Читаем CISSP Practice полностью

16. c. Hardware tokens (e-tokens) are devices with computing capabilities integrated into the device. For example, hardware tokens can be integrated into either a physical access control or logical access control solution. When the smart card is used as a repository of information without requiring the cardholder to input a personal identification number (PIN) or without presenting a biometric reference sample, the smart card is implemented as a memory card. Physical tokens consist of keys and unique documents, such as hand-carried orders.

17. Which of the following physical security devices are suitable for protecting IT assets with a low risk and low confidentiality level?

a. Smart cards

b. Memory cards

c. Hardware tokens

d. Physical tokens

17. d. Physical tokens provide a low level of assurance and are only suitable for use when protecting IT assets with a low risk and low confidentiality level. Physical tokens consist of keys and unique documents, such as hand-carried orders. When the smart card is used as a repository of information without requiring the cardholder to input a personal identification number (PIN) or without presenting a biometric reference sample, the smart card is implemented as a memory card. Hardware tokens can be integrated into either a physical access control or logical access control solution.

18. From a cryptographic module’s physical security viewpoint, which of the following refers to timing analysis attack?

a. Elapsed time between when the command is issued and the time the result is obtained

b. Elapsed time between when the vulnerability is discovered and the time it is exploited

c. Elapsed time between the beginning and ending of a critical activity

d. Elapsed time between the beginning and ending of a non-critical activity

18. a. It is the definition of a timing analysis attack, which is an attack on a cryptographic module that is based on an analysis of time periods between the time a command is issued and the time the result is obtained. It measures the elapsed time. The elapsed time between when the vulnerability is discovered and the time it is exploited is the definition of time-to-exploitation metric. The other two choices are examples of general metrics, not security related.

19. Regarding a cryptographic module, the input or output of critical security parameters (CSPs) require that a split knowledge procedure is performed using which of the following:

1. Physically separated ports

2. Environmentally separated ports

3. Logically separated interfaces

4. Environmentally separated interfaces

a. 1 and 2

b. 1 and 3

c. 1 and 4

d. 2 and 4

19. b. Security for a cryptographic module requires that an entry or output of critical security parameters (CSPs) using a split knowledge procedure is performed using ports that are physically separated from other ports and interfaces that are logically separated from other interfaces using a trusted channel. CSPs may either be entered into or output from the cryptographic module in an encrypted form. A split knowledge is a process by which a cryptographic key is split into multiple key components, individually providing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to re-create the original cryptographic key.

20. Which of the following is more secure and complex and more difficult to counterfeit and compromise?

a. Physical keys

b. Three-plane keys

c. Conventional keys with locksets

d. Pick-resistant locksets

20. b. A three-plane key (3-plane key) is used as a physical access control method, is more secure and complex, is complicated to copy, requires blank key stocks, which are not readily available to adversaries, and is more difficult to counterfeit, and the locks controlled by 3-plane keys are more difficult to compromise. Physical keys are simple keys that are highly susceptible to copying or theft, and locks controlled by simple keys are easy to compromise. Conventional keys with locksets are inexpensive but easy to duplicate (copy). Pick-resistant locksets are more expensive than conventional keys with locksets, and the keys are much more difficult to duplicate. The pick-resistant locksets are not as strong or secure as the 3-plane keys.