Which tape format type is mostly used for home/small office backups?
Correct Answer: A
QIC technology utilizates belt-driven dual-hub cartridges containing integral tape motion and guidance mechanisms, providing a rich spectrum of compatible solutions across a wide range of PC system platforms. QIC reliability is unsurpassed by any other removable storage technology. Reliability can be measured both in mean-time-between failure (MTBF) and, more practically, as a function of drive duty cycles. QIC has a worldwide installed base in excess of 15 million drives -- more than twice that of any alternate removable storage technology -- a level of acceptance that would have been unachievable without rock-solid reliability. QIC is the most common tape solution for SOHO.
Question 92
What does "residual risk" mean?
Correct Answer: A
Residual risk is "The security risk that remains after controls have been implemented" ISO/IEC TR 13335-1 Guidelines for the Management of IT Security (GMITS), Part 1: Concepts and Models for IT Security, 1996. "Weakness of an assets which can be exploited by a threat" is vulnerability. "The result of unwanted incident" is impact. Risk that remains after risk analysis has been performed is a distracter. Risk can never be eliminated nor avoided, but it can be mitigated, transferred or accpeted. Even after applying a countermeasure like for example putiing up an Antivirus. But still it is not 100% that systems will be protected by antivirus.
Question 93
Which of the following is needed for System Accountability?
Correct Answer: A
Explanation/Reference: Explanation: Accountability is the ability to identify users and to be able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Incorrect Answers: B: Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. C: Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. D: Formal verification involves Validating and testing highly trusted systems. It does not, however, involve System Accountability. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 203, 248-250, 402.
Question 94
which of the following example is NOT an asymmetric key algorithms?
Correct Answer: C
AES is an example of Symmetric Key algorithm. After DES was used as an encryption standard for over 20 years and it was cracked in a relatively short time once the necessary technology was available, NIST decided a new standard, the Advanced Encryption Standard (AES), needed to be put into place . In January 1997 , NIST announced its request for AES candidates and outlined the requirements in FIPS PUB 197. AES was to be a symmetric block cipher supporting key sizes of 128, 192, and 256 bits. The following five algorithms were the finalists: * MARS Developed by the IBM team that created Lucifer * RC6 Developed by RSA Laboratories * Serpent Developed by Ross Anderson, Eli Biham, and Lars Knudsen * Twofish Developed by Counterpane Systems * Rijndael Developed by Joan Daemen and Vincent Rijmen Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192 , and 256 bits. The number of rounds depends upon the size of the block and the key length: * If both the key and block size are 128 bits, there are 10 rounds. * If both the key and block size are 192 bits, there are 12 rounds. * If both the key and block size are 256 bits, there are 14 rounds. When preparing for my CISSP exam, i came across this post by Laurel Marotta at the URL below: http://cissp-study.3965.n7.nabble.com/CCCure-CISSP-Study-Plan-to-crack-CISSP- clarification-td401.html This tips was originally contributed by Doug Landoll Here is an easy way to remember the types of crypto cipher: The sentence to remember is: DEER MRS H CARBIDS Asymmetric: encrypt with 1 key, decrypt with other Key exchange. A key pair: Public and Private. Services: Confidentiality, Nonrepudiation, Integrity, Digital Signature D - Diffie-Hellman E - El Gamal: DH +nonrepudiation E - ECC R - RSA Hash- one-way algorithm, no key M - MD5 R - RIPEMD (160) S - SHA (3) H - Haval (v) Symmetric: Encryption, one key C - CAST A - AES: 128k, 10r; 192k, 12 r; 256k, 14r R - RC4, RC5, RC6 B - BLOWFISH:23-448k, 64bit block I - IDEA : 128k, 64bit block D - DES-64-bit block, 16r S - SERPENT The following answers are all incorrect because they are all Asymmetric Crypto ciphers: Elliptic curve cryptosystem(ECC) Diffie-Hellman Merkle-Hellman Knapsack The following reference(s) were/was used to create this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 809). McGraw- Hill . Kindle Edition.
Question 95
Which of the following answers is the BEST example of Risk Transference?
Correct Answer: A
When we operate an organizational information system we are accepting a tolerable level of risk to allow the business functions to operate. There may be risks you are not qualified to accept or risks you would be better off having undertaken by an outside entity. A classic example is having your popular web server hosted by a web hosting agency which completely relieves you of the risks associated with that. Another example is insurance where you offload the risk to an insurance agency and pay them to accept the risk. When we transfer risk we are giving the risk to someone else to accept and it could be for a number of reasons. Expense primarily but it could also be performance, offers of better service elsewhere, legal reasons and other reasons. The following answers are incorrect: - Results of Cost Benefit Analysis: This might be involved in the process of Risk Mitigation but it isn't part of Risk Transference. Sorry, wrong answer. - Acceptance: This isn't correct because accepting the risk is the opposite of transferring the risk to someone else. - Not hosting the services at all: Sorry, this defines Risk Avoidance. The following reference(s) was used to create this question: 2 013. Official Security+ Curriculum.