Free Access to ISC.CISSP.v2024-01-19.q999 with Valid Practice Test (Page 20)

Question 91

From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?

A.Physically destroy the retired media.
B.Delete the sensitive data from the media.
C.Return the media to the system owner.
D.Encrypt data before it Is stored on the media.

Question 92

Which of the following falls under the categories of configuration management?(Choose three)

A.Operating system configuration
B.Software configuration
C.Hardware configuration
D.Logical configuration
E.Physical configuration

Question 93

View the image below and identify the attack

A.DDoS
B.DOS
C.TFN
D.Reflection Attack

Correct Answer: A

The easiest attack to carry out against a network, or so it may seem, is to overload it through excessive traffic or traffic which has been "crafted" to confuse the network into shutting down or slowing to the point of uselessness. The image depicts a distributed denial of service attack where many computers attack the victim with any type of traffic and render it unable to communicate on the network or provide services.
Computers on networks can provide services to other computers. The servers listen on specific TCP or UDP ports and software opens the ports on the server to accept traffic from visitors.
Most users of the services on that server behave normally but at times attackers try to attack and take down the server by attacking its services or the operating system via the protocol stack itself.
In the case of this question, the victim is being bounded with service requests from the zombies. Commonly it's UDP but more often it can be TCP traffic and unfortunately it is nearly impossible to defeat such an attack.
You might compare this attack to calling someone over and over on their phone that they can't use their own phone but you're not doing anything specifically destructive to the phone. You're just exhausting its resources rendering it useless to the owner.
The following answers are incorrect:
-DOS - Denial of Service: This is almost correct but it is wrong because a simple DOS attack is one computer flooding another computer, not the many to one attack you see with a DDoS.
-TFN - Tribe Flood Network attack: This isn't the correct answer because it isn't specifically what's depicted in the image. TFN is actually software used to conduct DDoS attacks and NOT an attack itself. More here.
-Reflection Attack: This isn't the correct answer because a reflection attack is an attack on authentication systems which use the same protocol in both directions and doesn't ordinarily involve zombies.
The following reference(s) was used to create this question:
2013. Official Security+ Curriculum.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 8494-8495). Auerbach Publications. Kindle Edition.

Question 94

In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices?

A.new loop
B.local loop
C.loopback
D.indigenous loop

Question 95

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

A.Use Software as a Service (SaaS)
B.Validate data output
C.Whitelist input validation
D.Require client certificates

Question 91

Question 92

Question 93

Question 94

Question 95

Download PDF File