Читаем CISSP Practice полностью

48. d. Limited network management for most remote control programs is a major disadvantage. Managing a large number of host workstations is difficult; each station must be managed individually. The remote control program that LAN access method uses does not implicitly minimize telephone connect time; although, it is possible to automate many operations using batch files or other programming mechanisms. Manual connect and disconnect operations are often augmented by timeout options not always found with other remote LAN access methods. Compatibility between the remote control programs and host applications is not guaranteed; often, compatibility must be determined by trial and error.

49. What is a data communication switch that enables many computer terminals to share a single modem and a line called?

a. Bypass switch

b. Fallback switch

c. Crossover switch

d. Matrix switch

49. a. Data communications switches are useful for routing data, online monitoring, fault diagnosis, and digital/analog testing. A switch is a mechanical, electromechanical, or electronic device for making, breaking, or changing the connection in or among circuits. It is used to transfer a connection from one circuit to another.

There are four basic types of switches: bypass, fallback, crossover, and matrix. A bypass switch enables many terminals to share a single modem and line. A fallback switch turns network components from online to standby equipment when there is a problem in the circuit. A crossover switch provides an easy method of interchanging data flows between two pairs of communications components. With a matrix switch a user can interconnect any combination of a group of incoming interfaces to any combination of a group of outgoing interfaces.

50. An intranet can be found in an organization’s internal network or shared between organizations over the Internet. Which of the following controls is least suited to establish a secure intranet over the Internet?

a. Use encrypted tunnels.

b. Install encrypted routers.

c. Install encrypted firewalls.

d. Implement password controls in the private Web server.

50. d. Intranets are similar to the organization’s own networks, providing internal interaction. You do not need to be connected to the Internet to create an intranet. The infrastructure includes placing policies, procedures, and standards documents on an internal server. The intranet could be connected to the Internet, or an intranet could be created by using a private Web server on the Internet. Effective controls include encryption and firewalls. Private tunnels can be created over the Internet through the use of encryption devices, encrypting firewalls, or encrypting routers. Implementing password controls to the private Web server for each user is a weak control because password administration would be a difficult if not an impossible task. Group passwords would not be effective either.

51. Which of the following is an example of an asynchronous attack?

a. Data diddling attack

b. Data leakage attack

c. TOC-TOU attack

d. Salami attack

51. c. In a time-of-check to time-of-use (TOC-TOU) attack, a print job under one user’s name is exchanged with a print job for another user. Asynchronous attacks take advantage of time differentials between two events.

A data diddling attack is changing data before or during input to computers or during output from a computer system (e.g., forging a document). A data leakage attack is the removal of data from a computer system by covert means. A salami attack is a theft of small amounts of money from a number of bank accounts and customers (e.g., stealing a few cents from each customer’s bank account and spreading over many customers).

52. Security mechanisms implement security services. Which of the following security services is provided by a notarization security mechanism?

a. Confidentiality

b. Integrity

c. Authentication

d. Nonrepudiation

52. d. Nonrepudiation services prevent the parties to a communication from denying that they sent or received it, or disputing its contents. It may provide either proof of origin or proof of delivery.