Читаем CISSP Practice полностью

b. Detect

c. Correct

d. Attach

153. b. A macro virus is associated with a word processing file, which can damage the computer system. Macro viruses pass through the firewall with ease because they are usually passed on as either an e-mail message or simply downloaded as a text document. The macro virus represents a significant threat because it is difficult to detect. A macro virus consists of instructions in Word Basic, Visual Basic for applications, or some other macro languages, and resides in documents. Any application that supports macros that automatically execute is a potential platform for macro viruses. Now, documents are more widely shared through networks and the Internet than via disks.

154. Which of the following is most vulnerable to Trojan horse attacks?

a. Discretionary access control

b. Mandatory access control

c. Access control list

d. Logical access control

154. a. Because the discretionary access control system restricts access based on identity, it carries with it an inherent flaw that makes it vulnerable to Trojan horse attacks. Most programs that run on behalf of a user inherit the discretionary access control rights of that user.

155. Which of the following is the best place to check for computer viruses?

a. Each computer

b. Each workstation

c. The e-mail server

d. Each network

155. c. Virus checkers monitor computers and look for malicious code. A problem is that virus-checking programs need to be installed at each computer, workstation, or network, thus duplicating the software at extra cost. The best place to use the virus-checking programs is to scan e-mail attachments at the e-mail server. This way, the majority of viruses are stopped before ever reaching the users.

156. What do you call attacks that can disclose the end users’ session token and attack the local machine?

a. Broken access control

b. Invalidated input

c. Broken authentication

d. Cross-site scripting flaws

156. d. In cross-site scripting (XSS) flaws, the Web application can be used as a mechanism to transport an attack to an end user’s browser. A successful attack can disclose the end user’s session token, attack the local machine, or spoof content to fool the user.

157. A polymorphic virus uses which of the following?

a. Inference engine

b. Heuristic engine

c. Mutation engine

d. Search engine

157. c. Virus writers use a mutation engine to transform simple viruses into polymorphic ones for proliferation purposes and to evade detection. The other three choices do not deal with the transformation process.

158. All the following techniques can help in achieving process isolation security principle except:

a. Encapsulation

b. Naming distinctions

c. Virtual mapping

d. Security kernel

158. d. A security kernel is defined as hardware, firmware, and software elements of a Trusted Computing Base (TCB) that implements the reference monitor concept. A security kernel cannot achieve process isolation.

Techniques such as encapsulation, time multiplexing of shared resources, naming distinctions, and virtual mapping are used to employ the process isolation or separation principle. These separation principles are supported by incorporating the principle of least privilege.

159. Defining roles and responsibilities is important in identifying infected hosts with malware incidents before security incidents occur. Which of the following groups can primarily assist with changes in login scripts?

a. Security administrators

b. System administrators

c. Network administrators

d. Desktop administrators

159. d. Organizations should identify which individuals or groups can assist in infection identification efforts. Desktop administrators are good at identifying changes in login scripts along with Windows Registry or file scans, and good at implementing changes in login scripts. The roles of the other three administrators are different from separation of duties, independence, and objectivity viewpoints.

160. Which of the following is a reactive countermeasure in defending against worms?

a. Integrity checkers

b. Software patching

c. Host firewalls

d. Stateful firewalls