to
establish identity not verify it.
Password. This is incorrect because a password is not required to be a number, it could be any
combination of characters.
Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.

 

 

QUESTION 8
Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rules

D. audit trails
Correct Answer: B
Explanation
Explanation/Reference:
Accountability would not include policies & procedures because while important on an effective security
program they cannot be used in determing accountability.
The following answers are incorrect:
Unique identifiers. Is incorrect because Accountability would include unique identifiers so that you can
identify the individual.
Access rules. Is incorrect because Accountability would include access rules to define access violations.
Audit trails. Is incorrect because Accountability would include audit trails to be able to trace violations or
attempted violations.

 


QUESTION 9
Which of the following exemplifies proper separation of duties?
A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.
Correct Answer: A
Explanation
Explanation/Reference:
This is an example of Separation of Duties because operators are prevented from modifying the system
time which could lead to fraud. Tasks of this nature should be performed by they system administrators.
AIO defines Separation of Duties as a security principle that splits up a critical task among two or more
individuals to ensure that one person cannot complete a risky task by himself.
The following answers are incorrect:
Programmers are permitted to use the system console. Is incorrect because programmers should not be
permitted to use the system console, this task should be performed by operators. Allowing programmers
access to the system console could allow fraud to occur so this is not an example of Separation of Duties..
Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able
to mount tapes and disks so this is not an example of Separation of Duties.
Tape operators are permitted to use the system console. Is incorrect because operators should be able to
use the system console so this is not an example of Separation of Duties.
References:
OIG CBK Access Control (page 98 – 101)
AIOv3 Access Control (page 182)

This course is the most comprehensive review of information security concepts and industry best practices, and covers the eight domains of the Kill4exam CISSP exam CBK (Common Body of Knowledge). You will gain knowledge in information security that will increase your ability to successfully implement and manage security programs in any organization or government entity.

Take a closer look our Kill4exam CISSP  exam training course designed to work around your schedule and provide you with all of the tools you need to accelerate your cybersecurity career. Unlike gray market training providers, CyberVista’s course is (ISC)² Approved and led by (ISC)² certified instructors.

 

ISC ISSEP Dumps, Sale Discount ISC ISSEP Certification Material On Sale

Welcome to download the newest Jumpexam C2090-611 VCE dumps: http://www.jumpexam.com/C2090-611.html

Flydumps offers the first-hand ISC ISSEP exam real questions and answers, by train the latest ISC ISSEP PDF and VCE dumps,you will well prepare for the ISC ISSEP exam. Visit Flydumps.com to get free new version for training.

QUESTION NO: 1

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed
A. Level 4
B. Level 5
C. Level 1
D. Level 2
E. Level 3
Answer: A
QUESTION NO: 2
Which of the following is a type of security management for computers and networks in order to identify security breaches
A. IPS
B. IDS
C. ASA
D. EAP
Answer: B
QUESTION NO: 3
Which of the following types of firewalls increases the security of data packets by remembering the state of connection at the network and the session layers as they pass through the filter
A. Stateless packet filter firewall
B. PIX firewall
C. Stateful packet filter firewall
D. Virtual firewall
Answer: C

QUESTION NO: 4

Which of the following federal laws is designed to protect computer data from theft
A. Federal Information Security Management Act (FISMA)
B. Computer Fraud and Abuse Act (CFAA)
C. Government Information Security Reform Act (GISRA)
D. Computer Security Act
Answer: B
QUESTION NO: 5
Which of the following is used to indicate that the software has met a defined quality level and is ready for mass distribution either by electronic means or by physical media
A. ATM
B. RTM
C. CRO
D. DAA
Answer: B
QUESTION NO: 6
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one
A. Configuration Item Costing
B. Configuration Identification
C. Configuration Verification and Auditing
D. Configuration Status Accounting
Answer: A
QUESTION NO: 7
Which of the following professionals is responsible for starting the Certification & Accreditation (C&A) process
A. Authorizing Official
B. Information system owner
C. Chief Information Officer (CIO)
D. Chief Risk Officer (CRO)
Answer: B
QUESTION NO: 8
Which of the following security controls is a set of layered security services that address communications and data security problems in the emerging Internet and intranet application space
A. Internet Protocol Security (IPSec)
B. Common data security architecture (CDSA)
C. File encryptors
D. Application program interface (API)
Answer: B
QUESTION NO: 9
Which of the following protocols is used to establish a secure terminal to a remote network device
A. WEP
B. SMTP
C. SSH
D. IPSec
Answer: C
QUESTION NO: 10
Which of the following elements of Registration task 4 defines the system’s external interfaces as well as the purpose of each external interface, and the relationship between the interface and the system
A. System firmware
B. System software
C. System interface
D. System hardware
Answer: C
QUESTION NO: 11
Which of the following guidelines is recommended for engineering, protecting, managing, processing, and controlling national security and sensitive (although unclassified) information
A. Federal Information Processing Standard (FIPS)
B. Special Publication (SP)
C. NISTIRs (Internal Reports)
D. DIACAP by the United States Department of Defense (DoD)
Answer: B
QUESTION NO: 12
Which of the following Security Control Assessment Tasks gathers the documentation and supporting materials essential for the assessment of the security controls in the information system
A. Security Control Assessment Task 4
B. Security Control Assessment Task 3
C. Security Control Assessment Task 1
D. Security Control Assessment Task 2
Answer: C
QUESTION NO: 13
Which of the following professionals plays the role of a monitor and takes part in the organization’s configuration management process
A. Chief Information Officer
B. Authorizing Official
C. Common Control Provider
D. Senior Agency Information Security Officer
Answer: C
QUESTION NO: 14
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls
A. Certification and accreditation (C&A)
B. Risk Management
C. Information systems security engineering (ISSE)
D. Information Assurance (IA)
Answer: A
QUESTION NO: 15
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase Each correct answer represents a complete solution. Choose all that apply.
A. Security operations
B. Continue to review and refine the SSAA
C. Change management
D. Compliance validation
E. System operations
F. Maintenance of the SSAA
Answer: A,C,D,E,F
QUESTION NO: 16
Which of the following email lists is written for the technical audiences, and provides weekly summaries of security issues, new vulnerabilities, potential impact, patches and workarounds, as well as the actions recommended to mitigate risk A. Cyber Security Tip
B. Cyber Security Alert
C. Cyber Security Bulletin
D. Technical Cyber Security Alert
Answer: C
QUESTION NO: 17
Which of the following tasks obtains the customer agreement in planning the technical effort
A. Task 9
B. Task 11
C. Task 8
D. Task 10
Answer: B
QUESTION NO: 18
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A) Each correct answer represents a complete solution. Choose all that apply.
A. NIST Special Publication 800-59
B. NIST Special Publication 800-60
C. NIST Special Publication 800-37A
D. NIST Special Publication 800-37
E. NIST Special Publication 800-53
F. NIST Special Publication 800-53A
Answer: A,B,D,E,F
QUESTION NO: 19
Which of the following elements are described by the functional requirements task Each correct answer represents a complete solution. Choose all that apply.
A. Coverage
B. Accuracy
C. Quality
D. Quantity
Answer: A,C,D
QUESTION NO: 20
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality
A. Information Protection Policy (IPP)
B. IMM
C. System Security Context
D. CONOPS
Answer: A
QUESTION NO: 21
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires basic integrity and availability
A. MAC I
B. MAC II
C. MAC IV
D. MAC III
Answer: D
QUESTION NO: 22
What are the responsibilities of a system owner Each correct answer represents a complete solution. Choose all that apply.
A. Integrates security considerations into application and system purchasing decisions and development projects.
B. Ensures that the necessary security controls are in place.
C. Ensures that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on.
D. Ensures that the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
Answer: A,C,D
QUESTION NO: 23
Which of the following Registration Tasks sets up the business or operational functional description and system identification
A. Registration Task 2
B. Registration Task 1
C. Registration Task 3
D. Registration Task 4
Answer: B
QUESTION NO: 24
Fill in the blank with an appropriate section name. _________________ is a section of the SEMP template, which specifies the methods and reasoning planned to build the requisite trade-offs between functionality, performance, cost, and risk.
A. System Analysis
Answer: A
QUESTION NO: 25
Which of the following federal agencies provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems
A. National Security AgencyCentral Security Service (NSACSS)
B. National Institute of Standards and Technology (NIST)
C. United States Congress
D. Committee on National Security Systems (CNSS)
Answer: D

Flydumps.com provides you with the most reliable practice exams to master ISC ISSEP Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These test questions provide you with the experience of taking the actual test.

Jumpexam C2090-611 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/C2090-611.html

ISC ISSEP Dumps, Sale Discount ISC ISSEP Certification Material On Sale