Читаем CISSP Practice полностью

3. One user is less likely to commit fraud when this user is a part of many users involved in a business transaction.

4. Few users are less likely to commit collusion when these users are a part of many users involved in a business transaction.

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

78. a. A static exclusivity problem is the condition for which it is considered dangerous for any user to gain authorization for a conflicting set of access capabilities. The motivation for exclusivity relations includes reducing the likelihood of fraud or preventing the loss of user objectivity. The assurance principle deals with committing fraud or collusion when many users are involved in handling a business transaction.

79. Role-based access control and the least privilege principle do not enable which of the following?

a. Read access to a specified file

b. Write access to a specified directory

c. Connect access to a given host computer

d. One administrator with super-user access permissions

79. d. The concept of limiting access or least privilege is simply to provide no more authorization than necessary to perform required functions. Best practice suggests it is better to have several administrators with limited access to security resources rather than one administrator with super-user access permissions. The principle of least privilege is connected to the role-based access control in that each role is assigned those access permissions needed to perform its functions, as mentioned in the other three choices.

80. Extensible access control markup language (XACML) framework incorporates the support of which of the following?

a. Rule-based access control (RuBAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Discretionary access control (DAC)

80. c. The extensible access control markup language (XACML) framework does not provide support for representing the traditional access controls (e.g., RuBAC, MAC, and DAC), but it does incorporate the role-based access control (RBAC) support. The XACML specification describes building blocks from which an RBAC solution is developed.

81. From an access control viewpoint, which of the following requires an audit the most?

a. Public access accounts

b. Nonpublic accounts

c. Privileged accounts

d. Non-privileged accounts

81. c. The goal is to limit exposure due to operating from within a privileged account or role. A change of role for a user or process should provide the same degree of assurance in the change of access authorizations for that user or process. The same degree of assurance is also needed when a change between a privileged account and non-privileged account takes place. Auditing of privileged accounts is required mostly to ensure that privileged account users use only the privileged accounts and that non-privileged account users use only the non-privileged accounts. An audit is not required for public access accounts due to little or no risk involved. Privileged accounts are riskier than nonpublic accounts.

82. From an information flow policy enforcement viewpoint, which of the following allows forensic reconstruction of events?

1. Security attributes

2. Security policies

3. Source points

4. Destination points

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

82. c. The ability to identify source and destination points for information flowing in an information system allows for forensic reconstruction of events and increases compliance to security policies. Security attributes are critical components of the operations security concept.

83. From an access control policy enforcement viewpoint, which of the following should not be given a privileged user account to access security functions during the course of normal operations?

1. Network administration department

2. Security administration department

3. End user department

4. Internal audit department

a. 1 and 2

b. 3 only

c. 4 only

d. 3 and 4