Читаем CISSP Practice полностью

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

137. What is using two different passwords for accessing two different systems in the same session called?

a. One-factor authentication

b. Two-factor authentication

c. Three-factor authentication

d. Four-factor authentication

137. b. Requiring two different passwords for accessing two different systems in the same session is more secure than requiring one password for two different systems. This equates to two-factor authentication. Requiring multiple proofs of authentication presents multiple barriers to entry access by intruders. On the other hand, using the same password (one-factor) for accessing multiple systems in the same session is a one-factor authentication, because only one type (and the same type) of proof is used. The key point is whether the type of proof presented is same or different.

138. What is using a personal identity card with attended access (e.g., a security guard) and a PIN called?

a. One-factor authentication

b. Two-factor authentication

c. Three-factor authentication

d. Four-factor authentication

138. b. On the surface, this situation may seem a three-factor authentication, but in reality it is a two-factor authentication, because only a card (proof of one factor) and PIN (proof of second factor) are used, resulting in a two-factor authentication. Note that it is not the strongest two-factor authentication because of the attended access. A security guard is an example of attended access, who is checking for the validity of the card, and is counted as one-factor authentication. Other examples of attended access include peers, colleagues, and supervisors who will vouch for the identify of a visitor who is accessing physical facilities.

139. A truck driver, who is an employee of a defense contractor, transports highly sensitive parts and components from a defense contractor’s manufacturing plant to a military installation at a highly secure location. The military’s receiving department tracks the driver’s physical location to ensure that there are no security problems on the way to the installation. Upon arrival at the installation, the truck driver shows his employee badge with photo ID issued by the defense contractor, enters his password and PIN, and takes a biometric sample of his fingerprint prior to entering the installation and unloading the truck’s content. What does this described scenario represents?

a. One-factor authentication

b. Two-factor authentication

c. Three-factor authentication

d. Four-factor authentication

139. d. Tracking the driver’s physical location (perhaps with GPS or wireless sensor network) is an example of somewhere you are (proof of first factor). Showing the employee a physical badge with photo ID is an example of something you have (proof of second factor). Entering a password and PIN is an example of something you know (proof of third factor). Taking a biometric sample of fingerprint is an example of something you are (proof of fourth factor). Therefore, this scenario represents a four-factor authentication. The key point is that it does not matter whether the proof presented is one item or more items in the same category (e.g, somewhere you are, something you have, something you know, and something you are).

140. Which of the following is achieved when two authentication proofs of something that you have is implemented?

a. Least assurance

b. Increased assurance

c. Maximum assurance

d. Equivalent assurance