Читаем CISSP Practice полностью

Encrypted passwords protect from unauthorized viewing or using. The encrypted password file is kept secure with access permission given to security administration for maintenance or to the passwords system itself. This approach is productive in keeping the passwords secure and secret.

Nonreusable passwords are used only once. A series of passwords are generated by a cryptographic secure algorithm and given to the user for use at the time of login. Each password expires after its initial use and is not repeated or stored anywhere. This approach is productive in keeping the passwords secure and secret.

In time-based passwords, the password changes every minute or so. A smart card displays some numbers that are a function of the current time and the user’s secret key. To get access, the user must enter a number based on his own key and the current time. Each password is a unique one and therefore need not be written down or guessed. This approach is productive and effective in keeping the passwords secure and secret.

284. Which of the following issues is closely related to logical access controls?

a. Employee issues

b. Hardware issues

c. Operating systems software issues

d. Application software issues

284. a. The largest risk exposure remains with employees. Personnel security measures are aimed at hiring honest, competent, and capable employees. Job requirements need to be programmed into the logical access control software. Policy is also closely linked to personnel issues. A deterrent effect arises among employees when they are aware that their misconduct (intentional or unintentional) may be detected. Selecting the right type and access level for employees, informing which employees need access accounts and what type and level of access they require, and informing changes to access requirements are also important. Accounts and accesses should not be granted or maintained for employees who should not have them in the first place. The other three choices are distantly related to logical access controls when compared to employee issues.

285. Which of the following password methods are based on fact or opinion?

a. Static passwords

b. Dynamic passwords

c. Cognitive passwords

d. Conventional passwords

285. c. Cognitive passwords use fact-based and opinion-based cognitive data as a basis for user authentication. It uses interactive software routines that can handle initial user enrollment and subsequent cue response exchanges for system access. Cognitive passwords are based on a person’s lifetime experiences and events where only that person, or his family, knows about them. Examples include the person’s favorite high school teachers’ names, colors, flowers, foods, and places. Cognitive password procedures do not depend on the “people memory” often associated with the conventional password dilemma. However, implementation of a cognitive password mechanism could cost money and take more time to authenticate a user. Cognitive passwords are easier to recall and difficult for others to guess.

Conventional (static) passwords are difficult to remember whether user-created or system-generated and are easy to guess by others. Dynamic passwords change each time a user signs on to the computer. Even in the dynamic password environment, a user needs to remember an initial code for the computer to recognize him. Conventional passwords are reusable whereas dynamic ones are not. Conventional passwords rely on memory.

286. Which of the security codes is the longest, thereby making it difficult to guess?

a. Passphrases

b. Passwords

c. Lockwords

d. Passcodes

286. a. Passphrases have the virtue of length (e.g., up to 80 characters), making them both difficult to guess and burdensome to discover by an exhaustive trial-and-error attack on a system. The number of characters used in the other three choices is smaller (e.g., four to eight characters) than passphrases. All four security codes are user identification mechanisms.

Passwords are uniquely associated with a single user. Lockwords are system-generated terminal passwords shared among users. Passcodes are a combination of password and ID card.

287. Anomaly detection approaches used in intrusion detection systems (IDS) require which of the following?

a. Tool sets

b. Skill sets

c. Training sets

d. Data sets