Читаем CISSP Practice полностью

a. Japan

b. Korea

c. Taiwan

d. Thailand

161. a. Japan is the only Pacific Rim nation whose law provides for trade secret protection. Computer programs can be a part of the trade secrets. The owner of a trade secret may request that the media on which the computer program is stored be destroyed. The other countries such as Korea, Taiwan, and Thailand do not have such laws or are in the process of developing one.

162. Which of the following logs are useful for security monitoring?

a. Network-based security software logs

b. Host-based security software logs

c. Operating system logs

d. Application system logs

162. d. Some applications, such as Web and e-mail services, can record usage information that might also be useful for security monitoring. (That is, a ten-fold increase in e-mail activity might indicate a new e-mail-borne malware threat.)

Both network-based and host-based security software logs contain basic security-related information such as user access profiles and access rights and permissions, which is not useful for security monitoring. Operating system logs collect information on servers, workstations, and network connectivity devices (e.g., routers and switches) that could be useful in identifying suspicious activity involving a particular host, but not useful for security monitoring.

163. From a computer security viewpoint, accountability of a person using a computer system is most closely tied to which of the following?

a. Responsibility

b. Usability

c. Traceability

d. Accessibility

163. c. The issue here is to determine who did what and when. For accountability to function, information about who attempted an action, what action, when, and what the results were must be logged. This log can be used to trace a person’s actions. The logs must not be subject to tampering or loss. Logs provide traceability of user actions.

Responsibility is a broader term defining obligations and expected behavior. The term responsibility implies a proactive stance on the part of the responsible party and a casual relationship between the responsible party and a given outcome. The term accountability refers to the ability to hold people responsible for their actions. People could be responsible for their actions but not held accountable. For example, an anonymous user on a system is responsible for not compromising security but cannot be held accountable if a compromise occurs because the action cannot be traced to an individual.

Usability is incorrect because it deals with a set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users.

Accessibility is incorrect because it is the ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system. Responsibility, usability, and accessibility are not traceable to an individual’s actions.

164. Detection measures are needed to identify computer-related criminal activities. Which one of the following measures is reactive in nature?

a. Recording all login attempts

b. Checking the system logs

c. Notifying someone about system anomalies

d. Limiting the number of login attempts

164. b. Reactive measures are designed to detect ongoing crimes and crimes that have already been committed. Such measures include performing regular audits of the system and checking the system logs generated automatically by the system. Proactive measures detect crimes before or as they are being committed. Examples include recording all login attempts, notifying the user or security officer about system anomalies by sounding an alarm or displaying a message, and limiting the number of login attempts before automatically disconnecting the login process.

165. Which one of the following is not intrinsically a computer crime or even a misdeed?

a. Wiretapping

b. Eavesdropping

c. Superzapping

d. Masquerading

165. c. Superzapping, a utility program in the IBM mainframe environment, can be thought of as the master key to the computer system. It unlocks most of the security safeguards and integrity controls. In the wrong hands, its use can be damaging. Use of supervisor privileges, root privileges, or the running of programs that bypass security controls is needed to troubleshoot certain operating system problems. In other words, superzapping can be used for both good and bad purposes. The problem is that no audit trail exists.