A business continuity plan is an example of which of the following?
Correct Answer: A
Business Continuity Plans are designed to minimize the damage done by the event, and facilitate rapid restoration of the organization to its full operational capacity. They are for use "after the fact", thus are examples of corrective controls. Reference(s) used for this question: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 273). and Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01). CISSP Study Guide (Kindle Location 8069). Elsevier Science (reference). Kindle Edition. and
Question 192
Which of the following is not an element of a business continuity plan?
Correct Answer: E
Question 193
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?
Correct Answer: B
Serial Line IP (SLIP) was developed in 1984 to support TCP/IP networking over low-speed serial interfaces. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 114).
Question 194
Which of the following would best describe the difference between white-box testing and black-box testing?
Correct Answer: C
Section: Security Operation Adimnistration Explanation/Reference: Black-box testing observes the system external behavior, while white-box testing is a detailed exam of a logical path, checking the possible conditions. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 299).
Question 195
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
Correct Answer: B
Section: Cryptography Explanation/Reference: If we assume a crytpo-system with a large key (and therefore a large key space) a brute force attack will likely take a good deal of time - anywhere from several hours to several years depending on a number of variables. If you use a session key for each message you encrypt, then the brute force attack provides the attacker with only the key for that one message. So, if you are encrypting 10 messages a day, each with a different session key, but it takes me a month to break each session key then I am fighting a loosing battle. The other answers are not correct because: "The use of good key generators" is not correct because a brute force key attack will eventually run through all possible combinations of key. Therefore, any key will eventually be broken in this manner given enough time. "Nothing can defend you against a brute force crypto key attack" is incorrect, and not the best answer listed. While it is technically true that any key will eventually be broken by a brute force attack, the question remains "how long will it take?". In other words, if you encrypt something today but I can't read it for 10,000 years, will you still care? If the key is changed every session does it matter if it can be broken after the session has ended? Of the answers listed here, session keys are "often considered a good protection against the brute force cryptography attack" as the question asks. "Algorithms that are immune to brute force key attacks" is incorrect because there currently are no such algorithms. References: Official ISC2 Guide page: 259 All in One Third Edition page: 623
