1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 248
Выбрать главу

45. A standard characteristic for perpetrating a computer crime does not include which of the following?

a. Motive

b. Action

c. Opportunity

d. Means

45. b. A person must have a motive, the opportunity, and the means to commit a crime. Action is the resulting decision.

46. Multiple forensic tools (such as forensic, nonforensic, and hybrid) are used to recover digital evidence from a mobile/cell phone. Which of the following can resolve conflicts from using such multiple forensic tools?

a. Virtual machine ware (VMware)

b. Universal subscriber identity module (USIM)

c. Port monitoring

d. Infrared and Bluetooth monitoring

46. a. Conflicts can arise when using multiple forensic tools due to their incompatibility in functional design specifications. One method to resolve such conflicts is to use a product such as virtual machine ware (VMware) to create a virtual machine (VM) environment on each forensic workstation for the tool to execute. Because multiple independent VMs can run simultaneously on a single workstation, several tools or tool collections that otherwise would be incompatible are readily supported.

The other three choices are incorrect because they do not have the ability to handle conflicts from using multiple tools because they are examples of individual tools. Examples of forensic tools include universal subscriber identity module (USIM) tools, handset tools, and integrated toolkits. A forensic hash is used to maintain the integrity of data by computing a cryptographically strong, non-reversible value over the acquired data. Examples of non-forensic tools include port monitoring to capture protocol exchanges, infrared and Bluetooth monitoring, and phone manager to recover data. For non-forensic tools, hash values should be created manually using a tool, such as SHA-1sum or MD5 sum, and retained for integrity verification. Examples of hybrid forensic tools include port monitoring with monitoring of USIM tool exchanges.

47. Which of the following is not a part of active identification of infected hosts with a malware incident?

a. Sinkhole router

b. Packet sniffers

c. Custom network-based IPS or IDS signatures

d. Vulnerability assessment software

47. a. A sinkhole router is a part of forensic identification, which mitigates extraneous traffic from an ongoing attack. Sources of active identification include login script, custom network-based intrusion prevention system (IPS) or intrusion detection system (IDS) signatures, packet sniffers, vulnerability assessment software, host scans, and file scans.

48. Which of the following is not a problem associated with bootleg (pirated) software?

a. It allows users to obtain software from unauthorized sources.

b. It introduces viruses that may exist within the software.

c. It can be downloaded from the Internet.

d. It was freeware software but the owner retains the copyright rights.

48. d. Freeware is software that is made available to the public at no cost. The author retains copyright rights and can place restrictions on how the program is used. The other three choices are examples of risks and actions involved in pirated software that can lead to legal problems. Control measures include (i) not allowing employees to bring software from home or outside, (ii) not permitting program downloads from the Internet, and (iii) testing the downloaded program on a stand-alone system first before it is allowed on the network.

49. Which of the following is a legal activity?

a. Competitive intelligence

b. Industrial espionage

c. Economic espionage

d. Corporate espionage

49. a. Competitive intelligence is common and legal. It involves gathering public information, going through waste, or even unobtrusive measures. Economic espionage is not legal because it involves unauthorized acquisition of proprietary or other information by a foreign government to advance its country’s economic position. Industrial and corporate espionage is illegal because they deal with stealing information about product formulas and other vital information. High technology and defense industries are potential targets of industrial espionage.

50. Which of the following is legally appropriate?

a. Computer welcome screens

b. Pre-logging questionnaires

c. Computer unwelcome screens

d. Post-logging questionnaires

50. b. Pre-logging questionnaires include ascertaining whether users are authorized to use the computer and making sure that they access only the data and systems to which they are entitled. Post-logging questionnaires are used after the fact and are not of much use. Both welcome and unwelcome screens make the computer installation and the organization name known to the public. Legal issues may arise from these screens.

51. Which of the following software licensing methods would put a user in a queue to await access?

a. Single licensing method

b. Concurrent licensing method

c. Site licensing method

d. Floating licensing method

51. d. A floating licensing method puts users on a queue until their turn is up. For example, if software is licensed for 10 users and all are using the software, the 11th user will be asked to wait until one user is logged off. In a single licensing method, only one user is allowed to use the system. For small size user groups, a concurrent licensing method may be useful because it allows multiple users to work simultaneously. A site licensing method is used when there is a large group of users due to volume discount for heavy usage. The other licensing method would not put a user on a queue as the floating method does.

52. What is an effective way to prevent software piracy?

a. Dongle device

b. Awareness

c. Education

d. Reminders

52. a. A dongle is a small hardware device that is shipped with some software packages. The dongle is hard-coded with a unique serial number that corresponds to the software. When the program runs, it checks for the presence of the device. If the device is not plugged in, the program will not run. Despite inconvenience, it is the most effective way to prevent software piracy. The other three choices are useful to prevent software piracy, but they are not that effective.

53. Computer crime is possible when controls are:

a. Predictable, unavoidable

b. Unpredictable, unavoidable

c. Predictable, avoidable

d. Unpredictable, avoidable

53. c. When controls are predictable and can be bypassed, computer crime is greatly increased. Predictable means the attacker knows how the system works, when, and how to beat it. When controls are unpredictable, it is difficult for criminal attacks to take place.

~ 248 ~