Читаем CISSP Practice полностью

140. a. Least assurance is achieved when two authentication proofs of something that you have (e.g., card, key, and mobile ID device) are implemented because the card and the key can be lost or stolen. Consequently, multiple uses of something that you have offer lesser access control assurance than using a combination of multifactor authentication techniques. Equivalent assurance is neutral and does not require any further action.

141. Which of the following is achieved when two authentication proofs of something that you know are implemented?

a. Least assurance

b. Increased assurance

c. Maximum assurance

d. Equivalent assurance

141. b. Increased assurance is achieved when two authentication proofs of something that you know (e.g., using two different passwords with or without PINs) are implemented. Multiple proofs of something that you know offer greater assurance than does multiple proofs of something that you have. However, multiple uses of something that you know provide equivalent assurance to a combination of multifactor authentication techniques.

142. Which of the following is achieved when “two authentication proofs of something that you are” is implemented?

a. Least assurance

b. Increased assurance

c. Maximum assurance

d. Equivalent assurance

142. c. Maximum assurance is achieved when two authentication proofs of something that you are (e.g., personal recognition by a colleague, user, or guard, and a biometric verification check) are implemented. Multiple proofs of something that you are offer the greatest assurance than does multiple proofs of something that you have or something that you know, used either alone or combined. Equivalent assurance is neutral and does not require any further action.

143. For key functions of intrusion detection and prevention system (IDPS) technologies, which of the following is referred to when an IDPS configuration is altered?

a. Tuning

b. Evasion

c. Blocking

d. Normalization

143. a. Altering the configuration of an intrusion detection and prevention system (IDPS) to improve its detection accuracy is known as tuning. IDPS technologies cannot provide completely accurate detection at all times. Access to the targeted host is blocked from the offending user account or IP address.

Evasion is modifying the format or timing of malicious activity so that its appearance changes but its effect is the same. Attackers use evasion techniques to try to prevent intrusion detection and prevention system (IDPS) technologies from detecting their attacks. Most IDPS technologies can overcome common evasion techniques by duplicating special processing performed by the targeted host. If the IDPS configuration is same as the targeted host, then evasion techniques will be unsuccessful at hiding attacks.

Some intrusion prevention system (IPS) technologies can remove or replace malicious portions of an attack to make it benign. A complex example is an IPS that acts as a proxy and normalizes incoming requests, which means that the proxy repackages the payloads of the requests, discarding header information. This might cause certain attacks to be discarded as part of the normalization process.

144. A reuse of a user’s operating system password for preboot authentication should not be practiced in the deployment of which of the following storage encryption authentication products?

a. Full-disk encryption

b. Volume encryption

c. Virtual disk encryption

d. File/folder encryption

144. a. Reusing a user’ operating system password for preboot authentication in a full (whole) disk encryption deployment would allow an attacker to learn only a single password to gain full access to the device’s information. The password could be acquired through technical methods, such as infecting the device with malware, or through physical means, such as watching a user type in a password in a public location. The correct choice is risky compared to the incorrect choices because the latter do not deal with booting a computer or pre-boot authentication.

145. All the following storage encryption authentication products may use the operating system’s authentication for single sign-on except:

a. Full-disk encryption

b. Volume encryption

c. Vi rtual disk encryption

d. File/folder encryption