Читаем CISSP Practice полностью

168. d. The Take-Grant security model uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject. It does not address the security objectives such as confidentiality, integrity, availability, and accountability. Access rights are a part of access control models.

169. Which of the following is based on precomputed password hashes?

a. Brute force attack

b. Dictionary attack

c. Rainbow attack

d. Hybrid attack

169. c. Rainbow attacks are a form of a password cracking technique that employs rainbow tables, which are lookup tables that contain pre-computed password hashes. These tables enable an attacker to attempt to crack a password with minimal time on the victim system and without constantly having to regenerate hashes if the attacker attempts to crack multiple accounts. The other three choices are not based on pre-computed password hashes; although, they are all related to passwords.

A brute force attack is a form of a guessing attack in which the attacker uses all possible combinations of characters from a given character set and for passwords up to a given length.

A dictionary attack is a form of a guessing attack in which the attacker attempts to guess a password using a list of possible passwords that is not exhaustive.

A hybrid attack is a form of a guessing attack in which the attacker uses a dictionary that contains possible passwords and then uses variations through brute force methods of the original passwords in the dictionary to create new potential passwords.

170. For intrusion detection and prevention system capabilities, anomaly-based detection uses which of the following?

1. Blacklists

2. Whitelists

3. Threshold

4. Program code viewing

a. 1 and 2

b. 1, 2, and 3

c. 3 only

d. 1, 2, 3, and 4

170. c. Anomaly-based detection is the process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. Thresholds are most often used for anomaly-based detection. A threshold is a value that sets the limit between normal and abnormal behavior.

An anomaly-based detection does not use blacklists, whitelists, and program code viewing. A blacklist is a list of discrete entities, such as hosts or applications that have been previously determined to be associated with malicious activity. A whitelist is a list of discrete entities, such as hosts or applications known to be benign. Program code viewing and editing features are established to see the detection-related programming code in the intrusion detection and prevention system (IDPS).

171. Which of the following security models addresses “separation of duties” concept?

a. Biba model

b. Clark-Wilson model

c. Bell-LaPadula model

d. Sutherland model

171. b. The Clark and Wilson security model addresses the separation of duties concept along with well-formed transactions. Separation of duties attempts to ensure the external consistency of data objects. It also addresses the specific integrity goal of preventing authorized users from making improper modifications. The other three models do not address the separation of duties concept.

172. From a computer security viewpoint, the Chinese-Wall policy is related to which of the following?

a. Aggregation problem

b. Data classification problem

c. Access control problem

d. Inference problem

172. c. As presented by Brewer and Nash, the Chinese-Wall policy is a mandatory access control policy for stock market analysts. According to the policy, a market analyst may do business with any company. However, every time the analyst receives sensitive “inside“ information from a new company, the policy prevents him from doing business with any other company in the same industry because that would involve him in a conflict of interest situation. In other words, collaboration with one company places the Chinese-Wall between him and all other companies in the same industry.

The Chinese-Wall policy does not meet the definition of an aggregation problem; there is no notion of some information being sensitive with the aggregate being more sensitive. The Chinese-Wall policy is an access control policy in which the access control rule is not based just on the sensitivity of the information, but is based on the information already accessed. It is neither an inference nor a data classification problem.

173. Which of the following security models promotes security clearances and sensitivity classifications?

a. Biba model