Page 1534 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1534
12. B. In system high mode, all users have appropriate clearances and
access permissions for all information processed by the system but
need to know only some of the information processed by that
system.
13. C. The most commonly overlooked aspect of mobile phone
eavesdropping is related to people in the vicinity overhearing
conversations (at least one side of them). Organizations frequently
consider and address issues of wireless networking, storage device
encryption, and screen locks.
14. B. BIOS and device firmware are often stored on EEPROM chips to
facilitate future firmware updates.
15. C. Registers are small memory locations that are located directly on
the CPU chip itself. The data stored within them is directly
available to the CPU and can be accessed extremely quickly.
16. A, B, and D. A programmer can implement the most effective way
to prevent XSS by validating input, coding defensively, escaping
metacharacters, and rejecting all scriptlike input.
17. D. A buffer overflow attack occurs when an attacker submits data
to a process that is larger than the input variable is able to contain.
Unless the program is properly coded to handle excess input, the
extra data is dropped into the system’s execution stack and may
execute as a fully privileged operation.
18. C. Process isolation provides separate memory spaces to each
process running on a system. This prevents processes from
overwriting each other’s data and ensures that a process can’t read
data from another process.
19. D. The principle of least privilege states that only processes that
absolutely need kernel-level access should run in supervisory
mode. The remaining processes should run in user mode to reduce
the number of potential security vulnerabilities.
20. A. Hardware segmentation achieves the same objectives as process
isolation but takes them to a higher level by implementing them
with physical controls in hardware.
