Читаем CISSP Practice полностью

35. b. Statistics indicate that most fires are electrical in origin. Furniture fires and paper fires are Class A fires, whereas gasoline fires are Class B fires.

36. Electronic surveillance and wiretapping has increased due to which of the following?

a. Telephone lines

b. Bugging techniques

c. Microchip technology

d. Surveillance equipment

36. c. Miniaturization has greatly aided spying. With advances in microchip technology, transmitters can be so small as to be enmeshed in wallpaper, inserted under a stamp, or placed on the head of a nail.

37. The failure of a sprinkler system most often is due to which of the following reasons?

a. Equipment error

b. Computer error

c. Human error

d. Design error

37. c. The failure of a sprinkler system most often is due to human error—the water supply was turned off at the time of the fire.

38. When freezing temperatures and broken pipes are a problem, which of the following should be used?

a. Wet-pipe system

b. Dry-pipe system

c. Carbon-dioxide system

d. Halon system

38. b. When freezing temperatures and broken pipes are a problem, the dry-pipe system is useful. Air pressure is maintained in the pipes until a sprinkler head ruptures. Then, the air escapes, and water enters the pipes and exits through the opened sprinklers. With the wet-pipe system, water is in the pipes at all times and is released when heat ruptures the seal in the sprinkler head.

39. Which of the following cannot defend the computing environment?

a. Operating systems

b. Biometrics

c. Cryptographic key recovery

d. Hardware tokens

39. c. Operating systems, biometrics, and hardware tokens, either alone or together, can defend the computing environment. The cryptographic key recovery is a part of key management infrastructure/public key infrastructure (KMI/PKI), which is a supporting infrastructure for information assurance. The cryptographic key recovery by itself cannot defend the computing environment.

40. Information leakage occurs due to which of the following physical and environmental hazards?

a. Flooding

b. Electromagnetic radiation

c. Vandalism

d. Electrical interference

40. b. An organization should protect the information system from information leakage due to electromagnetic signal emanations. All the other choices are examples of hazards but not related to an information leakage problem.

41. Which of the following is a direct physical measure used to protect the integrity and confidentiality of transmitted information?

a. Protective distribution system

b. Transport layer security

c. Internet protocol security

d. Cryptographic mechanism

41. a. The information system should protect the integrity and confidentiality of transmitted information with a protective distribution system in the first place (a physical measure). The other three choices are alternatives to the protective distribution system. Transport layer security (TLS) is an authentication and security protocol widely implemented in Web browsers and servers. Internet protocol security (IPsec) provides security capabilities at the IP layer of communications. An organization employs cryptographic mechanisms to ensure recognition of changes to information (i.e., integrity) and to prevent unauthorized disclosure of information (i.e., confidentiality) during transmission. The other three choices do not directly deal with physical measures.

42. Which of the following information security control families requires a cross-cutting approach?

a. Contingency planning

b. Identification and authentication

c. Maintenance

d. Physical and environmental protection

42. d. Physical and environmental protection requires a cross-cutting approach because it is related to physical and environmental protection, access controls, and incident response control families. Cross-cutting approaches cover more than one security control family. The other three choices require a control-specific approach, meaning they cover only one security control family.

43. Which of the following delays water release?

a. Wet pipe

b. Pre-action pipe

c. Water pipe

d. Gas pipe