1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 254
Выбрать главу

b. E-mail server settings

c. Network server settings

d. Application client settings

100. a. Vulnerabilities can be mitigated in several ways, including practicing patch management, following the principle of least privilege, and implementing host-hardening measures. The latter includes disabling unneeded services, reconfiguring software, eliminating unsecured file shares, changing default usernames and passwords, requiring authentication before allowing access to a network service, and disabling automatic execution of binaries and scripts.

E-mail server settings are incorrect because they are effective at stopping e-mail-based malware that uses the organization’s e-mail services through blocking e-mail attachments. Network server settings are incorrect because they are effective at stopping network service worms. Application client settings are incorrect because they are effective at stopping some specific instances of malware.

101. Many computer incidents can be handled more effectively and efficiently if data analysis considerations have been incorporated into:

a. Organizational policies

b. Departmental procedures

c. Information system life-cycle phases

d. Incident response staffing models

101. c. Many computer incidents can be handled more effectively and efficiently if data analysis considerations have been incorporated into the information system’s life cycle.

Examples include (i) configuring mission-critical applications to perform auditing, including recording all authentication attempts, (ii) enabling auditing on workstations, servers, and network devices, and (iii) forwarding audit records to secure centralized log servers.

Organizational policies and departmental procedures are incorrect because most of these considerations are extensions of existing provisions in policies and procedures. Incident response staffing models are incorrect because staffing models are usually a function of the human resources department.

102. Acquiring network traffic data can pose some legal issues. Which of the following should be in place first to handle the legal issues?

1. Access policies

2. Warning banners

3. System logs

4. System alerts

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4

102. c. Acquiring network traffic data can pose some legal issues, including the capture (intentional or incidental) of information with privacy or security implications, such as passwords or e-mail contents. The term network traffic refers to computer network communications that are carried over wired or wireless networks between hosts. Access policies and warning banners are the first step to be completed. It is important to have policies regarding the monitoring of networks, as well as warning banners on system that indicate that activity may be monitored. System logs and alerts are part of monitoring activities.

103. Regarding network data analysis, which of the following is not a data concealment tool?

a. File encryption utility software

b. Content filtering software

c. Steganographic tool

d. System cleanup tool

103. b. Some people use tools that conceal data from others. This may be done for benign purposes, such as protecting the confidentiality and integrity of data against access by unauthorized parties, or for malicious purposes, such as concealing evidence of improper activities. Content filtering software, whether network-based or host-based, is not a data concealment tool. This software is effective at stopping known Web-based malware.

Examples of data concealment tools include file encryption utility software, steganographic tools, and system cleanup tools. System cleanup tools are special-purpose software that removes data pertaining to particular applications, such as Web browsers, as well as data in general locations, such as temporary directories.

104. Which of the following is strictly based on a precedent?

a. Criminal law

b. Civil law

c. Common law

d. Administrative law

104. c. Common law is also called case law and is based on past and present court cases that become a precedent for future cases. Criminal law deals with crimes, and the government on behalf of the people brings criminal cases. A precedent may not be used. Civil laws rely primarily on statutes for the law without the use of a precedent. Administrative law is based on government’s rules and regulations to oversee business activity. A precedent may not be used.

105. What is a data diddling technique?

a. Changing data before input to a computer system

b. Changing data during input to a computer system

c. Changing data during output from a computer system

d. Changing data before input, during input, and during output

105. d. Data diddling involves changing data before or during input to computers or during output from a computer system.

106. What is a salami technique?

a. Taking small amounts of assets

b. Using a rounding-down fraction of money

c. Stealing small amounts of money from bank accounts

d. Taking assets, rounding-down of money, and stealing money

106. d. A salami technique is a theft of small amounts of assets and money from a number of sources (e.g., bank accounts, inventory accounts, and accounts payable and receivable accounts). It is also using a rounding-down fraction of money from bank accounts.

107. Trade secret elements do not include which of the following?

a. Secrecy

b. Value

c. Publicity

d. Use

107. c. Publicity is not an element of a trade secret. The basic elements of a trade secret are secrecy, value, and use. There must be a continuous effort to maintain the secret.

108. Regarding monitoring of information systems, which of the following is the most important benefit of alerting security personnel about inappropriate or unusual activities with security implications?

a. Analyzes the communications traffic patterns

b. Analyzes the communications event patterns

c. Develops profiles representing traffic/event patterns

d. Uses the traffic/event profiles to reduce the number of false positives and false negatives

108. d. After security personnel are notified about inappropriate or unusual activities, the system triggers a series of alerts. The most important benefit of these alerts is to fine-tune the system-monitoring devices to reduce the number of false positives and false negatives to an acceptable number.

109. An attacker sending specially crafted packets to a Web server is an example of which of the following computer-security incident type?

a. Denial-of-service

b. Malicious code

~ 254 ~