CISSP自测题及详解

CBKDomain Access Control System  访问控制系统

1 Answer：A

2 Answer：A

3 Answer：D

The smart card or chip contains informationpertaining to the subscriber, such as the cell phone number belonging to thesubscriber, authentication information, encryption keys, directory of phonenumbers, and short saved messages belonging to that subscriber.

4 Answer：C

CBKDomain Application and System Development 应用系统开发

1 Answer：A

If another user at a lower classification level attemptsto create a confidential entry for another military unit using

the same identification number as a primary key, arejection of this attempt would infer to the lower level user

that the same identification number existed at a higherlevel of classification. To avoid this inference

Channel of information

Chosen value 是密码学里的概念

2 Answer: B

3 Answer: D

4 Answer: A

A reference monitor is a system componentthat enforces access controls on an object. Therefore, the reference monitorconcept is an abstract machine that mediates all access of subjects to objects.

5 Answer: D

Test Data Method：Processingspecially prepared sets of input data integrated test facility：One or moreaudit module designed into the application during the system development

A Parallel Simulation：Using aprogram that simulates the key features of the application under review

6 Answer: B

Polyinstantiation Polyinstantiation is thedevelopment of a detailed version of an object from another object usingdifferent values in the new object. In database information security, this termis concerned with the same primary key for different relations at differentclassification levels being stored in the same database.

7Answer: A

8Answer: D

The value of a neural network is itsability to dynamically adjust its weights in order to associate the given inputvectors with corresponding output vectors. All in one: Application P729

Data mining can look at complex data andsimplify it by using fuzzy logic, set theory, and neural networks to performthe mathematical functions and look for patterns in data that are not soapparent.

CBKDomain Business Continuity Plan 业务连续性

1 Answer: B

2 Answer: D

3 Answer: D

The Disaster Recovery Planning Process

This phase involves the development andcreation of the recovery plans, which are similar to the BCP process. However,in BCP we were involved in BIA and loss criteria for identifying the criticalareas of the enterprise that the business requires to sustain continuity andfinancial viability; here, we’re assuming that those identifications have beenmade and the rationale has been created. Now we’re defining the steps we willneed to perform to protect the business in the event of an actual disaster.

4 Answer: A

5 Answer: B

6 Answer: A

7 Answer: C

CBKDomain Cryptography 密码系统

1 Answer: A

2 Answer: A

3 Answer: A

4 Answer: C

Hybrid systems have evolved that use publickey cryptography to safely distribute the secret keys used in symmetric keycryptography.

5 Answer:  C

6Answer: B

Certificate Revocation Lists (CRLs) thatdenote the revoked certificates.

7 Answer: B

8 Answer:  A

CBKDomain Law Ethics and Investigation法律、道德和调查

1 Answer：A

2 Answer：A

3 Answer：D

4 Answer：A

5 Answer：A

CBKDomain Operation Security运作安全

1 Answer: B

2 Answer: A

Five generally accepted procedures exist toimplement and support the change control process:

a. Applying to introduce a change. Requestspresented to an individual or group responsible for approving and administeringchanges.

b. Approval of the change. Demonstratingtrade-off analysis of the change and justifying it.

c. Cataloging the intended change.Documenting and updating the change in a change control log.

d. Testing the change. Formal testing ofthe change.

e. Scheduling and implementing the change.Scheduling the change and implementing the change.

f. Reporting the change to the appropriateparties. Submitting a full report summarizing the change to management.

3 Answer: D

Intent:意图，攻击尝试可以被审核，但意图不行

4 Answer: A

Least Privilege. Least privilege requiresthat each subject be granted the most restricted set of privileges needed forthe performance of their task.

It may be necessary to separate the levelsof access based on the operator’s job function. A very effective approach is leastprivilege.

Privacy. The level of confidentiality andprivacy protection that a user is given in a system. This is often an importantcomponent of security controls. Privacy not only guarantees the fundamentaltenet of confidentiality of a company’s data, but also guarantees the data’slevel of privacy, which is being used by the operator. Compartmentalization:The isolation of the operating system, user programs, and data files from oneanother in main storage to protect them against unauthorized or concurrentaccess by other users or programs. Also, the division of sensitive data intosmall, isolated blocks to reduce risk to the data.

Risk Management’s main function is tomitigate risk. Mitigating risk means to reduce the risk until it reaches alevel that is acceptable to an organization. Risk Management can be defined asthe identification, analysis, control, and minimization of loss that isassociated with events.

5 Answer: D

Object Reuse is the concept of reusing datastorage media after its initial use. Data Remanence is the problem of residualinformation remaining on the media after erasure, which may be subject torestoration by another user,

CBKDomain Physical Security 物理安全

1 Answer：D

Fault:短暂掉电

Surge:较长的电压过高

Blackout:较长的掉电

2 Answer：D

3 Answer：A

4 Answer：C

Acoustical-seismic detection system:听觉震动检测系统

5 Answer：D

6 Answer：D

焦距（Focal Length）

焦距指镜头中心到焦点的距离，通常以毫米 mm 量度。照相机镜头把拍摄场景中的光线投射到胶卷或传感器上。可见的视野范围（FOV，Field of View）由镜头覆盖的场景水平和垂直距离决定。面积大的传感器和胶卷拥有更大的 FOVs，并且能够记录场景中的更多信息。焦距和 FOV 通常都是以 35mm 胶卷为参照的，因为这种格式（35mm）比较常用。图解见下页

                              

CBKDomain Security Architecture and Mode 安全架构和模型

1 Answer: B

Potential Problems:

Performance and availability of computing resources

The system and networking infrastructure

Procedures and transactions

Safety and security of personnel

Abnormal Events - that can be discovered byan audit

Degraded resource availability

Deviations from the standard transactionprocedures

Unexplained occurrences in a processingchain

2 Answer: B

3 Answer: B

4 Answer: D

主流的隐蔽通道标识方法共有4 种:(1) 语法信息流法;(2)无干扰法;(3)共享资源矩阵法;(4语义信息流法.目前,应用最为广泛的是方法(3)和方法(4).

隐蔽通道共有3种处理方法:消除法、带宽限制法和审计法.

隐蔽通道分析可以在以下3个层次进行:

(a) 描述性顶层规范DTLS(detailed  top-level specification);

(b) 形式化顶层规范 FTLS;

(c) 源代码.

Shared Resource Matrix methodology, whichis an approach that can be applied to a variety of system description forms andcan increase the assurance (although it does not guarantee it) that all channelshave been found.

5 C

6 D

Cascading. One system’s input is obtainedfrom the output of another system (System architecture) Network-related issuesof authentication (such as proxies and cascading trust) are beyond the scope ofthis document.

CBK DomainSecurity Management Practice安全管理实践

1 Answer: D

In order for this security policy to beeffective, it must receive approval and support from all the extranetparticipants (i.e., senior management). The security policy must keep up withthe technological pace of the information systems technology Authorization mustadhere to the least-privilege principle.

2 Answer: B

Analog line:模拟线路

3 Answer: B

4 Answer: D

5 Answer: A

6 Answer: B

7 Answer: A

The overall purpose of a penetration testis to determine the subject’s ability to withstand an attack by a hostileintruder. The reason penetration testing exists is that organizations need todetermine the effectiveness of their security measures

8 Answer: A

The first type of testing involves thephysical infrastructure of the subject. Another type of testing examines theoperational aspects of an organization. The final type of penetration test isthe electronic test.

9 Answer:  B

10 Answer:  D

CBKDomain Telecommunication and Network Security 电信与网络安全

1 Answer: C

网络层负责路由和寻址功能。

传输层负责端到端的传输控制，完整性检测，数据分割和重组，流量控制等等。

2 Answer: D

3 Answer: A

4 Answer: B

The Internet Layer corresponds to the OSI’sNetwork Layer. It designates the protocols that are related to the logicaltransmission of packets over the network. This layer gives network nodes an IPaddress and handles the routing of packets among multiple networks. It alsocontrols the communication flow between hosts. At the bottom of the TCP/IPmodel, the Network Access Layer monitors the data exchange between the host andthe network. The equivalent of the Data Link and Physical layers of the OSImodel, it oversees hardware addressing

and defines protocols for the physicaltransmission of data.

5 Answer: C

Shanghai Spisec Information &Technology Co.,Ltd.

QQ:2961785677

E-mail:liaimeng@spisec.com

Room 1506 Anji Plaza,No.760 South XizangRoad,Huangpu District,Shanghai,China  

Web：http://www.spisec.com  http://www.cncisa.com