Читаем CISSP Practice полностью

299. d. A commonly used method to ensure that access to a communications session is controlled and authenticated continuously is the use of encryption mechanisms to prevent loss of control of the session through session stealing or hijacking. Other methods such as signed x.509 certificates and password files associated with access control lists (ACLs) can bind entities to unique IDs. Although these other methods are good, they do not prevent the loss of control of the session.

300. What is a control to prevent an unauthorized user from starting an alternative operating system?

a. Shadow password

b. Encryption password

c. Power-on password

d. Network password

300. c. A computer system can be protected through a power-on password, which prevents an unauthorized user from starting an alternative operating system. The other three types of passwords mentioned do not have the preventive nature, as does the power-on password.

301. The concept of least privilege is based on which of the following?

a. Risk assessment

b. Information flow enforcement

c. Access enforcement

d. Account management

301. a. An organization practices the concept of least privilege for specific job duties and information systems, including specific responsibilities, network ports, protocols, and services in accordance with risk assessments. These practices are necessary to adequately mitigate risk to organizations’ operations, assets, and individuals. The other three choices are specific components of access controls.

302. Which of the following is the primary technique used by commercially available intrusion detection and prevention systems (IDPS) to analyze events to detect attacks?

a. Signature-based IDPS

b. Anomaly-based IDPS

c. Behavior-based IDPS

d. Statistical-based IDPS

302. a. There are two primary approaches to analyzing events to detect attacks: signature detection and anomaly detection. Signature detection is the primary technique used by most commercial systems; however, anomaly detection is the subject of much research and is used in a limited form by a number of intrusion detection and prevention systems (IDPS). Behavior and statistical based IDPS are part of anomaly-based IDPS.

303. For electronic authentication, which of the following is an example of a passive attack?

a. Eavesdropping

b. Man-in-the-middle

c. Impersonation

d. Session hijacking

303. a. A passive attack is an attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier but does not alter the data. Eavesdropping is an example of a passive attack.

A man-in-the-middle (MitM) attack is incorrect because it is an active attack on the authentication protocol run in which the attacker positions himself between the claimant and verifier so that he can intercept and alter data traveling between them.

Impersonation is incorrect because it is an attempt to gain access to a computer system by posing as an authorized user. It is the same as masquerading, spoofing, and mimicking.

Session hijacking is incorrect because it is an attack that occurs during an authentication session within a database or system. The attacker disables a user’s desktop system, intercepts responses from the application, and responds in ways that probe the session. Man-in-the-middle, impersonation, and session hijacking are examples of active attacks. Note that MitM attacks can be passive or active depending on the intent of the attacker because there are mild MitM or strong MitM attacks.

304. Which of the following complementary strategies to mitigate token threats raise the threshold for successful attacks?

a. Physical security mechanisms

b. Multiple security factors

c. Complex passwords

d. System and network security controls

304. b. Token threats include masquerading, off-line attacks, and guessing passwords. Multiple factors raise the threshold for successful attacks. If an attacker needs to steal the cryptographic token and guess a password, the work factor may be too high.

Physical security mechanisms are incorrect because they may be employed to protect a stolen token from duplication. Physical security mechanisms can provide tamper evidence, detection, and response.