Good security is built on which of the following concept?
Correct Answer: B
This the best of the four answers as a defense that depends on multiple layers is superior to one where all protection is embedded in a single layer (e.g., a firewall). Defense in depth would include all categories of controls. The Following answers are incorrect: "Concept of a pass through device that only allows certain traffic in and out" is incorrect. This is one definition of a firewall which can be a component of a defense in depth strategy in combination with other measures. "Concept of preventative controls" is incorrect. This is a component of a defense in depth strategy but the core concept is that there must be multiple layers of defenses. "Concept of defensive controls" is incorrect. This is a component of a defense in depth strategy but the core concept is that there must be multiple layers of defenses. References: http://en.wikipedia.org/wiki/Defense_in_depth_(computing) http://www.nsa.gov/snac/support/defenseindepth.pdf
Question 392
The security term that is concerned with the same primary key existing at different classification levels in the same database is:
Correct Answer: C
The security term that is concerned with the same primary key existing at different classification levels in the same database is polyinstantiation. Answer Polymorphism is incorrect because polymorphism is defined as objects of many different classes that are related by some common superclass; thus, any object denoted by this name is able to respond to some common set of operations in a different way. Answer Normalization is incorrect because normalization refers to removing redundant or incorrect data from a database. Answer Inheritance is incorrect because inheritance refers to methods from a class inherited by another subclass.
Question 393
An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long- term risks associated with creating this dependency?
Correct Answer: D
Question 394
Which of the following ciphers is a subset of the Vignere polyalphabetic cipher?
Correct Answer: A
"The Caesar Cipher,...., is a simple substitution cipher that involves shifting the alphabet three positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher. In the Caesar cipher, the message's characters and repetitions of the key are added together, modulo 26. In modulo 26, the letters A to Z of the alphabet are given a value of 0 to 25, respectively." Pg. 189 Krutz: The CISSP Prep Guide: Gold Edition
Question 395
The concentric circle approach is used to
Correct Answer: B
The original answer for this question was C (assess the communications network security) however I think the concentric circle is defining what in the krutz book is know as the security perimeter. To this end this is a reference "A circular security perimeter that is under the access control defines the area or zone to be protected. Preventive/physical controls include fences, badges, multiple doors (man-traps that consists of two doors physically separated so that an individual can be 'trapped' in the space between the doors after entering one of the doors), magnetic card entry systems, biometrics (for identification), guards, dogs, environmental control systems (temperature, humidity, and so forth), and building and access area layout." -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13 This is a standard concentric circle model shown in Figure 1 . If you've never seen this, you haven't had a security lecture. On the outside is our perimeter. We are fortunate to have some defenses on our base. Although some bases don't have people guarding the gates and checking IDs any longer, there's still the perception that it's tougher to commit a crime on a Naval base than it would be at GM. The point is: How much control do we have over fencing and guards? The answer: Not much. The next circle, the red circle, contains your internal access controls. For our purposes, the heart of the red circle is the computer. That's what I want to zero in on. The internal controls are the things you can do to keep people out of your PCs and off your network. http://www.chips.navy.mil/archives/96_oct/file5.htm