Читаем CISSP Practice полностью

a. Defense-in-depth strategy

b. Defense-in-breadth strategy

c. Defense-in-time strategy

d. Defense-in-technology strategy

12. b. Radio frequency identification (RFID) technologies are used in supply chain systems which, in turn, use defense-in-breadth strategy for ensuring security. Defense-in-depth strategy considers layered defenses to make security stronger. Defense-in-time strategy considers different time zones in the world where information systems operate. Defense-in-technology strategy deals with making technology less complicated and more secure.

13. Which of the following is not an example of race condition attacks?

a Symbolic links

b. Object-oriented

c. Deadlock

d. Core-file manipulation

13. c. Allowing exclusive access to a dedicated input/output device (e.g., printer, plotter, and disk) in response to a user request can lead to a deadlock situation in the absence of spooling. Deadlocks are not related to race condition attacks because the latter is called timing attacks. A symbolic link (symlink) is a file that points to another file. Often, there are programs that can change the permissions granted to a file. If these programs run with privileged permission, a user could strategically create symlinks to trick these programs into modifying or listing critical system files. Symlink attacks are often coupled with race condition attacks.

Symbolic links are links on UNIX, MINIX, and LINUX systems that point from one file to another file. A symlink vulnerability is exploited by making a symbolic link from a file an attacker does have access to a file to which the attacker does not have access. Symlinks do not exist on Windows systems, so symlink attacks cannot be performed against programs or files on those systems. MINIX is a variation of UNIX and is small in size. A major difference between MINIX and UNIX is the editor where the former is faster and the latter is slower.

In object-oriented programming, race conditions occur due to the sharing of common variables among object instances, which could be verified within the program code. For each file access, the program should be written to verify that the file is free before opening it and to check for object-in-use errors.

Core-file manipulation is another example of a race condition where a program or process enters into a privileged mode before the program or process has given up its privileged mode. If an attacker successfully manages to compromise the program or process during its privileged state, then the attacker has won the race.

14. What do most effective security controls over remote maintenance ports include?

a. Legal contracts and dial-back systems

b. Dial-back systems and modem pools

c. Legal contracts and modem pools

d. Dial-back systems and disconnecting unneeded connections

14. c. Remote maintenance ports enable the vendor to fix operating problems. The legal contract with the vendor should specify that there be no trap doors and that any maintenance ports should be approved by both parties. Modem pools consist of a group of modems connected to a server (e.g., host, communications, or terminal). This provides a single point of control. Attackers can target the modem pool, so protect it by installing an application gateway-based firewall control. Dial-back security controls over remote maintenance ports are not effective because they are actually authenticating a place, not a person. It is good practice to disconnect unneeded connections to the outside world, but this makes it difficult for a maintenance contractor to access certain ports when needed in an emergency.

15. Which of the following statements is not true about Internet firewalls?

a. A firewall can enforce security policy.

b. A firewall can log Internet activity.

c. A firewall can limit an organization’s security exposure.

d. A firewall can protect against all computer viruses in PCs.