Читаем CISSP Practice полностью

159. b. Nonpolled authentication is discrete; after the verdict is determined, it is inviolate until the next authentication attempt. Examples of nonpolled authentication include password, fingerprint, and voice verification. Polled authentication is continuous; the presence or absence of some token or signal determines the authentication status. Examples of polled authentication include smart card, memory token, and communications signal, whereby the absence of the device or signal triggers a nonauthenticated condition.

160. Which of the following does not complement intrusion detection systems (IDS)?

a. Honeypots

b. Inference cells

c. Padded cells

d. Vulnerability assessment tools

160.b. Honeypot systems, padded cell systems, and vulnerability assessment tools complement IDS to enhance an organization’s ability to detect intrusion. Inference cells do not complement IDS. A honeypot system is a host computer that is designed to collect data on suspicious activity and has no authorized users other than security administrators and attackers. Inference cells lead to an inference attack when a user or intruder is able to deduce privileged information from known information. In padded cell systems, an attacker is seamlessly transferred to a special padded cell host. Vulnerability assessment tools determine when a network or host is vulnerable to known attacks.

161. Sniffing precedes which of the following?

a. Phishing and pharming

b. Spoofing and hijacking

c. Snooping and scanning

d. Cracking and scamming

161. b. Sniffing is observing and monitoring packets passing by on the network traffic using packet sniffers. Sniffing precedes either spoofing or hijacking. Spoofing, in part, is using various techniques to subvert IP-based access control by masquerading as another system by using their IP address. Spoofing is an attempt to gain access to a system by posing as an authorized user. Other examples of spoofing include spoofing packets to hide the origin of attack in a DoS, spoofing e-mail headers to hide spam, and spoofing phone numbers to fool caller-ID. Spoofing is synonymous with impersonating, masquerading, or mimicking, and is not synonymous with sniffing. Hijacking is an attack that occurs during an authenticated session with a database or system.

Snooping, scanning, and sniffing are all actions searching for required and valuable information. They involve looking around for vulnerabilities and planning to attack. These are preparatory actions prior to launching serious penetration attacks.

Phishing is tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing attacks use social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. It involves Internet fraudsters who send spam or pop-up messages to lure personal information (e.g., credit card numbers, bank account information, social security number, passwords, or other sensitive information) from unsuspecting victims. Pharming is misdirecting users to fraudulent websites or proxy servers, typically through DNS hijacking or poisoning.

Cracking is breaking for passwords and bypassing software controls in an electronic authentication system such as user registration. Scamming is impersonating a legitimate business using the Internet. The buyer should check out the seller before buying goods or services. The seller should give out a physical address with a working telephone number.

162. Passwords and personal identification numbers (PINs) are examples of which of the following?

a. Procedural access controls

b. Physical access controls

c. Logical access controls

d. Administrative access controls

162. C. Logical, physical, and administrative controls are examples of access control mechanisms. Passwords, PINs, and encryption are examples of logical access controls.

163. Which of the following statements is not true about honeypots’ logs?

a. Honeypots are deceptive measures.

b. Honeypots collect data on indications.

c. Honeypots are hosts that have no authorized users.

d. Honeypots are a supplement to properly securing networks, systems, and applications.

163. b. Honeypots are deceptive measures collecting better data on precursors, not on indications. A precursor is a sign that an incident may occur in the future. An indication is a sign that an incident may have occurred or may be occurring now.