CISSP信息系统安全专家真题解析｜历年考试题+答案详解汇总

A. Company-owned hot site

B. Commercial hot site

C. Cold site

D. Warm site

A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications, and networking equipment, and UPS

B. A site is which space is reserved with pre-installed wiring and raised floors

C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS

D. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals with work groups

A. hot site

B. warm site

C. cold site

D. reciprocal agreement

A. non-mobile hot site

B. mobile hot site

C. warm site

D. cold site

A. The costs associated with hot sites are low

B. Hot sites can be made ready for operation within a short period of time

C. Hot sites can be used for an extended amount of time

D. Hot sites do not require that equipment and systems software be compatible with the primary installation being backed up

A. No resource contention with other organization

B. Quick Recovery

C. Geographical location that is not affected by the same disaster

D. low cost

A. Lack of successful recoveries using reciprocal agreements.

B. Legal liability of the host site in the event that the recovery fails.

C. Dissimilar equipment used by disaster recovery organization members.

D. Difficulty in enforcing the reciprocal agreement.

A. Hot site

B. Warm site

C. Duplicate information processing facilities

D. Reciprocal agreement

A. Potential risks

B. Residual risks

C. Identified risks

D. All of the above

A. Restore all files in preparation for the test

B. Document expected findings

C. Arrange physical security for the test site

D. Conduct a successful structured walk-through

A. Backup, Recover and Restoration

B. Testing Strategy Development

C. Post Recovery Transition Data Development

D. Implementation, Testing and Maintenance

A. Measurement of accuracy

B. Elapsed time for completion of critical tasks

C. Quantitatively measuring the results of the test

D. Evaluation of the observed test results

A. elapsed time to perform various activities

B. list of successful and unsuccessful activities

C. amount of work completed

D. description of each activity

A. A technical failure

B. A management failure

C. Because of a lack of awareness

D. Because of a lack of training

A. A hardware backup

B. A data backup

C. An operating system software backup

D. An application software backup

A. System backups

B. Electronic vaulting/remote journaling

C. Redundant arrays of independent disks (RAID)

D. Load balancing/disk replication

A. The plan should be reviewed at least once a year for accuracy and completeness

B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan

C. Strict version control should be maintained

D. Copies of the plan should be provided to recovery personnel for storage at home and office

A. Simulation test

B. Checklist test

C. Parallel test

D. Structured walkthrough test

A. To eliminate the need to develop detailed contingency plans

B. To ensure that program and system documentation remains current

C. To ensure the integrity of the data in the database

D. To ensure the continued compatibility of the contingency facilities

A. Size and complexity of the application.

B. Number of changes to the application.

C. Criticality of the application.

D. Reliability of the application.

A. Contact information for all personnel

B. Vendor contract information, including offsite storage and alternate site

C. Equipment ad system requirements lists of hardware, software, firmware, and other resources required to support system operations

D. The Business Impact Analysis

A. A hardware backup

B. A data backup

C. An operating system software backup

D. An application software backup

A. Damage assessment team

B. Hardware salvage team

C. Tiger team

D. Legal affairs team

A. Minimum standard requirements.

B. Legislative requirements.

C. Insurance rates.

D. Potential for litigation.

A. Due diligence

B. Risk mitigation

C. Asset protection

D. Due care

A. Negligent

B. Unethical

C. Abusive

D. Illegal

A. the company is not a multi-national company

B. they have not exercised due care protecting computing resources

C. they have failed to properly insure computer resources against loss

D. the company does not prosecute the hacker that caused the breach

A. C < L

B. C < L - (residual risk)

C. C > L

D. C > L - (residual risk)

A. Cascade liabilities

B. Downstream liabilities

C. Down-flow liabilities

D. Down-set liabilities

A. The have had previous contact with law enforcement

B. The conspire with others

C. They hold a position of trust

D. They deviate from the accepted norms of security

A. Outside espionage

B. Hackers

C. Personnel

D. Equipment Failure

A. Helping the community in securing their networks

B. Seeing how far their skills wll take them

C. Getting recognition for their actions

D. Money

A. Disgruntled employees

B. Student hackers

C. Criminal hackers

D. Corporate spies

A. Crackers

B. Sniffers

C. Hackers

D. None of the choices.

A. l0phtcrack

B. Tripwire

C. Crack

D. John the ripper

A. Nessus

B. Saint

C. Tripwire

D. Nmap

A. Circumstantial evidence

B. Corroborative evidence

C. Opinion evidence

D. Secondary evidence

A. Oral testimony by a non-expert witness

B. Oral testimony by an expert witness

C. A copy of a piece of evidence

D. Evidence that proves a specific act

A. Records are collected during the regular conduct of business

B. Records are collected by senior or executive management

C. Records are collected at or near the time of occurrence of the act being investigated

D. Records are in the custody of the witness on a regular basis

A. chain of command

B. chain of custody

C. chain of control

D. chain of communications

A. It must prove a fact that is material to the case

B. Its reliability must be proven

C. The process for producing it must be documented

D. The chain of custody of evidence must show who collected, security, controlled, handled, transported, and tampered with the evidence

A. Direct evidence

B. Circumstantial evidence

C. Hearsay evidence

D. Secondary evidence

A. Secondary evidence

B. Conclusive evidence

C. Hearsay evidence

D. Circumstantial evidence

A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies.

B. A proper chain of custody of evidence has to be preserved

C. Collection of evidence has to be done following predefined procedures

D. Whenever possible, analyze, a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence

A. direct evidence

B. best evidence

C. conclusive evidence

D. hearsay evidence

A. Evidence has to be collected following predefined procedures in accordance with all laws and legal regulations

B. Law enforcement officials should be contacted for advice on how and when to collect critical information

C. Verifiable documentation indicating the sequence of individuals who have handled a piece of evidence should be available.

D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

A. To ensure that no evidence is lost

B. To ensure that all possible evidence is gathered

C. To ensure that it will be admissible in court

D. To ensure that incidents were handled with due care and due diligence

A. It must be relevant

B. It must be annotated

C. It must be printed

D. t must contain source code

A. Direct evidence

B. Real evidence

C. Documentary evidence

D. Demonstrative evidence

A. Hearsay

B. Irrelevant

C. Incomplete

D. Secondary

A. The mode and means of transportation.

B. Notifying the person who owns the information being seized.

C. Complete description of the evidence, including quality if necessary.

D. Who received the evidence.

A. relevant

B. decrypted

C. edited

D. incriminating

A. Best evidence

B. Second hand evidence

C. Demonstrative evidence

D. Direct evidence

A. Because it is used to demonstrate the truth of the contents

B. Because it is used to identify the state of the system

C. Because the state of the memory cannot be used as avidence

D. Because of the exclusionary rule

A. Creating multiple logs using more than one utility.

B. Establishing secure procedures for authenticating users.

C. Maintaining all evidence under the control of an independent source.

D. Implementing disk mirroring on all devices where log files are stored.

A. A bound paper notebook.

B. An electronic mail document.

C. A personal computer in "capture" mode that prints immediately.

D. Microcassette recorder for verbal notes

A. There is a probable cause that a crime has been committed.

B. There is an expectation that evidence exists of the crime.

C': "There is probable cause to enter someone's home or business. ", 'D. There is a written document detailing the anticipated evidence.

A. Identifying what type of system is to be seized.

B. Identifying the search and seizure team members.

C. Identifying the cost of damage and plan for their recover.

D. Determining the risk that the suspect will destroy evidence.

A. Search and seizure

B. Data protection

C. Engagement

D. Evidence

A. Information is intangible

B. Evidence is difficult to gather

C. Computer-generated records are only considered secondary evidence, thus are no as reliable as best evidence

D. In many instances, an expert or specialist is required

A. Information stored in a computer is intangible evidence.

B. Evidence may be destroyed in an attempt to restore the system.

C. Isolating criminal activity in a detailed audit log is difficult.

D. Reports resulting from common user error often obscure the actual violation.

A. removed.

B. reduced.

C. increased.

D. unchanged.

A. )Opportunities

B. Methods

C. Motivation

D. Means

A. Standards law

B. Conduct law

C. Compliance law

D. Administrative law

A. Trade Property

B. Trade Asset

C. Patent

D. Trade Secret

A. For a company to have a resource qualify as a trade secret, it must provide the company with some type of competitive value or advantage

B. The Trade Secret Law normally protects the expression of the idea of the resource.

C. Many companies require their employees to sign nondisclosure agreements regarding the protection of their trade secrets

D. A resource can be protected by law if it is not generally known and if it requires special skill, ingenuity, and/or expenditure of money and effort to develop it

A. Civil law

B. Criminal law

C. Administrative law

D. Public law

A. Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected

B. Individuals have the right to correct errors contained in their personal data

C. Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited.

D. Records kept on an individual should be accurate and up to date

A. data pirate

B. data haven

C. country of convenience

D. sanctional nation

A. 1994 U.S. Communications Assistance for Law Enforcement Act

B. 1996 U.S. Economic and Protection of Property Information Act

C. 1996 U.S. National Information Infrastructure Protection Act

D. 1986 U.S. Computer Security Act

A. Privacy Act of 1974

B. Computer Security Act of 1987

C. Federal Information Resources Management Regulations

D. Office of Management & Budget Circular A-130

A. The 1987 U.S. Computer Security Act

B. The 1986 U.S. Computer Fraud and Abuse Act

C. The 1991 U.S. Federal Sentencing Guidelines

D. The 1996 U.S. National Information Infrastructure Protection Act

A. The Electronic Espionage Act of 1996

B. The Gramm Leach Bliley Act of 1999

C. The Computer Security Act of 1987

D. The Federal Privacy Act of 1974

A. Availability and Accountability

B. Accuracy and Privacy

C. Security and Availability

D. Security and Privacy

A. 1987 U.S. Computer Security Act

B. 1996 U.S. Economic and Protection of Proprietary Information Act

C. 1994 U.S. Computer Abuse Amendments Act

D. 1986 (Amended in 1996) U.S. Computer Fraud and Abuse Act

A. system development activity

B. help-desk function

C. system backup function

D. risk management process

A. Successfully retrieve all evidence that can be used to prosecute

B': ") Improve the company's ability to be prepared for threats and disasters", 'C': ") Improve the company's disaster recovery plan", 'D. Contain and repair any damage caused by an event

A. Technical knowledge

B. Communication skills

C. The recovery capability

D. Understanding business policy

A. Continuity of support plan

B. Business continuity plan

C. Incident response plan

D. Continuity of operations plan

A. Within the first three months after the investigation of the intrusion is completed

B. Within the first week after prosecution of intruders have taken place, weather successful or not

C. Within the first month after the investigation of the intrusion is completed

D. Within the first week of completing the investigation of the intrusion

A. The manager should call the colleague and explain what has been discovered. The manager should then ask for the return of the information in exchange for silence.

B. The manager should warn the competitor that a potential crime has been committed that could put their company at risk.

C. The manager should inform his or her appropriate company management, and secure the results of the recover exercise for future review.

D. The manager should call the colleague and ask the purpose of running the job prior to informing his or her company management of the situation.

A. When they are used to tie together a set of unconnected requests for web pages to cause an electronic map of where one has been.

B. When they are used to keep logs of who is using an anonymizer to access a site instead of their regular userid.

C. When the e-mail addresses of users that have registered to access the web site are sold to marketing firms.

A. Implementing a corporate policy on copyright infringements and software use

B': ") Requiring that all PC's be diskless workstations", 'C. Installing metering software on the LAN so applications can be accessed through the metered software

A. moral

B. ethical

C. legal

D. control

A. Computer Ethics Institute commandments

B. (ISC)2 Code of Ethics

C': ") Internet Activities Board's Ethics and the Internet (RFC1087)", 'D. CIAC Guidelines

A. Inverse Engineering

B. Backward Engineering

C. Subvert Engineering

D. Reverse Engineering

A. Ownership of proprietary software.

B. Information resource management.

C. Service level agreements.

D. System implementation and design.

A. Writing computer viruses

B. Monitoring data traffic

C. Westing computer resources

D. Concealing unauthorized accesses

A. The process if very slow.

B': "The file's last access time is changed. ", 'C. The message digest is almost as long as the data string.

D. One-way hashing technology invalidates message digest processing.

A. Contains system level access control kernel.

B. Can contain a hidden file or dat

A.

C. Can contain vital system information.

D. Can be defeted to avoid detection.

A. Booting the machine with the installed operating system.

B. Booting the machine with an operating system diskette.

C. Removing the hard drive to view the output of the forensic imaging software.

D. Directing the output of the forensic imaging software to the small computer system interface (SCSI).

A. Is based on secured hardware technology.

B. Creates a bit level copy of the entire disk.

C. Time stamps the files with the date and time of the copy operation.

D. Excludes areas that have never been used to store dat

A.

A. Clearing completely erases the media whereas purging only remoes file headers, allowing the recovery of files

B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack

C. They both involve rewriting the media

D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack

A. The Home Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.

B. The Public Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.

C. )The Health Insurance Privacy & Accountability Act of 1996 (August 2), public law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.

D. The Health Insurance Privacy & Accountability Act of 1996 (August 2), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.

A. apply to certain types of critical health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.

B. apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.

C. apply to health information created or maintained by some large health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.

D. apply to health information created or maintained by health care providers regardless of whether they engage in certain electronic transactions, health plans, and health care clearinghouses.

A. Transactions

B. availability

C. Privacy

D. Security

A. to the practice of identifying the policies and procedures you currently have in place regarding the availability of protected health information.

B. to the practice of identifying the policies and procedures you currently have in place regarding the confidentiality of protected health information.

C. to the practice of identifying the policies and procedures you currently have in place regarding the authenticity of protected health information.

D. to the practices of identifying the legislation you currently have in place regarding the confidentiality of protected health information.

A. includes a comparison of your proposed policies and procedures and the requirements established in the Security and Privacy Regulation in order to identify any necessary modifications in existing policies to satisfy HIPPA regulations when they are stricter than state privacy laws.

B. includes a comparison of your current policies and procedures and the requirements established in the Security and Privacy Regulation in order to identify any necessary modifications in existing policies to satisfy HIPPA regulations when they are stricter than state privacy laws

C. includes a comparison of your ideal policies and procedures and the requirements established in the Security and Privacy Regulation in order to identify any necessary modifications in existing policies to satisfy HIPPA regulations when they are stricter than state privacy laws.

D. includes a comparison of your exceptional policies and procedures and the requirements established in the Security and Privacy Regulation in order to identify any necessary modifications in existing policies to satisfy HIPPA regulations when they are stricter than state privacy laws

A. In terms of HIPPA, a gap analysis cannot be defined.

B. In terms of HIPPA, a gap analysis defines what an organization currently is doing in a specific area of their organization and compares current operations to other requirements mandated by ethical standards.

C. In terms of HIPPA, a gap analysis defines what an organization currently is doing in a specific area of their organization and compares current operations to other requirements mandated by state or federal law

D. In terms of HIPPA, a gap analysis defines what an organization proposes to be doing in a specific area of their organization and compares proposed operations to other requirements mandated by state or federal law.

A. who engage in certain electronic transactions, health plans, and health care clearinghouses

B. who do not engage in certain electronic transactions, health plans, and health care clearinghouses

C. regardless of whether they engage in certain electronic transactions, health plans, and health care clearinghouses

D. if they engage for a majority of days in a year in certain electronic transactions, health plans, and health care clearinghouses.