Wednesday, July 30, 2014
Friday, July 25, 2014
CISSP Exam Preparation (Question 255)
(255) The U.S. Uniform Computer
Information Transactions Act (UCITA) is a:
A. Model act that is intended to apply
uniform legislation to electronic
credit transactions
credit transactions
B. Model
act that is intended to apply uniform legislation to software
licensing
licensing
C. Model act that addresses electronic
transactions conducted by financial
institutions
institutions
D. Model act that addresses digital
signatures
Explanation:
The National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform
Computers Information Transactions Act (UCITA) on July 29, 1999. This legislation, which
will have to be enacted
state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensing practices of software vendors. At
the present time, shrink-wrap or click-wrap
licenses limit rights that are normally granted under copyright law. Under Section 109 of
the U.S. 1976 Copyright Act, the first
sale provision permits the owner of a particular copy without the authority of the copyright
owner, to sell or otherwise dispose of the possession of that copy. However, the software
manufacturers use
the term license in their transactions. As opposed to the word sale, the term license denotes that the software manufacturers are permitting users to use a copy of
their softwarE . Thus, the software vendor still owns the softwarE . Until each state enacts
the legislation, it
is not clear if shrink-wrap licenses that restrict users rights under
copyright law are legally enforceablE . For clarification, shrink-wrap licenses physically accompany a disk while click-on and active clickwrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use softwarE . The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.
copyright law are legally enforceablE . For clarification, shrink-wrap licenses physically accompany a disk while click-on and active clickwrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use softwarE . The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.
- Muhammad Idham Azhari
CISSP Exam Preparation (Question 254)
(254) Which choice below BEST
describes the process of data purging?
A. Complete physical destruction of the
media
B. Reusing data storage media after its
initial use
C. Overwriting of data media intended
to be reused in the same organization or area
D. Degaussing
or thoroughly overwriting media intended to be removed
the control of the organization or area
the control of the organization or area
Explanation:
Answer “Overwriting of data media intended to be reused in the same organization or area” refers to data clearing.
Answer “Complete physical destruction of the media” describes data destruction.
Answer “Reusing data storage media after its initial use” describes object reuse.
Answer “Overwriting of data media intended to be reused in the same organization or area” refers to data clearing.
Answer “Complete physical destruction of the media” describes data destruction.
Answer “Reusing data storage media after its initial use” describes object reuse.
- Muhammad Idham Azhari
Thursday, July 24, 2014
CISSP Exam Preparation (Question 253)
(253) The theft of a laptop
poses a threat to which tenet of the C.I.A. triad?
A. All
of the above
B. Availability
C. Integrity
D. Confidentiality
Explanation:
The correct answer is confidentiality, because the data can now
be read by someone outside of a monitored environment; availability,
because the user has lost the computing ability provided by the unit;
and integrity, because the data residing on and any telecommunications
from the portable are now suspect.
be read by someone outside of a monitored environment; availability,
because the user has lost the computing ability provided by the unit;
and integrity, because the data residing on and any telecommunications
from the portable are now suspect.
- Muhammad Idham Azhari
Wednesday, July 23, 2014
CISSP Exam Preparation (Question 252)
(252) seizure as established in the Fourth
Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private
citizens, who are not agents of a government entity. Thus, internal
investigators in an organization or private investigators are not subject to
the same restrictions as government officials. Private individuals are not
normally held to the same standards regarding search and seizure since
they are not conducting an unconstitutional government search.
However, there are certain exceptions where the Fourth Amendment
These restrictions are still, essentially, more severe than those on private
citizens, who are not agents of a government entity. Thus, internal
investigators in an organization or private investigators are not subject to
the same restrictions as government officials. Private individuals are not
normally held to the same standards regarding search and seizure since
they are not conducting an unconstitutional government search.
However, there are certain exceptions where the Fourth Amendment
applies to private citizens if they act as agents of
the government/police.
Which of the following is NOT one of these exceptions?
A. The private individual conducts a
warrantless search of company Which of the following is NOT one of these exceptions?
property for the company.
B. The private individual conducts a search that would require a search
warrant if conducted by a government entity.
C. The government is aware of the intent to search or is aware of a
search conducted by the private individual and does not object to
these actions.
D. The private individual performs the search to aid the government.
Explanation:
Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted. The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees: The right of the people to be secure in their persons, houses, papers,
and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity. The other answers describe exceptions where the private individual is subject to the
Fourth Amendment guarantees.
Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted. The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees: The right of the people to be secure in their persons, houses, papers,
and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity. The other answers describe exceptions where the private individual is subject to the
Fourth Amendment guarantees.
Tuesday, July 22, 2014
CISSP Exam Preparation (Question 251)
(251) Which of the following is
NOT a form of computer/network surveillance?
A. Use
of CCTV cameras
B. Use of network sniffers
C. Keyboard monitoring
D. Review of audit logs
Explanation:
CCTV cameras fall under the category of physical surveillance.
Answers a and b are forms of active surveillance. These types of surveillance require an organizational policy informing the employees that the surveillance is being conducted. Additionally, warning banners describing the surveillance at log-on to a computer or network should be prominently displayed. These banners usually state that by logging on, the user acknowledges the warning and agrees to the monitoring. Answer “Review of audit logs” is a passive form of computer/network surveillance.
Answers a and b are forms of active surveillance. These types of surveillance require an organizational policy informing the employees that the surveillance is being conducted. Additionally, warning banners describing the surveillance at log-on to a computer or network should be prominently displayed. These banners usually state that by logging on, the user acknowledges the warning and agrees to the monitoring. Answer “Review of audit logs” is a passive form of computer/network surveillance.
- Muhammad Idham Azhari
Monday, July 21, 2014
CISSP Exam Preparation (Question 250)
(250) The Internet Activities
Board (IAB) considers which of the following
behaviors relative to the Internet as unethical?
behaviors relative to the Internet as unethical?
A. Negligence
in the conduct of Internet experiments
B. Recordkeeping in which an individual
cannot find out what information
concerning that individual is in the record
C. Improper dissemination and use of
identifiable personal data
D. Recordkeeping whose very existence
is secret
Explanation:
The IAB document, Ethics and the Internet (RFC 1087) listed behaviors as unethical that:
Seek to gain unauthorized access to the resources of the Internet
Destroy the integrity of computer-based information
Disrupt the intended use of the Internet
Waste resources such as people, capacity and computers through such actions
Compromise the privacy of users
Seek to gain unauthorized access to the resources of the Internet
Destroy the integrity of computer-based information
Disrupt the intended use of the Internet
Waste resources such as people, capacity and computers through such actions
Compromise the privacy of users
Involve negligence in the conduct of Internetwide
experiments
The other answers are taken from the Code of Fair Information Practices of the U.S. Department of Health, Education of Welfare.
- Muhammad Idham Azhari
The other answers are taken from the Code of Fair Information Practices of the U.S. Department of Health, Education of Welfare.
- Muhammad Idham Azhari
Friday, July 18, 2014
CISSP Exam Preparation (Question 249)
(249) Which of the following
alternatives should NOT be used by law enforcement
to gain access to a password?
A. Contacting the developer of the
software for information to gain access
to the computer or network through a back door
B. Compelling the suspect to provide
the password
C. Data
manipulation and trial procedures applied to the original version of the system hard disk
D. Using password cracker software
Explanation:
The original disk of a computer involved in a criminal investigation should not be used for any
experimental purposes since data may
be modified or destroyed. Any operations should be conducted on a copy of the system disk.
However, the other answers are the
preferred methods of gaining access to a password-protected system.
Interestingly, in answer b, there is legal precedent to order a suspect to provide the password of a computer that is in the custody of law enforcement.
Interestingly, in answer b, there is legal precedent to order a suspect to provide the password of a computer that is in the custody of law enforcement.
- Muhammad Idham Azhari
Thursday, July 17, 2014
CISSP Exam Preparation (Question 248)
(248) Which is NOT a recommended
way to dispose of unwanted used data media?
A. Copying
new data over existing data on diskettes
B. Formatting diskettes seven or more
times
C. Shredding paper reports by cleared
personnel
D. Destroying CD-ROMs
Explanation:
The correct answer is copying new data over existing data on diskettes. While this method might overwrite the older files, if the new data file is smaller than the older data file, recoverable data might exist past the file end marker of the new file.
The correct answer is copying new data over existing data on diskettes. While this method might overwrite the older files, if the new data file is smaller than the older data file, recoverable data might exist past the file end marker of the new file.
- Muhammad Idham Azhari
Wednesday, July 16, 2014
CISSP Exam Preparation (Question 247)
(247) The recommended optimal
relative humidity range for computer operations is:
A. 40%
to 60%
B. 10% to 30%
C. 30% to 40%
D. 60% to 80%
Explanation:
The correct answer is C. 40% to 60% relative humidity is recommended for safe computer operations. Too
low humidity can create static
discharge problems, and too high humidity can create condensation and electrical contact problems.
- Muhammad Idham Azhari
Tuesday, July 15, 2014
CISSP Exam Preparation (Question 246)
(246) Which is NOT a type of a
fire detector?
A. Smoke-actuated
B. Flame-actuated
C. Gas-discharge
D. Heat-sensing
Explanation:
The correct answer is Gas-discharge. Gas-discharge is a type of fire extinguishing system, not a fire detection system.
The correct answer is Gas-discharge. Gas-discharge is a type of fire extinguishing system, not a fire detection system.
- Muhammad Idham Azhari
Monday, July 14, 2014
CISSP Exam Preparation (Question 245)
(245) Which type of fire
extinguishing method contains standing water in the pipe, and therefore
generally does not enable a manual shutdown of systems
before discharge?
A. Dry Pipe
B. Deluge
C. Wet
pipe
D. Preaction
Explanation:
The other three are variations on a dry pipe discharge method with the water not standing in the pipe until a fire is detected.
The other three are variations on a dry pipe discharge method with the water not standing in the pipe until a fire is detected.
- Muhammad Idham Azhari
Friday, July 11, 2014
CISSP Exam Preparation (Question 244)
(244) Which type of control
below is NOT an example of a physical security
access control?
access control?
A. Guard dog
B. Audit
trail
C. Retinal scanner
D. Five-key programmable lock
- Muhammad Idham Azhari
Thursday, July 10, 2014
CISSP Exam Preparation (Question 243)
(243) A brownout can be defined
as a:
A. Prolonged
low voltage.
B. Prolonged power loss.
C. Momentary high voltage.
D. Momentary low voltage.
Explanation:
The correct answer is “Prolonged low voltage”.
Answer “prolonged power loss” is a blackout.
Answer “momentary low voltage” is a sag.
Answer “momentary high voltage” is a spike.
Answer “prolonged power loss” is a blackout.
Answer “momentary low voltage” is a sag.
Answer “momentary high voltage” is a spike.
- Muhammad Idham Azhari
Tuesday, July 8, 2014
CISSP Exam Preparation (Question 242)
(242) Why should extensive
exterior perimeter lighting of entrances or parking areas be installed?
A. To enable programmable locks to be
used
B. To create two-factor authentication
C. To
discourage prowlers or casual intruders
D. To prevent dataremanence
Explanation:
The other answers have nothing to do with lighting.
- Muhammad Idham Azhari
Monday, July 7, 2014
CISSP Exam Preparation (Question 241)
(241) Which choice below is the
BEST description of a Central Station Alarm System?
A. Also rings an alarm in the local
fire or police station
B. Rings an alarm in the office of the
customer
C. Rings
an alarm in a central monitoring office of a third-party monitoring firm
D. Rings an audible alarm on the local
premises that it protects
Explanation:
Answer “Rings an audible alarm on the local premises that it protects”
describes a Local Alarm System.
Answer “Rings an alarm in the office of the customer” describes a Proprietary System.
Answer “Also rings an alarm in the local fire or police station” describes an Auxiliary Station System.
Answer “Rings an alarm in the office of the customer” describes a Proprietary System.
Answer “Also rings an alarm in the local fire or police station” describes an Auxiliary Station System.
- Muhammad Idham Azhari
Friday, July 4, 2014
CISSP Exam Preparation (Question 240)
(240) Which choice below is NOT
a type of motion detector?
A. Audio detection
B. Wave pattern detection
C. Smoke
detection
D. Capacitance detection
Explanation:
The other three are examples of intrusion detectors designed to sense unusual
movement within a defined
interior security area.
- Muhammad Idham Azhari
Thursday, July 3, 2014
CISSP Exam Preparation (Question 239)
(239) What is the recommended height
of perimeter fencing to keep out casual trespassers?
A. 8 to 12 high
B. 6 to 7 high
C. 3
to 4 high
D. 1 to 2 high
Explanation:
3 to 4 high fencing is considered minimal protection, only for restricting casual trespassers.
Answers “6 to 7 high” and “8 to 12 high” are better protection against intentional intruders.
- Muhammad Idham Azhari
Wednesday, July 2, 2014
CISSP Exam Preparation (Question 238)
(238) Which is a benefit of a
guard over an automated control?
A. Guards are cheaper.
B. Guards do not need pre-employment
screening.
C. Guards do not need training.
D. Guards
can use discriminating judgment.
Explanation:
Guards can use discriminating judgment.
Guards are typically more expensive than automated controls, need training as to the protection requirements of the specific site, and need to be screened and bonded.
Guards can use discriminating judgment.
Guards are typically more expensive than automated controls, need training as to the protection requirements of the specific site, and need to be screened and bonded.
- Muhammad Idham Azhari
Tuesday, July 1, 2014
CISSP Exam Preparation (Question 237)
(237) The European Union
Electronic Signature Directive of January, 2000, defines
an advanced electronic signature. This signature must meet all of the following requirements except
that:
A. It
must be created using means that are generally accessible and available.
B. It must be uniquely linked to the
signatory.
C. It must be linked to the data to which
it relates in such a manner that any
subsequent change of the data is detectable.
D. It must be capable of identifying
the signatory.
Explanation:
The Directive requires that the means be maintained under the sole control of the signatory. This requirement is a particularly difficult one to achieve. One approach is to use different tokens or smart cards for the different transactions involved. The other answers are typical
characteristics of digital signatures that can be implemented with public key cryptography.
The Directive requires that the means be maintained under the sole control of the signatory. This requirement is a particularly difficult one to achieve. One approach is to use different tokens or smart cards for the different transactions involved. The other answers are typical
characteristics of digital signatures that can be implemented with public key cryptography.
- Muhammad Idham Azhari
Subscribe to:
Posts (Atom)