Читаем CISSP Practice полностью

206. Law enforcement agencies have developed personality profiles of computer criminals. Careful planning prior to an actual crime is an example of which one of the following characteristics?

a. Organizational characteristics

b. Operational characteristics

c. Behavioral characteristics

d. Resource characteristics

206. b. In many cases, computer crimes are carefully planned. Computer criminals spend a great deal of time researching and preparing to commit crimes. These are grouped under operational characteristics.

Organizational characteristics describe the ways in which computer criminals group themselves with national and international connections. Behavioral characteristics deal with motivation and personality profiles. Resource characteristics address training and equipment needs and the overall support structure.

207. When ‘n’ incident reports are made by an organization, it can lead to a wrong conclusion that:

a. There are ‘n’ plus one incident.

b. There are ‘n’ minus one incident.

c. There are ‘n’ incidents.

d. There are ‘n’ plus or minus one incident.

207. c. It is important not to assume that because only ‘n’ reports are made, that ‘n’ is the total number of incidents; it is not likely that all incidents are reported.

208. Which of the following should be established to minimize security incident impact?

a. Learning and training

b. Baselining and safeguarding

c. Layering and zoning

d. Testing and sampling

208. c. Layering and zoning requires establishing security layers to minimize incident handling. Zoning or compartmentalizing is a concept whereby an application is segmented into independent security environments. A breach of security requires a security failure in two or more zones/compartments before the application is compromised. This minimizes the impact of a security incident. This layered approach to security can be applied within physical or technical environments associated with an IT system.

Learning is knowledge gained by studying either in the classroom or through individual research and investigation. Training is teaching people the knowledge and skills that can enable them to perform their jobs more effectively. Baseline security is incorrect because it is the minimum-security control required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and availability protection. Sampling is used in testing where a representative sample is taken from a defined population.

209. Which of the following will not be liable when a libel is posted on a national electronic online service such as the Internet?

a. The person who originated the defamatory remark

b. The person who repeated the defamatory remark

c. The person who read the defamatory remark

d. The person who republished the defamatory remark

209. c. Defamation is destroying of a person’s reputation and good name, in the form of a false statement, spoken (slander) or written (libel), and harms that person. Online defamation claims are considered under libel law. The essence of libel is the publication of a false, defamatory, and unprivileged statement to a third person. The originator and each person who repeats or republishes the defamation are liable. The person who read the defamatory work is not liable for anything as long as he or she does not use it in a commercial way.

210. Log analysis is a part of which of the following?

a. Directive controls

b. Preventive controls

c. Detective controls

d. Corrective controls

210. c. Log analysis is a part of detective controls because it detects errors and anomalies. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented.

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Preventive controls deter security incidents from happening in the first place. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

211. Which of the following facilitates a computer-security incident event correlation?

a. File transfer protocol (FTP)