BLOGSPOT atas

Friday, July 25, 2014

CISSP Exam Preparation (Question 255)

(255) The U.S. Uniform Computer Information Transactions Act (UCITA) is a:
A. Model act that is intended to apply uniform legislation to electronic 
credit transactions
B. Model act that is intended to apply uniform legislation to software 
licensing
C. Model act that addresses electronic transactions conducted by financial 
institutions
D. Model act that addresses digital signatures
Explanation:
The National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform Computers Information Transactions Act (UCITA) on July 29, 1999. This legislation, which will have to be enacted state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensing practices of software vendors. At the present time, shrink-wrap or click-wrap licenses limit rights that are normally granted under copyright law. Under Section 109 of the U.S. 1976 Copyright Act, the first sale provision permits the owner of a particular copy without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy. However, the software manufacturers use the term license in their transactions. As opposed to the word sale, the term license denotes that the software manufacturers are permitting users to use a copy of their softwarE . Thus, the software vendor still owns the softwarE . Until each state enacts the legislation, it is not clear if shrink-wrap licenses that restrict users rights under
copyright law are legally enforceablE . For clarification, shrink-wrap
licenses physically accompany a disk while click-on and active clickwrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use softwarE . The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.

- Muhammad Idham Azhari

CISSP Exam Preparation (Question 254)

(254) Which choice below BEST describes the process of data purging?
A. Complete physical destruction of the media
B. Reusing data storage media after its initial use
C. Overwriting of data media intended to be reused in the same organization or area
D. Degaussing or thoroughly overwriting media intended to be removed 
the control of the organization or area


Explanation:
Answer “Overwriting of data media intended to be reused in the same organization or area” refers
to data clearing.
Answer “Complete physical destruction of the media” describes data destruction.
Answer “Reusing data storage media after its initial use” describes object reuse.

- Muhammad Idham Azhari

Thursday, July 24, 2014

CISSP Exam Preparation (Question 253)

(253) The theft of a laptop poses a threat to which tenet of the C.I.A. triad?
A. All of the above
B. Availability
C. Integrity
D. Confidentiality
Explanation:
The correct answer is confidentiality, because the data can now
be read by someone outside of a monitored environment; availability,
because the user has lost the computing ability provided by the unit;
and integrity, because the data residing on and any telecommunications
from the portable are now suspect.

- Muhammad Idham Azhari

Wednesday, July 23, 2014

CISSP Exam Preparation (Question 252)

(252) seizure as established in the Fourth Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private
citizens, who are not agents of a government entity. Thus, internal
investigators in an organization or private investigators are not subject to
the same restrictions as government officials. Private individuals are not
normally held to the same standards regarding search and seizure since
they are not conducting an unconstitutional government search.
However, there are certain exceptions where the Fourth Amendment
applies to private citizens if they act as agents of the government/police.
Which of the following is NOT one of these exceptions?
A. The private individual conducts a warrantless search of company
property for the company.

B. The private individual conducts a search that would require a search
warrant if conducted by a government entity.
C. The government is aware of the intent to search or is aware of a
search conducted by the private individual and does not object to
these actions.
D. The private individual performs the search to aid the government.

Explanation:
Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted. The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees: The right of the people to be secure in their persons, houses, papers,
and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity. The other answers describe exceptions where the private individual is subject to the
Fourth Amendment guarantees.


- Muhammad Idham Azhari

Tuesday, July 22, 2014

CISSP Exam Preparation (Question 251)

(251) Which of the following is NOT a form of computer/network surveillance?
A. Use of CCTV cameras
B. Use of network sniffers
C. Keyboard monitoring
D. Review of audit logs
Explanation:
CCTV cameras fall under the category of physical surveillance.
Answers a and b are forms of active surveillance. These types of surveillance
require an organizational policy informing the employees that the surveillance is being conducted. Additionally, warning banners describing the surveillance at log-on to a computer or network should be prominently displayed. These banners usually state that by logging on, the user acknowledges the warning and agrees to the monitoring. Answer “Review of audit logs” is a passive form of computer/network surveillance.

- Muhammad Idham Azhari

Monday, July 21, 2014

CISSP Exam Preparation (Question 250)

(250) The Internet Activities Board (IAB) considers which of the following
behaviors relative to the Internet as unethical?
A. Negligence in the conduct of Internet experiments
B. Recordkeeping in which an individual cannot find out what information concerning that individual is in the record
C. Improper dissemination and use of identifiable personal data
D. Recordkeeping whose very existence is secret
Explanation:
The IAB document, Ethics and the Internet (RFC 1087) listed behaviors as unethical that:
Seek to gain unauthorized access to the resources of the Internet
Destroy the integrity of computer-based information
Disrupt the intended use of the Internet
Waste resources such as people, capacity and computers through
such actions
Compromise the privacy of users

Involve negligence in the conduct of Internetwide experiments
The other answers are taken from the Code of Fair Information
Practices of the U.S. Department of Health, Education of Welfare.

- Muhammad Idham Azhari

Friday, July 18, 2014

CISSP Exam Preparation (Question 249)

(249) Which of the following alternatives should NOT be used by law enforcement to gain access to a password?
A. Contacting the developer of the software for information to gain access to the computer or network through a back door
B. Compelling the suspect to provide the password
C. Data manipulation and trial procedures applied to the original version of the system hard disk
D. Using password cracker software
Explanation:
The original disk of a computer involved in a criminal investigation should not be used for any experimental purposes since data may be modified or destroyed. Any operations should be conducted on a copy of the system disk. However, the other answers are the preferred methods of gaining access to a password-protected system.
Interestingly, in answer b, there is legal precedent to order a suspect
to provide the password of a computer that is in the custody of law enforcement.

- Muhammad Idham Azhari

Thursday, July 17, 2014

CISSP Exam Preparation (Question 248)

(248) Which is NOT a recommended way to dispose of unwanted used data media?

A. Copying new data over existing data on diskettes
B. Formatting diskettes seven or more times
C. Shredding paper reports by cleared personnel
D. Destroying CD-ROMs

Explanation:
The correct answer is copying new data over existing data on
diskettes. While this method might overwrite the older files, if the new data file is smaller than the older data file, recoverable data might exist past the file end marker of the new file.

- Muhammad Idham Azhari

Wednesday, July 16, 2014

CISSP Exam Preparation (Question 247)

(247) The recommended optimal relative humidity range for computer operations is:
A. 40% to 60%
B. 10% to 30%
C. 30% to 40%
D. 60% to 80%
Explanation:
The correct answer is C. 40% to 60% relative humidity is recommended for safe computer operations. Too low humidity can create static discharge problems, and too high humidity can create condensation and electrical contact problems.

- Muhammad Idham Azhari

Tuesday, July 15, 2014

CISSP Exam Preparation (Question 246)

(246) Which is NOT a type of a fire detector?
A. Smoke-actuated
B. Flame-actuated
C. Gas-discharge
D. Heat-sensing

Explanation:
The correct answer is Gas-discharge. Gas-discharge is a type of fire extinguishing
system, not a fire detection system.

- Muhammad Idham Azhari

Monday, July 14, 2014

CISSP Exam Preparation (Question 245)

(245) Which type of fire extinguishing method contains standing water in the pipe, and therefore generally does not enable a manual shutdown of systems before discharge?
A. Dry Pipe
B. Deluge
C. Wet pipe
D. Preaction

Explanation:
The other three are variations on a dry
pipe discharge method with the water not standing in the pipe until a fire is detected.

- Muhammad Idham Azhari

Friday, July 11, 2014

CISSP Exam Preparation (Question 244)

(244) Which type of control below is NOT an example of a physical security
access control?
A. Guard dog
B. Audit trail
C. Retinal scanner

D. Five-key programmable lock

- Muhammad Idham Azhari

Thursday, July 10, 2014

CISSP Exam Preparation (Question 243)

(243) A brownout can be defined as a:
A. Prolonged low voltage.
B. Prolonged power loss.
C. Momentary high voltage.
D. Momentary low voltage.
Explanation:
The correct answer is “Prolonged low voltage”.
Answer “prolonged power loss” is a blackout.
Answer “momentary low voltage” is a sag.
Answer “momentary high voltage” is a spike.

- Muhammad Idham Azhari

Tuesday, July 8, 2014

CISSP Exam Preparation (Question 242)

(242) Why should extensive exterior perimeter lighting of entrances or parking areas be installed?
A. To enable programmable locks to be used
B. To create two-factor authentication
C. To discourage prowlers or casual intruders
D. To prevent dataremanence
Explanation:
The other answers have nothing to do with lighting.

- Muhammad Idham Azhari

Monday, July 7, 2014

CISSP Exam Preparation (Question 241)

(241) Which choice below is the BEST description of a Central Station Alarm System?
A. Also rings an alarm in the local fire or police station
B. Rings an alarm in the office of the customer
C. Rings an alarm in a central monitoring office of a third-party monitoring firm
D. Rings an audible alarm on the local premises that it protects
Explanation:
Answer “Rings an audible alarm on the local premises that it protects” describes a Local Alarm System.
Answer “Rings an alarm in the office of the customer” describes a Proprietary System.
Answer “Also rings an alarm in the local fire or police station” describes an Auxiliary Station
System.

- Muhammad Idham Azhari

Friday, July 4, 2014

CISSP Exam Preparation (Question 240)

(240) Which choice below is NOT a type of motion detector?
A. Audio detection
B. Wave pattern detection
C. Smoke detection
D. Capacitance detection
Explanation:
The other three are examples of intrusion detectors designed to sense unusual movement within a defined interior security area.

- Muhammad Idham Azhari

Thursday, July 3, 2014

CISSP Exam Preparation (Question 239)

(239) What is the recommended height of perimeter fencing to keep out casual trespassers?
A. 8 to 12 high
B. 6 to 7 high
C. 3 to 4 high
D. 1 to 2 high
Explanation:
3 to 4 high fencing is considered minimal protection, only for restricting casual trespassers. Answers “6 to 7 high” and “8 to 12 high” are better protection against intentional intruders.

- Muhammad Idham Azhari

Wednesday, July 2, 2014

CISSP Exam Preparation (Question 238)

(238) Which is a benefit of a guard over an automated control?
A. Guards are cheaper.
B. Guards do not need pre-employment screening.
C. Guards do not need training.
D. Guards can use discriminating judgment.


Explanation:
Guards can use discriminating judgment.
Guards are typically more expensive than automated controls, need
training as to the protection requirements of the specific site, and need to be screened and bonded.

- Muhammad Idham Azhari

Tuesday, July 1, 2014

CISSP Exam Preparation (Question 237)

(237) The European Union Electronic Signature Directive of January, 2000, defines an advanced electronic signature. This signature must meet all of the following requirements except that:
A. It must be created using means that are generally accessible and available.
B. It must be uniquely linked to the signatory.
C. It must be linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
D. It must be capable of identifying the signatory.

Explanation:
The Directive requires that the means be maintained under the sole
control of the signatory. This requirement is a particularly difficult one to achieve. One approach is to use different tokens or smart cards for the different transactions involved. The other answers are typical
characteristics of digital signatures that can be implemented with
public key cryptography.

- Muhammad Idham Azhari