1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 275
Выбрать главу

a. Protective distribution system

b. Transport layer security

c. Internet protocol security

d. Cryptographic mechanism

41. a. The information system should protect the integrity and confidentiality of transmitted information with a protective distribution system in the first place (a physical measure). The other three choices are alternatives to the protective distribution system. Transport layer security (TLS) is an authentication and security protocol widely implemented in Web browsers and servers. Internet protocol security (IPsec) provides security capabilities at the IP layer of communications. An organization employs cryptographic mechanisms to ensure recognition of changes to information (i.e., integrity) and to prevent unauthorized disclosure of information (i.e., confidentiality) during transmission. The other three choices do not directly deal with physical measures.

42. Which of the following information security control families requires a cross-cutting approach?

a. Contingency planning

b. Identification and authentication

c. Maintenance

d. Physical and environmental protection

42. d. Physical and environmental protection requires a cross-cutting approach because it is related to physical and environmental protection, access controls, and incident response control families. Cross-cutting approaches cover more than one security control family. The other three choices require a control-specific approach, meaning they cover only one security control family.

43. Which of the following delays water release?

a. Wet pipe

b. Pre-action pipe

c. Water pipe

d. Gas pipe

43. b. A wet pipe releases water at a set temperature. The pre-action pipe sounds an alarm and delays water release. A water pipe does not delay water release. A gas pipe is not relevant here.

44. What is the best location for a data center?

a. Near stairways

b. Near elevators

c. Near restrooms

d. Any location other than the above

44. d. The objective is to reduce the risk of close physical proximity in terms of vandalism and other disasters (e.g., bombings). The data center should be remote from publicly used areas due to their easy access for both insiders (disgruntled employees) and outsiders (intruders).

45. Which of the following security safeguards is ineffective in an online application system serving multiple users at multiple locations?

a. Procedural controls

b. Physical controls

c. Hardware controls

d. Software controls

45. b. An online application system serving multiple users at multiple locations assumes that a network is in place. With a network there is often no centralized computer room with physical security controls that can be implemented. Therefore, physical controls are ineffective. Examples of physical controls include locked doors, intrusion detection devices, security guards, and magnetic badge readers that restrict physical access. Procedural controls are incorrect because they include instructions to request a user profile, adding and deleting users, and instructions to request database views, and so on. Hardware controls are incorrect because they include fault tolerance devices such as disk mirroring and disk duplexing, smart card processing, encryption, parity checks, and switched ports. Software controls are incorrect because they include user IDs and passwords, smart card processing, encryption, check digits, and message authentication.

46. What is the most effective control in handling potential terrorist attacks, especially bombing?

a. Use simulation software.

b. Examine all letters and parcels coming into a building.

c. Hire security guards.

d. Keep motor vehicles away from the building.

46. c. There is no substitute for vigilant and resourceful security guards protecting the buildings. Simulation software is available that can assess the vulnerability of a structure to explosive blasts by simulating the detonation of devices at various design points. Security can be improved by simply keeping vehicles away from a near proximity to the structure. It also makes sense to examine all letters and parcels coming into a building for explosives.

47. Which of the following is the most commonly used sprinkler system?

a. Wet-pipe system

b. Dry-pipe system

c. Carbon dioxide system

d. Halon system

47. a. Wet-pipe systems are the most commonly used and are applicable when freezing is no threat to their operation. The next most popular one is the dry pipe. The carbon dioxide system is dangerous to people’s health, and the Halon system cannot be used any more due to a halt in Halon production.

48. Which of the following statements about sprinkler systems is not always true?

a. Sprinkler systems cause water damage.

b. Sprinkler systems reduce fire damage locally.

c. Sprinkler systems protect human lives of building occupants.

d. Sprinkler systems limit fire damage to the building itself.

48. a. When properly installed, maintained, and provided with an adequate supply of water, automatic sprinkler systems are highly effective in protecting buildings and their contents. Nonetheless, you often hear uninformed people speak of the water damage done by sprinkler systems as a disadvantage. Fires that trigger sprinkler systems cause the water damage. In short, sprinkler systems reduce the fire damage, protect the lives of building occupants, and limit the fire damage to the building itself.

49. Which of the following is a physical security measure for cryptographic keys such as plaintext secret keys and private keys during their physical maintenance?

a. Zeroization proof

b. Zero-knowledge proof

c. Zero-defects proof

d. Zero-quantum proof

49. a. When performing physical maintenance, all plaintext secret and private keys and other unprotected critical security parameters (CSPs) contained in the cryptographic module should be zeroized. Zeroization proof is a method of erasing electronically stored data by altering the contents of the data storage so as to prevent the recovery of data. The cryptographic module can either perform zeroization procedurally by the operator or automatically.

The other three choices do not provide security measures for cryptographic keys. Zero-knowledge proof deals with keeping information secret in that it refers to one party proving something to another without revealing any additional information. Zero-defects proof is a total quality management concept in which products are made with zero defects—one of the goals of quality. Zero-quantum proof is based on principles of quantum-mechanics where eavesdroppers alter the quantum state of the cryptographic system.

50. Which of the following is the best defense against hardware-based key loggers?

~ 275 ~