Читаем CISSP Practice полностью

205. Which of the following protects the confidentiality of information against a laboratory attack?

a. Disposal

b. Clearing

c. Purging

d. Disinfecting

205. c. A laboratory attack is a data scavenging method through the aid of what could be precise or elaborate and powerful equipment. This attack involves using signal-processing equipment and specially trained personnel. Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack and renders the sanitized data unrecoverable. This is accomplished through the removal of obsolete data by erasure, by overwriting of storage, or by resetting registers.

The other three choices are incorrect. Disposal is the act of discarding media by giving up control in a manner short of destruction, and is not a strong protection. Clearing is the overwriting of classified information such that the media may be reused. Clearing media would not suffice for purging. Disinfecting is a process of removing malware within a file.

206. Computer fraud is increased when:

a. Employees are not trained.

b. Documentation is not available.

c. Audit trails are not available.

d. Employee performance appraisals are not given.

206. c. Audit trails indicate what actions are taken by the system. Because the system has adequate and clear audit trails deters fraud perpetrators due to fear of getting caught. For example, the fact that employees are trained, documentation is available, and employee performance appraisals are given (preventive measures) does not necessarily mean that employees act with due diligence at all times. Hence, the need for the availability of audit trails (detection measures) is very important because they provide a concrete evidence of actions and inactions.

207. Which of the following is not a prerequisite for system monitoring?

a. System logs and audit trails

b. Software patches and fixes

c. Exception reports

d. Security policies and procedures

207. c. Exception reports are the result of a system monitoring activity. Deviations from standards or policies will be shown in exception reports. The other three choices are needed before the monitoring process starts.

208. What is the selective termination of affected nonessential processing when a failure is detected in a computer system called?

a. Fail-safe

b. Fail-soft

c. Fail-over

d. Fail-under

208. b. The selective termination of affected nonessential processing when a failure is detected in a computer system is called fail-soft. The automatic termination and protection of programs when a failure is detected in a computer system is called a fail-safe. Fail-over means switching to a backup mechanism. Fail-under is a meaningless phrase.

209. What is an audit trail is an example of?

a. Recovery control

b. Corrective control

c. Preventive control

d. Detective control

209. d. Audit trails show an attacker’s actions after detection; hence they are an example of detective controls. Recovery controls facilitate the recovery of lost or damaged files. Corrective controls fix a problem or an error. Preventive controls do not detect or correct an error; they simply stop it if possible.

210. From a best security practices viewpoint, which of the following falls under the ounce-of-prevention category?

a. Patch and vulnerability management

b. Incident response

c. Symmetric cryptography

d. Key rollover

210. a. It has been said that “An ounce of prevention equals a pound of cure.” Patch and vulnerability management is the “ounce of prevention” compared to the “pound of cure” in the incident response, in that timely patches to software reduce the chances of computer incidents.

Symmetric cryptography uses the same key for both encryption and decryption, whereas asymmetric cryptography uses separate keys for encryption and decryption, or to digitally sign and verify a signature. Key rollover is the process of generating and using a new key (symmetric or asymmetric key pair) to replace one already in use.

211. Which of the following must be manually keyed into an automated IT resources inventory tool used in patch management to respond quickly and effectively?

a. Connected network port

b. Physical location

c. Software configuration

d. Hardware configuration