CISSP 2016－2018 Brain Dumps(考生注意：本真题回忆建议答案仅供参考)2018.11.281、In Mandatory Access Control, sensitivity labels attached to objects contain what information?A. The item's classificationB. The item's classification and category setC. The item's categoryD. The items' need to know建议答案： B2、When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.C. They both involve rewriting the media.D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.建议答案： B3、What security model is dependent on security labels?A. Discretionary access controlB. Label-based access controlC. Mandatory access controlD. Non-discretionary access control建议答案：C4、What is the window of time for recovery of information processing capabilities based on?A. Quality of the data to be processedB. Nature of the disasterC. Criticality of the operations affectedD. Applications that are mainframe based建议答案： C5、Chrissy is a new employee at a coffee shop. She meets three other co-workers on her first day. Since they all work different shifts, sometimes opening the store and sometimes closing the store, they have been given the store security code. Chrissyasks her boss if she will get the code, and her boss says "No, you won’t need it because you’re working the mid-day shift." What security principle is the coffee shop manager implementing?A. Physical controlB. Least privilegeC. Separation of dutiesD. Collusion建议答案： B6、Recently passed over for an executive promotion, Carol is anxious to hear about a major company announcement which will most likely reveal the new hire. Knowing that the PR department does not regularly shred documents, she snoops around the hallways after hours, and finds a memo next to the printer that gives her the information that will be released to the public next week. What kind of attack has Carol committed?A. Social engineeringB. EavesdroppingC. Passive attackingD. Dumpster diving建议答案： D7、Denial-of-service attacks are common tactics used by hackers to affect the service capabilities of companies' computer systems. Often times, they are brought forward by competing companies. Which attack below would not be considered a DoS attack?A. Ping of DeathB. SmurfC. SYN floodingD. Man-in-the-middle建议答案： D8、Which of the following virus types changes some of its characteristics as itspreads?A. boot sectorB. parasiticC. stealthD. polymorphic建议答案： D9、Each distinguished name (DN) in an LDAP directory represents a collection of attributes about a specific object, and is stored in the directory as an entry. DNs are composed of Common Name (CN) components which describe the object, and Domain Components (DC) which describe the domain in which the object resides. Which of the following makes the most sense when constructing a DN?A. dc=Shon Harris,cn=LogicalSecurity,dc=comB. cn=Shon Harris,dc=LogicalSecurity,cn=comC. cn=Shon Harris,cn=LogicalSecurity,dc=comD. cn=Shon Harris,dc=LogicalSecurity,dc=com建议答案：D10、Since 9/11, airport parking garages now keep cars further away from the terminal entrance. What is this an example of?A. An administrative controlB. A technical controlC. An environmental controlD. A physical control建议答案：D11、Macro viruses written in Visual Basic for Applications (VBA) are a major problem becauseA. Floppy disks can propagate such viruses.B. These viruses can infect many types of environments.C. Anti-virus software is usable to remove the viral code.D. These viruses almost exclusively affect the operating system.建议答案：D12、The main differences between a software process assessment and a software capability evaluation are:A. Software process assessments and software capability evaluations are essentially identical, and there are no major differences between the two.B. Software capability evaluations determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program; software process assessments are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.C. Software process assessments are used to develop a risk profile for source selection; software capability evaluations are used to develop an action plan for continuous process improvement.D. Software process assessments determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program; software capability evaluations are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.建议答案： D。