Jumat, 19 Juni 2015

CISSP Exam Preparation (Question 301)

(301) When conducting a risk assessment, which one of the following is NOT an acceptable social engineering practice?

A. Shoulder surfing
B. Misrepresentation
C. Subversion
D. Dumpster diving

Correct Answer: A

Explanation/Reference:

Explanation:

Shoulder Surfing: Attackers can thwart confidentiality mechanisms by network monitoring, shoulder surfing, stealing password files, and social engineering. These topics will be address more in-depth in later chapters, but shoulder surfing is when a person looks over another person's shoulder and watches keystrokes or data as it appears on the screen. Social engineering is tricking another person into sharing confidential information by posing as an authorized individual to that information. Shon Harris: CISSP Certification pg. 63. Shoulder surfing is not social engineering.

- Idham Azhari

Jumat, 12 Juni 2015

CISSP Exam Preparation (Question 300)

(300) A new worm has been released on the Internet. After investigation, you have not been able to determine if you are at risk of exposure. Management is concerned as they have heard that a number of their counterparts are being affected by the worm. How could you determine if you are at risk?

A. Evaluate evolving environment.
B. Contact your anti-virus vendor.
C. Discuss threat with a peer in another organization.
D. Wait for notification from an anti-virus vendor.

Correct Answer: B


Explanation/Reference:

- Idham Azhari

Jumat, 05 Juni 2015

CISSP Exam Preparation (Question 299)

(299) Which of the following is not a part of risk analysis?

A. Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated
countermeasures
D. Choose the best countermeasure

Correct Answer: D


Explanation/Reference:

- Idham Azhari

Jumat, 29 Mei 2015

CISSP Exam Preparation (Question 298)

(298) Which one of the following is not one of the outcomes of a vulnerability analysis?

A. Quantative loss assessment
B. Qualitative loss assessment
C. Formal approval of BCP scope and initiation document
D. Defining critical support areas

Correct Answer: C


Explanation/Reference:

- Idham Azhari

Jumat, 22 Mei 2015

CISSP Exam Preparation (Question 297)

(297) Risk analysis is MOST useful when applied during which phase of the system development process?

A. Project identification
B. Requirements definition
C. System construction
D. Implementation planning

Correct Answer: A

Explanation/Reference:

Reference: pg 684 Shon Harris: All-in-One CISSP Certification

- Idham Azhari

Jumat, 15 Mei 2015

CISSP Exam Preparation (Question 296)

(296) Which of the following is not a compensating measure for access violations?

A. Backups
B. Business continuity planning
C. Insurance
D. Security awareness

Correct Answer: D


Explanation/Reference:

- Idham Azhari

Jumat, 08 Mei 2015

CISSP Exam Preparation (Question 295)

(295) Which of the following best explains why computerized information systems frequently fail to meet the needs of users?

A. Inadequate quality assurance (QA) tools
B. Constantly changing user needs
C. Inadequate user participation in defining the system's requirements
D. Inadequate project management.

Correct Answer: C


Explanation/Reference:

- Idham Azhari