c. Prohibit eavesdropping or the interception of message contents. d. Established a category of sensitive information called Sensitive But Unclassified (SBU). Answer: a The correct answer is a. Answer b is part of the U.S. Computer Fraud and Abuse Act. Answer c is part of the U.S. Electronic Com- munications Privacy Act. Answer d is part of the U.S. Computer Security Act. 8. What does the prudent man rule require? a. Senior officials to post performance bonds for their actions b. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances c. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur d. Senior officials to follow specified government standards Answer: b The correct answer is b. Answer a is a distracter and is not part of the prudent man rule. Answer c is incorrect because it is not possible to guarantee that breaches of security can never occur. Answer d is incorrect because the prudent man rule does not refer to a specific government standard but relates to what other prudent persons would do. 9. Information Warfare is: a. Attacking the information infrastructure of a nation to gain military and/or economic advantages. b. Developing weapons systems based on artificial intelligence technology. c. Generating and disseminating propaganda material. d. Signal intelligence. Answer: a The correct answer is a. Answer b is a distracter and has to do with weapon systems development. Answer c is not applicable. Answer d is the conventional acquisition of information from radio signals. 10. The chain of evidence relates to: a. Securing laptops to desks during an investigation. b. DNA testing. c. Handling and controlling evidence. d. Making a disk image. Answer: c The correct answer is c. Answer a relates to physical security; answer b is a type of biological testing; and answer d is part of the act of gathering evidence. Answers to Sample and Bonus Questions 657 11. The Kennedy-Kassebaum Act is also known as: a. RICO b. OECD c. HIPAA d. EU Directive Answer: c The correct answer is c. The others refer to other laws or guide- lines. 12. Which of the following refers to a U.S. Government program that reduces or eliminates emanations from electronic equipment? a. CLIPPER b. ECHELON c. ECHO d. TEMPEST Answer: d The correct answer is d. Answer a refers to the U.S. government Escrowed Encryption Standard. Answer b refers to the large-scale monitoring of RF transmissions. Answer c is a distracter. 13. Imprisonment is a possible sentence under: a. Civil (tort) law b. Criminal law c. Both civil and criminal law d. Neither civil nor criminal law Answer: b The correct answer is b. It is the only one of the choices where imprisonment is possible. 14. Which one of the following conditions must be met if legal electronic monitoring of employees is conducted by an organization? a. Employees must be unaware of the monitoring activity. b. All employees must agree with the monitoring policy. c. Results of the monitoring cannot be used against the employee. d. The organization must have a policy stating that all employees are regularly notified that monitoring is being conducted. Answer: d The correct answer is d. Answer a is incorrect because employees must be made aware of the monitoring if it is to be legal; answer b is incorrect because employees do not have to agree with the policy; and answer c is incorrect because the results of monitoring might be used against the employee if the corporate policy is violated. 658 The CISSP Prep Guide: Gold Edition 15. Which of the following is a key principle in the evolution of computer crime laws in many countries? a. All members of the United Nations have agreed to uniformly define and prosecute computer crime. b. Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime. c. The definition of property was extended to include electronic infor- mation. d. Unauthorized acquisition of computer-based information without the intent to resell is not a crime. Answer: c The correct answer is c. Answer a is incorrect because all nations do not agree on the definition of computer crime and corresponding punishments. Answer b is incorrect because the existing laws can be applied against computer crime. Answer d is incorrect because in some countries, possession without intent to sell is considered a crime. 16. The concept of Due Care states that senior organizational management must ensure that: a. All risks to an information system are eliminated. b. Certain requirements must be fulfilled in carrying out their responsi- bilities to the organization. c. Other management personnel are delegated the responsibility for information system security. d. The cost of implementing safeguards is greater than the potential resultant losses resulting from information security breaches. Answer: b The correct answer is b. Answer a is incorrect because all risks to information systems cannot be eliminated; answer c is incorrect because senior management cannot delegate its responsibility for information system security under due care; and answer d is incor- rect because the cost of implementing safeguards should be less than or equal to the potential resulting losses relative to the exercise of due care. 17. Liability of senior organizational officials relative to the protection of the organizations information systems is prosecutable under: a. Criminal law. b. Civil law. c. International law. d. Financial law. Answer: b Answers to Sample and Bonus Questions 659 18. Responsibility for handling computer crimes in the United States is assigned to: a. The Federal Bureau of Investigation (FBI) and the Secret Service. b. The FBI only. c. The National Security Agency (NSA). d. The Central Intelligence Agency (CIA). Answer: a The correct answer is a, making the other answers incorrect. 19. In general, computer-based evidence is considered: a. Conclusive. b. Circumstantial. c. Secondary. d. Hearsay. Answer: d The correct answer is d. Answer a refers to incontrovertible evi- dence; answer b refers to inference from other, intermediate facts; and answer c refers to a copy of evidence or oral description of its content. 20. Investigating and prosecuting computer crimes is made more difficult because: a. Backups may be difficult to find. b. Evidence is mostly intangible. c. Evidence cannot be preserved. d. Evidence is hearsay and can never be introduced into a court of law. Answer: b The correct answer is b. Answer a is incorrect because if backups are done, they usually can be located. Answer c is incorrect because evidence can be preserved using the proper procedures. Answer d is incorrect because there are exceptions to the hearsay rule. 21. Which of the following criteria are used to evaluate suspects in the com- mission of a crime? a. Motive, Intent, and Ability b. Means, Object, and Motive c. Means, Intent, and Motive d. Motive, Means, and Opportunity Answer: d 22. 18 U.S.C. §2001 (1994) refers to: a. Article 18, U.S. Code, Section 2001, 1994 edition. b. Title 18, University of Southern California, Article 2001, 1994 edition. 660 The CISSP Prep Guide: Gold Edition c. Title 18, Section 2001 of the U.S. Code, 1994 edition. d. Title 2001 of the U.S. Code, Section 18, 1994 edition. Answer: c 23. What is enticement? a. Encouraging the commission of a crime when there was initially no intent to commit a crime b. Assisting in the commission of a crime c. Luring the perpetrator to an attractive area or presenting the perpetra- tor with a lucrative target after the crime has already been initiated d. Encouraging the commission of one crime over another Answer: c The correct answer is c, the definition of enticement. Answer a is the definition of entrapment. Answers b and d are distracters. 24. Which of the following is NOT a computer investigation issue? a. Evidence is easy to obtain. b. The time frame for investigation is compressed. c. An expert may be required to assist. d. The information is intangible. Answer: a The correct answer is a. In many instances, evidence is difficult to obtain in computer crime investigations. Answers b, c, and d are computer investigation issues. 25. Conducting a search without the delay of obtaining a warrant if destruc- tion of evidence seems imminent is possible under: a. Federal Sentencing Guidelines. b. Proximate Causation. c. Exigent Circumstances. d. Prudent Man Rule. Answer: c The correct answer is c. The other answers refer to other principles, guidelines, or rules. Bonus Questions 1. The U.S. Government Tempest program was established to thwart which one of the following types of attacks? a. Denial of Service b. Emanation Eavesdropping Answers to Sample and Bonus Questions 661 c. Software Piracy d. Dumpster Diving Answer: b The correct answer is b. The Tempest program required shielding and other emanation reducing safeguards to be employed on comput- ers processing classified data. The other answers are types of attacks against computers, but are not the focus of the Tempest program. 2. Which entity of the U.S. legal system makes “common laws?” a. Administrative agencies b. Legislative branch c. Executive branch d. Judicial branch Answer: d The correct answer is d. The judicial decisions made in the courts generate common law. Answer a, administrative agencies, create administrative laws and the legislative branch, answer b, generates statutory laws. The executive branch, answer c, does not make laws. 3. Which one of the following items is NOT TRUE concerning the Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)? a. It allows Web sites to express their privacy practices in a standard for- mat that can be retrieved automatically and interpreted easily by user agents. b. It allows users to be informed of site practices in human-readable for- mat. c. It does not provide the site privacy practices to users in machine-read- able format. d. It automates decision-making based on the site’s privacy practices when appropriate. Answer: c The correct answer is c. In addition to the capabilities in answers a, b, and d, P3P does provide the site privacy practices to users in machine-readable format. 4. Which one of the following is NOT a recommended practice regarding electronic monitoring of employees’ email? a. Apply monitoring in a consistent fashion. b. Provide individuals being monitored with a guarantee of email privacy. c. Inform all that e-mail is being monitored by means of a prominent log-in banner. d. Explain who is authorized to read monitored email. 662 The CISSP Prep Guide: Gold Edition Answer: b The correct answer is b. No guarantee of e-mail privacy should be provided or implied by the employer. 5. Discovery, recording, collection, and preservation are part of what process related to the gathering of evidence? a. Admissibility of evidence b. The chain of evidence c. The evidence life cycle d. Relevance of evidence Answer: c The correct answer is c. The evidence life cycle covers the evidence gathering and application process. Answer a refers to certain require- ments that evidence must meet to be admissible in court. Answer b, the chain of evidence, is comprised of steps that must be followed to protect the evidence. Relevance of evidence, answer d, is one of the requirements of evidence admissibility. 6. Relative to legal evidence, which one of the following correctly describes the difference between an expert and a nonexpert in delivering an opinion? a. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to facts. b. A nonexpert can offer an opinion based on personal expertise and facts, but an expert can testify only as to facts. c. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to personal opinion. d. An expert can offer an opinion based on facts only, but a nonexpert can testify only as to personal opinion. Answer: a The correct answer is a. The other answers are distracters. 7. What principle requires corporate officers to institute appropriate protections regarding the corporate intellectual property? a. Need-to-know b. Due care c. Least privilege d. Separation of duties Answer: b The correct answer is b. The Federal Sentencing Guidelines state, “The officers must exercise due care or reasonable care to carry out their responsibilities to the organization.” The other answers are information security principles but are distracters in this instance. Answers to Sample and Bonus Questions 663 8. If C represents the cost of instituting safeguards in an information system and L is the estimated loss resulting from exploitation of the corresponding vulnerability, a legal liability exists if the safeguards are not implemented when: a. C/L = a constant b. C>L c. C<L d. C = 2L Answer: c The correct answer is c. If the cost to implement the safeguards is less than the estimated loss that would occur if the corresponding vulnerability were successfully exploited, then a legal liability exists. The other answers are distracters. Chapter 10—Physical Security Sample Questions 1. The recommended optimal relative humidity range for computer opera- tions is: a. 10%–30% b. 30%–40% c. 40%–60% d. 60%–80% Answer: c The correct answer is c. 40% to 60% relative humidity is recom- mended for safe computer operations. Too low humidity can create static discharge problems, and too high humidity can create conden- sation and electrical contact problems. 2. How many times should a diskette be formatted to comply with TCSEC Orange Book object reuse recommendations? a. Three b. Five c. Seven d. Nine Answer: c The correct answer is c. Most computer certification and accredita- tion standards recommend that diskettes be formatted seven times to prevent any possibility of data remanence. 664 The CISSP Prep Guide: Gold Edition 3. Which of the following more closely describes the combustibles in a Class B-rated fire? a. Paper b. Gas c. Liquid d. Electrical Answer: c The correct answer is c. Paper is described as a common com- bustible and is therefore rated a class A fire. An electrical fire is rated Class C. Gas is not defined as a combustible. 4. Which of the following is NOT the proper suppression medium for a Class B fire? a. CO 2 b. Soda Acid c. Halon d. Water Answer: d The correct answer is d. Water is not a proper suppression medium for a class B fire. The other three are commonly used. 5. What does an audit trail or access log usually NOT record? a. How often a diskette was formatted b. Who attempted access c. The date and time of the access attempt d. Whether the attempt was successful Answer: a The correct answer is a, how often a diskette was formatted. The other three answers are common elements of an access log or audit trail. 6. A brownout can be defined as a: a. Prolonged power loss. b. Momentary low voltage. c. Prolonged low voltage. d. Momentary high voltage. Answer: c The correct answer is c. Answer a, prolonged power loss, is a black- out; answer b, momentary low voltage, is a sag; and d, momentary high voltage, is a spike. 7. A surge can be defined as a(n): a. Prolonged high voltage b. Initial surge of power at start Answers to Sample and Bonus Questions 665 c. Momentary power loss d. Steady interfering disturbance Answer: a The correct answer is a. Answer b, initial surge of power at start or power on, is called an inrush; c, momentary power loss, is a fault; and d, a steady interfering disturbance, is called noise. 8. Which is NOT a type of a fire detector? a. Heat-sensing b. Gas-discharge c. Flame-actuated d. Smoke-actuated Answer: b The correct answer is b. Gas-discharge is a type of fire extinguish- ing system, not a fire detection system. 9. Which of the following is NOT considered an acceptable replacement for Halon discharge systems? a. FA200 b. Inergen (IG541) c. Halon 1301 d. Argon (IG55) Answer: c The correct answer is c. Existing installations are encouraged to replace Halon 1301 with one of the substitutes listed. 10. Which type of fire extinguishing method contains standing water in the pipe, and therefore generally does not enable a manual shutdown of systems before discharge? a. Dry Pipe b. Wet pipe c. Preaction d. Deluge Answer: b The correct answer is b. The other three are variations on a dry pipe discharge method with the water not standing in the pipe until a fire is detected. 11. Which type of control below is NOT an example of a physical security access control? a. Retinal scanner b. Guard dog 666 The CISSP Prep Guide: Gold Edition [...]... Availability d All of the above Answer: d The correct answer is d, confidentiality, because the data can now be read by someone outside of a monitored environment; availability, 667 6 68 The CISSP Prep Guide: Gold Edition 16 17 18 19 because the user has lost the computing ability provided by the unit; and integrity, because the data residing on and any telecommunications from the portable are now suspect... CCTV Answer: b The correct answer is b Which choice below describes the reason for using cable locks on workstations? a To prevent unauthorized access to the network from the unit b To prevent the robbery of the unit c To prevent unauthorized downloading of data to the unit’s floppy drive d To prevent the unit from being powered on Answer: b 671 672 The CISSP Prep Guide: Gold Edition The correct answer... disruption to a third party, such as an insurance carrier d Analyzing the effects of a business disruption and preparing the company’s response Answer: a The correct answer is a The goal of risk mitigation is to reduce risk to a level acceptable to the organization Therefore risk needs to 673 674 The CISSP Prep Guide: Gold Edition be defined for the organization through risk analysis, business impact assessment,... management has the final responsibility through due care and due diligence to preserve the capital of the organization and further its business model through the implementation of a security program While senior management does not have the functional role of managing security procedures, it has the ultimate responsibility to see that business continuity is preserved 679 680 The CISSP Prep Guide: Gold Edition. .. requirements The information owner for information stored within, processed by, or transmitted by a system may or may not be the same as the System Owner Also, a single system may utilize information from multiple Information Owners The Information Owner is responsible for establishing the rules for appropriate use and protection of the subject data/information (rules of 685 686 The CISSP Prep Guide: Gold Edition. .. adversely impact the organization and/or its employees Public This classification applies to all other information that does not clearly fit into any of the preceding three classifications While its unauthorized disclosure is against policy, it is not 687 688 The CISSP Prep Guide: Gold Edition expected to impact seriously or adversely the organization, its employees, and/or its customers The designated... operating procedures) 675 676 The CISSP Prep Guide: Gold Edition I I Guidelines are similar to standards but are recommended actions I I Procedures are the detailed steps that must be performed for any task 6 Which choice below is a role of the Information Systems Security Officer? a The ISO establishes the overall goals of the organization’s computer security program b The ISO is responsible for day-to-day... system or the users In general, the more “real-time” an activity is, the more it falls into the category of monitoring Source: NIST Special Publication 80 014, Generally Accepted Principles and Practices for Securing Information Technology Systems 683 684 The CISSP Prep Guide: Gold Edition 18 Which statement below is accurate about the difference between issuespecific and system-specific policies? a... owners c The Information Owner is responsible for defining the system’s operating parameters d The System Owner is responsible for establishing the rules for appropriate use of the information Answer: b The System Owner is responsible for ensuring that the security plan is prepared and for implementing the plan and monitoring its effectiveness The System Owner is responsible for defining the system’s... Publication 80 0-30, Risk Management Guide for Information Technology Systems 15 Which statement below is accurate about the reasons to implement a layered security architecture? a A layered security approach is not necessary when using COTS products b A good packet-filtering router will eliminate the need to implement a layered security architecture 681 682 The CISSP Prep Guide: Gold Edition c A layered security . because the results of monitoring might be used against the employee if the corporate policy is violated. 6 58 The CISSP Prep Guide: Gold Edition 15. Which of the following is a key principle in the. 18 U.S.C. §2001 (1994) refers to: a. Article 18, U.S. Code, Section 2001, 1994 edition. b. Title 18, University of Southern California, Article 2001, 1994 edition. 660 The CISSP Prep Guide: Gold. detection b. Capacitance detection 670 The CISSP Prep Guide: Gold Edition c. Smoke detection d. Audio detection Answer: c The correct answer is c. The other three are examples of intrusion detectors