Читаем CISSP Practice полностью

IM also provides file-sharing capabilities, which is used to access files on remote computers via a screen name which could be infected with a Trojan horse. To launch malware and file-sharing attacks, an attacker may use the open IM ports because he does not need new ports. Therefore, the file-sharing feature should be disabled on all IM clients.

Restricting IM chat announcements to only authorized users can limit attackers from connecting to computers on the network and sending malicious code. IM is a potential carrier for malware because it provides the ability to transfer text messages and files, thereby becoming an access point for a backdoor Trojan horse. Installing antivirus software with plug-ins to IM clients and scanning files as they are received can help control malware.

23. What do terminating network connections with internal and external communication sessions include?

1. De-allocating associated TCP/IP addresses and port pairs at the operating system level

2. Logically separating user functionality from system management functionality

3. De-allocating networking assignments at the application system level

4. Isolating security functions from nonsecurity functions at boundaries

a. 1 and 2

b. 1 and 3

c. 2 and 4

d. 1, 2, 3, and 4

23. b. An information system should terminate the internal and external network connection associated with a communications session at the end of the session or after a period of inactivity. This is achieved through de-allocating addresses and assignments at the operating system level and application system level.

24. In a wireless local-area network (WLAN) environment, what is a technique used to ensure effective data security called?

a. Message authentication code and transponder

b. Transmitting in different channels and message authentication code

c. Transmitting on different channels and enabling encryption

d. Encryption and transponder

24. c. In a wireless local-area network (WLAN) environment, transmitting in different channels at the same time or different times ensures that an intruder cannot predict the transmission patterns. Data can be compared from different channels for completeness and accuracy. In addition, data encryption techniques can be used for encrypting all wireless traffic and for highly secure applications. It is true that anyone with the appropriate receiver device can capture the signal transmitted from one unit to another.

A message authentication code is not applicable here because it is a process for detecting unauthorized changes made to data transmitted between users or machines or to data retrieved from storage. A transponder is not applicable here because it is used in satellites to receive a signal, to change its frequency, and to retransmit it.

25. Synchronization of file updates in a local-area network environment cannot be accomplished by using which of the following?

a. File locks

b. Record locks

c. Semaphores

d. Security labels

25. d. Security labels deal with security and confidentiality of data, not with file updates. A security label is a designation assigned to a system resource such as a file, which cannot be changed except in emergency situations. File updates deal with the integrity of data. The unique concept of a local-area network (LAN) file is its capability to be shared among several users. However, security controls are needed to assure synchronization of file updates by more than one user.

File locks, record locks, and semaphores are needed to synchronize file updates. File locks provide a coarse security due to file-level locking. Record locking can be done through logical or physical locks. The PC operating system ensures that the protected records cannot be accessed on the hard disk. Logical locks work by assigning a lock name to a record or a group of records. A semaphore is a flag that can be named, set, tested, changed, and cleared. Semaphores can be applied to files, records, group of records, or any shareable network device, such as a printer or modem. Semaphores are similar to logical locks in concept and can be used for advanced network control functions.

26. Which of the following is a byproduct of administering the security policy for firewalls?

a. Protocol filtering policy

b. Connectivity policy

c. Firewall implementation

d. Protocol filtering rules