Daily CISSP certification common mistakes (April 12, 2022)

CISSP Certification is often wrong （ From Mingxue online test platform ：https://www.maxstu.com/page/1773704）

【 The answer is analyzed after the question 】

subject 1
Q：Kim Want to create a key that enforces database referential integrity . What type of key does she need to create ？
Kim would like to create a key that enforces referential integrity for the database. What type of key does she need to create?
A、 Primary key  
Primary key
B、 Foreign keys  
Foreign key 
C、 Candidate key  
Candidate key 
D、 Master key
Master key

subject 2
Q：Amanda Want to use existing Gmail Contacts in the account , New users of her app already have these contacts . Which of the following protocols is used for such use by many cloud providers , Provide secure delegate access ？
Amanda wants to use contacts from the existing Gmail accounts that new users for her application already have. What protocol from the following options is used to provide secure delegated access for this type of use by many cloud providers?
A、OpenID 
B、Kerberos
C、OAuth 
D、SAML

subject 3
Q：Jill Is purchasing new network hardware for her organization . She found a gray market supplier who imported hardware from abroad at a lower price . What is the most important security issue of the hardware obtained in this way ？
Jill is working to procure new network hardware for her organization. She finds a gray market supplier that is importing the hardware from outside the country at a much lower price. What security concern is the most significant for hardware acquired this way?
A、 Security of hardware and firmware
The security of the hardware and firmware
B、 Availability of hardware and software support
Availability of support for the hardware and software
C、 Whether the hardware is the legal product of the actual supplier
Whether the hardware is a legitimate product of the actual vendor
D、 Age of hardware
The age of the hardware
---------------

There are more free online security certification test questions and wechat learning discussion groups , You can add Mingxue online assistant vx：maxstu_com, Get and join .

---------------
subject 1
answer ：B
analysis ： Integrity references ensure that records are referenced by foreign keys in other tables , The record exists in the secondary table . Foreign keys are mechanisms used to strictly guarantee referential integrity .
B. Foreign keys are used to create relationships between tables in a database. The data- base enforces referential integrity by ensuring that the foreign key used in a table has a corresponding record with that value as the primary key in the referenced table.

subject 2
answer ：C
analysis ：OAuth Used to provide secure delegated access in scenarios like this .OpenID Credentials used to log in from other service providers , For example, when you use Google When logging into other websites .SAML Or security assertion markup language , Used to make security assertions , Allow authentication and authorization between identity providers and service providers .Kerberos Mainly used within the organization , Not in a union , And this is the focus of this question .
OAuth is used to provide secure delegated access in scenarios exactly like this. OpenID is used to sign in using credentials from an identity provider to other services, such as when you log in with Google to other sites. SAML, or Security Assertion Markup Language, is used to make security assertions allowing authentication and authorizations between identity providers and service providers. Kerberos is mostly used inside of organizations instead of for federation, as this question focuses on.

subject 3
answer ：A
analysis ： Each of these answers can be a question , But the most important security issue is whether the hardware and firmware can be trusted or may have been modified . Original equipment manufacturer （OEM） There are commercial reasons to ensure the safety of its products , But third parties in the supply chain may not feel the same pressure . The availability of support and the legality of hardware are also issues , But it's not a direct security issue . Last , The hardware may be older than expected , Or maybe it's used 、 Refurbished or not new .
Each of these answers may be a concern, but the overriding security concern is if the hardware and firmware can be trusted or may have been modified. Original equipment manufacturers (OEMs) have business reasons to ensure the security of their product, but third parties in the supply chain may not feel the same pressure. Both availability of support and whether the hardware is legitimate are also concerns, but less immediate security concerns. Finally, hardware may be older than expected, or may be used, refurbished, or other- wise not new.