Which of the following controls related to physical security is NOT an administrative control?
Correct Answer: B
Explanation/Reference: Explanation: Alarms are an example of a physical control type, not an administrative control. Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as "soft controls" because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting. Incorrect Answers: A: Personnel controls are an example of an administrative control. Therefore, this answer is incorrect. C: Training is an example of an administrative control. Therefore, this answer is incorrect. D: Emergency response and procedures are an example of an administrative control. Therefore, this answer is incorrect. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 28
Question 252
A code, as is pertains to cryptography:
Correct Answer: C
Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. Codes are only useful for specialized circumstances where the message to transmit has an already defined equivalent ciphertext word. Source: DUPUIS, Cl?ment, CISSP Open Study Guide on domain 5, cryptography, April 1999.
Question 253
Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?
Correct Answer: B
Question 254
For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?
Correct Answer: A
Question 255
Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?