- (Topic 6)
Telnet and rlogin use which protocol?
Correct Answer:C
TCP allows for reliabilty in connections which would be required for terminal emulation.
The following answers are incorrect:
UDP. Is incorrect because with User Datagram Protocol (UDP) you don't have a reliable transmission, datagrams could arrive out of sequence.
SNMP. Is incorrect because it is a network management protocol, Simple Network Management Protocol (SNMP).
IGP. Is incorrect because Interior Gateway Protocol (IGP) is used interally on a network.
- (Topic 1)
What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?
Correct Answer:C
In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
- (Topic 6)
Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the:
Correct Answer:D
The application firewall (proxy) relays the traffic from a trusted host running a specific application to an untrusted server. It will appear to the untrusted server as if the request originated from the proxy server.
"Data's payload" is incorrect. Only the origin is changed. "Data's details" is incorrect. Only the origin is changed.
"Data's owner" is incorrect. Only the origin is changed. References:
CBK, p. 467
AIO3, pp. 486 - 490
- (Topic 1)
Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
Correct Answer:A
The Answer: Preventive/Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
- (Topic 3)
Which of the following is not a preventive operational control?
Correct Answer:D
Conducting security awareness and technical training to ensure that end users and system users are aware of the rules of behaviour and their responsibilities in protecting the organization's mission is an example of a preventive management control, therefore not an operational control.
Source: STONEBURNER, Gary et al., NIST Special publication 800-30, Risk management Guide for Information Technology Systems, 2001 (page 37).