CISSP Practice Questions Exam Cram - pearsoncmg.com

1 CISSP PracticeQuestionsThird EditionMichael GreggCISSP Practice Questions Exam cram , Third EditionCopyright 2013 by Pearson Education, rights reserved. No part of this book shall be reproduced, stored in a retrieval sys-tem, or transmitted by any means, electronic, mechanical, photocopying, recording, orotherwise, without written permission from the publisher. No patent liability isassumed with respect to the use of the information contained herein. Although everyprecaution has been taken in the preparation of this book, the publisher and authorassume no responsibility for errors or omissions. Nor is any liability assumed for dam-ages resulting from the use of the information contained : 978-0-7897-4959-8 ISBN-10: 0-7897-4959-9 Library of Congress Cataloging-in-Publication data is on in the United States of AmericaFirst Printing: September 2012 TrademarksAll terms mentioned in this book that are known to be trademarks or service markshave been appropriately capitalized.

2 Pearson IT Certification cannot attest to the accu-racy of this information. Use of a term in this book should not be regarded as affectingthe validity of any trademark or service and DisclaimerEvery effort has been made to make this book as complete and as accurate as possi-ble, but no warranty or fitness is implied. The information provided is on an as is basis. The author and the publisher shall have neither liability nor responsibility to anyperson or entity with respect to any loss or damages arising from the information con-tained in this book or from the use of the CD or programs accompanying SalesPearson IT Certification offers excellent discounts on this book when ordered in quanti-ty for bulk purchases or special sales. For more information, please Corporate and Government sales outside of the , please contactInternational PublisherDave DusthimerAcquisitions EditorBetsy BrownSenior DevelopmentEditorChristopherClevelandMan aging EditorSandra SchroederSenior ProjectEditorTonya SimpsonCopy EditorSheri CainTechnical EditorsShawn MerdingerPatrick RamseierPublishingCoordinatorVanessa EvansMultimediaDeveloperTimothy WarnerInterior DesignerGary AdairCover DesignerAlan ClementsCompositorTnT Design, at a GlanceIntroduction1 CHAPTER 1:Physical (Environmental) Security5 CHAPTER 2:Access Control31 CHAPTER 3:Cryptography65 CHAPTER 4:Security Architecture and Design99 CHAPTER 5:Telecommunications and Network Security135 CHAPTER 6:Business Continuity and Disaster Recovery Planning171 CHAPTER 7:Legal, Regulations, Investigations, and Compliance 209 CHAPTER 8.

3 Software Development Security237 CHAPTER 9:Information Security, Governance, and Risk Management271 CHAPTER 10:Security Operations301ivCISSP Practice Questions Exam CramTable of This Book Is You Will Find in This for Using This IT Certification Practice Test Engine and Questions on the Further Study?..4 Chapter 1:Physical (Environmental) Questions (True or False)..19 Practice Questions (Mix and Match)..21 Quick-Check Answer and 2:Access Questions (True or False)..49 Practice Questions (Mix and Match)..51 Quick-Check Answer and 3 Questions (True or False)..83 Practice Questions (Mix and Match)..85 Quick-Check Answer and 4:Security Architecture and Questions (True or False)..121 Practice Questions (Mix and Match)..121 Quick Check Answer and 5:Telecommunications and Network Questions (True or False).

4 157 Practice Questions (Mix and Match)..157 Quick Check Answer and 6:Business Continuity and Disaster Recovery Questions (True or False)..193 Practice Questions (Mix and Match)..194 Quick Check Answer and 7:Legal, Regulations, Investigations, and Questions (Mix and Match)..226 Quick Check Answer and 8:Software Development Questions (True or False)..257 Practice Questions (Mix and Match)..258 Quick Check Answer and Practice Questions Exam CramChapter 9:Information Security, Governance, and Risk Questions (True or False)..290 Practice Questions (Mix and Match)..291 Quick Check Answer and 10:Security Questions (True or False)..320 Practice Questions (Mix and Match)..321 Quick Check Answer and the AuthorAs the founder and president of Superior Solutions, Inc., a Houston-based ITsecurity consulting and auditing firm, Michael Gregghas more than 20 yearsof experience in information security and risk management.

5 He holds two asso-ciate s degrees, a bachelor s degree, and a master s degree. Some of the certifica-tions he holds include CISA, CISSP , MCSE, CTT+, A+, N+, Security+, CASP,CCNA, GSEC, CEH, CHFI, CEI, CISA, CISM, CGEIT, and addition to his experience performing security audits and assessments,Michael has authored or coauthored more than 15 books, including CertifiedEthical Hacker Exam Prep(Que), CISSP Exam cram 2 (Que), and SecurityAdministrator Street Smarts(Sybex). He is a site expert for web-sites, such as He also serves on their editorial advisoryboard. His articles have been published on IT websites, and he has been quotedon Fox News and The New York Times. He has created more than 15 security-related courses and training classes for various companies and audits and assessments are where he spends the bulk of his time, teach-ing and contributing to the written body of IT security knowledge are howMichael believes he can give something back to the community that has givenhim so is a board member for Habitat For Humanity and, when not working,Michael enjoys traveling and restoring muscle dedicate this book to those who have been my mentors along the way, because without them, this book would not have been want like to thank everyone who helped make this project a reality, includingBetsy Brown, Chris Cleveland, Shawn Merdinger, Patrick Ramseier.

6 And theentire crew at the Technical ReviewersShawn Merdingeris a security researcher and analyst at the University of FloridaAcademic Health Center. He has worked with Cisco Systems, 3 Com/TippingPoint, and as an independent consultant. His current research focuses onmedical device security, and he is the founder of the MedSec group on regularly presents original research at security/hacker conferences such asDEFCON, Ph-Neutral, ShmooCon, CONfidence, NoConName, O Reilly,CSI, IT Underground, CarolinaCon, and Ramseieris a technical editor and author and manages a team of securi-ty and unified access consultants. He has held several management and techni-cal positions in different security companies over the past 18 years and current-ly works on the Borderless Network Security and Unified Access team for Ciscoin the Bay Area, where he leads a senior consulting team covering the entirewestern United States.

7 Patrick has provided many technical edits/reviews forseveral major publishing companies, including Pearson Education, McGrawHill, Wiley, and Sybex. He has a BA in Business Administration and MIS andholds CCNA, CISSP , and CISCP Practice Questions Exam CramWe Want to Hear from You!As the reader of this book, youare our most important critic and value your opinion and want to know what we re doing right, what we coulddo better, what areas you d like to see us publish in, and any other words of wis-dom you re willing to pass our welcome your comments. You can email or write to let us know what youdid or didn t like about this book as well as what we can do to make our note that we cannot help you with technical problems related to the topic of thisbook. When you write, please be sure to include this book s title and author as well asyour name and email address.

8 We will carefully review your comments and sharethem with the author and editors who worked on the DusthimerAssociate Publisher Pearson IT Certification800 East 96th StreetIndianapolis, IN 46240 USAR eader ServicesVisit our website and register this book at for convenient access to any updates, downloads, or errata that might beavailable for this to the CISSP Practice Questions Exam cram ! This book provides youwith Practice Questions , complete with answers and explanations, that help youlearn, drill, and review for the CISSP certification This Book Is ForIf you have studied the CISSP exam s content, and you believe that you are readyto put your knowledge to the test but you re not sure you want to take the actu-al exam yet, this book is for you! Maybe you have answered other Practice ques-tions or unsuccessfully taken the real exam, reviewed, and wanted to do morepractice Questions before retaking the exam.

9 If so, this book is for you, too!Be aware that the CISSP exam is difficult and challenging; therefore, this bookshouldn t be your only vehicle for CISSP study. Because of the breadth anddepth of knowledge needed to successfully pass the CISSP exam, be sure to useplenty of study material and use this book as a drill, review, and Practice is recommended that you use this book with the CISSP Exam cram , ThirdEdition, by Michael You Will Find in This BookThis book is all about Practice Questions . It is divided into the ten domains thatyou find on the CISSP exam. Each chapter represents a domain, and each chap-ter has three elements:. Practice Questions :This section includes numerous Questions that helpyou learn, drill, and Answer Key:After you finish answering the Questions ,you can quickly grade your exam from this section.

10 Only the correctanswers are given here. No explanations are offered and Explanations:This section gives the correct answers anddetailed explanations about the content posed in that question . Use thisinformation to learn why an answer is correct and reinforce the contentin your mind for exam Practice Questions Exam CramHints for Using This BookBecause this book is a paper Practice product, you might want to complete itsexams on separate pieces of paper so that you can reuse the exams without hav-ing previous answers in your way. Also, a rule of thumb across all Practice - question products is to make sure that you score into the high 90-percent rangein all topics before attempting the actual exam. The higher you score on Practice - question products, the better your chances of passing the real exam.