Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers, Exams of Nursing

CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers

Typology: Exams

2023/2024

Available from 10/29/2023

Wayne-
Wayne- 🇺🇸

5

(3)

615 documents

1 / 61

Toggle sidebar

Related documents


Partial preview of the text

Download CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers and more Exams Nursing in PDF only on Docsity! CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers Cornerstone of infosec. Confidentiality, Integrity, Availability - Correct Answer ✅CIA Triangle prevention of unauthorized disclosure of information; prevention of unauthorized read access to data - Correct Answer ✅Confidentiality (CIA Triangle) prevention of unauthorized modification of data; prevention of unauthorized write access to data - Correct Answer ✅Integrity (CIA Triangle) ensures data is available when needed to authorized users - Correct Answer ✅Availability (CIA Triangle) DAD: disclosure, alteration, destruction - Correct Answer ✅Opposing forces to CIA the process by which a subject professes an identity and accountability is initiated; ex: typing a username, swiping a smart card, waving a proximity device (badging in), speaking a phrase, etc - always a two step process with authenticating - Correct Answer ✅identification CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers verification that a person is who they say they are; ex: entering a password or PIN, biometrics, etc - always a two step process with identifying - Correct Answer ✅authentication verification of a person's access or privileges to applicable data - Correct Answer ✅authorization recording a log of the events and activities related to the system and subjects - Correct Answer ✅auditing (monitoring) reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions - Correct Answer ✅accounting (accountability) a user cannot deny having performed a specific action - Correct Answer ✅non-repudiation CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers 3. physical: locks, fences, walls, etc - Correct Answer ✅3 access/security control categories prevents actions from occurring by applying restrictions on what a user can do. example: privilege level - Correct Answer ✅preventive access control (can be administrative, technical, physical) controls that alert during or after a successful attack; alarm systems, or closed circuit tv - Correct Answer ✅detective access control (can be administrative, technical, physical) repairing a damaged system; often works hand in hand with detective controls (e.g. antivirus software) - Correct Answer ✅corrective access control (can be administrative, technical, physical) controls to restore a system after an incident has occurred; - Correct Answer ✅recovery access control (can be administrative, technical, physical) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers deters users from performing actions on a system - Correct Answer ✅deterrent access control (can be administrative, technical, physical) additional control used to compensate for weaknesses in other controls as needed - Correct Answer ✅compensating access control (can be administrative, technical, physical) risk = threat x vulnerability x impact - Correct Answer ✅risk formula assumes the fair value of an asset reflects the price which comparable assets have been purchased in transactions under similar circumstances - Correct Answer ✅market approach (for calculating intangible assets) the value of an asset is the present value of the future earning capacity that an asset will generate over the rest of its lifecycle - Correct Answer ✅income approach (for calculating intangible assets) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers estimates the fair value based on cost of replacement - Correct Answer ✅cost approach (for calculating intangible assets) percentage of value the asset lost due to incident - Correct Answer ✅exposure factor (EF) asset value (AV) times exposure factor AV x EF = SLE expressed in a dollar value - Correct Answer ✅single loss expectancy (SLE) number of losses suffered per year - Correct Answer ✅annual rate of occurrence (ARO) yearly cost due to risk SLE x ARO = ALE - Correct Answer ✅annualized loss expectancy (ALE) to obtain legal restitution a company must demonstrate a crime was committed, suspect committed that crime, and took reasonable efforts to prevent the crime CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers person who is ultimately responsible for the security and protection of an orgs assets; signs off on all activities and policy; overall success and failure rests on this role - Correct Answer ✅senior manager role responsible for classifying information for placement and protection within policy/solutions; often delegates actual management of the data to a custodian - Correct Answer ✅data owner responsible for implementing the prescribed protection defined by the security policy and senior management; responsible for the day to day tasks of maintaining the data/system - Correct Answer ✅data custodian principles for governance and management of enterprise IT 1. meeting stakeholder needs 2. covering the enterprise end to end 3. applying a single framework 4. enabling a holistic approach 5. separating governance from management - Correct Answer ✅COBIT 5 (control framwork) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers Control Objectives for Information and Related Technology required whenever industry or legal standards are applicable to your organization (NERC CIP, FISMA) - Correct Answer ✅regulatory policy discusses behaviors and activities that are acceptable and defines consequences of violations (most fall into this category) - Correct Answer ✅advisory policy provides information about a specific subject; ex: company goals, mission statements - Correct Answer ✅informative policy Spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege - Correct Answer ✅STRIDE threat categorization goal of gaining access to a target system through the use of a falsified identity; can be used against IP addresses, MAC address, user names, system names, SSIDs, email addresses, etc - Correct Answer ✅spoofing CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers any action resulting in the unauthorized changes or manipulation of data - Correct Answer ✅tampering the ability of a user or attacker to deny having performed a specific action or activity (plausible deniability) - Correct Answer ✅repudiation distribution of private, confidential, or controlled information to external or unauthorized entities - Correct Answer ✅information disclosure attempts to prevent authorized use of a resource. can be accomplished through flaw exploitation, connection overloading, or traffic flooding - Correct Answer ✅denial of service (DoS) a limited user account is transformed into an account with greater privileges and access - Correct Answer ✅elevation of privilege damage potential, reproducibility, exploitability, affected users, discoverability - Correct Answer ✅DREAD threat rating system CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers further extends the protections of the CFAA to systems used in international commerce - Correct Answer ✅National Information Infrastructure Protection Act (1996) requires federal agencies implement an information security program that covers the agency's operations - also requires the inclusion of contractors in their security management programs - Correct Answer ✅Federal Information Security Management Act (FISMA - 2002) guarantees the creators of original works of authorship protection against unauthorized duplication of their work - 70 years after death - Correct Answer ✅copyright US bringing copyright law into compliance with the WIPO; covered attempts to circumvent copyright protection electronically, limited the liability of the IP - Correct Answer ✅Digital Millennium Copyright Act (1998) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers words, slogans, logos used to identify a company or its products; protection is automatic (tm), official registration grants the encircled 'R' notation - Correct Answer ✅trademarks IP rights of inventors; good for 20 years at which it becomes public domain - Correct Answer ✅patents IP that is critical to their business and significant damage would result if disclosed - Correct Answer ✅trade secrets specifically deals with trade secrets; foreign - 500k and 15 years, domestic - 250k and 10 years - Correct Answer ✅espionage act of 1996 UCITA - designed for adoption by each state to provide a common framework for the conduct of computer related business transactions - Correct Answer ✅Uniform Computer Information Transactions Act any information that can identify an individual - Correct Answer ✅personally identifiable information CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers any health related information that can be related to a specific person - Correct Answer ✅protected health information any data that helps an organization maintain a competitive edge - Correct Answer ✅proprietary data applied to information, the unauthorized disclosure of which reasonable could be expected to cause exceptionally grave damage to national security - Correct Answer ✅top secret applied to information, the unauthorized disclosure of which reasonable could be expected to cause serious damage to national security - Correct Answer ✅secret applied to information, the unauthorized disclosure of which reasonable could be expected to cause damage to national security - Correct Answer ✅confidential refers to any data that doesn't meet one of the descriptions for an escalated classification - Correct Answer ✅unclassified CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers combination of processes that removes data from a system of media; ensures data cannot be recovered by any means; can also refer to destruction or trusted purging - Correct Answer ✅sanitization strong magnetic field that erases data; does not affect optical drives or SSDs - Correct Answer ✅degaussing final stage in the life cycle of media and the most secure method of sanitizing media; incineration, crushing, shredding, disintegration, dissolving using caustic/acidic chemicals - Correct Answer ✅destruction (of data) involves retaining and maintaining important information as long as it's needed and destroying it when it is no longer needed - Correct Answer ✅record retention person who owns the system that processes sensitive data; develops the system security plan, maintains the plan, ensures proper security training, updates documentation as needed; typically the same person as the data owner, but not always - Correct Answer ✅system owner CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers any system used to process data; EU Data Protection Law defines as a natural or legal person which processes personal data solely on behalf of the data controller - Correct Answer ✅data processors regulatory program that includes a set of overarcing principles; notice, choice, onward transfer, security, data integrity, access, enforcement - Correct Answer ✅Safe Harbor Program responsible for granting appropriate access to personnel, assigning permissions is the key function; typically use a role based control model - Correct Answer ✅administrators provide a starting point and ensure a minimum security standard; often a standardized control framework - Correct Answer ✅security baselines refers to reviewing baseline security controls and selecting only those that are applicable to the system you are trying to protect - Correct Answer ✅scoping CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers refers to modifying the list of security controls within a baseline so that they align with the mission of the organization - Correct Answer ✅tailoring stored data, resides in a permanent location awaiting access - Correct Answer ✅data at rest "on the wire", data being transmitted across a network between two systems - Correct Answer ✅data in motion the object in which crypto algorithms rely on to maintain their security; usually a large number (often binary), key space is the range of numbers the binary can represent defined by its bit size - Correct Answer ✅cryptographic key AND requires both inputs to be true, represented with the ^ symbol - Correct Answer ✅AND operation OR requires one or both inputs to be true, represented with the v symbol - Correct Answer ✅OR operation CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers SHA-384 > truncated 512 version produces 384 bit MD in 1024 block size - Correct Answer ✅SHA hash family Message Digest 2 developed by the same Rivest from RSA in 1989; secure hash function for 8 bit processors, pads the message so the length is a multiple of 16 bytes, produces checksum and 128 bit message digest - Correct Answer ✅MD2 enhanced version of MD2 to support 32 bit processors; first pads the message up to 64 bits smaller than a multiple of 512 bits; processes 512 bit blocks in 3 rounds of computations to produce 128 bit MD - Correct Answer ✅MD4 yet another enhancement of MD2/4; 4 rounds of computations with 512 bit block size - Correct Answer ✅MD5 combination of public key cryptography and hash functions with 2 goals: 1. enforce nonrepudiation 2. assure the recipient that the message was not altered while in transit - Correct Answer ✅digital signatures CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers various specifications for a digital signature infrastructure as directed by NIST; SHA-2 for hashing - DSA, RSA, Elliptic Curve DSA for encryption - Correct Answer ✅digital signature standard provide assurance that the people they are communicating with are who they claim to be, endorsed copies of an individual's public key (verified by a certificate authority), governed by the international standard X.509 - Correct Answer ✅digital certificates certificates contain the following: - version of X.509 - serial number - signature algorithm identifier - issuer name (the CA) - validity period - subject's name - subject's public key - Correct Answer ✅digital certificate standard X.509 CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers neutral organizations that offer notarization services for digital certificates; identity must be proven; assisted by registration authorities (RAs) - Correct Answer ✅certificate authorities identity proven to CA, other identification documents could be requested, X.509 certificate created, CA then digitally signs the certificate - Correct Answer ✅certificate enrollment verified by checking the digital signature using the public key; key is authentic if = 1. the digital signature of the CA is authentic 2. you trust the CA 3. the certificate is not on the certificate revocation list (CRL) 4. the certificate actually contains the data you are trusting - Correct Answer ✅certificate verification 1. compromise (private key disclosure) 2. erroneously issued (issued without proper verification) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers more susceptible to attacks; usually implemented at the higher OSI layers - Correct Answer ✅end to end encryption architecture that supports secure communications set forth by the Internet Engineering Task Force between two entities; generally to connect 2 networks; modular framework, primary use is for VPNs; commonly paired with Layer 2 Tunneling Protocol (L2TP); two main components - authentication header (AH), encapsulating security payload (ESP) - Correct Answer ✅IP Sec only the packet payload is encrypted; designed for peer to peer communciation - Correct Answer ✅IP Sec transport mode the entire packet, including header, is encrypted; designed for gateway to gateway communication - Correct Answer ✅IP Sec tunnel mode provides 64 and 128 bit encryption over a wireless LAN; part of the IEEE 802.11 standard; this algorithm is no secure, however - Correct Answer ✅wired equivalent privacy (WEP) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers improves on WEP by adding the Temporal Key Integrity Protocol (TKIP); further improvement in WPA2 which adds AES cryptography - Correct Answer ✅wifi protected access (WPA) algebraic manipulation that attempts to reduce the complexity of the algorithm; focus on the logic of the algorithm itself - Correct Answer ✅analytic attack exploits weaknesses in the implementation of the cryptography system; focuses on exploiting the software code - Correct Answer ✅implementation attack exploits statistical weakness such as floating point errors and inability to produce truly random numbers; vulnerability in hardware - Correct Answer ✅statistical attack attempts every possible combination for a key or password; requires massive amounts of processing power - Correct Answer ✅brute force attack CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers counting the number of times each letter appears in the ciphertext - Correct Answer ✅frequency analysis (ciphertext only attack) the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext - Correct Answer ✅known plaintext the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion to discover the key - Correct Answer ✅chosen ciphertext attacker has the ability to encrypt plaintext of their choosing and analyze the ciphertext out of the encryption algorithm - Correct Answer ✅chosen plaintext used to defeat algorithms that use two rounds of encryption; attacker uses known plaintext, encrypted then with every possible key (k1)and the equivalent ciphertext is decrypted with all possible keys (k2) - Correct Answer ✅meet in the middle CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers the subject has some ability to define the objects to access; within limits, the subject is allowed to define a list of objects to access as needed; more dynamic - Correct Answer ✅discretionary access controls separate object that is associated with a resource and describes its security attributes - Correct Answer ✅security token maintains a row of security attributes for each controlled object; not as flexible as a token, but provide for quicker lookups when a request is made - Correct Answer ✅capabilities list permanent part of the object to which it's attached; once it's set, it cannot be altered - Correct Answer ✅security label combination of hardware, software, an controls that work together to form a trusted base to enforce security policy - Correct Answer ✅trusted computing base (TCB) the part of the TCB that validates access to every resource prior to granting access requests - Correct Answer ✅reference monitor CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers the collection of components in the TCB that work together to implement reference monitor functions - Correct Answer ✅security kernel describes a system that is always secure no matter what state it is in; boots into a secure state, maintains a secure state through all transitions, and allows subjects to access resources only in a secure manner - Correct Answer ✅state machine model focuses on the flow of information based on a state machine model; ex: Bell- LaPadula and Biba models; designed to prevent unauthorized, insecure, or restricted information flow often between different levels of security - Correct Answer ✅information flow model loosely based on the information flow model but instead is concerned how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level - Correct Answer ✅noninterference model CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers build on the notion of how inputs and outputs between multiple systems relate to one another - Correct Answer ✅composition theories input for one system comes from the output of another system - Correct Answer ✅cascading (composition theory) one system provides input to another system, which reciprocates by reversing those roles (system A provides input for B and then B provides for A) - Correct Answer ✅feedback (composition theory) one system send input to another system but also send input to external entities - Correct Answer ✅hookup (composition theory) employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object; a subject with the grant right can grant another subject or object any other right they possess - Correct Answer ✅Take-Grant model CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers created to change dynamically based on a user's previous activity; applies to a single integrated database, it seeks to create security domains that are sensitive to the notion of conflict of interest known as a Chinese wall - Correct Answer ✅Brewer and Nash Model the foundation of noninterference conceptual theories; based on predetermining the set or domain that a subject can access - automation theory and domain separation - Correct Answer ✅Goguen-Meseguer Model focused on the secure creation and deletion of both subjects and objects; collection of 8 primary rules or actions that define the boundaries of secure actions: creating an object creating a subject delete an object delete a subject CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers provide read access provide grant access provide delete access provide transfer access - Correct Answer ✅Graham-Denning Model "rainbow series" named for it's color coded books for each subject; the first set of standards that attempted to specify minimum acceptable security criteria for government, agencies, institutions, and businesses; most used is the Orange book - Correct Answer ✅Trusted Computer System Evaluation Criteria (TCSEC) second iteration of the TCSEC that was created originally in Europe; used from 1990-1998, - Correct Answer ✅Information Technology Security Evaluation Criteria (ITSEC) Category A: Verified protection, the highest level of security Category B: Mandatory protection Category C: Discretionary protection Category D: Minimal protection - Correct Answer ✅TCSEC categories CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers discretionary protection (C1): controls access by user IDs and/or groups. systems in this category provide weak protection controlled access protection (C2): users must be identified individually to gain access to objects; must also enforce media cleansing - Correct Answer ✅TCSEC Group C subcategories labeled security (B1): subjects and objects identified by labels; access granted based on matching labels structured protection (B2): same protection as B1 but ensure no covert channels exist; operator and administrator functions are separated, process isolation is maintained security domains (B3): further increases separation and isolation of unrelated processes - Correct Answer ✅TCSEC Group B subcategories applies to network based systems and context - Correct Answer ✅Red Book (Rainbow Series) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers CPU is provided with the actual address of the memory location to access; must be located on the same memory page as the instruction being executed - Correct Answer ✅direct memory addressing CPU supplied with the memory location address but indirect involves addresses who are not on the same page as the current instruction running; may be used as an operand - Correct Answer ✅indirect memory addressing database functions that combine records from one or more tables to produce potentially useful information - Correct Answer ✅database aggregation using several pieces of nonsensitive information to gain access to information that should be classified at a higher level - Correct Answer ✅inference security strategy used to provide a protective multilayer barrier against various forms of attack - Correct Answer ✅defense in depth CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers concept of providing a computing platform and software solution stack as a virtual or cloud based service; provides all the aspects of a platform and offers avoidance of having to purchase and maintain high en hardware and software locally - Correct Answer ✅platform as a service (PaaS) derivative of PaaS; provides on demand online access to specific software applications or suites without the need for local installation - Correct Answer ✅software as a service (SaaS) provides not just on demand operating solutions but complete outsourcing options - Correct Answer ✅infrastructure as a service (IaaS) form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal - Correct Answer ✅grid computing implemented structure similar to the ring model used for operating modes and is applied to each operating system process - Correct Answer ✅layering mechanism CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers "block box" doctrine that says users of an object don't necessarily need to know the details of how the object works - Correct Answer ✅abstraction mechanism ensures the data existing at one level of security is not visible to processes running at different security levels - Correct Answer ✅data hiding mechanism requires that the operating system provide separate memory spaces for each process's instructions and data; OS enforces boundaries - Correct Answer ✅process isolation mechanism prevents the access of information that belongs to a different process/security level; enforces these requirements through the use of hardware controls instead of the OS - Correct Answer ✅hardware segmentation used to pass information over a path that is not normally used for communication; it may not be protected by the system's normal security controls - Correct Answer ✅covert channel CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers formats the packet from the network layer into the proper format for transmission - format is determined by hardware and tech of network - Correct Answer ✅data link layer (layer 2) responsible for adding routing and addressing information to the data; accepts the segment from the transport layer and adds information to it to create a packet - Correct Answer ✅network layer (layer 3) manages the integrity of a connection and controlling the session; controls how devices on the network are addressed or referenced - Correct Answer ✅transport layer (layer 4) establishing, maintaining, and terminating communication sessions between two PCs; manages dialogue control: simplex: one way communication half-duplex: two way communication but only one direction can send data at a time full-duplex: two way communication - data can be sent both directions simultaneously - Correct Answer ✅session layer (layer 5) CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers transforms data received from the application layer into a format that any system following the OSI model can understand; also responsible for encryption and compression - Correct Answer ✅presentation layer (layer 6) interfaces user applications, network services, or OS with the protocol stack; - Correct Answer ✅application layer (layer 7) telnet - terminal emulation network application that supports remote connectivity for executing commands and running applications; does not support transfer of files - Correct Answer ✅TCP port 23 file transfer protocol (FTP) - network application that supports the exchange of files that requires anonymous or specific authentication - Correct Answer ✅TCP ports 20/21 trivial file transfer protocol (TFTP) - supports an exchange of files that does not require authentication - Correct Answer ✅UDP port 69 simple mail transfer protocol (SMTP) - used to transmit email from client to server - Correct Answer ✅TCP port 25 CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers post office protocol (POP3) - pull email messages from an inbox on an email server to an email client - Correct Answer ✅TCP port 110 internet message access protocol (IMAP) - pull email messages from an inbox on an email server to an email client; more secure than POP3 - Correct Answer ✅TCP port 143 dynamic host configuration protocol (DHCP) - uses port 67 for server point to point response and port 68 for client request broadcasts - used to assign TCP/IP settings to systems on bootup - Correct Answer ✅UDP ports 67/68 hypertext transport protocol (HTTP) - used to transmit web page elements from a web server to web browser - Correct Answer ✅TCP port 80 secure sockets layer (SSL) - VPN like security protocol that operates at the transport layer; designed to support HTTPS but is capable fo securing any application layer protocol - Correct Answer ✅TCP port 443 CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers today; based on the LEAP and TKIP cryptosystems and a secret static passphrase; 1 passphrase can be brute-forced and LEAP/TKIP can now both be cracked - Correct Answer ✅Wi-Fi Protected Access (WPA) unrelated to WPA (separate technologies) but was intended to be the original replacement for WEP, WPA2 was used instead; official amendment known as 802.11i; uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (based on AES encryption) - Correct Answer ✅WPA2 encapsulates EAP methods within a TLS tunnel that provides authentication and encryption; EAP is usually not encrypted, so this provides for that - Correct Answer ✅Protected Extensible Authentication Protocol (PEAP) Cisco alternative to TKIP for WPA; known exploit exists and should be avoided if possible; use EAP-TLS in lieu of - Correct Answer ✅Lightweight Extensible Authentication Protocol (LEAP) concept of controlling access to an environment through strict adherence to and implementation of security policy; reduce zero-day attacks, enforce CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers policy, use identities to perform access control - Correct Answer ✅Network Access Control (NAC) essential for managing and controlling network traffic; block or filter traffic; unable to block viruses or malicious code - Correct Answer ✅firewall filters traffic by examining data from the packet header; unable to provide user authentication or tell where a packet originated from; known as first generation firewalls; easy to spoof - Correct Answer ✅static packet filtering firewall also called a proxy firewall; copies packets from one network into another; copy process changes the source and destination addresses to protect identities; filters traffic based on the internet service used to transmit or receive the data - Correct Answer ✅application level gateway firewall used to establish communication sessions between trusted partners; operate on the session layer (layer 5); known as circuit proxies; manage comms based on the circuit, not the content of the traffic - Correct Answer ✅circuit level gateway firewalls CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers known as dynamic packet filtering firewalls; evaluate the state or context of network traffic; able to grant a broader range of access; third generation firewalls and operate on the network and transport layers - Correct Answer ✅stateful inspection firewalls a firewall system with more than one interface; IP forwarding should be disabled; - Correct Answer ✅multihomed firewall concept that each device must maintain local security whether or not its network channels also provide or offer security; - Correct Answer ✅endpoint security combination devices comprising a router and a bridge; attempts to route first but defaults to bridging if that fails; systems on either side are part of different collision domains; used to connect network segments that use the same protocol - Correct Answer ✅brouter connects networks that are using different network protocols; transfers traffic from one network to another by transforming the format of that CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers relies on a stop and start delimiter to manage the transmission of data; best suited for smaller amounts of data as a result - Correct Answer ✅asynchronous communication supports only a single communication channel; uses a direct current applied to the cable; form of a digital signal - Correct Answer ✅baseband can support multiple simultaneous signals; uses frequency modulation to support numerous channels; suitable for high throughput rates - Correct Answer ✅broadband supports communication to all possible recipients - Correct Answer ✅broadcast transmission supports communication to multiple specific recipients - Correct Answer ✅multicast transmission supports only a single communication to a specific recipient - Correct Answer ✅unicast transmission CISSP Exam Questions and Answers (Latest Update 2023-2024) Verified Answers network communications process that protects the contents of protocol packets by encapsulating them in packets of another protocol - Correct Answer ✅tunneling