Vous êtes sur la page 1sur 9

Table of Contents

Chapter 1
Access Control Systems & Methodology.......................................... 2
Answer Key 227
Explanations 268

Chapter 2
Applications & Systems Development............................................. 22
Answer Key 231
Explanations 296

Chapter 3
Business Continuity Planning.......................................................... 44
Answer Key 235
Explanations 324

Chapter 4
Cryptography.................................................................................... 68
Answer Key 239
Explanations 353

Chapter 5
Law, Investigation & Ethics............................................................. 90
Answer Key 243
Explanations 380

Chapter 6
Operations Security........................................................................ 115
Answer Key 247
Explanations 410

Chapter 7
Physical Security............................................................................. 137
Answer Key 251
Explanations 438

Chapter 8
Security Architecture & Models.................................................... 159
Answer Key 255
Explanations 468

Chapter 9
Security Management Practices.................................................... 182
Answer Key 259
Explanations 497

Chapter 10
Telecommunications, Network & Internet Security.................... 204
Answer Key 263
Explanations 525
CISSP Printables
Copyright 2005 by PrepLogic, Inc.
Product ID: 4293
Production Date: April 15, 2005
Total Questions: 750

All rights reserved. No part of this document shall be stored in a retrieval system
or transmitted by any means, electronic, mechanical, photocopying, recording, or
otherwise, without written permission from the publisher. No patent liability is
assumed with respect to the use of the information contained herein.

Warning and Disclaimer


Every effort has been made to make this document as complete and as accurate as
possible, but no warranty or fitness is implied. The publisher and authors assume
no responsibility for errors or omissions. The information provided is on an "as
is" basis. The authors and the publisher shall have neither liability nor
responsibility to any person or entity with respect to any loss or damages arising
from the information contained in this document.

Volume, Corporate, and Educational Sales


PrepLogic offers favorable discounts on all products when ordered in quantity.
For more information, please contact PrepLogic directly:

1-800-418-6789
solutions@preplogic.com
Access Control Systems & Methodology 2

Chapter 1
Access Control Systems & Methodology
1. ______________ is what allows you to do what you are requesting from the
system based on access criteria.

A. Authorization
B. Identification
C. Authentication
D. Auditing
Find the Answer p. 227

2. What type of access control is based on job description?

A. Group based
B. Role based
C. Transaction based
D. Discretionary based
Find the Answer p. 227

3. Which of the following is a disadvantage of single sign on from the perspective of


security?

A. Simplified password management and administration


B. Less time required overall to perform logon and authentication is a
good thing
C. Stronger passwords are often used
D. Users can roam the network without restrictions
Find the Answer p. 227
Access Control Systems & Methodology 3

4. Which of the following is NOT an example of a single sign on technology?

A. TACACS
B. Kerberos
C. SESAME
D. KryptoKnight
Find the Answer p. 227

5. Role based access control is also known as?

A. Discretionary
B. Mandatory
C. Nondiscretionary
D. Recursive
Find the Answer p. 227

6. ACLs are the most common implementation of what form of access control?

A. Role based
B. Mandatory
C. Nondiscretionary
D. Discretionary
Find the Answer p. 227

7. What form of access control is NOT centrally managed?

A. Discretionary
B. Mandatory
C. Nondiscretionary
D. Role based
Find the Answer p. 227
Access Control Systems & Methodology 227

Answers: Chapter 1
1. A Review Question p. 2 Detailed Explanation p. 268

2. B Review Question p. 2 Detailed Explanation p. 268

3. D Review Question p. 2 Detailed Explanation p. 268

4. A Review Question p. 3 Detailed Explanation p. 269

5. C Review Question p. 3 Detailed Explanation p. 269

6. D Review Question p. 3 Detailed Explanation p. 269

7. A Review Question p. 3 Detailed Explanation p. 270

8. B Review Question p. 4 Detailed Explanation p. 270

9. A Review Question p. 4 Detailed Explanation p. 270

10. B Review Question p. 4 Detailed Explanation p. 271

11. C Review Question p. 4 Detailed Explanation p. 271

12. D Review Question p. 5 Detailed Explanation p. 271

13. A Review Question p. 5 Detailed Explanation p. 272

14. B Review Question p. 5 Detailed Explanation p. 272

15. C Review Question p. 6 Detailed Explanation p. 273

16. D Review Question p. 6 Detailed Explanation p. 273

17. A Review Question p. 6 Detailed Explanation p. 273

18. B Review Question p. 6 Detailed Explanation p. 273

19. C Review Question p. 7 Detailed Explanation p. 274

20. D Review Question p. 7 Detailed Explanation p. 274

21. A Review Question p. 7 Detailed Explanation p. 274

22. B Review Question p. 7 Detailed Explanation p. 275

23. C Review Question p. 8 Detailed Explanation p. 275


Access Control Systems & Methodology 268

Explanations: Chapter 1
1. Review Question p. 2
Answers: A
Explanation A. Authorization is what allows you to do what you are requesting from
the system based on access criteria.
Explanation B. Identification is the who that a subject claims to be.
Explanation C. Authentication is the verification of the subject's identity with one or
more authentication factors, such as a password.
Explanation D. Auditing enables the activities of subjects to be tracked in order to
sustain accountability.

PrepLogic Question: 4293-101

2. Review Question p. 2
Answers: B
Explanation A. Group based access controls are based on collections of similar users.
Explanation B. Role based access controls are based on job descriptions.
Explanation C. Transaction based access controls are based on the content of a
communication exchange.
Explanation D. Discretionary based access controls are based arbitrary decisions by the
data custodians and data owners.

PrepLogic Question: 4293-102

3. Review Question p. 2
Answers: D
Explanation A. Simplified password management and administration is an advantage
of single sign on.
Explanation B. Less time required overall to perform logon and authentication
Explanation C. Stronger passwords are often used is an advantage of single sing on.
Access Control Systems & Methodology 269

Explanation D. Being able to roam the network without restrictions is a disadvantage


of single sign on, as this makes securing the sign ons more difficult.

PrepLogic Question: 4293-103

4. Review Question p. 3
Answers: A
Explanation A. TACACS is an example of a centralized remote access authentication
technology, not single sign on.
Explanation B. Kerberos is an example of a single sign on technology.
Explanation C. SESAME is an example of a single sign on technology.
Explanation D. KryptoKnight is an example of a single sign on technology.

PrepLogic Question: 4293-104

5. Review Question p. 3
Answers: C
Explanation A. Discretionary access control is based on data custodian/owner
discretion.
Explanation B. Mandatory access control is based on data classification.
Explanation C. Role based access control is also known as nondiscretionary.
Explanation D. Recursive is not a valid type of access control.

PrepLogic Question: 4293-105

6. Review Question p. 3
Answers: D
Explanation A. Role based, or nondiscretionary access controls, are based on job
descriptions and work tasks.
Explanation B. Mandatory access control is based on data classification.
Explanation C. Role based or nondiscretionary access controls are based on job
descriptions and work tasks.