没有合适的资源?快使用搜索试试~ 我知道了~
CISSP All-in-One Exam Guide 7th Edition.docx
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 116 浏览量
2023-08-17
14:03:36
上传
评论
收藏 494KB DOCX 举报
温馨提示
试读
764页
CISSP All-in-One Exam Guide 7th Edition.docx
资源推荐
资源详情
资源评论
===========================================
= CISSP All-in-One Exam Guide 7th Edition =
= 1629 Questions =
===========================================
[Question ID]: 70001
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which activity typically follows the process of developing a system architecture?
A. Development
B. Gathering requirements
C. Design
D. Implementation
[Answer ]: C
[Explanation]: The design process usually follows the process of developing the system
architecture. The design process is very detailed, and produces a solid design that can be used
for development or acquisition purposes.
[Question ID]: 70000
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which of the following is the international standard that is used as the basis for
the evaluation of security properties of products under the CC framework?
A. ISO/IEC15408
B. ISO/IEC 42010
C. ISO/IEC 27001
D. ISO 31000:2009
[Answer ]: A
[Explanation]: ISO/IEC 15408 is the international standard that is used as the basis for the
evaluation of security properties of products under the CC framework
[Question ID]: 70003
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which of the following statements best describes why a system goes through the
evaluation process for its trusted computing base (TCB)?
A. To identify the architecture, security services, and assurance mechanisms that make up the
TCB, and how they protect the system
B. To ensure that it can be certified and accredited
C. To find all of its potential vulnerabilities and exploit them
D. To perform a cost-benefit analysis for assigning controls
[Answer ]: A
[Explanation]: The reason that a system goes through the evaluation process for its TCB is to
identify the architecture, security services, and assurance mechanisms that make up the TCB,
and how they protect the system.
[Question ID]: 70002
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: When should security considerations be included in the overall systems security
engineering lifecycle?
A. Development and implementation
B. Architecture and design
C. All phases of the lifecycle
D. Requirements gathering only
[Answer ]: C
[Explanation]: Security considerations should be included in all phases of the system security
engineering lifecycle.
[Question ID]: 70005
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Database security measures are implemented to prevent all of the following
security weaknesses, except:
A. Inference
B. Data analytics
C. Buffer overflows
D. Aggregation
[Answer ]: C
[Explanation]: Buffer overflows are application security weaknesses, not commonly database
security weaknesses.
[Question ID]: 70004
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: What is the primary reason for developing security controls for, and assigning
them to, a system that has been evaluated under a trusted computing base criteria?
A. To ensure the system can be accredited
B. To lower costs required to develop controls for the system
C. To reduce the overall risk to the system
D. To ensure that controls are aligned with the protection mechanisms found inside the
systems
[Answer ]: D
[Explanation]: Security controls are assigned to an evaluated system based upon the TCB, and
the protection mechanisms it offers. Controls often are developed to supplement protections
offered by the TCB, and may depend upon the environment it is deployed in and not part of its
design.
[Question ID]: 70007
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which of the following term refers to computing technologies embedded into
automated systems, that usually control utilities, communications, and so forth?
A. Embedded systems
B. Smart grids
C. Standalone systems
D. Isolated systems
[Answer ]: B
[Explanation]: Smart grids are computer systems and networks that are embedded into grids of
large pieces of infrastructure, such as power production, communications networks, and so
forth.
[Question ID]: 70006
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Parallel computing can happen at one of three possible levels. Which of the
following accurately describes those levels?
A. CPU, workstation, or server
B. Bit, instruction, or task
C. User mode, kernel mode, or OS level
D. Register, memory, or CPU
[Answer ]: B
[Explanation]: Parallelism can take place at one of three levels: bit, instruction, or task. All of
these levels of information are fed into the computer, and are then processed.
[Question ID]: 70009
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: All of the following are potential issues with mobile devices in the enterprise,
except:
A. Lack of encryption
B. Loss or theft
C. Internet access through means that are not company controlled
D. Workstation compromise
[Answer ]: D
[Explanation]: Workstation compromise is not an issue with mobile devices in the enterprise.
Mobile devices are subject to loss and theft, download of malicious software, Internet access
through communications lines that are not controlled by the company, and lack of encryption on
the device, among other issues.
[Question ID]: 70008
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which of the following terms refers to input validation that is done before the
input is sent back to the server to process?
A. Server-side includes
B. Cross-site scripting
C. Client-side validation
D. Parameter validation
[Answer ]:
[Explanation]: In client-side validation, input validation is done on the client before the input is
even sent back to the server to process.
[Question ID]: 70011
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: Which of the following terms refers to access control technologies commonly
used to protect copyright material?
A. Encryption
B. Steganography
C. Digital rights management
D. Authentication
[Answer ]: C
[Explanation]: Digital rights management refers to any of the access control technologies that are
commonly used to protect copyrighted materials, such as digital media and software.
[Question ID]: 70010
[Reference ]: Chap 03: Security Engineering
[Objective ]: 03 Security Engineering
[Question ]: All of the following are issues regarding Internet of Things (IoT) embedded
devices, except:
剩余763页未读,继续阅读
资源评论
资料库01
- 粉丝: 289
- 资源: 2346
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功