Читаем CISSP Practice полностью

19. b. Web content filtering software is a program that prevents access to undesirable websites, typically by comparing a requested website address to a list of known bad websites (i.e., blacklisting). Blacklisting is a hold placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources.

The other three choices are not related to the Web content filtering software. Web bug is a tiny image, invisible to a user, placed on Web pages in such a way to enable third parties to track use of Web servers and collect information about the user, including IP addresses, host name, browser type and version, operating system name and version, and cookies. The Web bug may contain malicious code. RED refers to data/information or messages that contain sensitive or classified information that is not encrypted, whereas BLACK refers to information that is encrypted.

20. Which of the following identifies calls originating from nonexistent telephone extensions to detect voice-mail fraud?

a. Antihacker software

b. Call-accounting system

c. Antihacker hardware

d. Toll-fraud monitoring system

20. b. A call-accounting system can indicate calls originating from nonexistent “phantom” telephone extensions or trunks. Along with misconfigured voice-mail systems, unused telephone extensions and uncontrolled maintenance ports are key reasons for voice-mail fraud.

Call-accounting systems provide information about hacking patterns. Antihacker software and hardware can provide multilevel passwords and a self-destruct feature that enables users to delete all messages in their mailboxes if they forget their password. Toll-fraud monitoring systems enable you to catch the voice hacker’s activities quickly as the fraud is taking place.

21. Which of the following voice-mail fraud prevention controls can be counterproductive and at the same time counterbalancing?

1. Turning off direct inward system access ports during nonworking hours

2. Separating internal and external call-forwarding privileges

3. Implementing call vectoring

4. Disconnecting dial-in maintenance ports

a. 1 and 2

b. 1 and 4

c. 3 and 4

d. 2 and 3

21. b. Direct inward system access (DISA) is used to enable an inward calling person access to an outbound line, which is a security weakness when not properly secured. Because hackers work during nonworking hours (evenings and weekends), turning off DISA appears to be a preventive control. However, employees who must make business phone calls during these hours cannot use these lines. They have to use their company/personal credit cards when the DISA is turned off. Similarly, disconnecting dial-in maintenance ports appears to be a preventive control; although, hackers can get into the system through these ports.

Emergency problems cannot be handled when the maintenance ports are disabled. Turning off direct inward system access (DISA) ports during nonworking hours and disconnecting dial-in maintenance ports are counterproductive and counterbalancing.

By separating internal and external call-forwarding privileges for internal lines, an inbound call cannot be forwarded to an outside line unless authorized. Call vectoring can be implemented by answering a call with a recorded message or nothing at all, which may frustrate an attacker. Separating internal and external call-forwarding privileges and implementing call vectoring are counterproductive and balancing.

22. Regarding instant messaging (IM), which of the following is an effective countermeasure to ensure that the enclave users cannot connect to public messaging systems?

a. Disable file-sharing feature

b. Restrict IM chat announcements

c. Block ports at the enclave firewall

d. Install antivirus software

22. c. Blocking ports at the enclave firewall ensures that enclave users cannot connect to public messaging systems. Although a firewall can be effective at blocking incoming connections and rogue outgoing connections, it can be difficult to stop all instant messaging (IM) traffic connected to commonly allowed destination ports (e.g., HTTP, Telnet, FTP, and SMTP), thus resulting in a bypass of firewalls. Therefore, domain names or IP addresses should be blocked in addition to port blocking at a firewall.