Cissp-8sn2bm.pdf

Full Transcript

ISC CISSP

Exam ISC CISSP

Certified Information Systems
Title
Security Professional

Updated Version 23.0

Product
2640 Q&A with Explanations
Type

“Best Material, Great Results”. CERT Empire 1
 ISC CISSP

QUESTION 1 - (Topic 1)
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and
installs a white noise generator. What attack is the employee trying to protect against?

A. Emanation Attacks
B. Social Engineering
C. Object reuse
D. Wiretaping

Answer: A

Explanation: Explanation :
Emanation attacks are the act of intercepting electrical signals that radiate from computing equipment. There are several
countermeasures including shielding cabling, white noise, control zones, and TEMPEST equipment (this is a Faraday
cage around the equipment)
The following answers were incorrect:
Social Engineering: Social Engineering does not involve hardware. A person make use of his/her social skills in order to
trick someone into revealing information they should not disclose.
Object Reuse: It is related to the reuse of storage medias. One must ensure that the storage media has been sanitized
properly before it would be reuse for other usage. This is very important when computer equipment is discarded or given
to a local charity organization. Ensure there is no sensitive data left by degaussing the device or overwriting it multiple
times.
Wiretapping: It consist of legally or illegally taping into someone else phone line to eavesdrop on their communication.
The following reference(s) were/was used to create this question:
Shon Harris AIO 4th Edition

QUESTION 2 - (Topic 1)
What is an error called that causes a system to be vulnerable because of the environment in which it is installed?

A. Configuration error
B. Environmental error
C. Access validation error
D. Exceptional condition handling error

Answer: B

Explanation: In an environmental error, the environment in which a system is installed somehow causes the system to be
vulnerable. This may be due, for example, to an unexpected interaction between an application and the operating system
or between two applications on the same host. A configuration error occurs when user controllable settings in a system
are set such that the system is vulnerable. In an access validation error, the system is vulnerable because the access
control mechanism is faulty. In an exceptional condition handling error, the system somehow becomes vulnerable due to
an exceptional condition that has arisen.
Source: DUPUIS, Clement, Access Control Systems and Methodology CISSP Open Study Guide, version 10, march
2002 (page 106).

QUESTION 3 - (Topic 1)
Which of the following biometric devices has the lowest user acceptance level?
2
https://certempire.com/
 ISC CISSP

A. Retina Scan
B. Fingerprint scan
C. Hand geometry
D. Signature recognition

Answer: A

Explanation: According to the cited reference, of the given options, the Retina scan has the lowest user acceptance level
as it is needed for the user to get his eye close to a device and it is not user friendly and very intrusive.
However, retina scan is the most precise with about one error per 10 millions usage. Look at the 2 tables below. If
necessary right click on the image and save it on your desktop for a larger view or visit the web site directly at
https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy.
Biometric Comparison Chart
Biometric Aspect Descriptions
Reference(s) used for this question:
RHODES, Keith A., Chief Technologist, United States General Accounting Office, National Preparedness, Technologies
to Secure Federal Buildings, April 2002 (page 10).
and https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy

QUESTION 4 - (Topic 1)
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who
should be REJECTED?

A. Type I error
B. Type II error
C. Type III error
D. Crossover error

Answer: B

Explanation: When the biometric system accepts impostors who should have been rejected , it is called a Type II error or
False Acceptance Rate or False Accept Rate.
Biometrics verifies an individual’s identity by analyzing a unique personal attribute or behavior, which is one of the most
effective and accurate methods of verifying identification.
Biometrics is a very sophisticated technology; thus, it is much more expensive and complex than the other types of
identity verification processes. A biometric system can make authentication decisions based on an individual’s behavior,
as in signature dynamics, but these can change over time and possibly be forged.
Biometric systems that base authentication decisions on physical attributes (iris, retina, fingerprint) provide more
accuracy, because physical attributes typically don’t change much, absent some disfiguring injury, and are harder to
impersonate.
When a biometric system rejects an authorized individual, it is called a Type I error (False
Rejection Rate (FRR) or False Reject Rate (FRR)).
When the system accepts impostors who should be rejected, it is called a Type II error (False Acceptance Rate (FAR) or
False Accept Rate (FAR)). Type II errors are the most dangerous and thus the most important to avoid.
The goal is to obtain low numbers for each type of error, but When comparing different biometric systems, many
different variables are used, but one of the most important metrics is the crossover error rate (CER).
The accuracy of any biometric method is measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate
3
“Best Material, Great Results”. CERT EMPIRE
 ISC CISSP

(FRR). Both are expressed as percentages. The FAR is the rate at which attempts by unauthorized users are incorrectly
accepted as valid. The FRR is just the opposite. It measures the rate at which authorized users are denied access.
The relationship between FRR (Type I) and FAR (Type II) is depicted in the graphic below. As one rate increases, the
other decreases. The Cross-over Error Rate (CER) is sometimes considered a good indicator of the overall accuracy of a
biometric system. This is the point at which the FRR and the FAR have the same value. Solutions with a lower CER are
typically more accurate.
See graphic below from Biometria showing this relationship. The Cross-over Error Rate (CER) is also called the Equal
Error Rate (EER), the two are synonymous.
Cross Over Error Rate
The other answers are incorrect:
Type I error is also called as False Rejection Rate where a valid user is rejected by the system.
Type III error : there is no such error type in biometric system.
Crossover error rate stated in percentage , represents the point at which false rejection equals the false acceptance rate.
Reference(s) used for this question: http://www.biometria.sk/en/principles-of-biometrics.html and Shon Harris, CISSP
All In One (AIO), 6th Edition , Chapter 3, Access Control, Page 188-189 and Tech Republic, Reduce Multi_Factor
Authentication Cost

QUESTION 5 - (Topic 1)
A host-based IDS is resident on which of the following?

A. On each of the critical hosts
B. decentralized hosts
C. central hosts
D. bastion hosts

Answer: A

Explanation: A host-based IDS is resident on a host and reviews the system and event logs in order to detect an attack on
the host and to determine if the attack was successful. All critical serves should have a Host Based Intrusion Detection
System (HIDS) installed. As you are well aware, network based IDS cannot make sense or detect pattern of attacks
within encrypted traffic. A HIDS might be able to detect such attack after the traffic has been decrypted on the host. This
is why critical servers should have both NIDS and HIDS.
FROM WIKIPEDIA:
A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system. Much as a NIDS will
dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say)
a word-processor hasn\'t suddenly and inexplicably started modifying the system password-database. Similarly a HIDS
might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check
that the contents of these appear as expected.
One can think of a HIDS as an agent that monitors whether anything/anyone - internal or external - has circumvented the
security policy that the operating system tries to enforce. http://en.wikipedia.org/wiki/Host-
based_intrusion_detection_system

QUESTION 6 - (Topic 1)
The following is NOT a security characteristic we need to consider while choosing a biometric identification systems:

A. data acquisition process
B. cost
C. enrollment process
“Best Material, Great Results”. https://certempire.com/ 4
 ISC CISSP

D. speed and user interface

Answer: B

Explanation: Cost is a factor when considering Biometrics but it is not a security characteristic.
All the other answers are incorrect because they are security characteristics related to Biometrics.
Data acquisition process can cause a security concern because if the process is not fast and efficient it can discourage
individuals from using the process.
Enrollment process can cause a security concern because the enrollment process has to be quick and efficient. This
process captures data for authentication.
Speed and user interface can cause a security concern because this also impacts the users acceptance rate of biometrics.
If they are not comfortable with the interface and speed they might sabotage the devices or otherwise attempt to
circumvent them.
References:
OIG Access Control (Biometrics) (pgs 165-167)
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1,
Pages 5-6
** in process of correction **

QUESTION 7 - (Topic 1)
Which of the following best describes an exploit?

A. An intentional hidden message or feature in an object such as a piece of software or a movie.
B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause
unintended or unanticipated behavior to occur on computer
software
C. An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer
D. A condition where a program (either an application or part of the operating system) stops performing its expected
function and also stops responding to other parts of the system

Answer: B

Explanation: The following answers are incorrect:
An intentional hidden message or feature in an object such as a piece of software or a movie.
This is the definition of an "Easter Egg" which is code within code. A good example of this was a small flight simulator
that was hidden within Microsoft Excel. If you know which cell to go to on your spreadsheet and the special code to type
in that cell, you were able to run the flight simulator.
An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer
This is the definition of a "Buffer Overflow". Many pieces of exploit code may contain some buffer overflow code but
considering all the choices presented this was not the best choice. It is one of the vulnerability that the exploit would take
care of if no data input validation is taking place within the software that you are targeting.
A condition where a program (either an application or part of the operating system) stops performing its expected
function and also stops responding to other parts of the system This is the definition of a "System Crash". Such behavior
might be the result of exploit code being launched against the target.
The following reference(s) were/was used to create this question:
http://en.wikipedia.org/wiki/Main_Page
and

5
“Best Material, Great Results”. CERT EMPIRE
 ISC CISSP

The official CEH courseware Version 6 Module 1
The Official CEH Courseware Version 7 Module 1

QUESTION 8 - (Topic 1)
Which type of password token involves time synchronization?

A. Static password tokens
B. Synchronous dynamic password tokens
C. Asynchronous dynamic password tokens
D. Challenge-response tokens

Answer: B

Explanation: Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so
the server and token need to be synchronized for the password to be accepted.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 37).
Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4:
Access Control (page 136).

QUESTION 9 - (Topic 1)
Technical controls such as encryption and access control can be built into the operating system, be software applications,
or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?

A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Technical Pairing

Answer: B

Explanation: Preventive/Technical controls are also known as logical controls and can be built into the operating system,
be software applications, or can be supplemental hardware/software units.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 34

QUESTION 10 - (Topic 1)
This is a common security issue that is extremely hard to control in large environments. It
occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs
to fulfill. What best describes this scenario?

A. Excessive Rights
B. Excessive Access
C. Excessive Permissions
D. Excessive Privileges

Answer: D

“Best Material, Great Results CERT EMPIRE 6
 ISC CISSP

Explanation: Even thou all 4 terms are very close to each other, the best choice is Excessive Privileges which would
include the other three choices presented.
Reference(s) used for this question:
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 645
and

QUESTION 11 - (Topic 1)
In Mandatory Access Control, sensitivity labels attached to object contain what information?

A. The item's classification
B. The item's classification and category set
C. The item's category
D. The items's need to know

Answer: B

Explanation: The following is the correct
Answer: the item's classification and category set.
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label must contain at least
one Classification and at least one Category. It is common in some environments for a single item to belong to multiple
categories. The list of all the categories to which an item belongs is called a compartment set or category set.
The following answers are incorrect:
The item's classification. Is incorrect because you need a category set as well.
The item's category. Is incorrect because category set and classification would be both be required.
The item's need to know. Is incorrect because there is no such thing. The need to know is indicated by the catergories the
object belongs to. This is NOT the best answer.
Reference(s) used for this question:
OIG CBK, Access Control (pages 186 - 188)
AIO, 3rd Edition, Access Control (pages 162 - 163)
AIO, 4th Edition, Access Control, pp 212-214
Wikipedia - http://en.wikipedia.org/wiki/Mandatory_Access_Control

QUESTION 12 - (Topic 1)
Which of the following tools is less likely to be used by a hacker?

A. l0phtcrack
B. Tripwire
C. OphCrack
D. John the Ripper

Answer: B

Explanation: Tripwire is an integrity checking product, triggering alarms when important files (e.g. system or
configuration files) are modified.
This is a tool that is not likely to be used by hackers, other than for studying its workings in order to circumvent it.
Other programs are password-cracking programs and are likely to be used by security administrators as well as by
hackers. More info regarding Tripwire available on the Tripwire, Inc. Web Site.
“Best Material, Great Results”. CERT EMPIRE 7
 ISC CISSP

NOTE:
The biggest competitor to the commercial version of Tripwire is the freeware version of Tripwire. You can get the Open
Source version of Tripwire at the following URL: http://sourceforge.net/projects/tripwire/

QUESTION 13 - (Topic 1)
In biometric identification systems, the parts of the body conveniently available for identification are:

A. neck and mouth
B. hands, face, and eyes
C. feet and hair
D. voice and neck

Answer: B

Explanation: Today implementation of fast, accurate, reliable, and user-acceptable biometric identification systems are
already under way. Because most identity authentication takes place when a people are fully clothed (neck to feet and
wrists), the parts of the body conveniently available for this purpose are hands, face, and eyes.
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1,
Page 7

QUESTION 14 - (Topic 1)
Which access control model is also called Non Discretionary Access Control (NDAC)?

A. Lattice based access control
B. Mandatory access control
C. Role-based access control
D. Label-based access control

Answer: C

Explanation: RBAC is sometimes also called non-discretionary access control (NDAC) (as Ferraiolo says "to distinguish
it from the policy-based specifics of MAC"). Another model that fits within the NDAC category is Rule-Based Access
Control (RuBAC or RBAC). Most of the CISSP books use the same acronym for both models but NIST tend to use a
lowercase "u" in between R and B to differentiate the two models.
You can certainly mimic MAC using RBAC but true MAC makes use of Labels which contains the sensitivity of the
objects and the categories they belong to. No labels means MAC is not being used.
One of the most fundamental data access control decisions an organization must make is the amount of control it will
give system and data owners to specify the level of access users of that data will have. In every organization there is a
balancing point between the access controls enforced by organization and system policy and the ability for information
owners to determine who can have access based on specific business requirements. The process of translating that
balance into a workable access control model can be defined by three general access frameworks:
Discretionary access control Mandatory access control Nondiscretionary access control
A role-based access control (RBAC) model bases the access control authorizations on the roles (or functions) that the
user is assigned within an organization. The determination of what roles have access to a resource can be governed by
the owner of the data, as with DACs, or applied based on policy, as with MACs.
Access control decisions are based on job function, previously defined and governed by policy, and each role (job
function) will have its own access capabilities. Objects associated with a role will inherit privileges assigned to that role.
This is also true for groups of users, allowing administrators to simplify access control strategies by assigning users to
8
“Best Material, Great Results”. CERT EMPIRE
 ISC CISSP

groups and groups to roles.
There are several approaches to RBAC. As with many system controls, there are variations on how they can be applied
within a computer system.
There are four basic RBAC architectures:
1 Non-RBAC: Non-RBAC is simply a user-granted access to data or an application by traditional mapping, such as with
ACLs. There are no formal “roles” associated with the mappings, other than any identified by the particular user.
2 Limited RBAC: Limited RBAC is achieved when users are mapped to roles within a single application rather than
through an organization-wide role structure. Users in a limited RBAC system are also able to access non-RBAC-based
applications or data. For example, a user may be assigned to multiple roles within several applications and, in addition,
have direct access to another application or system independent of his or her assigned role. The
key attribute of limited RBAC is that the role for that user is defined within an application and not necessarily based on
the user’s organizational job function.
3 Hybrid RBAC: Hybrid RBAC introduces the use of a role that is applied to multiple applications or systems based on a
user’s specific role within the organization. That role is then applied to applications or systems that subscribe to the
organization’s role-based model. However, as the term “hybrid” suggests, there are instances where the subject may also
be assigned to roles defined solely within specific applications, complimenting (or, perhaps, contradicting) the larger,
more encompassing organizational role used by other systems.
4 Full RBAC: Full RBAC systems are controlled by roles defined by the organization’s policy and access control
infrastructure and then applied to applications and systems across the enterprise. The applications, systems, and
associated data apply permissions based on that enterprise definition, and not one defined by a specific application or
system.
Be careful not to try to make MAC and DAC opposites of each other -- they are two different access control strategies
with RBAC being a third strategy that was defined later to address some of the limitations of MAC and DAC.
The other answers are not correct because:
Mandatory access control is incorrect because though it is by definition not discretionary, it is not called "non-
discretionary access control." MAC makes use of label to indicate the sensitivity of the object and it also makes use of
categories to implement the need to know.
Label-based access control is incorrect because this is not a name for a type of access control but simply a bogus
detractor.
Lattice based access control is not adequate either. A lattice is a series of levels and a subject will be granted an upper
and lower bound within the series of levels. These levels could be sensitivity levels or they could be confidentiality
levels or they could be integrity levels.
Reference(s) used for this question:
All in One, third edition, page 165
Ferraiolo, D., Kuhn, D. & Chandramouli, R. (2003). Role-Based Access Control, p. 18
Ferraiolo, D., Kuhn, D. (1992). Role-Based Access Controls.
http://csrc.nist.gov/rbac/Role_Based_Access_Control-1992html
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Access Control ((ISC)2 Press)
(Kindle Locations 1557-1584). Auerbach Publications. Kindle Edition.
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition : Access Control ((ISC)2 Press)
(Kindle Locations 1474-1477). Auerbach Publications. Kindle Edition.

QUESTION 15 - (Topic 1)
Which access control model provides upper and lower bounds of access capabilities for a subject?

A. Role-based access control
B. Lattice-based access control
C. Biba access control
“Best Material, Great Results”. CERT EMPIRE 9
 ISC CISSP

D. Content-dependent access control

Answer: B

Explanation: In the lattice model, users are assigned security clearences and the data is classified. Access decisions are
made based on the clearence of the user and the classification of the object. Lattice-based access control is an essential
ingredient of formal security models such as Bell-LaPadula, Biba, Chinese Wall, etc.
The bounds concept comes from the formal definition of a lattice as a "partially ordered set for which every pair of
elements has a greatest lower bound and a least upper bound." To see the application, consider a file classified as
"SECRET" and a user Joe with a security clearence of "TOP SECRET." Under Bell-LaPadula, Joe's "least upper bound"
access to the file is "READ" and his least lower bound is "NO WRITE" (star property).
Role-based access control is incorrect. Under RBAC, the access is controlled by the permissions assigned to a role and
the specific role assigned to the user.
Biba access control is incorrect. The Biba integrity model is based on a lattice structure but the context of the question
disqualiifes it as the best answer.
Content-dependent access control is incorrect. In content dependent access control, the actual content of the information
determines access as enforced by the arbiter.
References:
CBK, pp. 324-325
AIO3, pp. 291-293 See aprticularly Figure 5-19 on p. 293 for an illustration of bounds in
action.

QUESTION 16 - (Topic 1)
Which of the following is used to create and modify the structure of your tables and other objects in the database?

A. SQL Data Definition Language (DDL)
B. SQL Data Manipulation Language (DML)
C. SQL Data Relational Language (DRL)
D. SQL Data Identification Language (DIL)

Answer: A
Explanation:
The SQL Data Definition Language (DDL) is used to create, modify, and delete views and relations (tables).
Data Definition Language
The Data Definition Language (DDL) is used to create and destroy databases and database objects. These commands will
primarily be used by database administrators during the setup and removal phases of a database project. Let's take a look
at the structure and usage of four basic DDL commands:
CREATE
Installing a database management system (DBMS) on a computer allows you to create and manage many independent
databases. For example, you may want to maintain a database of customer contacts for your sales department and a
personnel database for your HR department.
The CREATE command can be used to establish each of these databases on your platform. For example, the command:
CREATE DATABASE employees
creates an empty database named "employees" on your DBMS. After creating the database, your next step is to create
tables that will contain data. (If this doesn't make sense, you might want to read the article Microsoft Access
Fundamentals for an overview of tables and databases.) Another variant of the CREATE command can be used for this
purpose. The command:
CREATE TABLE personal_info (first_name char(20) not null, last_name char(20) not null, employee_id int not null)
“Best Material, Great Results”. CERT EMPIRE 10
 ISC CISSP

establishes a table titled "personal_info" in the current database. In our example, the table contains three attributes:
first_name, last_name and employee_id. Don't worry about the other information included in the command -- we'll cover
that in a future article.
USE
The USE command allows you to specify the database you wish to work with within your DBMS. For example, if we're
currently working in the sales database and want to issue some commands that will affect the employees database, we
would preface them with the following SQL command:
USE employees
It's important to always be conscious of the database you are working in before issuing SQL commands that manipulate
data.
ALTER
Once you've created a table within a database, you may wish to modify the definition of it. The ALTER command allows
you to make changes to the structure of a table without deleting and recreating it. Take a look at the following command:
ALTER TABLE personal_info
ADD salary money null
This example adds a new attribute to the personal_info table -- an employee's salary. The "money" argument specifies
that an employee's salary will be stored using a dollars and cents format. Finally, the "null" keyword tells the database
that it's OK for this field to contain no value for any given employee.
DROP
The final command of the Data Definition Language, DROP, allows us to remove entire database objects from our
DBMS. For example, if we want to permanently remove the
personal_info table that we created, we'd use the following command:
DROP TABLE personal_info
Similarly, the command below would be used to remove the entire employees database:
DROP DATABASE employees
Use this command with care! Remember that the DROP command removes entire data structures from your database. If
you want to remove individual records, use the DELETE command of the Data Manipulation Language.
That's the Data Definition Language in a nutshell.
Data Manipulation Language
The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands
will be used by all database users during the routine operation of the database. Let's take a brief look at the basic DML
commands:
The Data Manipulation Language (DML) is used to retrieve, insert and modify database information. These commands
will be used by all database users during the routine operation of the database. Let's take a brief look at the basic DML
commands:
INSERT
The INSERT command in SQL is used to add records to an existing table. Returning to the personal_info example from
the previous section, let's imagine that our HR department needs to add a new employee to their database. They could
use a command similar to the one shown below:
INSERT INTO personal_info values('bart','simpson',12345,$45000)
Note that there are four values specified for the record. These correspond to the table attributes in the order they were
defined: first_name, last_name, employee_id, and salary.
SELECT
The SELECT command is the most commonly used command in SQL. It allows database users to retrieve the specific
information they desire from an operational database. Let's take a look at a few examples, again using the personal_info
table from our employees database.
The command shown below retrieves all of the information contained within the personal_info table. Note that the
asterisk is used as a wildcard in SQL. This literally means "Select everything from the personal_info table."
“Best Material, Great Results”. CERT EMPIRE 11
 ISC CISSP

SELECT *
FROM personal_info
Alternatively, users may want to limit the attributes that are retrieved from the database. For example, the Human
Resources department may require a list of the last names of all employees in the company. The following SQL
command would retrieve only that information:
SELECT last_name
FROM personal_info
Finally, the WHERE clause can be used to limit the records that are retrieved to those that meet specified criteria. The
CEO might be interested in reviewing the personnel records of all highly paid employees. The following command
retrieves all of the data contained within personal_info for records that have a salary value greater than $50,000:
SELECT *
FROM personal_info
WHERE salary > $50000
UPDATE
The UPDATE command can be used to modify information contained within a table, either in bulk or individually. Each
year, our company gives all employees a 3% cost-of-living increase in their salary. The following SQL command could
be used to quickly apply this to all of the employees stored in the database:
UPDATE personal_info
SET salary = salary * 103
On the other hand, our new employee Bart Simpson has demonstrated performance above and beyond the call of duty.
Management wishes to recognize his stellar accomplishments with a $5,000 raise. The WHERE clause could be used to
single out Bart for this raise:
UPDATE personal_info
SET salary = salary + $5000
WHERE employee_id = 12345
DELETE
Finally, let's take a look at the DELETE command. You'll find that the syntax of this command is similar to that of the
other DML commands. Unfortunately, our latest corporate earnings report didn't quite meet expectations and poor Bart
has been laid off. The DELETE command with a WHERE clause can be used to remove his record from the
personal_info table:
DELETE FROM personal_info
WHERE employee_id = 12345
JOIN Statements
Now that you’ve learned the basics of SQL, it’s time to move on to one of the most powerful concepts the language has
to offer – the JOIN statement. Quite simply, these statements allow you to combine data in multiple tables to quickly and
efficiently process large quantities of data. These statements are where the true power of a database resides.
We’ll first explore the use of a basic JOIN operation to combine data from two tables. In future installments, we’ll
explore the use of outer and inner joins to achieve added power.
We’ll continue with our example using the PERSONAL_INFO table, but first we’ll need to add an additional table to the
mix. Let’s assume we have a table called DISCIPLINARY_ACTION that was created with the following statement:
CREATE TABLE disciplinary_action (action_id int not null, employee_id int not null, comments char(500))
This table contains the results of disciplinary actions on company employees. You’ll notice that it doesn’t contain any
information about the employee other than the employee number. It’s then easy to imagine many scenarios where we
might want to combine information from the DISCIPLINARY_ACTION and PERSONAL_INFO tables.
Assume we’ve been tasked with creating a report that lists the disciplinary actions taken against all employees with a
salary greater than $40,000 The use of a JOIN operation in this case is quite straightforward. We can retrieve this
information using the following command:
SELECT personal_info.first_name, personal_info.last_name, disciplinary_action.comments FROM personal_info,
“Best Material, Great Results”. CERT EMPIRE 12
 ISC CISSP

disciplinary_action
WHERE personal_info.employee_id = disciplinary_action.employee_id AND personal_info.salary > 40000
As you can see, we simply specified the two tables that we wished to join in the FROM clause and then included a
statement in the WHERE clause to limit the results to records that had matching employee IDs and met our criteria of a
salary greater than $40,000
Another term you must be familiar with as a security mechanism in Databases is: VIEW
What is a view?
In database theory, a view is a virtual or logical table composed of the result set of a query. Unlike ordinary tables (base
tables) in a relational database, a view is not part of the physical schema: it is a dynamic, virtual table computed or
collated from data in the database. Changing the data in a table alters the data shown in the view.
The result of a view is stored in a permanent table whereas the result of a query is displayed in a temporary table.
Views can provide advantages over tables;
They can subset the data contained in a table
They can join and simplify multiple tables into a single virtual table
Views can act as aggregated tables, where aggregated data (sum, average etc.) are calculated and presented as part of the
data
Views can hide the complexity of data, for example a view could appear as Sales2000 or Sales2001, transparently
partitioning the actual underlying table
Views take very little space to store; only the definition is stored, not a copy of all the data they present
Depending on the SQL engine used, views can provide extra security. Limit the exposure to which a table or tables are
exposed to outer world
Just like functions (in programming) provide abstraction, views can be used to create abstraction. Also, just like
functions, views can be nested, thus one view can aggregate data from other views. Without the use of views it would be
much harder to normalise databases above second normal form. Views can make it easier to create lossless join
decomposition.
Rows available through a view are not sorted. A view is a relational table, and the relational model states that a table is a
set of rows. Since sets are not sorted - per definition - the
rows in a view are not ordered either. Therefore, an ORDER BY clause in the view definition is meaningless and the
SQL standard (SQL:2003) does not allow this for the subselect in a CREATE VIEW statement.
The following reference(s) were used for this question:
The text above is from About.Com at: http://databases.about.com/
The definition of views above is from: http://en.wikipedia.org/wiki/View_%28database%29
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,
2001, John Wiley & Sons, Page 47
http://www.tomjewett.com/dbdesign/dbdesign.php?page=ddldml.php

QUESTION 17 - (Topic 1)
Which of the following testing method examines internal structure or working of an application?

A. White-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing

Answer: A

Explanation: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural
testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its
“Best Material, Great Results”. CERT EMPIRE 13
 ISC CISSP

functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming
skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the
appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing process. Although
traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system
testing more frequently today. It
can test paths within a unit, paths between units during integration, and between subsystems during a system–level test.
Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts
of the specification or missing requirements.
For your exam you should know the information below:
Alpha and Beta Testing - An alpha version is early version is an early version of the application system submitted to the
internal user for testing. The alpha version may not contain all the features planned for the final version. Typically
software goes to two stages testing before it consider finished.The first stage is called alpha testing is often performed
only by the user within the organization developing the software. The second stage is called beta testing, a form of user
acceptance testing, generally involves a limited number of external users. Beta testing is the last stage of testing, and
normally involves real world exposure, sending the beta version of the product to independent beta test sites or offering it
free to interested user.
Pilot Testing - A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace
other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests –
usually over interim platform and with only basic functionalities.
White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in determining
procedural accuracy or conditions of a program's specific logic path. However testing all possible logical path in large
information system is not feasible and would be cost prohibitive, and therefore is used on selective basis only.
Black Box Testing - An integrity based form of testing associated with testing components of an information system's
“functional” operating effectiveness without regards to any specific internal program structure. Applicable to integration
and user acceptance testing.
Function/validation testing – It is similar to system testing but it is often used to test the functionality of the system
against the detailed requirements to ensure that the software that has been built is traceable to customer requirements.
Regression Testing - The process of rerunning a portion of a test scenario or test plan to ensure that changes or
corrections have not introduced new errors. The data used in regression testing should be same as original data.
Parallel Testing - This is the process of feeding test data into two systems – the modified system and an alternative
system and comparing the result.
Sociability Testing - The purpose of these tests is to confirm that new or modified system can operate in its target
environment without adversely impacting existing system. This should cover not only platform that will perform primary
application processing and interface with other system but , in a client server and web development, changes to the
desktop environment. Multiple application may run on the users desktop, potentially simultaneously , so it is important
to test the impact of installing new dynamic link libraries (DLLs), making operating system registry or configuration file
modification, and possibly extra memory utilization.
The following answers are incorrect:
Parallel Testing - This is the process of feeding test data into two systems – the modified system and an alternative
system and comparing the result.
Regression Testing - The process of rerunning a portion of a test scenario or test plan to ensure that changes or
corrections have not introduced new errors. The data used in regression testing should be same as original data.
Pilot Testing - A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace
other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests –
usually over interim platform and with only basic functionalities
The following reference(s) were/was used to create this question:

“Best Material, Great Results”. CERT EMPIRE 14
 ISC CISSP

CISA review manual 2014 Page number 167
Official ISC2 guide to CISSP CBK 3rd Edition Page number 176

QUESTION 18 - (Topic 1)
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System
(IDS)?

A. signature-based IDS
B. statistical anomaly-based IDS
C. event-based IDS
D. inferent-based IDS

Answer: A

Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of
Computer Security, 2001, John Wiley & Sons, Page 49

QUESTION 19 - (Topic 1)
Who developed one of the first mathematical models of a multilevel-security computer system?

A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.

Answer: C

Explanation: In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system.
The following answers are incorrect:
Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography.
Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark-Wilson model came later,
1987
Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model

QUESTION 20 - (Topic 1)
Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control
method do you think would be best for this scenario?

A. RBAC - Role-Based Access Control
B. MAC - Mandatory Access Control
C. DAC - Discretionary Access Control
D. RBAC - Rule-Based Access Control

Answer: A

Explanation: RBAC - Role-Based Access Control permissions would fit best for a backup job for the employee because
the permissions correlate tightly with permissions granted to a backup operator.
A role-based access control (RBAC) model, bases the access control authorizations on the roles (or functions) that the
“Best Material, Great Results”. CERT EMPIRE 15
 ISC CISSP

user is assigned within an organization. The determination of what roles have access to a resource can be governed by
the owner of the data, as with DACs, or applied based on policy, as with MACs. Access control decisions are based on
job function, previously defined and governed by policy, and each role (job function) will have its own access
capabilities. Objects associated with a role will inherit privileges assigned to that role. This is also true for groups of
users, allowing administrators to simplify access control strategies by assigning users to groups and groups to roles.
Specifically, in the Microsoft Windows world there is a security group called "Backup Operators" in which you can
place the users to carry out the duties. This way you could assign the backup privilege without the need to grant the
Restore privilege. This would prevent errors or a malicious person from overwriting the current data with an old copy for
example.
The following answers are incorrect:
- MAC - Mandatory Access Control: This isn't the right answer. The role of Backup administrator fits perfectly with the
access control Role-Based access control.
- DAC - Discretionary Access Control: This isn't the correct answer because DAC relies on data owner/creators to
determine who has access to information.
- RBAC - Rule-Based Access Control: If you got this wrong it may be because you didn't read past the RBAC part. Be
very careful to read the entire question and answers before proceeding.
The following reference(s) was used to create this question: 2013 Official Security+ Curriculum.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle
Locations 1936-1943). Auerbach Publications. Kindle Edition.

QUESTION 21 - (Topic 1)
Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the
following statements pertaining to these types of controls is correct?

A. Examples of these types of controls include policies and procedures, security awareness training, background checks,
work habit checks but do not include a review of vacation history, and also do not include increased supervision.
B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols.
C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
D. Examples of these types of controls include policies and procedures, security awareness training, background checks,
work habit checks, a review of vacation history, and increased supervision.

Answer: C

Explanation: Logical or technical controls involve the restriction of access to systems and the protection of information.
Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 33

QUESTION 22 - (Topic 1)
What kind of certificate is used to validate a user identity?

A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate

Answer: A
16
 ISC CISSP

Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which
incorporates a digital signature to bind together a public key with an identity — information such as the name of a person
or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an
individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate
authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users
("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity
information and the public key belong together.
In computer security, an authorization certificate (also known as an attribute certificate) is a digital document that
describes a written permission from the issuer to use a service or a resource that the issuer controls or has access to use.
The permission can be delegated.
Some people constantly confuse PKCs and ACs. An analogy may make the distinction clear. A PKC can be considered
to be like a passport: it identifies the holder, tends to last for a long time, and should not be trivial to obtain. An AC is
more like an entry visa: it is typically issued by a different authority and does not last for as long a time. As acquiring an
entry visa typically requires presenting a passport, getting a visa can be a simpler process.
A real life example of this can be found in the mobile software deployments by large service providers and are typically
applied to platforms such as Microsoft Smartphone (and related), Symbian OS, J2ME, and others.
In each of these systems a mobile communications service provider may customize the mobile terminal client
distribution (ie. the mobile phone operating system or application environment) to include one or more root certificates
each associated with a set of capabilities or permissions such as "update firmware", "access address book", "use radio
interface", and the most basic one, "install and execute". When a developer wishes to enable distribution and execution
in one of these controlled environments they must acquire a certificate from an appropriate CA, typically a large
commercial CA, and in the process they usually have their identity verified using out-of-band mechanisms such as a
combination of phone call, validation of their legal entity through government and commercial databases, etc., similar to
the high assurance SSL certificate vetting process, though often there are additional specific requirements imposed on
would-be developers/publishers.
Once the identity has been validated they are issued an identity certificate they can use to sign their software; generally
the software signed by the developer or publisher's identity certificate is not distributed but rather it is submitted to
processor to possibly test or profile the content before generating an authorization certificate which is unique to the
particular software release. That certificate is then used with an ephemeral asymmetric key-pair to sign the software as
the last step of preparation for distribution. There are many advantages to separating the identity and authorization
certificates especially relating to risk mitigation of new content being accepted into the system and key management as
well
as recovery from errant software which can be used as attack vectors.
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page 540
http://en.wikipedia.org/wiki/Attribute_certificate
http://en.wikipedia.org/wiki/Public_key_certificate

QUESTION 23 - (Topic 1)
Which of the following access control models requires security clearance for subjects?

A. Identity-based access control
B. Role-based access control
C. Discretionary access control
D. Mandatory access control

Answer: D
“Best Material, Great Results”. CERT EMPIRE 17
 ISC CISSP

Explanation: With mandatory access control (MAC), the authorization of a subject's access to an object is dependant
upon labels, which indicate the subject's clearance. Identity-based access control is a type of discretionary access control.
A role-based access control is a type of non-discretionary access control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).

QUESTION 24 - (Topic 1)
Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control
System TACACS for communication between clients and servers?

A. TCP
B. SSL
C. UDP
D. SSH

Answer: C

Explanation: The original TACACS, developed in the early ARPANet days, had very limited functionality and used the
UDP transport. In the early 1990s, the protocol was extended to include additional functionality and the transport
changed to TCP.
TACACS is defined in RFC 1492, and uses (either TCP or UDP) port 49 by default. TACACS allows a client to accept a
username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or
simply TACACSD. TACACSD uses TCP and usually runs on port 49 It would determine whether to accept or deny the
authentication request and send a response back.
TACACS+
TACACS+ and RADIUS have generally replaced TACACS and XTACACS in more recently built or updated networks.
TACACS+ is an entirely new protocol and is not compatible with TACACS or XTACACS. TACACS+ uses the
Transmission Control Protocol (TCP) and RADIUS uses the User Datagram Protocol (UDP). Since TCP is connection
oriented protocol, TACACS+ does not have to implement transmission control. RADIUS, however, does have to detect
and correct transmission errors like packet loss, timeout etc. since it rides on UDP which is connectionless.
RADIUS encrypts only the users' password as it travels from the RADIUS client to RADIUS server. All other
information such as the username, authorization, accounting are transmitted in clear text. Therefore it is vulnerable to
different types of attacks. TACACS+ encrypts all the information mentioned above and therefore does not have the
vulnerabilities present in the RADIUS protocol.
RADIUS and TACACS + are client/ server protocols, which means the server portion cannot send unsolicited commands
to the client portion. The server portion can only speak when spoken to. Diameter is a peer-based protocol that allows
either end to initiate communication. This functionality allows the Diameter server to send a message to the access server
to request the user to provide another authentication credential if she is attempting to access a secure resource.
Reference(s) used for this question: http://en.wikipedia.org/wiki/TACACS and
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 239). McGraw-Hill. Kindle Edition.

QUESTION 25 - (Topic 1)
RADIUS incorporates which of the following services?

A. Authentication server and PIN codes.
B. Authentication of clients and static passwords generation.
C. Authentication of clients and dynamic passwords generation.
“Best Material, Great Results”. CERT EMPIRE 18
 ISC CISSP

D. Authentication server as well as support for Static and Dynamic passwords.

Answer: D

Explanation: According to RFC 2865:
A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information
to
designated RADIUS servers, and then acting on the response which is returned.
RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all
configuration information necessary for the client to deliver service to the user.
RADIUS authentication is based on provisions of simple username/password credentials. These credentials are encrypted
by the client using a shared secret between the client and the RADIUS server. OIG 2007, Page 513
RADIUS incorporates an authentication server and can make uses of both dynamic and static passwords.
Since it uses the PAP and CHAP protocols, it also incluses static passwords.
RADIUS is an Internet protocol. RADIUS carries authentication, authorization, and configuration information between a
Network Access Server and a shared Authentication Server. RADIUS features and functions are described primarily in
the IETF (International Engineering Task Force) document RFC2138
The term " RADIUS" is an acronym which stands for Remote Authentication Dial In User Service.
The main advantage to using a RADIUS approach to authentication is that it can provide a stronger form of
authentication. RADIUS is capable of using a strong, two-factor form of authentication, in which users need to possess
both a user ID and a hardware or software
token to gain access.
Token-based schemes use dynamic passwords. Every minute or so, the token generates a unique 4-, 6- or 8-digit access
number that is synchronized with the security server. To gain entry into the system, the user must generate both this one-
time number and provide his or her user ID and password.
Although protocols such as RADIUS cannot protect against theft of an authenticated session via some realtime attacks,
such as wiretapping, using unique, unpredictable authentication requests can protect against a wide range of active
attacks.
RADIUS: Key Features and Benefits
Features Benefits
RADIUS supports dynamic passwords and challenge/response passwords.
Improved system security due to the fact that passwords are not static.
It is much more difficult for a bogus host to spoof users into giving up their passwords or password-generation
algorithms.
RADIUS allows the user to have a single user ID and password for all computers in a network.
Improved usability due to the fact that the user has to remember only one login combination.
RADIUS is able to:
Prevent RADIUS users from logging in via login (or ftp).
Require them to log in via login (or ftp)
Require them to login to a specific network access server (NAS);
Control access by time of day.
Provides very granular control over the types of logins allowed, on a per-user basis.
The time-out interval for failing over from an unresponsive primary RADIUS server to a backup RADIUS server is site-
configurable.
RADIUS gives System Administrator more flexibility in managing which users can login from which hosts or devices.
Stratus Technology Product Brief
http://www.stratus.com/products/vos/openvos/radius.htm
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
“Best Material, Great Results”. CERT EMPIRE 19
 ISC CISSP

Security, 2001, John Wiley & Sons, Pages 43, 44
Also check: MILLER, Lawrence & GREGORY, Peter, CISSP for Dummies, 2002, Wiley Publishing, Inc., pages 45-46

QUESTION 26 - (Topic 1)
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be
based on physical attributes of a person. This raised the necessity of answering 2 questions :

A. what was the sex of a person and his age
B. what part of body to be used and how to accomplish identification that is viable
C. what was the age of a person and his income level
D. what was the tone of the voice of a person and his habits

Answer: B

Explanation: Today implementation of fast, accurate reliable and user-acceptable biometric identification systems is
already taking place. Unique physical attributes or behavior of a person are used for that purpose.
From: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1,
Page 7

QUESTION 27 - (Topic 1)
Which of the following is the FIRST step in protecting data's confidentiality?

A. Install a firewall
B. Implement encryption
C. Identify which information is sensitive
D. Review all user access rights

Answer: C

Explanation: In order to protect the confidentiality of the data.
The following answers are incorrect because :
Install a firewall is incorrect as this would come after the information has been identified for sensitivity levels.
Implement encryption is also incorrect as this is one of the mechanisms to protect the data once it has been identified.
Review all user access rights is also incorrect as this is also a protection mechanism for the identified information.
Reference : Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 126

QUESTION 28 - (Topic 1)
The type of discretionary access control (DAC) that is based on an individual's identity is also called:

A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control

Answer: A

Explanation: An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an
individual's identity.
“Best Material, Great Results”. CERT EMPIRE 20
 ISC CISSP

DAC is good for low level security environment. The owner of the file decides who has access to the file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an
access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a certain department might be
made the owner of the files and resources within her department. A system that uses discretionary access control (DAC)
enables the owner of the resource to specify which subjects can access specific resources.
This model is called discretionary because the control of access is based on the discretion of the owner. Many times
department managers, or business unit managers , are the owners of the data within their specific department. Being the
owner, they can specify who should have access and who should not.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw-Hill. Kindle Edition.

QUESTION 29 - (Topic 1)
In Synchronous dynamic password tokens:

A. The token generates a new password value at fixed time intervals (this password could be based on the time of day
encrypted with a secret key).
B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the
time of day encrypted with a secret key).
C. The unique password is not entered into a system or workstation along with an owner's PIN.
D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that
the entered password is invalid and that it was entered during the invalid time window.

Answer: B

Explanation: Synchronous dynamic password tokens:
The token generates a new password value at fixed time intervals (this password could be the time of day encrypted with
a secret key).
The unique password is entered into a system or workstation along with an owner's PIN. The authentication entity in a
system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is valid and
that it was entered during the valid time window.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 37

QUESTION 30 - (Topic 1)
Which of the following pairings uses technology to enforce access control policies?

A. Preventive/Administrative
B. Preventive/Technical
C. Preventive/Physical
D. Detective/Administrative

Answer: B

Explanation: The preventive/technical pairing uses technology to enforce access control policies.
TECHNICAL CONTROLS
Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software,
communications hardware and software, and related devices. Technical controls are sometimes referred to as logical
“Best Material, Great Results”. CERT EMPIRE 21
 ISC CISSP

controls.
Preventive Technical Controls
Preventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to
computing resources. Examples of these controls include:
Access control software.
Antivirus software.
Library control systems.
Passwords.
Smart cards.
Encryption.
Dial-up access control and callback systems.
Preventive Physical Controls
Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e.,
locations housing computing resources, supporting utilities, computer hard copy, and input data media) and to help
protect against natural disasters. Examples of these controls include:
Backup files and documentation.
Fences.
Security guards.
Badge systems.
Double door systems.
Locks and keys.
Backup power.
Biometric access controls.
Site selection.
Fire extinguishers.
Preventive Administrative Controls
Preventive administrative controls are personnel-oriented techniques for controlling people’s behavior to ensure the
confidentiality, integrity, and availability of computing data and programs. Examples of preventive administrative
controls include:
Security awareness and technical training.
Separation of duties.
Procedures for recruiting and terminating employees.
Security policies and procedures.
Supervision.
Disaster recovery, contingency, and emergency plans.
User registration for computer access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 34

QUESTION 31 - (Topic 1)
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement

Answer: D
“Best Material, Great Results”. CERT EMPIRE 22
 ISC CISSP

Explanation: This is a tricky question, the keyword in the question is Internal users. There are two possible answers
based on how the question is presented, this question could either apply to internal users or ANY anonymous/external
users.
Internal users should always have a written agreement first, then logon banners serve as a constant reminder.
Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good
banner will give you a better legal stand and also makes it obvious the user was warned about who should access the
system, who is authorized and unauthorized, and if it is an unauthorized user then he is fully aware of trespassing.
Anonymous/External users, such as those logging into a web site, ftp server or even a mail server; their only notification
system is the use of a logon banner.
References used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,
2001, John Wiley & Sons, Page 50
and
Shon Harris, CISSP All-in-one, 5th edition, pg 873

QUESTION 32 - (Topic 1)
Individual accountability does not include which of the following?

A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails

Answer: B

Explanation: Accountability would not include policies & procedures because while important on an effective security
program they cannot be used in determing accountability.
The following answers are incorrect:
Unique identifiers. Is incorrect because Accountability would include unique identifiers so that you can identify the
individual.
Access rules. Is incorrect because Accountability would include access rules to define access violations.
Audit trails. Is incorrect because Accountability would include audit trails to be able to trace violations or attempted
violations.

QUESTION 33 - (Topic 1)
Which of the following are additional access control objectives?

A. Consistency and utility
B. Reliability and utility
C. Usefulness and utility
D. Convenience and utility

Answer: B

Explanation: Availability assures that a system's authorized users have timely and uninterrupted access to the
information in the system. The additional access control objectives are reliability and utility. These and other related
objectives flow from the organizational security policy. This policy is a high-level statement of management intent
“Best Material, Great Results”. CERT EMPIRE 23
 ISC CISSP

regarding the control of access to information and the personnel who are authorized to receive that information. Three
things that must be considered for the planning and implementation of access control mechanisms are the threats to the
system, the system's vulnerability to these threats, and the risk that the threat may materialize
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 32

QUESTION 34 - (Topic 1)
Business Impact Analysis (BIA) is about

A. Technology
B. Supporting the mission of the organization
C. Due Care
D. Risk Assessment

Answer: B

Explanation: Business impact analysis is not about technology ; it is about supporting the mission of the organization.
The following answers are incorrect:
Technololgy
Due Care
Risk Assessment
The following reference(s) were/was used to create this question:
Information Security Management Handbook , Sixth Edition by Tipton & Al page 321

QUESTION 35 - (Topic 1)
You have been approached by one of your clients. They are interested in doing some security re-engineering. The client
is looking at various information security models. It is a highly secure environment where data at high classifications
cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert
channel. As an Information Security Professional , which model would you recommend to the client?

A. Information Flow Model combined with Bell Lapadula
B. Bell Lapadula
C. Biba
D. Information Flow Model

Answer: A

Explanation: Securing the data manipulated by computing systems has been a challenge in the past years. Several
methods to limit the information disclosure exist today, such as access control lists, firewalls, and cryptography.
However, although these methods do impose limits on the information that is released by a system, they provide no
guarantees about information propagation. For example, access control lists of file systems prevent unauthorized file
access, but they do not control how the data is used afterwards. Similarly,
cryptography provides a means to exchange information privately across a non-secure channel, but no guarantees about
the confidentiality of the data are given once it is decrypted.
In low level information flow analysis, each variable is usually assigned a security level. The basic model comprises two
distinct levels: low and high, meaning, respectively, publicly observable information, and secret information. To ensure
confidentiality, flowing information from high to low variables should not be allowed. On the other hand, to ensure
integrity, flows to high variables should be restricted.
“Best Material, Great Results”. CERT EMPIRE 24
 ISC CISSP

More generally, the security levels can be viewed as a lattice with information flowing only upwards in the lattice.
Noninterference Models
This could have been another good answer as it would help in minimizing the damage from covert channels.
The goal of a noninterference model is to help ensure that high-level actions (inputs) do not determine what low-level
user s can see (outputs ). Most of the security models presented are secured by permitting restricted ows between high-
and low-level users. The noninterference model maintains activities at different security levels to separate these levels
from each other. In this way, it minimizes leakages that may happen through covert channels, because there is complete
separation (noninterference) between security levels. Because a user at a higher security level has no way to interfere
with the activities at a lower level, the lower-level user cannot get any information from the higher leve.
The following answers are incorrect: Bell Lapadula
The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government
and military applications. It was developed by David Elliott Bell and Leonard J. LaPadula, subsequent to strong guidance
from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model
is a formal state transition model of computer security policy that describes a set of access control rules which use
security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"),
down to the least sensitive (e.g., "Unclassified" or "Public").
The Bell–LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to
the Biba Integrity Model which describes rules for the protection of data integrity. In this formal model, the entities in an
information system are divided into subjects and objects. The notion of a "secure state" is defined, and it is proven that
each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the
system satisfies the security objectives of the model.
The Bell–LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network
system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a
security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the
classification of the object (more precisely, to the combination of classification and set of compartments, making up the
security level) to determine if the subject is authorized for the specific access mode. The clearance/classification scheme
is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary
access control (DAC) rule with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at a higher security level (no
read-up).
The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security
level (no write-down). The -property is also known as the Confinement property.
The Discretionary Security Property - use of an access matrix to specify the discretionary access control.
The transfer of information from a high-sensitivity document to a lower-sensitivity document may happen in the Bell–
LaPadula model via the concept of trusted subjects. Trusted Subjects are not restricted by the -property. Untrusted
subjects are. Trusted Subjects must be shown to be trustworthy with regard to the security policy. This security model is
directed toward access control and is characterized by the phrase: "no read up, no write down."
With Bell-LaPadula, users can create content only at or above their own security level (i.e. secret researchers can create
secret or top-secret files but may not create public files; no write-down). Conversely, users can view content only at or
below their own security level (i.e. secret researchers can view public or secret files, but may not view top-secret files;
no read-up).
The Bell–LaPadula model explicitly defined its scope. It did not treat the following extensively:
Covert channels. Passing information via pre-arranged actions was described briefly. Networks of systems. Later
modeling work did address this topic.
Policies outside multilevel security. Work in the early 1990s showed that MLS is one version of boolean policies, as are
all other published policies.
Biba
“Best Material, Great Results”. CERT EMPIRE 25
 ISC CISSP

The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition system of
computer security policy that describes a set of access control
rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is
designed so that subjects may not corrupt objects in a level ranked higher than the subject, or be corrupted by objects
from a lower level than the subject.
In general the model was developed to circumvent a weakness in the Bell–LaPadula model which only addresses data
confidentiality.
In general, preservation of data integrity has three goals: Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency (i.e. data reflects the real world)
Note: Biba address only the first goal of integrity while Clark-Wilson addresses all three
This security model is directed toward data integrity (rather than confidentiality) and is characterized by the phrase: "no
read down, no write up". This is in contrast to the Bell-LaPadula model which is characterized by the phrase "no write
down, no read up".
In the Biba model, users can only create content at or below their own integrity level (a monk may write a prayer book
that can be read by commoners, but not one to be read by a high priest). Conversely, users can only view content at or
above their own integrity level (a monk may read a book written by the high priest, but may not read a pamphlet written
by a lowly commoner). Another analogy to consider is that of the military chain of command. A General may write
orders to a Colonel, who can issue these orders to a Major. In this fashion, the General's original orders are kept intact
and the mission of the military is protected (thus, "no read down" integrity). Conversely, a Private can never issue orders
to his Sergeant, who may never issue orders to a Lieutenant, also protecting the integrity of the mission ("no write up").
The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are the reverse of the Bell-
LaPadula rules:
The Simple Integrity Axiom states that a subject at a given level of integrity must not read an object at a lower integrity
level (no read down).
The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to any object at a higher level
of integrity (no write up).
Lattice Model
In computer security, lattice-based access control (LBAC) is a complex access control model based on the interaction
between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals,
groups or organizations).
In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object
may have and that a subject may have access to. The subject is only allowed to access an object if the security level of
the subject is greater than or equal to that of the object.
Mathematically, the security level access may also be expressed in terms of the lattice (a partial order set) where each
object and subject have a greatest lower bound (meet) and least upper bound (join) of access rights. For example, if two
subjects A and B need access to an object, the security level is defined as the meet of the levels of A and B. In another
example, if two objects X and Y are combined, they form another object Z, which is assigned the security level formed
by the join of the levels of X and Y.
The following reference(s) were/was used to create this question: ISC2 Review Seminar Student Manual V800 page 255
Dorothy Denning developed the information flow model to address convert channels. and
The ISC2 Official Study Guide, Second Edition, on page 683-685 and
https://secure.wikimedia.org/wikipedia/en/wiki/Biba_security_model and
https://secure.wikimedia.org/wikipedia/en/wiki/Bell%E2%80%93LaPadula_model and
https://secure.wikimedia.org/wikipedia/en/wiki/Lattice-based_access_control

QUESTION 36 - (Topic 1)
Which of the following is true of two-factor authentication?
“Best Material, Great Results”. CERT EMPIRE 26
 ISC CISSP

A. It uses the RSA public-key signature based on integers with large prime factors.
B. It requires two measurements of hand geometry.
C. It does not use single sign-on technology.
D. It relies on two independent proofs of identity.

Answer: D

Explanation: It relies on two independent proofs of identity. Two-factor authentication refers to using two independent
proofs of identity, such as something the user has (e.g. a token card) and something the user knows (a password). Two-
factor authentication may be
used with single sign-on.
The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand geometry twice
does not yield two independent proofs.
It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses integers with
exactly two prime factors, but the term "two-factor authentication" is not used in that context.
It does not use single sign-on technology. This is a detractor.
The following reference(s) were/was used to create this question: Shon Harris AIO v.3 p.129
ISC2 OIG, 2007 p. 126

QUESTION 37 - (Topic 1)
Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites

A. Directive Access Control
B. Deterrent Access Control
C. Preventive Access Control
D. Detective Access Control

Answer: A

Explanation: There are seven access control categories. Below you have the Access Control Types and Categories.
- Access Control Types:
- Administrative
- Policies, data classification and labeling and security awareness training
- Technical
- Hardare - MAC FIltering or perimeter devices like
- Software controls like account logons and encryption, file perms
- Physical
- Guard, fences and locks
- Access Control Categories:
Directive: specify rules of acceptable behavior
- Policy stating users may not use facebook Deterrent:
- Designed to discourage people from violating security directives
- Logon banner reminding users about being subject to monitoring Preventive:
- Implemented to prevent a security incident or information breach
- Like a fence or file permissions Detective:
“Best Material, Great Results”. CERT EMPIRE 27
 ISC CISSP

- Used to mitigate the loss.
- Example: Logging, IDS with a Firewall Compensating:
- To subsititute for the loss of a primary control of add additinoal mitigation
- Example: Logging, IDS inline with firewall
Corrective:
- To remedy circumstance, mitigate damage or restore control
- Example: Fire extinguisher, firing an employee
Recovery:
- To restore conditions to normal after a security incident
- Restore files from backup
All these are designed to shape employee behavior to better maintain an environment that supports the business
objectives and protects corporate assets.
The following answers are incorrect:
- Deterrent Access Control: This is not right because a deterrent access control discourages people from violating
security directives.
- Preventive Access Control: This is incorrect because a preventive access control category is used to simply stop or
block unwanted behavior. Users don't have a choice about whether to violate the behavior rules.
- Detective Access Control: Sorry, this isn't a access control category.
The following reference(s) was used to create this question: 2013 Official Security+ Curriculum.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle
Location 1162). Auerbach Publications. Kindle Edition.

QUESTION 38 - (Topic 1)
What is called the verification that the user's claimed identity is valid and is usually implemented through a user
password at log-on time?

A. Authentication
B. Identification
C. Integrity
D. Confidentiality

Answer: A

Explanation: Authentication is verification that the user's claimed identity is valid and is usually implemented through a
user password at log-on time.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 36

QUESTION 39 - (Topic 1)
During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there
is a possibility to force the authorization step to be completed before the authentication step. Which of the following
technique an attacker could user to force authorization step before authentication?

A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
“Best Material, Great Results”. CERT EMPIRE 28
 ISC CISSP

Answer: D

Explanation: A race condition is when processes carry out their tasks on a shared
resource in an incorrect order. A race condition is possible when two or more processes use a shared resource, as in data
within a variable. It is important that the processes carry out their functionality in the correct sequence. If process 2
carried out its task on the data before process 1, the result will be much different than if process1 carried out its tasks on
the data before process 2
In software, when the authentication and authorization steps are split into two functions, there is a possibility an attacker
could use a race condition to force the authorization step to be completed before the authentication step. This would be a
flaw in the software that the attacker has figured out how to exploit. A race condition occurs when two or more processes
use the same resource and the sequences of steps within the software can be carried out in an improper order, something
that can drastically affect the output. So, an attacker can force the authorization step to take place before the
authentication step and gain unauthorized access to a resource.
The following answers are incorrect:
Eavesdropping - is the act of secretly listening to the private conversation of others without their consent, as defined by
Black's Law Dictionary. This is commonly thought to be unethical and there is an old adage that "eavesdroppers seldom
hear anything good of themselves...eavesdroppers always try to listen to matters that concern them."
Traffic analysis - is the process of intercepting and examining messages in order to deduce information from patterns in
communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the
greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic.
Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis,
and is a concern in computer security.
Masquerading - A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain
unauthorized access to personal computer information through legitimate access identification. If an authorization
process is not fully protected, it can become extremely vulnerable to a masquerade attack. Masquerade attacks can be
perpetrated using stolen passwords and logons, by locating gaps in programs, or by finding a way around the
authentication process. The attack can be triggered either by someone within the organization or by an outsider if the
organization is connected to a public network. The amount of access masquerade attackers get depends on the level of
authorization they've managed to attain. As such, masquerade attackers can have a full smorgasbord of cyber crime
opportunities if they’ve gained the highest access authority to a business organization. Personal attacks, although less
common, can also be harmful.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 324
Official ISC2 guide to CISSP CBK 3rd Edition Page number 66
CISSP All-In-One Exam guide 6th Edition Page Number 161

QUESTION 40 - (Topic 1)
In which of the following security models is the subject's clearance compared to the object's classification such that
specific rules can be applied to control how the subject-to-object interactions take place?

A. Bell-LaPadula model
B. Biba model
C. Access Matrix model
D. Take-Grant model

Answer: A

“Best Material, Great Results”. CERT EMPIRE 29
 ISC CISSP

Explanation: Details:
The
Answer: Bell-LaPadula model
The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the
system and the system processes data with different classifications. Developed by the US Military in the 1970s.
A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures
and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and
analytical ideas, which are mapped to system specifications and then developed by programmers through programming
code. So we have a policy that encompasses security goals, such as “each subject must be authenticated and authorized
before accessing an object.” The security model takes this requirement and provides the necessary mathematical
formulas, relationships, and logic structure to be followed to accomplish this goal.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with different
clearances use the system, and the system processes data at different classification levels. The level at which information
is classified determines the handling procedures that should be used. The Bell-LaPadula model is a state machine model
that enforces the confidentiality aspects of access control. A matrix and security
levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’s
classification and then specific rules are applied to control how subject-to-object subject-to-object interactions can take
place.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-Hill. Kindle Edition.

QUESTION 41 - (Topic 1)
Which of the following statements pertaining to Kerberos is TRUE?

A. Kerberos does not address availability
B. Kerberos does not address integrity
C. Kerberos does not make use of Symmetric Keys
D. Kerberos cannot address confidentiality of information

Answer: A

Explanation: The question was asking for a TRUE statement and the only correct statement is "Kerberos does not
address availability".
Kerberos addresses the confidentiality and integrity of information. It does not directly address availability.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 42).

QUESTION 42 - (Topic 1)
Database views are NOT used to:

A. Implement referential integrity
B. Implement least privilege
C. To implement content-dependent access restrictions
D. Implement need-to-know

Answer: A

Explanation: A view is considered as a virtual table that is derived from other tables. It can be used to restrict access to
“Best Material, Great Results”. CERT EMPIRE 30
 ISC CISSP

certain information within the database, to hide attributes, and to implement content-dependent access restrictions. It
does not implement referential integrity.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 46).

QUESTION 43 - (Topic 1)
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?

A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement

Answer: A

Explanation: Banners at the log-on time should be used to notify external users of any monitoring that is being conducted.
A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access
the system and if it is an unauthorized user then he is fully aware of trespassing.
This is a tricky question, the keyword in the question is External user.
There are two possible answers based on how the question is presented, this question could either apply to internal users
or ANY anonymous user.
Internal users should always have a written agreement first, then logon banners serve as a constant reminder.
Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is
the use of a logon banner.
References used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,
2001, John Wiley & Sons, Page 50
and
Shon Harris, CISSP All-in-one, 5th edition, pg 873

QUESTION 44 - (Topic 1)
Which of the following is not a two-factor authentication mechanism?

A. Something you have and something you know.
B. Something you do and a password.
C. A smartcard and something you are.
D. Something you know and a password.

Answer: D

Explanation: Something you know and a password fits within only one of the three ways authentication could be done. A
password is an example of something you know, thereby something you know and a password does not constitute a two-
factor authentication as both are in the same category of factors.
A two-factor (strong) authentication relies on two different kinds of authentication factors out of a list of three possible
choice:
something you know (e.g. a PIN or password),
something you have (e.g. a smart card, token, magnetic card),
something you are is mostly Biometrics (e.g. a fingerprint) or something you do (e.g. signature dynamics).
“Best Material, Great Results”. CERT EMPIRE 31
 ISC CISSP

TIP FROM CLEMENT:
On the real exam you can expect to see synonyms and sometimes sub-categories under the main categories. People are
familiar with Pin, Passphrase, Password as subset of Something you know.
However, when people see choices such as Something you do or Something you are they immediately get confused and
they do not think of them as subset of Biometrics where you have Biometric implementation based on behavior and
physilogical attributes. So
something you do falls under the Something you are category as a subset. Something your do would be signing your
name or typing text on your keyboard for example.
Strong authentication is simply when you make use of two factors that are within two different categories.
Reference(s) used for this question:
Shon Harris, CISSP All In One, Fifth Edition, pages 158-159

QUESTION 45 - (Topic 1)
Access Control techniques do not include which of the following choices?

A. Relevant Access Controls
B. Discretionary Access Control
C. Mandatory Access Control
D. Lattice Based Access Control

Answer: A

Explanation: Access Control Techniques
Discretionary Access Control
Mandatory Access Control
Lattice Based Access Control
Rule-Based Access Control
Role-Based Access Control
Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group
Study Guide for Domain 1, Page 13

QUESTION 46 - (Topic 1)
A database view is the results of which of the following operations?

A. Join and Select.
B. Join, Insert, and Project.
C. Join, Project, and Create.
D. Join, Project, and Select.

Answer: D

Explanation: 1 The formal description of how a relational database operates. 2 The mathematics which underpin SQL
operations.
A number of operations can be performed in relational algebra to build relations and operate on the data.
Five operations are primitives (Select, Project, Union, Difference and Product) and the other operations can be defined in
terms of those five. A View is defined from the operations of Join, Project, and Select.
For the purpose of the exam you must remember the following terms from relational algebra and their SQL equivalent:
Tuple = Row, Entry
“Best Material, Great Results”. CERT EMPIRE 32
 ISC CISSP

Attribute = Column
Relation or Based relation = Table
See the extract below from the ISC2 book:
Each table, or relation, in the relational model consists of a set of attributes and a set of tuples (rows) or entries in the
table. Attributes correspond to a column in a table. Attributes are unordered left to right, and thus are referenced by name
and not by position. All data values in the relational model are atomic. Atomic values mean that at every row/column
position in every table there is always exactly one data value and never a set of values. There are no links or pointers
connecting tables; thus, the representation of relationships is contained as data in another table.
A tuple of a table corresponds to a row in the table. Tuples are unordered top to bottom because a relation