CISSP exam

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?A . Hashing the data before encryptionB . Hashing the data after encryptionC . Compressing the data after encryptionD . Compressing the data before encryptionView AnswerAnswer: A

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?A . Hardware and software compatibility issuesB . Applications’ critically and downtime toleranceC . Budget constraints and requirementsD . Cost/benefit analysis and business objectivesView AnswerAnswer: D

The use of private and public encryption keys is fundamental in the implementation of which of the following?A . Diffie-Hellman algorithmB . Secure Sockets Layer (SSL)C . Advanced Encryption Standard (AES)D . Message Digest 5 (MD5)View AnswerAnswer: B

Which of the following BEST describes the responsibilities of a data owner?A . Ensuring quality and validation through periodic audits for ongoing data integrityB . Maintaining fundamental data availability, including data storage and archivingC . Ensuring accessibility to appropriate users, maintaining appropriate levels of data securityD . Determining the impact...

Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?A . Simple Mail Transfer Protocol (SMTP) blacklistB . Reverse Domain Name System (DNS) lookupC . Hashing algorithmD . Header analysisView AnswerAnswer: D

When transmitting information over public networks, the decision to encrypt it should be based onA . the estimated monetary value of the information.B . whether there are transient nodes relaying the transmission.C . the level of confidentiality of the information.D . the volume of the information.View AnswerAnswer: C

Following the completion of a network security assessment, which of the following can BEST be demonstrated?A . The effectiveness of controls can be accurately measuredB . A penetration test of the network will failC . The network is compliant to industry standardsD . All unpatched vulnerabilities have been identifiedView AnswerAnswer:...

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?A . Derived credentialB . Temporary security credentialC . Mobile device credentialing serviceD . Digest authenticationView AnswerAnswer: A

Which of the following is MOST important when assigning ownership of an asset to a department?A . The department should report to the business ownerB . Ownership of the asset should be periodically reviewedC . Individual accountability should be ensuredD . All members should be trained on their responsibilitiesView AnswerAnswer:...

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?A . Check arguments in function callsB . Test for the security patch level of the environmentC . Include logging functionsD . Digitally sign each application moduleView AnswerAnswer:...