Once the merchant server has been authenticated by the browser client, the browser generates a master secret that is to be shared only between the server and client. This secret serves as a seed to generate the session (private) keys. The master secret is then encrypted with the merchant's public key and sent to the server. The fact that the master secret is generated by the client's browser provides the client assurance that the server is not reusing keys that would have been used in a previous session with another client. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 6: Cryptography (page 112). Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, page 569.

Explanation/Reference:
Explanation:
Data Remanence is the problem of residual information remaining on the media after erasure, which may be subject to restoration by another user, thereby resulting in a loss of confidentiality. Diskettes, hard drives, tapes, and any magnetic or writable media are susceptible to data remanence. Retrieving the bits and pieces of data that have not been thoroughly removed from storage media is a common method of computer forensics, and is often used by law enforcement personnel to preserve evidence and to construct a trail of misuse. Anytime a storage medium is reused (and also when it is discarded), there is the potential for the media's information to be retrieved. Methods must be employed to properly destroy the existing data to ensure that no residual data is available to new users. The "Orange Book" standard recommends that magnetic media be formatted seven times before discard or reuse.
Incorrect Answers:
B: Recovery is not the term that refers to the data left on the media after the media has been erased.
C: Sticky bits is not the term that refers to the data left on the media after the media has been erased.
D: Semi-hidden is not the term that refers to the data left on the media after the media has been erased.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 477

Risk management consists of two primary and one underlying activity; risk assessment and risk mitigation are the primary activities and uncertainty analysis is the underlying one. After having performed risk assessment and mitigation, an uncertainty analysis should be performed. Risk management must often rely on speculation, best guesses, incomplete data, and many unproven assumptions. A documented uncertainty analysis allows the risk management results to be used knowledgeably. A vulnerability analysis, likelihood assessment and threat identification are all parts of the collection and analysis of data part of the risk assessment, one of the primary activities of risk management.
Source: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and
Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and
Practices for Securing Information Technology Systems, September 1996 (pages 19-21).

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Platform-as-a-Service (PaaS) is a model of service delivery whereby the computing platform is provided as an on-demand service upon which applications can be developed and deployed. Its main purpose is to reduce the cost and omplexity of buying, housing, and managing the underlying hardware and software components of the platform, including any needed program and database development tools. The development environment is typically special purpose, determined by the cloud provider and tailored to the design and architecture of its platform. The cloud consumer has control over applications and application environment settings of the latform. Security provisions are split between the cloud provider and the cloud consumer.
The following answers are incorrect:
Software-as-a-Service.
Software-as-a-Service (SaaS) is a model of service delivery whereby one or more applications
and the computational resources to run them are provided for use on demand as a turnkey
service. Its main purpose is to reduce the total cost of hardware and software development,
maintenance, and operations. Security
provisions are carried out mainly by the cloud provider. The cloud consumer does not manage or
control the underlying cloud infrastructure or individual applications, except for preference
selections and limited administrative application settings.
Infrastructure-as-a-Service.
Infrastructure-as-a-Service (IaaS) is a model of service delivery whereby the basic computing
infrastructure of servers, software, and network equipment is provided as an on-demand service
upon which a platform to develop and execute applications can be established. Its main purpose is
to avoid purchasing, housing, and managing the basic hardware and software infrastructure
components, and instead obtain those resources as virtualized objects controllable via a service
interface. The cloud consumer generally has broad freedom to choose the operating system and
development environment to be hosted. Security provisions beyond the basic infrastructure are
carried out mainly by the cloud consumer
Code as a Service (CaaS)
CaaS does not exist and is only a detractor. This is no such service model.
Cloud Deployment Models
NOTE: WHAT IS A CLOUD INFRASTRUCTURE?
A cloud infrastructure is the collection of hardware and software that enables the five essential
characteristics of cloud computing. The cloud infrastructure can be viewed as containing both a
physical layer and an abstraction layer. The physical layer consists of the hardware resources that
are necessary to support the cloud services being provided, and typically includes server, storage
and network components. The abstraction layer consists of the software deployed across the
physical layer, which manifests the essential cloud characteristics. Conceptually the abstraction
layer sits above the physical layer.
The following reference(s) were/was used to create this question:
NIST Special Publication 800-144 Guidelines on Security and Privacy in Public Cloud Computing
and
NIST Special Publication 800-145 The NIST definition of Cloud Computing

Only fiber optic cables are not affected by crosstalk or interference.
For your exam you should know the information about transmission media:
Copper Cable
Copper cable is very simple to install and easy to tap. It is used mostly for short distance and
supports voice and data.
Copper has been used in electric wiring since the invention of the electromagnet and the telegraph
in the 1820s.The invention of the telephone in 1876 created further demand for copper wire as an electrical conductor. Copper is the electrical conductor in many categories of electrical wiring. Copper wire is used in power generation, power transmission, power distribution, telecommunications, electronics circuitry, and countless types of electrical equipment. Copper and its alloys are also used to make electrical contacts. Electrical wiring in buildings is the most important market for the copper industry. Roughly half of all copper mined is used to manufacture electrical wire and cable conductors.
Copper Cable Image Source - http://i00.i.aliimg.com/photo/v0/570456138/FRLS_HR_PVC_Copper_Cable.jpg
Coaxial cable Coaxial cable, or coax (pronounced 'ko.aks), is a type of cable that has an inner conductor surrounded by a tubular insulating layer, surrounded by a tubular conducting shield. Many coaxial cables also have an insulating outer sheath or jacket. The term coaxial comes from the inner conductor and the outer shield sharing a geometric axis. Coaxial cable was invented by English engineer and mathematician Oliver Heaviside, who patented the design in 1880.Coaxial cable differs from other shielded cable used for carrying lower-frequency signals, such as audio signals, in that the dimensions of the cable are controlled to give a precise, constant conductor spacing, which is needed for it to function efficiently as a radio frequency transmission line.
Coaxial cable are expensive and does not support many LAN's. It supports data and video Coaxial Cable Image Source - http://www.tlc-direct.co.uk/Images/Products/size_3/CARG59.JPG
Fiber optics An optical fiber cable is a cable containing one or more optical fibers that are used to carry light. The optical fiber elements are typically individually coated with plastic layers and contained in a protective tube suitable for the environment where the cable will be deployed. Different types of cable are used for different applications, for example long distance telecommunication, or providing a high-speed data connection between different parts of a building. Fiber optics used for long distance, hard to splice, not vulnerable to cross talk and difficult to tap. It supports voice data, image and video. Radio System Radio systems are used for short distance,cheap and easy to tap. Radio is the radiation (wireless transmission) of electromagnetic signals through the atmosphere or free space. Information, such as sound, is carried by systematically changing (modulating) some property of the radiated waves, such as their amplitude, frequency, phase, or pulse width. When radio waves strike an electrical conductor, the oscillating fields induce an alternating current in the conductor.
The information in the waves can be extracted and transformed back into its original form.
Fiber Optics
Image Source - http://aboveinfranet.com/wp-content/uploads/2014/04/fiber-optic-cables-above-
infranet-solutions.jpg
Microwave radio system
Microwave transmission refers to the technology of transmitting information or energy by the use
of radio waves whose wavelengths are conveniently measured in small numbers of centimetre;
these are called microwaves.
Microwaves are widely used for point-to-point communications because their small wavelength
allows conveniently-sized antennas to direct them in narrow beams, which can be pointed directly
at the receiving antenna. This allows nearby microwave equipment to use the same frequencies
without interfering with each other, as lower frequency radio waves do. Another advantage is that
the high frequency of microwaves gives the microwave band a very large information-carrying
capacity; the microwave band has a bandwidth 30 times that of all the rest of the radio spectrum
below it. A disadvantage is that microwaves are limited to line of sight propagation; they cannot
pass around hills or mountains as lower frequency radio waves can.
Microwave radio transmission is commonly used in point-to-point communication systems on the
surface of the Earth, in satellite communications, and in deep space radio communications. Other
parts of the microwave radio band are used for radars, radio navigation systems, sensor systems,
and radio astronomy.
Microwave radio systems are carriers for voice data signal, cheap and easy to tap.
Microwave Radio System
Image Source - http://www.valiantcom.com/images/applications/e1_digital_microwave_radio.gif
Satellite Radio Link
Satellite radio is a radio service broadcast from satellites primarily to cars, with the signal
broadcast nationwide, across a much wider geographical area than terrestrial radio stations. It is
available by subscription, mostly commercial free, and offers subscribers more stations and a
wider variety of programming options than terrestrial radio.
Satellite radio link uses transponder to send information and easy to tap.
The following answers are incorrect:
Copper Cable - Copper cable is very simple to install and easy to tap. It is used mostly for short
distance and supports voice and data.
Radio System - Radio systems are used for short distance,cheap and easy to tap.
Satellite Radio Link - Satellite radio link uses transponder to send information and easy to tap.
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 265 &
Official ISC2 guide to CISSP CBK 3rd Edition Page number 233