Читаем CISSP Practice полностью

187. Your organization is using PC-based local-area networks (LANs), and their use is growing. Management is concerned about the number of users using application software at any given time. At present, management does not have an accurate picture of how many users use an application system to help maintain site license agreements. What would you recommend?

a. Obtain software metering and monitoring tools to control application software usage.

b. Remind all users that only authorized people should use the software.

c. Conduct periodic audits by auditors.

d. Conduct random audits by the LAN administrator.

187. a. The maximum number of users allowed per application to help maintain site license agreements can be designated. It shows how people use applications and purchasing unnecessary copies of software can be avoided. If additional copies are needed, the software alerts LAN managers with a screen message. Reminding all users that only authorized people should use the software does not achieve the objective because some people may not follow the directions. Conducting periodic audits by auditors or LAN administrators may not be timely and may not cover all areas of the organization due to time and resource factors.

188. During detection of malware incidents, which of the following can act as precursors?

1. Malware advisories

2. Security tool alerts

3. System administrators

4. Security tools

a. 3 only

b. 4 only

c. 1 or 2

d. 3 and 4

188. c. Signs of an incident fall into one of two categories: precursors and indications. A precursor is a sign that an incident (e.g., malware attack) may occur in the future (i.e., future incident). Most malware precursors are either malware advisories or security tool alerts. Detecting precursors gives organizations an opportunity to prevent incidents by altering their security posture and to be on the alert to handle incidents that occur shortly after the precursor.

System administrators and security tools are examples of indications of malware incidents. An indication is a sign that an incident (malware attack) may have occurred or may be occurring. The primary indicators include users, IT staff such as system, network, and security administrators and security tools such as antivirus software, intrusion prevention systems, and network monitoring software.

189. From a legal standpoint, which of the following pre-logon screen banners is sufficient to warn potential system intruders?

a. No tampering

b. No trespassing

c. No hacking

d. No spamming

189. b. A “no trespassing” notice is an all-inclusive warning to confront potential system intruders. All the other three choices come under “no trespassing.”

190. Which of the following practices will not prevent computer security incidents?

a. Collecting incident data

b. Having a patch management program

c. Hardening all hosts

d. Configuring the network perimeter

190. a. Collecting incident data by itself does not prevent computer security incidents. A good use of the data is measuring the success of the incident response team. The other three choices prevent computer security incidents.

191. Which of the following is not the preferred characteristic of security incident-related data?

a. Objective data

b. Subjective data

c. Actionable data

d. Available data

191. d. Organizations should be prepared to collect a set of objective and subjective data for each incident. They should focus on collecting data that is actionable, rather than collecting data simply because it is available.

192. Which of the following cannot be of great value in automating the incident analysis process?

a. Event correlation software

b. Centralized log management software

c. Security software

d. Patch management software