Читаем CISSP Practice полностью

202. d. Configuration management and control ensures adequate consideration of the potential security impacts due to specific changes to an information system or its surrounding environment. It is a task performed in the operation/maintenance phase.

203. Continuous monitoring is performed in which of the following phases of a system development life cycle (SDLC)?

a. Initiation

b. Development/acquisition

c. Implementation

d. Operations/maintenance

203. d. Continuous monitoring ensures that controls continue to be effective in their application through periodic testing and evaluation. It is a task performed in the operation/maintenance phase.

204. Which of the following are examples of local threats in Windows Extreme Programming (XP) systems?

a. Unauthorized local access and malicious payloads

b. Boot process and privilege escalation

c. Network services and data disclosure

d. Boot process and data disclosure

204. b. Local threats in Windows XP systems include boot process, unauthorized local access, and privilege escalation. A boot process threat results when an unauthorized individual boots a computer from third-party media (for example, removable drives and universal serial bus [USB] token storage devices), which permits the attacker to circumvent operating system security measures. An unauthorized local-access threat results when an individual who is not permitted to access a computer system gains local access. A privilege escalation threat results when an authorized user with normal user-level rights escalates the account’s privileges to gain administrator-level access.

Remote threats in Windows XP systems include network services, data disclosure, and malicious payloads. A network service threat results when remote attackers exploit vulnerable network services on a computer system. This includes gaining unauthorized access to services and data, and causing a denial-of-service (DoS) condition. A data disclosure threat results when a third party intercepts confidential data sent over a network. A malicious payload threat results when malicious payloads (for example, viruses, worms, Trojan horses, and active content) attack computer systems through many vectors. System end users may accidentally trigger malicious payloads.

205. Attackers can use which of the following flaws to attack back-end components through a Web application?

a. Broken access control

b. Invalidated input

c. Broken authentication

d. Cross-site scripting flaws

205. b. According to the open Web application security project, information from Web requests is not validated before being used by a Web application leading to vulnerability from invalidated input.

206. What do you call it when attacks consume Web application resources to a point where other legitimate users can no longer access or use the application?

a. Buffer overflows

b. Injection flaws

c. Denial-of-service

d. Improper error handling

206. c. In denial-of-service attacks, attackers can consume Web application resources to a point where other legitimate users can no longer access or use the application. Attackers can also lock users out of their accounts or even cause the entire application to fail.

207. What do you call it when an attack can cause errors to occur, which the Web application does not handle?

a. Buffer overflows

b. Injection flaws

c. Denial-of-service

d. Improper error handling

207. d. Improper error handling means error conditions that occur during normal operation are not handled properly. If an attacker can cause errors to occur that the Web application does not handle, they can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server.

208. The information systems security analyst’s participation in which of the following system development life cycle (SDLC) phases provides maximum benefit to the organization?

a. System requirements definition

b. System design

c. Program development

d. Program testing