[Newest Version] Easily Pass CISSP Exam with CertBus Updated Real ISC CISSP Exam Materials

CertBus 2020 Hottest ISC CISSP ISC Certification Exam VCE and PDF Dumps for Free Download!

CISSP ISC Certification Exam PDF and VCE Dumps : 970QAs Instant Download: https://www.certbus.com/CISSP.html [100% CISSP Exam Pass Guaranteed or Money Refund!!]
☆ Free view online pdf on CertBus free test CISSP PDF: https://www.certbus.com/online-pdf/CISSP.pdf
☆ CertBus 2020 Hottest CISSP ISC Certification exam Question PDF Free Download from Google Drive Share: https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing

Following CISSP 970QAs are all new published by ISC Official Exam Center

In recent years, many people choose to take ISC ISC Certification Hotest CISSP vce certification exam. This certification will make you get a position the ISC certified and that is the passport to get a better salary and better promotions. How to prepare for ISC ISC Certification Hotest CISSP pdf dumps exam and get the certificate? We, CertBus, will provide ISC ISC Certification Jul 20,2020 Hotest CISSP vce exam questions and answers on CertBus.

CertBus – professional CISSP certification material provider – success pass 100% guaranteed! CertBus – your reliable partner and professional CISSP certification exam material provider. CertBus 100% accurate exam brain dumps with latest update. download the free CISSP demo to check first. CertBus – the most professional provider of all CISSP certifications. pass all the CISSP exam easily.

We CertBus has our own expert team. They selected and published the latest CISSP preparation materials from ISC Official Exam-Center: https://www.certbus.com/CISSP.html

Question 1:

The primary service provided by Kerberos is which of the following?

A. non-repudiation

B. confidentiality

C. authentication

D. authorization

Correct Answer: C

Explanation: non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not help with non-repudiation.

confidentiality. Once the client is authenticated by Kerberos and obtains its session key and ticket, it may use them to assure confidentiality of its communication with a server; however, that is not a Kerberos service as such.

authorization. Although Kerberos tickets may include some authorization information, the meaning of the authorization fields is not standardized in the Kerberos specifications, and authorization is not a primary Kerberos service.

The following reference(s) were/was used to create this question:

ISC2 OIG,2007 p. 179-184

Shon Harris AIO v.3 152-155


Question 2:

Who developed one of the first mathematical models of a multilevel-security computer system?

A. Diffie and Hellman.

B. Clark and Wilson.

C. Bell and LaPadula.

D. Gasser and Lipner.

Correct Answer: C

Explanation: In 1973 Bell and LaPadula created the first mathematical model of a multi- level security system.

The following answers are incorrect:

Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography.

Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson model came later, 1987

Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model


Question 3:

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?

A. Extensible Authentication Protocol

B. Challenge Handshake Authentication Protocol

C. Remote Authentication Dial-In User Service

D. Multilevel Authentication Protocol.

Correct Answer: A

Explanation: RFC 2828 (Internet Security Glossary) defines the Extensible Authentication Protocol as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. It is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines. The Remote Authentication Dial-In User Service (RADIUS) is defined as an Internet protocol for carrying dial-in user\’s authentication information and configuration information between a shared, centralized authentication server and a network access server that needs to authenticate the users of its network access ports. The other option is a distracter. Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000


Question 4:

The type of discretionary access control (DAC) that is based on an individual\’s identity is also called:

A. Identity-based Access control

B. Rule-based Access control

C. Non-Discretionary Access Control

D. Lattice-based Access control

Correct Answer: A

Explanation: An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual\’s identity.

DAC is good for low level security environment. The owner of the file decides who has access to the file.

If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating system.

Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources.

This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not.

Reference(s) used for this question:

Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw- Hill . Kindle Edition.


Question 5:

Which of the following is the WEAKEST authentication mechanism?

A. Passphrases

B. Passwords

C. One-time passwords

D. Token devices

Correct Answer: B

Explanation: Most of the time users usually choose passwords which can be guessed , hence passwords is the BEST answer out of the choices listed above.

The following answers are incorrect because :

Passphrases is incorrect as it is more secure than a password because it is longer. One-time passwords is incorrect as the name states , it is good for only once and cannot be reused.

Token devices is incorrect as this is also a password generator and is an one time password mechanism.

Reference : Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 139 , 142


Latest CISSP DumpsCISSP Practice TestCISSP Braindumps

Question 6:

Why do buffer overflows happen? What is the main cause?

A. Because buffers can only hold so much data

B. Because of improper parameter checking within the application

C. Because they are an easy weakness to exploit

D. Because of insufficient system memory

Correct Answer: B

Explanation: Buffer Overflow attack takes advantage of improper parameter checking within the application. This is the classic form of buffer overflow and occurs because the programmer accepts whatever input the user supplies without

checking to make sure that the length of the input is less than the size of the buffer in the program. The buffer overflow problem is one of the oldest and most common problems in software development and programming, dating back to the

introduction of interactive computing. It can result when a program fills up the assigned buffer of memory with more data than its buffer can hold. When the program begins to write beyond the end of the buffer, the program\’s execution path

can be changed, or data can be written into areas used by the operating system itself. This can lead to the insertion of malicious code that can be used to gain administrative privileges on the program or system. As explained by Gaurab, it

can become very complex. At the time of input even if you are checking the length of the input, it has to be check against the buffer size. Consider a case where entry point of data is stored in Buffer1 of Application1 and then you copy it to

Buffer2 within Application2 later on, if you are just checking the length of data against Buffer1, it will not ensure that it will not cause a buffer overflow in Buffer2 of Application2

A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the exam:

It should be noted that the CISSP is not required to be an expert programmer or know the inner workings of developing application software code, like the FORTRAN programming language, or how to develop Web applet code using Java. It

is not even necessary that the CISSP know detailed security-specific coding practices such as the major divisions of buffer overflow exploits or the reason for preferring str(n)cpy to strcpy in the C language (although all such knowledge is, of

course, helpful). Because the CISSP may be the person responsible for ensuring that security is included in such developments, the CISSP should know the basic procedures and concepts involved during the design and development of

software programming. That is, in order for the CISSP to monitor the software development process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security

strengths and weaknesses of various application development processes.

The following are incorrect answers:

“Because buffers can only hold so much data” is incorrect. This is certainly true but is not the best answer because the finite size of the buffer is not the problem — the problem is that the programmer did not check the size of the input before

moving it into the buffer.

“Because they are an easy weakness to exploit” is incorrect. This answer is sometimes true but is not the best answer because the root cause of the buffer overflow is that the programmer did not check the size of the user input.

“Because of insufficient system memory” is incorrect. This is irrelevant to the occurrence of a buffer overflow.

Reference(s) used for this question:

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13319-13323). Auerbach Publications. Kindle Edition.


Question 7:

Kerberos can prevent which one of the following attacks?

A. Tunneling attack.

B. Playback (replay) attack.

C. Destructive attack.

D. Process attack.

Correct Answer: B

Explanation: Each ticket in Kerberos has a timestamp and are subject to time expiration to help prevent these types of attacks.

The following answers are incorrect:

Tunneling attack. This is incorrect because a tunneling attack is an attempt to bypass security and access low-level systems. Kerberos cannot totally prevent these types of attacks.

Destructive attack. This is incorrect because depending on the type of destructive attack, Kerberos cannot prevent someone from physically destroying a server.

Process attack. This is incorrect because with Kerberos cannot prevent an authorized individuals from running processes


Question 8:

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct?

A. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision.

B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols.

C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.

D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision.

Correct Answer: C

Explanation: Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 33


Question 9:

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

A. Using a TACACS server.

B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

C. Setting modem ring count to at least 5

D. Only attaching modems to non-networked hosts.

Correct Answer: B

Explanation: Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall, any access to internal resources through the RAS can be

filtered as would any other connection coming from the Internet.

The use of a TACACS Server by itself cannot eliminate hacking. Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers.

Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked.

Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.


Question 10:

Frame relay and X.25 networks are part of which of the following?

A. Circuit-switched services

B. Cell-switched services

C. Packet-switched services

D. Dedicated digital services

Correct Answer: C

Explanation: Frame relay and X.25 are both examples of packet-switching technologies. In packet-switched networks there are no dedicated connections between endpoints, and data is divided into packets and reassembled on the receiving end.

Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. The following two techniques are used in packet-switching technology:

Variable-length packets Statistical multiplexing

Variable-length packets are used for more efficient and flexible data transfers. These packets are switched between the various segments in the network until the destination is reached.

Statistical multiplexing techniques control network access in a packet-switched network. The advantage of this technique is that it accommodates more flexibility and more efficient use of bandwidth. Most of today\’s popular LANs, such as Ethernet and Token Ring, are packet-switched networks.

Frame Relay often is described as a streamlined version of X.25, offering fewer of the robust capabilities, such as windowing and retransmission of last data that are offered in X.25. This is because Frame Relay typically operates over WAN facilities that offer more reliable connection services and a higher degree of reliability than the facilities available during the late 1970s and early 1980s that served as the common platforms for X.25 WANs. As mentioned earlier, Frame Relay is strictly a Layer 2 protocol suite, whereas X.25 provides services at Layer 3 (the network layer) as well. This enables Frame Relay to offer higher performance and greater transmission efficiency than X.25, and makes Frame Relay suitable for current WAN applications, such as LAN interconnection.

The following answers are incorrect:

Circuit-switched services. An example of a circuit-switched service are Integrated Services Digital Network (ISDN) and Point-to-Point Protocol (PPP). Frame Relay and X.25 do not use circuit switching technology.

Cell-switched services. This is a distractor.

Dedicated digital services. A packet switched network is commonly via a digital method, but is not dedicated. Examples of a Dedicated digital service might be a Permanent Virtual Circuit (PVC), which does not use packet switching.

The following reference(s) were/was used to create this question: The CISCO Wiki on Frame Relay


CertBus exam braindumps are pass guaranteed. We guarantee your pass for the CISSP exam successfully with our ISC materials. CertBus Certified Information Systems Security Professional exam PDF and VCE are the latest and most accurate. We have the best ISC in our team to make sure CertBus Certified Information Systems Security Professional exam questions and answers are the most valid. CertBus exam Certified Information Systems Security Professional exam dumps will help you to be the ISC specialist, clear your CISSP exam and get the final success.

CISSP Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing

CISSP ISC exam dumps (100% Pass Guaranteed) from CertBus: https://www.certbus.com/CISSP.html [100% Exam Pass Guaranteed]

Why select/choose CertBus?

Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.

Brand Certbus Testking Pass4sure Actualtests Others
Price $45.99 $124.99 $125.99 $189 $69.99-99.99
Up-to-Date Dumps
Free 365 Days Update
Real Questions
Printable PDF
Test Engine
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back
Secure Payment
Privacy Protection

Author: CertBus