Processor card contains which of the following components?
Correct Answer: C
Processor cards contain memory and a processor. They have remarkable data processing capabilities. Very often the data processing power is used to encrypt/decrypt data, which makes this type of card a very unique personal identification token. Data processing also permits dynamic storage management, which enables the realization of flexible multifunctional cards.
CISSP Exam Question 52
Which of the following answers presents the MOST significant threat to network based IDS or IPS systems?
Correct Answer: A
Explanation/Reference: Explanation: Encrypted network packets present the biggest threat to an effective IDS/IPS plan because the network traffic cannot easily be decoded and examined. Encrypted packets cannot be examined by the IDS to determine if there is a threat there so in most cases the traffic is just forwarded along with the potential threat. There is an industry where a company provides examination services for your network traffic, acting like a proxy server for all your network traffic. You simply send them copies of your certificates so they can decode the traffic. This is common in the financial industry where violating federal law or being sued by federal investigators for insider trading can lead to business collapse. The external company examines all the network traffic coming and going from your network for potential liabilities. Incorrect Answers: B: Complex IDS/IPS Signature syntax: IDS/IPS signatures can be complex but this is not the MOST significant threat to the functionality of an IDS/IPS system. C: Digitally Signed Network Packets: This is not threat to IDS/IPS systems looking for dangerous network traffic. D: Segregated VLANs are only a threat if the IDS/IPS system is not monitoring traffic on the segregated VLAN. VLANs can present barriers to IDS/IPS systems spotting dangerous traffic. There is an easy solution to VLANs and IDS/IPS systems and that would be simply placing an IDS/IPS sensor on that VLAN and set it up to send its traffic to the IDS/IPS management system.
CISSP Exam Question 53
What allows a relation to contain multiple rows with a same primary key?
Correct Answer: C
Explanation/Reference: Explanation: Polyinstantiation enables a table, which is also known as a relation, to contain multiple tuples with the same primary keys, with each instance distinguished by a security level. Incorrect Answers: A: A relational database management system (RDBMS) is a database management system (DBMS) that is based on the relational model. The database management system (DBMS) is a software suite that is used to manage access to the database and provides data integrity and redundancy. It is usually controlled by a database administrator. B: Polymorphism is a concept in object-oriented programming in which objects are created from the same parent class but have overload operators and performing different methods. D: Polyinstantiation does allow a relation (table) to contain multiple tuples (rows) with the same primary key. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 1136, 1170, 1186 http://en.wikipedia.org/wiki/Polyinstantiation https://en.wikipedia.org/wiki/Relational_database_management_system https://en.wikipedia.org/wiki/Polymorphism_(computer_science)
CISSP Exam Question 54
The Spiral Model of the software development process (B.W. Boehm, A Spiral Model of Software Development and Enhancement, IEEE Computer, May, 1988) uses the following metric relative to the spiral:
Correct Answer: B
The radial dimension represents cumulative cost and the angular dimension represents progress made in completing each cycle of the spiral. The spiral model is actually a meta-model for software development processes. Asummary of the stages in the spiral is as follows: The spiral begins in the top, left-hand quadrant by determining the objectives of the portion of the product being developed, the alternative means of implementing this portion of the product, and the constraints imposed on the application of the alternatives. Next, the risks of the alternatives are evaluated based on the objectives and constraints. Following this step, the relative balances of the perceived risks are determined. The spiral then proceeds to the lower right-hand quadrant where the development phases of the projects begin. A major review completes each cycle and then the process begins anew for succeeding phases of the project. Typical succeeding phases are software product design, integration and test plan development, additional risk analyses, operational prototype, detailed design, code, unit test, acceptance test, and implementation. The other answers are distracters.
