Читаем CISSP Practice полностью

331. b. Spoofing is an unauthorized use of legitimate identification and authentication data such as user IDs and passwords. Intercepted user names and passwords can be used to impersonate the user on the login or file transfer server host that the user accesses.

Snooping and sniffing attacks are the same in that sniffing is observing the packet’s passing by on the network. Spamming is posting identical messages to multiple unrelated newsgroups on the Internet or sending unsolicited e-mail sent indiscriminately to multiple users.

332. Which one of the following access-control policy or model requires security clearances for subjects?

a. Discretionary access control (DAC)

b. Mandatory access control (MAC)

c. Role-based access control (RBAC)

d. Access control lists (ACLs)

332. b. A mandatory access control (MAC) restricts access to objects based on the sensitivity of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.

333. Which of the following is not an example of attacks on data and information?

a. Hidden code

b. Inference

c. Spoofing

d. Traffic analysis

333. c. Spoofing is using various techniques to subvert IP-based access control by masquerading as another system by using its IP address. Attacks such as hidden code, inference, and traffic analysis are based on data and information.

334. Honeypot systems do not contain which of the following?

a. Event triggers

b. Sensitive monitors

c. Sensitive data

d. Event loggers

334. c. The honeypot system is instrumented with sensitive monitors, event triggers, and event loggers that detect unauthorized accesses and collect information about the attacker’s activities. These systems are filled with fabricated data designed to appear valuable.

335. Intrusion detection and prevention systems look at security policy violations:

a. Statically

b. Dynamically

c. Linearly

d. Nonlinearly

335. b. Intrusion detection and prevention systems (IDPS) look for specific symptoms of intrusions and security policy violations dynamically. IDPS are analogous to security monitoring cameras. Vulnerability analysis systems take a static view of symptoms. Linearly and nonlinearly are not applicable here because they are mathematical concepts.

336. For biometric accuracy, which of the following defines the point at which the false rejection rates and the false acceptance rates are equal?

a. Type I error

b. Type II error

c. Crossover error rate

d. Type I and II error

336. c. In biometrics, crossover error rate is defined as the point at which the false rejection rates and the false acceptance rates are equal. Type I error, called false rejection rate, is incorrect because genuine users are rejected as imposters. Type II error, called false acceptance rate, is incorrect because imposters are accepted as genuine users.

337. Which one of the following does not help in preventing fraud?

a. Separation of duties

b. Job enlargement

c. Job rotation

d. Mandatory vacations

337. b. Separation of duties, job rotation, and mandatory vacations are management controls that can help in preventing fraud. Job enlargement and job enrichment do not prevent fraud because they are not controls; their purpose is to expand the scope of an employee’s work for a better experience and promotion.

338. Access triples used in the implementation of Clark-Wilson security model include which of the following?

a. Policy, procedure, and object

b. Class, domain, and subject

c. Subject, program, and data

d. Level, label, and tag

338. c. The Clark-Wilson model partitions objects into programs and data for each subject forming a subject/program/data access triple. The generic model for the access triples is .

Scenario-Based Questions, Answers, and Explanations

Use the following information to answer questions 1 through 9.

The KPT Company is analyzing authentication alternatives. The company has 10,000 users in 10 locations with five different databases of users. The current authentication access controls are a mix of UNIX and Microsoft related tools. KPT priorities include security, cost, scalability, and transparency.