Читаем CISSP Practice полностью

243. Passwords can be stored safely in which of the following places?

a. Initialization file

b. Script file

c. Password file

d. Batch file

243. c. Passwords should not be included in initialization files, script files, or batch files due to possible compromise. Instead, they should be stored in a password file, preferably encrypted.

244. Which of the following is not a common method used to gain unauthorized access to computer systems?

a. Password sharing

b. Password guessing

c. Password capturing

d. Password spoofing

244. d. Password spoofing is where intruders trick system security into permitting normally disallowed network connections. The gained passwords allow them to crack security or to steal valuable information. For example, the vast majority of Internet traffic is unencrypted and therefore easily readable. Consequently, e-mail, passwords, and file transfers can be obtained using readily available software. Password spoofing is not that common.

The other three choices are incorrect because they are the most commonly used methods to gain unauthorized access to computer systems. Password sharing allows an unauthorized user to have the system access and privileges of a legitimate user, with the legitimate user’s knowledge and acceptance. Password guessing occurs when easy-to-use or easy-to-remember codes are used and when other users know about them (e.g., hobbies, sports, favorite stars, and social events). Password capturing is a process in which a legitimate user unknowingly reveals the user’s login ID and password. This may be done through the use of a Trojan horse program that appears to the user as a legitimate login program; however, the Trojan horse program is designed to capture passwords.

245. What are the Bell-LaPadula access control model and mandatory access control policy examples of?

a. Identity-based access controls (IBAC)

b. Attribute-based access controls (ABAC)

c. Role-based access controls (RBAC)

d. Rule-based access controls (RuBAC)

245. d. The rule-based access control (RuBAC) is based on specific rules relating to the nature of the subject and object. A RuBAC decision requires authorization information and restriction information to compare before any access is granted. Both Bell-LaPadula access control model and mandatory access control policy deals with rules. The other three choices do not deal with rules.

246. Which of the following security solutions for access control is simple to use and easy to administer?

a. Passwords

b. Cryptographic tokens

c. Hardware keys

d. Encrypted data files

246. c. Hardware keys are devices that do not require a complicated process of administering user rights and access privileges. They are simple keys, similar to door keys that can be plugged into the personal computer before a person can successfully log on to access controlled data files and programs. Each user gets a set of keys for his personal use. Hardware keys are simple to use and easy to administer.

Passwords is an incorrect answer because they do require some amount of security administrative work such as setting up the account and helping users when they forget passwords. Passwords are simple to use but hard to administer.

Cryptographic tokens is an incorrect answer because they do require some amount of security administrative work. Tokens need to be assigned, programmed, tracked, and disposed of.

Encrypted data files is an incorrect answer because they do require some amount of security administrative work. Encryption keys need to be assigned to the owners for encryption and decryption purposes.

247. Cryptographic authentication systems must specify how the cryptographic algorithms will be used. Which of the following authentication systems would reduce the risk of impersonation in an environment of networked computer systems?

a. Kerberos-based authentication system

b. Password-based authentication system

c. Memory token-based authentication system

d. Smart token-based authentication system