Читаем CISSP Practice полностью

181. c. “What the user can do” is defined in access rules or user profiles, which come after a successful authentication. The other three choices are part of an authentication process. The authenticator factor “knows” means a password or PIN, “has” means key or card, and “is” means a biometric identity.

182. Which of the following models is used to protect the confidentiality of classified information?

a. Biba model and Bell-LaPadula model

b. Bell-LaPadula model and information flow model

c. Bell-LaPadula model and Clark-Wilson model

d. Clark-Wilson model and information flow model

182. b. The Bell-LaPadula model is used for protecting the confidentiality of classified information, based on multilevel security classifications. The information flow model, a basis for the Bell-LaPadula model, ensures that information at a given security level flows only to an equal or higher level. Each object has an associated security level. An object’s level indicates the security level of the data it contains. These two models ensure the confidentiality of classified information.

The Biba model is similar to the Bell-LaPadula model but protects the integrity of information instead of its confidentiality. The Clark-Wilson model is a less formal model aimed at ensuring the integrity of information, not confidentiality. This model implements traditional accounting controls including segregation of duties, auditing, and well-formed transactions such as double entry bookkeeping. Both the Biba and Clark-Wilson models are examples of integrity models.

183. Which of the following is the most important part of intrusion detection and containment?

a. Prevent

b. Detect

c. Respond

d. Report

183. c. It is essential to detect insecure situations to respond in a timely manner. Also, it is of little use to detect a security breach if no effective response can be initiated. No set of prevention measures is perfect. Reporting is the last step in the intrusion detection and containment process.

184. Which of the following is the heart of intrusion detection systems?

a. Mutation engine

b. Processing engine

c. State machine

d. Virtual machine

184. b. The processing engine is the heart of the intrusion detection system (IDS). It consists of the instructions (language) for sorting information for relevance, identifying key intrusion evidence, mining databases for attack signatures, and decision making about thresholds for alerts and initiation of response activities.

For example, a mutation engine is used to obfuscate a virus, polymorphic or not, to aid the proliferation of the said virus. A state machine is the basis for all computer systems because it is a model of computations involving inputs, outputs, states, and state transition functions. A virtual machine is software that enables a single host computer to run using one or more guest operating systems.

185. From an access control decision viewpoint, failures due to flaws in exclusion-based systems tend to do which of the following?

a. Authorize permissible actions

b. Fail-safe with permission denied

c. Unauthorize prohibited actions

d. Grant unauthorized permissions

185. d. When failures occur due to flaws in exclusion-based systems, they tend to grant unauthorized permissions. The two types of access control decisions are permission-based and exclusion-based.

186. Which of the following is a major issue with implementation of intrusion detection systems?

a. False-negative notification

b. False-positive notification

c. True-negative notification

d. True-positive notification

186. b. One of the biggest single issues with intrusion detection system (IDS) implementation is the handling of false-positive notification. An anomaly-based IDS produces a large number of false alarms (false-positives) due to the unpredictable nature of users and networks. Automated systems are prone to mistakes, and human differentiation of possible attacks is resource-intensive.

187. Which of the following provides strong authentication for centralized authentication servers when used with firewalls?

a. User IDs

b. Passwords

c. Tokens

d. Account numbers