The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP:
Correct Answer: D
Control is not a behavior characteristic described in the Code of Ethics. See a high level extract of the code below. I strongly suggest you visit the link below to get the full details of the code. You will be require to accept and agree to the code of ethics in order to become a CISSP. https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/Code_of_ethics/ISC2-Code-of- Ethics.pdf Summary of the Code: All information systems security professionals who are certified by (Isc)2 recognize that such certification is a privilege that must be both earned and maintained. In support of this principle, all (Isc)2 members are required to commit to fully support this Code of Ethics (the "Code"). (Isc)2 members who intentionally or knowingly violate any provision of the Code will be subject to action by a peer review panel, which may result in the revocation of certification. (Isc)2 members are obligated to follow the ethics complaint procedure upon observing any action by an (ISC)2 member that breach the Code. Failure to do so may be considered a breach of the Code pursuant to Canon IV. There are only four mandatory canons in the Code. By necessity, such high-level guidance is not intended to be a substitute for the ethical judgment of the professional. Code of Ethics Preamble: The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this Code is a condition of certification. Code of Ethics Canons: Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect the profession. The following answers are incorrect: morality Is incorrect because Morality is a behavior characteristic described in the Code of Ethics. Act honorably, honestly, justly, responsibly, and legally. ethicality Is incorrect because Ethicality is a behavior characteristic described in the Code of Ethics. Act honorably, honestly, justly, responsibly, and legally. legal. Is incorrect because Legality is a behavior characteristic described in the Code of Ethics. Act honorably, honestly, justly, responsibly, and legally. Reference(s) used for this question: ISC2 Code of Ethics at https://www.isc2.org/ethics/Default.aspx and https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/Code_of_ethics/ISC2-Code-of- Ethics.pdf
Question 322
Examine the following characteristics and identify which answer best indicates the likely cause of this behavior: - Core operating system files are hidden - Backdoor access for attackers to return - Permissions changing on key files - A suspicious device driver - Encryption applied to certain files without explanation - Logfiles being wiped
Correct Answer: A
Rootkits are software that is designed to get, keep and provide access to attackers by hooking into key components of the operating system like the kernel or system drivers. Rootkits commonly try to hide their presence by affecting operating system functionality and can subvert detection software like Antivirus Scanners. Removing a rootkit may be impossible because the software can irrevocably change components of the operating system. The OS may need to be completely reinstalled to remove the infestation. At any rate, a computer infected with ANY malware should never be trusted again and infestation should be mitigated by a completely new install of the OS from trusted media. The following answers are incorrect: - User-Mode Rootkit: This isn't correct because User-mode rootkits don't include device drivers. - Malware: This isn't a bad answer but it isn't as specific as the correct answer. Malware is a very broad term that describes any software that is written to do something nefarious. - Kernel-mode Badware: This isn't really a computer term. But it should be. The following reference(s) was used to create this question: 2 013. Official Security+ Curriculum.
Question 323
During which phase of an IT system life cycle are security requirements developed?
Correct Answer: C
Explanation/Reference: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the security requirement phase, transforms requirements, including the security requirements, into a complete System Design Document. Incorrect Answers: A: The operation phase describes tasks to operate in a production environment, and is not concerned with development of security requirements. B: The initiation phase starts when a sponsor identifies a need or an opportunity. During this phase a Concept Proposal, but no security requirements, is created. D: In the implementation phase the system is implemented into a product production environment. The security requirements have already been developed long before this phase. References: Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012, p. 1095
Question 324
Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?
Correct Answer: B
Question 325
Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?