Get ISC2 ISSEP Exam Dumps

Answer : D

The types ofcryptography defined by FIPS 185 are as follows:

Type I cryptography: It describes a cryptographic algorithm or a tool accepted bythe NationalSecurity Agency for protecting classifiedinformation.

Type II cryptography: It describes a cryptographic algorithm or a tool accepted by theNationalSecurity Agency for protectingsensitive, unclassifiedinformation in the systems as stated in Section 2315 ofTitle 10, United StatesCode, or Section3502(2) ofTitle44, United States Code.

Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a FederalInformation Processing Standard.

Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export fromthe United States.

Answer : A

Corrective controls are used after a security breach. After security has been breached, corrective

controls are intended to limit the extent of

any damage caused by the incident, e.g. by recovering the organization to normal working status as

efficiently as possible.

Answer option D is incorrect. Before the event, preventive controls are intended to prevent an

incident from occurring, e.g. by locking out

unauthorized intruders.

Answer option C is incorrect. During the event, detective controls are intended to identify and

characterize an incident in progress, e.g. by

sounding the intruder alarm and alerting the security guards or the police.

Answer option B is incorrect. Safeguards are those controls that provide some amount of protection

to an asset.

Answer : A

Information assurance (IA) is the process of organizing and monitoring information-related risks. It

ensures that only the approved users have

access to the approved information at the approved time. IA practitioners seek to protect and

defend information and information systems by

ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These objectives

are applicable whether the information is

in storage, processing, or transit, and whether threatened by an attack.

Answer option D is incorrect. ISSE is a set of processes and solutions used during all phases of a

system's life cycle to meet the system's

information protection needs.

Answer option C is incorrect. Risk analysis is the science of risks and their probability and evaluation

in a business or a process. It is an

important factor in security enhancement and prevention in a system. Risk analysis should be

performed as part of the risk management

process for each project. The outcome of the risk analysis would be the creation or review of the risk

register to identify and quantify risk

elements to the project and their potential impact.

Answer option B is incorrect. Risk management is a set of processes that ensures a risk-based

approach is used to determine adequate, cost-

effective security for a system.

Answer : A, B, D

The various subtasks of the Define Life-Cycle Process Concepts are as follows:

Manpower: It categorizes the required job tasks and associated work load used to determine the

staffing level required to support the

system life-cycle processes.

Personnel: It recognizes the skills needed by the personnel who will support the system life-cycle

processes.

Training: It classifies the training necessary to provide the personnel with the appropriate knowledge

and skills to support the system

life-cycle processes.

Human engineering: It identifies the human cognitive, physical, and sensory characteristics of the

personnel who will support the

system life-cycle processes.

Safety: It identifies the potential system design features that create significant risks of death, injury,

or acute chronic illness, disability,

or reduce job performance of personnel who will support the system life-cycle processes.

Answer : D

Packet filtering is a method that allows or restricts the flow of specific types of packets to provide

security. It analyzes the incoming and

outgoing packets and lets them pass or stops them at a network interface based on the source and

destination addresses, ports, or

protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to

cross the firewall of an intranet. IP packet

filtering is important when users from private intranets connect to public networks, such as the

Internet.

Answer option B is incorrect. An application gateway firewall applies security mechanisms to specific

applications, such as FTP and Telnet

servers. This is very effective, but can impose a performance degradation.

Answer option A is incorrect. A circuit-level gateway firewall applies security mechanisms when a

TCP or UDP connection is established. Once

the connection has been made, packets can flow between the hosts without further checking.

Answer option C is incorrect. A proxy server firewall intercepts all messages entering and leaving the

network. The proxy server effectively

hides the true network addresses.