• Complain

S. Rao Vallabhaneni - CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test

Here you can read online S. Rao Vallabhaneni - CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2011, publisher: Wiley, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

S. Rao Vallabhaneni CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test
  • Book:
    CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test
  • Author:
  • Publisher:
    Wiley
  • Genre:
  • Year:
    2011
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

A must-have prep guide for taking the CISSP certification exam

If practice does, indeed, make perfect, then this is the book you need to prepare for the CISSP certification exam! And while the six-hour exam may be grueling, the preparation for it doesnt have to be. This invaluable guide offers an unparalleled number of test questions along with their answers and explanations so that you can fully understand the why behind the correct and incorrect answers. An impressive number of multiple-choice questions covering breadth and depth of security topics provides you with a wealth of information that will increase your confidence for passing the exam.

The sample questions cover all ten of the domains tested: access control; telecommunications and network security; information security governance and risk management; application development security; cryptography; security architecture and design; operations security; business continuity and disaster recovery planning; legal, regulations, investigations, and compliance; and physical and environmental security.

  • Prepares you for taking the intense CISSP certification exam with an impressive and unique 2,250 test prep questions and answers
  • Includes the explanation behind each answer so you can benefit from learning the correct answer, but also discover why the other answers are not correct
  • Features more than twice the number of practice questions of any other book on the market and covers nine times the number of questions tested on the exam

With CISSP certification now a requirement for anyone seeking security positions in corporations and government, passing the exam is critical. Packed with more than 2,000 test questions, CISSP Practice will prepare you better than any other resource on the market.

S. Rao Vallabhaneni: author's other books


Who wrote CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test? Find out the surname, the name of the author of the book and a list of all author's works by series.

CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Domain 1 Access Control 1 For intrusion detection and prevention system - photo 1

Domain 1

Access Control

1. For intrusion detection and prevention system capabilities, stateful protocol analysis uses which of the following?

Blacklists

Whitelists

Threshold

Program code viewing

a. 1 and 2

b. 1, 2, and 3

c. 3 only

d. 1, 2, 3, and 4

1. d. Stateful protocol analysis (also known as deep packet inspection) is the process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations. Stateful protocol analysis uses blacklists, whitelists, thresholds, and program code viewing to provide various security capabilities.

A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Thresholds set the limits between normal and abnormal behavior of the intrusion detection and prevention systems (IDPS). Program code viewing and editing features are established to see the detection-related programming code in the IDPS.

2. Electronic authentication begins with which of the following?

a. Token

b. Credential

c. Subscriber

d. Credential service provider

2. c. An applicant applies to a registration authority (RA) to become a subscriber of a credential service provider (CSP) and, as a subscriber, is issued or registers a secret, called a token, and a credential (public key certificate) that binds the token to a name and other attributes that the RA has verified. The token and credential may be used in subsequent authentication events.

3. In the electronic authentication process, who performs the identity proofing?

a. Subscriber

b. Registration authority

c. Applicant

d. Credential service provider

3. b. The RA performs the identity proofing after registering the applicant with the CSP. An applicant becomes a subscriber of the CSP.

4. In electronic authentication, which of the following provides the authenticated information to the relying party for making access control decisions?

a. Claimant/subscriber

b. Applicant/subscriber

c. Verifier/claimant

d. Verifier/credential service provider

4. d. The relying party can use the authenticated information provided by the verifier/CSP to make access control decisions or authorization decisions. The verifier verifies that the claimant is the subscriber/applicant through an authentication protocol. The verifier passes on an assertion about the identity of the subscriber to the relying party. The verifier and the CSP may or may not belong to the same identity.

5. In electronic authentication, an authenticated session is established between which of the following?

a. Claimant and the relying party

b. Applicant and the registration authority

c. Subscriber and the credential service provider

d. Certifying authority and the registration authority

5. a. An authenticated session is established between the claimant and the relying party. Sometimes the verifier is also the relying party. The other three choices are incorrect because the correct answer is based on facts.

6. Under which of the following electronic authentication circumstances does the verifier need to directly communicate with the CSP to complete the authentication activity?

a. Use of a digital certificate

b. A physical link between the verifier and the CSP

c. Distributed functions for the verifier, relying party, and the CSP

d. A logical link between the verifier and the CSP

6. b. The use of digital certificates represents a logical link between the verifier and the CSP rather than a physical link. In some implementations, the verifier, relying party, and the CSP functions may be distributed and separated. The verifier needs to directly communicate with the CSP only when there is a physical link between them. In other words, the verifier does not need to directly communicate with the CSP for the other three choices.

7. In electronic authentication, who maintains the registration records to allow recovery of registration records?

a. Credential service provider

b. Subscriber

c. Relying party

d. Registration authority

7. a. The CSP maintains registration records for each subscriber to allow recovery of registration records. Other responsibilities of the CSP include the following:

The CSP is responsible for establishing suitable policies for renewal and reissuance of tokens and credentials. During renewal, the usage or validity period of the token and credential is extended without changing the subscribers identity or token. During reissuance, a new credential is created for a subscriber with a new identity and/or a new token.

The CSP is responsible for maintaining the revocation status of credentials and destroying the credential at the end of its life. For example, public key certificates are revoked using certificate revocation lists (CRLs) after the certificates are distributed. The verifier and the CSP may or may not belong to the same entity.

The CSP is responsible for mitigating threats to tokens and credentials and managing their operations. Examples of threats include disclosure, tampering, unavailability, unauthorized renewal or reissuance, delayed revocation or destruction of credentials, and token use after decommissioning.

The other three choices are incorrect because the (i) subscriber is a party who has received a credential or token from a CSP, (ii) relying party is an entity that relies upon the subscribers credentials or verifiers assertion of an identity, and (iii) registration authority (RA) is a trusted entity that establishes and vouches for the identity of a subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).

8. Which of the following is used in the unique identification of employees and contractors?

a. Personal identity verification card token

b. Passwords

c. PKI certificates

d. Biometrics

8. a. It is suggested that a personal identity verification (PIV) card token is used in the unique identification of employees and contractors. The PIV is a physical artifact (e.g., identity card or smart card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, or digitized fingerprint).

The other three choices are used in user authenticator management, not in user identifier management. Examples of user authenticators include passwords, tokens, cryptographic keys, personal identification numbers (PINs), biometrics, public key infrastructure (PKI) certificates, and key cards. Examples of user identifiers include internal users, external users, contractors, guests, PIV cards, passwords, tokens, and biometrics.

9. In electronic authentication, which of the following produces an authenticator used in the authentication process?

a. Encrypted key and password

b. Token and cryptographic key

c. Public key and verifier

d. Private key and claimant

9. b. The token may be a piece of hardware that contains a cryptographic key that produces the authenticator used in the authentication process to authenticate the claimant. The key is protected by encrypting it with a password.

The other three choices cannot produce an authenticator. A public key is the public part of an asymmetric key pair typically used to verify signatures or encrypt data. A verifier is an entity that verifies a claimants identity. A private key is the secret part of an asymmetric key pair typically used to digitally sign or decrypt data. A claimant is a party whose identity is to be verified using an authentication protocol.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test»

Look at similar books to CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test»

Discussion, reviews of the book CISSP Practice: 2,250 Questions, Answers, and Explanations for Passing the Test and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.