1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 273
Выбрать главу

c. 1 and 4

d. 2 and 4

19. b. Security for a cryptographic module requires that an entry or output of critical security parameters (CSPs) using a split knowledge procedure is performed using ports that are physically separated from other ports and interfaces that are logically separated from other interfaces using a trusted channel. CSPs may either be entered into or output from the cryptographic module in an encrypted form. A split knowledge is a process by which a cryptographic key is split into multiple key components, individually providing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to re-create the original cryptographic key.

20. Which of the following is more secure and complex and more difficult to counterfeit and compromise?

a. Physical keys

b. Three-plane keys

c. Conventional keys with locksets

d. Pick-resistant locksets

20. b. A three-plane key (3-plane key) is used as a physical access control method, is more secure and complex, is complicated to copy, requires blank key stocks, which are not readily available to adversaries, and is more difficult to counterfeit, and the locks controlled by 3-plane keys are more difficult to compromise. Physical keys are simple keys that are highly susceptible to copying or theft, and locks controlled by simple keys are easy to compromise. Conventional keys with locksets are inexpensive but easy to duplicate (copy). Pick-resistant locksets are more expensive than conventional keys with locksets, and the keys are much more difficult to duplicate. The pick-resistant locksets are not as strong or secure as the 3-plane keys.

21. Which of the following is not an example of fire suppression and detection devices?

a. Master shutoff valves

b. Sprinkler systems

c. Fire extinguishers

d. Smoke detectors

21. a. Master shutoff valves are closed in the event of a significant water leak. The other three choices are part of the fire suppression and detection devices.

22. What is the best action to take when there is no uninterruptible power supply (UPS) in a data center?

a. Install a surge suppressor.

b. Install a line conditioner.

c. Install a backup generator.

d. Install a transformer.

22. b. Under-voltages represent the majority of power problems (sags and brownouts) for computer systems. Instantaneous power from UPS prevents data loss caused by sags and brownouts. UPS is superior to separate surge suppressors. A line conditioner automatically corrects under-voltages and over-voltages to levels that are safe for the computer system. Both generators and transformers are power sources that need to be cleaned for computer use because computers are sensitive.

23. What is the best technique to identify an intruder?

a. Place a bright light in the area.

b. Activate an alarm system.

c. Post a security guard.

d. Install a video camera.

23. d. A video camera takes pictures of an intruder, which can be used to establish a positive identification of the intruder and a proof of evidence. The other three choices do not provide a positive identification of the intruder.

24. What would you do first in case of a fire in your data center?

a. Call the fire department.

b. Pull the fire alarm device.

c. Evacuate people from the building.

d. Call the police department.

24. c. The first thing is to save people’s lives, and therefore evacuating people from the building on fire is the right thing to do. The actions mentioned in the other choices can be performed later.

25. The most frequently used fencing for physical security purposes is which of the following?

a. Barbed wire

b. Concertina wire

c. Chain-link

d. Barbed tape

25. c. A chain-link fence must be securely fastened to rigid metal or reinforced concrete posts set in concrete. It is stronger than other fences. A barbed wire is a twisted, double-stranded fence. A concertina wire is a commercially manufactured wire coil of high-strength-steel barbed wire clipped together at intervals to form a cylinder. A barbed tape consists of barbed wire, barbed tape dispenser, and concertina tape.

26. Which of the following is more secure?

a. Eight-foot wall

b. Eight-foot wall with barbed wire on top

c. Electric gate

d. Key and locked door

26. b. An eight-foot wall with barbed wire is more secure than the other choices mentioned. The requirements for barbed wire include that its height should not be less than 7 feet, excluding top guard. It is a twisted, double-stranded, 12-gauge wire. Intruders will have a problem climbing or standing over because the wire cannot hold any person straight up. Using a long ladder can circumvent an 8-foot wall. An electric gate can be opened by guessing passwords or other codes used to open and close it. A key and locked door is easy to break in by tampering with it.

27. The best location for a data center in a multistoried building is on which of the following:

a. First floor

b. Basement level

c. Top floor

d. Any floor other than the above

27. d. The first floor is not a good location to prevent undesirable access. The basement is not good because of flooding and volatile storage. The top floor of a high-rise building is not good because it may be beyond reach of fire department equipment.

28. Which of the following is not a complementary control when implementing the given logical access security controls?

a. Access profiles

b. User ID

c. ID badge card

d. Password

28. c. Identification (ID) badge cards are an example of physical security controls and are not complementary with the given logical security controls. A function or an area need not be weak to use complementary controls. Complementary controls can enhance the effectiveness of two or more controls when applied to a business function, computer program, or operation. These individual controls are effective as a standalone and are maximized when combined or integrated with each other. In other words, complementary controls have a synergistic effect. Access profiles, user IDs, and passwords go together to provide a moderate level of an access control mechanism. Profiles are needed for each system user to define what he can do on the system. User IDs and passwords are needed to identify and authenticate the user to the computer system. These three controls are examples of logical access security controls, where they provide a technical means of controlling what information users can utilize, the computer programs they can run, and the modifications they can make to programs and data files.

~ 273 ~