Читаем CISSP Practice полностью

a. Previous logon notification

b. Concurrent session control

c. Session lock

d. Session termination

265. c. Both users and the system can initiate session lock mechanisms. However, a session lock is not a substitute for logging out of the information system because it is done at the end of the workday. Previous logon notification occurs at the time of login. Concurrent session control deals with either allowing or not allowing multiple sessions at the same time. Session termination can occur when there is a disconnection of the telecommunications link or other network operational problems.

266. Which of the following violates a user’s privacy?

a. Freeware

b. Firmware

c. Spyware

d. Crippleware

266. c. Spyware is malicious software (i.e., malware) intended to violate a user’s privacy because it is invading many computer systems to monitor personal activities and to conduct financial fraud.

Freeware is incorrect because it is software made available to the public at no cost, but the author retains the copyright and can place restrictions on how the program is used. Some freeware can be harmless whereas others are harmful. Not all freeware violates a user’s privacy.

Firmware is incorrect because it is software that is permanently stored in a hardware device, which enables reading but not writing or modifying. The most common device for firmware is read-only-memory (ROM).

Crippleware is incorrect because it enables trial (limited) versions of vendor products that operate only for a limited period of time. Crippleware does not violate a user’s privacy.

267. Network-based intrusion prevention systems (IPS) are typically deployed:

a. Inline

b. Outline

c. Online

d. Offline

267. a. Network-based IPS performs packet sniffing and analyzes network traffic to identify and stop suspicious activity. They are typically deployed inline, which means that the software acts like a network firewall. It receives packets, analyzes them, and decides whether they should be permitted, and allows acceptable packets to pass through. They detect some attacks on networks before they reach their intended targets. The other three choices are not relevant here.

268. Identity thieves can get personal information through which of the following means?

1. Dumpster diving

2. Skimming

3. Phishing

4. Pretexting

a. 1 only

b. 3 only

c. 1 and 3

d. 1, 2, 3, and 4

268. d. Identity thieves get personal information by stealing records or information while they are on the job, bribing an employee who has access to these records, hacking electronic records, and conning information out of employees. Sources of personal information include the following: Dumpster diving, which includes rummaging through personal trash, a business’ trash, or public trash dumps.

Skimming includes stealing credit card or debit card numbers by capturing the information in a data storage device. Phishing and pretexting deal with stealing information through e-mail or phone by posing as legitimate companies and claiming that you have a problem with your account. This practice is known as phishing online or pretexting (social engineering) by phone respectively.

269. Which of the following application-related authentication types is risky?

a. External authentication

b. Proprietary authentication

c. Pass-through authentication

d. Host/user authentication

269. c. Pass-through authentication refers to passing operating system credentials (e.g., username and password) unencrypted from the operating system to the application system. This is risky due to unencrypted credentials. Note that pass-through authentications can be encrypted or unencrypted.

External authentication is incorrect because it uses a directory server, which is not risky. Proprietary authentication is incorrect because username and passwords are part of the application, not the operating system. This is less risky. Host/user authentication is incorrect because it is performed within a controlled environment (e.g., managed workstations and servers within an organization). Some applications may rely on previous authentication performed by the operating system. This is less risky.

270. Inference attacks are based on which of the following?

a. Hardware and software

b. Firmware and freeware

c. Data and information

d. Middleware and courseware

270. c. An inference attack is where a user or an intruder can deduce information to which he had no privilege from information to which he has privilege.