CISSP Mock Exam Quiz: MCQ!

Explanation
For -> ( A deception active response fools the attacker into thinking the attack is succeeding while monitoring the activity and potentially redirecting the attacker to a system that is designed to be broken. This allows the operator or administrator to gather data about how the attack is unfolding and what techniques are being used in the attack. This process is referred to as sending them to the honey pot.)
For -> ( Reference: Security + (SYBEX) page 183)

Explanation
For -> ( Fiber, as a media, is relatively secure because it cannot be easily tapped. It is the strongest to defeat against EMI and RFI in my opinion.)
For -> ( Reference: Security + (SYBEX) page 147 )

Explanation
For -> ( A certificate is really nothing more than a mechanism that associates the public key with an individual.)
For -> ( Reference: Security + (SYBEX) page 332)

Explanation
For -> ( Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. A social engineering attack may occur over the phone, be e-mail, or by a visit.)
For -> ( Reference: Security + (SYBEX) page 87 )

Explanation
In this scenario, the broken window serves as a vulnerability that could potentially be exploited by a threat. If the window is not repaired, the vulnerability remains, and the likelihood of the threat occurring increases because there is still an avenue for unauthorized access or security breaches. Failure to address and mitigate known vulnerabilities can lead to an increased risk of threats being realized. For -> ( Reference: Security + (SYBEX) page 87 )

Explanation
For -> ( Keep in mind that cost and best level of security is asked for. To keep all the servers in one room along with the vital components with a security measure added to the room will provide what is asked for.)

Explanation
For -> ( Graphical explanation of 6 steps to Digital Handshake for SSL ) For -> ( Note: The handshake begins when a browser connects to an SSL-enabled server and asks the server to send back its identification, a digital certificate that usually contains the server name, the trusted certifying authority, and the server public encryption key. The browser can contact the server of the trusted certifying authority and confirm that the certificate is authentic before proceeding. The browser then presents a list of encryption algorithms and hashing functions (used to generate a number from another); the server picks the strongest encryption that it also supports and notifies the client of the decision. In order to generate the session keys used for the secure connection, the browser uses the server public key from the certificate to encrypt a random number and send it to the server. The client can encrypt this data, but only the server can decrypt it: this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The server replies with more random data (which doesn’t have to be encrypted), and then both parities use the selected hash functions on the random data to generate the session keys. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session keys. The SSL handshake allows the establishment of a secured connection over an insecure channel. Even if a third party were to listen to the conversation, it would not be able to obtain the session keys. The process of creating good random numbers and applying hash functions can be quite slow, but usually the session keys are cached, so the handshake occurs only on the first connection between the parties. This process works on top of HTTP, so it's portable to any platform that supports it and is in principle applicable to other protocols as well (Welling 2001, p.334). The process described is part of SSL version 2.0, but version 3.0 is supposed to replace it soon. Another standard, Transport Layer Security (TSL) is still in draft and is supposed to replace SSL in the future.)

Explanation
For -> ( The method used in these attacks place a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.) 

Explanation
For -> ( The expansion and contraction that occurs during the normal heating and cooling cycles of your system can cause chips and cards, over time, to inch lose from sockets or slots.)

Explanation
For -> ( Internet Message Access Protocol v4 uses port 143 and TCP for connections. POP3 uses port 110 and TCP for connections and therefore can be filtered out to decrease unnecessary exposure.) 

Explanation
For -> ( A virus is a piece of software designed to infect a computer system. The virus may do nothing more than reside on the computer. A virus may also damage the data on your hard disk, destroy your operating system, and possibly spread to other systems.)