CISSP Lesson 2 PreTest Flashcards Preview

CISSP Exam > CISSP Lesson 2 PreTest > Flashcards

Flashcards in CISSP Lesson 2 PreTest Deck (17)
Loading flashcards...
2
Q

Which is not a criterion for classifying data?
A) Age of data
B) The code page used to store the data
C) Personal association

A

The code page used to store the data

3
Q

A host-based Intrusion Detection System (IDS) samples all packets that pass through a particular point on a network.
A) TRUE
B) FALSE

A

FALSE

4
Q

Which is an example of an administrative detective control?
A) Antivirus software
B) Encryption
C) Performance review

A

Performance review

5
Q
Which are types of Biometric authentication? Choose all that apply.
A) Signature
B) Keystroke pattern
C) Retina scan
D) Voice pattern
A

Signature
Keystroke pattern
Retina scan
Voice pattern

6
Q

Which is a physical access control?
A) Protect all data all the time
B) Protect the easiest data to control
C) Protect only what must be protected

A

Protect all data all the time

7
Q

Who is ultimately responsible for data security?
A) Owner
B) Custodian
C) User

A

Owner

8
Q

Kerberos can use the same key for encryption and decryption.
A) TRUE
B) FALSE

A

TRUE

9
Q

RADIUS is an example of which kind of authentication?
A) Decentralized
B) Centralized

A

Centralized

10
Q
Which are administrative access controls? Choose all that apply.
A) Hiring practices
B) Policies and procedures
C) Security awareness training
D) Monitoring
A

Hiring practices
Policies and procedures
Security awareness training
Monitoring

11
Q

Which is an example of a technical preventative control?
A) Access card
B) Badge
C) Database view

A

Database view

12
Q

Network architecture is an example of a logical access control.
A) TRUE
B) FALSE

A

TRUE

13
Q

Which is an example of type 1 authentication?
A) User ID
B) One-time password
C) PIN

A

PIN

14
Q

Asynchronous devices are generally less secure than synchronous devices.
A) TRUE
B) FALSE

A

FALSE

15
Q

In a hybrid model, where should high-security objects be placed?
A) Centralized authentication mechanism
B) Decentralized authentication mechanism

A

Centralized authentication mechanism

16
Q

__________ is an entity that requests access to data.
A) Data owner
B) Subject
C) Custodian

A

Subject

17
Q

Which statement describes dictionary attacks?
A) Saturates the network to render access impossible
B) Attempts to gain access using exhaustive input
C) Uses a list of commonly used passwords to attempt to gain access

A

Uses a list of commonly used passwords to attempt to gain access

18
Q

On what is nondiscretionary access control based?
A) Roles
B) Rules
C) Identity

A

Roles