ISC2 ISSEP PDF Exam Questions:

The following are the five levels of FITSAF based on SEI's Capability Maturity Model (CMM):

Level 1: The first level reflects that an asset has documented a security policy.

Level 2: The second level shows that the asset has documented procedures and controls to implement the policy.

Level 3: The third level indicates that these procedures and controls have been implemented.

Level 4: The fourth level shows that the procedures and controls are tested and reviewed.

Level 5: The fifth level is the final level and shows that the asset has procedures and controls fully integrated into a comprehensive program.

Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network. Intrusion detection functions include the following:

Monitoring and analyzing both user and system activities

Analyzing system configurations and vulnerabilities

Assessing system and file integrity

Ability to recognize patterns typical of attacks

Analysis of abnormal activity patterns

Tracking user policy violations

Answer option A is incorrect. An intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. When an attack is detected, the IPS can drop the offending packets while still allowing all other traffic to pass.

Answer option C is incorrect. Adaptive Security Appliance (ASA) is a new generation of network security hardware of Cisco. ASA hardware acts as a firewall, in other security roles, and in a combination of roles. The Cisco ASA includes the following components:

Anti-x: Anti-x includes whole class of security tools such as Anti-virus, Anti-spyware, Anti-spam, etc.

Intrusion Detection and Prevention: Intrusion Detection and Prevention includes tools such as

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) for sophisticated kinds of attacks.

Note: Earlier Cisco sold firewalls with the proprietary name PIX firewall. ASA is the new edition of

security solutions by Cisco.

Answer option D is incorrect. Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which has been updated by RFC 5247. Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs. The WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanism. EAP is an authentication framework, not a specific authentication mechanism. The EAP provides some common functions and a negotiation of the desired authentication mechanism.

A stateful packet filter firewall maintains context about active sessions, and uses that 'state information' to speed packet processing. It increases the security of data packets by remembering the state of connection at the network and the session layers as the packets pass through the filter.

Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connection's lifetime (including session initiation, handshaking, data transfer, or completion connection). If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections.

If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing. PF (Packet Filter, also written pf) is a BSD licensed

stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw and

ipfilter. PF is developed on OpenBSD, but has been ported to many other operating systems.

Answer option A is incorrect. A stateless packet filter firewall separately analyses incoming packets

independently of the TCP connection or UDP data stream they belong to. It requires less memory,

and can be faster for simple filters that require less time to filter than to look up a session. It may

also be necessary for filtering stateless network protocols that have no concept of a session.

However, it cannot make more complex decisions based on what stage communications between

hosts have reached. It decides whether to allow a packet to traverse the firewall based on the

header of the packet, without regard to past traffic through the firewall.

Stateless IP filters are very inexpensive, and many are free. They are included with router

configuration software or are included with most Open Source operating systems.

Answer option B is incorrect. The PIX firewall is a Cisco product that performs VPN and firewall

functions. This product comes in different models according to the requirements. Cisco's PIX firewall

models such as PIX 501, 506 and 506E provide a firewall solution for small office environments. Cisco

PIX 515, 515E, 525, etc. are widely used in medium and large enterprises. These days Adaptive

Security Appliances (ASA) is used instead of PIX firewalls.

Answer option D is incorrect. A virtual firewall (VF) is a network firewall service or appliance running

entirely within a virtualized environment and which provides the usual packet filtering and

monitoring provided via a physical network firewall. The VF can be realized as a traditional software

firewall on a guest virtual machine already running, or it can be a purpose-built virtual security

appliance designed with virtual network security in mind, or it can be a virtual switch with additional

security capabilities, or it can be a managed kernel process running within the host hypervisor.

The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1984 intended to reduce cracking of computer systems and to address federal computer-related offenses. The Computer Fraud and Abuse Act (codified as 18 U.S.C. 1030) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are involved, where the crime itself is interstate in nature, or computers used in interstate and foreign commerce.

It was amended in 1986, 1994, 1996, in 2001 by the USA PATRIOT Act, and in 2008 by the Identity Theft Enforcement and Restitution Act. Section (b) of the act punishes anyone who not just commits or attempts to commit an offense under the Computer Fraud and Abuse Act but also those who conspire to do so.

Answer option A is incorrect. FISMA assigns specific responsibilities to federal agencies, the National

Institute of Standards and Technology (NIST), and the Office of Management and Budget (OMB) in

order to strengthen information system security. In particular, FISMA requires the head of each

agency to implement policies and procedures to cost-effectively reduce information technology

security risks to an acceptable level.

According to FISMA, the term information security means protecting information and information

systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order

to provide integrity, confidentiality, and availability. Answer option C is incorrect. The Government

Information Security Reform Act (GISRA) addresses the information security program, evaluation,

and reporting requirements for federal agencies. The basic requirement of this law is that the

agencies should perform the periodic threat-based risk assessments for systems and data. GISRA

requires that the organizations should develop and execute risk-based, cost effective policies and

procedures to provide guidance for security planning and implementation. GISRA's essential

requisite is that the agencies should develop a process to guarantee that some corrective action has

taken place to address the deficiencies. It also emphasizes that the agencies should provide training

on security awareness and security responsibilities to agency personnel and information security

personnel. Answer option D is incorrect. The Computer Security Act was passed by the United States

Congress. It was passed to improve the security and privacy of sensitive information in Federal

computer systems and to establish a minimum acceptable security practices for such systems. It

requires the creation of computer security plans, and the appropriate training of system users or

owners where the systems house sensitive information.

RTM is used to indicate that the software has met a defined quality level and is ready for mass

distribution either by electronic means or by physical media.

Answer option D is incorrect. The Designated Approving Authority (DAA), in the United States

Department of Defense, is the official with the authority to formally assume responsibility for

operating a system at an acceptable level of risk. The DAA is responsible for implementing system

security. The DAA can grant the accreditation and can determine that the system's risks are not at an

acceptable level and the system is not ready to be operational.

Answer option A is incorrect. Asynchronous Transfer Mode (ATM) is a standardized digital data

transmission technology. Asynchronous Transfer Mode is a cell-based switching technique that uses

asynchronous time division multiplexing. It encodes data into small fixed-sized cells (cell relay) and

provides data link layer services that run over OSI Layer 1 physical links. This differs from other

technologies based on packet-switched networks (such as the Internet Protocol or Ethernet), in

which variable sized packets (known as frames when referencing Layer 2) are used. ATM exposes

properties from both circuit switched and small packet switched networking, making it suitable for

wide area data networking as well as real-time media transport. ATM uses a connection-oriented

model and establishes a virtual circuit between two endpoints before the actual data exchange

begins. It provides medium to high bandwidth and low latency and jitter.

Answer option C is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk Management

Officer (CRMO). The Chief Risk Officer or Chief Risk Management Officer of a corporation is the

executive accountable for enabling the efficient and effective governance of significant risks, and

related opportunities, to a business and its various segments. Risks are commonly categorized as

strategic, reputational, operational, financial, or compliance-related. CRO's are accountable to the

Executive Committee and The Board for enabling the business to balance risk and reward. In more

complex organizations, they are generally responsible for coordinating the organization's Enterprise

Risk Management (ERM) approach.