Читаем CISSP Practice полностью

For serious and strong attacks, normal detection alone is not enough, correction alone or combined with detection is not enough, recovery alone or combined with detection and correction is not enough because they may not contain the serious and strong attacks quickly as they are too late to be of any significant use. However, they are very useful in normal attacks. Intervening is pro-active and action-oriented, whereas detecting, correcting, and recovering are re-active and passive-oriented.

314. Major vulnerabilities stemming from the use of the World Wide Web (WWW) are associated with which of the following?

a. External websites and hypertext markup language (HTML)

b. Web browser software and Web server software

c. External websites and hypertext transfer protocol (HTTP)

d. Internal websites and Web pages

314. b. Vulnerabilities stemming from the use of the Web are associated with browser software and server software. Although browser software can introduce vulnerabilities to an organization, these vulnerabilities are generally less severe than the threat posed by servers. Many organizations now support an external website describing their products and services. For security reasons, these servers are usually posted outside the organization’s firewall, thus creating more exposure. Web clients, also called Web browsers, enable a user to navigate through information by pointing and clicking. Web servers deliver hypertext markup language (HTML) and other media to browsers through the hypertext transfer protocol (HTTP). The browsers interpret, format, and present the documents to users. The end result is a multimedia view of the Internet.

315. Which of the following is an inappropriate control over telecommunication hardware?

a. Logical access controls

b. Security over wiring closets

c. Contingency plans

d. Restricted access to test equipment

315. a. Logical access control is a software-based control, not a hardware-based control. Security over wiring-closets circuits, transmission media, and hardware devices, and restricting access to test equipment are appropriate to protect hardware. Contingency plans to minimize losses from equipment failure or damage are important and appropriate. The other choices are physical security controls over telecommunications hardware. They minimize risks such as physical damage or unauthorized access to telecommunications hardware.

316. Which of the following guarantees network quality-of-service (QoS) and quality-of-protection (QoP)?

a. Memorandum of agreement (MOA)

b. Service-level agreement (SLA)

c. Memorandum of understanding (MOU)

d. Rules of network connection

316. b. Either MOA or MOU are initial documents prior to finalizing the SLA document. The rules of network connection can be informal and not binding. The SLA document is between a user (customer) organization and a service provider, so as to satisfy specific customer application system requirements. The SLA should address performance properties such as throughput (bandwidth), transit delay (latency), error rates, packet priority, network security, packet loss, and packet jitter.

317. For network security threats, which of the following steals or makes an unauthorized use of a service?

a. Denial-of-service

b. Misappropriation

c. Message replay

d. Message modification

317. b. Misappropriation is a threat in which an attacker steals or makes unauthorized use of a service. A denial-of-service (DoS) threat prevents or limits the normal use or management of networks or network devices. Message replay is a threat that passively monitors transmissions and retransmits messages, acting as if the attacker were a legitimate user. Message modification is a threat that alters a legitimate message by deleting, adding to, changing, or reordering it.

318. Which of the following statements is not true about wireless local-area networks (WLANs)?

a. Wireless LANs will not replace wired LANs.

b. Wireless LANs will augment the wired LANs.

c. Wireless LANs will substantially eliminate cabling.

d. Wireless LANs will serve as a direct replacement for the wired LANs.