1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 42
Выбрать главу

Snooping and sniffing attacks are the same in that sniffing is observing the packet’s passing by on the network. Spamming is posting identical messages to multiple unrelated newsgroups on the Internet or sending unsolicited e-mail sent indiscriminately to multiple users.

332. Which one of the following access-control policy or model requires security clearances for subjects?

a. Discretionary access control (DAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Access control lists (ACLs)

332. b. A mandatory access control (MAC) restricts access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.

333. Which of the following is not an example of attacks on data and information?

a. Hidden code

b. Inference

c. Spoofing

d. Traffic analysis

333. c. Spoofing is using various techniques to subvert IP-based access control by masquerading as another system by using its IP address. Attacks such as hidden code, inference, and traffic analysis are based on data and information.

334. Honeypot systems do not contain which of the following?

a. Event triggers

b. Sensitive monitors

c. Sensitive data

d. Event loggers

334. c. The honeypot system is instrumented with sensitive monitors, event triggers, and event loggers that detect unauthorized accesses and collect information about the attacker’s activities. These systems are filled with fabricated data designed to appear valuable.

335. Intrusion detection and prevention systems look at security policy violations:

a. Statically

b. Dynamically

c. Linearly

d. Nonlinearly

335. b. Intrusion detection and prevention systems (IDPS) look for specific symptoms of intrusions and security policy violations dynamically. IDPS are analogous to security monitoring cameras. Vulnerability analysis systems take a static view of symptoms. Linearly and nonlinearly are not applicable here because they are mathematical concepts.

336. For biometric accuracy, which of the following defines the point at which the false rejection rates and the false acceptance rates are equal?

a. Type I error

b. Type II error

c. Crossover error rate

d. Type I and II error

336. c. In biometrics, crossover error rate is defined as the point at which the false rejection rates and the false acceptance rates are equal. Type I error, called false rejection rate, is incorrect because genuine users are rejected as imposters. Type II error, called false acceptance rate, is incorrect because imposters are accepted as genuine users.

337. Which one of the following does not help in preventing fraud?

a. Separation of duties

b. Job enlargement

c. Job rotation

d. Mandatory vacations

337. b. Separation of duties, job rotation, and mandatory vacations are management controls that can help in preventing fraud. Job enlargement and job enrichment do not prevent fraud because they are not controls; their purpose is to expand the scope of an employee’s work for a better experience and promotion.

338. Access triples used in the implementation of Clark-Wilson security model include which of the following?

a. Policy, procedure, and object

b. Class, domain, and subject

c. Subject, program, and data

d. Level, label, and tag

338. c. The Clark-Wilson model partitions objects into programs and data for each subject forming a subject/program/data access triple. The generic model for the access triples is <subject, rights, object>.

Scenario-Based Questions, Answers, and Explanations

Use the following information to answer questions 1 through 9.

The KPT Company is analyzing authentication alternatives. The company has 10,000 users in 10 locations with five different databases of users. The current authentication access controls are a mix of UNIX and Microsoft related tools. KPT priorities include security, cost, scalability, and transparency.

1. Symbolic link (symlink) attacks do not exist on which of the operating systems?

a. UNIX

b. Windows

c. LINUX

d. MINIX

1. b. Symbolic links are links on UNIX, MINIX, and LINUX systems that point from one file to another file. A symlink vulnerability is exploited by making a symbolic link from a file to which an attacker does have access to a file to which the attacker does not have access. Symlinks do not exist on Windows systems, so symlink attacks cannot be performed against programs or files on those systems. MINIX is a variation of UNIX and is small in size. A major difference between MINIX and UNIX is the editor where the former is faster and the latter is slower.

2. Which one of the following is not an authentication mechanism?

a. What the user knows

b. What the user has

c. What the user can do

d. What the user is

2. c. “What the user can do” is defined in access rules or user profiles, which come after a successful authentication. The other three choices are part of an authentication process.

3. Which of the following provides strong authentication for centralized authentication servers when used with firewalls?

a. User IDs

b. Passwords

c. Tokens

d. Account numbers

3. c. For basic authentication, user IDs, passwords, and account numbers are used for internal authentication. Centralized authentication servers such as RADIUS and TACACS/TACACS+ can be integrated with token-based authentication to enhance firewall administration security.

4. Which of the following does not provide robust authentication?

a. Kerberos

b. Secure RPC

c. Reusable passwords

d. Digital certificates

4. c. Robust authentication means strong authentication that should be required for accessing internal computer systems. Robust authentication is provided by Kerberos, one-time passwords, challenge-response exchanges, digital certificates, and secure RPC. Reusable passwords provide weak authentication.

5. Which of the following authentication types is most effective?

~ 42 ~