Jumat, 25 Juli 2014

CISSP Exam Preparation (Question 255)

(255) The U.S. Uniform Computer Information Transactions Act (UCITA) is a:
A. Model act that is intended to apply uniform legislation to electronic 
credit transactions
B. Model act that is intended to apply uniform legislation to software 
licensing
C. Model act that addresses electronic transactions conducted by financial 
institutions
D. Model act that addresses digital signatures
Explanation:
The National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform Computers Information Transactions Act (UCITA) on July 29, 1999. This legislation, which will have to be enacted state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensingpractices of software vendors. At the present time, shrink-wrap or click-wrap licenses limit rights that are normally granted under copyright law. Under Section 109 of the U.S. 1976 Copyright Act, the first sale provision permits the owner of a particular copy withoutthe authority of the copyright owner, to sell or otherwise dispose of the possession of that copy. However, the software manufacturers use the term license in their transactions. As opposed to the word sale, the term license denotes that the software manufacturers arepermitting users to use a copy of their softwarE . Thus, the software vendor still owns the softwarE . Until each state enacts the legislation, it is not clear if shrink-wrap licenses that restrict users rights under
copyright law are legally enforceablE . For clarification, shrink-wrap
 licenses physically accompany a disk while click-on and active clickwrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use softwarE . The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.

- Idham Azhari

Jumat, 18 Juli 2014

CISSP Exam Preparation (Question 249)

(249) Which of the following alternatives should NOT be used by law enforcement to gain access to a password?
A. Contacting the developer of the software for information to gain access to the computer or network through a back door
B. Compelling the suspect to provide the password
C. Data manipulation and trial procedures applied to the original version of the system hard disk
D. Using password cracker software
Explanation:
The original disk of a computer involved in a criminal investigation should not be used for any experimental purposes since data may be modified or destroyed. Any operations should be conducted on a copy of the system disk. However, the other answers are the preferred methods of gaining access to a password-protected system.
Interestingly, in answer b, there is legal precedent to order a suspect
 to provide the password of a computer that is in the custody of law enforcement.

- Idham Azhari

Kamis, 17 Juli 2014

CISSP Exam Preparation (Question 248)

(248) Which is NOT a recommended way to dispose of unwanted used data media?

A. Copying new data over existing data on diskettes
B. Formatting diskettes seven or more times
C. Shredding paper reports by cleared personnel
D. Destroying CD-ROMs

Explanation:
The correct answer is copying new data over existing data on
 diskettes. While this method might overwrite the older files, if the new data file is smaller than the older data file, recoverable data might exist past the file end marker of the new file.

- Idham Azhari

Rabu, 16 Juli 2014

CISSP Exam Preparation (Question 247)

(247) The recommended optimal relative humidity range for computer operations is:
A. 40% to 60%
B. 10% to 30%
C. 30% to 40%
D. 60% to 80%
Explanation:
The correct answer is C. 40% to 60% relative humidity is recommended for safe computer operations. Too low humidity can create static discharge problems, and too high humidity can create condensation and electrical contact problems.

- Idham Azhari

Selasa, 15 Juli 2014

CISSP Exam Preparation (Question 246)

(246) Which is NOT a type of a fire detector?
A. Smoke-actuated
B. Flame-actuated
C. Gas-discharge
D. Heat-sensing

Explanation:
The correct answer is Gas-discharge. Gas-discharge is a type of fire extinguishing
system, not a fire detection system.

- Idham Azhari

Senin, 14 Juli 2014

CISSP Exam Preparation (Question 245)

(245) Which type of fire extinguishing method contains standing water in the pipe, and therefore generally does not enable a manual shutdown of systems before discharge?
A. Dry Pipe
B. Deluge
C. Wet pipe
D. Preaction

Explanation:
The other three are variations on a dry
 pipe discharge method with the water not standing in the pipe until a fire is detected.

- Idham Azhari

Jumat, 11 Juli 2014

CISSP Exam Preparation (Question 244)

(244) Which type of control below is NOT an example of a physical security access control?
A. Guard dog
B. Audit trail
C. Retinal scanner
D. Five-key programmable lock

- Idham Azhari

Kamis, 10 Juli 2014

CISSP Exam Preparation (Question 243)

(243) A brownout can be defined as a:
A. Prolonged low voltage.
B. Prolonged power loss.
C. Momentary high voltage.
D. Momentary low voltage.
Explanation:
The correct answer is “Prolonged low voltage”.
Answer “prolonged power loss” is a blackout.
Answer “momentary low voltage” is a sag.
Answer “momentary high voltage” is a spike.

- Idham Azhari

Selasa, 08 Juli 2014

CISSP Exam Preparation (Question 242)

(242) Why should extensive exterior perimeter lighting of entrances or parking areas be installed?
A. To enable programmable locks to be used
B. To create two-factor authentication
C. To discourage prowlers or casual intruders
D. To prevent dataremanence
Explanation:
The other answers have nothing to do with lighting.

- Idham Azhari

Senin, 07 Juli 2014

CISSP Exam Preparation (Question 241)

(241) Which choice below is the BEST description of a Central Station Alarm System?
A. Also rings an alarm in the local fire or police station
B. Rings an alarm in the office of the customer
C. Rings an alarm in a central monitoring office of a third-party monitoring firm
D. Rings an audible alarm on the local premises that it protects
Explanation:
Answer “Rings an audible alarm on the local premises that it protects” describes a Local Alarm System.
Answer “Rings an alarm in the office of the customer” describes a Proprietary System.
Answer “Also rings an alarm in the local fire or police station” describes an Auxiliary Station
 System.
- Idham Azhari

Jumat, 04 Juli 2014

CISSP Exam Preparation (Question 240)

(240) Which choice below is NOT a type of motion detector?
A. Audio detection
B. Wave pattern detection
C. Smoke detection
D. Capacitance detection
Explanation:
The other three are examples of intrusion detectors designed to sense unusual movement within a defined interior security area.

- Idham Azhari

Rabu, 02 Juli 2014

CISSP Exam Preparation (Question 238)

(238) Which is a benefit of a guard over an automated control?
A. Guards are cheaper.
B. Guards do not need pre-employment screening.
C. Guards do not need training.
D. Guards can use discriminating judgment.


Explanation:
Guards can use discriminating judgment.
Guards are typically more expensive than automated controls, need
 training as to the protection requirements of the specific site, and need to be screened and bonded.

- Idham Azhari

Selasa, 01 Juli 2014

CISSP Exam Preparation (Question 237)

(237) The European Union Electronic Signature Directive of January, 2000, defines an advanced electronic signature. This signature must meet all of the following requirements except that:
A. It must be created using means that are generally accessible and available.
B. It must be uniquely linked to the signatory.
C. It must be linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
D. It must be capable of identifying the signatory.

Explanation:
The Directive requires that the means be maintained under the sole
 control of the signatory. This requirement is a particularly difficult one to achieve. One approach is to use different tokens or smart cards for the different transactions involved. The other answers are typical
characteristics of digital signatures that can be implemented with
 public key cryptography.

- Idham Azhari