cissp exam cram
Post on 13-Mar-2016
222 views
Embed Size (px)
DESCRIPTION
ÂTRANSCRIPT
CISSP PracticeQuestions
Third Edition
Michael Gregg
CISSP Practice Questions Exam Cram, Third Edition
Copyright 2013 by Pearson Education, Inc.All rights reserved. No part of this book shall be reproduced, stored in a retrieval sys-tem, or transmitted by any means, electronic, mechanical, photocopying, recording, orotherwise, without written permission from the publisher. No patent liability isassumed with respect to the use of the information contained herein. Although everyprecaution has been taken in the preparation of this book, the publisher and authorassume no responsibility for errors or omissions. Nor is any liability assumed for dam-ages resulting from the use of the information contained herein.ISBN-13: 978-0-7897-4959-8ISBN-10: 0-7897-4959-9Library of Congress Cataloging-in-Publication data is on file.Printed in the United States of AmericaFirst Printing: September 2012
TrademarksAll terms mentioned in this book that are known to be trademarks or service markshave been appropriately capitalized. Pearson IT Certification cannot attest to the accu-racy of this information. Use of a term in this book should not be regarded as affectingthe validity of any trademark or service mark.
Warning and DisclaimerEvery effort has been made to make this book as complete and as accurate as possi-ble, but no warranty or fitness is implied. The information provided is on an as isbasis. The author and the publisher shall have neither liability nor responsibility to anyperson or entity with respect to any loss or damages arising from the information con-tained in this book or from the use of the CD or programs accompanying it.
Bulk SalesPearson IT Certification offers excellent discounts on this book when ordered in quanti-ty for bulk purchases or special sales. For more information, please contact
U.S. Corporate and Government Sales1-800-382-3419corpsales@pearsontechgroup.com
For sales outside of the U.S., please contactInternational Salesinternational@pearsoned.com
Associate PublisherDave Dusthimer
Acquisitions EditorBetsy Brown
Senior DevelopmentEditorChristopherCleveland
Managing EditorSandra Schroeder
Senior ProjectEditorTonya Simpson
Copy EditorSheri Cain
Technical EditorsShawn MerdingerPatrick Ramseier
PublishingCoordinatorVanessa Evans
MultimediaDeveloperTimothy Warner
Interior DesignerGary Adair
Cover DesignerAlan Clements
CompositorTnT Design, Inc.
Contents at a Glance
Introduction 1
CHAPTER 1: Physical (Environmental) Security 5
CHAPTER 2: Access Control 31
CHAPTER 3: Cryptography 65
CHAPTER 4: Security Architecture and Design 99
CHAPTER 5: Telecommunications and Network Security 135
CHAPTER 6: Business Continuity and Disaster Recovery Planning 171
CHAPTER 7: Legal, Regulations, Investigations, and Compliance 209
CHAPTER 8: Software Development Security 237
CHAPTER 9: Information Security, Governance, and Risk Management 271
CHAPTER 10: Security Operations 301
iv CISSP Practice Questions Exam Cram
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Who This Book Is For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1What You Will Find in This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Hints for Using This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Pearson IT Certification Practice Test Engine and
Questions on the CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Need Further Study? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Chapter 1:Physical (Environmental) Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Chapter 2:Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 3:Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Contents v
Chapter 4:Security Architecture and Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 5:Telecommunications and Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 6:Business Continuity and Disaster Recovery Planning . . . . . . . . . . . . . . . . . . . . . 171
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Chapter 7:Legal, Regulations, Investigations, and Compliance . . . . . . . . . . . . . . . . . . . . . 209
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Chapter 8:Software Development Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
vi CISSP Practice Questions Exam Cram
Chapter 9:Information Security, Governance, and Risk Management. . . . . . . . . . . . . . . . . 271
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290Practice Questions (Mix and Match) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Quick Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Chapter 10:Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Practice Questions (True or False) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320Practice Questions (Mi