Читаем CISSP Practice полностью

170. The person who most frequently reports illegal copying and use of vendor-developed PC-based software in an organization to either government officers or to the software vendor representative is:

a. Systems consultants

b. Software dealers

c. Hard disk loaders

d. Disgruntled employees

170. d. In a majority of cases (90-95 percent) illegal copying and use of software is reported by disgruntled employees. The other tips tend to come from systems consultants who work at client sites. Software dealers and hard disk loaders would not report because they are usually involved in illegal copying of the software for their customers.

171. Which of the following logs can be helpful in identifying sequences of malicious events?

a. Network-based security software logs

b. Host-based security software logs

c. Operating system logs

d. Application system logs

171. d. Application system logs generate highly detailed logs that reflect every user request and response, which can be helpful in identifying sequences of malicious events and determining their apparent outcome. For example, many Web, file transfer protocol (FTP), and e-mail servers can perform such application logging.

Both network-based and host-based security software logs contain basic security-related information such as user access profiles and access rights and permissions, which is not helpful in identifying sequences of malicious events. Operating system logs collect information on servers, workstations, and network connectivity devices (for example, routers and switches) that could be useful in identifying suspicious activity involving a particular host, but is not helpful in identifying sequences of malicious events.

172. A single and effective control procedure to detect illegal use of copyrighted software in the organization is to:

a. Send an electronic-mail questionnaire to all users.

b. Remind all users periodically not to use illegally obtained software.

c. Develop a software inventory management tool and periodically compare the inventory software list to company purchase orders.

d. Develop a software anti-piracy policy immediately and distribute to all users without fail.

172. c. With the use of either a publicly available software inventory management tool or utility program, the software searches hard disks for the presence of popular applications, and a list is prepared when a match is found. The list is then compared to company issued purchase orders. When illegal software is found, it is destroyed, and a new one is purchased. The software inventory management tool is the best means to do software audits, and it can be managed remotely by system administrators, who are independent from users. The actions suggested in the other three choices are superficial and do not achieve the same purpose as the software inventory management system.

173. Which one of the following statements is true about application software source code escrow?

a. It uses a key escrow system.

b. It is placing computer programs in a bank vault.

c. It is meaningless without an object code escrow.

d. It is placing computer programs under third-party custody.

173. d. Many application software vendors do not release the source code to the purchaser. This is intended to protect their system’s integrity and copyright. The application system is installed in object code. An alternative to receiving the source programs is to establish an escrow agreement by a third-party custodian. In this agreement, the purchaser is allowed to access source programs under certain conditions (e.g., vendor bankruptcy and discontinued product support). A third party retains these programs and documents in escrow. Key escrow system is incorrect because it has nothing to do with application software escrow. A key escrow system is a system that entrusts the two components (private and public key) comprising a cryptographic key used in encryption to two key component holders or escrow agents. Computer programs in a bank vault are incorrect because they do not need to be placed in a bank vault. They can be placed with a third party agent regardless of the location. Object code is incorrect because it is not escrowed; only the source code is.

174. Which of the following statements about Cyberlaw (i.e., law dealing with the Internet) is true?