ISC CISSP Study Guide Archives Updated on Oct 12, 2022 [Q36-Q57]

Explanation/Reference:
Explanation:
Packet sniffing is the process of intercepting data as it is transmitted over a network.
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.
Incorrect Answers:
B: Sniffers do not alter the source address of a computer to disguise and exploit weak authentication methods. This describes IP spoofing.
C: Sniffers do not take over network connections. Session Hijacking tools allow an attacker to take over network connections, kicking off the legitimate user or sharing a login.
D: Sniffers do not send IP fragments to a system that overlap with each other. This describes a Malformed Packet attack. Malformed Packet attacks are a type of DoS attack that involves one or two packets that are formatted in an unexpected way. Many vendor product implementations do not take into account all variations of user entries or packet types. If software handles such errors poorly, the system may crash when it receives such packets. A classic example of this type of attack involves sending IP fragments to a system that overlap with each other (the fragment offset values are incorrectly set. Some unpatched Windows and Linux systems will crash when the encounter such packets.
References:
http://www.techopedia.com/definition/4113/sniffer

The other answers are not correct because of the following protocol/port numbers matrix:
Post Office Protocol (POP2) 109 Network News Transfer Protocol 119 NetBIOS 139

An Evaluation Assurance Level (EAL) is one of seven increasingly
rigorous packages of assurance requirements from CC Part 3. Each
numbered package represents a point on the CCs predefined assurance
scalE. An EAL can be considered a level of confidence in the security
functions of an IT product or system. The EALs have been developed
with the goal of preserving the concepts of assurance drawn from the
source criteria, such as the Trusted Computer System Evaluation
Criteria (TCSEC), Information Technology Security Evaluation Criteria
(ITSEC), or Canadian Trusted Computer Evaluation Criteria (CTCPEC),
so that results of previous evaluations remain relevant. EAL levels 2O7 are generally equivalent to the assurance portions of the TCSEC C2-A1 scale, although exact TCSEC mappings do not exist.
*Answer “A security level equal to the security level of the objects to which the subject has both read and write access” is the definition of Subject Security Level. Asubjects security level is equal to the security level of the objects to which it has both read and write access. A subjects security level must always be dominated by the clearance of the user with which the subject is associated.
* Answer “A statement of intent to counter specified threats” describes a Security
Objective, which is a statement of
intent to counter specified threats and/or satisfy specified organizational security policies and assumptions.
*Answer “Requirements that specify the security behavior of an IT product or system” describes Security Functional Requirements. These are requirements, preferably from CC Part 2, that when taken together
specify the security behavior of an IT product or system.
Source: CC Project and DoD 5200.28-STD.

A Public Key is also known as an asymmetric algorithm and the use of a secret key would be a symmetric algorithm.
The following answers are incorrect:
Use of the recipient’s public key for encryption and decryption based on the recipient’s private key.
Is incorrect this would be known as an asymmetric algorithm.
Use of software encryption assisted by a hardware encryption accelerator. This is incorrect, it is a
distractor.
Use of Elliptic Curve Encryption. Is incorrect this would use an asymmetric algorithm.

It is usually responsible for maintaining and protecting the data.
The following answers are incorrect:
Data owner is usually a member of management , in charge of a specific business unit and is ultimately responsible for the protection and use of the information.
User is any individual who routinely uses the data for work-related tasks.
Security administrator’s tasks include creating new system user accounts , implementing new security software.
References : Shon Harris AIO v3 , Chapter – 3: Security Management Practices , Pages :
99 – 103

Monitoring employee performance is not an example of security
management, or a job function of the Information Security Officer.
Employee performance issues are the domain of human resources
and the employee’s manager. The other three choices are appropriate
practice for the information security area.

A Polymorphic virus produces varied but operational copies of itself in hopes of evading anti-virus software.
The following answers are incorrect:
boot sector. Is incorrect because it is not the best answer. A boot sector virus attacks the boot sector of a drive. It describes the type of attack of the virus and not the characteristics of its composition.
parasitic. Is incorrect because it is not the best answer. A parasitic virus attaches itself to other files but does not change its characteristics.
stealth. Is incorrect because it is not the best answer. A stealth virus attempts to hide changes of the affected files but not itself.

Section: Software Development Security

Section: Security Operations

In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity – information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (“endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use. The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be considered to be like a passport: it identifies the holder, tends to last for a long time,
and should not be trivial to obtain. An AC is more like an entry visa: it is typically issued by a
different authority and does not last for as long a time. As acquiring an entry visa typically requires
presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service
providers and are typically applied to platforms such as Microsoft Smartphone (and related),
Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the mobile
terminal client distribution (ie. the mobile phone operating system or application environment) to
include one or more root certificates each associated with a set of capabilities or permissions such
as “update firmware”, “access address book”, “use radio interface”, and the most basic one,
“install and execute”. When a developer wishes to enable distribution and execution in one of
these controlled environments they must acquire a certificate from an appropriate CA, typically a
large commercial CA, and in the process they usually have their identity verified using out-of-band
mechanisms such as a combination of phone call, validation of their legal entity through
government and commercial databases, etc., similar to the high assurance SSL certificate vetting
process, though often there are additional specific requirements imposed on would-be
developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign
their software; generally the software signed by the developer or publisher’s identity certificate is
not distributed but rather it is submitted to processor to possibly test or profile the content before
generating an authorization certificate which is unique to the particular software release. That
certificate is then used with an ephemeral asymmetric key-pair to sign the software as the last step
of preparation for distribution. There are many advantages to separating the identity and
authorization certificates especially relating to risk mitigation of new content being accepted into
the system and key management as well as recovery from errant software which can be used as
attack vectors.
References:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page
540. http://en.wikipedia.org/wiki/Attribute_certificate http://en.wikipedia.org/wiki/Public_key_certificate

In digital computers, a bit is in either a one or zero state. In a quantum computer, through linear superposition, a quantum bit can be in both states, essentially simultaneously. Thus, computations consisting
of trail evaluations of binary patterns can take place simultaneously
in exponential time. The probability of obtaining a correct result is
increased through a phenomenon called constructive interference of
light while the probability of obtaining an incorrect result is decreased through destructive interference. Answer a describes optical computing that is effective in applying Fourier and other transformations to data to perform high-speed computations. Light representing large volumes of data passing through properly shaped physical objects can be subjected
to mathematical transformations and recombined to provide the appropriate results. However, this mode of computation is not defined as quantum computing. Answers c and d are diversionary answers that
do not describe quantum computing.

Explanation/Reference:
Explanation:
The system development life cycle (SDLC) is the process of developing an information system. The SDLC includes the Initiation, Development and Acquisition, Implementation, Operation and Maintenance and Disposal phases.
The initiation phase includes determining the system’s goals and feasibility. The systems feasibility includes its system requirements and how well they match with operational processes. The requirements of a contingency plan should be analyzed based on the system’s requirements and design.
Incorrect Answers:
B: Contingency planning is most important in the initiation phase, not the Development/acquisition phase. It is important to create a contingency plan in the earliest possible stage of a project.
C: Contingency planning is most important in the initiation phase, not the Implementation phase. The contingency plan should be created before the system is implemented.
D: Contingency planning is most important in the initiation phase, not the operation/maintenance phase. It is important to create a contingency plan in the earliest possible stage of a project, not after the system has been deployed.
References:
EC-Council, Disaster Recovery, Cengage Learning, Andover, 2010, pp 4-11

The object-relational and object-oriented models are better suited to managing complex data such as required for computer-aided design and imaging.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44.

Explanation/Reference:
Explanation:
Although society has evolved to be extremely dependent upon technology in the workplace, people are still the key ingredient to a successful company. But in security circles, people are often the weakest link.
Either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel causes more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment failure. Although the future actions of individuals cannot be predicted, it is possible to minimize the risks by implementing preventive measures. These include hiring the most qualified individuals, performing background checks, using detailed job descriptions, providing necessary training, enforcing strict access controls, and terminating individuals in a way that protects all parties involved.
Incorrect Answers:
B: Software generally does what it is configured to do. It is not considered the weakest link in a security system.
C: It is easy to configure secure communications where they are required. Communications are not considered the weakest link in a security system.
D: Hardware generally does what it is configured to do. It is not considered the weakest link in a security system.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 126

This is a valid Class A reserved address. For Class A, the reserved addresses are 10.0.0.0 – 10.255.255.255.
The following answers are incorrect:
11.0.42.5 Is incorrect because it is not a Class A reserved address.
12.0.42.5 Is incorrect because it is not a Class A reserved address.
13.0.42.5 Is incorrect because it is not a Class A reserved address.
The private IP address ranges are defined within RFC 1918:
RFC 1918 private ip address range
References:
3Com http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf
AIOv3 Telecommunications and Networking Security (page 438)