[Q818-Q841] Ensure Success With Updated Verified CISSP Exam Dumps [2025]

Share

Ensure Success With Updated Verified CISSP Exam Dumps [2025]

Exam Materials for You to Prepare & Pass CISSP Exam.

NEW QUESTION # 818
The design of a security system to prevent potential conflicts of interests should be based on which of the following security models?

  • A. Bell-LaPadula
  • B. Brewer and Nash
  • C. Biba
  • D. Clark-Wilson

Answer: B


NEW QUESTION # 819
What are cognitive passwords?

  • A. Passwords that can be used only once.
  • B. Passphrases.
  • C. Fact or opinion-based information used to verify an individual's identity.
  • D. Password generators that use a challenge response scheme.

Answer: C

Explanation:
Cognitive passwords are fact or opinion-based information used to verify an
individual's identity. Passwords that can be used only once are one-time or dynamic passwords.
Password generators that use a challenge response scheme refer to token devices.
A passphrase is a sequence of characters that is longer than a password and is transformed into a
virtual password.
Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System &
Methodology (page 2), /Documents/CISSP_Summary_2002/index.html.


NEW QUESTION # 820
Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance?

  • A. RAID level 1
  • B. RAID level 5
  • C. RAID level 0
  • D. RAID level 2

Answer: A

Explanation:
RAID 1 (Mirroring) is usually used to create Server Fault Tolerance
Redundant server implementations take the concept of RAID 1 (mirroring) and applies it to a pair
of servers to provide server fault tolerance. Each of the two servers have 100% of the data and the
data is maintained in synch all the time.
RAID 0 (STRIPING)
Offers no redundancy or fault tolerance, hence does not truly fit the "RAID" acronym. In level 0,
data is striped across drives, resulting in higher data throughput. Since no redundant information is
stored, performance is very good, but the failure of any disk in the array results in data loss. This
level is commonly referred to as striping.
Advantages of RAID 0
Since redundant data is not stored in RAID, hence the capacity of this RAID storage system is
excellent, complete 100%.
This RAID level is very good for large data transfers.
Splitting up of data across various hard drives provides very high input/output rates.
There is no parity generation.
Since, copies of data are not created, hence it is very cost effective. No extra space is used in
storing duplicate data.
It is very easy to implement RAID level 0.
Disadvantages of RAID 0
The single drive MTBF causes the data availability feature to be very low.
It is not a proper RAID level, since it cannot provide data redundancy.
A single disk failure can result in a considerable amount of data loss.
RAID 0 is not the right RAID level for critical systems, where data holds the prime importance.
RAID 1 (MIRRORING)
Provides redundancy by writing all data to two or more drives. The performance of a level 1 array
tends to be faster on reads and slower on writes compared to a single drive, but if either drive fails,
no data is lost. This is a good entry-level redundant system, since only two drives are required;
however, since one drive is used to store a duplicate of the data, the cost per megabyte is high.
This level is commonly referred to as mirroring.
This level is known for its mirroring capability. Two hard disks are used, out of which one stores
duplicate data. In other words, same data is stored in both the hard disks. Thus, data redundancy
is provided very well in this RAID level. However, the cost of implementing this RAID level
becomes very high, since one of the hard drives is just used for keeping the duplicate content of
the data in the other hard drive.
Advantages of RAID 1
The capacity of data storage in RAID 1 is not that bad. It is 50%.
For large data transfers, this RAID level is also very good.
In RAID 1, reading data is quite fast.
Most importantly, failure of any one of the disks, cannot cause data loss, as a backup is always
there in the other hard disk.
This is another easy to implement RAID level.
Disadvantages of RAID 1
It is not very much cost effective, because one of the drives is just storing the duplicate data of the
other.
The writing speed is decreased, since data has to be written twice.
The disk overhead is also very high
DUPLEXING: Is the same as mirroring but two drives controllers are being used.
RAID 2 (STRIPING AT THE BIT LEVEL)
In RAID 2, data is not stripped at blocks, but at the level of bits. Hamming code is used for error
correction. Hamming code is a linear error correcting code. This is very efficient in recovering
accurate data from the single bit corruption in data. Thus, this RAID level provides a very high data
transfer rate.
Advantages of RAID 2
High data transfer rates.
Single bit corruption of data can be accurately recovered.
Multiple bit corruption can also be detected with much ease.
Disadvantages of RAID 2
Multiple bit corruption is possible.
Multiple bit corruption can be detected but not corrected.
The error bit correction logic is very complex. RAID 2 has become almost an obsolete method of
data storage.
RAID 3 (STRIPING AT THE BYTE LEVEL)
In RAID 3, data is split at byte level. In this method, one additional hard disk is used for holding the
parity bits. Since data is stored and stripped at the byte level, hence, accessing a single block of
data requires access to more than one hard disks. This is another RAID level, whose use is very
much limited to certain applications.
Advantages of RAID 3
For large file transfers, it provides very high read and write speeds.
It is quite cost effective.
The capacity of the hard disks used in this system is also very good, since, only one extra hard
disk is used for storing the parity bits.
Disadvantages of RAID 3
RAID 3 is not very good for small data transfers.
Accessing a block of data means, dealing with more than one hard drive in the hard drive array.
Application is limited to certain specific fields.
RAID 4 (STRIPING AT THE BLOCK LEVEL)
RAID 4 is quite similar to that of RAID 3. It also uses a dedicated parity disk, but the difference is
that, it strips the data at block level. This is another RAID level, which became obsolete very soon.
Advantages of RAID 4
It can provide multiple reads if the controller allows it to do so.
It is also quite cost effective.
Unlike RAID 3, it does not require synchronized spindles.
RAID 5 (STRIPING AT THE BLOCK LEVEL - MULTIPLE PARITY DRIVES)
This is perhaps the most popular RAID level. It also uses block level stripping, but a single
dedicated hard drive is not used for holding the parity data. It also provides high storage capacity
too. Provides redundancy by writing data and parity information across three or more drives, thus
increasing performance.
Advantages of RAID 5
High read/write speeds are possible. As against RAID 3 and RAID 4, which were quickly replaced
by RAID 5, the RAID level 5 allowed multiple writes.
It is very cost effective. With a minimum of just 3 hard drives, this RAID level can be implemented
and explained.
The capacity of this RAID level is also very good.
Disadvantages of RAID 5
It is not very efficient with large data transfers.
Though the performance is very good, a disk failure can have a good impact on the system's
performance.
RAID 10 (RAID 1 and 0 USED TOGETHER)
RAID 10 is often referred to as RAID 1+0. The reason is that this RAID level uses the combined
features of RAID 1 and RAID 0. Here, a mirror of each block of data is created and data is also
stripped. This is a very good system for handling multiple drive failures.
RAID 50
RAID 10 is often referred to as RAID 5+0. The reason is that this RAID level uses the combined
features of RAID 5 and RAID 0.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and
Network Security (page 67).
and
http://www.buzzle.com/articles/raid-levels-explained.html
and
http://www.sohoconsult.ch/raid/raid.html


NEW QUESTION # 821
Under MAC, which of the following is true?

  • A. All that is expressly permitted is forbidden.
  • B. All that is not expressly permitted is not forbidden.
  • C. All that is not expressly permitted is forbidden.
  • D. None of the choices.

Answer: C

Explanation:
It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.


NEW QUESTION # 822
Why is public key cryptography recommended for use in the process of securing facsimiles during transmission?

  • A. Keys are never transmitted over the network.
  • B. Data compression decreases key change frequency.
  • C. Key data is not recognizable from facsimile data.
  • D. The key is securely passed to the receiving machine.

Answer: D

Explanation:
In this method of cryptography we use 2 keys, one to encrypt the data, and another to decrypt it. In Public Key Cryptography, the users have a public and a private key, the public key is of free distribution and is usually published in a directory, while the private keys must be keep secure. This allows the keys to pass in a secure fashion to the receiving machine, its because the public key is not confidential and can be send through a secure channel. You need to use a certification authority to make this kind of cryptography work.


NEW QUESTION # 823
Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

  • A. Test after implementation of system patches
  • B. Test when environment changes
  • C. Test after installation of security patches
  • D. Test before the IT Audit

Answer: B


NEW QUESTION # 824
What is the PRIMARY role of a scrum master in agile development?

  • A. To choose the primary development language
  • B. To match the software requirements to the delivery plan
  • C. To choose the integrated development environment
  • D. To project manage the software delivery

Answer: D


NEW QUESTION # 825
Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

  • A. Gateway
  • B. Repeater
  • C. Router
  • D. Bridge

Answer: A

Explanation:
A gateway is used to connect two networks using dissimilar protocols at the lower
layers or it could also be at the highest level of the protocol stack.
Important Note:
For the purpose of the exam, you have to remember that a gateway is not synonymous to the term
firewall.
The second thing you must remembers is the fact that a gateway act as a translation device.
It could be used to translate from IPX to TCP/IP for example. It could be used to convert different
types of applications protocols and allow them to communicate together. A gateway could be at
any of the OSI layers but usually tend to be higher up in the stack.
For your exam you should know the information below:
Repeaters A repeater provides the simplest type of connectivity, because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance. The device amplifies signals because signals attenuate the farther they have to travel. Repeaters can also work as line conditioners by actually cleaning up the signals. This works much better when amplifying digital signals than when amplifying analog signals, because digital signals are discrete units, which makes extraction of background noise from them much easier for the amplifier. If the device is amplifying analog signals, any accompanying noise often is amplified as well, which may further distort the signal. A hub is a multi-port repeater. A hub is often referred to as a concentrator because it is the physical communication device that allows several computers and devices to communicate with each other. A hub does not understand or work with IP or MAC addresses. When one system sends a signal to go to another system connected to it, the signal is broadcast to all the ports, and thus to all the systems connected to the concentrator.
Repeater Image Reference- http://www.erg.abdn.ac.uk/~gorry/course/images/repeater.gif
Bridges A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.
Bridge Image Reference- http://www.oreillynet.com/network/2001/01/30/graphics/bridge.jpg
Routers Routers are layer 3, or network layer, devices that are used to connect similar or different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary. Because routers have more network-level knowledge, they can perform higher-level functions, such as calculating the shortest and most economical path between the sending and receiving hosts.
Router and Switch
Image Reference- http://www.computer-networking-success.com/images/router-switch.jpg
Switches
Switches combine the functionality of a repeater and the functionality of a bridge. A switch
amplifies the electrical signal, like a repeater, and has the built-in circuitry and intelligence of a
bridge. It is a multi-port connection device that provides connections for individual computers or
other hubs and switches.
Gateways
Gateway is a general term for software running on a device that connects two different
environments and that many times acts as a translator for them or somehow restricts their
interactions. Usually a gateway is needed when one environment speaks a different language,
meaning it uses a certain protocol that the other environment does not understand. The gateway
can translate Internetwork Packet Exchange (IPX) protocol
packets to IP packets, accept mail from one type of mail server and format it so another type of
mail server can accept and understand it, or connect and translate different data link technologies
such as FDDI to Ethernet.
Gateway Server
Image Reference-
http://static.howtoforge.com/images/screenshots/556af08d5e43aa768260f9e589dc547f-3024.jpg
The following answers are incorrect:
Repeater - A repeater provides the simplest type of connectivity, because it only repeats electrical
signals between cable segments, which enables it to extend a network. Repeaters work at the
physical layer and are add-on devices for extending a network connection over a greater distance.
The device amplifies signals because signals attenuate the farther they have to travel.
Bridges - A bridge is a LAN device used to connect LAN segments. It works at the data link layer
and therefore works with MAC addresses. A repeater does not work with addresses; it just
forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether
or not the MAC address is on the local network segment. If the MAC address is not on the local
network segment, the bridge forwards the frame to the necessary network segment.
Routers - Routers are layer 3, or network layer, devices that are used to connect similar or
different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a
Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary.
Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 263 Official ISC2 guide to CISSP CBK 3rd Edition Page number 229 and 230


NEW QUESTION # 826
A large customer of a cloud Service Provider (CSP) has servers that are hosting multiple autonomous applications that don't interact. Which of the following solutions is BEST suited to reduce their complexly and improve security?

  • A. Designate a single application sensitivity level for each application server
  • B. Design so every application server has its own Virtual Local Area Network (VLAN)
  • C. Centralize the environment and manage rt with a single firewall
  • D. Enable application servers to run in individual network environments

Answer: B


NEW QUESTION # 827
An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get involved in this acquisition's life cycle?

  • A. When the need for a system is expressed and the purpose of the system Is documented
  • B. When the system is verified and validated
  • C. When the system is deployed into production
  • D. When the system is being designed, purchased, programmed, developed, or otherwise constructed

Answer: A


NEW QUESTION # 828
What is NOT true about a one-way hashing function?

  • A. The results of a one-way hash is a message digest
  • B. It provides authentication of the message
  • C. It provides integrity of the message
  • D. A hash cannot be reverse to get the message used to create the hash

Answer: B

Explanation:
A one way hashing function can only be use for the integrity of a message and not for authentication or confidentiality. Because the hash creates just a fingerprint of the message which cannot be reversed and it is also very difficult to create a second message with the same hash.
A hash by itself does not provide Authentication. It only provides a weak form or integrity. It would be possible for an attacker to perform a Man-In-The-Middle attack where both the hash and the digest could be changed without the receiver knowing it.
A hash combined with your session key will produce a Message Authentication Code (MAC) which will provide you with both authentication of the source and integrity. It is sometimes referred to as a Keyed Hash. A hash encrypted with the sender private key produce a Digital Signature which provide authentication, but not the hash by itself.
Hashing functions by themselves such as MD5, SHA1, SHA2, SHA-3 does not provide
authentication.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001,
Page 548


NEW QUESTION # 829
Which DES modes can best be used for authentication?

  • A. Cipher Block Chaining and Cipher Feedback.
  • B. Cipher Block Chaining and Electronic Code Book.
  • C. Cipher Block Chaining and Output Feedback.
  • D. Output Feedback and Electronic Code Book.

Answer: A

Explanation:
Cipher Block Chaining (CBC) uses feedback to feed the result of encryption back into the encryption of the next block. The plain-text is XOR'ed with the previous cipher-text block before it is encrypted. The encryption of each block depends on all the previous blocks. This requires that the decryption side processes all encrypted blocks sequentially. This mode requires a random initialization vector which is XOR'ed with the first data block before it is encrypted. The initialization vector does not have to be kept secret. The initialization vector should be a random number (or a serial number), to ensure that each message is encrypted uniquely. In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before sending across an insecure data link.
Both of those method can be best used to provide user authentication capabilities.


NEW QUESTION # 830
What kind of Encryption technology does SSL utilize?

  • A. Private key
  • B. Secret or Symmetric key
  • C. Hybrid (both Symmetric and Asymmetric)
  • D. Public Key

Answer: C

Explanation:
SSL use public-key cryptography to secure session key, while the session key (secret key) is used to secure the whole session taking place between both parties communicating with each other.
The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in February 1995 but "contained a number of security flaws which ultimately led to the design of SSL version 3.0." SSL version 3.0, released in 1996, was a complete redesign of the protocol produced by Paul Kocher working with Netscape engineers Phil Karlton and Alan Freier. All of the other answers are incorrect


NEW QUESTION # 831
Which of the following should be performed by an operator?

  • A. Changing profiles
  • B. Approving changes
  • C. Installing system software
  • D. Adding and removal of users

Answer: C

Explanation:
Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment.
Source: MOSHER, Richard & ROTHKE, Ben, CISSP CBK Review presentation on domain
7.


NEW QUESTION # 832
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

  • A. Walkthrough
  • B. White box
  • C. Parallel
  • D. Simulation

Answer: D


NEW QUESTION # 833
Which of the following resources is BEST located within a network's Demilitarized Zone (DMZ)?

  • A. Dynamic Host Configuration Protocol (DHCP) Server
  • B. File Server
  • C. Domain Name System (DNS) Server
  • D. Database Gerver

Answer: C


NEW QUESTION # 834
In order to avoid mishandling of media or information, you should consider using:

  • A. SLL
  • B. Labeling
  • C. Ticket
  • D. Token

Answer: B

Explanation:
In order to avoid mishandling of media or information, proper labeling must be used.
All tape, floppy disks, and other computer storage media containing sensitive
information must be externally marked with the appropriate sensitivity classification.
All tape, floppy disks, and other computer storage media containing unrestricted
information must be externally marked as such.
All printed copies, printouts, etc., from a computer system must be clearly labeled
with the proper classification.


NEW QUESTION # 835
Convert Channel Analysis, Trusted Facility Management, and Trusted
Recovery are parts of which book in the TCSEC Rainbow Series?

  • A. Orange Book
  • B. Red Book
  • C. Dark Green Book
  • D. Green Book

Answer: A

Explanation:
The correct answer is Orange Book.
* Answer the Red Book is the Trusted Network
Interpretation (TNI) summary of network requirements (described
in the Telecommunications and Network Security domain).
* The Green Book, is the Department of Defense (DoD) Password Management Guide-line;
* The Dark Green Book, is The Guide to Understanding Data Rema-nence in Automated
Information Systems.


NEW QUESTION # 836
In addition to life, protection of which of the following elements is MOST important when planning a data center site?

  • A. Resources and reputation
  • B. Property and operations
  • C. Data and hardware
  • D. Profits and assets

Answer: C

Explanation:
Next to people data is the most important asset a organization has to protect.


NEW QUESTION # 837
A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the:

  • A. desired service.
  • B. delayed service.
  • C. distributed service.
  • D. dedicated service.

Answer: A

Explanation:
This is the usual term to describe the destination for a TCP/UDP packet.
"Dedicated service" is incorrect. This is an "almost right sounding" term meant to confuse the
unwary.
"Delayed service" is incorrect. This is a nonsense term to confuse you.
"Distributed service" is incorrect. While network services can certainly be distributed, the usual
term is "desired service" or "destination service."
References:
CBK, p. 464
AIO3, pp. 482 - 484


NEW QUESTION # 838
Which of the following could cause a Denial of Service (DoS) against an authentication system?

  • A. Hashing of audit logs
  • B. Remote access audit logs
  • C. No archiving of audit logs
  • D. Encryption of audit logs

Answer: C

Explanation:
Section: Security Assessment and Testing


NEW QUESTION # 839
The BEST method of demonstrating a company's security level to potential customers is

  • A. responding to a customer's security questionnaire.
  • B. a site visit by a customer's security team.
  • C. a formal report from an internal auditor.
  • D. a report from an external auditor.

Answer: D

Explanation:
The best method of demonstrating a company's security level to potential customers is a report from an external auditor, who is an independent and qualified third party that evaluates the company's security policies, procedures, controls, and practices against a set of standards or criteria, such as ISO 27001, NIST, or COBIT. A report from an external auditor provides an objective and credible assessment of the company's security posture, and may also include recommendations for improvement or certification . References: :
CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 47. : CISSP For Dummies, 7th Edition, Chapter 1, page 29.


NEW QUESTION # 840
How is Annualized Loss Expectancy (ALE) derived from a threat?

  • A. SLE x ARO
  • B. AV x EF
  • C. SLE/EF
  • D. ARO x (SLE - EF)

Answer: A

Explanation:
"SLE x annualized rate of occurrence (ARO) = ALE" pg 70 Shon Harris: All-in-One CISSP Certification


NEW QUESTION # 841
......

Updated CISSP Certification Exam Sample Questions: https://www.realvce.com/CISSP_free-dumps.html

Pass Your CISSP Exam at the First Try with 100% Real Exam: https://drive.google.com/open?id=1knCXvRjI4WT-pPlyjsocZ_ORwrAfQLpB