An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as:
Correct Answer: B
Network availability can be defined as an area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 64.
Question 37
Unshielded Twisted Pair (UTP) cables comes in several categories. The categories are based on:
Correct Answer: A
TIA/EIA-568 is a set of telecommunications standards from the Telecommunications Industry Association, an offshoot of the EIA. The standards address commercial building cabling for telecom products and services. The standard is currently (2009) at revision C, replacing the 2001 revision B, the 1995 revision A, and the initial issue of 1991, which are now obsolete. Perhaps the best known features of TIA/EIA-568 are the pin/pair assignments for eight-conductor 100-ohm balanced twisted pair cabling. These assignments are named T568A and T568B, and are frequently referred to (erroneously) as TIA/EIA-568A and TIA/EIA568B. An IEC standard ISO/IEC 11801 provides similar standards for network cables. The standard defines categories of unshielded twisted pair cable systems, with different levels of performance in signal bandwidth, attenuation, and cross-talk. Generally increasing category numbers correspond with a cable system suitable for higher rates of data transmission. Category 3 cable was suitable for telephone circuits and data rates up to 16 million bits per second. Category 5 cable, with more restrictions on attenuation and cross talk, has a bandwidth of 100 MHz. The 1995 edition of the standard defined categories 3, 4, and 5. Categories 1 and 2 were excluded from the standard since these categories were only used for voice circuits, not for data. Twisted pair cabling is a type of wiring in which two conductors of a single circuit are twisted together for the purposes of canceling out electromagnetic interference (EMI) from external sources; for instance, electromagnetic radiation from unshielded twisted pair (UTP) cables, and crosstalk between neighboring pairs. It was invented by Alexander Graham Bell. SOME OF THE LIMITATION OF UTP UTP has several drawbacks. Because it does not have shielding like shielded twisted-pair cables, UTP is susceptible to interference from external electrical sources, which could reduce the integrity of the signal. Also, to intercept transmitted data, an intruder can install a tap on the cable or monitor the radiation from the wire. Thus, UTP may not be a good choice when transmitting very sensitive data or when installed in an environment with much electromagnetic interference (EMI) or radio frequency interference (RFI). Despite its drawbacks, UTP is the most common cable type. UTP is inexpensive, can be easily bent during installation, and, in most cases, the risk from the above drawbacks is not enough to justify more expensive cables. Resource(s) used for this question: Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 6507-6511). Auerbach Publications. Kindle Edition. http://en.wikipedia.org/wiki/TIA/EIA-568#cite_note-7 http://en.wikipedia.org/wiki/Twisted_pair AIOv3 Telecommunication and Networking Security (page 455)
Question 38
Total risk is defined as:
Correct Answer: E
(Threats * Vulnerability * Asset Value = Total Risk) is the formula used to calculate risk.
Question 39
A confidential number used as an authentication factor to verify a user's identity is called a:
Correct Answer: A
Section: Access Control Explanation/Reference: PIN Stands for Personal Identification Number, as the name states it is a combination of numbers. The following answers are incorrect: User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it. Password. This is incorrect because a password is not required to be a number, it could be any combination of characters. Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.
Question 40
One purpose of a security awareness program is to modify:
Correct Answer: A
Explanation/Reference: security awareness training is to modify employees behaviour and attitude towards towards enterprise's security posture. Security-awareness training is performed to modify employees' behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training. It is used to increase the overall awareness of security throughout the company. It is targeted to every single employee and not only to one group of users. Unfortunately you cannot apply a patch to a human being, the only thing you can do is to educate employees and make them more aware of security issues and threats. Never underestimate human stupidity. Reference(s) used for this question: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. also see: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 130). McGraw-Hill. Kindle Edition.
