Asynchronous Communication transfers data by sending:
Correct Answer: B
Section: Network and Telecommunications Explanation/Reference: Asynchronous Communication transfers data by sending bits of data in irregular timing patterns. In asynchronous transmission each character is transmitted separately, that is one character at a time. The character is preceded by a start bit, which tells the receiving end where the character coding begins, and is followed by a stop bit, which tells the receiver where the character coding ends. There will be intervals of ideal time on the channel shown as gaps. Thus there can be gaps between two adjacent characters in the asynchronous communication scheme. In this scheme, the bits within the character frame (including start, parity and stop bits) are sent at the baud rate. The START BIT and STOP BIT including gaps allow the receiving and sending computers to synchronise the data transmission. Asynchronous communication is used when slow speed peripherals communicate with the computer. The main disadvantage of asynchronous communication is slow speed transmission. Asynchronous communication however, does not require the complex and costly hardware equipments as is required for synchronous transmission. Asynchronous communication is transmission of data without the use of an external clock signal. Any timing required to recover data from the communication symbols is encoded within the symbols. The most significant aspect of asynchronous communications is variable bit rate, or that the transmitter and receiver clock generators do not have to be exactly synchronized. The asynchronous communication technique is a physical layer transmission technique which is most widely used for personal computers providing connectivity to printers, modems, fax machines, etc. An asynchronous link communicates data as a series of characters of fixed size and format. Each character is preceded by a start bit and followed by 1-2 stop bits. Parity is often added to provide some limited protection against errors occurring on the link. The use of independent transmit and receive clocks constrains transmission to relatively short characters (<8 bits) and moderate data rates (< 64 kbps, but typically lower). The asynchronous transmitter delimits each character by a start sequence and a stop sequence. The start bit (0), data (usually 8 bits plus parity) and stop bit(s) (1) are transmitted using a shift register clocked at the nominal data rate. When asynchronous transmission is used to support packet data links (e.g. IP), then special characters have to be used ("framing") to indicate the start and end of each frame transmitted. One character (none as an escape character) is reserved to mark any occurrence of the special characters within the frame. In this way the receiver is able to identify which characters are part of the frame and which are part of the "framing". Packet communication over asynchronous links is used by some users to get access to a network using a modem. Most Wide Area Networks use synchronous links and a more sophisticated link protocol Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 100. and http://en.wikipedia.org/wiki/Asynchronous_communication and http://www.erg.abdn.ac.uk/users/gorry/course/phy-pages/async.html and http://www.ligaturesoft.com/data_communications/async-data-transmission.html
Question 7
What is called the probability that a threat to an information system will materialize?
Correct Answer: B
Risk: The potential for harm or loss to an information system or network; the probability that a threat will materialize. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Pages 16, 32.
Question 8
Which of the following is most likely to be useful in detecting intrusions?
Correct Answer: C
Section: Analysis and Monitoring Explanation Explanation/Reference: If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 186).
Question 9
One of these statements about the key elements of a good configuration process is NOT true
Correct Answer: C
Configuration management isn't about preventing change but ensuring the integrity of IT resources by preventing unauthorised or improper changes. According to the Official ISC2 guide to the CISSP exam, a good CM process is one that can: (1) accommodate change; (2) accommodate the reuse of proven standards and best practices; (3) ensure that all requirements remain clear, concise, and valid; (4) ensure changes, standards, and requirements are communicated promptly and precisely; and (5) ensure that the results conform to each instance of the product. Configuration management Configuration management (CM) is the detailed recording and updating of information that describes an enterprise's computer systems and networks, including all hardware and software components. Such information typically includes the versions and updates that have been applied to installed software packages and the locations and network addresses of hardware devices. Special configuration management software is available. When a system needs a hardware or software upgrade, a computer technician can accesses the configuration management program and database to see what is currently installed. The technician can then make a more informed decision about the upgrade needed. An advantage of a configuration management application is that the entire collection of systems can be reviewed to make sure any changes made to one system do not adversely affect any of the other systems Configuration management is also used in software development, where it is called Unified Configuration Management (UCM). Using UCM, developers can keep track of the source code, documentation, problems, changes requested, and changes made. Change management In a computer system environment, change management refers to a systematic approach to keeping track of the details of the system (for example, what operating system release is running on each computer and which fixes have been applied).
Question 10
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
Correct Answer: B
Section: Access Control Explanation/Reference: The detective/technical control measures are intended to reveal the violations of security policy using technical means. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.