2015-06-20

Q1802

Which of the following is NOT an advantage of a stream cipher?

A. The same equipment can be used for encryption and decryption.

B. It is amenable to hardware implementations that result in higher speeds.

C. Since encryption takes place bit by bit, there is no error propagation.

D. The receiver and transmitter must be synchronized.

Answer: D

Explanation:

The transmitter and receiver must be synchronized since they must use the same keystream bits for the same

bits of the text that are to be enciphered and deciphered. Usually, synchronizing frames must be sent to effect

the synchronization and, thus, additional overhead is required for the transmissions.

* Answer “The same equipment can be used for encryption and decryption” describes an

928

ISC CISSP Exam

advantage since stream ciphers commonly use Linear Feedback Shift Registers (LFSRs) to generate the

keystream and use XORs to operate on the plaintext input stream. Because of the characteristics of the XOR,

the same XOR gates and LFSRs can also decrypt the message. Since LFSRs and XORs are used in a stream

cipher to encrypt and decrypt, these components are amenable to hardware implementation, which means

higher speeds of operation. Thus, answer “It is amenable to hardware implementations that result in higher

speeds” describes an advantage.

For answer “Since encryption takes place bit by bit, there is no error propagation”, stream ciphers encrypt

individual bits with no feedback of the generated ciphertext bits and, therefore, errors do not propagate.

Q1803

The * (star) property of the Biba model states that:

A. Subjects cannot read from a higher level of integrity relative to their level of integrity.

B. Subjects cannot write to a higher level of integrity relative to their level of integrity.

C. Subjects cannot read from a lower level of integrity relative to their level of integrity.

D. Subjects cannot write to a lower level of integrity relative to their level of integrity.

Answer: B

Explanation:

Q1804

The Escrowed Encryption Standard describes the:

A. Rijndael Cipher.

B. Fair Public Key Cryptosystem.

C. Clipper Chip.

D. Digital certificates.

929

ISC CISSP Exam

Answer: C

Explanation:

Q1805

Which one of the following is NOT a component of a CC Protection

Profile?

A. Product-specific security requirements

B. Threats against the product that must be addressed

C. Security objectives

D. Target of Evaluation (TOE) description

Answer: A

Explanation:

The correct answer is “Product-specific security requirements”. Product-specific security requirements for the

product or system are contained in the Security Target (ST). Additional items in the PP are:

TOE security environment description

Assumptions about the security aspects of the product’s expected use Organizational security policies or rules

Application notes

Rationale

Q1806

What is a programmable logic device (PLD)?

A. Random Access Memory (RAM) that contains the software to perform specific tasks

B. An integrated circuit with connections or internal logic gates that can be changed through a programming

process

C. A volatile device

D. A program resident on disk memory that executes a specific function

Answer: B

930

ISC CISSP Exam

Explanation:

* Answer A volatile device is incorrect because a PLD is non-volatile.

* Answer “Random Access Memory (RAM) that contains the software to perform specific tasks” is incorrect

because random access memory is volatile memory that is not a non- volatile logic device.

* Answer “A program resident on disk memory that executes a specific function” is a distracter.

Q1807

Which choice below most accurately describes SSL?

A. It’s a widely used standard of securing e-mail at the Application level.

B. It gives a user remote access to a command prompt across a secure, encrypted session.

C. It uses two protocols, the Authentication Header and the Encapsulating Security Payload.

D. It allows an application to have authenticated, encrypted communications across a network.

Answer: D

Explanation:

The Secure Socket Layer (SSL) sits between higher-level application functions and the TCP/IP stack and

provides security to applications. It includes a variety of encryption algorithms to secure transmitted data, but

the functionality must be integrated into the application.

Answer “It’s a widely used standard of securing e-mail at the Application level.” refers to the Secure/

Multipurpose Internet Mail Extension (S/MIME). Most major e-mail clients support S/MIME today.

Answer “It gives a user remote access to a command prompt across a secure, encrypted session.” describes

Secure Shell (SSH).

Answer “It uses two protocols, the Authentication Header and the Encapsulating Security Payload.” refers to

IPSec. IPSec enables security to be built directly into the TCP/IP stack, without requiring application

modification. Source:

Counter Hack by Ed Skoudis (Prentice Hall PTR, 2002).

931

ISC CISSP Exam

Q1808

Processes are placed in a ring structure according to:

A. Least privilege.

B. Separation of duty.

C. First in, first out.

D. Owner classification.

Answer: A

Explanation:

The correct answer is Least privilege. A process is placed in the ring that gives it the minimum privileges

necessary to perform its functions.

Q1809

Which one of the following is NOT a security mode of operation in an

information system?

A. Contained

B. System high

C. Multilevel

D. Dedicated

Answer: A

Explanation:

The correct answer is Contained, a distracter.

* In the system high mode the information system operates at the highest level of information classification. In

this mode, all users must have security clearances for the highest level of classified information.

* Answer the dedicated mode requires that all users must have a clearance or an authorization and a need-toknow

for all information that is produced by the information system.

* The multi-level mode of operation, answer c, supports users with different clearances and data at multiple

classification levels.

932

ISC CISSP Exam

Q1810

Which of the following is the best example of need-to-know?

A. An operator does not know more about the system than the minimum required to do the job.

B. An operator cannot generate and verify transactions alone.

C. The operators’ duties are frequently rotated.

D. Two operators are required to work together to perform a task.

Answer: A

Explanation:

The correct answer is “An operator does not know more about the system than the minimum required to do the

job”. Need-to-know means the operators are working in an environment that limits their knowledge of the

system, applications, or data to the minimum elements that they require to perform their job.

* Answer “Two operators are required to work together to perform a task” is dual-control

* “The operators’ duties are frequently rotated” is job rotation

* answer “An operator cannot generate and verify transactions alone” is separation of duties.

Q1811

Which of the following terms is NOT associated with a Read Only

Memory (ROM)?

A. Field Programmable Gate Array (FPGA)

B. Flash memory

C. Firmware

D. Static RAM (SRAM)

Answer: D

Explanation:

Static Random Access Memory (SRAM) is volatile and, therefore,

933

ISC CISSP Exam

loses its data if power is removed from the system. Conversely, a ROM is nonvolatile in that it does not lose its

content when power is removed.

* Flash memories are a type of electrically programmable ROM.

* Answer FPGA is a type of Programmable Logic Device (PLD) that is programmed by blowing fuse

connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the

junction.

* For answer firmware is a program that is stored on ROMs.

Q1812

Which one of the following is NOT a typical bus designation in a digital

computer?

A. Control

B. Address

C. Data

D. Secondary

Answer: D

Explanation:

The correct answer is Secondary, a distracter.

Q1813

Which type of routing below commonly broadcasts its routing table

information to all other routers every minute?

A. Dynamic Control Protocol Routing

B. Static Routing

C. Distance Vector Routing

D. Link State Routing

934

ISC CISSP Exam

Answer: C

Explanation:

Distance vector routing uses the routing information protocol (RIP) to maintain a dynamic table of routing

information that is updated regularly. It is the oldest and most common type of dynamic routing.

* static routing, defines a specific route in a configuration file on the router and does not require the routers to

exchange route information dynamically.

* link state routers, functions like distance vector routers, but only use firsthand information when building

routing tables by maintaining a copy of every other router’s Link State Protocol (LSP) frame. This helps to

eliminate routing errors and considerably lessens convergence time.

*Answer Dynamic Control Protocol Routing is a distracter. Source: Mastering Network Security by Chris

Brenton (Sybex, 1999).

Q1814

The standard process to certify and accredit

A. DIACAP

B. DITSCAP

C. CIAP

D. NIACAP

E. Defense audit

Answer: D

Explanation:

The NIACAP provides a standard set of activities, general tasks, and a management structure to certify and

accredit systems that will maintain the information assurance and security posture of a system or site. The

NIACAP is designed to certify that the information system meets documented accreditation requirements and

will continue to maintain the accredited security posture throughout the system life cycle.

* Answer CIAP is being developed for the evaluation of critical commercial systems and uses the NIACAP

methodology.

* DITSCAP establishes for the defense entities a standard process, set of activities, general task descriptions,

and a management structure to

935

ISC CISSP Exam

certify and accredit IT systems that will maintain the required security posture. The process is designed to

certify that the IT system meets the accreditation requirements and that the system will maintain the accredited

security posture throughout the system life cycle. The four phases to the DITSCAP are Definition, Verification,

Validation, and Post Accreditation.

* Answer “Defense audit” is a distracter.

* Answer DIACAP is a distracter.

Q1815

Which LAN topology below is MOST vulnerable to a single point of

failure?

A. FDDI

B. Physical Star

C. Logical Ring

D. Ethernet Bus

Answer: D

Explanation:

Ethernet bus topology was the first commercially viable network topology, and consists of all workstations

connected to a single coaxial cable. Since the cable must be properly terminated on both ends, a break in the

cable stops all communications on the bus.

* the physical star topology acts like a logical bus, but provides better fault tolerance, as a cable break only

disconnects the workstation or hub directly affected.

* logical ring topology, is used by Token Ring and FDDI and is highly resilient. Token Ring employs a beacon

frame, which, in case of a cable break, initiates auto reconfiguration and attempts to reroute the network around

the failed mode. Also, the Token Ring active monitor station performs ring maintenance functions, like

removing continuously circulating frames from the ring. FDDI employs a second ring to provide redundancy.

Sources:

Virtual LANs by Mariana Smith (McGraw-Hill, 1998) and Internetworking Technologies Handbook, Second

Edition (Cisco Press, 1998).

936

ISC CISSP Exam

Q1816

Acryptographic attack in which portions of the ciphertext are selected for

trial decryption while having access to the corresponding decrypted

plaintext is known as what type of attack?

A. Chosen ciphertext

B. Adaptive chosen plaintext

C. Known plaintext

D. Chosen plaintext

Answer: A

Explanation:

The correct answer is “Chosen ciphertext.

In answer Known plaintext, the attacker has a copy of the plaintext corresponding to the ciphertext.

Answer Chosen plaintext describes the situation where selected plaintext is encrypted and the output ciphertext

is obtained. The adaptive chosen plaintext attack, answer “Adaptive chosen plaintext, is a form of chosen

plaintext attack where the selection of the plaintext is altered according to previous results.

Q1817

In communications between two parties, encrypting the hash function

of a message with a symmetric key algorithm is equivalent to:

A. Providing for secrecy of the message

B. Generating a keyed Message Authentication Code (MAC)

C. Generating a digital signature

D. Generating a one-way function

937

ISC CISSP Exam

Answer: B

Explanation:

A MAC is used to authenticate files between users. If the sender and receiver both have the secret key, they

are the only ones that can verify the hash function. If a symmetric key algorithm is used to encrypt the one-way

hash function, then the one-way hash function becomes a keyed MAC.

Answer “Generating a digital signature” is incorrect because a digital signature between two parties

uses an asymmetric key algorithm. If a message is encrypted with the sender’s private key, then only the

sender’s public key can decrypt the message. This proves that the message was sent by the sender since only

the sender knows the private key.

In practice, asymmetric key encryption is very slow, especially for long messages. Therefore, a one-way hash

of the message is encrypted with the sender’s private key instead of encrypting the complete message. Then,

the message and the encrypted hash are sent to a second party. The receiver takes the encrypted hash and

decrypts it with the sender’s public key. Then, the receiver takes the hash of the message, using the same oneway

hash algorithm as the sender. The hash generated by the receiver is compared with the decrypted hash

sent with the message. If the two hashes are identical, the digital signature is validated. Note that his method

also will reveal if the message was changed en route, since the hash calculated by the receiver will, then, be

different from the encrypted hash sent along with the message.

Answer “Providing for secrecy of the message” is incorrect since encrypting the hash of the message and

sending the message in the clear does nothing to protect the confidentiality of the message. Since the hash

function is a one-way function, the message cannot be recovered from its hash.

Answer “Generating a one-way function” is incorrect since encrypting a hash of a message is not a one-way

function. If it were, it would be of no use since no one would be able to reverse the process and decrypt it.

Q1818

938

ISC CISSP Exam

Mandatory access controls first appear in the Trusted Computer System

Evaluation Criteria (TCSEC) at the rating of:

A. D

B. B

C. C

D. A

Answer: B

Explanation:

Q1819

What is the simple security property of which one of the following

models is described as:

A user has access to a client company’s information, c, if and only if for

all other information, o, that the user can read, either x(c) z (o) or x(c)

= x (o), where x(c) is the client’s company and z (o) is the competitors

of x(c).

A. Bell-LaPadula

B. Lattice

C. Chinese wall

D. Biba

Answer: C

Explanation:

This model, (D.c. Brewer and M.j. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE Computer Society

Symposium on Security and Privacy, 1989), defines rules that prevent conflicts of interest in organizations that

may have access to information from companies that are competitors of each other. Essentially, the model

states that a user working on one account cannot work on a competitor’s account for a designated period of

time. Answer the Biba model is an integrity model that is an analog of the Bell-LaPadula confidentiality model of

answer Bell-LaPadula.

Answer the lattice refers to the general

939

ISC CISSP Exam

information flow model where security levels are represented by a lattice structure. The model defines a

transitive ordering relation, , on security classes. Thus, for security classes X, Y, and Z, the ordering relation X

Y Z describes the situation where Z is the highest security class and X is the lowest security class, and there is

an ordering among the three classes.

Q1820

Separation of duties embodies what principle?

A. The operators’ duties are frequently rotated.

B. Two operators are required to work in tandem to perform a task.

C. The operators have different duties to prevent one person from compromising the system.

D. An operator does not know more about the system than the minimum required to do the job.

Answer: C

Explanation:

The correct answer is “The operators have different duties to prevent one person from compromising the

system”. Separation of duties means that the operators are prevented from generating and verifying

transactions alone, for example. A task might be divided into different smaller tasks to accomplish this, or in the

case of an operator with multiple duties, the operator makes a logical, functional job change when performing

such conflicting duties. Answer “An operator does not know more about the system than the minimum required

to do the job” is need-to-know, answer “Two operators are required to work in tandem to perform a task” is

dual-control, and c is job rotation.

Q1821

Which firewall type below uses a dynamic state table to inspect the

content of packets?

940

ISC CISSP Exam

A. An application-level firewall

B. A stateful-inspection firewall

C. A circuit-level firewall

D. A packet-filtering firewall

Answer: B

Explanation:

A stateful-inspection firewall intercepts incoming packets at the Network level, then uses an Inspection Engine

to extract state-related information from upper layers. It maintains the information in a dynamic state table and

evaluates subsequent connection attempts.

* packet-filtering firewall is the simplest type of firewall commonly implemented on routers. It operates at the

Network layer and offers good performance but is the least secure.

* application-level firewall or application-layer gateway, is more secure because it examines the packet at the

application layer, but at the expense of performance.

* circuit-level firewall, is similar to the application-level firewall in that it functions as a proxy server, but differs in

that special proxy application software is not needed. Sources: Hacker Proof by Lars Klander (Jamsa Press,

1997) and Checkpoint Firewall-1 Stateful Inspection Technology (www.checkpoint.com).

Q1822

A 1999 law that addresses privacy issues related to health care,

insurance and finance and that will be implemented by the states is:

A. Kennedy-Kassebaum

B. Gramm-Leach-Bliley (GLB)

C. Insurance Reform Act

D. Medical Action Bill

Answer: B

Explanation:

See the answers to Question 15 for a discussion of GLb.

* Answer Kennedy-Kassebaum refers to the HIPAA legislation (US Kennedy-Kassebaum Health Insurance and

Portability Accountability Act HIPAA-Public Law 104-19). Answers Medical Action Bill and Insurance Reform Act

are distracters.

941

ISC CISSP Exam

Q1823

The termination of selected, non-critical processing when a hardware or

software failure occurs and is detected is referred to as:

A. Fault tolerant.

B. Fail safe.

C. An exception.

D. Fail soft.

Answer: D

Explanation:

Q1824

How do covert timing channels convey information?

A. By generating noise and traffic with the data

B. By modifying the timing of a system resource in some measurable way

C. By changing a system’s stored data characteristics

D. By performing a covert channel analysis

Answer: B

Explanation:

The correct answer is “By modifying the timing of a system resource in some measurable way”. A covert timing

channel alters the timing of parts of the system to enable it to be used to communicate information covertly

(outside the normal security function).

* Answer “By changing a system’s stored data characteristics” is the description of the use of a covert storage

channel.

* “By generating noise and traffic with the data” is a technique to combat the use of covert channels.

* Answer “By performing a covert channel analysis” is the Orange Book requirement for B3, B2, and A1

evaluated systems.

942

ISC CISSP Exam

Q1825

Aprocessor in which a single instruction specifies more than one CONCURRENT

operation is called:

A. Pipelined processor.

B. Very Long Instruction Word processor.

C. Scalar processor.

D. Superscalar processor.

Answer: B

Explanation:

The correct answer is Very Long Instruction Word processor.

* A pipelined processor overlaps the steps of different instructions.

* Answer a superscalar processor performs a concurrent execution of multiple instructions in the same pipeline

stage.

* A scalar processor executes one instruction at a time.

Q1826

The definition A relatively small amount (when compared to primary

memory) of very high speed RAM, which holds the instructions and

data from primary memory, that has a high probability of being

accessed during the currently executing portion of a program refers to

what category of computer memory?

A. Secondary

B. Virtual

C. Real

D. Cache

943

ISC CISSP Exam

Answer: D

Explanation:

Cache logic attempts to predict which instructions and data in main (primary) memory will be used by a

currently executing program. It then moves these items to the higher speed cache in anticipation of the CPU

requiring these programs and data. Properly designed caches can significantly reduce the apparent main

memory access time and thus increase the speed of program execution.

* Answer secondary memory is a slower memory (such as a magnetic disk) that provides non-volatile storage.

* Real or primary memory is directly addressable by the CPU and is used for the storage of instructions and

data associated with the program that is being executed. This memory is usually high-speed, Random Access

Memory (RAM).

* Answer virtual memory uses secondary memory

in conjunction with primary memory to present the CPU with a larger, apparent address space of the real

memory locations.

Q1827

ATrusted Computing Base (TCB) is defined as:

A. The total combination of protection mechanisms within a computer system that are trusted to enforce a

security policy.

B. A system that employs the necessary hardware and software assurance measures to enable processing

multiple levels of classified or sensitive information to occur.

C. The boundary separating the trusted mechanisms from the remainder of the system.

D. A trusted path that permits a user to access resources.

Answer: A

Explanation:

* Answer “The boundary separating the trusted mechanisms from the remainder of the system” is the security

perimeter.

* Answer “A trusted path that permits a user to access resources” is the definition of a trusted path.

* Answer “A system that employs the necessary hardware and software assurance measures to enable

processing multiple levels of classified or sensitive information to occur” is the definition of

944

ISC CISSP Exam

a trusted computer system.

Q1828

Increasing performance in a computer by overlapping the steps of different

instructions is called:

A. Areduced instruction set computer.

B. Pipelining.

C. Acomplex instruction set computer.

D. Vector processing.

Answer: B

Explanation:

Q1829

The Wired Equivalency Privacy algorithm (WEP) of the 802.11 Wireless

LAN Standard uses which of the following to protect the confidentiality

of information being transmitted on the LAN?

A. A digital signature that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a

base station access point

B. A public/private key pair that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card)

and a base station access point

C. A secret key that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base

station access point

D. Frequency shift keying (FSK) of the message that is sent between a mobile station (e.g., a laptop with a

wireless Ethernet card) and a base station access point

Answer: C

Explanation:

The transmitted packets are encrypted with a secret key and an

945

ISC CISSP Exam

Integrity Check (IC) field comprised of a CRC-32 check sum that is attached to the message. WEP uses the

RC4 variable key-size stream cipher encryption algorithm. RC4 was developed in 1987 by Ron Rivest and

operates in output feedback mode. Researchers at the University of California at Berkely (wep@isaac.cs.

berkeley.edu) have found that the security of the WEP algorithm can be compromised, particularly with the

following attacks:

Passive attacks to decrypt traffic based on statistical analysis Active attack to inject new traffic from

unauthorized mobile stations, based on known plaintext

Active attacks to decrypt traffic, based on tricking the access point

Dictionary-building attack that, after analysis of about a day’s worth of traffic, allows real-time automated

decryption of all traffic

The Berkeley researchers have found that these attacks are effective against both the 40-bit and the so-called

128-bit versions of WEP using inexpensive off-the-shelf equipment. These attacks can also be used against

networks that use the 802.11b Standard, which is the extension to 802.11 to support higher data rates, but

does not change the WEP algorithm.

The weaknesses in WEP and 802.11 are being addressed by the IEEE 802.11i Working Group. WEP will be

upgraded to WEP2 with the following proposed changes:

Modifying the method of creating the initialization vector (IV) Modifying the method of creating the encryption

key

Protection against replays

Protection against IV collision attacks

Protection against forged packets

In the longer term, it is expected that the Advanced Encryption Standard (AES) will replace the RC4 encryption

algorithm currently used in WEP.

Q1830

There are two fundamental security protocols in IPSEc. These are the

946

ISC CISSP Exam

Authentication Header (AH) and the Encapsulating Security Payload

(ESP). Which of the following correctly describes the functions of each?

A. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted

data; AH-source authenticating protocol

B. ESP-data encrypting and source authenticating protocol; AH-source authenticating protocol that also

validates the integrity of the transmitted data

C. ESP-data encrypting protocol that also validates the integrity of the transmitted data; AH-source

authenticating protocol that also validates the integrity of the transmitted data

D. ESP-data encrypting and source authenticating protocol that also validates the integrity of the transmitted

data; AH-source authenticating protocol that also validates the integrity of the transmitted data

Answer: D

Explanation:

ESP does have a source authentication and integrity capability through the use of a hash algorithm and a

secret key. It provides confidentiality by means of secret key cryptography. DES and triple DES secret key block

ciphers are supported by IPSEC and other algorithms will also be supported in the future. AH uses a hash

algorithm

in the packet header to authenticate the sender and validate the integrity of the transmitted data.

Q1831

The Secure Hash Algorithm (SHA) is specified in the:

A. Data Encryption Standard.

B. Advanced Encryption Standard.

C. Digital Signature Standard.

D. Digital Encryption Standard.

Answer: C

Explanation:

The correct answer is “Digital Signature Standard”.

*Answer “Data Encryption Standard” refers to DES, a symmetric encryption algorithm.

947

ISC CISSP Exam

* answer “Digital Encryption Standa” is a distracter there is no such term;

* answer “Advanced Encryption Standard” is the Advanced Encryption Standard, which has replaced DES and

is now the Rijndael algorithm.

Q1832

Which of the following is an example of least privilege?

A. An operator cannot generate and verify transactions alone.

B. An operator does not have more system rights than the minimum required to do the job.

C. An operator does not know more about the system than the minimum required to do the job.

D. The operators’ duties are frequently rotated.

Answer: B

Explanation:

Least Privilege embodies the concept that users or operators should be granted the lowest level of system

access or system rights that allows them to perform their job.

* Answer “An operator does not know more about the system than the minimum required to do the job” is needto-

know

* “The operators’ duties are frequently rotated” is job rotation

* “An operator cannot generate and verify transactions alone” is separation of duties.

Q1833

What BEST describes the National Security Agency-developed

Capstone?

A. A one-way function for implementation of public key encryption

B. A device for intercepting electromagnetic emissions

C. A chip that implements the US Escrowed Encryption Standard “Pass Any Exam. Any Time.” – www.

actualtests.com 948

ISC CISSP Exam

D. The PC Card implementation of the Clipper Chip system

Answer: C

Explanation:

Capstone is a Very Large Scale Integration (VLSI) chip that employs the Escrowed Encryption Standard and

incorporates the Skipjack algorithm, similar to the Clipper Chip. As such, it has a LEAf. Capstone also supports

public key exchange and digital signatures. At this time, Capstone products have their LEAF function

suppressed and a Certifying Authority provides for key recovery.

*Answer “A device for intercepting electromagnetic emissions” is then, obviously, incorrect. For information

purposes, though, the US Government program to study and control the interception of electromagnetic

emissions that may compromise classified information is called TEMPEST.

* Answer “The PC Card implementation of the Clipper Chip system” is also, obviously, incorrect. However,

Capstone was first implemented on a PC card called Fortezza.

* Answer “A one-way function for implementation of public key encryption” is incorrect since Capstone is not a

mathematical

function, but it incorporates mathematical functions for key exchange, authentication and encryption.

Q1834

Which statement below is accurate about the difference between

Ethernet II and 802.3 frame formats?

A. 802.3 uses a Length field, whereas Ethernet II uses a Type field.

B. Ethernet II uses an 8-byte Preamble field, whereas 802.3 uses a 4-byte FCS field.

C. 802.3 uses a Type field, whereas Ethernet II uses a Length field.

D. Ethernet II uses a 4-byte FCS field, whereas 802.3 uses an 8-byte Preamble field.

Answer: A

Explanation:

802.3 uses a Length field which indicates the number of data

949

ISC CISSP Exam

bytes that are in the data field. Ethernet II uses a Type field in the same 2 bytes to identify the message

protocol type. Both frame formats use a 8-byte Preamble field at the start of the packet, and a 4- byte Frame

Check Sequence (FCS) field at the end of the packet, so

those choices would be incorrect as to a difference in the frame formats. Sources: Gigabit Ethernet by Jayant

Kadambi, Ian Crayford, and Mohan Kalkunte (Prentice Hall PTR, 1998) and CCNA Study Guide by Todd

Lammle, Donald Porter, and James Chellis (Sybex, 1999).

Q1835

The Advanced Encryption Standard (Rijndael) block cipher

requirements regarding keys and block sizes have now evolved to

which configuration?

A. Both the key and block sizes can be 128, 192, and 256 bits each.

B. The block size is 128 bits, and the key size is 128 bits.

C. The key size is 128 bits, and the block size can be 128, 192, or 256 bits.

D. The block size is 128 bits, and the key can be 128, 192, or 256 bits.

950

ISC CISSP Exam

Answer: D

Explanation:

AES is comprised of the three key sizes, 128, 192, and 256 bits with a fixed block size of 128 bits. The

Advanced Encryption Standard (AES) was announced on November 26, 2001 , as Federal Information

Processing Standard Publication (FIPS PUB 197). FIPS PUB 197 states that This standard may be used by

Federal departments and agencies when an agency determines that sensitive (unclassified) information (as

defined in P.L. 100-235) requires cryptographic protection. Other FIPS-approved cryptographic algorithms may

be used in addition to, or in lieu of, this standard. Depending upon which of the three keys is used, the standard

may be referred to as AES-128, AES-192 or AES-256.

The number of rounds used in the Rijndael cipher is a function of the key size as follows:

256-bit key 14 rounds

192-bit key 12 rounds

128-bit key 10 rounds

Rijndael has a symmetric and parallel structure that provides for flexibility of implementation and resistance to

cryptanalytic attacks. Attacks on Rijndael would involve the use of differential and linear cryptanalysis.

Q1836

Which of the following is NOT a characteristic of a cryptographic hash

function, H (m), where m denotes the message being hashed by the

function H?

A. H (m) is a one-way function.

B. H (m) is difficult to compute for any given m.

C. The output is of fixed length.

D. H (m) is collision free.

Answer: B

Explanation:

951

ISC CISSP Exam

For a cryptographic hash function, H (m) is relatively easy to compute for a given m.

* Answer “H (m) is collision free” is a characteristic of a good cryptographic hash function, in that collision free

means that for a given message, M, that produces H (M) = Z, it is computationally infeasible to find another

message, M1, such that H (M1) = Z.

* Answer “The output is of fixed length” is part of the definition of a hash function since it generates a fixedlength

result that is independent of the length of the input message. This characteristic is useful for generating

digital signatures since the signature can be applied to the fixed-length hash that is uniquely characteristic of

the message instead of to the entire message, which is usually much longer than the hash.

* Answer “H (m) is a one-way function” relates to answer “H (m) is difficult to compute for any given m” in that a

one-way function is difficult or impossible to invert. This means that for a hash function H (M) = Z, it is

computationally infeasible to reverse the process and find M given the hash Z and the function H.

Q1837

Elliptic curve cryptosystems:

A. Cannot be used to implement digital signatures.

B. Have a higher strength per bit than an RSA.

C. Cannot be used to implement encryption.

D. Have a lower strength per bit than an RSA.

Answer: B

Explanation:

The correct answer is “Have a higher strength per bit than an RSA”. It is more difficult to compute Elliptic Curve

discreet logarithms than conventional discreet logarithms or factoring. Smaller key sizes in the elliptic curve

implementation can yield higher levels of security. Therefore, answer “Have a lower strength per bit than an

RSA” is incorrect.

Answers “Cannot be used to implement digital signatures” and “Cannot be used to implement encryption” are

incorrect because elliptic curve cryptosystems

952

ISC CISSP Exam

can be used for digital signatures and encryption.

Q1838

Serial data transmission in which information can be transmitted in two

directions, but only one direction at a time, is called:

A. Synchronized

B. Full-duplex

C. Simplex

D. Half-duplex

Answer: D

Explanation:

The time required to switch transmission directions in a half-duplex line is called the turnaround time.

* Answer simplex refers to communication that takes place in one direction only.

* Answer Synchronized is a distracter.

* Full-duplex can transmit and receive information in both directions simultaneously. The transmissions can be

asynchronous or synchronous. In asynchronous transmission, a start bit is used to indicate the beginning of

transmission. The start bit is followed by data bits and, then, by one or two stop bits to indicate the end of the

transmission. Since start and stop bits are sent with every unit of data, the actual data transmission rate is

lower since these overhead bits are used for synchronization and do not carry information. In this mode, data is

sent only when it is available and the data is not transmitted continuously. In synchronous transmission, the

transmitter and receiver have synchronized clocks and the data is sent in a continuous stream. The clocks are

synchronized by using transitions in the data and, therefore, start and stop bits are not required for each unit of

data sent.

953

ISC CISSP Exam

Q1839

Which utility below can create a server-spoofing attack?

A. DNS poisoning

B. C2MYAZZ

C. BO2K

D. Snort

Answer: B

Explanation:

C2MYAZZ is a utility that enables server spoofing to implement a session highjacking or man-in-the-middle

exploit. It intercepts a client LANMAN authentication logon and obtains the session’s logon credentials and

password combination, transparently to the user.

* DNS poisoning is also known as cache poisoning. It

is the process of distributing incorrect IP address information for a specific host with the intent to divert traffic

from its true destination.

* Snort, is a utility used for network sniffing. Network sniffing is the process of gathering traffic from a network

by capturing the data as it passes and storing it to analyze later.

* Back Orifice 2000 (BO2K), is an application-level Trojan Horse used to give an attacker backdoor network

access. Source: Security Complete, edited by Mark Lierley (Sybex, 2001).

Q1840

The Advanced Encryption Standard, the Rijndael cipher, can be described

as:

A. A recursive, sequential cipher

B. An iterated block cipher

C. As treaming block cipher

D. A Feistel network

954

ISC CISSP Exam

Answer: B

Explanation:

The correct answer is “An iterated block cipher”. Answers A recursive, sequential cipher, A Feistel network, and

As treaming block cipher are distracters; however, answer A Feistel network characterizes the Data Encryption

Standard (DES) cipher.

Q1841

The Secure Hash Algorithm (SHA-1) of the Secure Hash Standard (NIST

FIPS PUB 180) processes data in block lengths of:

A. 128 bits.

B. 256 bits.

C. 512 bits.

D. 1024 bits.

Answer: C

Explanation:

The correct answer is 512 bits. If a block length is fewer than 512 bits, padding bits are added to make the

block length equal to 512 bits.

The other answers are distracters.

Q1842

What is the block length of the Rijndael Cipher?

A. 64 bits

B. 128 bits

C. 256 bits

D. Variable

Answer: D

955

ISC CISSP Exam

Explanation:

The correct answer is Variable. The other answers with fixed numbers are incorrect.

Q1843

Which of the following statements BEST describes the Public Key

Cryptography Standards (PKCS)?

A. A set of public-key cryptography standards that support only standard algorithms such as Diffie-Hellman and

RSA

B. A set of public-key cryptography standards that support only algorithm-independent implementations

C. A set of public-key cryptography standards that support algorithms such as Diffie-Hellman and RSA as well

as algorithm independent standards

D. A set of public-key cryptography standards that support encryption algorithms such as Diffie-Hellman and

RSA, but does not address digital signatures

Answer: C

Explanation:

PKCS supports algorithm-independent and algorithm-specific implementations as well as digital signatures and

certificates. It was developed by a consortium including RSA Laboratories, Apple, DEC, Lotus, Sun, Microsoft

and MIT. At this writing, there are 15 PKCS standards. Examples of these standards are:

PKCS #1. Defines mechanisms for encrypting and signing data using the RSA public-key system

PKCS #3. Defines the Diffie-Hellman key agreement protocol PKCS #10. Describes a syntax for certification

requests PKCS #15. Defines a standard format for cryptographic

credentials stored on cryptographic tokens

956

ISC CISSP Exam

Topic 15, Exam SET C

Q1844

Which of the following languages is NOT an object-oriented language?

A. Lisp

B. C++

C. Simula 67

D. Smalltalk

Answer: A

Explanation:

Lisp, for list processing, is a functional language that processes symbolic expressions rather than numbers. It is

used in the artificial intelligence field. The languages cited in the other answers are object-oriented languages.

Q1845

What does the prudent man rule require?

A. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur

B. Senior officials to post performance bonds for their actions

C. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under

similar circumstances

D. Senior officials to follow specified government standards

Answer: C

Explanation:

*Answer “Senior officials to post performance bonds for their actions” is a distracter and is not part of the

prudent man rule.

* Answer “Senior officials to guarantee that all precautions have been taken and that no breaches of security

can occur” is incorrect because it is not possible to guarantee that breaches of security can never occur.

* Answer “Senior officials to follow specified government standards” is incorrect because the prudent man rule

does not refer to a specific

957

ISC CISSP Exam

government standard but relates to what other prudent persons would do.

Q1846

A standard that uses the Object Request Broker (ORB) to implement

exchanges among objects in a heterogeneous, distributed environment

is called:

A. An Interface Definition Language (IDL)

B. Open Architecture

C. The Object Management Group (OMG) Object Model

D. A Common Object Request Broker Architecture (CORBA)

Answer: D

Explanation:

* the OMG Object Model provides standard means for describing the externally visible characteristics of

objects.

*Answer Open Architecture is a distracter.

*IDL is a standard interface language that is

used by clients to request services from objects.

Q1847

Which choice below is the BEST description of the criticality prioritization

goal of the Business Impact Assessment (BIA) process?

A. The identification and prioritization of every critical business unit process

B. The estimation of the maximum down time the business can tolerate

C. The presentation of the documentation of the results of the BIA

D. The identification of the resource requirements of the critical business “Pass Any Exam. Any Time.” – www.

actualtests.com 958

ISC CISSP Exam

unit processes

Answer: A

Explanation:

The correct answer is “The identification and prioritization of every critical business unit process”.

The three primary goals of a BIA are criticality

prioritization, maximum down time estimation, and identification of critical resource requirements.

*Answer “The presentation of the documentation of the results of the BIA” is a distracter.

Q1848

Conducting a search without the delay of obtaining a warrant if destruction

of evidence seems imminent is possible under:

A. Exigent Circumstances.

B. Proximate Causation.

C. Prudent Man Rule.

D. Federal Sentencing Guidelines.

Answer: A

Explanation:

The other answers refer to other principles, guidelines, or rules.

Q1849

Which TCSEC security class category below specifies trusted recovery

controls?

A. B3

B. C2

C. B2

959

ISC CISSP Exam

D. B1

Answer: A

Explanation:

TCSEC security categories B3 and A1 require the implementation of trusted recovery. Trusted recovery is the

procedures and/or mechanisms provided to assure that, after an ADP system failure or other discontinuity,

recovery without a protection compromise is obtaineD. A system failure represents a serious security risk

because security controls may be bypassed when the system is not functioning normally. Trusted recovery has

two primary activities:

preparing for a system failure (backup) and recovering the system. Source: DoD 5200.28-STD Department of

Defense Trusted Computer System Evaluation Criteria.

Q1850

Which of the following would NOT be considered a penetration testing

technique?

A. Sniffing

B. Scanning

C. War dialing

D. Data manipulation

Answer: D

Explanation:

The correct answer is Data manipulation. Data manipulation describes the corruption of data integrity to

perform fraud for personal gain or other reasons. External penetration testing should not alter the data in any

way. The other three are common penetration techniques.

960

ISC CISSP Exam

Q1851

Which choice below is the BEST description of an audit trail?

A. Audit trails are used to detect penetration of a computer system and to reveal usage that identifies misuse.

B. An audit trail is a device that permits simultaneous data processing of two or more security levels without risk

of compromise.

C. An audit trail mediates all access to objects within the network by subjects within the network.

D. Audit trails are used to prevent access to sensitive systems by unauthorized personnel.

Answer: A

Explanation:

An audit trail is a set of records that collectively provide documentary evidence of processing used to aid in

tracing from original transactions forward to related records and reports, and/or backward from records and

reports to their component source transactions. Audit trails may be limited to specific events or may encompass

all of the activities on a system.

User audit trails can usually log:

All commands directly initiated by the user

All identification and authentication attempts

Files and resources accessed

It is most useful if options and parameters are also recorded from commands. It is much more useful to know

that a user tried to delete a log file (e.g., to hide unauthorized actions) than to know the user merely issued the

delete command, possibly for a personal data file.

*Answer “An audit trail is a device that permits simultaneous data processing of two or more security levels

without risk of compromise.” is a description of a multilevel devicE. A multilevel device is a device that is used

in a manner that permits it to process data of two or more security levels simultaneously without risk of

compromisE. To accomplish this, sensitivity labels are normally

stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the

data being processed. *Answer “An audit trail mediates all access to objects within the network by subjects

within the network.” refers to a network reference monitor, an access control concept that refers to an abstract

machine that mediates all access to objects within the network by subjects within the network.

* Answer “Audit trails are used to prevent access to sensitive systems by unauthorized personnel.” is incorrect,

because audit trails are detective, and the answer describes a preventative process, access control. Source:

961

ISC CISSP Exam

NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems and DoD 5200.28-STD Department of

Defense Trusted Computer System Evaluation Criteria.

Q1852

In object-oriented programming, when all the methods of one class are

passed on to a subclass, this is called:

A. Delegation

B. Inheritance

C. Multiple Inheritance

D. Forward chaining

Answer: B

Explanation:

In inheritance, all the methods of one class, called a superclass, are inherited by a subclass. Thus, all

messages understood by the superclass are understood by the subclass. In other words, the subclass inherits

the behavior of the superclass.

*Answer Forward chaining is a distracter and describes data-driven reasoning used in expert systems.

*Multiple inheritancedescribes the situation where

a subclass inherits the behavior of multiple superclasses. *Answer delegation, is an alternative to inheritance in

an object-oriented system. With delegation, if an object does not have a method to satisfy a request it has

received, it can delegate the request to another object.

Q1853

What type of security controls operate on the input to a computing system,

962

ISC CISSP Exam

on the data being processed, and the output of the system?

A. Numerical controls

B. Data controls

C. Normative controls

D. Application controls

Answer: D

Explanation:

The correct answer is Application controls. The other answers are distracters.

Q1854

Which choice below refers to a business asset?

A. Protection devices or procedures in place that reduce the effects of threats

B. Events or situations that could cause a financial or operational impact to the organization

C. Competitive advantage, credibility, or good will

D. Personnel compensation and retirement programs

Answer: C

Explanation:

Assets are considered the physical and financial assets that are owned by the company. Examples of business

assets that could be lost or damaged during a disaster are:

Revenues lost during the incident

On-going recovery costs

Fines and penalties incurred by the event.

Competitive advantage, credibility, or good will damaged by the incident

*Answer “Events or situations that could cause a financial or operational impact to the organization” is a

definition for a threat.

*Answer “Protection devices or procedures in place that reduce the effects of threats” is a description of

mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators.

*Answer “Personnel compensation and retirement programs” is a distracter. Source:

Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999.

963

ISC CISSP Exam

Q1855

A distributed object model that has similarities to the Common Object

Request Broker Architecture (CORBA) is:

A. Distributed Data Model

B. Inference Model

C. Distributed Component Object Model (DCOM)

D. The Chinese Wall Model

Answer: C

Explanation:

DCOM is the distributed version of COM that supports remote objects as if the objects reside in the clients

address space. ACOM client can access a COM object through the use of a pointer to one of the objects

interfaces and, then, invoking methods through that pointer. As discussed in Question 24, CORBA is a

distributed object framework developed by the Object Management Group.

* the Chinese Wall Model (D.C. Brewer & M.J. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE

Computer Society Symposium on Security and Privacy, pp. 215-228, 1989), uses internal rules to

compartmentalize areas in which individuals may work to prevent disclosure of proprietary information and to

avoid conflicts of interest. The Chinese Wall model also incorporates the principle of separation of duty.

* Answers Inference Model and Distributed Data Model are distracters.

Q1856

The process of analyzing large data sets in a data warehouse to find

non-obvious patterns is called:

964

ISC CISSP Exam

A. Data scanning

B. Data administration

C. Derived data

D. Data mining

Answer: D

Explanation:

For example, mining of consumer-related data may show a correlation between the number of children under

four years old in a household and the fathers preferences in aftershave lotion.

*Answer Data scanning is a distracter.

*Data administrationdescribes the degree of managements dedication to the data warehouse concept.

*Answer derived data, is data that is obtained through the processing of raw data.

Q1857

In an expert system, the process of beginning with a possible solution

and using the knowledge in the knowledge base to justify the solution

based on the raw input data is called:

A. Forward chaining

B. Dynamic reasoning

C. A blackboard solution

D. Backward chaining

Answer: D

Explanation:

Backward chaining is generally used when there are a large number of possible solutions relative to the number

of inputs.

*Answer Dynamic reasoning is a distracter.

Answer forward chaining, is the reasoning approach that can be used when there is a small number of solutions

relative to the number of inputs. The input data is used to reason forward to prove that one of the possible

solutions in a small solution set is the correct one.

965

ISC CISSP Exam

*The blackboard is an expert system reasoning

methodology in which a solution is generated by the use of a virtual blackboard wherein information or potential

solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more

information is placed on the blackboard in an iterative process, a solution is generated.

Q1858

Which of the following are alid legal issues associated with

computer crime? Select three

A. It may be difficult to prove criminal intent.

B. It may be difficult to obtain a trail of evidence of activities performed on the computer.

C. It may be difficult to show causation.

D. Electronic Data Interchange (EDI) makes it easier to relate a crime to an individual.

Answer: A,B,C

Explanation:

EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data

interchanges and this makes it more difficult to trace the originator of some transactions. *Answer “It may be

difficult to prove criminal intent” is a valid legal issue since it may be very difficult to prove

criminal intent by a person perusing computer files and then causing damage to the files. The damage may

have not been intentional. *Answer “It may be difficult to obtain a trail of evidence of activities performed on the

computer” describes the situation of trying to track activities on a computer where the information is volatile and

may have been

destroyed.

* In answer “It may be difficult to show causation”, common law refers to causation of the criminal act.

Causation is particularly difficult to show in instances where a virus or other malicious code erases itself after

causing damage to vital information.

966

ISC CISSP Exam

Q1859

The Kennedy-Kassebaum Act is also known as:

A. HIPAA

B. RICO

C. EU Directive

D. OECD

Answer: A

Explanation:

The others refer to other laws or guidelines.

Q1860

Which choice below is NOT an element of BCP plan approval and implementation?

A. Executing a disaster scenario and documenting the results

B. Obtaining senior management approval of the results

C. Creating an awareness of the plan

D. Updating the plan regularly and as needed

Answer: A

Explanation:

Answer “Executing a disaster scenario and documenting the results” is a distracter, although it could be

considered a loose description of disaster recovery plan testing. The other three choices are primary elements

of BCP approval, implementation, and maintenance.

Q1861

967

ISC CISSP Exam

Which statement below MOST accurately describes configuration

control?

A. Assuring that only the proposed and approved system changes are implemented

B. Tracking the status of current changes as they move through the configuration control process

C. Verifying that all configuration management policies are being followed

D. The decomposition process of a verification system into CIs

Answer: A

Explanation:

Configuration control is a means of assuring that system changes are approved before being implemented,

only the proposed and approved changes are implemented, and the implementation is complete and accuratE.

This involves strict procedures for proposing, monitoring, and approving system changes and their

implementation. Configuration control entails central direction of the change process by personnel who

coordinate analytical tasks, approve system changes, review the implementation of changes, and supervise

other tasks such as documentation.

*Answer “The decomposition process of a verification system into CIs” is configuration identification. The

decomposition

process of a verification system into Configuration Items (CIs) is called configuration identification. A CI is a

uniquely identifiable subset of the system that represents the smallest portion to be subject to independent

configuration control procedures.

Answer “Tracking the status of current changes as they move through the configuration control process” is

configuration accounting. Configuration accounting documents the status of configuration control activities and,

in general, provides the information needed to manage a configuration effectively. It allows managers to trace

system changes and establish the history of any developmental problems and associated fixes. Configuration

accounting also tracks the status of current changes as they move through the configuration control process.

Configuration accounting establishes the granularity of recorded information and thus shapes the accuracy and

usefulness of the audit function. *Answer “Verifying that all configuration management policies are being follow”

is configuration audit. Configuration audit is the quality

assurance component of configuration management. It involves periodic checks to determine the consistency

and completeness of accounting information and to verify that all configuration management policies are being

followeD. A vendors configuration management

968

ISC CISSP Exam

program must be able to sustain a complete configuration audit by an NCSC review team.

Source: NCSC-TG-014, Guidelines for Formal Verification Systems.

Q1862

Which of the following best defines social engineering?

A. Gathering information from discarded manuals and printouts

B. Illegal copying of software

C. Destruction or alteration of data

D. Using people skills to obtain proprietary information

Answer: D

Explanation:

Using people skills to obtain proprietary information.

*Answer “Illegal copying of software” is software piracy

* answer “Gathering information from discarded manuals and printouts” is dumpster diving; *answer

“Destruction or alteration of data” is a violation of integrity.

Q1863

18 USC. ß2001 (1994) refers to:

A. Article 18, US Code, Section 2001, 1994 edition.

B. Title 18, University of Southern California, Article 2001, 1994 edition.

C. Title 2001 of the US Code, Section 18, 1994 edition.

D. Title 18, Section 2001 of the US Code, 1994 edition.

Answer: D

Explanation:

969

ISC CISSP Exam

Q1864

Asystem that exhibits reasoning similar to that of humans knowledgeable

in a particular field to solve a problem in that field is called:

A. An expert system.

B. A data warehouse.

C. A neural network.

D. A smart system.

Answer: A

Explanation:

Answer a smart system is a distracter.

A data warehouse, is a repository of information from heterogeneous databases that is available to users for

making queries. A neural network is a self-learning system that bases its operation on the model of the

functioning of biological neurons.

Q1865

Which choice below is NOT a recommended step to take when resuming

normal operations after an emergency?

A. Conduct an investigation.

B. Re-occupy the damaged building as soon as possible.

C. Account for all damage-related costs.

D. Protect undamaged property.

Answer: B

Explanation:

Re-occupying the site of a disaster or emergency should not be undertaken until a full safety inspection has

been done, an investigation into the cause of the emergency has been completed, and all damaged property

has been salvaged and restored. During and after an emergency, the safety of personnel must be monitored,

any remaining hazards must be assessed, and security must be maintained at the scene. After all safety

precautions have been taken, an inventory of

970

ISC CISSP Exam

damaged and undamaged property must be done to begin salvage and restoration tasks. Also, the site must

not be re-occupied until all investigative processes have been completed. Detailed records must be kept of all

disaster-related costs and valuations must be made of the effect of the business interruption. Source:

Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August

1998.

Q1866

In the software life cycle, validation:

A. Refers to the work product satisfying software maturity levels.

B. Refers to the work product satisfying the real-world requirements and concepts.

C. Refers to the work product satisfying generally accepted principles.

D. Refers to the work product satisfying derived specifications.

Answer: B

Explanation:

In the software life cycle, validation is the

work product satisfying the real-world requirements and concepts.

The other answers are distracters.

Q1867

What is the responsibility of the contingency planner regarding LAN

backup and recovery if the LAN is part of a building server environment?

A. Recovering client/server systems owned and supported by internal staff

B. Identifying essential business functions

C. Classifying the recovery time frame of the business unit LAN “Pass Any Exam. Any Time.” – www.

actualtests.com 971

ISC CISSP Exam

D. Getting a copy of the recovery procedures from the building server administrator

Answer: D

Explanation:

When any part of the LAN is not hosted internally, and is part of a building server environment, it is the

responsibility of the contingency planner to identify the building server administrator, identify for him the

recovery time frame required for your business applications, obtain a copy of the recovery procedures, and

participate in the validation of the buildings server testing. If all or part of the business is not in the building

server environment, then the other three choices are also the responsibility of the contingency planner. Source:

Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.

Q1868

Which standard defines th

Show more