Which of the following type of lock uses a numeric keypad or dial to gain entry?
Correct Answer: B
The combination door lock or cipher lock uses a numeric key pad, push button, or dial to gain entry, it is often seen at airport gate entry doors and smaller server rooms. The combination should be changed at regular interval or whenever an employee with access is transferred, fired or subject to disciplinary action. This reduces risk of the combination being known by unauthorized people. A cipher lock, is controlled by a mechanical key pad, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry. The drawback is someone looking over a shoulder can see the combination. However, an electric version of the cipher lock is in production in which a display screen will automatically move the numbers around, so if someone is trying to watch the movement on the screen they will not be able to identify the number indicated unless they are standing directly behind the victim. Remember locking devices are only as good as the wall or door that they are mounted in and if the frame of the door or the door itself can be easily destroyed then the lock will not be effective. A lock will eventually be defeated and its primary purpose is to delay the attacker. For your exam you should know below types of lock Bolting door lock - These locks required the traditional metal key to gain entry. The key should be stamped "do not duplicate" and should be stored and issued under strict management control. Biometric door lock - An individual's unique physical attribute such as voice, retina, fingerprint, hand geometry or signature, activate these locks. This system is used in instances when sensitive facilities must be protected such as in the military. Electronic door lock - This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism. The following were incorrect answers: Bolting door lock - These locks required the traditional metal key to gain entry. The key should be stamped "do not duplicate" and should be stored and issued under strict management control. Biometric door lock - An individual's unique body features such as voice, retina, fingerprint,, hand geometry or signature, activate these locks. This system is used in instances when extremely sensitive facilities must be protected such as in the military. Electronic door lock - This system uses a magnetic or embedded chip based plastic card key or token entered into a sensor reader to gain access. A special code internally stored in the card or token is read by sensor device that then activates the door locking mechanism. Following reference(s) were/was used to create this question: CISA review manual 2014 Page number 376 and Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25144-25150). Auerbach Publications. Kindle Edition.
Question 192
Which of the following could illegally capture network user passwords?
Correct Answer: B
Sniffing is the action of capture the information going over the network. Most popular way of connecting computers is through Ethernet. Ethernet protocol works by sending packet information to all the hosts on the same circuit. The packet header contains the proper address of the destination machine. Only the machine with the matching address is suppose to accept the packet. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode. Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net by capturing password in an illegal fashion.
Question 193
How often should an independent review of the security controls be performed, according to OMB Circular A-130?
Correct Answer: C
The correct answer is "Every three years". OMB Circular A-130 requires that a review of the security controls for each major government application be performed at least every three years. For general support systems, OMB Circular A-130 requires that the security controls be reviewed either by an independent audit or self review. Audits can be selfadministered or independent (either internal or external). The essential difference between a self-audit and an independent audit is objectivity; however, some systems may require a fully independent review. Source: Office of Management and Budget Circular A-130, revised November 30, 2000 .
Question 194
Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program?
Correct Answer: A
Question 195
The term failover refers to:
Correct Answer: D
The correct answer is "Switching to a duplicate, hot backup component". Failover means switching to a hot backup system that maintains duplicate states with the primary system. Answer "Terminating processing in a controlled fashion" refers to fail safe, and answers Resiliency and A fail-soft system refer to fail soft.