Читаем CISSP Practice полностью

94. d. Actions that may be taken to confine wireless communication to organization-controlled boundaries include all the four items mentioned. Mutual authentication protocols include EAP/TLS and PEAP. Reducing the power of the wireless transmission means that the transmission cannot go beyond the physical perimeter of the organization. It also includes installing TEMPEST measures to control emanations.

95. For access control for mobile devices, which of the following assigns responsibility and accountability for addressing known vulnerabilities in the media?

a. Use of writable, removable media

b. Use of personally owned removable media

c. Use of project-owned removable media

d. Use of nonowner removable media

95. c. An identifiable owner (e.g., employee, organization, or project) for removable media helps to reduce the risk of using such technology by assigning responsibility and accountability for addressing known vulnerabilities in the media (e.g., malicious code insertion). Use of project-owned removable media is acceptable because the media is assigned to a project, and the other three choices are not acceptable because they have no accountability feature attached to them. Restricting the use of writable, removable media is a good security practice.

96. For access control for mobile devices, which of the following actions can trigger an incident response handling process?

a. Use of external modems or wireless interfaces within the device

b. Connection of unclassified mobile devices to unclassified systems

c. Use of internal modems or wireless interfaces within the device

d. Connection of unclassified mobile devices to classified systems

96. d. When unclassified mobile devices are connected to classified systems containing classified information, it is a risky situation because a security policy is violated. This action should trigger an incident response handling process. Connection of an unclassified mobile device to an unclassified system still requires an approval; although, it is less risky. Use of internal or external modems or wireless interfaces within the mobile device should be prohibited.

97. For least functionality, organizations utilize which of the following to identify and prevent the use of prohibited functions, ports, protocols, and services?

1. Network scanning tools

2. Intrusion detection and prevention systems

3. Firewalls

4. Host-based intrusion detection systems

a. 1 and 3

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

97. d. Organizations can utilize network scanning tools, intrusion detection and prevention systems (IDPS), endpoint protections such as firewalls, and host-based intrusion detection systems to identify and prevent the use of prohibited functions, ports, protocols, and services.

98. An information system uses multifactor authentication mechanisms to minimize potential risks for which of the following situations?

1. Network access to privileged accounts

2. Local access to privileged accounts

3. Network access to non-privileged accounts

4. Local access to non-privileged accounts

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

98. d. An information system must use multifactor authentication mechanisms for both network access (privileged and non-privileged) and local access (privileged and non-privileged) because both situations are risky. System/network administrators have administrative (privileged) accounts, and these individuals have access to a set of “access rights” on a given system. Malicious non-privileged account users are as risky as privileged account users because they can cause damage to data and program files.

99. Which of the following statements is not true about identification and authentication requirements?

a. Group authenticators should be used with an individual authenticator

b. Group authenticators should be used with a unique authenticator

c. Unique authenticators in group accounts need greater accountability

d. Individual authenticators should be used at the same time as the group authenticators

99. d. You need to require that individuals are authenticated with an individual authenticator prior to using a group authenticator. The other three choices are true statements.