Cissp actual exam

For More Information – Visit link below:
http://www.certsgrade.com/
Version = Product
CERTSGRADEHigh Grade and Valuable Preparation Stuff
ISC2
CISSP
Certified Information Systems Security Professional
Visit us athttps://www.certsgrade.com/pdf/cissp/

Question: 1
What is the main concern with single sign-on?
A. Maximum unauthorized access would be possible if a password is disclosed.
B. The security administrator's workload would increase.
C. The users' password would be too hard to remember.
D. User access rights would be increased.
Answer: A
Explanation:
A major concern with Single Sign-On (SSO) is that if a user's ID and password are compromised, the
intruder would have access to all the systems that the user was authorized for.
The following answers are incorrect:
The security administrator's workload would increase. Is incorrect because the security administrator's
workload would decrease and not increase. The admin would not be responsible for maintaining
multiple user accounts just the one.
The users' password would be too hard to remember. Is incorrect because the users would have less
passwords to remember.
User access rights would be increased. Is incorrect because the user access rights would not be any
different than if they had to log into systems manually.
Question: 2
Who developed one of the first mathematical models of a multilevel-security computer system?
A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.
Answer: C
Explanation:
In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system.
Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography.
Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson
model came later, 1987
Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model

Question: 3
Which of the following attacks could capture network user passwords?
A. Data diddling
B. Sniffing
C. IP Spoofing
D. Smurfing
Answer: B
Explanation:
A network sniffer captures a copy every packet that traverses the network segment the sniffer is
connect to.
Sniffers are typically devices that can collect information from a communication medium, such as a
network. These devices can range from specialized equipment to basic workstations with customized
software.
A sniffer can collect information about most, if not all, attributes of the communication. The most
common method of sniffing is to plug a sniffer into an existing network device like a hub or switch. A
hub (which is designed to relay all traffic passing through it to all of its ports) will automatically begin
sending all the traffic on that network segment to the sniffing device. On the other hand, a switch
(which is designed to limit what traffic gets sent to which port) will have to be specially configured to
send all traffic to the port where the sniffer is plugged in.
Another method for sniffing is to use a network tap—a device that literally splits a network transmission
into two identical streams; one going to the original network destination and the other going to the
sniffing device. Each of these methods has its advantages and disadvantages, including cost, feasibility,
and the desire to maintain the secrecy of the sniffing activity.
The packets captured by sniffer are decoded and then displayed by the sniffer. Therfore, if the
username/password are contained in a packet or packets traversing the segment the sniffer is
connected to, it will capture and display that information (and any other information on that segment it
can see).
Of course, if the information is encrypted via a VPN, SSL, TLS, or similar technology, the information is
still captured and displayed, but it is in an unreadable format.
Data diddling involves changing data before, as it is enterred into a computer, or after it is extracted.
Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication -
or causing a system to respond to the wrong address.
Smurfing would refer to the smurf attack, where an attacker sends spoofed packets to the broadcast
address on a gateway in order to cause a denial of service.
The following reference(s) were/was used to create this question:
CISA Review
manual 2014 Page number 321
Official ISC2 Guide to the CISSP 3rd edition Page Number 153

Question: 4
Which of the following would constitute the best example of a password to use for access to a system by
a network administrator?
A. holiday
B. Christmas12
C. Jenny
D. GyN19Za!
Answer: D
Explanation:
GyN19Za! would be the best answer because it contains a mixture of upper and lower case characters,
alphabetic and numeric characters, and a special character making it less vulnerable to password
attacks.
All of the other answers are incorrect because they are vulnerable to brute force or dictionary attacks.
Passwords should not be common words or names. The addition of a number to the end of a common
word only marginally strengthens it because a common password attack would also check combinations
of words:
Christmas23
Christmas123 etc...
Question: 5
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reaching the retina
B. The amount of light reflected by the retina
C. The pattern of light receptors at the back of the eye
D. The pattern of blood vessels at the back of the eye
Answer: D
Explanation:
The retina, a thin nerve (1/50th of an inch) on the back of the eye, is the part of the eye which senses
light and transmits impulses through the optic nerve to the brain - the equivalent of film in a camera.
Blood vessels used for biometric identification are located along the neural retina, the outermost of
retina's four cell layers.
The amount of light reaching the retina
The amount of light reaching the retina is not used in the biometric scan of the retina.
The amount of light reflected by the retina
The amount of light reflected by the retina is not used in the biometric scan of the retina.
The pattern of light receptors at the back of the eye

This is a distractor
Reference:
Retina Scan Technology.
ISC2 Official Guide to the CBK, 2007 (Page 161)
Question: 6
The Computer Security Policy Model the Orange Book is based on is which of the following?
A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest
Answer: A
Explanation:
The Computer Security Policy Model Orange Book is based is the Bell-LaPadula Model. Orange Book
Glossary.
The Data Encryption Standard (DES) is a cryptographic algorithm. National Information Security Glossary.
TEMPEST is related to limiting the electromagnetic emanations from electronic equipment.
Reference: U.S. Department of Defense, Trusted Computer System Evaluation Criteria (Orange Book),
DOD 520028-STD. December 1985 (also available here).
Question: 7
The end result of implementing the principle of least privilege means which of the following?
A. Users would get access to only the info for which they have a need to know
B. Users can access all systems.
C. Users get new privileges added when they change positions.
D. Authorization creep.
Answer: A
Explanation:
The principle of least privilege refers to allowing users to have only the access they need and not
anything more. Thus, certain users may have no need to access any of the files on specific systems.
Users can access all systems. Although the principle of least privilege limits what access and systems
users have authorization to, not all users would have a need to know to access all of the systems. The
best answer is still Users would get access to only the info for which they have a need to know as some
of the users may not have a need to access a system.

Users get new privileges when they change positions. Although true that a user may indeed require new
privileges, this is not a given fact and in actuality a user may require less privileges for a new position.
The principle of least privilege would require that the rights required for the position be closely
evaluated and where possible rights revoked.
Authorization creep. Authorization creep occurs when users are given additional rights with new
positions and responsibilities. The principle of least privilege should actually prevent authorization
creep.
ISC2 OIG
2007 p.101,123
Shon Harris AIO v3 p148, 902-903
Question: 8
Which of the following is the most reliable authentication method for remote access?
A. Variable callback system
B. Synchronous token
C. Fixed callback system
D. Combination of callback and caller ID
Answer: B
Explanation:
A Synchronous token generates a one-time password that is only valid for a short period of time. Once
the password is used it is no longer valid, and it expires if not entered in the acceptable time frame.
Variable callback system. Although variable callback systems are more flexible than fixed callback
systems, the system assumes the identity of the individual unless two-factor authentication is also
implemented. By itself, this method might allow an attacker access as a trusted user.
Fixed callback system. Authentication provides assurance that someone or something is who or what
he/it is supposed to be. Callback systems authenticate a person, but anyone can pretend to be that
person. They are tied to a specific place and phone number, which can be spoofed by implementing call-
forwarding.
Combination of callback and Caller ID. The caller ID and callback functionality provides greater
confidence and auditability of the caller's identity. By disconnecting and calling back only authorized
phone numbers, the system has a greater confidence in the location of the call. However, unless
combined with strong authentication, any individual at the location could obtain access.
Shon Harris
AIO v3 p. 140, 548
ISC2 OIG 2007 p. 152-153, 126-127
Question: 9
Which of the following is true of two-factor authentication?

A. It uses the RSA public-key signature based on integers with large prime factors.
B. It requires two measurements of hand geometry.
C. It does not use single sign-on technology.
D. It relies on two independent proofs of identity.
Answer: D
Explanation:
It relies on two independent proofs of identity. Two-factor authentication refers to using two
independent proofs of identity, such as something the user has (e.g. a token card) and something the
user knows (a password). Two-factor authentication may be used with single sign-on.
The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand
geometry twice does not yield two independent proofs.
It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses
integers with exactly two prime factors, but the term "two-factor authentication" is not used in that
context.
It does not use single sign-on technology. This is a detractor.
Shon Harris
AIO v.3 p.129
ISC2 OIG, 2007 p. 126
Question: 10
The primary service provided by Kerberos is which of the following?
A. non-repudiation
B. confidentiality
C. authentication
D. authorization
Answer: C
Explanation:
non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not help with
non-repudiation.
confidentiality. Once the client is authenticated by Kerberos and obtains its session key and ticket, it
may use them to assure confidentiality of its communication with a server; however, that is not a
Kerberos service as such.
authorization. Although Kerberos tickets may include some authorization information, the meaning of
the authorization fields is not standardized in the Kerberos specifications, and authorization is not a
primary Kerberos service.
ISC2 OIG
,2007 p. 179-184

Shon Harris AIO v.3 152-155
Question: 11
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we
compare them side by side, Kerberos tickets correspond most closely to which of the following?
A. public keys
B. private keys
C. public-key certificates
D. private-key certificates
Answer: C
Explanation:
A Kerberos ticket is issued by a trusted third party. It is an encrypted data structure that includes the
service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not
the key.
public keys. Kerberos tickets are not shared out publicly, so they are not like a PKI public key.
private keys. Although a Kerberos ticket is not shared publicly, it is not a private key. Private keys are
associated with Asymmetric crypto system which is not used by Kerberos. Kerberos uses only the
Symmetric crypto system.
private key certificates. This is a detractor. There is no such thing as a private key certificate.
Question: 12
In which of the following security models is the subject's clearance compared to the object's
classification such that specific rules can be applied to control how the subject-to-object interactions
take place?
A. Bell-LaPadula model
B. Biba model
C. Access Matrix model
D. Take-Grant model
Answer: A
Explanation:
Details:
The Answer Bell-LaPadula model
The Bell-LAPadula model is also called a multilevel security system because users with different
clearances use the system and the system processes data with different classifications. Developed by
the US Military in the 1970s.

A security model maps the abstract goals of the policy to information system terms by specifying explicit
data structures and techniques necessary to enforce the security policy. A security model is usually
represented in mathematics and analytical ideas, which are mapped to system specifications and then
developed by programmers through programming code. So we have a policy that encompasses security
goals, such as “each subject must be authenticated and authorized before accessing an object.” The
security model takes this requirement and provides the necessary mathematical formulas, relationships,
and logic structure to be followed to accomplish this goal.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with
different clearances use the system, and the system processes data at different classification levels. The
level at which information is classified determines the handling procedures that should be used. The
Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control.
A matrix and security levels are used to determine if subjects can access different objects. The subject’s
clearance is compared to the object’s classification and then specific rules are applied to control how
subject-to-object subject-to-object interactions can take place.
Reference(s) used for this question:
Harris,
Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-Hill. Kindle Edition.
Question: 13
Which of the following was developed to address some of the weaknesses in Kerberos and uses public
key cryptography for the distribution of secret keys and provides additional access control support?
A. SESAME
B. RADIUS
C. KryptoKnight
D. TACACS+
Answer: A
Explanation:
Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to
address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of
secret keys and provides additional access control support.
Reference:
TIPTON, Harold, Official (ISC)2 Guide to the CISSP CBK (2007), page 184
ISC OIG Second Edition, Access Controls, Page 111
Question: 14
Single Sign-on (SSO) is characterized by which of the following advantages?
A. Convenience
B. Convenience and centralized administration
C. Convenience and centralized data administration

D. Convenience and centralized network administration
Answer: B
Explanation:
Convenience -Using single sign-on users have to type their passwords only once when they first log in to
access all the network resources; and Centralized Administration as some single sign-on systems are
built around a unified server administration system. This allows a single administrator to add and delete
accounts across the entire network from one user interface.
Convenience - alone this is not the correct answer.
Centralized Data or Network Administration - these are thrown in to mislead the student. Neither are a
benefit to SSO, as these specifically should not be allowed with just an SSO.
References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th
Edition, Volume 1, page 35
TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page 180
Question: 15
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys
B. Easy distribution of the certificates between the users
C. Fast hardware encryption of the raw data
D. Tamper resistant, mobile storage and application of private keys of the users
Answer: D
Explanation:
Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page
139;
SNYDER, J., What is a SMART CARD?.
Wikipedia has a nice definition at: http://en.wikipedia.org/wiki/Tamper_resistance
Security
Tamper-resistant microprocessors are used to store and process private or sensitive information, such
as private keys or electronic money credit. To prevent an attacker from retrieving or modifying the
information, the chips are designed so that the information is not accessible through external means
and can be accessed only by the embedded software, which should contain the appropriate security
measures.
Examples of tamper-resistant chips include all secure cryptoprocessors, such as the IBM 4758 and chips
used in smartcards, as well as the Clipper chip.
It has been argued that it is very difficult to make simple electronic devices secure against tampering,
because numerous attacks are possible, including:
• physical attack of various forms (microprobing, drills, files, solvents, etc.)
• freezing the device

• applying out-of-spec voltages or power surges
• applying unusual clock signals
• inducing software errors using radiation
• measuring the precise time and power requirements of certain operations (see power analysis)
Tamper-resistant chips may be designed to zeroise their sensitive data (especially cryptographic keys) if
they detect penetration of their security encapsulation or out-of-specification environmental
parameters. A chip may even be rated for "cold zeroisation", the ability to zeroise itself even after its
power supply has been crippled.
Nevertheless, the fact that an attacker may have the device in his possession for as long as he likes, and
perhaps obtain numerous other samples for testing and practice, means that it is practically impossible
to totally eliminate tampering by a sufficiently motivated opponent. Because of this, one of the most
important elements in protecting a system is overall system design. In particular, tamper-resistant
systems should "fail gracefully" by ensuring that compromise of one device does not compromise the
entire system. In this manner, the attacker can be practically restricted to attacks that cost less than the
expected return from compromising a single device (plus, perhaps, a little more for kudos). Since the
most sophisticated attacks have been estimated to cost several hundred thousand dollars to carry out,
carefully designed systems may be invulnerable in practice.
Question: 16
What kind of certificate is used to validate a user identity?
A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate
Answer: A
Explanation:
In cryptography, a public key certificate (or identity certificate) is an electronic document which
incorporates a digital signature to bind together a public key with an identity — information such as the
name of a person or an organization, their address, and so forth. The certificate can be used to verify
that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In
a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users
("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer
that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital
document that describes a written permission from the issuer to use a service or a resource that the
issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can
be considered to be like a passport: it identifies the holder, tends to last for a long time, and should not
be trivial to obtain. An AC is more like an entry visa: it is typically issued by a different authority and
does not last for as long a time. As acquiring an entry visa typically requires presenting a passport,
getting a visa can be a simpler process.

A real life example of this can be found in the mobile software deployments by large service providers
and are typically applied to platforms such as Microsoft Smartphone (and related), Symbian OS, J2ME,
and others.
In each of these systems a mobile communications service provider may customize the mobile terminal
client distribution (ie. the mobile phone operating system or application environment) to include one or
more root certificates each associated with a set of capabilities or permissions such as "update
firmware", "access address book", "use radio interface", and the most basic one, "install and execute".
When a developer wishes to enable distribution and execution in one of these controlled environments
they must acquire a certificate from an appropriate CA, typically a large commercial CA, and in the
process they usually have their identity verified using out-of-band mechanisms such as a combination of
phone call, validation of their legal entity through government and commercial databases, etc., similar
to the high assurance SSL certificate vetting process, though often there are additional specific
requirements imposed on would-be developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign their
software; generally the software signed by the developer or publisher's identity certificate is not
distributed but rather it is submitted to processor to possibly test or profile the content before
generating an authorization certificate which is unique to the particular software release. That
certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last step of
preparation for distribution. There are many advantages to separating the identity and authorization
certificates especially relating to risk mitigation of new content being accepted into the system and key
management as well as recovery from errant software which can be used as attack vectors.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 540
http://en.wikipedia.org/wiki/Attribute_certificate
http://en.wikipedia.org/wiki/Public_key_certificate
Question: 17
The following is NOT a security characteristic we need to consider while choosing a biometric
identification systems:
A. data acquisition process
B. cost
C. enrollment process
D. speed and user interface
Answer: B
Explanation:
Cost is a factor when considering Biometrics but it is not a security characteristic.
All the other answers are incorrect because they are security characteristics related to Biometrics.
Data acquisition process can cause a security concern because if the process is not fast and efficient it
can discourage individuals from using the process.
Enrollment process can cause a security concern because the enrollment process has to be quick and
efficient. This process captures data for authentication.

Speed and user interface can cause a security concern because this also impacts the users acceptance
rate of biometrics. If they are not comfortable with the interface and speed they might sabotage the
devices or otherwise attempt to circumvent them.
References:
OIG Access Control (Biometrics) (pgs 165-167)
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition,
Volume 1, Pages 5-6
** in process of correction **
Question: 18
In biometric identification systems, at the beginning, it was soon apparent that truly positive
identification could only be based on physical attributes of a person. This raised the necessity of
answering 2 questions :
A. what was the sex of a person and his age
B. what part of body to be used and how to accomplish identification that is viable
C. what was the age of a person and his income level
D. what was the tone of the voice of a person and his habits
Answer: B
Explanation:
Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is
already taking place. Unique physical attributes or behavior of a person are used for that purpose.
Volume 1, Page 7
Question: 19
In biometric identification systems, the parts of the body conveniently available for identification are:
A. neck and mouth
B. hands, face, and eyes
C. feet and hair
D. voice and neck
Answer: B
Explanation:
Today implementation of fast, accurate, reliable, and user-acceptable biometric identification systems
are already under way. Because most identity authentication takes place when a people are fully
clothed (neck to feet and wrists), the parts of the body conveniently available for this purpose are
hands, face, and eyes.

Volume 1, Page 7
Question: 20
Controlling access to information systems and associated networks is necessary for the preservation of
their:
A. Authenticity, confidentiality and availability
B. Confidentiality, integrity, and availability.
C. integrity and availability.
D. authenticity,confidentiality, integrity and availability.
Answer: B
Explanation:
Controlling access to information systems and associated networks is necessary for the preservation of
their confidentiality, integrity and availability.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, 2001, John Wiley & Sons, Page 31
Question: 21
To control access by a subject (an active entity such as individual or process) to an object (a passive
entity such as a file) involves setting up:
A. Access Rules
B. Access Matrix
C. Identification controls
D. Access terminal
Answer: A
Explanation:
Controlling access by a subject (an active entity such as individual or process) to an object (a passive
entity such as a file) involves setting up access rules.
These rules can be classified into three access control models: Mandatory, Discretionary, and Non-
Discretionary.
An access matrix is one of the means used to implement access control.
Answer:

Question: 22
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what
category of access control?
A. Discretionary Access Control (DAC)
B. Mandatory Access control (MAC)
C. Non-Discretionary Access Control (NDAC)
D. Lattice-based Access control
Answer: C
Explanation:
Rule-based access control is a type of non-discretionary access control because this access is determined
by rules and the subject does not decide what those rules will be, the rules are uniformly applied to ALL
of the users or subjects.
In general, all access control policies other than DAC are grouped in the category of non-discretionary
access control (NDAC). As the name implies, policies in this category have rules that are not established
at the discretion of the user. Non-discretionary policies establish controls that cannot be changed by
users, but only through administrative action.
Both Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC) fall within Non
Discretionary Access Control (NDAC). If it is not DAC or MAC then it is most likely NDAC.
IT IS NOT ALWAYS BLACK OR WHITE
The different access control models are not totally exclusive of each others. MAC is making use of Rules
to be implemented. However with MAC you have requirements above and beyond having simple access
rules. The subject would get formal approval from management, the subject must have the proper
security clearance, objects must have labels/sensitivity levels attached to them, subjects must have the
proper security clearance. If all of this is in place then you have MAC.
BELOW YOU HAVE A DESCRIPTION OF THE DIFFERENT CATEGORIES:
MAC = Mandatory Access Control
Under a mandatory access control environment, the system or security administrator will define what
permissions subjects have on objects. The administrator does not dictate user’s access but simply
configure the proper level of access as dictated by the Data Owner.
The MAC system will look at the Security Clearance of the subject and compare it with the object
sensitivity level or classification level. This is what is called the dominance relationship.
The subject must DOMINATE the object sensitivity level. Which means that the subject must have a
security clearance equal or higher than the object he is attempting to access.
MAC also introduce the concept of labels. Every objects will have a label attached to them indicating
the classification of the object as well as categories that are used to impose the need to know (NTK)
principle. Even thou a user has a security clearance of Secret it does not mean he would be able to
access any Secret documents within the system. He would be allowed to access only Secret document
for which he has a Need To Know, formal approval, and object where the user belong to one of the
categories attached to the object.
If there is no clearance and no labels then IT IS NOT Mandatory Access Control.
Many of the other models can mimic MAC but none of them have labels and a dominance relationship
so they are NOT in the MAC category.

NISTR-7316 Says:
Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC
policy; for example, a user who is running a process at the Secret classification should not be allowed to
read a file with a label of Top Secret. This is known as the “simple security rule,” or “no read up.”
Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file
with a label of Confidential. This rule is called the “*-property” (pronounced “star property”) or “no
write down.” The *-property is required to maintain system security in an automated environment. A
variation on this rule called the “strict *-property” requires that information can be written at, but not
above, the subject’s clearance level. Multilevel security models such as the Bell-La Padula Confidentiality
and Biba Integrity models are used to formally specify this kind of MAC policy.
DAC = Discretionary Access Control
DAC is also known as: Identity Based access control system.
The owner of an object is define as the person who created the object. As such the owner has the
discretion to grant access to other users on the network. Access will be granted based solely on the
identity of those users.
Such system is good for low level of security. One of the major problem is the fact that a user who has
access to someone's else file can further share the file with other users without the knowledge or
permission of the owner of the file. Very quickly this could become the wild west as there is no control
on the dissemination of the information.
RBAC = Role Based Access Control
RBAC is a form of Non-Discretionary access control.
Role Based access control usually maps directly with the different types of jobs performed by employees
within a company.
For example there might be 5 security administrator within your company. Instead of creating each of
their profile one by one, you would simply create a role and assign the administrators to the role. Once
an administrator has been assigned to a role, he will IMPLICITLY inherit the permissions of that role.
RBAC is great tool for environment where there is a a large rotation of employees on a daily basis such
as a very large help desk for example.
RBAC or RuBAC = Rule Based Access Control
RuBAC is a form of Non-Discretionary access control.
A good example of a Rule Based access control device would be a Firewall. A single set of rules is
imposed to all users attempting to connect through the firewall.
NOTE FROM CLEMENT:
Lot of people tend to confuse MAC and Rule Based Access Control.
Mandatory Access Control must make use of LABELS. If there is only rules and no label, it cannot be
Mandatory Access Control. This is why they call it Non Discretionary Access control (NDAC).
There are even books out there that are WRONG on this subject. Books are sometimes opiniated and
not strictly based on facts.
In MAC subjects must have clearance to access sensitive objects. Objects have labels that contain the
classification to indicate the sensitivity of the object and the label also has categories to enforce the
need to know.
Today the best example of rule based access control would be a firewall. All rules are imposed globally
to any user attempting to connect through the device. This is NOT the case with MAC.
I strongly recommend you read carefully the following document:
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316pdf
It is one of the best Access Control Study document to prepare for the exam. Usually I tell people not to
worry about the hundreds of NIST documents and other reference. This document is an exception.
Take some time to read it.

KRUTZ,
Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,
2001, John Wiley & Sons, Page 33
And
NISTIR-7316 at http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316pdf
And
Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Locations 651-
652). Elsevier Science (reference). Kindle Edition.
Question: 23
The type of discretionary access control (DAC) that is based on an individual's identity is also called:
A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control
Answer: A
Explanation:
An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an
individual's identity.
DAC is good for low level security environment. The owner of the file decides who has access to the
file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header
and/or in an access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a certain
department might be made the owner of the files and resources within her department. A system that
uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can
access specific resources.
This model is called discretionary because the control of access is based on the discretion of the owner.
Many times department managers, or business unit managers , are the owners of the data within their
specific department. Being the owner, they can specify who should have access and who should not.
Harris,
Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw-Hill . Kindle Edition.
Question: 24
Which access control type has a central authority that determine to what objects the subjects have
access to and it is based on role or on the organizational security policy?
A. Mandatory Access Control
B. Discretionary Access Control

D. Rule-based Access control
Answer: C
Explanation:
Non Discretionary Access Control include Role Based Access Control (RBAC) and Rule Based Access
Control (RBAC or RuBAC). RABC being a subset of NDAC, it was easy to eliminate RBAC as it was covered
under NDAC already.
Some people think that RBAC is synonymous with NDAC but RuBAC would also fall into this category.
Discretionary Access control is for environment with very low level of security. There is no control on
the dissemination of the information. A user who has access to a file can copy the file or further share it
with other users.
Rule Based Access Control is when you have ONE set of rules applied uniformly to all users. A good
example would be a firewall at the edge of your network. A single rule based is applied against any
packets received from the internet.
Mandatory Access Control is a very rigid type of access control. The subject must dominate the object
and the subject must have a Need To Know to access the information. Objects have labels that indicate
the sensitivity (classification) and there is also categories to enforce the Need To Know (NTK).
Question: 25
Which of the following control pairings include: organizational policies and procedures, pre-employment
background checks, strict hiring practices, employment agreements, employee termination procedures,
vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training,
behavior awareness, and sign-up procedures to obtain access to information systems and networks?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
Answer: A
Explanation:
organizational policies and procedures, pre-employment background checks, strict hiring practices,
employment agreements, friendly and unfriendly employee termination procedures, vacation
scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior
awareness, and sign-up procedures to obtain access to information systems and networks.

Question: 26
Technical controls such as encryption and access control can be built into the operating system, be
software applications, or can be supplemental hardware/software units. Such controls, also known as
logical controls, represent which pairing?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Technical Pairing
Answer: B
Explanation:
Preventive/Technical controls are also known as logical controls and can be built into the operating
system, be software applications, or can be supplemental hardware/software units.
Question: 27
What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the
individuals requesting access to resources?
A. Micrometrics
B. Macrometrics
C. Biometrics
D. MicroBiometrics
Answer: C
Explanation:
Question: 28
What is called the access protection system that limits connections by calling back the number of a
previously authorized location?
A. Sendback systems
B. Callback forward systems

C. Callback systems
D. Sendback forward systems
Answer: C
Explanation:
The Answer, Call back Systems; Callback systems provide access protection by calling back the number
of a previously authorized location, but this control can be compromised by call forwarding.
Question: 29
What are called user interfaces that limit the functions that can be selected by a user?
A. Constrained user interfaces
B. Limited user interfaces
C. Mini user interfaces
D. Unlimited user interfaces
Answer: A
Explanation:
Another method for controlling access is by restricting users to specific functions based on their role in
the system. This is typically implemented by limiting available menus, data views, encryption, or by
physically constraining the user interfaces.
This is common on devices such as an automated teller machine (ATM). The advantage of a constrained
user interface is that it limits potential avenues of attack and system failure by restricting the processing
options that are available to the user.
On an ATM machine, if a user does not have a checking account with the bank he or she will not be
shown the “Withdraw money from checking” option. Likewise, an information system might have an
“Add/Remove Users” menu option for administrators, but if a normal, non-administrative user logs in he
or she will not even see that menu option. By not even identifying potential options for non-qualifying
users, the system limits the potentially harmful execution of unauthorized system or application
commands.
Many database management systems have the concept of “views.” A database view is an extract of the
data stored in the database that is filtered based on predefined user or system criteria. This permits
multiple users to access the same database while only having the ability to access data they need (or are
allowed to have) and not data for another user. The use of database views is another example of a
constrained user interface.
The following were incorrect answers:
All of the other choices presented were bogus answers.
The following reference(s) were used for this question:
Hernandez CISSP

, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle
Locations 1989-2002). Auerbach Publications. Kindle Edition.
Question: 30
Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated
with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
Answer: D
Explanation:
Additional detective/administrative controls are job rotation, the sharing of responsibilities, and reviews
of audit records.
KRUTZ,
Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,
2001, John Wiley & Sons, Page 35
Question: 31
The control measures that are intended to reveal the violations of security policy using software and
hardware are associated with:
Answer: B
Explanation:
The detective/technical control measures are intended to reveal the violations of security policy using
technical means.
Question: 32

The controls that usually require a human to evaluate the input from sensors or cameras to determine if
a real threat exists are associated with:
Answer: C
Explanation:
Detective/physical controls usually require a human to evaluate the input from sensors or cameras to
determine if a real threat exists.
Question: 33
External consistency ensures that the data stored in the database is:
A. in-consistent with the real world.
B. remains consistant when sent from one system to another.
C. consistent with the logical world.
D. consistent with the real world.
Answer: D
Explanation:
External consistency ensures that the data stored in the database is consistent with the real world.
Computer Security, 2001, John Wiley & Sons, page 33
Question: 34
A central authority determines what subjects can have access to certain objects based on the
organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
D. Rule-based Access control
Answer: C

Explanation:
A central authority determines what subjects can have access to certain objects based on the
organizational security policy.
The key focal point of this question is the 'central authority' that determines access rights.
Cecilia one of the quiz user has sent me feedback informing me that NIST defines MAC as: "MAC Policy
means that Access Control Policy Decisions are made by a CENTRAL AUTHORITY. Which seems to
indicate there could be two good answers to this question.
However if you read the NISTR document mentioned in the references below, it is also mentioned that:
MAC is the most mentioned NDAC policy. So MAC is a form of NDAC policy.
Within the same document it is also mentioned: "In general, all access control policies other than DAC
are grouped in the category of non- discretionary access control (NDAC). As the name implies, policies in
this category have rules that are not established at the discretion of the user. Non-discretionary policies
establish controls that cannot be changed by users, but only through administrative action."
Under NDAC you have two choices:
Rule Based Access control and Role Base Access Control
MAC is implemented using RULES which makes it fall under RBAC which is a form of NDAC. It is a subset
of NDAC.
This question is representative of what you can expect on the real exam where you have more than
once choice that seems to be right. However, you have to look closely if one of the choices would be
higher level or if one of the choice falls under one of the other choice. In this case NDAC is a better
choice because MAC is falling under NDAC through the use of Rule Based Access Control.
The following are incorrect answers:
MANDATORY ACCESS CONTROL
In Mandatory Access Control the labels of the object and the clearance of the subject determines access
rights, not a central authority. Although a central authority (Better known as the Data Owner) assigns
the label to the object, the system does the determination of access rights automatically by comparing
the Object label with the Subject clearance. The subject clearance MUST dominate (be equal or higher)
than the object being accessed.
The need for a MAC mechanism arises when the security policy of a system dictates that:
1 Protection decisions must not be decided by the object owner.
2 The system must enforce the protection decisions (i.e., the system enforces the security policy over
the wishes or intentions of the object owner).
Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC
policy; for example, a user who is running a process at the Secret classification should not be allowed to
read a file with a label of Top Secret. This is known as the “simple security rule,” or “no read up.”
Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file
with a label of Confidential. This rule is called the “*-property” (pronounced “star property”) or “no
write down.” The *-property is required to maintain system security in an automated environment.
DISCRETIONARY ACCESS CONTROL
In Discretionary Access Control the rights are determined by many different entities, each of the persons
who have created files and they are the owner of that file, not one central authority.
DAC leaves a certain amount of access control to the discretion of the object's owner or anyone else
who is authorized to control the object's access. For example, it is generally used to limit a user's access
to a file; it is the owner of the file who controls other users' accesses to the file. Only those users
specified by the owner may have some combination of read, write, execute, and other permissions to
the file.

DAC policy tends to be very flexible and is widely used in the commercial and government sectors.
However, DAC is known to be inherently weak for two reasons:
First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing
stops Bob from copying the contents of Ann’s file to an object that Bob controls. Bob may now grant any
other user access to the copy of Ann’s file without Ann’s knowledge.
Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the
invoking user, Bob may, for example, write a program for Ann that, on the surface, performs some
useful function, while at the same time destroys the contents of Ann’s files. When investigating the
problem, the audit files would indicate that Ann destroyed her own files. Thus, formally, the drawbacks
of DAC are as follows:
• Discretionary Access Control (DAC) Information can be copied from one object to another; therefore,
there is no real assurance on the flow of information in a system.
• No restrictions apply to the usage of information when the user has received it.
• The privileges for accessing objects are decided by the owner of the object, rather than through a
system-wide policy that reflects the organization’s security requirements.
ACLs and owner/group/other access control mechanisms are by far the most common mechanism for
implementing DAC policies. Other mechanisms, even though not designed with DAC in mind, may have
the capabilities to implement a DAC policy.
RULE BASED ACCESS CONTROL
In Rule-based Access Control a central authority could in fact determine what subjects can have access
when assigning the rules for access. However, the rules actually determine the access and so this is not
the most correct answer.
RuBAC (as opposed to RBAC, role-based access control) allow users to access systems and information
based on pre determined and configured rules. It is important to note that there is no commonly
understood definition or formally defined standard for rule-based access control as there is for DAC,
MAC, and RBAC. “Rule-based access” is a generic term applied to systems that allow some form of
organization-defined rules, and therefore rule-based access control encompasses a broad range of
systems. RuBAC may in fact be combined with other models, particularly RBAC or DAC. A RuBAC system
intercepts every access request and compares the rules with the rights of the user to make an access
decision. Most of the rule-based access control relies on a security label system, which dynamically
composes a set of rules defined by a security policy. Security labels are attached to all objects, including
files, directories, and devices. Sometime roles to subjects (based on their attributes) are assigned as
well. RuBAC meets the business needs as well as the technical needs of controlling service access. It
allows business rules to be applied to access control—for example, customers who have overdue
balances may be denied service access. As a mechanism for MAC, rules of RuBAC cannot be changed by
users. The rules can be established by any attributes of a system related to the users such as domain,
host, protocol, network, or IP addresses. For example, suppose that a user wants to access an object in
another network on the other side of a router. The router employs RuBAC with the rule composed by
the network addresses, domain, and protocol to decide whether or not the user can be granted access.
If employees change their roles within the organization, their existing authentication credentials remain
in effect and do not need to be re configured. Using rules in conjunction with roles adds greater
flexibility because rules can be applied to people as well as to devices. Rule-based access control can be
combined with role-based access control, such that the role of a user is one of the attributes in rule
setting. Some provisions of access control systems have rule- based policy engines in addition to a role-
based policy engine and certain implemented dynamic policies [Des03]. For example, suppose that two
of the primary types of software users are product engineers and quality engineers. Both groups usually
have access to the same data, but they have different roles to perform in relation to the data and the
application's function. In addition, individuals within each group have different job responsibilities that

may be identified using several types of attributes such as developing programs and testing areas. Thus,
the access decisions can be made in real time by a scripted policy that regulates the access between the
groups of product engineers and quality engineers, and each individual within these groups. Rules can
either replace or complement role-based access control. However, the creation of rules and security
policies is also a complex process, so each organization will need to strike the appropriate balance.
References used for this question:
http://
csrc.nist.gov/publications/nistir/7316/NISTIR-7316pdf
And
AIO v3 p162-167 and OIG (2007) p.186-191
Also
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 33
Question: 35
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
Answer: B
Explanation:
Identification is the act of a user professing an identity to a system, usually in the form of a log-on ID to
the system.
Identification is nothing more than claiming you are somebody. You identify yourself when you speak to
someone on the phone that you don’t know, and they ask you who they’re speaking to. When you say,
“I’m Jason.”, you’ve just identified yourself.
In the information security world, this is analogous to entering a username. It’s not analogous to
entering a password. Entering a password is a method for verifying that you are who you identified
yourself as.
NOTE: The word "professing" used above means: "to say that you are, do, or feel something when
other people doubt what you say". This is exactly what happen when you provide your identifier
(identification), you claim to be someone but the system cannot take your word for it, you must further
Authenticate to the system to prove who you claim to be.
The following are incorrect answers:
Authentication: is how one proves that they are who they say they are. When you claim to be Jane
Smith by logging into a computer system as “jsmith”, it’s most likely going to ask you for a password.
You’ve claimed to be that person by entering the name into the username field (that’s the identification
part), but now you have to prove that you are really that person.
Many systems use a password for this, which is based on “something you know”, i.e. a secret between
you and the system.
Another form of authentication is presenting something you have, such as a driver’s license, an RSA
token, or a smart card.

You can also authenticate via something you are. This is the foundation for biometrics. When you do
this, you first identify yourself and then submit a thumb print, a retina scan, or another form of bio-
based authentication.
Once you’ve successfully authenticated, you have now done two things: you’ve claimed to be someone,
and you’ve proven that you are that person. The only thing that’s left is for the system to determine
what you’re allowed to do.
Authorization: is what takes place after a person has been both identified and authenticated; it’s the
step determines what a person can then do on the system.
An example in people terms would be someone knocking on your door at night. You say, “Who is it?”,
and wait for a response. They say, “It’s John.” in order to identify themselves. You ask them to back up
into the light so you can see them through the peephole. They do so, and you authenticate them based
on what they look like (biometric). At that point you decide they can come inside the house.
If they had said they were someone you didn’t want in your house (identification), and you then verified
that it was that person (authentication), the authorization phase would not include access to the inside
of the house.
Confidentiality: Is one part of the CIA triad. It prevents sensitive information from reaching the wrong
people, while making sure that the right people can in fact get it. A good example is a credit card
number while shopping online, the merchant needs it to clear the transaction but you do not want your
information exposed over the network, you would use a secure link such as SSL, TLS, or some tunneling
tool to protect the information from prying eyes between point A and point B. Data encryption is a
common method of ensuring confidentiality.
The other parts of the CIA triad are listed below:
Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life
cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be
altered by unauthorized people (for example, in a breach of confidentiality). In addition, some means
must be in place to detect any changes in data that might occur as a result of non-human-caused events
such as an electromagnetic pulse (EMP) or server crash. If an unexpected change occurs, a backup copy
must be available to restore the affected data to its correct state.
Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs
immediately when needed, providing a certain measure of redundancy and failover, providing adequate
communications bandwidth and preventing the occurrence of bottlenecks, implementing emergency
backup power systems, keeping current with all necessary system upgrades, and guarding against
malicious actions such as denial-of-service (DoS) attacks.
Reference used for this question:
http://
whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA
http://www.danielmiessler.com/blog/security-identification-authentication-and-authorization
http://www.merriam-webster.com/dictionary/profess
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 36
Question: 36
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card

C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a
fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
Answer: D
Explanation:
Authentication is based on the following three factor types:
Type 1 Something you know, such as a PIN or password
Type 2 Something you have, such as an ATM card or smart card
Type 3 Something you are (Unique physical characteristic), such as a fingerprint or retina scan
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4:
Access Control (pages 132-133).
Question: 37
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the
iris pattern within a biometric system is:
A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
Answer: D
Explanation:
Because the optical unit utilizes a camera and infrared light to create the images, sun light can impact
the aperture so it must not be positioned in direct light of any type. Because the subject does not need
to have direct contact with the optical reader, direct light can impact the reader.
An Iris recognition is a form of biometrics that is based on the uniqueness of a subject's iris. A camera
like device records the patterns of the iris creating what is known as Iriscode.
It is the unique patterns of the iris that allow it to be one of the most accurate forms of biometric
identification of an individual. Unlike other types of biometics, the iris rarely changes over time.
Fingerprints can change over time due to scaring and manual labor, voice patterns can change due to a
variety of causes, hand geometry can also change as well. But barring surgery or an accident it is not
usual for an iris to change. The subject has a high-resoulution image taken of their iris and this is then
converted to Iriscode. The current standard for the Iriscode was developed by John Daugman. When the
subject attempts to be authenticated an infrared light is used to capture the iris image and this image is
then compared to the Iriscode. If there is a match the subject's identity is confirmed. The subject does
not need to have direct contact with the optical reader so it is a less invasive means of authentication
then retinal scanning would be.
AIO,

3rd edition, Access Control, p 134
AIO, 4th edition, Access Control, p 182
Wikipedia - http://en.wikipedia.org/wiki/Iris_recognition
Concern that the laser beam may cause eye damage. The optical readers do not use laser so, concern
that the laser beam may cause eye damage is not an issue.
The iris pattern changes as a person grows older. The question asked about the physical installation of
the scanner, so this was not the best answer. If the question would have been about long term problems
then it could have been the best choice. Recent research has shown that Irises actually do change over
time: http://www.nature.com/news/ageing-eyes-hinder-biometric-scans-110722
There is a relatively high rate of false accepts. Since the advent of the Iriscode there is a very low rate of
false accepts, in fact the algorithm used has never had a false match. This all depends on the quality of
the equipment used but because of the uniqueness of the iris even when comparing identical twins, iris
patterns are unique.
Question: 38
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item's classification
B. The item's classification and category set
C. The item's category
D. The items's need to know
Answer: B
Explanation:
The following is the correct answer: the item's classification and category set.
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must
contain at least one Classification and at least one Category. It is common in some environments for a
single item to belong to multiple categories. The list of all the categories to which an item belongs is
called a compartment set or category set.
The item's classification. Is incorrect because you need a category set as well.
The item's category. Is incorrect because category set and classification would be both be required.
The item's need to know. Is incorrect because there is no such thing. The need to know is indicated by
the catergories the object belongs to. This is NOT the best answer.
OIG CBK
, Access Control (pages 186 - 188)
AIO, 3rd Edition, Access Control (pages 162 - 163)
AIO, 4th Edition, Access Control, pp 212-214
Wikipedia - http://en.wikipedia.org/wiki/Mandatory_Access_Control

Question: 39
Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.
Answer: C
Explanation:
Kerberos depends on secret keys (symmetric ciphers). Kerberos is a third party authentication protocol.
It was designed and developed in the mid 1980's by MIT. It is considered open source but is copyrighted
and owned by MIT. It relies on the user's secret keys. The password is used to encrypt and decrypt the
keys.
It utilizes public key cryptography. Is incorrect because Kerberos depends on secret keys (symmetric
ciphers).
It encrypts data after a ticket is granted, but passwords are exchanged in plain text. Is incorrect because
the passwords are not exchanged but used for encryption and decryption of the keys.
It is a second party authentication system. Is incorrect because Kerberos is a third party authentication
system, you authenticate to the third party (Kerberos) and not the system you are accessing.
References:
MIT http://web.mit.edu/kerberos/
Wikipedi http://en.wikipedia.org/wiki/Kerberos_%28protocol%29
OIG CBK Access Control (pages 181 - 184)
AIOv3 Access Control (pages 151 - 155)
Question: 40
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.
Answer: A
Explanation:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user
actions are recorded and can be used at a later date to verify what actions were performed.
Accountability is the ability to identify users and to be able to track user actions.

Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an
international standard to evaluate trust and would not be a factor in System Accountability.
Authorization. Is incorrect because Authorization is granting access to subjects, just because you have
authorization does not hold the subject accountable for their actions.
Formal verification of system design. Is incorrect because all you have done is to verify the system
design and have not taken any steps toward system accountability.
References:
OIG CBK Glossary (page 778)
Question: 41
What is Kerberos?
A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.
Answer: B
Explanation:
Is correct because that is exactly what Kerberos is.
A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information
Security and not the Egyptian mythology but the Greek Mythology.
A security model. Is incorrect because Kerberos is an authentication protocol and not just a security
model.
A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication
dial in user server that would be called RADIUS.
Question: 42
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
Answer: B
Explanation:
Kerberos depends on Secret Keys or Symmetric Key cryptography.

Kerberos a third party authentication protocol. It was designed and developed in the mid 1980's by MIT.
It is considered open source but is copyrighted and owned by MIT. It relies on the user's secret keys.
The password is used to encrypt and decrypt the keys.
This question asked specifically about encryption methods. Encryption methods can be SYMMETRIC (or
secret key) in which encryption and decryption keys are the same, or ASYMMETRIC (aka 'Public Key') in
which encryption and decryption keys differ.
'Public Key' methods must be asymmetric, to the extent that the decryption key CANNOT be easily
derived from the encryption key. Symmetric keys, however, usually encrypt more efficiently, so they
lend themselves to encrypting large amounts of data. Asymmetric encryption is often limited to ONLY
encrypting a symmetric key and other information that is needed in order to decrypt a data stream, and
the remainder of the encrypted data uses the symmetric key method for performance reasons. This
does not in any way diminish the security nor the ability to use a public key to encrypt the data, since
the symmetric key method is likely to be even MORE secure than the asymmetric method.
For symmetric key ciphers, there are basically two types: BLOCK CIPHERS, in which a fixed length block is
encrypted, and STREAM CIPHERS, in which the data is encrypted one 'data unit' (typically 1 byte) at a
time, in the same order it was received in.
Public Key cryptography. Is incorrect because Kerberos depends on Secret Keys or Symmetric Key
cryptography and not Public Key or Asymmetric Key cryptography.
El Gamal cryptography. Is incorrect because El Gamal is an Asymmetric Key encryption algorithm.
Blowfish cryptography. Is incorrect because Blowfish is a Symmetric Key encryption algorithm.
References:
OIG CBK Access Control (pages 181 - 184)
AIOv3 Access Control (pages 151 - 155)
Wikipedia http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 ;
http://en.wikipedia.org/wiki/El_Gamal
http://www.mrp3com/encrypt.html
Question: 43
A confidential number used as an authentication factor to verify a user's identity is called a:
A. PIN
B. User ID
C. Password
D. Challenge
Answer: A
Explanation:
PIN Stands for Personal Identification Number, as the name states it is a combination of numbers.
User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to
establish identity not verify it.
Password. This is incorrect because a password is not required to be a number, it could be any
combination of characters.

Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.
Question: 44
Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails
Answer: B
Explanation:
Accountability would not include policies & procedures because while important on an effective security
program they cannot be used in determing accountability.
Unique identifiers. Is incorrect because Accountability would include unique identifiers so that you can
identify the individual.
Access rules. Is incorrect because Accountability would include access rules to define access violations.
Audit trails. Is incorrect because Accountability would include audit trails to be able to trace violations or
attempted violations.
Question: 45
Which of the following exemplifies proper separation of duties?
A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.
Answer: A
Explanation:
This is an example of Separation of Duties because operators are prevented from modifying the system
time which could lead to fraud. Tasks of this nature should be performed by they system administrators.
AIO defines Separation of Duties as a security principle that splits up a critical task among two or more
individuals to ensure that one person cannot complete a risky task by himself.
Programmers are permitted to use the system console. Is incorrect because programmers should not be
permitted to use the system console, this task should be performed by operators. Allowing
programmers access to the system console could allow fraud to occur so this is not an example of
Separation of Duties..

Console operators are permitted to mount tapes and disks. Is incorrect because operators should be
able to mount tapes and disks so this is not an example of Separation of Duties.
Tape operators are permitted to use the system console. Is incorrect because operators should be able
to use the system console so this is not an example of Separation of Duties.
References:
OIG CBK Access Control (page 98 - 101)
AIOv3 Access Control (page 182)
Question: 46
An access control policy for a bank teller is an example of the implementation of which of the following?
A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policy
Answer: D
Explanation:
The position of a bank teller is a specific role within the bank, so you would implement a role-based
policy.
Rule-based policy. Is incorrect because this is based on rules and not the role of a of a bank teller so this
would not be applicable for a specific role within an organization.
Identity-based policy. Is incorrect because this is based on the identity of an individual and not the role
of a bank teller so this would not be applicable for a specific role within an organization.
User-based policy. Is incorrect because this would be based on the user and not the role of a bank teller
so this would not be not be applicable for a specific role within an organization.
Question: 47
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.
Answer: A
Explanation:
Anything based on a fixed IP address would be a problem for mobile users because their location and its
associated IP address can change from one time to the next. Many providers will assign a new IP every

time the device would be restarted. For example an insurance adjuster using a laptop to file claims
online. He goes to a different client each time and the address changes every time he connects to the
ISP.
NOTE FROM CLEMENT:
The term MOBILE in this case is synonymous with Road Warriors where a user is constantly traveling and
changing location. With smartphone today that may not be an issue but it would be an issue for laptops
or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So
this question is more applicable to devices that are not cellular devices but in some cases this issue
could affect cellular devices as well.
Mechanism with reusable password. This is incorrect because reusable password mechanism would not
present a problem for mobile users. They are the least secure and change only at specific interval one-
time password mechanism. This is incorrect because a one-time password mechanism would not
present a problem for mobile users. Many are based on a clock and not on the IP address of the user
Challenge response mechanism. This is incorrect because challenge response mechanism would not
present a problem for mobile users.
Question: 48
Organizations should consider which of the following first before allowing external access to their LANs
via the Internet?
A. Plan for implementing workstation locking mechanisms.
B. Plan for protecting the modem pool.
C. Plan for providing the user with his account usage information.
D. Plan for considering proper authentication options.
Answer: D
Explanation:
Before a LAN is connected to the Internet, you need to determine what the access controls mechanisms
are to be used, this would include how you are going to authenticate individuals that may access your
network externally through access control.
Plan for implementing workstation locking mechanisms. This is incorrect because locking the
workstations have no impact on the LAN or Internet access.
Plan for protecting the modem pool. This is incorrect because protecting the modem pool has no impact
on the LAN or Internet access, it just protects the modem.
Plan for providing the user with his account usage information. This is incorrect because the question
asks what should be done first. While important your primary concern should be focused on security.
Question: 49
Kerberos can prevent which one of the following attacks?

A. Tunneling attack.
B. Playback (replay) attack.
C. Destructive attack.
D. Process attack.
Answer: B
Explanation:
Each ticket in Kerberos has a timestamp and are subject to time expiration to help prevent these types
of attacks.
Tunneling attack. This is incorrect because a tunneling attack is an attempt to bypass security and access
low-level systems. Kerberos cannot totally prevent these types of attacks.
Destructive attack. This is incorrect because depending on the type of destructive attack, Kerberos
cannot prevent someone from physically destroying a server.
Process attack. This is incorrect because with Kerberos cannot prevent an authorized individuals from
running processes
Question: 50
In discretionary access environments, which of the following entities is authorized to grant information
access to other people?
A. Manager
B. Group Leader
C. Security Manager
D. Data Owner
Answer: D
Explanation:
In Discretionary Access Control (DAC) environments, the user who creates a file is also considered the
owner and has full control over the file including the ability to set permissions for that file.
Manager is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user
that is authorized to grant information access to other people group leader. Is incorrect because in
Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant
information access to other people security manager. Is incorrect because in Discretionary Access
Control (DAC) environments it is the owner/user that is authorized to grant information access to other
people.
IMPORTANT NOTE:
The term Data Owner is also used within Classifications as well. Under the subject of classification the
Data Owner is a person from management who has been entrusted with a data set that belongs to the
company. For example it could be the Chief Financial Officer (CFO) who is entrusted with all of the

financial data for a company. As such the CFO would determine the classification of the financial data
and who can access as well. The Data Owner would then tell the Data Custodian (a technical person)
what the classification and need to know is on the specific set of data.
The term Data Owner under DAC simply means whoever created the file and as the creator of the file
the owner has full access and can grant access to other subjects based on their identity.

For More Information – Visit link below:
http://www.certsgrade.com/
PRODUCT FEATURES
100% Money Back Guarantee
90 Days Free updates
Special Discounts on Bulk Orders
Guaranteed Success
50,000 Satisfied Customers
100% Secure Shopping
Privacy Policy
Refund Policy
WE ACCEPT
Powered by TCPDF (www.tcpdf.org)

Cissp actual exam

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cissp actual exam

Similar to Cissp actual exam (20)

Recently uploaded

Recently uploaded (20)

Cissp actual exam