Читаем CISSP Practice полностью

a. Use tokens that generate high entropy authenticators.

b. Use hardware cryptographic tokens.

c. Use tokens with dynamic authenticators.

d. Use multifactor tokens.

26. b. In token duplication, the subscriber’s token has been copied with or without the subscriber’s knowledge. A countermeasure is to use hardware cryptographic tokens that are difficult to duplicate. Physical security mechanisms can also be used to protect a stolen token from duplication because they provide tamper evidence, detection, and response capabilities. The other three choices cannot handle a duplicate tokens problem.

27. Eavesdropping is a threat to the tokens used for electronic authentication. Which of the following is a countermeasure to mitigate the eavesdropping threat?

a. Use tokens that generate high entropy authenticators.

b. Use hardware cryptographic tokens.

c. Use tokens with dynamic authenticators.

d. Use multifactor tokens.

27. c. A countermeasure to mitigate the eavesdropping threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication.

28. Identifier management is applicable to which of the following accounts?

a. Group accounts

b. Local user accounts

c. Guest accounts

d. Anonymous accounts

28. b. All users accessing an organization’s information systems must be uniquely identified and authenticated. Identifier management is applicable to local user accounts where the account is valid only on a local computer, and its identity can be traced to an individual. Identifier management is not applicable to shared information system accounts, such as group, guest, default, blank, anonymous, and nonspecific user accounts.

29. Phishing or pharming is a threat to the tokens used for electronic authentication. Which of the following is a countermeasure to mitigate the phishing or pharming threat?

a. Use tokens that generate high entropy authenticators.

b. Use hardware cryptographic tokens.

c. Use tokens with dynamic authenticators.

d. Use multifactor tokens.

29. c. A countermeasure to mitigate the phishing or pharming threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication.

Phishing is tricking individuals into disclosing sensitive personal information through deceptive computer-based means. Phishing attacks use social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. It involves Internet fraudsters who send spam or pop-up messages to lure personal information (e.g., credit card numbers, bank account information, social security numbers, passwords, or other sensitive information) from unsuspecting victims. Pharming is misdirecting users to fraudulent websites or proxy servers, typically through DNS hijacking or poisoning.

30. Theft is a threat to the tokens used for electronic authentication. Which of the following is a countermeasure to mitigate the theft threat?

a. Use tokens that generate high entropy authenticators.

b. Use hardware cryptographic tokens.

c. Use tokens with dynamic authenticators.

d. Use multifactor tokens.

30. d. A countermeasure to mitigate the threat of token theft is to use multifactor tokens that need to be activated through a PIN or biometric. The other choices are incorrect because they cannot provide multifactor tokens.

31. Social engineering is a threat to the tokens used for electronic authentication. Which of the following is a countermeasure to mitigate the social engineering threat?

a. Use tokens that generate high entropy authenticators.

b. Use hardware cryptographic tokens.

c. Use tokens with dynamic authenticators.

d. Use multifactor tokens.

31. c. A countermeasure to mitigate the social engineering threat is to use tokens with dynamic authenticators where knowledge of one authenticator does not assist in deriving a subsequent authenticator. The other choices are incorrect because they cannot provide dynamic authentication.