- (Topic 1)
Which of the following is NOT a factor related to Access Control?
Correct Answer:
B
These factors cover the integrity, confidentiality, and availability components of information system security.
Integrity is important in access control as it relates to ensuring only authorized subjects can make changes to objects.
Authenticity is different from authentication. Authenticity pertains to something being authentic, not necessarily having a direct correlation to access control.
Confidentiality is pertinent to access control in that the access to sensitive information is controlled to protect confidentiality.
vailability is protected by access controls in that if an attacket attempts to disrupt availability they would first need access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
- (Topic 4)
Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
Correct Answer:
C
Although a auditing is a part of corporate security, it in no way supercedes the requirments for a disaster recovery plan. All others can be blamed for a plan going out of date.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 609).
- (Topic 6)
A packet containing a long string of NOP's followed by a command is usually indicative of what?
Correct Answer:
C
A series of the same control, hexidecimal, characters imbedded in the string is usually an indicator of a buffer overflow attack. A NOP is a instruction which does nothing (No Operation - the hexadecimal equivalent is 0x90)
The following answers are incorrect:
A syn scan. This is incorrect because a SYN scan is when a SYN packet is sent to a specific port and the results are then analyzed.
A half-port scan. This is incorrect because the port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed. Also known as a Half Open Port scan.
A packet destined for the network's broadcast address. This is incorrect because this type of packet would not contain a long string of NOP characters.
- (Topic 3)
A timely review of system access audit records would be an example of which of the basic security functions?
Correct Answer:
D
By reviewing system logs you can detect events that have occured. The following answers are incorrect:
avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything.
deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred.
prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.
- (Topic 6)
The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram?
Correct Answer:
B
If the protocol field has a value of 1 then it would indicate it was ICMP. The following answers are incorrect:
TCP. Is incorrect because the value for a TCP protocol would be 6. UDP. Is incorrect because the value for an UDP protocol would be 17.
IGMP. Is incorrect because the value for an IGMP protocol would be 2.
