Читаем CISSP Practice полностью

254. c. The access control list (ACL) is the most useful and flexible type of implementation of an access control matrix. The ACL permits any given user to be allowed or disallowed access to any object. The columns of an ACL show a list of users attached to protected objects. One can associate access rights for individuals and resources directly with each object. The other three choices require extensive administrative work and are useful but not that flexible.

255. What is Kerberos?

a. Access-oriented protection system

b. Ticket-oriented protection system

c. List-oriented protection system

d. Lock-and-key-oriented protection system

255. b. Kerberos was developed to enable network applications to securely identify their peers. It uses a ticket, which identifies the client, and an authenticator that serves to validate the use of that ticket and prevent an intruder from replaying the same ticket to the server in a future session. A ticket is valid only for a given time interval. When the interval ends, the ticket expires, and any later authentication exchanges require a new ticket.

An access-oriented protection system can be based on hardware or software or a combination of both to prevent and detect unauthorized access and to permit authorized access. In list-oriented protection systems, each protected object has a list of all subjects authorized to access it. A lock-and-key-oriented protection system involves matching a key or password with a specific access requirement. The other three choices do not provide a strong authentication protection, as does the Kerberos.

256. For intrusion detection and prevention system capabilities using anomaly-based detection, administrators should check which of the following to determine whether they need to be adjusted to compensate for changes in the system and changes in threats?

a. Whitelists

b. Thresholds

c. Program code viewing

d. Blacklists

256. b. Administrators should check the intrusion detection and prevention system (IDPS) thresholds and alert settings to determine whether they need to be adjusted periodically to compensate for changes in the system environment and changes in threats. The other three choices are incorrect because the anomaly-based detection does not use whitelists, blacklists, and program code viewing.

257. Intrusion detection systems cannot do which of the following?

a. Report alterations to data files

b. Trace user activity

c. Compensate for weak authentication

d. Interpret system logs

257. c. An intrusion detection system (IDS) cannot act as a “silver bullet,” compensating for weak identification and authentication mechanisms, weaknesses in network protocols, or lack of a security policy. IDS can do the other three choices, such as recognizing and reporting alterations to data files, tracing user activity from the point of entry to the point of exit or impact, and interpreting the mass of information contained in operating system logs and audit trail logs.

258. Intrusion detection systems can do which of the following?

a. Analyze all the traffic on a busy network

b. Deal with problems involving packet-level attacks

c. Recognize a known type of attack

d. Deal with high-speed asynchronous transfer mode networks

258. c. Intrusion detection systems (IDS) can recognize when a known type of attack is perpetrated on a system. However, IDS cannot do the following: (i) analyze all the traffic on a busy network, (ii) compensate for receiving faulty information from system sources, (iii) always deal with problems involving packet-level attacks (e.g., an intruder using fabricated packets that elude detection to launch an attack or multiple packets to jam the IDS itself), and (iv) deal with high-speed asynchronous transfer mode networks that use packet fragmentation to optimize bandwidth.

259. What is the most risky part of the primary nature of access control?

a. Configured or misconfigured

b. Enabled or disabled

c. Privileged or unprivileged

d. Encrypted or decrypted

259. b. Access control software can be enabled or disabled, meaning security function can be turned on or off. When disabled, the logging function does not work. The other three choices are somewhat risky but not as much as enabled or disabled.