CISSP Official Practice Tests by Mike Chapple, David Seidl

460 AES-based CCMP – attacks

ARP spoofing, 357

AS (authentication server), 365

ASLR, 75

assembly languages, 448

assessment objects, 129

asset security, answers, 327–338

asset values, 13

assurance, 339, 395

asymmetric cryptosystems, 55–56, 74, 269,

339, 345, 437

asynchronous communications, 405

asynchronous tokens, 367

atomicity, 397, 403, 406

attachments to email, 92

attacks, 7, 67, 162, 186, 204

on access controls, 108

aggregation, 343

attack vector, 267

bluesnarfing attacks, 91, 352

botnets and, 176

brute-force, 105, 277–278, 360, 362,

406, 427

buffer overflow, 61, 179, 398

C programming, 186

Caller ID spoofing, 450

classifications, 183

cross-site scripting, 84

data diddling, 239

decoy environments, 288

dictionary, 105, 358, 360

DoS (denial of service), 7, 99, 161, 277,

322, 350, 388, 407, 437, 450

eavesdropping, 450

elevation of privilege attack, 319

embedded scripts, 188

fired employees, 195

hijacking, 186

inbound traffic, 166

individual risk, 164

inference, 406

countermeasures, 193

information disclosure, 326

land attacks, 429

Linux system, 216

AES-based CCMP, 271

aggregation attacks, 343, 382, 395, 443

aggregation functions, 394

Agile approach, 185, 189, 195, 215, 238,

398, 411, 421

Agile Manifesto, 400

agreement types, 159

aircrack-ng, 130, 429

ALE (annualized loss expectancy), 434

analog carrier signals, modulation, 99

annualized loss expectancy, 407

anomaly-based intrusion detection, 444

answers

asset security, 327–338

communication and network security,

347–358

identity and access management, 358–369

practice test 1, 404–417

practice test 2, 418–431

practice test 3, 431–444

practice test 4, 445–457

security and risk management, 318–327

security architecture and engineering,

338–347

security assessment and testing, 369–381

security operations, 381–392

software development, 393–404

antennas, 263, 433, 452

APIs (application programming interfaces),

374, 402, 421, 434, 457

keys, 199, 434

limiting access, 196

application control, 69, 206

application firewalls, 430

application logs, 391

application-level gateway firewall, 422

application-specific protocols, 351

architectural security concepts, 60

architecture security concepts, 341

ARO (annualized rate of occurrence), 19,

164, 324, 326, 387, 420, 434

ARP (Address Resolution Protocol), 86, 350

spoofing, 101

ARP cashing poisoning, 351