CISSP Official Practice Tests by Mike Chapple, David Seidl

Chapter 10: Practice Test 2 427

84. C. Trusted paths that secure network traffic from capture and link encryption are both
    ways to help prevent man-in-the-middle attacks. Brute-force and dictionary attacks can
    both be prevented using back-off algorithms that slow down repeated attacks. Log analysis
    tools can also create dynamic firewall rules, or an IPS can block attacks like these in real
    time. Spoofed login screens can be difficult to prevent, although user awareness training
    can help.


85. D. The four canons of the (ISC)^2 code of ethics are to protect society, the common good,
    necessary public trust and confidence, and the infrastructure; act honorably, honestly,
    justly, responsibly, and legally; provide diligent and competent service to principals; and
    advance and protect the profession.


86. A. The emergency response guidelines should include the immediate steps an
    organization should follow in response to an emergency situation. These include
    immediate response procedures, a list of individuals who should be notified of the
    emergency, and secondary response procedures for first responders. They do not include
    long-term actions such as activating business continuity protocols, ordering equipment,
    or activating DR sites.

8 7. C. Security Assertion Markup Language (SAML) is the best choice for providing
authentication and authorization information, particularly for browser-based SSO. HTML
is primarily used for web pages, SPML is used to exchange user information for SSO, and
XACML is used for access control policy markup.

88. D. Individuals with specific business continuity roles should receive training on at least an
    annual basis.


89. B. Triple DES functions by using either two or three encryption keys. When used with
    only one key, 3DES produces weakly encrypted ciphertext that is the insecure equivalent
    of DES.


90. The IP addresses match with the descriptions as follows:
    
    
    1. 1 0.14.124.240: B. Private IP address.
    
    
    2. 1 27.0.0.1: D. Loopback address.
    
    
    3. 1 29.74.250.100: A. Public IP address.
    
    
    4. 1 69.254.103.17: C. APIPA address.
    
    
    5. 1 92.168.15.10: B. Private IP address.
    
    
    6. 2 16.15.1.10: A. Public IP address.
       Private (RFC 1918) addresses are in the range 10.0.0.0 to 10.255.255.255, 172.16.0.0
       to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. APIPA addresses are as-
       signed between 169.254.0.01 and 169.254.255.254, and 127.0.0.1 is a loopback
       address (although technically the entire 127.x.x.x network is reserved for loopback).
       Public IP addresses are the rest of the addresses in the space.