Transcription
CISSP PracticeQuestionsThird EditionMichael Gregg
CISSP Practice Questions Exam Cram, Third EditionCopyright 2013 by Pearson Education, Inc.All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, orotherwise, without written permission from the publisher. No patent liability isassumed with respect to the use of the information contained herein. Although everyprecaution has been taken in the preparation of this book, the publisher and authorassume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.ISBN-13: 978-0-7897-4959-8ISBN-10: 0-7897-4959-9Library of Congress Cataloging-in-Publication data is on file.Printed in the United States of AmericaFirst Printing: September 2012TrademarksAssociate PublisherDave DusthimerAcquisitions EditorBetsy BrownSenior DevelopmentEditorChristopherClevelandManaging EditorSandra SchroederSenior ProjectEditorTonya SimpsonAll terms mentioned in this book that are known to be trademarks or service markshave been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affectingthe validity of any trademark or service mark.Copy EditorSheri CainWarning and DisclaimerTechnical EditorsShawn MerdingerPatrick RamseierEvery effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is”basis. The author and the publisher shall have neither liability nor responsibility to anyperson or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.Bulk SalesPearson IT Certification offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contactU.S. Corporate and Government or sales outside of the U.S., please contactInternational torVanessa EvansMultimediaDeveloperTimothy WarnerInterior DesignerGary AdairCover DesignerAlan ClementsCompositorTnT Design, Inc.
Contents at a GlanceIntroduction1CHAPTER 1:Physical (Environmental) Security5CHAPTER 2:Access Control31CHAPTER 3:Cryptography65CHAPTER 4:Security Architecture and Design99CHAPTER 5:Telecommunications and Network Security135CHAPTER 6:Business Continuity and Disaster Recovery Planning171CHAPTER 7:Legal, Regulations, Investigations, and Compliance209CHAPTER 8:Software Development Security237CHAPTER 9:Information Security, Governance, and Risk Management271Security Operations301CHAPTER 10:
ivCISSP Practice Questions Exam CramTable of ContentsIntroduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Who This Book Is For. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1What You Will Find in This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Hints for Using This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Pearson IT Certification Practice Test Engine andQuestions on the CD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Need Further Study? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Chapter 1:Physical (Environmental) Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Chapter 2:Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Chapter 3:Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
ContentsvChapter 4:Security Architecture and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Chapter 5:Telecommunications and Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159Chapter 6:Business Continuity and Disaster Recovery Planning . . . . . . . . . . . . . . . . . . . . . 171Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Chapter 7:Legal, Regulations, Investigations, and Compliance . . . . . . . . . . . . . . . . . . . . . 209Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228Chapter 8:Software Development Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
viCISSP Practice Questions Exam CramChapter 9:Information Security, Governance, and Risk Management. . . . . . . . . . . . . . . . . 271Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Chapter 10:Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Practice Questions (True or False). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
About the AuthorAs the founder and president of Superior Solutions, Inc., a Houston-based ITsecurity consulting and auditing firm, Michael Gregg has more than 20 yearsof experience in information security and risk management. He holds two associate’s degrees, a bachelor’s degree, and a master’s degree. Some of the certifications he holds include CISA, CISSP, MCSE, CTT , A , N , Security , CASP,CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, CGEIT, and SSCP.In addition to his experience performing security audits and assessments,Michael has authored or coauthored more than 15 books, including CertifiedEthical Hacker Exam Prep (Que), CISSP Exam Cram 2 (Que), and SecurityAdministrator Street Smarts (Sybex). He is a site expert for TechTarget.com websites, such as SearchNetworking.com. He also serves on their editorial advisoryboard. His articles have been published on IT websites, and he has been quotedon Fox News and The New York Times. He has created more than 15 securityrelated courses and training classes for various companies and universities.Although audits and assessments are where he spends the bulk of his time, teaching and contributing to the written body of IT security knowledge are howMichael believes he can give something back to the community that has givenhim so much.He is a board member for Habitat For Humanity and, when not working,Michael enjoys traveling and restoring muscle cars.
DedicationI dedicate this book to those who have been my mentors along the way,because without them, this book would not have been possible.AcknowledgmentsI want like to thank everyone who helped make this project a reality, includingBetsy Brown, Chris Cleveland, Shawn Merdinger, Patrick Ramseier, and theentire crew at Pearson.
About the Technical ReviewersShawn Merdinger is a security researcher and analyst at the University of FloridaAcademic Health Center. He has worked with Cisco Systems, 3Com/TippingPoint, and as an independent consultant. His current research focuses onmedical device security, and he is the founder of the MedSec group on LinkedIn.Shawn regularly presents original research at security/hacker conferences such asDEFCON, Ph-Neutral, ShmooCon, CONfidence, NoConName, O’Reilly,CSI, IT Underground, CarolinaCon, and SecurityOpus.Patrick Ramseier is a technical editor and author and manages a team of security and unified access consultants. He has held several management and technical positions in different security companies over the past 18 years and currently works on the Borderless Network Security and Unified Access team for Ciscoin the Bay Area, where he leads a senior consulting team covering the entirewestern United States. Patrick has provided many technical edits/reviews forseveral major publishing companies, including Pearson Education, McGrawHill, Wiley, and Sybex. He has a BA in Business Administration and MIS andholds CCNA, CISSP, and CISCP certifications.
xCISSP Practice Questions Exam CramWe Want to Hear from You!As the reader of this book, you are our most important critic and commentator.We value your opinion and want to know what we’re doing right, what we coulddo better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.We welcome your comments. You can email or write to let us know what youdid or didn’t like about this book—as well as what we can do to make our booksbetter.Please note that we cannot help you with technical problems related to the topic of thisbook.When you write, please be sure to include this book’s title and author as well asyour name and email address. We will carefully review your comments and sharethem with the author and editors who worked on the :Dave DusthimerAssociate PublisherPearson IT Certification800 East 96th StreetIndianapolis, IN 46240 USAReader ServicesVisit our website and register this book at www.pearsonitcertification.com/register for convenient access to any updates, downloads, or errata that might beavailable for this book.
IntroductionWelcome to the CISSP Practice Questions Exam Cram! This book provides youwith practice questions, complete
Questions on the CD.2 Need Further Study?.4 Chapter 1: . Answers and Explanations.23 Chapter 2: Access Control . CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, CGEIT, and SSCP. In addition to his experience performing security audits and assessments, Michael has authored or coauthored more than 15 books, including Certified Ethical Hacker Exam Prep(Que), CISSP Exam
