Читаем CISSP Practice полностью

An access password is a password used to authorize access to data and is distributed to all those who are authorized to have similar access to that data. A personal password is a password known by only one person and is used to authenticate that person’s identity. A valid password is a personal password that authenticates the identity of an individual when presented to a password system. It is also an access password that enables the requested access when presented to a password system.

200. Which of the following is an incompatible function for a database administrator?

a. Data administration

b. Information systems administration

c. Systems security

d. Information systems planning

200. c. The database administrator (DBA) function is concerned with short-term development and use of databases, and is responsible for the data of one or several specific databases. The DBA function should be separate from the systems’ security function due to possible conflict of interest for manipulation of access privileges and rules for personal gain. The DBA function can be mixed with data administration, information systems administration, or information systems planning because there is no harm to the organization.

201. Kerberos uses which of the following to protect against replay attacks?

a. Cards

b. Timestamps

c. Tokens

d. Keys

201. b. A replay attack refers to the recording and retransmission of message packets in the network. Although a replay attack is frequently undetected, but it can be prevented by using packet timestamping. Kerberos uses the timestamps but not cards, tokens, and keys.

202. Which of the following user identification and authentication techniques depend on reference profiles or templates?

a. Memory tokens

b. Smart cards

c. Cryptography

d. Biometric systems

202. d. Biometric systems require the creation and storage of profiles or templates of individuals wanting system access. This includes physiological attributes such as fingerprints, hand geometry, or retina patterns, or behavioral attributes such as voice patterns and hand-written signatures.

Memory tokens and smart cards involve the creation and distribution of a token device with a PIN, and data that tell the computer how to recognize valid tokens or PINs. Cryptography requires the generation, distribution, storage, entry, use, distribution, and archiving of cryptographic keys.

203. When security products cannot provide sufficient protection through encryption, system administrators should consider using which of the following to protect intrusion detection and prevention system management communications?

1. Physically separated network

2. Logically separated network

3. Virtual private network

4. Encrypted tunneling

a. 1 and 4

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

203. c. System administrators should ensure that all intrusion detection and prevention system (IDPS) management communications are protected either through physical separation (management network) or logical separation (virtual network) or through encryption using transport layer security (TLS). However, for security products that do not provide sufficient protection through encryption, administrators should consider using a virtual private network (VPN) or other encrypted tunneling method to protect the network traffic.

204. What is the objective of separation of duties?

a. No one person has complete control over a transaction or an activity.

b. Employees from different departments do not work together well.

c. Controls are available to protect all supplies.

d. Controls are in place to operate all equipment.

204. a. The objective is to limit what people can do, especially in conflict situations or incompatible functions, in such a way that no one person has complete control over a transaction or an activity from start to finish. The goal is to limit the possibility of hiding irregularities or fraud. The other three choices are not related to separation of duties.

205. What names does an access control matrix place?

a. Users in each row and the names of objects in each column

b. Programs in each row and the names of users in each column

c. Users in each column and the names of devices in each row

d. Subjects in each column and the names of processes in each row