web analytics

(ISC)2

  • [May 2018] Lead2pass Latest (ISC)2 CISSP Exam Questions Free Downloading 2873q

    Lead2pass CISSP Dumps PDF Free Download:

    https://www.lead2pass.com/cissp.html

    QUESTION 31
    Which of the following monitors network traffic in real time?

    A.    network-based IDS
    B.    host-based IDS
    C.    application-based IDS
    D.    firewall-based IDS

    Answer: A
    Explanation:
    This type of IDS is called a network-based IDS because monitors network traffic in real time.

    QUESTION 32
    A host-based IDS is resident on which of the following?

    A.    On each of the critical hosts
    B.    decentralized hosts
    C.    central hosts
    D.    bastion hosts

    Answer: A
    Explanation:
    A host-based IDS is resident on a host and reviews the system and event logs in order to detect an attack on the host and to determine if the attack was successful. All critical serves should have a Host Based Intrusion Detection System (HIDS) installed. As you are well aware, network based IDS cannot make sense or detect pattern of attacks within encrypted traffic. A HIDS might be able to detect such attack after the traffic has been decrypted on the host. This is why critical servers should have both NIDS and HIDS.

    FROM WIKIPEDIA:

    A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system. Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say) a word-processor hasn\’t suddenly and inexplicably started modifying the system password-database. Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check that the contents of these appear as expected.

    One can think of a HIDS as an agent that monitors whether anything/anyone – internal or external – has circumvented the security policy that the operating system tries to enforce. http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system

    QUESTION 33
    Which of the following usually provides reliable, real-time information without consuming network or host resources?

    A.    network-based IDS
    B.    host-based IDS
    C.    application-based IDS
    D.    firewall-based IDS

    Answer: A
    Explanation:
    A network-based IDS usually provides reliable, real-time information without consuming network or host resources.

    QUESTION 34
    The fact that a network-based IDS reviews packets payload and headers enable which of the following?

    A.    Detection of denial of service
    B.    Detection of all viruses
    C.    Detection of data corruption
    D.    Detection of all password guessing attacks

    Answer: A
    Explanation:
    Because a network-based IDS reviews packets and headers, denial of service attacks can also be detected.

    This question is an easy question if you go through the process of elimination. When you see an answer containing the keyword: ALL It is something a give away that it is not the proper answer. On the real exam you may encounter a few question where the use of the work ALL renders the choice invalid. Pay close attention to such keyword.

    The following are incorrect answers:

    Even though most IDSs can detect some viruses and some password guessing attacks, they cannot detect ALL viruses or ALL password guessing attacks. Therefore these two answers are only detractors.
    Unless the IDS knows the valid values for a certain dataset, it can NOT detect data corruption.

    QUESTION 35
    Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

    A.    host-based IDS
    B.    firewall-based IDS
    C.    bastion-based IDS
    D.    server-based IDS

    Answer: A
    Explanation:
    A host-based IDS can review the system and event logs in order to detect an attack on the host and to determine if the attack was successful.

    QUESTION 36
    What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

    A.    It can be very invasive to the host operating system
    B.    Monitors all processes and activities on the host system only
    C.    Virtually eliminates limits associated with encryption
    D.    They have an increased level of visibility and control compared to NIDS

    Answer: A
    Explanation:
    The biggest drawback of HIDS, and the reason many organizations resist its use, is that it can be very invasive to the host operating system. HIDS must have the capability to monitor all processes and activities on the host system and this can sometimes interfere with normal system processing.

    HIDS versus NIDS

    A host-based IDS (HIDS) can be installed on individual workstations and/ or servers to watch for inappropriate or anomalous activity. HIDSs are usually used to make sure users do not delete system files, reconfigure important settings, or put the system at risk in any other way.

    So, whereas the NIDS understands and monitors the network traffic, a HIDS’s universe is limited to the computer itself. A HIDS does not understand or review network traffic, and a NIDS does not “look in” and monitor a system’s activity. Each has its own job and stays out of the other’s way.

    The ISC2 official study book defines an IDS as:
    An intrusion detection system (IDS) is a technology that alerts organizations to adverse or unwanted activity. An IDS can be implemented as part of a network device, such as a router, switch, or firewall, or it can be a dedicated IDS device monitoring traffic as it traverses the network. When used in this way, it is referred to as a network IDS, or NIDS. IDS can also be used on individual host systems to monitor and report on file, disk, and process activity on that host. When used in this way it is referred to as a host-based IDS, or HIDS.

    An IDS is informative by nature and provides real-time information when suspicious activities are identified. It is primarily a detective device and, acting in this traditional role, is not used to directly prevent the suspected attack.

    What about IPS?

    In contrast, an intrusion prevention system (IPS), is a technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. An IPS permits a predetermined set of functions and actions to occur on a network or system; anything that is not permitted is considered unwanted activity and blocked. IPS is engineered specifically to respond in real time to an event at the system or network layer. By proactively enforcing policy, IPS can thwart not only attackers, but also authorized users attempting to perform an action that is not within policy. Fundamentally, IPS is considered an access control and policy enforcement technology, whereas IDS is considered network monitoring and audit technology.

    The following answers were incorrect:
    All of the other answer were advantages and not drawback of using HIDS

    TIP FOR THE EXAM:
    Be familiar with the differences that exists between an HIDS, NIDS, and IPS. Know that IDS’s are mostly detective but IPS are preventive. IPS’s are considered an access control and policy enforcement technology, whereas IDS’s are considered network monitoring and audit technology.

    QUESTION 37
    Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?

    A.    signature-based IDS
    B.    statistical anomaly-based IDS
    C.    event-based IDS
    D.    inferent-based IDS

    Answer: A

    QUESTION 38
    Which of the following is an issue with signature-based intrusion detection systems?

    A.    Only previously identified attack signatures are detected.
    B.    Signature databases must be augmented with inferential elements.
    C.    It runs only on the windows operating system
    D.    Hackers can circumvent signature evaluations.

    Answer: A
    Explanation:
    An issue with signature-based ID is that only attack signatures that are stored in their database are detected.
    New attacks without a signature would not be reported. They do require constant updates in order to maintain their effectiveness.

    QUESTION 39
    Which of the following is an IDS that acquires data and defines a “normal” usage profile for the network or host?

    A.    Statistical Anomaly-Based ID
    B.    Signature-Based ID
    C.    dynamical anomaly-based ID
    D.    inferential anomaly-based ID

    Answer: A
    Explanation:
    Statistical Anomaly-Based ID – With this method, an IDS acquires data and defines a “normal” usage profile for the network or host that is being monitored.

    QUESTION 40
    Which of the following is most relevant to determining the maximum effective cost of access control?

    A.    the value of information that is protected.
    B.    management’s perceptions regarding data importance.
    C.    budget planning related to base versus incremental spending.
    D.    the cost to replace lost data.

    Answer: A
    Explanation:
    The cost of access control must be commensurate with the value of the information that is being protected.

    CISSP dumps full version (PDF&VCE): https://www.lead2pass.com/cissp.html

    Large amount of free CISSP exam questions on Google Drive: https://drive.google.com/open?id=1393N8RayZN4QJ8sxg6_3cIRxwNv8QGTq

  • [May 2018] Free Lead2pass (ISC)2 CAP Dumps VCE Download 405q

    Free Lead2pass (ISC)2 CAP Exam Questions Download:

    https://www.lead2pass.com/cap.html

    QUESTION 31
    In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

    A.    Full operational test
    B.    Walk-through test
    C.    Penetration test
    D.    Paper test

    Answer: C

    QUESTION 32
    Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

    A.    Phase 4
    B.    Phase 3
    C.    Phase 2
    D.    Phase 1

    Answer: B

    QUESTION 33
    Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

    A.    Safeguards
    B.    Preventive controls
    C.    Detective controls
    D.    Corrective controls

    Answer: D

    QUESTION 34
    Which of the following roles is also known as the accreditor?

    A.    Chief Risk Officer
    B.    Data owner
    C.    Designated Approving Authority
    D.    Chief Information Officer

    Answer: C

    QUESTION 35
    In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

    A.    Phase 2
    B.    Phase 3
    C.    Phase 1
    D.    Phase 4

    Answer: B

    QUESTION 36
    What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

    A.    Configuration Management System
    B.    Project Management InformationSystem
    C.    Scope Verification
    D.    Integrated Change Control

    Answer: A

    QUESTION 37
    A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it’ll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?

    A.    Add the identified risk to a quality control management control chart.
    B.    Add the identified risk to the risk register.
    C.    Add the identified risk to the issues log.
    D.    Add the identified risk to the low-level risk watchlist.

    Answer: B

    QUESTION 38
    Which of the following concepts represent the three fundamental principles of information security?
    Each correct answer represents a complete solution. Choose three.

    A.    Privacy
    B.    Integrity
    C.    Availability
    D.    Confidentiality

    Answer: BCD

    QUESTION 39
    Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

    A.    Chief Information Security Officer
    B.    Senior Management
    C.    Information Security Steering Committee
    D.    Business Unit Manager

    Answer: B

    QUESTION 40
    Your organization has a project that is expected to last 20 months but the customer would really like the project completed in 18 months. You have worked on similar projects in the past and believe that you could fast track the project and reach the 18 month deadline. What increases when you fast track a project?

    A.    Risks
    B.    Costs
    C.    Resources
    D.    Communication

    Answer: A

    CAP dumps full version (PDF&VCE): https://www.lead2pass.com/cap.html

    Large amount of free CAP exam questions on Google Drive: https://drive.google.com/open?id=1-r0YSwCbXcNQ-OMWyTTqOvJ9XWNIRbjP

  • [April 2018] Lead2pass 2018 New (ISC)2 CISSP Braindump Free Download 2873q

    Lead2pass CISSP Exam Questions Guarantee CISSP Certification Exam 100% Success:

    https://www.lead2pass.com/cissp.html

    QUESTION 21
    What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

    A.    False Rejection Rate (FRR) or Type I Error
    B.    False Acceptance Rate (FAR) or Type II Error
    C.    Crossover Error Rate (CER)
    D.    True Rejection Rate (TRR) or Type III Error

    (more…)

  • [April 2018] Easily Pass CAP Exam By Training Lead2pass New (ISC)2 VCE Dumps 405q

    Easily Pass CAP Exam With Lead2pass New CAP VCE And PDF Dumps:

    https://www.lead2pass.com/cap.html

    QUESTION 21
    Which of the following is an entry in an object’s discretionary access control list (DACL) that grants permissions to a user or group?

    A.    Access control entry (ACE)
    B.    Discretionary access control entry (DACE)
    C.    Access control list (ACL)
    D.    Security Identifier (SID) (more…)

  • [March 2018] New Lead2pass (ISC)2 CISSP New Questions Free Download 2873q

    New Released Exam CISSP PDF Free From the Lead2pass:

    https://www.lead2pass.com/cissp.html

    QUESTION 11
    Which one of the following factors is NOT one on which Authentication is based?

    A.    Type 1 Something you know, such as a PIN or password
    B.    Type 2 Something you have, such as an ATM card or smart card
    C.    Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
    D.    Type 4 Something you are, such as a system administrator or security administrator

    (more…)

  • [March 2018] Free Version Lead2pass (ISC)2 CAP PDF Dumps With Exam Questions Download 405q

    Lead2pass 100% Valid CAP Exam Questions PDF Free Download:

    https://www.lead2pass.com/cap.html

    QUESTION 11
    The phase 3 of the Risk Management Framework (RMF) process is known as mitigation planning.
    Which of the following processes take place in phase 3?
    Each correct answer represents a complete solution. Choose all that apply.

    A.    Identify threats, vulnerabilities, and controls that will be evaluated.
    B.    Document and implement a mitigation plan.
    C.    Agree on a strategy to mitigate risks.
    D.    Evaluate mitigation progress and plan next assessment. (more…)

  • [January 2018] Latest CISSP Dumps PDF Free Download In Lead2pass 2873q

    Latest CISSP Dumps PDF Free Download In Lead2pass 100% CISSP Exam Pass Guaranteed:

    https://www.lead2pass.com/cissp.html

    QUESTION 1
    The type of discretionary access control (DAC) that is based on an individual’s identity is also called:

    A.    Identity-based Access control
    B.    Rule-based Access control
    C.    Non-Discretionary Access Control
    D.    Lattice-based Access control (more…)

  • [January 2018] Try Lead2pass Latest (ISC)2 CAP Dumps To Pass The Exam Successfully 405q

    Updated CAP New Questions From Lead2pass Free Downloading:

    https://www.lead2pass.com/cap.html

    QUESTION 1
    DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December 1997. What phases are identified by DIACAP?
    Each correct answer represents a complete solution. Choose all that apply.

    A.    Validation
    B.    Re-Accreditation
    C.    Verification
    D.    System Definition
    E.    Identification
    F.    Accreditation (more…)