Q1303
What is called the number of columns in a table?
A. Schema
B. Relation
C. Degree
D. Cardinality
Answer: C
Explanation: In database terminology, is the same to say that the number of Degrees is “X” and that the
number of columns is “X” inside a Table. This question is just trying to test our knowledge of rare, difficult to fin
terminology. You can check this in the knowledgebase of Oracle. When we talk about degrees, we are just
talking about columns. The schema is the structure of the database, and the relations are the way each table
relates to others.
Q1304
Which of the following is the most reliable authentication device?
A. Variable callback system
B. Smart Card system
C. Fixed callback system
D. Combination of variable and fixed callback system.
Answer: B
Explanation: The smart card, an intelligent token, is a credit card sized plastic card embedded with an
integrated circuit chip. It provides not only memory capacity, but computational capability
630
ISC CISSP Exam
as well. The self-containment of smart card makes it resistant to attack as it does not need to depend upon
potentially vulnerable external resources. Because of this characteristic, smart cards are often used in different
applications which require strong security protection and authentication. Option B is the most correct option, this
is because Callback systems are not considered very reliable in the CISSP examination, Smart cards can also
provide 2 mode authentication.
“Caller ID and callback options are great, but they are usually not practical because they require users to call in
from a static phone number each time they access the network. Most users are accessing the network remotely
because they are on the road and moving from place to place.” Pg. 428 Shon Harris: All-In-One CISSP
Certification Guide.
Q1305
Which of the following firewall rules is less likely to be found on a firewall installed between and organization
internal network and the Internet?
A. Permit all traffic to and from local host.
B. Permit all inbound ssh traffic
C. Permit all inbound tcp connections.
D. Permit all syslog traffic to log-server.abc.org.
Answer: C
Explanation: Option “C” is a very bad practice in a firewall connecting one of its interfaces to a public network
like Internet. Since in that rule you are allowing all inbound TCP traffic, the hackers can send all the attacks they
want to any TCP port, they can make port scanning, Syn Attacks, and many other dangerous DoS activities to
our private network. Permit the traffic from local host is a best practice, our firewall is the local host. Permit SSH
(Secure Shell) is also good because this protocol use cryptography.
Q1306
The Internet can be utilized by either?
631
ISC CISSP Exam
A. Public or private networks (with a Virtual Private Networks).
B. Private or public networks (with a Virtual Private Networks).
C. Home or private networks (with a Virtual Private Networks).
D. Public or home networks (with a Virtual Private Networks).
Answer: C
Explanation:
Q1307
This backup method must be made regardless of whether Differential or Incremental methods are used.
A. Full Backup Method
B. Incremental backup method
C. Differential backup method
D. Tape backup method
Answer: A
Explanation: Since the “Full” backup method provides a baseline for our systems for Restore, the full backup
must be done at least once regardless of the method you are using. Its very common to use full backups in
combination with incremental or differential ones to decrease the backup time (however you increment the
restore time), but there is no way to maintain a system only with incremental or differential backups. You always
need to begin from your restore baseline, the Full Backup.
Q1308
Why do buffer overflows happen?
A. Because buffers can only hold so much data.
B. Because input data is not checked for appropriate length at time of input.
632
ISC CISSP Exam
C. Because they are an easy weakness to exploit.
D. Because of insufficient system memory.
Answer: B
Explanation:
Q1309
Which of the following should not be performed by an operator?
A. Mounting disk or tape
B. Backup and recovery
C. Data entry
D. Handling hardware
Answer: B
Explanation:
Q1310
What security model is dependant on security labels?
A. Discretionary access control
B. Label-based access control
C. Mandatory access control
D. Non-discretionary access control
Answer: C
Explanation: With mandatory controls, only administrators and not owners of resources may make decisions
that bear on or derive from policy. Only an administrator may change the category of a resource, and no one
may grant a right of access that is explicitly forbidden in the access control policy. This kind of access control
method is based on Security labels. It is important to note that mandatory controls are prohibitive (i.e., all that is
not expressly permitted is forbidden).
633
ISC CISSP Exam
Q1311
Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following?
A. Audit log capabilities
B. Event capture capabilities
C. Event triage capabilities
D. Audit notification capabilities
Answer: A
Explanation: This is one of the weakest point of IDS systems installed on the individual hosts. Since much of
the malicious activity could be circulating through the network, and this kind of IDS usually have small logging
capabilities and of local nature. So any activity happening in the network could go unnoticed, and intrusions
can’t be tracked as in depth as we could with an enterprise IDS solution providing centralized logging
capabilities.
Q1312
Computer crime is generally made possible by which of the following?
A. The perpetrator obtaining training & special knowledge.
B. Victim carelessness.
C. Collusion with others in information processing
D. System design flaws.
Answer: B
Explanation: This is a real problem, nobody thinks that can be victim of a computer crime until it is. There is a
big problem relating to the people thinking about this kind of attacks. Computer crimes can be very important
and can make great damage to enterprises. Computer Crime will decrease once people begin to think about
the Risks and begin to protect their systems from the
634
ISC CISSP Exam
most common attacks.
Q1313
The structures, transmission methods, transport formats, and security measures that are used to provide
integrity, availability, authentication, and confidentiality for transmissions over private and public
communications networks and media includes?
A. The Telecommunications and Network Security domain.
B. The Telecommunications and Netware Security domain.
C. The Technical communications and Network Security domain.
D. The Telnet and Network Security domain.
Answer: A
Explanation: This is pretty straight forward. The four principal pillars of computer security:
integrity, authentication, confidentiality and availability are all part of the network security and
telecommunication domain. Why? Because those pillars deal with that. We provide integrity through digital
signatures, authentication through passwords, confidentiality through encryption and availability by fault
tolerance and disaster recovery. All of those are networking and telecommunication components.
Q1314
Which of the following is the lowest TCSEC class where in the system must protected against covert storage
channels (but not necessarily covert timing channels)?
A. B2
B. B1
C. B3
D. A1
635
ISC CISSP Exam
Answer: A
Explanation: The B2 class referenced in the orange book is the formal security policy model based on device
labels that can use DAC (Discretionary access controls) and MAC (Mandatory Access Controls). It provides
functionality about covert channel control. It does not require covert timing channels. You can review the B2
section of the Orange Book.
Q1315
Which type of control is concerned with avoiding occurrences of risks?
A. Deterrent controls
B. Detective controls
C. Preventive controls
D. Compensating controls
Answer: C
Explanation: Preventive controls deals with the avoidance of risk through the diminution of probabilities. Is like
the example we read earlier about the dogs. Just to remember, Since we want to prevent something from
happening, we can go out and buy some Guard dogs to make the job. You are buying them because you want
to prevent something from happening. The intruder will see the dogs and will maybe go back, this prevents an
attack, this dogs are a form of preventive control.
Q1316
The basic function of an FRDS is to?
A. Protect file servers from data loss and a loss of availability due to disk failure.
B. Persistent file servers from data gain and a gain of availability due to disk failure.
636
ISC CISSP Exam
C. Prudent file servers from data loss and a loss of acceptability due to disk failure.
D. Packet file servers from data loss and a loss of accountability due to disk failure.
Answer: A
Explanation: FRDS systems will give us the functionality to protect our servers from disk failure an allow us to
have highly available file services in our production servers. FRDS provides high availability against many types
of disk failures and well known problems, if one disk goes down, the others still work providing no downtime.
FRDS solutions are the preferred way to protect file servers against data corruption and loss. You can see
more about FRDS in the Internet, search “FRDS System”.
Q1317
Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP
B. RARP
C. L2F
D. ICMP
Answer: D
Explanation: Internet Control Message Protocol. ICMP is used for diagnostics in the network. The Unix
program, ping, uses ICMP messages to detect the status of other hosts in the net. ICMP messages can either
be queries (in the case of ping) or error reports, such as when a network is unreachable. This protocol resides
in layer 3 of the OSI model (Network layer).
Q1318
This tape format can be used to backup data systems in addition to its original intended audio used by:
637
ISC CISSP Exam
A. Digital Audio tape (DAT)
B. Digital video tape (DVT)
C. Digital Casio Tape (DCT)
D. Digital Voice Tape (DVT)
Answer: A
Explanation: Digital Audio Tape (DAT or R-DAT) is a signal recording and playback medium introduced by Sony
in 1987. In appearance it is similar to a compact audio cassette, using 1/8″ magnetic tape enclosed in a
protective shell, but is roughly half the size at 73 mm x 54 mm x 10.5 mm. As the name suggests the recording
is digital rather than analog, DAT converting and recording at the same rate as a CD (44.1 kHz sampling rate
and 16 bits quantization) without data compression. This means that the entire input signal is retained. If a
digital source is copied then the DAT will produce an exact clone.
The format was designed for audio use, but through an ISO standard it has been adopted for general data
storage, storing from 4 to 40 GB on a 120 meter tape depending on the standard and compression (DDS-1 to
DDS-4). It is, naturally, sequential-access media and is commonly used for backups. Due to the higher
requirements for integrity in data backups a computer-grade DAT was introduced.
Q1319
By examining the “state” and “context” of the incoming data packets, it helps to track the protocols that are
considered “connectionless”, such as UDP-based applications and Remote Procedure Calls (RPC). This type
of firewall system is used in?
A. First generation firewall systems.
B. Second generation firewall systems.
C. Third generation firewall systems.
D. Fourth generation firewall systems.
Answer: C
Explanation: Statefull inspection is a third generation firewall technology designed to be aware of, and inspect,
not only the information being received, but the dynamic connection and transmission state of the information
being received. Control decisions are made by analyzing and utilizing the following: Communication
Information, Communication derived state, Application derived state and information manipulation. Here are
some characteristics of Statefull Inspection technology on Firewalls:
638
ISC CISSP Exam
Q1320
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment.
B. The use of physical force.
C. The operation of access control devices.
D. The need to detect unauthorized access.
Answer: A
Explanation: This is the correct answer, we don’t have guards only to use physical force, that is not the real
functionality of them if your security policy is well oriented. They are not only there to operate control devices
and to detect unauthorized access, as stated in CISSP documentation, the appropriate function of a guard
inside a security program is the use of discriminating judgment.
Q1321
A server cluster looks like a?
A. Single server from the user’s point of view.
B. Dual server from the user’s point of view.
C. Tripe server from the user’s point of view.
D. Quardle server from the user’s point of view.
Answer: A
Explanation: A “Cluster” is a grouping of machines running certain services providing high availability and fault
tolerance fro them. In other words, they are grouped together as a means of
639
ISC CISSP Exam
fail over support. From the users view, a cluster is a single server, but its only a logical one, you can have an
array of 4 server in cluster all with the same IP address (/achieving correct resolution through ARP), there is no
difference for the client.
Q1322
Which of the following are functions that are compatible in a properly segregated environment?
A. Application programming and computer operation.
B. System programming and job control analysis.
C. Access authorization and database administration.
D. System development and systems maintenance.
Answer: D
Explanation: If you think about it, System development and system maintenance are perfectly compatible, you
can develop in the systems for certain time, and when it time for a maintenance, you stop the development
process an make the maintenance. It’s a pretty straight forward process. The other answer do not provide the
simplicity and freedom of this option.
Incorrect answer:
Access authorization and database administration are NEVER compatible.
Q1323
Encryption is applicable to all of the following OSI/ISO layers except:
A. Network layer
B. Physical layer
C. Session layer
D. Data link layer
Answer: B
640
ISC CISSP Exam
Explanation: The Physical Layer describes the physical properties of the various communications media, as
well as the electrical properties and interpretation of the exchanged signals. Ex: this layer defines the size of
Ethernet coaxial cable, the type of BNC connector used, and the termination method. You cannot encrypt
nothing at this layer because its physical, it is not protocol / software based. Network, Data link and transport
layer supports encryption.
Q1324
The Computer Security Policy Model the Orange Book is based on is which of the following?
A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest
Answer: A
Explanation: Following the publication of the Anderson report, considerable research was initiated into formal
models of security policy requirements and of the mechanisms that would implement and enforce those policy
models as a security kernel. Prominent among these efforts was the ESD-sponsored development of the Bell
and LaPadula model, an abstract formal treatment of DoD security policy.[2] Using mathematics and set theory,
the model precisely defines the notion of secure state, fundamental modes of access, and the rules for granting
subjects specific modes of access to objects. Finally, a theorem is proven to demonstrate that the rules are
security-preserving operations, so that the application of any sequence of the rules to a system that is in a
secure state will result in the system entering a new state that is also secure.
This theorem is known as the Basic Security Theorem.
Q1325
Which type of attack would a competitive intelligence attack best classify as?
641
ISC CISSP Exam
A. Business attack
B. Intelligence attack
C. Financial attack
D. Grudge attack
Answer: A
Explanation: Since we are talking about a competitive intelligence attack, we can classify it as a Business
attack because it is disrupting business activities. Intelligence attacks are one of the most commonly used to
hurt a company where more it hurts, in its information. To see more about competitive intelligence attacks you
can take a look at some CISSP study guide. It could be the CISSP gold edition guide.
“Military and intelligence attacks are launched primarily to obtain secret and restricted information from law
enforcement or military and technological research sources.
Business attacks focus on illegally obtaining an organization’s confidential information.
Financial attacks are carried out to unlawfully obtain money or services.
Grudge attacks are attacks that are carried out to damage an organization or a person.”
Pg. 616 Tittel: CISSP Study Guide
Q1326
Which of the following is responsible for the most security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
Answer: C
Explanation: As I stated earlier in the comments, the great part of the attacks to companies comes from the
personnel. Hackers are out there and attack some targets, but should never forget that your worst enemy can
be inside of your company. Is for that that we usually implement IDS and profundity security. It’s a very good
practice to install Host based IDS to limit the ability of internal attackers through the machines.
642
ISC CISSP Exam
Another problem with personal is the ignorance, there are time that they just don’t know what they are doing,
and certainly are violating the security policy.
Q1327
Which of the following goals is NOT a goal of Problem Management?
A. To eliminate all problems.
B. To reduce failures to a manageable level.
C. To prevent the occurrence or re-occurrence of a problem.
D. To mitigate the negative impact of problems on computing services and resources.
Answer: A
Explanation: This is not possible, nobody can eliminate all problems, only god can, this is a reality and Problem
Management Gurus know that. With problem management we can reduce failures, prevent reoccurrence of
problems and mitigate negative impact as much as we can, but we cannot eliminate all problems, this is not a
perfect world.
Q1328
Examples of types of physical access controls include all except which of the following?
A. badges
B. locks
C. guards
D. passwords
Answer: D
Explanation: A password is not a physical thing, it’s a logical one. You can control physical
643
ISC CISSP Exam
access with armed guards, by locking doors and using badges to open doors, but you can’t relate password to
a physical environment. Just to remember, Passwords are used to verify that the user of an ID is the owner of
the ID. The ID-password combination is unique to each user and therefore provides a means of holding users
accountable for their activity on the system. They are related to software, not to hardware.
Q1329
Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?
A. All information systems security professionals who are certified by (ISC)2 recognize that such a certification
is a privilege that must be both earned and maintained.
B. All information systems security professionals who are certified by (ISC)2 shall provide diligent and
competent service to principals.
C. All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as
associating or preparing to associate with criminals or criminal behavior.
D. All information systems security professionals who are certified by (ISC)2 shall promote the understanding
and acceptance of prudent information security measures.
Answer: C
Explanation: This is not one of the statements of the ISC2 code of Ethics, ISC2 certified people is free to get in
association with any person and any party they want. ISC2 thinks that their certified people must have liberty of
choice in their associations. However ISC2 ask the certified professionals to promote the certification and the
understanding and acceptance of security measures, they also ask the certified people to provide competent
services and be proud of their exclusive ISC2 certified professional status.
I think is very fair, you are free to who where you want, with the people you want, but always be proud of your
certification and your skills as a security professional.
Code from ISC web site.
“All information systems security professionals who are certified by (ISC)2 recognize that such certification is a
privilege that must be both earned and maintained. In support of this principle, all Certified Information Systems
Security Professionals (CISSPs) commit to fully support this Code of Ethics. CISSPs who intentionally or
knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in
the revocation of certification. There are only four mandatory canons in the code. By necessity such high-level
guidance is not
644
ISC CISSP Exam
intended to substitute for the ethical judgment of the professional. Additional guidance is provided for each of
the canons. While this guidance may be considered by the Board in judging behavior, it is advisory rather than
mandatory. It is intended to help the professional in identifying and resolving the inevitable ethical dilemmas that
will confront him/her.
Code of Ethics Preamble:
* Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to
adhere, to the highest ethical standards of behavior.
* Therefore, strict adherence to this code is a condition of certification.
Code of Ethics Canons:
* Protect society, the commonwealth, and the infrastructure.
* Act honorably, honestly, justly, responsibly, and legally.
* Provide diligent and competent service to principals.
* Advance and protect the profession.
The following additional guidance is given in furtherance of these goals.
Objectives for Guidance
In arriving at the following guidance, the committee is mindful of its responsibility to:
* Give guidance for resolving good v. good and bad v. bad dilemmas.
* To encourage right behavior such as:
* Research
* Teaching
* Identifying, mentoring, and sponsoring candidates for the profession
* Valuing the certificate
* To discourage such behavior as:
* Raising unnecessary alarm, fear, uncertainty, or doubt
* Giving unwarranted comfort or reassurance
* Consenting to bad practice
* Attaching weak systems to the public net
* Professional association with non-professionals
* Professional recognition of or association with amateurs
* Associating or appearing to associate with criminals or criminal behavior However, these objectives are
provided for information only; the professional is not required or expected to agree with them.
In resolving the choices that confront him, the professional should keep in mind that the following guidance is
advisory only. Compliance with the guidance is neither necessary nor sufficient for ethical conduct.
Compliance with the preamble and canons is mandatory. Conflicts between the canons should be resolved in
the order of the canons. The canons are not equal and conflicts between them are not intended to create
ethical binds.
Protect society, the commonwealth, and the infrastructure
* Promote and preserve public trust and confidence in information and systems.
645
ISC CISSP Exam
* Promote the understanding and acceptance of prudent information security measures.
* Preserve and strengthen the integrity of the public infrastructure.
* Discourage unsafe practice.
Act honorably, honestly, justly, responsibly, and legally
* Tell the truth; make all stakeholders aware of your actions on a timely basis.
* Observe all contracts and agreements, express or implied.
* Treat all constituents fairly. In resolving conflicts, consider public safety and duties to principals, individuals,
and the profession in that order.
* Give prudent advice; avoid raising unnecessary alarm or giving unwarranted comfort. Take care to be truthful,
objective, cautious, and within your competence.
* When resolving differing laws in different jurisdictions, give preference to the laws of the jurisdiction in which
you render your service.
Provide diligent and competent service to principals
* Preserve the value of their systems, applications, and information.
* Respect their trust and the privileges that they grant you.
* Avoid conflicts of interest or the appearance thereof.
* Render only those services for which you are fully competent and qualified.
Advance and protect the profession
* Sponsor for professional advancement those best qualified. All other things equal, prefer those who are
certified and who adhere to these canons. Avoid professional association with those whose practices or
reputation might diminish the profession.
* Take care not to injure the reputation of other professionals through malice or indifference. ·Maintain your
competence; keep your skills and knowledge current. Give generously of your time and knowledge in training
others.
Q1330
Which DES modes can best be used for authentication?
A. Cipher Block Chaining and Electronic Code Book.
B. Cipher Block Chaining and Output Feedback.
C. Cipher Block Chaining and Cipher Feedback.
D. Output Feedback and Electronic Code Book.
Answer: C
Explanation: Cipher Block Chaining (CBC) uses feedback to feed the result of encryption back into the
encryption of the next block. The plain-text is XOR’ed with the previous cipher-text block
646
ISC CISSP Exam
before it is encrypted. The encryption of each block depends on all the previous blocks. This requires that the
decryption side processes all encrypted blocks sequentially. This mode requires a random initialization vector
which is XOR’ed with the first data block before it is encrypted. The initialization vector does not have to be kept
secret. The initialization vector should be a random number (or a serial number), to ensure that each message
is encrypted uniquely. In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block
size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before
sending across an insecure data link.
Both of those method can be best used to provide user authentication capabilities.
Q1331
In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided?
A. Data Link
B. Transport
C. Presentation
D. Application
Answer: A
Explanation: The Data Link layer takes raw data from the physical layer and gives it logical structure. This logic
includes information about where the data is meant to go, which computer sends the data, and the overall
validity of the bytes sent. The Data Link layer also controls functions of logical network topologies and physical
addressing as well as data transmission synchronization and corrections. SLIP, CSLIP and PPP provide control
functions at the Data Link Layer (layer 2 of the OSI model).
Q1332
647
ISC CISSP Exam
Which of the following best describes the purpose of debugging programs?
A. To generate random data that can be used to test programs before implementing them
B. To ensure that program coding flaws are detected and corrected.
C. To protect, during the programming phase, valid changes from being overwritten by other changes.
D. To compare source code versions before transferring to the test environment.
Answer: B
Explanation: A bug is a coding error in a computer program. The process of finding bugs before program final
users is called debugging. Debugging starts after the code is first written and continues in successive stage as
code is combined with other units of programming to form a software product, such as an operating system or
application. The main reason to debug is to detect and correct errors in the program.
Q1333
With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can
be replaced on the server while the?
A. System is up and running.
B. System is down and running.
C. System is in-between and running.
D. System is centre and running.
Answer: A
Explanation: This is true, since RAID 5 uses parity to provide fault tolerance through the array, once of the disk
in it can become corrupted, and you usually can just take it out without turning off the system (Hot SWAP) and
plug a spare disk on the bay. Then the array will automatically begin to reconstruct the information in the new
disk with the parity contained through the other disks in the array. This Hot Swap capability is usually present in
enterprise servers that require high availability.
648
ISC CISSP Exam
Q1334
What is the process that RAID Level 0 uses as it creates one large disk by using several disks?
A. Striping
B. Mirroring
C. Integrating
D. Clustering
Answer: A
Explanation: This is the correct term, with stripping RAID 0 can evenly distribute the information through the
disk that form the array in a transparent way for the final user. With RAID 0 you can be writing to 12 disk
simultaneously and you see them as only one large logical partition. This level of RAID does not provide fault
tolerance but provides an increase in performance because you are writing and reading from many disks and
heads. An example of this stripping is the software version that comes with Windows 2000, it supports up to 32
disks.
Q1335
Which of the following is used to create and delete views and relations within tables?
A. SQL Data Definition Language
B. SQL Data Manipulation Language
C. SQL Data Relational Language
D. SQL Data Identification Language
Answer: A
Explanation: SQL supports the data definition language (DDL) for creating, altering, and deleting tables and
indexes. SQL does not permit metadata object names to be represented by parameters in DDL statements.
With this language you can create many of the objects used in SQL, this language is standard and is supported
by most database vendors in its standard form. Many of
649
ISC CISSP Exam
them also extends its functionality for proprietary products.
Q1336
Which division of the Orange Book deals with discretionary protection (need-to-know)?
A. D
B. C
C. B
D. A
Answer: B
Explanation: The C division of the Orange Book deals discretionary (need-to-know) protection and, through the
inclusion of audit capabilities, for accountability of subjects and the actions they initiate.
This information can be checked in the orange book. Just make a search online through it with the words
“discretionary protection”.
Q1337
The Diffie-Hellman algorithm is used for?
A. Encryption
B. Digital signature
C. Key exchange
D. Non-repudiation
Answer: C
Explanation: Diffie Hellman is a Key exchange algorithm, its strength its in the difficulty of computing discrete
logarithms in a finite field generated by a large primary number. Although RSA and Diffie Hellman are similar in
mathematical theory, their implementation is somewhat different.
650
ISC CISSP Exam
This algorithm has been released to the public. It’s the primary alternative to the RSA algorithm for key
exchange.
Q1338
Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is
the?
A. Full backup method.
B. Incremental backup method.
C. Differential backup method.
D. Tape backup method.
Answer: A
Explanation: “Full” backup method provides a baseline for our systems for Restore; the full backup must be
done at least once regardless of the method you are using to make backups. It’s very common to use full
backups in combination with incremental or differential ones to decrease the backup time (however you
increment the restore time with incremental and differential) because it takes the largest time to complete. You
always need to begin a system restoration from your baseline, and this baseline is the Full Backup.
Q1339
Which of the following teams should not be included in an organization’s contingency plan?
A. Damage assessment team.
B. Hardware salvage team.
C. Tiger team.
D. Legal affairs team.
Answer: C
651
ISC CISSP Exam
Explanation: In the computer industry, a tiger team is a group of programmers or users who volunteer or are
hired to expose errors or security holes in new software or to find out why a computer network’s security is
being broken. In hiring or recruiting volunteers for a tiger team, some software developers advise others to be
sure that tiger team members don’t include crackers, who might use their special knowledge of the software to
disable or compromise it in the future. We don’t need a tiger team inside our contingency plan, however, we do
need someone to assest the damage, the hardware and legal affairs.
Q1340
When an organization takes reasonable measures to ensure that it took precautions to protect its network and
resources is called:
A. Reasonable Action
B. Security Mandate
C. Due Care
D. Prudent Countermeasures
Answer: C
Explanation: Due care are the steps taken to show it has taken responsibility for its actions.
Q1341
What two things below are associated with security policy?(Choose Two)
A. Support of upper management
B. Support of department managers
C. Are tactical in nature
D. Are strategic in nature
E. Must be developed after procedures
F. Must be developed after guidelines
Answer: A,D
Explanation: Policies are written as a broad overview and require the support of upper management. After the
development and approval of policies, guidelines and procedures may be
652
ISC CISSP Exam
written.
Q1342
Total risk is equal to:(Choose All That Apply)
A. Threat
B. Vulnerability
C. Frequency
D. Asset value
E. Asset loss
Answer: A,B,D
Explanation: Total risk = asset value * vulnerability * threats
Q1343
Government data classifications include which of the following:(Choose four)
A. Open
B. Unclassified
C. Confidential
D. Private
E. Secret
F. Top Secret
Answer: B,C,E,F
Explanation: One of the most common systems used to classify information is the one developed within the US
Department of Defense. These include: unclassified, sensitive, confidential, secret, and top secret.
653
ISC CISSP Exam
Q1344
Job rotation is important because:
A. It insures your employees are cross-trained.
B. It increases job satisfaction.
C. It reduces the opportunity for fraud
Answer: C
Explanation: Job rotation is tightly tied to the principle of least privilege. It is an effective security control.
Q1345
Your co-worker is studying for the CISSP exam and has come to you with a question. What is ARP poisoning?
A. Flooding of a switched network
B. A denial of service that uses the DNS death ping
C. Turning of IP to MAC resolution
D. Inserting a bogus IP and MAC address in the ARP table
E. Modifying a DNS record
Answer: D
Explanation: ARP poisoning is a masquerading attack where the attacker inserts a bogus IP and MAC address
in a victims ARP table or into the table of a switch. This has the effect of redirecting traffic to the attacker and
not to the intended computer.
Q1346
What is the best description for CHAP Challenge Handshake Authentication Protocol?
A. Passwords are sent in clear text
B. Passwords are not sent in clear text
C. Passwords are not used, a digital signature is sent
D. It is substandard to PAP
654
ISC CISSP Exam
E. It was used with PS2’s and has been discontinued
Answer: B
Explanation: Passwords are not sent in clear text. The server performing the authentication sends a challenge
value and the user types in the password. The password is used to encrypt the challenge value then is sent
back to the authentication server.
Q1347
CSMA/CD computers cannot communicate without a token.(True/False)
A. True
B. False
Answer: B
Explanation: CSMA/CD computers do not use a token. It is the media access method used in Ethernet.
Q1348
__________ sends out a message to all other computers indicating it is going to send out data.
A. CSMA/CD
B. CSMA/CA
C. CSMA/HB
D. PPP
E. SLIP
Answer: B
Explanation: CSMA/CA sends out a message to all other computers indicating it is going to send out data.
CSMA/CA or token ring networking uses this approach to reduce the amount of data collisions.
Note: When computers use the carrier sense multiple access with collision detection (CSMA/CD) protocols,
they monitor the transmission activity, or carrier activity, on the wire so that they can
655
ISC CISSP Exam
determine when would be the best time to transmit data.
Carrier sense multiple access with collision avoidance (CSMA/CA) is an access method where each computer
signals its intent to transmit data before it actually does so.
pg 390-391 Shon Harris All-In-One CISSP Certification
Q1349
Which of the following best describes ISDN BRI(Choose two)
A. 2 B channels
B. 4 B channels
C. 23 B channels
D. 1 D channel
E. 2 D channels
Answer: A,D
Explanation: ISDN BRI has 2 B and 1 D channels
Q1350
The top speed of ISDN BRI is 256 KBS.(True/False)
A. True
B. False
Answer: B
Explanation: The top speed of ISDN BRI is 128 KBS. Its two primary channels are each capable of carrying 64
KBS so the combined top speed is 128 KBS.
Q1351
656
ISC CISSP Exam
Which of the following should NOT be implemented to protect PBX’s?(Choose all that apply)
A. Change default passwords and configurations
B. Make sure that maintenance modems are on 24/7
C. Review telephone bill regularly
D. Block remote calling after business hours
E. Post PBX configuration and specs on the company website
Answer: B,E
Explanation: Many vendors have maintenance modems that vendors can use to troubleshoot systems and
provide updates. They should normally be turned off. Also information about the system should not be posted
on the website and should be closely guarded.
Q1352
Which of the following best describes the difference between a circuit based and application based firewall?
A. Application based is more flexible and handles more protocols
B. Circuit based provides more security
C. Application based builds a state table
D. Circuit based looks at IP addresses and ports
E. Circuit based firewalls are only found in Cisco routers
Answer: D
Explanation: Circuit based look only at IP address and ports, whereas application based dig much deeper into
the packet. This makes it more secure.
Q1353
_________ is the fraudulent use of telephone services.
A. Rolling
B. Warzing
C. Wardriving
D. Wardialing
657
ISC CISSP Exam
E. Phreaking
Answer: E
Explanation: Phreaking is the fraudulent use of telephone services.
Q1354
What is another name for a VPN?
A. Firewall
B. Tunnel
C. Packet switching
D. Pipeline
E. Circuit switching
Answer: B
Explanation: A VPN creates a secure tunnel through an insecure network.
Q1355
Which of the following is a connection-orientated protocol?
A. IP
B. UDP
C. TCP
D. ICMP
E. SNMP
F. TFTP
Answer: C
Explanation: TCP is a connection-orientated protocol.
Q1356
658
ISC CISSP Exam
Which of the following is not considered firewall technology?
A. Screened subnet
B. Screened host
C. Duel gateway host
D. Dual homed host
Answer: C
Explanation: Duel gateway host is not considered firewall technology.
Q1357
Which type of network topology passes all traffic through all active nodes?
A. Broadband
B. Star
C. Baseband
D. Token Ring
Answer: D
Explanation: Token ring passes all traffic through nodes.
Q1358
The act of validating a user with a unique and specific identifier is called what?
A. Validation
B. Registration
C. Authentication
D. Authorization
E. Identification
Answer: C
Explanation: Authentication is the act of validating a user with a unique and specific identifier.
¨
659
ISC CISSP Exam
Q1359
Why is fiber the most secure means of transmission?
A. High speed multiplexing
B. Interception of traffic is more difficult because it is optically based
C. Higher data rates make it more secure
D. Multiplexing prevents traffic analysis
E. Built-in fault tolerance
Answer: B
Explanation: Fiber is more secure because it is hard to tap into and gives off no EMI such as copper cabling.
Q1360
The IAB defines which of the following as a violation of ethics?
A. Performing a DoS
B. Downloading an active control
C. Performing a penetration test
D. Creating a virus
E. Disrupting Internet communications
Answer: E
Explanation: The IAB considers the Internet a privilege, not a right, and as such considers it unethical to
purposely disrupt communications.
Q1361
A chain of custody shows who ______ _________ and _________.(Choose three)
660
ISC CISSP Exam
A. Who controlled the evidence
B. Who transcribed the evidence
C. Who validated the evidence
D. Who presented the evidence
E. Secured the evidence
F. Obtained the evidence
Answer: A,E,F
Explanation: The chain of evidence shows who obtained the evidence, who secured the evidence, and who
controlled the evidence.
Q1362
Good forensics requires the use of a bit level copy?(True/False)
A. True
B. False
Answer: A
Explanation: Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on
the suspect’s disk. This includes slack space and free space.
Q1363
Which agency shares the task of investigating computer crime along with the FBI?
A. Secret Service
B. CIA
C. Department of justice
D. Police force
E. NSA
Answer: A
Explanation: Along with the FBI, the Secret Service has been given the authority to investigate computer crime.
661
ISC CISSP Exam
Q1364
This type of password recovery is considered more difficult and must work through all possible combinations of
numbers and characters.
A. Passive
B. Active
C. Dictionary
D. Brute force
E. Hybrid
Answer: D
Explanation: Brute force cracking is considered more difficult and must work through all possible combinations
of numbers and characters.
Q1365
_______ are added to Linux passwords to increase their randomness.
A. Salts
B. Pepper
C. Grains
D. MD5 hashes
E. Asymmetric algorithms
Answer: A
Explanation: Salts are added to Linux passwords to increase their randomness. They are used to help insure
that no two users have the same, hashed password.
Q1366
The Linux root user password is typically kept in where?(Choose two)
662
ISC CISSP Exam
A. etc/shadow
B. cmd/passwd
C. etc/passwd
D. windows/system32
E. var/sys
F. var/password
Answer: A,C
Explanation: The Linux root user password is typically kept in /etc/passwd or etc/shadow.
Q1367
The goal of cryptanalysis is to ____________.
A. Determine the number of encryption permutations required
B. Reduce the system overhead for a crypto-system
C. Choose the correct algorithm for a specified purpose
D. Forge coded signals that will be accepted as authentic
E. Develop secure crypto-systems
Answer: D
Explanation: The goal of cryptanalysis is to forge coded signals that will be accepted as authentic.
Q1368
If an employee is suspected of computer crime and evidence need to be collected, which of the following
departments must be involved with the procedure?
A. Public relations
B. Law enforcement
C. Computer security
D. Auditing
E. HR
Answer: E
663
ISC CISSP Exam
Explanation: Human Resources always needs to be involved if an employee is suspected of wrongdoing. They
know what rules apply to protect and prosecute employees.
Q1369
What is it called when a system has apparent flaws that were deliberately available for penetration and
exploitation?
A. A jail
B. Investigation
C. Enticement
D. Data manipulation
E. Trapping
Answer: C
Explanation: Administrators that leave systems with apparent flaws are performing an act of enticement. This is
sometimes called a honeypot.
Q1370
Why are computer generated documents not considered reliable?
A. Difficult to detect electron tampering
B. Stored in volatile media
C. Unable to capture and reproduce
D. Too delicate
E. Because of US law, Section 7 paragraph 154
Answer: A
Explanation: Because it is difficult to detect electron tampering and can be easily modified.
664
ISC CISSP Exam
Q1371
What is the name of the software that prevents users from seeing all items or directories on a computer and is
most commonly found in the UNIX/Linux environment?
A. Shell Kits
B. Root Kits
C. Ethereal
D. Shadow data
E. Netbus
Answer: D
Explanation: Shadowing, used for Unix password files hides the password hash.
IF SHAWDOWING IS ACTIVE:
————————
If the shawdowing is active the /etc/passwd would look like this:
root:x:0:1:0000:/:
sysadm:x:0:0:administration:/usr/admin:/bin/rsh
The password filed is substituted by “x”.
The /etc/shawdow file only readable by root will look similar to this:
root:D943/sys34:5288::
super user accounts
Cathy:masai1:5055:7:120
all other users
The first field contains users id:the second contains the password(The pw will be NONE if logining in remotely
is deactivated):the third contains a code of when the password was last changed:the fourth and the fifth
contains the minimum and the maximum numbers of days for pw changes(Its rare that you will find this in the
super user logins due to there hard to guess passwords)
665
ISC CISSP Exam
Q1372
What is a commercial application of steganography that is used to identify pictures or verify their authenticity?
A. A MAC
B. A digital checksum
C. A MD5 hash
D. A digital signature
E. A watermark
Answer: E
Explanation: A watermark is a commercial application of steganography that is used to identify pictures or verify
its authenticity.
Q1373
What are the basic questions that must be asked at the beginning of any investigation?(Choose all that apply)
A. Who
B. Cost
C. What
D. When
E. Where
F. How
G. Time frame
H. Budget
Answer:
Answer: A,C,D,E,F
Explanation: At the beginning of any investigation, an investigator must ask who, what, when, where, and how.
Answering the questions will lead to the successful conclusion of the case.
666
ISC CISSP Exam
Q1374
Risk can be eliminated.(True/False)
A. True
B. False
Answer: B
Explanation: Risk can never be eliminated. It may be reduced or transferred to a third party through insurance,
but will always remain in some form.
Q1375
Employees are a greater risk to employers than outsiders. T/F(True/False)
A. True
B. False
Answer: A
Explanation: Employees are a greater risk to employers than outsiders, because they possess two of the three
items required to commit a crime: means and opportunity.
Q1376
When an organization takes reasonable measures to ensure that it took precautions to protect its network and
resources is called:
A. Reasonable Action
B. Security Mandate
C. Due Care
D. Prudent Countermeasures
Answer: C
Explanation: Due care are the steps taken to show it has taken responsibility for its actions.
667
ISC CISSP Exam
Q1377
What two things below are associated with security policy?(Choose Two)
A. Support of upper management
B. Support of department managers
C. Are tactical in nature
D. Are strategic in nature
E. Must be developed after procedures
F. Must be developed after guidelines
Answer: A,D
Explanation: Policies are written as a broad overview and require the support of upper management. After the
development and approval of policies, guidelines and procedures may be written.
Q1378
Total risk is equal to:(Choose All That Apply)
A. Threat
B. Vulnerability
C. Frequency
D. Asset value
E. Asset loss
Answer: A,B,D
Explanation: Total risk = asset value * vulnerability * threats
Q1379
Government data classifications include which of the following:(Choose four)
668
ISC CISSP Exam
A. Open
B. Unclassified
C. Confidential
D. Private
E. Secret
F. Top Secret
Answer: B,C,E,F
Explanation: One of the most common systems used to classify information is the one developed within the US
Department of Defense. These include: unclassified, sensitive, confidential, secret, and top secret.
Q1380
Job rotation is important because:
A. It insures your employees are cross-trained.
B. It increases job satisfaction.
C. It reduces the opportunity for fraud
Answer: C
Explanation: Job rotation is tightly tied to the principle of least privilege. It is an effective security control.
Q1381
Your co-worker is studying for the CISSP exam and has come to you with a question. What is ARP poisoning?
A. Flooding of a switched network
B. A denial of service that uses the DNS death ping
C. Turning of IP to MAC resolution
D. Inserting a bogus IP and MAC address in the ARP table
E. Modifying a DNS record
Answer: D
669
ISC CISSP Exam
Explanation: ARP poisoning is a masquerading attack where the attacker inserts a bogus IP and MAC address
in a victims ARP table or into the table of a switch. This has the effect of redirecting traffic to the attacker and
not to the intended computer.
Q1382
What is the best description for CHAP Challenge Handshake Authentication Protocol?
A. Passwords are sent in clear text
B. Passwords are not sent in clear text
C. Passwords are not used, a digital signature is sent
D. It is substandard to PAP
E. It was used with PS2’s and has been discontinued
Answer: B
Explanation: Passwords are not sent in clear text. The server performing the authentication sends a challenge
value and the user types in the password. The password is used to encrypt the challenge value then is sent
back to the authentication server.
Q1383
CSMA/CD computers cannot communicate without a token.(True/False)
A. True
B. False
Answer: B
Explanation: CSMA/CD computers do not use a token. It is the media access method used in Ethernet.
Q1384
670
ISC CISSP Exam
__________ sends out a message to all other computers indicating it is going to send out data.
A. CSMA/CD
B. CSMA/CA
C. CSMA/HB
D. PPP
E. SLIP
Answer: B
Explanation: CSMA/CA sends out a message to all other computers indicating it is going to send out data.
CSMA/CA or token ring networking uses this approach to reduce the amount of data collisions.
Q1385
Which of the following best describes ISDN BRI(Choose two)
A. 2 B channels
B. 4 B channels
C. 23 B channels
D. 1 D channel
E. 2 D channels
Answer: A,D
Explanation: ISDN BRI has 2 B and 1 D channels
Q1386
The top speed of ISDN BRI is 256 KBS.(True/False)
A. True
B. False
Answer: B
Explanation: The top speed of ISDN BRI is 128 KBS. Its two primary channels are each capable
671
ISC CISSP Exam
of carrying 64 KBS so the combined top speed is 128 KBS.
Q1387
Which of the following should NOT be implemented to protect PBX’s?(Choose all that apply)
A. Change default passwords and configurations
B. Make sure that maintenance modems are on 24/7
C. Review telephone bill regularly
D. Block remote calling after business hours
E. Post PBX configuration and specs on the company website
Answer: B,E
Explanation: Many vendors have maintenance modems that vendors can use to troubleshoot systems and
provide updates. They should normally be turned off. Also information about the system should not be posted
on the website and should be closely guarded.
Q1388
Which of the following best describes the difference between a circuit based and application based firewall?
A. Application based is more flexible and handles more protocols
B. Circuit based provides more security
C. Application based builds a state table
D. Circuit based looks at IP addresses and ports
E. Circuit based firewalls are only found in Cisco routers
Answer: D
Explanation: Circuit based look only at IP address and ports, whereas application based dig much deeper into
the packet. This makes it more secure.
672
ISC CISSP Exam
Q1389
_________ is the fraudulent use of telephone services.
A. Rolling
B. Warzing
C. Wardriving
D. Wardialing
E. Phreaking
Answer: E
Explanation: Phreaking is the fraudulent use of telephone services.
Q1390
What is another name for a VPN?
A. Firewall
B. Tunnel
C. Packet switching
D. Pipeline
E. Circuit switching
Answer: B
Explanation: A VPN creates a secure tunnel through an insecure network.
Q1391
Which of the following is a connection-orientated protocol?
A. IP
B. UDP
C. TCP
D. ICMP
E. SNMP
F. TFTP
673
ISC CISSP Exam
Answer: C
Explanation: TCP is a connection-orientated protocol.
Q1392
Which of the following is not considered firewall technology?
A. Screened subnet
B. Screened host
C. Duel gateway host
D. Dual homed host
Answer: C
Explanation: Duel gateway host is not considered firewall technology.
Q1393
Which of the following can be used to defeat a call-back security system?
A. Call waiting
B. Passive wiretapping
C. Active wiretapping
D. Brute force password attacks
E. Call forwarding
Answer: E
Explanation: Call forwarding can be used to bypass the call back feature and is considered a security risk.
Q1394
674
ISC CISSP Exam
Which type of network topology passes all traffic through all active nodes?
A. Broadband
B. Star
C. Baseband
D. Token Ring
Answer: D
Explanation: Token ring passes all traffic through nodes.
Q1395
The act of validating a user with a unique and specific identifier is called what?
A. Validation
B. Registration
C. Authentication
D. Authorization
E. Identification
Answer: C
Explanation: Authentication is the act of validating a user with a unique and specific identifier.
Q1396
Why is fiber the most secure means of transmission?
A. High speed multiplexing
B. Interception of traffic is more difficult because it is optically based
C. Higher data rates make it more secure
D. Multiplexing prevents traffic analysis
E. Built-in fault tolerance
Answer: B
Explanation: Fiber is more secure because it is hard to tap into and gives off no EMI such as copper cabling.
675
ISC CISSP Exam
Q1397
The IAB defines which of the following as a violation of ethics?
A. Performing a DoS
B. Downloading an active control
C. Performing a penetration test
D. Creating a virus
E. Disrupting Internet communications
Answer: E
Explanation: The IAAB considers the Internet a privilege, not a right, and as such considers it unethical to
purposely disrupt communications.
Q1398
A chain of custody shows who ______ _________ and _________.(Choose three)
A. Who controlled the evidence
B. Who transcribed the evidence
C. Who validated the evidence
D. Who presented the evidence
E. Secured the evidence
F. Obtained the evidence
Answer: A,E,F
Explanation: The chain of evidence shows who obtained the evidence, who secured the evidence, and who
controlled the evidence.
Q1399
676
ISC CISSP Exam
Good forensics requires the use of a bit level copy?(True/False)
A. True
B. False
Answer: A
Explanation: Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on
the suspect’s disk. This includes slack space and free space.
Q1400
Which agency shares the task of investigating computer crime along with the FBI?
A. Secret Service
B. CIA
C. Department of justice
D. Police force
E. NSA
Answer: A
Explanation: Along with the FBI, the Secret Service has been given the authority to investigate computer crime.
Q1401
This type of password recovery is considered more difficult and must work through all possible combinations of
numbers and characters.
A. Passive
B. Active
C. Dictionary
D. Brute force
E. Hybrid
Answer: D
Explanation: Brute force cracking is considered more difficult and must work through all possible
677
ISC CISSP Exam
combinations of numbers and characters.
Q1402
_______ are added to Linux passwords to increase their randomness.
A. Salts
B. Pepper
C. Grains
D. MD5 hashes
E. Asymmetric algorithms
Answer: A
Explanation: Salts are added to Linux passwords to increase their randomness. They are used to help insure
that no two users have the same, hashed password.
Q1403
The Linux root user password is typically kept in where?(Choose two)
A. etc/shadow
B. cmd/passwd
C. etc/passwd
D. windows/system32
E. var/sys
F. var/password
Answer: A,C
Explanation: The Linux root user password is typically kept in /etc/passwd or etc/shadow.
Q1404
678
ISC CISSP Exam
The goal of cryptanalysis is to ____________.
A. Determine the number of encryption permutations required
B. Reduce the system overhead for a crypto-system
C. Choose the correct algorithm for a specified purpose
D. Forge coded signals that will be accepted as authentic
E. Develop secure crypto-systems
Answer: D
Explanation: The goal of cryptanalysis is to forge coded signals that will be accepted as authentic.
Q1405
If an employee is suspected of computer crime and evidence need to be collected, which of the following
departments must be involved with the procedure?
A. Public relations
B. Law enforcement
C. Computer security
D. Auditing
E. HR
Answer: E
Explanation: Human Resources always needs to be involved if an employee is suspected of wrongdoing. They
know what rules apply to protect and prosecute employees.
Q1406
What is it called when a system has apparent flaws that were deliberately available for penetration and
exploitation?
A. A jail
B. Investigation
C. Enticement
D. Data manipulation
679
ISC CISSP Exam
E. Trapping
Answer: C
Explanation: Administrators that leave systems with apparent flaws are performing an act of enticement. This is
sometimes called a honeypot.
Q1407
Why are computer generated documents not considered reliable?
A. Difficult to detect electron tampering
B. Stored in volatile media
C. Unable to capture and reproduce
D. Too delicate
E. Because of US law, Section 7 paragraph 154
Answer: A
Explanation: Because it is difficult to detect electron tampering and can be easily modified.
Q1408
What is the name of the software that prevents users from seeing all items or directories on a computer and is
most commonly found in the UNIX/Linux environment?
A. Shell Kits
B. Root Kits
C. Ethereal
D. Shadow data
E. Netbus
Answer: D
Explanation:
680
ISC CISSP Exam
Q1409
What is a commercial application of steganography that is used to identify pictures or verify their authenticity?
A. A MAC
B. A digital checksum
C. A MD5 hash
D. A digital signature
E. A watermark
Answer: E
Explanation: A watermark is a commercial application of steganography that is used to identify pictures or verify
its authenticity.
Q1410
What are the basic questions that must be asked at the beginning of any investigation?(Choose all that apply)
A. Who
B. Cost
C. What
D. When
E. Where
F. How
G. Time frame
H. Budget
Answer:
Answer: A,C,D,E,F
Explanation: At the beginning of any investigation, an investigator must ask who, what, when, where, and how.
Answering the questions will lead to the successful conclusion of the case.
Q1411
681
ISC CISSP Exam
Risk can be eliminated.(True/False)
A. True
B. False
Answer: B
Explanation: Risk can never be eliminated. It may be reduced or transferred to a third party through insurance,
but will always remain in some form.
Q1412
Employees are a greater risk to employers than outsiders. T/F(True/False)
A. True
B. False
Answer: A
Explanation: Employees are a greater risk to employers than outsiders, because they possess two of the three
items required to commit a crime: means and opportunity.
Q1413
What does the term “red boxing” mean?
A. Denial of Service
B. Telephone voltage manipulation
C. Sounds of coins dropping
D. Tone manipulation
E. A salami attack
Answer: C
Explanation: Red boxing was used by phone phreakers to record the sound off coins dropping in pay phones
and play it back to gain free phone access.
682
ISC CISSP Exam
Q1414
Which of the following is the proper lifecycle of evidence?
A. A Collection, storage, present in court, destroy
B. Collection, transportation, storage, return to owner
C. Collection, present in court, transportation, return to owner
D. Collection, analysis, storage, present in court, return to owner
E. Collection, storage, transportation, present in court, return to owner
Answer: D
Explanation: The life cycle of evidence includes: collection, analysis, storage, present in court, and return to
owner
Q1415
A copy of a computer disk would be what type of evidence?
A. Secondary
B. Best
C. Hearsay
D. Direct
E. Indirect
Answer: C
Explanation: A copy of a computer disk is considered hearsay, because unless it has been copied in a
forensically approved manner, it is not credible evidence.
Q1416