An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
Correct Answer: B
Question 372
Which of the following is the preferred way to suppress an electrical fire in an information center?
Correct Answer: A
It must be noted that Halon is now banned in most countries or cities. The reason CO2 is preferred in an information center is the agent is considered a clean agent, as well as non-conductive. The agent evaporates and does not leave a residue on the equipment. CO2 can be hazardous to people so special care must be taken when implemented. Water may be a sound solution for large physical areas such as warehouses, but it is entirely inappropriate for computer equipment. A water spray can irreparably damage hardware more quickly than encroaching smoke or heat. Gas suppression systems operate to starve the fire of oxygen. In the past, Halon was the choice for gas suppression systems; however, Halon leaves residue, depletes the ozone layer, and can injure nearby personnel. NOTE FROM CLEMENT: For the purpose of the exam do not go outside of the 4 choices presented. YES, it is true that there are many other choices that would be more adequate for a Data Centre. An agent such as IG-55 from Ardent would probably be a better choice than CO2, however it is NOT in the list of choices. You will also notice that Shon Harris and Krutz and Vines disagree on which one is the best. This is why you must do your own research to supplement the books, sometimes books could be opiniated as well. When in doubt refer to the official book and look at what is ISC2 view of the topic and which one ISC2 considers to be the best for the exam. ISC2 recommends also the following: Aero-K - uses an aerosol of microscopic potassium compounds in a carrier gas released from small canisters mounted on walls near the ceiling. The Aero-K generators are not pressurized until fire is detected. The Aero-K system uses multiple fire detectors and will not release until a fire is "confirmed" by two or more detectors (limiting accidental discharge). The gas is non-corrosive, so it does not damage metals or other materials. It does not harm electronic devices or media such as tape or discs. More important, Aero-K is nontoxic and does not injure personnel. FM-200 - is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure vision. It leaves no residue and has acceptable toxicity for use in occupied spaces at design concentration. FM-200 does not displace oxygen and, therefore, is safe for use in occupied spaces without fear of oxygen deprivation. The following are incorrect choices: Water or Soda/Acid & Halon: (old water extinguishers) will damage sensitive equipment as well as conduct electricity which could endanger the life of the person using such a fire extinghisher. Halon has been banned due to the Montreal Protocol. ABC rated Dry chemical extinguishers: They are suitable for electrically energized fires, but they are not acceptable on sensitive equipment. It is like throwing a couple kilograms of flour in around in a room. It is extremely hard to clean off of equipment and some of the chemicals are corrosive in nature. Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 25609-25612). Auerbach Publications. Kindle Edition. and http://www.ehs.ucf.edu/labsafe/safemgequip.html or http://www.osha.gov/doc/outreachtraining/htmlfiles/extmark.html
Question 373
Which choice below is NOT an accurate statement about an organization's incident-handling capability?
Correct Answer: C
An organization should address computer security incidents by developing an incident-handling capability. The incident-handling capability should be used to: Provide the ability to respond quickly and effectively. Contain and repair the damage from incidents. When left unchecked, malicious software can significantly harm an organization's computing, depending on the technology and its connectivity. Containing the incident should include an assessment of whether the incident is part of a targeted attack on the organization or an isolated incident. Prevent future damage. An incident-handling capability should assist an organization in preventing (or at least minimizing) damage from future incidents. Incidents can be studied internally to gain a better understanding of the organization's threats and vulnerabilities. Source: NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems.
Question 374
This tape format can be used to backup data systems in addition to its original intended audio used by:
Correct Answer: A
Digital Audio Tape (DAT or R-DAT) is a signal recording and playback medium introduced by Sony in 1987. In appearance it is similar to a compact audio cassette, using 1/8" magnetic tape enclosed in a protective shell, but is roughly half the size at 73 mm x 54 mm x 10.5 mm. As the name suggests the recording is digital rather than analog, DAT converting and recording at the same rate as a CD (44.1 kHz sampling rate and 16 bits quantization) without data compression. This means that the entire input signal is retained. If a digital source is copied then the DAT will produce an exact clone. The format was designed for audio use, but through an ISO standard it has been adopted for general data storage, storing from 4 to 40 GB on a 120 meter tape depending on the standard and compression (DDS-1 to DDS-4). It is, naturally, sequential-access media and is commonly used for backups. Due to the higher requirements for integrity in data backups a computer-grade DAT was introduced.
Question 375
Which of the following is a symmetric encryption algorithm?
Correct Answer: C
RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length, encrypts through integer addition, the application of a bitwise Exclusive OR (XOR), and variable rotations. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 153).