1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 39
Выбрать главу

a. Signature-based IDPS

b. Anomaly-based IDPS

c. Behavior-based IDPS

d. Statistical-based IDPS

302. a. There are two primary approaches to analyzing events to detect attacks: signature detection and anomaly detection. Signature detection is the primary technique used by most commercial systems; however, anomaly detection is the subject of much research and is used in a limited form by a number of intrusion detection and prevention systems (IDPS). Behavior and statistical based IDPS are part of anomaly-based IDPS.

303. For electronic authentication, which of the following is an example of a passive attack?

a. Eavesdropping

b. Man-in-the-middle

c. Impersonation

d. Session hijacking

303. a. A passive attack is an attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier but does not alter the data. Eavesdropping is an example of a passive attack.

A man-in-the-middle (MitM) attack is incorrect because it is an active attack on the authentication protocol run in which the attacker positions himself between the claimant and verifier so that he can intercept and alter data traveling between them.

Impersonation is incorrect because it is an attempt to gain access to a computer system by posing as an authorized user. It is the same as masquerading, spoofing, and mimicking.

Session hijacking is incorrect because it is an attack that occurs during an authentication session within a database or system. The attacker disables a user’s desktop system, intercepts responses from the application, and responds in ways that probe the session. Man-in-the-middle, impersonation, and session hijacking are examples of active attacks. Note that MitM attacks can be passive or active depending on the intent of the attacker because there are mild MitM or strong MitM attacks.

304. Which of the following complementary strategies to mitigate token threats raise the threshold for successful attacks?

a. Physical security mechanisms

b. Multiple security factors

c. Complex passwords

d. System and network security controls

304. b. Token threats include masquerading, off-line attacks, and guessing passwords. Multiple factors raise the threshold for successful attacks. If an attacker needs to steal the cryptographic token and guess a password, the work factor may be too high.

Physical security mechanisms are incorrect because they may be employed to protect a stolen token from duplication. Physical security mechanisms can provide tamper evidence, detection, and response.

Complex passwords are incorrect because they may reduce the likelihood of a successful guessing attack. By requiring the use of long passwords that do not appear in common dictionaries, attackers may be forced to try every possible password.

System and network security controls are incorrect because they may be employed to prevent an attacker from gaining access to a system or installing malicious software (malware).

305. Which of the following is the correct description of roles between a registration authority (RA) and a credential service provider (CSP) involved in identity proofing?

a. The RA may be a part of the CSP.

b. The RA may be a separate entity.

c. The RA may be a trusted relationship.

d. The RA may be an independent entity.

305. c. The RA may be a part of the CSP, or it may be a separate and independent entity; however a trusted relationship always exists between the RA and CSP. Either the RA or CSP must maintain records of the registration. The RA and CSP may provide services on behalf of an organization or may provide services to the public.

306. What is spoofing?

a. Active attack

b. Passive attack

c. Surveillance attack

d. Exhaustive attack

306. a. Spoofing is a tampering activity and is an active attack. Sniffing is a surveillance activity and is a passive attack. An exhaustive attack (i.e., brute force attack) consists of discovering secret data by trying all possibilities and checking for correctness. For a four-digit password, you might start with 0000 and move to 0001 and 0002 until 9999.

307. Which of the following is an example of infrastructure threats related to the registration process required in identity proofing?

a. Separation of duties

b. Record keeping

c. Impersonation

d. Independent audits

307. c. There are two general categories of threats to the registration process: impersonation and either compromise or malfeasance of the infrastructure (RAs and CSPs). Infrastructure threats are addressed by normal computer security controls such as separation of duties, record keeping, and independent audits.

308. In electronic authentication, which of the following is not trustworthy?

a. Claimants

b. Registration authorities

c. Credentials services providers

d. Verifiers

308. a. Registration authorities (RAs), credential service providers (CSPs), verifiers, and relying parties are ordinarily trustworthy in the sense of being correctly implemented and not deliberately malicious. However, claimants or their systems may not be trustworthy or else their identity claims could simply be trusted. Moreover, whereas RAs, CSPs, and verifiers are normally trustworthy, they are not invulnerable and could become corrupted. Therefore, protocols that expose long-term authentication secrets more than are absolutely required, even to trusted entities, should be avoided.

309. An organization is experiencing excessive turnover of employees. Which of the following is the best access control policy under these situations?

a. Rule-based access control (RuBAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Discretionary access control (DAC)

309. c. Employees can come and go, but their roles do not change, such as a doctor or nurse in a hospital. With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Employee names may change but the roles does not. This access control is the best for organizations experiencing excessive employee turnover.

Rule-based access control and mandatory access control are the same because they are based on specific rules relating to the nature of the subject and object. Discretionary access control is a means to restrict access to objects based on the identity of subjects and/or groups to which they belong.

310. The principle of least privilege supports which of the following?

a. All or nothing privileges

b. Super-user privileges

c. Appropriate privileges

d. Creeping privileges

310. c. The principle of least privilege refers to granting users only those accesses required to perform their duties. Only the concept of “appropriate privilege” is supported by the principle of least privilege.

~ 39 ~