1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 219
Выбрать главу

150. What is a common security problem?

a. Discarded storage media

b. Telephone wiretapping

c. Intelligence consultants

d. Electronic bugs

150. a. Here, the keyword is common, and it is relative. Discarded storage media, such as CDs/DVDs, paper documents, and reports, is a major and common problem in every organization. Telephone wiretapping and electronic bugs require expertise. Intelligent consultants gather a company’s proprietary data and business information and government trade strategies.

151. When controlling access to information, an audit log provides which of the following?

a. Review of security policy

b. Marking files for reporting

c. Identification of jobs run

d. Accountability for actions

151. d. An audit log must be kept and protected so that any actions impacting security can be traced. Accountability can be established with the audit log. The audit log also helps in verifying the other three choices indirectly.

152. What is a detective control in a computer operations area?

a. Policy

b. Log

c. Procedure

d. Standard

152. b. Logs, whether manual or automated, capture relevant data for further analysis and tracing. Policy, procedure, and standard are directive controls and are part of management controls because they regulate human behavior.

153. In terms of security functionality verification, which of the following is the correct order of information system’s transitional states?

1. Startup

2. Restart

3. Shutdown

4. Abort

a. 1, 2, 3, and 4

b. 1, 3, 2, and 4

c. 3, 2, 1, and 4

d. 4, 3, 2, and 1

153. b. The correct order of information system’s transitional states is startup, shutdown, restart, and abort. Because the system is in transitional states, which is an unstable condition, if the restart procedures are not performed correctly or facing technical recovery problems, then the system has no choice except to abort.

154. Which of the following items is not related to the other items?

a. Keystroke monitoring

b. Penetration testing

c. Audit trails

d. Telephone wiretap

154. b. Penetration testing is a test in which the evaluators attempt to circumvent the security features of a computer system. It is unrelated to the other three choices. Keystroke monitoring is the process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. It is considered as a special case of audit trails. Some consider the keystroke monitoring as a special case of unauthorized telephone wiretap and others are not.

155. All the following are tools that help both system intruders and systems administrators except:

a. Network discovery tools

b. Intrusion detection tools

c. Port scanners

d. Denial-of-service test tools

155. b. Intrusion detection tools detect computer attacks in several ways: (i) outside of a network’s firewall, (ii) behind a network’s firewall, or (iii) within a network to monitor insider attacks. Network discovery tools and port scanners can be used both by intruders and system administrators to find vulnerable hosts and network services. Similarly, denial-of-service test tools can be used to determine how much damage can be done to a computing site.

156. Audit trail records contain vast amounts of data. Which of the following review methods is best to review all records associated with a particular user or application system?

a. Batch-mode analysis

b. Real-time audit analysis

c. Audit trail review after an event

d. Periodic review of audit trail data

156. b. Audit trail data can be used to review what occurred after an event, for periodic reviews, and for real-time analysis. Audit analysis tools can be used in a real-time, or near real-time, fashion. Manual review of audit records in real time is not feasible on large multi-user systems due to the large volume of records generated. However, it might be possible to view all records associated with a particular user or application and view them in real time.

Batch-mode analysis is incorrect because it is a traditional method of analyzing audit trails. The audit trail data are reviewed periodically. Audit records are archived during that interval for later analysis. The three incorrect choices do not provide the convenience of displaying or reporting all records associated with a user or application, as do the real-time audit analysis.

157. Many errors were discovered during application system file-maintenance work. What is the best control?

a. File labels

b. Journaling

c. Run-to-run control

d. Before and after image reporting

157. d. Before and after image reporting ensures data integrity by reporting data field values both before and after the changes so that functional users can detect data entry and update errors.

File labels are incorrect because they verify internal file labels for tapes to ensure that the correct data file is used in the processing. Journaling is incorrect because it captures system transactions on a journal file so that recovery can be made should a system failure occur. Run-to-run control is incorrect because it verifies control totals resulting from one process or cycle to the subsequent process or cycle to ensure their accuracy.

158. Which of the following is not an example of denial-of-service attacks?

a. Flaw-based attacks

b. Information attacks

c. Flooding attacks

d. Distributed attacks

158. b. An information attack is not relevant here because it is too general. Flaw-based attacks take advantage of a flaw in the target system’s software to cause a processing failure, escalate privileges, or to cause it to exhaust system resources. Flooding attacks simply send a system more information than it can handle. A distributed attack is a subset of denial-of-service (DoS) attacks, where the attacker uses multiple computers to launch the attack and flood the system.

159. All the following are examples of technical controls for ensuring information systems security except:

a. User identification and authentication

b. Assignment of security responsibility

c. Access controls

d. Data validation controls

159. b. Assignment of security responsibility is a part of management controls. Screening of personnel is another example of management controls. The other three choices are part of technical controls.

160. Which of the following individuals or items cause the highest economic loss to organizations using computer-based information systems?

~ 219 ~