CISSP_Candidate
08-30-2006, 08:12 AM
If anyone can help me clarify the following questions...i am really puzzled
Q1. The concentric circle approach is used to
A. evaluate environmental threats.
B. assess the physical security of a facility.
C. assess the communications network security.
D. develop a personnel security program.
ANSWER: Think its B, could not find any reference (the only one i find are related to disease propagation...).
Q2. Which one of the following BEST describes a password cracker?
A. A program that can locate and read a password file
B. A program that provides software registration passwords or keys
C. A program that performs comparative analysis
D. A program that obtains privileged access to the system
ANSWER: Think its C but not sure
Q3. Which one of the following is a good defense against worms?
A. Differentiating systems along the lines exploited by the attack
B. Placing limits on sharing, writing, and executing programs
C. Keeping data objects small, simple, and obvious as to their intent
D. Limiting connectivity by means of well-managed access controls
ANSWER: What about B ?
Q4. Which one of the following is an example of electronic piggybacking?
A. Attaching to a communications line and substituting data
B. Abruptly terminating a dial-up or direct-connect session
C. Following an authorized user into the computer room
D. Recording and playing back computer transactions
ANSWER: "electronic piggybacking" ??? C is "standard piggybacking"
Q5. Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
A. What is to be done?
B. When is it to be done?
C. Who is to do it?
D. Why it is to be done?
ANSWER: no idea
Q6. Evidence corroboration is achieved by
A. creating multiple logs using more than one utility.
B. establishing secure procedures for authenticating users.
C. maintaining all evidence under the control of an independent source.
D. implementing disk mirroring on all devices where log files are stored.
ANSWER: I would say A but not sure
Q1. The concentric circle approach is used to
A. evaluate environmental threats.
B. assess the physical security of a facility.
C. assess the communications network security.
D. develop a personnel security program.
ANSWER: Think its B, could not find any reference (the only one i find are related to disease propagation...).
Q2. Which one of the following BEST describes a password cracker?
A. A program that can locate and read a password file
B. A program that provides software registration passwords or keys
C. A program that performs comparative analysis
D. A program that obtains privileged access to the system
ANSWER: Think its C but not sure
Q3. Which one of the following is a good defense against worms?
A. Differentiating systems along the lines exploited by the attack
B. Placing limits on sharing, writing, and executing programs
C. Keeping data objects small, simple, and obvious as to their intent
D. Limiting connectivity by means of well-managed access controls
ANSWER: What about B ?
Q4. Which one of the following is an example of electronic piggybacking?
A. Attaching to a communications line and substituting data
B. Abruptly terminating a dial-up or direct-connect session
C. Following an authorized user into the computer room
D. Recording and playing back computer transactions
ANSWER: "electronic piggybacking" ??? C is "standard piggybacking"
Q5. Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
A. What is to be done?
B. When is it to be done?
C. Who is to do it?
D. Why it is to be done?
ANSWER: no idea
Q6. Evidence corroboration is achieved by
A. creating multiple logs using more than one utility.
B. establishing secure procedures for authenticating users.
C. maintaining all evidence under the control of an independent source.
D. implementing disk mirroring on all devices where log files are stored.
ANSWER: I would say A but not sure