Which of the following is NOT an encryption method used by VPNs (Virtual Private Networks)?
Correct Answer: B
Question 593
What are some of the major differences of Qualitative vs. Quantitative methods of performing risk analysis? (Choose all that apply)
Correct Answer: B,C,D
Question 594
What prevents a process from accessing another process' data?
Correct Answer: B
Section: Security Operation Adimnistration Explanation/Reference: Process isolation is where each process has its own distinct address space for its application code and data. In this way, it is possible to prevent each process from accessing another process' data. This prevents data leakage, or modification to the data while it is in memory. Memory segmentation is a virtual memory management mechanism. The reference monitor is an abstract machine that mediates all accesses to objects by subjects. Data hiding, also known as information hiding, is a mechanism that makes information available at one processing level is not available at another level. Source: HARE, Chris, Security Architecture and Models, Area 6 CISSP Open Study Guide, January 2002.
Question 595
Which approach to a security program ensures people responsible for protecting the company's assets are DRIVING the program?
Correct Answer: B
Section: Risk, Response and Recovery Explanation/Reference: A security program should use a top-down approach, meaning that the initiation, support, and direction come from top management; work their way through middle management; and then reach staff members. In contrast, a bottom-up approach refers to a situation in which staff members (usually IT ) try to develop a security program without getting proper management support and direction. A bottom-up approach is commonly less effective, not broad enough to address all security risks, and doomed to fail. A top-down approach makes sure the people actually responsible for protecting the company's assets (senior management) are driving the program. The following are incorrect answers: The Delphi approach is incorrect as this is for a brainstorming technique. The bottom-up approach is also incorrect as this approach would be if the IT department tried to develop a security program without proper support from upper management. The technology approach is also incorrect as it does not fit into the category of best answer. Reference(s) used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 63). McGraw-Hill. Kindle Edition.
Question 596
A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed:
Correct Answer: B
Explanation/Reference: A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed at both ends of the connection. In fact it would be a Multiplexer at one end and DeMultiplexer at other end or vice versa. Inverse Multiplexer at both end. In electronics, a multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. A multiplexer of 2n inputs has n select lines, which are used to select which input line to send to the output. Multiplexers are mainly used to increase the amount of data that can be sent over the network within a certain amount of time and bandwidth. A multiplexer is also called a data selector. An electronic multiplexer makes it possible for several signals to share one device or resource, for example one A/D converter or one communication line, instead of having one device per input signal. On the other hand, a demultiplexer (or demux) is a device taking a single input signal and selecting one of many data-output-lines, which is connected to the single input. A multiplexer is often used with a complementary demultiplexer on the receiving end. An electronic multiplexer can be considered as a multiple-input, single-output switch, and a demultiplexer as a single-input, multiple-output switch References: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 72. and https://secure.wikimedia.org/wikipedia/en/wiki/Multiplexer