Q1802
Which of the following is NOT an advantage of a stream cipher?
A. The same equipment can be used for encryption and decryption.
B. It is amenable to hardware implementations that result in higher speeds.
C. Since encryption takes place bit by bit, there is no error propagation.
D. The receiver and transmitter must be synchronized.
Answer: D
Explanation:
The transmitter and receiver must be synchronized since they must use the same keystream bits for the same
bits of the text that are to be enciphered and deciphered. Usually, synchronizing frames must be sent to effect
the synchronization and, thus, additional overhead is required for the transmissions.
* Answer “The same equipment can be used for encryption and decryption” describes an
928
ISC CISSP Exam
advantage since stream ciphers commonly use Linear Feedback Shift Registers (LFSRs) to generate the
keystream and use XORs to operate on the plaintext input stream. Because of the characteristics of the XOR,
the same XOR gates and LFSRs can also decrypt the message. Since LFSRs and XORs are used in a stream
cipher to encrypt and decrypt, these components are amenable to hardware implementation, which means
higher speeds of operation. Thus, answer “It is amenable to hardware implementations that result in higher
speeds” describes an advantage.
For answer “Since encryption takes place bit by bit, there is no error propagation”, stream ciphers encrypt
individual bits with no feedback of the generated ciphertext bits and, therefore, errors do not propagate.
Q1803
The * (star) property of the Biba model states that:
A. Subjects cannot read from a higher level of integrity relative to their level of integrity.
B. Subjects cannot write to a higher level of integrity relative to their level of integrity.
C. Subjects cannot read from a lower level of integrity relative to their level of integrity.
D. Subjects cannot write to a lower level of integrity relative to their level of integrity.
Answer: B
Explanation:
Q1804
The Escrowed Encryption Standard describes the:
A. Rijndael Cipher.
B. Fair Public Key Cryptosystem.
C. Clipper Chip.
D. Digital certificates.
929
ISC CISSP Exam
Answer: C
Explanation:
Q1805
Which one of the following is NOT a component of a CC Protection
Profile?
A. Product-specific security requirements
B. Threats against the product that must be addressed
C. Security objectives
D. Target of Evaluation (TOE) description
Answer: A
Explanation:
The correct answer is “Product-specific security requirements”. Product-specific security requirements for the
product or system are contained in the Security Target (ST). Additional items in the PP are:
TOE security environment description
Assumptions about the security aspects of the product’s expected use Organizational security policies or rules
Application notes
Rationale
Q1806
What is a programmable logic device (PLD)?
A. Random Access Memory (RAM) that contains the software to perform specific tasks
B. An integrated circuit with connections or internal logic gates that can be changed through a programming
process
C. A volatile device
D. A program resident on disk memory that executes a specific function
Answer: B
930
ISC CISSP Exam
Explanation:
* Answer A volatile device is incorrect because a PLD is non-volatile.
* Answer “Random Access Memory (RAM) that contains the software to perform specific tasks” is incorrect
because random access memory is volatile memory that is not a non- volatile logic device.
* Answer “A program resident on disk memory that executes a specific function” is a distracter.
Q1807
Which choice below most accurately describes SSL?
A. It’s a widely used standard of securing e-mail at the Application level.
B. It gives a user remote access to a command prompt across a secure, encrypted session.
C. It uses two protocols, the Authentication Header and the Encapsulating Security Payload.
D. It allows an application to have authenticated, encrypted communications across a network.
Answer: D
Explanation:
The Secure Socket Layer (SSL) sits between higher-level application functions and the TCP/IP stack and
provides security to applications. It includes a variety of encryption algorithms to secure transmitted data, but
the functionality must be integrated into the application.
Answer “It’s a widely used standard of securing e-mail at the Application level.” refers to the Secure/
Multipurpose Internet Mail Extension (S/MIME). Most major e-mail clients support S/MIME today.
Answer “It gives a user remote access to a command prompt across a secure, encrypted session.” describes
Secure Shell (SSH).
Answer “It uses two protocols, the Authentication Header and the Encapsulating Security Payload.” refers to
IPSec. IPSec enables security to be built directly into the TCP/IP stack, without requiring application
modification. Source:
Counter Hack by Ed Skoudis (Prentice Hall PTR, 2002).
931
ISC CISSP Exam
Q1808
Processes are placed in a ring structure according to:
A. Least privilege.
B. Separation of duty.
C. First in, first out.
D. Owner classification.
Answer: A
Explanation:
The correct answer is Least privilege. A process is placed in the ring that gives it the minimum privileges
necessary to perform its functions.
Q1809
Which one of the following is NOT a security mode of operation in an
information system?
A. Contained
B. System high
C. Multilevel
D. Dedicated
Answer: A
Explanation:
The correct answer is Contained, a distracter.
* In the system high mode the information system operates at the highest level of information classification. In
this mode, all users must have security clearances for the highest level of classified information.
* Answer the dedicated mode requires that all users must have a clearance or an authorization and a need-toknow
for all information that is produced by the information system.
* The multi-level mode of operation, answer c, supports users with different clearances and data at multiple
classification levels.
932
ISC CISSP Exam
Q1810
Which of the following is the best example of need-to-know?
A. An operator does not know more about the system than the minimum required to do the job.
B. An operator cannot generate and verify transactions alone.
C. The operators’ duties are frequently rotated.
D. Two operators are required to work together to perform a task.
Answer: A
Explanation:
The correct answer is “An operator does not know more about the system than the minimum required to do the
job”. Need-to-know means the operators are working in an environment that limits their knowledge of the
system, applications, or data to the minimum elements that they require to perform their job.
* Answer “Two operators are required to work together to perform a task” is dual-control
* “The operators’ duties are frequently rotated” is job rotation
* answer “An operator cannot generate and verify transactions alone” is separation of duties.
Q1811
Which of the following terms is NOT associated with a Read Only
Memory (ROM)?
A. Field Programmable Gate Array (FPGA)
B. Flash memory
C. Firmware
D. Static RAM (SRAM)
Answer: D
Explanation:
Static Random Access Memory (SRAM) is volatile and, therefore,
933
ISC CISSP Exam
loses its data if power is removed from the system. Conversely, a ROM is nonvolatile in that it does not lose its
content when power is removed.
* Flash memories are a type of electrically programmable ROM.
* Answer FPGA is a type of Programmable Logic Device (PLD) that is programmed by blowing fuse
connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the
junction.
* For answer firmware is a program that is stored on ROMs.
Q1812
Which one of the following is NOT a typical bus designation in a digital
computer?
A. Control
B. Address
C. Data
D. Secondary
Answer: D
Explanation:
The correct answer is Secondary, a distracter.
Q1813
Which type of routing below commonly broadcasts its routing table
information to all other routers every minute?
A. Dynamic Control Protocol Routing
B. Static Routing
C. Distance Vector Routing
D. Link State Routing
934
ISC CISSP Exam
Answer: C
Explanation:
Distance vector routing uses the routing information protocol (RIP) to maintain a dynamic table of routing
information that is updated regularly. It is the oldest and most common type of dynamic routing.
* static routing, defines a specific route in a configuration file on the router and does not require the routers to
exchange route information dynamically.
* link state routers, functions like distance vector routers, but only use firsthand information when building
routing tables by maintaining a copy of every other router’s Link State Protocol (LSP) frame. This helps to
eliminate routing errors and considerably lessens convergence time.
*Answer Dynamic Control Protocol Routing is a distracter. Source: Mastering Network Security by Chris
Brenton (Sybex, 1999).
Q1814
The standard process to certify and accredit
A. DIACAP
B. DITSCAP
C. CIAP
D. NIACAP
E. Defense audit
Answer: D
Explanation:
The NIACAP provides a standard set of activities, general tasks, and a management structure to certify and
accredit systems that will maintain the information assurance and security posture of a system or site. The
NIACAP is designed to certify that the information system meets documented accreditation requirements and
will continue to maintain the accredited security posture throughout the system life cycle.
* Answer CIAP is being developed for the evaluation of critical commercial systems and uses the NIACAP
methodology.
* DITSCAP establishes for the defense entities a standard process, set of activities, general task descriptions,
and a management structure to
935
ISC CISSP Exam
certify and accredit IT systems that will maintain the required security posture. The process is designed to
certify that the IT system meets the accreditation requirements and that the system will maintain the accredited
security posture throughout the system life cycle. The four phases to the DITSCAP are Definition, Verification,
Validation, and Post Accreditation.
* Answer “Defense audit” is a distracter.
* Answer DIACAP is a distracter.
Q1815
Which LAN topology below is MOST vulnerable to a single point of
failure?
A. FDDI
B. Physical Star
C. Logical Ring
D. Ethernet Bus
Answer: D
Explanation:
Ethernet bus topology was the first commercially viable network topology, and consists of all workstations
connected to a single coaxial cable. Since the cable must be properly terminated on both ends, a break in the
cable stops all communications on the bus.
* the physical star topology acts like a logical bus, but provides better fault tolerance, as a cable break only
disconnects the workstation or hub directly affected.
* logical ring topology, is used by Token Ring and FDDI and is highly resilient. Token Ring employs a beacon
frame, which, in case of a cable break, initiates auto reconfiguration and attempts to reroute the network around
the failed mode. Also, the Token Ring active monitor station performs ring maintenance functions, like
removing continuously circulating frames from the ring. FDDI employs a second ring to provide redundancy.
Sources:
Virtual LANs by Mariana Smith (McGraw-Hill, 1998) and Internetworking Technologies Handbook, Second
Edition (Cisco Press, 1998).
936
ISC CISSP Exam
Q1816
Acryptographic attack in which portions of the ciphertext are selected for
trial decryption while having access to the corresponding decrypted
plaintext is known as what type of attack?
A. Chosen ciphertext
B. Adaptive chosen plaintext
C. Known plaintext
D. Chosen plaintext
Answer: A
Explanation:
The correct answer is “Chosen ciphertext.
In answer Known plaintext, the attacker has a copy of the plaintext corresponding to the ciphertext.
Answer Chosen plaintext describes the situation where selected plaintext is encrypted and the output ciphertext
is obtained. The adaptive chosen plaintext attack, answer “Adaptive chosen plaintext, is a form of chosen
plaintext attack where the selection of the plaintext is altered according to previous results.
Q1817
In communications between two parties, encrypting the hash function
of a message with a symmetric key algorithm is equivalent to:
A. Providing for secrecy of the message
B. Generating a keyed Message Authentication Code (MAC)
C. Generating a digital signature
D. Generating a one-way function
937
ISC CISSP Exam
Answer: B
Explanation:
A MAC is used to authenticate files between users. If the sender and receiver both have the secret key, they
are the only ones that can verify the hash function. If a symmetric key algorithm is used to encrypt the one-way
hash function, then the one-way hash function becomes a keyed MAC.
Answer “Generating a digital signature” is incorrect because a digital signature between two parties
uses an asymmetric key algorithm. If a message is encrypted with the sender’s private key, then only the
sender’s public key can decrypt the message. This proves that the message was sent by the sender since only
the sender knows the private key.
In practice, asymmetric key encryption is very slow, especially for long messages. Therefore, a one-way hash
of the message is encrypted with the sender’s private key instead of encrypting the complete message. Then,
the message and the encrypted hash are sent to a second party. The receiver takes the encrypted hash and
decrypts it with the sender’s public key. Then, the receiver takes the hash of the message, using the same oneway
hash algorithm as the sender. The hash generated by the receiver is compared with the decrypted hash
sent with the message. If the two hashes are identical, the digital signature is validated. Note that his method
also will reveal if the message was changed en route, since the hash calculated by the receiver will, then, be
different from the encrypted hash sent along with the message.
Answer “Providing for secrecy of the message” is incorrect since encrypting the hash of the message and
sending the message in the clear does nothing to protect the confidentiality of the message. Since the hash
function is a one-way function, the message cannot be recovered from its hash.
Answer “Generating a one-way function” is incorrect since encrypting a hash of a message is not a one-way
function. If it were, it would be of no use since no one would be able to reverse the process and decrypt it.
Q1818
938
ISC CISSP Exam
Mandatory access controls first appear in the Trusted Computer System
Evaluation Criteria (TCSEC) at the rating of:
A. D
B. B
C. C
D. A
Answer: B
Explanation:
Q1819
What is the simple security property of which one of the following
models is described as:
A user has access to a client company’s information, c, if and only if for
all other information, o, that the user can read, either x(c) z (o) or x(c)
= x (o), where x(c) is the client’s company and z (o) is the competitors
of x(c).
A. Bell-LaPadula
B. Lattice
C. Chinese wall
D. Biba
Answer: C
Explanation:
This model, (D.c. Brewer and M.j. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE Computer Society
Symposium on Security and Privacy, 1989), defines rules that prevent conflicts of interest in organizations that
may have access to information from companies that are competitors of each other. Essentially, the model
states that a user working on one account cannot work on a competitor’s account for a designated period of
time. Answer the Biba model is an integrity model that is an analog of the Bell-LaPadula confidentiality model of
answer Bell-LaPadula.
Answer the lattice refers to the general
939
ISC CISSP Exam
information flow model where security levels are represented by a lattice structure. The model defines a
transitive ordering relation, , on security classes. Thus, for security classes X, Y, and Z, the ordering relation X
Y Z describes the situation where Z is the highest security class and X is the lowest security class, and there is
an ordering among the three classes.
Q1820
Separation of duties embodies what principle?
A. The operators’ duties are frequently rotated.
B. Two operators are required to work in tandem to perform a task.
C. The operators have different duties to prevent one person from compromising the system.
D. An operator does not know more about the system than the minimum required to do the job.
Answer: C
Explanation:
The correct answer is “The operators have different duties to prevent one person from compromising the
system”. Separation of duties means that the operators are prevented from generating and verifying
transactions alone, for example. A task might be divided into different smaller tasks to accomplish this, or in the
case of an operator with multiple duties, the operator makes a logical, functional job change when performing
such conflicting duties. Answer “An operator does not know more about the system than the minimum required
to do the job” is need-to-know, answer “Two operators are required to work in tandem to perform a task” is
dual-control, and c is job rotation.
Q1821
Which firewall type below uses a dynamic state table to inspect the
content of packets?
940
ISC CISSP Exam
A. An application-level firewall
B. A stateful-inspection firewall
C. A circuit-level firewall
D. A packet-filtering firewall
Answer: B
Explanation:
A stateful-inspection firewall intercepts incoming packets at the Network level, then uses an Inspection Engine
to extract state-related information from upper layers. It maintains the information in a dynamic state table and
evaluates subsequent connection attempts.
* packet-filtering firewall is the simplest type of firewall commonly implemented on routers. It operates at the
Network layer and offers good performance but is the least secure.
* application-level firewall or application-layer gateway, is more secure because it examines the packet at the
application layer, but at the expense of performance.
* circuit-level firewall, is similar to the application-level firewall in that it functions as a proxy server, but differs in
that special proxy application software is not needed. Sources: Hacker Proof by Lars Klander (Jamsa Press,
1997) and Checkpoint Firewall-1 Stateful Inspection Technology (www.checkpoint.com).
Q1822
A 1999 law that addresses privacy issues related to health care,
insurance and finance and that will be implemented by the states is:
A. Kennedy-Kassebaum
B. Gramm-Leach-Bliley (GLB)
C. Insurance Reform Act
D. Medical Action Bill
Answer: B
Explanation:
See the answers to Question 15 for a discussion of GLb.
* Answer Kennedy-Kassebaum refers to the HIPAA legislation (US Kennedy-Kassebaum Health Insurance and
Portability Accountability Act HIPAA-Public Law 104-19). Answers Medical Action Bill and Insurance Reform Act
are distracters.
941
ISC CISSP Exam
Q1823
The termination of selected, non-critical processing when a hardware or
software failure occurs and is detected is referred to as:
A. Fault tolerant.
B. Fail safe.
C. An exception.
D. Fail soft.
Answer: D
Explanation:
Q1824
How do covert timing channels convey information?
A. By generating noise and traffic with the data
B. By modifying the timing of a system resource in some measurable way
C. By changing a system’s stored data characteristics
D. By performing a covert channel analysis
Answer: B
Explanation:
The correct answer is “By modifying the timing of a system resource in some measurable way”. A covert timing
channel alters the timing of parts of the system to enable it to be used to communicate information covertly
(outside the normal security function).
* Answer “By changing a system’s stored data characteristics” is the description of the use of a covert storage
channel.
* “By generating noise and traffic with the data” is a technique to combat the use of covert channels.
* Answer “By performing a covert channel analysis” is the Orange Book requirement for B3, B2, and A1
evaluated systems.
942
ISC CISSP Exam
Q1825
Aprocessor in which a single instruction specifies more than one CONCURRENT
operation is called:
A. Pipelined processor.
B. Very Long Instruction Word processor.
C. Scalar processor.
D. Superscalar processor.
Answer: B
Explanation:
The correct answer is Very Long Instruction Word processor.
* A pipelined processor overlaps the steps of different instructions.
* Answer a superscalar processor performs a concurrent execution of multiple instructions in the same pipeline
stage.
* A scalar processor executes one instruction at a time.
Q1826
The definition A relatively small amount (when compared to primary
memory) of very high speed RAM, which holds the instructions and
data from primary memory, that has a high probability of being
accessed during the currently executing portion of a program refers to
what category of computer memory?
A. Secondary
B. Virtual
C. Real
D. Cache
943
ISC CISSP Exam
Answer: D
Explanation:
Cache logic attempts to predict which instructions and data in main (primary) memory will be used by a
currently executing program. It then moves these items to the higher speed cache in anticipation of the CPU
requiring these programs and data. Properly designed caches can significantly reduce the apparent main
memory access time and thus increase the speed of program execution.
* Answer secondary memory is a slower memory (such as a magnetic disk) that provides non-volatile storage.
* Real or primary memory is directly addressable by the CPU and is used for the storage of instructions and
data associated with the program that is being executed. This memory is usually high-speed, Random Access
Memory (RAM).
* Answer virtual memory uses secondary memory
in conjunction with primary memory to present the CPU with a larger, apparent address space of the real
memory locations.
Q1827
ATrusted Computing Base (TCB) is defined as:
A. The total combination of protection mechanisms within a computer system that are trusted to enforce a
security policy.
B. A system that employs the necessary hardware and software assurance measures to enable processing
multiple levels of classified or sensitive information to occur.
C. The boundary separating the trusted mechanisms from the remainder of the system.
D. A trusted path that permits a user to access resources.
Answer: A
Explanation:
* Answer “The boundary separating the trusted mechanisms from the remainder of the system” is the security
perimeter.
* Answer “A trusted path that permits a user to access resources” is the definition of a trusted path.
* Answer “A system that employs the necessary hardware and software assurance measures to enable
processing multiple levels of classified or sensitive information to occur” is the definition of
944
ISC CISSP Exam
a trusted computer system.
Q1828
Increasing performance in a computer by overlapping the steps of different
instructions is called:
A. Areduced instruction set computer.
B. Pipelining.
C. Acomplex instruction set computer.
D. Vector processing.
Answer: B
Explanation:
Q1829
The Wired Equivalency Privacy algorithm (WEP) of the 802.11 Wireless
LAN Standard uses which of the following to protect the confidentiality
of information being transmitted on the LAN?
A. A digital signature that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a
base station access point
B. A public/private key pair that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card)
and a base station access point
C. A secret key that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base
station access point
D. Frequency shift keying (FSK) of the message that is sent between a mobile station (e.g., a laptop with a
wireless Ethernet card) and a base station access point
Answer: C
Explanation:
The transmitted packets are encrypted with a secret key and an
945
ISC CISSP Exam
Integrity Check (IC) field comprised of a CRC-32 check sum that is attached to the message. WEP uses the
RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ron Rivest and
operates in output feedback mode. Researchers at the University of California at Berkely (wep@isaac.cs.
berkeley.edu) have found that the security of the WEP algorithm can be compromised, particularly with the
following attacks:
Passive attacks to decrypt traffic based on statistical analysis Active attack to inject new traffic from
unauthorized mobile stations, based on known plaintext
Active attacks to decrypt traffic, based on tricking the access point
Dictionary-building attack that, after analysis of about a day’s worth of traffic, allows real-time automated
decryption of all traffic
The Berkeley researchers have found that these attacks are effective against both the 40-bit and the so-called
128-bit versions of WEP using inexpensive off-the-shelf equipment. These attacks can also be used against
networks that use the 802.11b Standard, which is the extension to 802.11 to support higher data rates, but
does not change the WEP algorithm.
The weaknesses in WEP and 802.11 are being addressed by the IEEE 802.11i Working Group. WEP will be
upgraded to WEP2 with the following proposed changes:
Modifying the method of creating the initialization vector (IV) Modifying the method of creating the encryption
key
Protection against replays
Protection against IV collision attacks
Protection against forged packets
In the longer term, it is expected that the Advanced Encryption Standard (AES) will replace the RC4 encryption
algorithm currently used in WEP.
Q1830
There are two fundamental security protocols in IPSEc. These are the
946
ISC CISSP Exam
Authentication Header (AH) and the Encapsulating Security Payload
(ESP). Which of the following correctly describes the functions of each?
A. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted
data; AH-source authenticating protocol
B. ESP-data encrypting and source authenticating protocol; AH-source authenticating protocol that also
validates the integrity of the transmitted data
C. ESP-data encrypting protocol that also validates the integrity of the transmitted data; AH-source
authenticating protocol that also validates the integrity of the transmitted data
D. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted
data; AH-source authenticating protocol that also validates the integrity of the transmitted data
Answer: D
Explanation:
ESP does have a source authentication and integrity capability through the use of a hash algorithm and a
secret key. It provides confidentiality by means of secret key cryptography. DES and triple DES secret key block
ciphers are supported by IPSEC and other algorithms will also be supported in the future. AH uses a hash
algorithm
in the packet header to authenticate the sender and validate the integrity of the transmitted data.
Q1831
The Secure Hash Algorithm (SHA) is specified in the:
A. Data Encryption Standard.
B. Advanced Encryption Standard.
C. Digital Signature Standard.
D. Digital Encryption Standard.
Answer: C
Explanation:
The correct answer is “Digital Signature Standard”.
*Answer “Data Encryption Standard” refers to DES, a symmetric encryption algorithm.
947
ISC CISSP Exam
* answer “Digital Encryption Standa” is a distracter there is no such term;
* answer “Advanced Encryption Standard” is the Advanced Encryption Standard, which has replaced DES and
is now the Rijndael algorithm.
Q1832
Which of the following is an example of least privilege?
A. An operator cannot generate and verify transactions alone.
B. An operator does not have more system rights than the minimum required to do the job.
C. An operator does not know more about the system than the minimum required to do the job.
D. The operators’ duties are frequently rotated.
Answer: B
Explanation:
Least Privilege embodies the concept that users or operators should be granted the lowest level of system
access or system rights that allows them to perform their job.
* Answer “An operator does not know more about the system than the minimum required to do the job” is needto-
know
* “The operators’ duties are frequently rotated” is job rotation
* “An operator cannot generate and verify transactions alone” is separation of duties.
Q1833
What BEST describes the National Security Agency-developed
Capstone?
A. A one-way function for implementation of public key encryption
B. A device for intercepting electromagnetic emissions
C. A chip that implements the US Escrowed Encryption Standard “Pass Any Exam. Any Time.” – www.
actualtests.com 948
ISC CISSP Exam
D. The PC Card implementation of the Clipper Chip system
Answer: C
Explanation:
Capstone is a Very Large Scale Integration (VLSI) chip that employs the Escrowed Encryption Standard and
incorporates the Skipjack algorithm, similar to the Clipper Chip. As such, it has a LEAf. Capstone also supports
public key exchange and digital signatures. At this time, Capstone products have their LEAF function
suppressed and a Certifying Authority provides for key recovery.
*Answer “A device for intercepting electromagnetic emissions” is then, obviously, incorrect. For information
purposes, though, the US Government program to study and control the interception of electromagnetic
emissions that may compromise classified information is called TEMPEST.
* Answer “The PC Card implementation of the Clipper Chip system” is also, obviously, incorrect. However,
Capstone was first implemented on a PC card called Fortezza.
* Answer “A one-way function for implementation of public key encryption” is incorrect since Capstone is not a
mathematical
function, but it incorporates mathematical functions for key exchange, authentication and encryption.
Q1834
Which statement below is accurate about the difference between
Ethernet II and 802.3 frame formats?
A. 802.3 uses a Length field, whereas Ethernet II uses a Type field.
B. Ethernet II uses an 8-byte Preamble field, whereas 802.3 uses a 4-byte FCS field.
C. 802.3 uses a Type field, whereas Ethernet II uses a Length field.
D. Ethernet II uses a 4-byte FCS field, whereas 802.3 uses an 8-byte Preamble field.
Answer: A
Explanation:
802.3 uses a Length field which indicates the number of data
949
ISC CISSP Exam
bytes that are in the data field. Ethernet II uses a Type field in the same 2 bytes to identify the message
protocol type. Both frame formats use a 8-byte Preamble field at the start of the packet, and a 4- byte Frame
Check Sequence (FCS) field at the end of the packet, so
those choices would be incorrect as to a difference in the frame formats. Sources: Gigabit Ethernet by Jayant
Kadambi, Ian Crayford, and Mohan Kalkunte (Prentice Hall PTR, 1998) and CCNA Study Guide by Todd
Lammle, Donald Porter, and James Chellis (Sybex, 1999).
Q1835
The Advanced Encryption Standard (Rijndael) block cipher
requirements regarding keys and block sizes have now evolved to
which configuration?
A. Both the key and block sizes can be 128, 192, and 256 bits each.
B. The block size is 128 bits, and the key size is 128 bits.
C. The key size is 128 bits, and the block size can be 128, 192, or 256 bits.
D. The block size is 128 bits, and the key can be 128, 192, or 256 bits.
950
ISC CISSP Exam
Answer: D
Explanation:
AES is comprised of the three key sizes, 128, 192, and 256 bits with a fixed block size of 128 bits. The
Advanced Encryption Standard (AES) was announced on November 26, 2001 , as Federal Information
Processing Standard Publication (FIPS PUB 197). FIPS PUB 197 states that This standard may be used by
Federal departments and agencies when an agency determines that sensitive (unclassified) information (as
defined in P.L. 100-235) requires cryptographic protection. Other FIPS-approved cryptographic algorithms may
be used in addition to, or in lieu of, this standard. Depending upon which of the three keys is used, the standard
may be referred to as AES-128, AES-192 or AES-256.
The number of rounds used in the Rijndael cipher is a function of the key size as follows:
256-bit key 14 rounds
192-bit key 12 rounds
128-bit key 10 rounds
Rijndael has a symmetric and parallel structure that provides for flexibility of implementation and resistance to
cryptanalytic attacks. Attacks on Rijndael would involve the use of differential and linear cryptanalysis.
Q1836
Which of the following is NOT a characteristic of a cryptographic hash
function, H (m), where m denotes the message being hashed by the
function H?
A. H (m) is a one-way function.
B. H (m) is difficult to compute for any given m.
C. The output is of fixed length.
D. H (m) is collision free.
Answer: B
Explanation:
951
ISC CISSP Exam
For a cryptographic hash function, H (m) is relatively easy to compute for a given m.
* Answer “H (m) is collision free” is a characteristic of a good cryptographic hash function, in that collision free
means that for a given message, M, that produces H (M) = Z, it is computationally infeasible to find another
message, M1, such that H (M1) = Z.
* Answer “The output is of fixed length” is part of the definition of a hash function since it generates a fixedlength
result that is independent of the length of the input message. This characteristic is useful for generating
digital signatures since the signature can be applied to the fixed-length hash that is uniquely characteristic of
the message instead of to the entire message, which is usually much longer than the hash.
* Answer “H (m) is a one-way function” relates to answer “H (m) is difficult to compute for any given m” in that a
one-way function is difficult or impossible to invert. This means that for a hash function H (M) = Z, it is
computationally infeasible to reverse the process and find M given the hash Z and the function H.
Q1837
Elliptic curve cryptosystems:
A. Cannot be used to implement digital signatures.
B. Have a higher strength per bit than an RSA.
C. Cannot be used to implement encryption.
D. Have a lower strength per bit than an RSA.
Answer: B
Explanation:
The correct answer is “Have a higher strength per bit than an RSA”. It is more difficult to compute Elliptic Curve
discreet logarithms than conventional discreet logarithms or factoring. Smaller key sizes in the elliptic curve
implementation can yield higher levels of security. Therefore, answer “Have a lower strength per bit than an
RSA” is incorrect.
Answers “Cannot be used to implement digital signatures” and “Cannot be used to implement encryption” are
incorrect because elliptic curve cryptosystems
952
ISC CISSP Exam
can be used for digital signatures and encryption.
Q1838
Serial data transmission in which information can be transmitted in two
directions, but only one direction at a time, is called:
A. Synchronized
B. Full-duplex
C. Simplex
D. Half-duplex
Answer: D
Explanation:
The time required to switch transmission directions in a half-duplex line is called the turnaround time.
* Answer simplex refers to communication that takes place in one direction only.
* Answer Synchronized is a distracter.
* Full-duplex can transmit and receive information in both directions simultaneously. The transmissions can be
asynchronous or synchronous. In asynchronous transmission, a start bit is used to indicate the beginning of
transmission. The start bit is followed by data bits and, then, by one or two stop bits to indicate the end of the
transmission. Since start and stop bits are sent with every unit of data, the actual data transmission rate is
lower since these overhead bits are used for synchronization and do not carry information. In this mode, data is
sent only when it is available and the data is not transmitted continuously. In synchronous transmission, the
transmitter and receiver have synchronized clocks and the data is sent in a continuous stream. The clocks are
synchronized by using transitions in the data and, therefore, start and stop bits are not required for each unit of
data sent.
953
ISC CISSP Exam
Q1839
Which utility below can create a server-spoofing attack?
A. DNS poisoning
B. C2MYAZZ
C. BO2K
D. Snort
Answer: B
Explanation:
C2MYAZZ is a utility that enables server spoofing to implement a session highjacking or man-in-the-middle
exploit. It intercepts a client LANMAN authentication logon and obtains the session’s logon credentials and
password combination, transparently to the user.
* DNS poisoning is also known as cache poisoning. It
is the process of distributing incorrect IP address information for a specific host with the intent to divert traffic
from its true destination.
* Snort, is a utility used for network sniffing. Network sniffing is the process of gathering traffic from a network
by capturing the data as it passes and storing it to analyze later.
* Back Orifice 2000 (BO2K), is an application-level Trojan Horse used to give an attacker backdoor network
access. Source: Security Complete, edited by Mark Lierley (Sybex, 2001).
Q1840
The Advanced Encryption Standard, the Rijndael cipher, can be described
as:
A. A recursive, sequential cipher
B. An iterated block cipher
C. As treaming block cipher
D. A Feistel network
954
ISC CISSP Exam
Answer: B
Explanation:
The correct answer is “An iterated block cipher”. Answers A recursive, sequential cipher, A Feistel network, and
As treaming block cipher are distracters; however, answer A Feistel network characterizes the Data Encryption
Standard (DES) cipher.
Q1841
The Secure Hash Algorithm (SHA-1) of the Secure Hash Standard (NIST
FIPS PUB 180) processes data in block lengths of:
A. 128 bits.
B. 256 bits.
C. 512 bits.
D. 1024 bits.
Answer: C
Explanation:
The correct answer is 512 bits. If a block length is fewer than 512 bits, padding bits are added to make the
block length equal to 512 bits.
The other answers are distracters.
Q1842
What is the block length of the Rijndael Cipher?
A. 64 bits
B. 128 bits
C. 256 bits
D. Variable
Answer: D
955
ISC CISSP Exam
Explanation:
The correct answer is Variable. The other answers with fixed numbers are incorrect.
Q1843
Which of the following statements BEST describes the Public Key
Cryptography Standards (PKCS)?
A. A set of public-key cryptography standards that support only standard algorithms such as Diffie-Hellman and
RSA
B. A set of public-key cryptography standards that support only algorithm-independent implementations
C. A set of public-key cryptography standards that support algorithms such as Diffie-Hellman and RSA as well
as algorithm independent standards
D. A set of public-key cryptography standards that support encryption algorithms such as Diffie-Hellman and
RSA, but does not address digital signatures
Answer: C
Explanation:
PKCS supports algorithm-independent and algorithm-specific implementations as well as digital signatures and
certificates. It was developed by a consortium including RSA Laboratories, Apple, DEC, Lotus, Sun, Microsoft
and MIT. At this writing, there are 15 PKCS standards. Examples of these standards are:
PKCS #1. Defines mechanisms for encrypting and signing data using the RSA public-key system
PKCS #3. Defines the Diffie-Hellman key agreement protocol PKCS #10. Describes a syntax for certification
requests PKCS #15. Defines a standard format for cryptographic
credentials stored on cryptographic tokens
956
ISC CISSP Exam
Topic 15, Exam SET C
Q1844
Which of the following languages is NOT an object-oriented language?
A. Lisp
B. C++
C. Simula 67
D. Smalltalk
Answer: A
Explanation:
Lisp, for list processing, is a functional language that processes symbolic expressions rather than numbers. It is
used in the artificial intelligence field. The languages cited in the other answers are object-oriented languages.
Q1845
What does the prudent man rule require?
A. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur
B. Senior officials to post performance bonds for their actions
C. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under
similar circumstances
D. Senior officials to follow specified government standards
Answer: C
Explanation:
*Answer “Senior officials to post performance bonds for their actions” is a distracter and is not part of the
prudent man rule.
* Answer “Senior officials to guarantee that all precautions have been taken and that no breaches of security
can occur” is incorrect because it is not possible to guarantee that breaches of security can never occur.
* Answer “Senior officials to follow specified government standards” is incorrect because the prudent man rule
does not refer to a specific
957
ISC CISSP Exam
government standard but relates to what other prudent persons would do.
Q1846
A standard that uses the Object Request Broker (ORB) to implement
exchanges among objects in a heterogeneous, distributed environment
is called:
A. An Interface Definition Language (IDL)
B. Open Architecture
C. The Object Management Group (OMG) Object Model
D. A Common Object Request Broker Architecture (CORBA)
Answer: D
Explanation:
* the OMG Object Model provides standard means for describing the externally visible characteristics of
objects.
*Answer Open Architecture is a distracter.
*IDL is a standard interface language that is
used by clients to request services from objects.
Q1847
Which choice below is the BEST description of the criticality prioritization
goal of the Business Impact Assessment (BIA) process?
A. The identification and prioritization of every critical business unit process
B. The estimation of the maximum down time the business can tolerate
C. The presentation of the documentation of the results of the BIA
D. The identification of the resource requirements of the critical business “Pass Any Exam. Any Time.” – www.
actualtests.com 958
ISC CISSP Exam
unit processes
Answer: A
Explanation:
The correct answer is “The identification and prioritization of every critical business unit process”.
The three primary goals of a BIA are criticality
prioritization, maximum down time estimation, and identification of critical resource requirements.
*Answer “The presentation of the documentation of the results of the BIA” is a distracter.
Q1848
Conducting a search without the delay of obtaining a warrant if destruction
of evidence seems imminent is possible under:
A. Exigent Circumstances.
B. Proximate Causation.
C. Prudent Man Rule.
D. Federal Sentencing Guidelines.
Answer: A
Explanation:
The other answers refer to other principles, guidelines, or rules.
Q1849
Which TCSEC security class category below specifies trusted recovery
controls?
A. B3
B. C2
C. B2
959
ISC CISSP Exam
D. B1
Answer: A
Explanation:
TCSEC security categories B3 and A1 require the implementation of trusted recovery. Trusted recovery is the
procedures and/or mechanisms provided to assure that, after an ADP system failure or other discontinuity,
recovery without a protection compromise is obtaineD. A system failure represents a serious security risk
because security controls may be bypassed when the system is not functioning normally. Trusted recovery has
two primary activities:
preparing for a system failure (backup) and recovering the system. Source: DoD 5200.28-STD Department of
Defense Trusted Computer System Evaluation Criteria.
Q1850
Which of the following would NOT be considered a penetration testing
technique?
A. Sniffing
B. Scanning
C. War dialing
D. Data manipulation
Answer: D
Explanation:
The correct answer is Data manipulation. Data manipulation describes the corruption of data integrity to
perform fraud for personal gain or other reasons. External penetration testing should not alter the data in any
way. The other three are common penetration techniques.
960
ISC CISSP Exam
Q1851
Which choice below is the BEST description of an audit trail?
A. Audit trails are used to detect penetration of a computer system and to reveal usage that identifies misuse.
B. An audit trail is a device that permits simultaneous data processing of two or more security levels without risk
of compromise.
C. An audit trail mediates all access to objects within the network by subjects within the network.
D. Audit trails are used to prevent access to sensitive systems by unauthorized personnel.
Answer: A
Explanation:
An audit trail is a set of records that collectively provide documentary evidence of processing used to aid in
tracing from original transactions forward to related records and reports, and/or backward from records and
reports to their component source transactions. Audit trails may be limited to specific events or may encompass
all of the activities on a system.
User audit trails can usually log:
All commands directly initiated by the user
All identification and authentication attempts
Files and resources accessed
It is most useful if options and parameters are also recorded from commands. It is much more useful to know
that a user tried to delete a log file (e.g., to hide unauthorized actions) than to know the user merely issued the
delete command, possibly for a personal data file.
*Answer “An audit trail is a device that permits simultaneous data processing of two or more security levels
without risk of compromise.” is a description of a multilevel devicE. A multilevel device is a device that is used
in a manner that permits it to process data of two or more security levels simultaneously without risk of
compromisE. To accomplish this, sensitivity labels are normally
stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the
data being processed. *Answer “An audit trail mediates all access to objects within the network by subjects
within the network.” refers to a network reference monitor, an access control concept that refers to an abstract
machine that mediates all access to objects within the network by subjects within the network.
* Answer “Audit trails are used to prevent access to sensitive systems by unauthorized personnel.” is incorrect,
because audit trails are detective, and the answer describes a preventative process, access control. Source:
961
ISC CISSP Exam
NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems and DoD 5200.28-STD Department of
Defense Trusted Computer System Evaluation Criteria.
Q1852
In object-oriented programming, when all the methods of one class are
passed on to a subclass, this is called:
A. Delegation
B. Inheritance
C. Multiple Inheritance
D. Forward chaining
Answer: B
Explanation:
In inheritance, all the methods of one class, called a superclass, are inherited by a subclass. Thus, all
messages understood by the superclass are understood by the subclass. In other words, the subclass inherits
the behavior of the superclass.
*Answer Forward chaining is a distracter and describes data-driven reasoning used in expert systems.
*Multiple inheritancedescribes the situation where
a subclass inherits the behavior of multiple superclasses. *Answer delegation, is an alternative to inheritance in
an object-oriented system. With delegation, if an object does not have a method to satisfy a request it has
received, it can delegate the request to another object.
Q1853
What type of security controls operate on the input to a computing system,
962
ISC CISSP Exam
on the data being processed, and the output of the system?
A. Numerical controls
B. Data controls
C. Normative controls
D. Application controls
Answer: D
Explanation:
The correct answer is Application controls. The other answers are distracters.
Q1854
Which choice below refers to a business asset?
A. Protection devices or procedures in place that reduce the effects of threats
B. Events or situations that could cause a financial or operational impact to the organization
C. Competitive advantage, credibility, or good will
D. Personnel compensation and retirement programs
Answer: C
Explanation:
Assets are considered the physical and financial assets that are owned by the company. Examples of business
assets that could be lost or damaged during a disaster are:
Revenues lost during the incident
On-going recovery costs
Fines and penalties incurred by the event.
Competitive advantage, credibility, or good will damaged by the incident
*Answer “Events or situations that could cause a financial or operational impact to the organization” is a
definition for a threat.
*Answer “Protection devices or procedures in place that reduce the effects of threats” is a description of
mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators.
*Answer “Personnel compensation and retirement programs” is a distracter. Source:
Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999.
963
ISC CISSP Exam
Q1855
A distributed object model that has similarities to the Common Object
Request Broker Architecture (CORBA) is:
A. Distributed Data Model
B. Inference Model
C. Distributed Component Object Model (DCOM)
D. The Chinese Wall Model
Answer: C
Explanation:
DCOM is the distributed version of COM that supports remote objects as if the objects reside in the clients
address space. ACOM client can access a COM object through the use of a pointer to one of the objects
interfaces and, then, invoking methods through that pointer. As discussed in Question 24, CORBA is a
distributed object framework developed by the Object Management Group.
* the Chinese Wall Model (D.C. Brewer & M.J. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE
Computer Society Symposium on Security and Privacy, pp. 215-228, 1989), uses internal rules to
compartmentalize areas in which individuals may work to prevent disclosure of proprietary information and to
avoid conflicts of interest. The Chinese Wall model also incorporates the principle of separation of duty.
* Answers Inference Model and Distributed Data Model are distracters.
Q1856
The process of analyzing large data sets in a data warehouse to find
non-obvious patterns is called:
964
ISC CISSP Exam
A. Data scanning
B. Data administration
C. Derived data
D. Data mining
Answer: D
Explanation:
For example, mining of consumer-related data may show a correlation between the number of children under
four years old in a household and the fathers preferences in aftershave lotion.
*Answer Data scanning is a distracter.
*Data administrationdescribes the degree of managements dedication to the data warehouse concept.
*Answer derived data, is data that is obtained through the processing of raw data.
Q1857
In an expert system, the process of beginning with a possible solution
and using the knowledge in the knowledge base to justify the solution
based on the raw input data is called:
A. Forward chaining
B. Dynamic reasoning
C. A blackboard solution
D. Backward chaining
Answer: D
Explanation:
Backward chaining is generally used when there are a large number of possible solutions relative to the number
of inputs.
*Answer Dynamic reasoning is a distracter.
Answer forward chaining, is the reasoning approach that can be used when there is a small number of solutions
relative to the number of inputs. The input data is used to reason forward to prove that one of the possible
solutions in a small solution set is the correct one.
965
ISC CISSP Exam
*The blackboard is an expert system reasoning
methodology in which a solution is generated by the use of a virtual blackboard wherein information or potential
solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more
information is placed on the blackboard in an iterative process, a solution is generated.
Q1858
Which of the following are alid legal issues associated with
computer crime? Select three
A. It may be difficult to prove criminal intent.
B. It may be difficult to obtain a trail of evidence of activities performed on the computer.
C. It may be difficult to show causation.
D. Electronic Data Interchange (EDI) makes it easier to relate a crime to an individual.
Answer: A,B,C
Explanation:
EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data
interchanges and this makes it more difficult to trace the originator of some transactions. *Answer “It may be
difficult to prove criminal intent” is a valid legal issue since it may be very difficult to prove
criminal intent by a person perusing computer files and then causing damage to the files. The damage may
have not been intentional. *Answer “It may be difficult to obtain a trail of evidence of activities performed on the
computer” describes the situation of trying to track activities on a computer where the information is volatile and
may have been
destroyed.
* In answer “It may be difficult to show causation”, common law refers to causation of the criminal act.
Causation is particularly difficult to show in instances where a virus or other malicious code erases itself after
causing damage to vital information.
966
ISC CISSP Exam
Q1859
The Kennedy-Kassebaum Act is also known as:
A. HIPAA
B. RICO
C. EU Directive
D. OECD
Answer: A
Explanation:
The others refer to other laws or guidelines.
Q1860
Which choice below is NOT an element of BCP plan approval and implementation?
A. Executing a disaster scenario and documenting the results
B. Obtaining senior management approval of the results
C. Creating an awareness of the plan
D. Updating the plan regularly and as needed
Answer: A
Explanation:
Answer “Executing a disaster scenario and documenting the results” is a distracter, although it could be
considered a loose description of disaster recovery plan testing. The other three choices are primary elements
of BCP approval, implementation, and maintenance.
Q1861
967
ISC CISSP Exam
Which statement below MOST accurately describes configuration
control?
A. Assuring that only the proposed and approved system changes are implemented
B. Tracking the status of current changes as they move through the configuration control process
C. Verifying that all configuration management policies are being followed
D. The decomposition process of a verification system into CIs
Answer: A
Explanation:
Configuration control is a means of assuring that system changes are approved before being implemented,
only the proposed and approved changes are implemented, and the implementation is complete and accuratE.
This involves strict procedures for proposing, monitoring, and approving system changes and their
implementation. Configuration control entails central direction of the change process by personnel who
coordinate analytical tasks, approve system changes, review the implementation of changes, and supervise
other tasks such as documentation.
*Answer “The decomposition process of a verification system into CIs” is configuration identification. The
decomposition
process of a verification system into Configuration Items (CIs) is called configuration identification. A CI is a
uniquely identifiable subset of the system that represents the smallest portion to be subject to independent
configuration control procedures.
Answer “Tracking the status of current changes as they move through the configuration control process” is
configuration accounting. Configuration accounting documents the status of configuration control activities and,
in general, provides the information needed to manage a configuration effectively. It allows managers to trace
system changes and establish the history of any developmental problems and associated fixes. Configuration
accounting also tracks the status of current changes as they move through the configuration control process.
Configuration accounting establishes the granularity of recorded information and thus shapes the accuracy and
usefulness of the audit function. *Answer “Verifying that all configuration management policies are being follow”
is configuration audit. Configuration audit is the quality
assurance component of configuration management. It involves periodic checks to determine the consistency
and completeness of accounting information and to verify that all configuration management policies are being
followeD. A vendors configuration management
968
ISC CISSP Exam
program must be able to sustain a complete configuration audit by an NCSC review team.
Source: NCSC-TG-014, Guidelines for Formal Verification Systems.
Q1862
Which of the following best defines social engineering?
A. Gathering information from discarded manuals and printouts
B. Illegal copying of software
C. Destruction or alteration of data
D. Using people skills to obtain proprietary information
Answer: D
Explanation:
Using people skills to obtain proprietary information.
*Answer “Illegal copying of software” is software piracy
* answer “Gathering information from discarded manuals and printouts” is dumpster diving; *answer
“Destruction or alteration of data” is a violation of integrity.
Q1863
18 USC. ß2001 (1994) refers to:
A. Article 18, US Code, Section 2001, 1994 edition.
B. Title 18, University of Southern California, Article 2001, 1994 edition.
C. Title 2001 of the US Code, Section 18, 1994 edition.
D. Title 18, Section 2001 of the US Code, 1994 edition.
Answer: D
Explanation:
969
ISC CISSP Exam
Q1864
Asystem that exhibits reasoning similar to that of humans knowledgeable
in a particular field to solve a problem in that field is called:
A. An expert system.
B. A data warehouse.
C. A neural network.
D. A smart system.
Answer: A
Explanation:
Answer a smart system is a distracter.
A data warehouse, is a repository of information from heterogeneous databases that is available to users for
making queries. A neural network is a self-learning system that bases its operation on the model of the
functioning of biological neurons.
Q1865
Which choice below is NOT a recommended step to take when resuming
normal operations after an emergency?
A. Conduct an investigation.
B. Re-occupy the damaged building as soon as possible.
C. Account for all damage-related costs.
D. Protect undamaged property.
Answer: B
Explanation:
Re-occupying the site of a disaster or emergency should not be undertaken until a full safety inspection has
been done, an investigation into the cause of the emergency has been completed, and all damaged property
has been salvaged and restored. During and after an emergency, the safety of personnel must be monitored,
any remaining hazards must be assessed, and security must be maintained at the scene. After all safety
precautions have been taken, an inventory of
970
ISC CISSP Exam
damaged and undamaged property must be done to begin salvage and restoration tasks. Also, the site must
not be re-occupied until all investigative processes have been completed. Detailed records must be kept of all
disaster-related costs and valuations must be made of the effect of the business interruption. Source:
Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August
1998.
Q1866
In the software life cycle, validation:
A. Refers to the work product satisfying software maturity levels.
B. Refers to the work product satisfying the real-world requirements and concepts.
C. Refers to the work product satisfying generally accepted principles.
D. Refers to the work product satisfying derived specifications.
Answer: B
Explanation:
In the software life cycle, validation is the
work product satisfying the real-world requirements and concepts.
The other answers are distracters.
Q1867
What is the responsibility of the contingency planner regarding LAN
backup and recovery if the LAN is part of a building server environment?
A. Recovering client/server systems owned and supported by internal staff
B. Identifying essential business functions
C. Classifying the recovery time frame of the business unit LAN “Pass Any Exam. Any Time.” – www.
actualtests.com 971
ISC CISSP Exam
D. Getting a copy of the recovery procedures from the building server administrator
Answer: D
Explanation:
When any part of the LAN is not hosted internally, and is part of a building server environment, it is the
responsibility of the contingency planner to identify the building server administrator, identify for him the
recovery time frame required for your business applications, obtain a copy of the recovery procedures, and
participate in the validation of the buildings server testing. If all or part of the business is not in the building
server environment, then the other three choices are also the responsibility of the contingency planner. Source:
Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.
Q1868
Which standard defines th