CISSP Exam Cram Latest Updated -

CISSP Exam Cram Latest Updated - Actual Exam 1000 Questions and 100% Verified Correct Answers Guaranteed A+

Annual Loss Expectancy - CORRECT ANSWER: ALE = SLE x ARO

Annual Rate of Occurrence - CORRECT ANSWER: How many times does this happen

annually?

ATO - CORRECT ANSWER: Authorization to Operate is a formal statement that

authorizes operation and agrees to accept any and all risks

BS 31100 - CORRECT ANSWER: Provides guidance on objectives, mandate and

commitment to manage risk

Class A FIre Extinguisher - CORRECT ANSWER: Ideal for paper, wood fires should be suppressed with water or soda acid

Class B Fire Extinguisher - CORRECT ANSWER: For Gasoline/Oil fires use CO2, soda acid or halon

Class C Fire Extinguisher - CORRECT ANSWER: For Electronics fires, suppressed with CO2 or halon replacement

Class D Fire Extinguisher - CORRECT ANSWER: For combustible metals, suppressed

with dry powder

Class K Fire Extinguisher - CORRECT ANSWER: For kitchen fires, use saponifying

agents that blanket the fire

COBIT - CORRECT ANSWER: is a framework to help provide governance and

assurance.

Components of Take-Grant model - CORRECT ANSWER: Confidentiality-based model

that supports: take, grant, create, revoke

Copyright - CORRECT ANSWER: A legal device that provides creator the right to

control how the work is used. For Life plus 70 years

CPTED - CORRECT ANSWER: is Crime Prevention Through Environmental Design

(CPTED). The benefits of CPTED include the following: Natural access control Natural surveillance Territorial reinforcement. The effect of CPTED is that it causes the criminal to feel an increase in the threat of being discovered and provides natural surveillance that can serve as a physical deterrent control. 1 / 4

Data Mining - CORRECT ANSWER: The process of analyzing data to find and

understand patterns and relationships about the data.

Data Warehouse - CORRECT ANSWER: A database that contains data from many

other databases. This allows for trend analysis and marketing decisions through data analytics

DCMA - CORRECT ANSWER: Digital Millenium Copyright Act makes it a crime to

bypass anti-piracy controls on software

Due Care - CORRECT ANSWER: Taking reasonable care to protect the assets of an

organization

Due Dilligence - CORRECT ANSWER: Doing the right thing over a period of time

End-to-End Encryption - CORRECT ANSWER: Generally performed by the end user

and as such can pass through each node without further processing. However, source and destination addresses are passed in clear text, so they can be seen to someone sniffing traffic.

FISMA - CORRECT ANSWER: Federal Info Security Management Act brought about a

set of clear guidelines for Info Security designed for protection of government IT and data

GLBA - CORRECT ANSWER: Gramm-Leach-Bliley Act resulted in the most sweeping

overhaul of financial services regulation in the United States.

How does PGP differ from PKI - CORRECT ANSWER: It does use a CA, but builds a

web of trust that develops as users sign and issues their own keys

How does S/MIME work - CORRECT ANSWER: Adds two valuable components to

email: digital signatures and public key encryption, it supports X.509 certs and RSA encryption

How the PERT weighted average is calculated - CORRECT ANSWER: PERT Weighted

Average = Optimistic Time +4 x Most Likely Time + Pessimistic Time/6

How to calculate Controls Gap - CORRECT ANSWER: ALE before Control - ALE after

Control

How to calculate Residual Risk - CORRECT ANSWER: (Threats x Vulnerability x Asset Value) x Controls Gap

• / 4

Interoperability Agreement - CORRECT ANSWER: An IA is a document that specifies

any and all requirements for creating and maintaining requirements for companies to exchange data (like between airlines)

ISA - CORRECT ANSWER: Interconnection Security Agreement is a document that

specifies the requirements for establishing, maintaining, and operating an interconnection between systems or networks

ISO 27001 - CORRECT ANSWER: This standard describes requirements on how to

establish, implement, operate, monitor, review, and maintain an information security management system (ISMS); it is based on British Standard 7799.

ISO 27002 - CORRECT ANSWER: This standard is considered a code of practice that

describes ways to develop a security program within the organization.

ISO 27003 - CORRECT ANSWER: ISO standard focused on implementation

ISO 27004 - CORRECT ANSWER: ISO standard for security management

ISO 27005 - CORRECT ANSWER: ISO standard on how to implement solutions based

upon risk management

ISO 27799 - CORRECT ANSWER: ISO standard focused on personal health info

ISO 9001 - CORRECT ANSWER: a quality management standard that has widespread

support and attention. ISO 9001 describes how production processes are to be managed and reviewed. It is not a standard of quality; it is about how well a system or process is documented.

Link Encryption - CORRECT ANSWER: encryption—The data is encrypted through the entire communication path. Because all header information is encrypted each node must decrypt and encrypt the routing information. Source and destination address cannot be seen to someone sniffing traffic.

Mantrap - CORRECT ANSWER: is used to prevent piggybacking and additional layers

of defense can be obtained by using guards and CCTV.

Military Data Classification - CORRECT ANSWER: Top Secret

Secret Sensitive but Unclassified Unclassified or Official

MOU - CORRECT ANSWER: Memorandum of Understanding is a document that

specifies terms and conditions for outsourcing partner organizations that must share data and info

• / 4

MTBF - CORRECT ANSWER: mean time between failure (MTBF), which is used to

calculate the expected lifetime of a device. The higher the MTBF is, the better.

MTTR - CORRECT ANSWER: mean time to repair (MTTR). The MTTR is an estimate

of how long it takes to repair the equipment and get it back into use. For MTTR, lower numbers are better.

Name the 3 types of locks - CORRECT ANSWER: Grade 3: residential/consumer

Grade 2: light-duty and heavy-duty residential

Grade 1: High-security

NIST 800-37 - CORRECT ANSWER: Guide for Applying Risk Management Framework

to Federal Info Systems

On an IDS, which type of 'false' is worse? - CORRECT ANSWER: False Negative is

worse the False Positive because it means an attack occurred but IDS failed to detect it.

Patent - CORRECT ANSWER: Documents a process or synthesis and grants the owner

a legally enforceable right to exclude others from using it

Pod Slurping - CORRECT ANSWER: a technique for illicitly downloading or copying

data from a computer. Typically used for data exfiltration.

Policy - CORRECT ANSWER: A high-level document that dictates management

intentions toward security.

Private Data Classification - CORRECT ANSWER: Confidential

Private Sensitive Public

Procedure - CORRECT ANSWER: It is the most specific of security documents and it is a detailed, in-depth, step-by-step document that details exactly what is to be done.

SAN - CORRECT ANSWER: "a data storage system consisting of various storage

elements, storage devices, computer systems, and/or appliances, plus all the control software, all communicating in efficient harmony over a network." A SAN appears to the client OS as a local disk or volume that is available to be formatted and used locally as needed.

SED - CORRECT ANSWER: Self-Encrypting Drives: Compliance—SEDs have the ability to offer built-in encryption. This can help with compliance laws that many organizations must adhere to. Strong security—SEDs make use of strong encryption.The contents of an SED are always encrypted and the encryption keys are themselves encrypted and protected in hardware. Ease of use—Users only have to authenticate to the drive when the device boots up or when they change passwords/credentials. The

• / 4