Читаем CISSP Practice полностью

d. Access control lists (ACLs)

326. a. A discretionary access control (DAC) mechanism enables users to grant or revoke access to any of the objects under their control. As such, users are said to be the owners of the objects under their control. Users and owners are different in the other three choices.

327. For electronic authentication protocol threats, which of the following are assumed to be physically able to intercept authentication protocol runs?

a. Eavesdroppers

b. Subscriber impostors

c. Impostor verifiers

d. Hijackers

327. a. Eavesdroppers are assumed to be physically able to intercept authentication protocol runs; however, the protocol may be designed to render the intercepted messages unintelligible, or to resist analysis that would allow the eavesdropper to obtain information useful to impersonate the claimant.

Subscriber impostors are incorrect because they need only normal communications access to verifiers or relying parties. Impostor verifiers are incorrect because they may have special network capabilities to divert, insert, or delete packets. But, in many cases, such attacks can be mounted simply by tricking subscribers with incorrect links or e-mails or on Web pages, or by using domain names similar to those of relying parties or verifiers. Therefore, the impostors do not necessarily need to have any unusual network capabilities. Hijackers are incorrect because they must divert communications sessions, but this capability may be comparatively easy to achieve today when many subscribers use wireless network access.

328. Which of the following is not commonly detected and reported by intrusion detection and prevention systems (IDPS)?

a. System scanning attacks

b. Denial-of-service attacks

c. System penetration attacks

d. IP address spoofing attacks

328. d. An attacker can send attack packets using a fake source IP address but arrange to wiretap the victims reply to the fake address. The attacker can do this without having access to the computer at the fake address. This manipulation of IP addressing is called IP address spoofing.

A system scanning attack occurs when an attacker probes a target network or system by sending different kinds of packets. Denial-of-service attacks attempt to slow or shut down targeted network systems or services. System penetration attacks involve the unauthorized acquisition and/or alteration of system privileges, resources, or data.

329. In-band attacks against electronic authentication protocols include which of the following?

a. Password guessing

b. Impersonation

c. Password guessing and replay

d. Impersonation and man-in-the-middle

329. c. In an in-band attack, the attacker assumes the role of a claimant with a genuine verifier. These include a password guessing attack and a replay attack. In a password guessing attack, an impostor attempts to guess a password in repeated logon trials and succeeds when he can log onto a system. In a replay attack, an attacker records and replays some part of a previous good protocol run to the verifier. In the verifier impersonation attack, the attacker impersonates the verifier and induces the claimant to reveal his secret token. A man-in-the-middle attack is an attack on the authentication protocol run in which the attacker positions himself between the claimant and verifier so that he can intercept and alter data traveling between them.

330. Which of the following access control policies or models provides a straightforward way of granting or denying access for a specified user?

a. Role-based access control (RBAC)

b. Access control lists (ACLs)

c. Mandatory access control (MAC)

d. Discretionary access control (DAC)

330. b. An access control list (ACL) is an object associated with a file and containing entries specifying the access that individual users or groups of users have to the file. ACLs provide a straightforward way to grant or deny access for a specified user or groups of users. Other choices are not that straightforward in that they use labels, tags, and roles.

331. What is impersonating a user or system called?

a. Snooping attack

b. Spoofing attack

c. Sniffing attack

d. Spamming attack