CertBus 2020 Latest ISC CISSP ISC Certification Exam VCE and PDF Dumps for Free Download!
☆ CISSP ISC Certification Exam PDF and VCE Dumps : 970QAs Instant Download: https://www.certbus.com/CISSP.html [100% CISSP Exam Pass Guaranteed or Money Refund!!]
☆ Free view online pdf on CertBus free test CISSP PDF: https://www.certbus.com/online-pdf/CISSP.pdf
☆ CertBus 2020 Latest CISSP ISC Certification exam Question PDF Free Download from Google Drive Share: https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing
Following CISSP 970QAs are all new published by ISC Official Exam Center
CertBus ensures to provide the most update Latest CISSP study guide Certified Information Systems Security Professional exam questions with the most accurate answers. CertBus ISC Certification Hotest CISSP free download are the most complete and authoritative exam preparation materials with which one can pass the ISC Certification Latest CISSP study guide exam in an easy way. Preparing for ISC ISC Certification Jul 28,2020 Newest CISSP practice Certified Information Systems Security Professional exam is really a tough task to accomplish. But CertBus will simplified the process.
CertBus – leader of CISSP certifications, latest dumps, guaranteed pass. CertBus- reliable CISSP certifications expert on CISSP exam study guide providing. CertBus – find all popular CISSP exam certification study materials here. our expert team is ready to help you to get your certification easily. CertBus – pass all CISSP certification exams easily with our real exam practice. latest update and experts revised.
We CertBus has our own expert team. They selected and published the latest CISSP preparation materials from ISC Official Exam-Center: https://www.certbus.com/CISSP.html
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item\’s classification
B. The item\’s classification and category set
C. The item\’s category
D. The items\’s need to know
Correct Answer: B
Explanation: The following is the correct answer: the item\’s classification and category set.
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must contain at least one Classification and at least one Category. It is common in some environments for a single item to belong to multiple
categories. The list of all the categories to which an item belongs is called a compartment set or category set.
The following answers are incorrect:
The item\’s classification. Is incorrect because you need a category set as well.
The item\’s category. Is incorrect because category set and classification would be both be required.
The item\’s need to know. Is incorrect because there is no such thing. The need to know is indicated by the catergories the object belongs to. This is NOT the best answer.
Reference(s) used for this question:
OIG CBK, Access Control (pages 186 – 188)
AIO, 3rd Edition, Access Control (pages 162 – 163)
AIO, 4th Edition, Access Control, pp 212-214
Wikipedia – http://en.wikipedia.org/wiki/Mandatory_Access_Control
Which of the following access control models requires security clearance for subjects?
A. Identity-based access control
B. Role-based access control
C. Discretionary access control
D. Mandatory access control
Correct Answer: D
Explanation: With mandatory access control (MAC), the authorization of a subject\’s access to an object is dependant upon labels, which indicate the subject\’s clearance. Identity-based access control is a type of discretionary access control. A role-based access control is a type of non-discretionary access control. Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley and Sons, 2001, Chapter 2: Access control systems (page 33).
Which access model is most appropriate for companies with a high employee turnover?
A. Role-based access control
B. Mandatory access control
C. Lattice-based access control
D. Discretionary access control
Correct Answer: A
Explanation: The underlying problem for a company with a lot of turnover is assuring that new employees are assigned the correct access permissions and that those permissions are removed when they leave the company.
Selecting the best answer requires one to think about the access control options in the context of a company with a lot of flux in the employee population. RBAC simplifies the task of assigning permissions because the permissions are assigned to roles which do not change based on who belongs to them. As employees join the company, it is simply a matter of assigning them to the appropriate roles and their permissions derive from their assigned role. They will implicitely inherit the permissions of the role or roles they have been assigned to. When they leave the company or change jobs, their role assignment is revoked/changed appropriately.
Mandatory access control is incorrect. While controlling access based on the clearence level of employees and the sensitivity of obects is a better choice than some of the other incorrect answers, it is not the best choice when RBAC is an option and you are looking for the best solution for a high number of employees constantly leaving or joining the company.
Lattice-based access control is incorrect. The lattice is really a mathematical concept that is used in formally modeling information flow (Bell-Lapadula, Biba, etc). In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324- Discretionary access control is incorrect. When an employee joins or leaves the company, the object owner must grant or revoke access for that employee on all the objects they own. Problems would also arise when the owner of an object leaves the company. The complexity of assuring that the permissions are added and removed correctly makes this the least desirable solution in this situation. Alll in One, third edition page 165 RBAC is discussed on pp. 189 through 191 of the ISC(2) guide.
Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?
A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.
B. The initial logon process is cumbersome to discourage potential intruders.
C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications.
D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems
Correct Answer: A
Explanation: Single Sign-On is a distrubuted Access Control methodology where an individual only has to authenticate once and would have access to all primary and secondary network domains. The individual would not be required to re-
authenticate when they needed additional resources. The security issue that this creates is if a fraudster is able to compromise those credential they too would have access to all the resources that account has access to.
All the other answers are incorrect as they are distractors.
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?
A. Palm Scan
B. Hand Geometry
D. Retina scan
Correct Answer: D
Explanation: Retina based biometric involves analyzing the layer of blood vessels situated at the back of the eye.
An established technology, this technique involves using a low-intensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle
and focus on a given point. This is not particularly convenient if you wear glasses or are concerned about having close contact with the reading device. For these reasons, retinal scanning is not warmly accepted by all users, even though the
technology itself can work well.
For your exam you should know the information below:
Biometrics verifies an individual\’s identity by analyzing a unique personal attribute or behavior, which is one of the most effective and accurate methods of verifying identification and not well received by society. Biometrics is a very
sophisticated technology; thus, it is much more expensive and complex than the other types of identity verification processes. A biometric system can make authentication decisions based on an individual\’s behavior, as in signature dynamics,
but these can change over time and possibly be forged. Biometric systems that base authentication decisions on physical attributes (such as iris, retina, or fingerprint) provide more accuracy because physical attributes typically don\’t change,
absent some disfiguring injury, and are harder to impersonate Biometrics is typically broken up into two different categories. The first is the physiological. These are traits that are physical attributes unique to a specific individual. Fingerprints
are a common example of a physiological trait used in biometric systems. The second category of biometrics is known as behavioral. The behavioral authentication is also known as continuous authentication. The behavioral/continuous
authentication prevents session hijacking attack. This is based on a characteristic of an individual to confirm his identity. An example is signature Dynamics. Physiological is “what you are” and behavioral is “what you do.”
When a biometric system rejects an authorized individual, it is called a Type I error (false rejection rate). When the system accepts impostors who should be rejected, it is called a Type II error (false acceptance rate). The goal is to obtain low
numbers for each type of error, but Type II errors are the most dangerous and thus the most important to avoid. When comparing different biometric systems, many different variables are used, but one of the most important metrics is the
crossover error rate (CER). This rating is stated as a percentage and represents the point at which the false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining the system\’s
accuracy. A biometric system that delivers a CER of 3 will be more accurate than a system that delivers a CER of 4 Crossover error rate (CER) is also called equal error rate (EER).
Throughput describes the process of authenticating to a biometric system. This is also referred to as the biometric system response time. The primary consideration that should be put into the purchasing and implementation of biometric
access control are user acceptance, accuracy and processing speed.
In addition to the access control elements of a biometric system, there are several other considerations that are important to the integrity of the control environment. These are:
Resistance to counterfeiting
Data storage requirements
Target User and approach
Fingerprints are made up of ridge endings and bifurcations exhibited by friction ridges and other detailed characteristics called minutiae. It is the distinctiveness of these minutiae that gives each individual a unique fingerprint. An individual
places his finger on a device that reads the details of the fingerprint and compares this to a reference file. If the two match, the individual\’s identity has been verified.
The palm holds a wealth of information and has many aspects that are used to identify an individual. The palm has creases, ridges, and grooves throughout that are unique to a specific person. The palm scan also includes the fingerprints of
each finger. An individual places his hand on the biometric device, which scans and captures this information. This information is compared to a reference file, and the identity is either verified or rejected.
The shape of a person\’s hand (the shape, length, and width of the hand and fingers) defines hand geometry. This trait differs significantly between people and is used in some biometric systems to verify identity. A person places her hand on a
device that has grooves for each finger. The system compares the geometry of each finger, and the hand as a whole, to the information in a reference file to verify that person\’s identity.
A system that reads a person\’s retina scans the blood-vessel pattern of the retina on the backside of the eyeball. This pattern has shown to be extremely unique between different people. A camera is used to project a beam inside the eye and
capture the pattern and compare it to a reference file recorded previously.
An iris scan is a passive biometric control
The iris is the colored portion of the eye that surrounds the pupil. The iris has unique patterns, rifts, colors, rings, coronas, and furrows. The uniqueness of each of these characteristics within the iris is captured by a camera and compared with
the information gathered during the enrollment phase.
When using an iris pattern biometric system, the optical unit must be positioned so the sun does not shine into the aperture; thus, when implemented, it must have proper placement within the facility.
When a person signs a signature, usually they do so in the same manner and speed each time. Signing a signature produces electrical signals that can be captured by a biometric system. The physical motions performed when someone is
signing a document create these electrical signals. The signals provide unique characteristics that can be used to distinguish one individual from another. Signature dynamics provides more information than a static signature, so there are
more variables to verify when confirming an individual\’s identity and more assurance that this person is who he claims to be.
Whereas signature dynamics is a method that captures the electrical signals when a person signs a name, keystroke dynamics captures electrical signals when a person types a certain phrase. As a person types a specified phrase, the
biometric system captures the speed and motions of this action. Each individual has a certain style and speed, which translate into unique signals. This type of authentication is more effective than typing in a password, because a password is
easily obtainable. It is much harder to repeat a person\’s typing style than it is to acquire a password.
People\’s speech sounds and patterns have many subtle distinguishing differences. A biometric system that is programmed to capture a voice print and compare it to the information held in a reference file can differentiate one individual from
another. During the enrollment process, an individual is asked to say several different words.
A system that scans a person\’s face takes many attributes and characteristics into account. People have different bone structures, nose ridges, eye widths, forehead sizes, and chin shapes. These are all captured during a facial scan and
compared to an earlier captured scan held within a reference record. If the information is a match, the person is positively identified.
Whereas hand geometry looks at the size and width of an individual\’s hand and fingers, hand topology looks at the different peaks and valleys of the hand, along with its overall shape and curvature. When an individual wants to be
authenticated, she places her hand on the system. Off to one side of the system, a camera snaps a side-view picture of the hand from a different view and angle than that of systems that target hand geometry, and thus captures different data.
This attribute is not unique enough to authenticate individuals by itself and is commonly used in conjunction with hand geometry.
Valcular Scan uses the blood vessel under the first layer of skin.
The following answers are incorrect:
Fingerprint – Fingerprints are made up of ridge endings and bifurcations exhibited by friction ridges and other detailed characteristics called minutiae. It is the distinctiveness of these minutiae that gives each individual a unique fingerprint. An
individual places his finger on a device that reads the details of the fingerprint and compares this to a reference file. If the two match, the individual\’s identity has been verified.
Hand Geometry – The shape of a person\’s hand (the shape, length, and width of the hand and fingers) defines hand geometry. This trait differs significantly between people and is used in some biometric systems to verify identity. A person
places her hand on a device that has grooves for each finger. The system compares the geometry of each finger, and the hand as a whole, to the information in a reference file to verify that person\’s identity.
Palm Scan – The palm holds a wealth of information and has many aspects that are used to identify an individual. The palm has creases, ridges, and grooves throughout that are unique to a specific person. The palm scan also includes the
fingerprints of each finger. An individual places his hand on the biometric device, which scans and captures this information. This information is compared to a reference file, and the identity is either verified or rejected.
Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 330 and 331 Official ISC2 guide to CISSP CBK 3rd Edition Page number 924
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card
C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
Correct Answer: D
Explanation: Authentication is based on the following three factor types:
Type 1. Something you know, such as a PIN or password Type 2. Something you have, such as an ATM card or smart card Type 3. Something you are (Unique physical characteristic), such as a fingerprint or retina scan
Source: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 36. Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/
Osborne, 2002, chapter 4: Access Control (pages 132-133).
Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?
A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.
B. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed.
C. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice.
D. The pair of elements is the subject and object, and the subject has no access rights in relation to an object.
Correct Answer: A
Explanation: In this type of control, a lattice model is applied. To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed.
WIKIPEDIA has a great explanation as well:
In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations). In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.
Reference(s) used for this question: KRUTZ, Ronald L. and VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley and Sons, Page 34 and http://en.wikipedia.org/wiki/Lattice-based_access_control
What are cognitive passwords?
A. Passwords that can be used only once.
B. Fact or opinion-based information used to verify an individual\’s identity.
C. Password generators that use a challenge response scheme.
Correct Answer: B
Explanation: Cognitive passwords are fact or opinion-based information used to verify an individual\’s identity. Passwords that can be used only once are one-time or dynamic passwords. Password generators that use a challenge response
scheme refer to token devices.
A passphrase is a sequence of characters that is longer than a password and is transformed into a virtual password.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System and Methodology (page 2), /Documents/CISSP_Summary_2002/index.html.
Legacy single sign on (SSO) is:
A. Technology to allow users to authenticate to every application by entering the same user ID and password each time, thus having to remember only a single password.
B. Technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals.
C. A mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications.
D. Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de- facto industry standard single sign on mechanism.
Correct Answer: C
Explanation: A mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications.
The following answers are incorrect:
Technology to allow users to authenticate to every application by entering the same user ID and password each time, thus having to remember only a single password. This is a detractor. Note that it is not even a descripton of SSO, because
the user is entering user ID and password for EACH access attempt. Technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals.
This is a good description for Identity Management Password Management system, but not for Legacy SSO.
Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de-facto industry standard single sign on mechanism. This is a detractor.
The following reference(s) were/was used to create this question:
Official (ISC)2 Guide to the CISSP CBK 2007, pg 176:
“many legacy systems do not support an external means to identify and authenticate users. Therefore, it is possible to store the credentials outside of the various applications and have them automatically entered on behalf of the user when
an application is launched.”
Which of the following issues is not addressed by Kerberos?
Correct Answer: A
Explanation: The KDC (Kerberos Distribution Center) can be a single point of failure. Confidentiality is incorrect. Kerberos does ensure confidentiality, keeping communications private between systems over a network.
Integrity is incorrect. Kerberos does ensure integrity. Authentication is incorrect. Kerberos does provide authentication.
CBK pp 181-194
CertBus exam braindumps are pass guaranteed. We guarantee your pass for the CISSP exam successfully with our ISC materials. CertBus Certified Information Systems Security Professional exam PDF and VCE are the latest and most accurate. We have the best ISC in our team to make sure CertBus Certified Information Systems Security Professional exam questions and answers are the most valid. CertBus exam Certified Information Systems Security Professional exam dumps will help you to be the ISC specialist, clear your CISSP exam and get the final success.
CISSP Latest questions and answers on Google Drive(100% Free Download): https://drive.google.com/file/d/0B_3QX8HGRR1mVXBDYy0tYmNFSHM/view?usp=sharing
CISSP ISC exam dumps (100% Pass Guaranteed) from CertBus: https://www.certbus.com/CISSP.html [100% Exam Pass Guaranteed]
Why select/choose CertBus?
Millions of interested professionals can touch the destination of success in exams by certbus.com. products which would be available, affordable, updated and of really best quality to overcome the difficulties of any course outlines. Questions and Answers material is updated in highly outclass manner on regular basis and material is released periodically and is available in testing centers with whom we are maintaining our relationship to get latest material.