1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 22
Выбрать главу

An anomaly-based detection does not use blacklists, whitelists, and program code viewing. A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Program code viewing and editing features are established to see the detection-related programming code in the intrusion detection and prevention system (IDPS).

171. Which of the following security models addresses “separation of duties” concept?

a. Biba model

b. Clark-Wilson model

c. Bell-LaPadula model

d. Sutherland model

171. b. The Clark and Wilson security model addresses the separation of duties concept along with well-formed transactions. Separation of duties attempts to ensure the external consistency of data objects. It also addresses the specific integrity goal of preventing authorized users from making improper modifications. The other three models do not address the separation of duties concept.

172. From a computer security viewpoint, the Chinese-Wall policy is related to which of the following?

a. Aggregation problem

b. Data classification problem

c. Access control problem

d. Inference problem

172. c. As presented by Brewer and Nash, the Chinese-Wall policy is a mandatory access control policy for stock market analysts. According to the policy, a market analyst may do business with any company. However, every time the analyst receives sensitive “inside“ information from a new company, the policy prevents him from doing business with any other company in the same industry because that would involve him in a conflict of interest situation. In other words, collaboration with one company places the Chinese-Wall between him and all other companies in the same industry.

The Chinese-Wall policy does not meet the definition of an aggregation problem; there is no notion of some information being sensitive with the aggregate being more sensitive. The Chinese-Wall policy is an access control policy in which the access control rule is not based just on the sensitivity of the information, but is based on the information already accessed. It is neither an inference nor a data classification problem.

173. Which of the following security models promotes security clearances and sensitivity classifications?

a. Biba model

b. Clark-Wilson model

c. Bell-LaPadula model

d. Sutherland model

173. c. In a Bell-LaPadula model, the clearance/classification scheme is expressed in terms of a lattice. To determine whether a specific access model is allowed, the clearance of a subject is compared to the classification of the object, and a determination is made as to whether the subject is authorized for the specific access mode. The other three models do not deal with security clearances and sensitivity classifications.

174. Which of the following solutions to local account password management problem could an attacker exploit?

a. Use multifactor authentication to access the database.

b. Use a hash-based local password and a standard password.

c. Use randomly generated passwords.

d. Use a central password database.

174. b. A local password could be based on a cryptographic hash of the media access control address and a standard password. However, if an attacker recovers one local password, the attacker could easily determine other local passwords. An attacker could not exploit the other three choices because they are secure. Other positive solutions include disabling built-in accounts, storing the passwords in the database in an encrypted form, and generating passwords based on a machine name or a media access control address.

175. Which of the following statements is true about intrusion detection systems (IDS) and firewalls?

a. Firewalls are a substitution for an IDS.

b. Firewalls are an alternative to an IDS.

c. Firewalls are a complement to an IDS.

d. Firewalls are a replacement for an IDS.

175. c. An IDS should be used as a complement to a firewall, not a substitute for it. Together, they provide a synergistic effect.

176. The Bell-LaPadula Model for a computer security policy deals with which of the following?

a. $ -property

b. @ -property

c. Star (*) -property

d. # -property

176. c. Star property (* -property) is a Bell-LaPadula security rule enabling a subject write access to an object only if the security level of the object dominates the security level of the subject.

177. Which of the following cannot prevent shoulder surfing?

a. Promoting education and awareness

b. Preventing password guessing

c. Installing encryption techniques

d. Asking people not to watch while a password is typed

177. c. The key thing in shoulder surfing is to make sure that no one watches the user while his password is typed. Encryption does not help here because it is applied after a password is entered, not before. Proper education and awareness and using difficult-to-guess passwords can eliminate this problem.

178. What does the Bell-LaPadula’s star.property (* -property) mean?

a. No write-up is allowed.

b. No write-down is allowed.

c. No read-up is allowed.

d. No read-down is allowed.

178. b. The star property means no write-down and yes to a write-up. A subject can write objects only at a security level that dominates the subject’s level. This means, a subject of one higher label cannot write to any object of a lower security label. This is also known as the confinement property. A subject is prevented from copying data from one higher classification to a lower classification. In other words, a subject cannot write anything below that subject’s level.

179. Which of the following security models covers integrity?

a. Bell-LaPadula model

b. Biba model

c. Information flow model

d. Take-Grant model

179. b. The Biba model is an example of an integrity model. The Bell-LaPadula model is a formal state transition model of a computer security policy that describes a set of access control rules. Both the Bell-LaPadula and the Take-Grant models are a part of access control models.

180. Which of the following security models covers confidentiality?

a. Bell-LaPadula model

b. Biba model

c. Information flow model

d. Take-grant model

180. a. The Bell-LaPadula model addresses confidentiality by describing different security levels of security classifications for documents. These classification levels, from least sensitive to most insensitive, include Unclassified, Confidential, Secret, and Top Secret.

~ 22 ~