c. Similar security controls should be placed in series and in sequence to achieve defense-of-depth strategy.
d. Data-hiding techniques should be practiced during program testing and software maintenance.
142. c. Defending an information system requires safeguards to be applied throughout the system, as well as at points of entry. The selection and placement of security controls should be done in a way that progressively weakens or defeats all attacks. Having a series of similar controls in succession tends to only lengthen the duration of the attack, which is not good. Applying different types of controls that complement each other and are mutually supportive is a much more effective approach in achieving defense-in-depth strategy. Although the capabilities of available safeguards may overlap to some extent, the combined effect should exceed the effects of each control used individually.
The other three choices are true statements in achieving security in an application environment. The information system isolates security functions from nonsecurity functions implemented via partitions and domains that control access to and protects the integrity of the hardware, software, and firmware that perform those security functions. Safety functions should be kept separate from one another. The design of information systems and the design of protection mechanisms in those systems should be as simple as possible. Complexity is at the root of many security issues. The principle of data hiding should be useful during program testing and software maintenance.
143. Security controls and audit trails should be built into computer systems in which of the following system development life cycle (SDLC) phases?
a. System initiation phase
b. System development phase
c. System implementation phase
d. System operation phase
143. b. During the system development phase, the system is designed, purchased, programmed, developed, or otherwise constructed. During this phase, functional users and system/security administrators develop system controls and audit trails used during the operational phase.
144. Which of the following levels of the software capability maturity model deal with security requirements?
a. Initial level
b. Repeatable level
c. Defined level
d. Optimizing level
144. b. In the repeatability level of the software capability maturity model, system requirements are defined; these include security, performance, quality, and delivery dates. The purpose is to establish a common understanding between the customer and the software development project team. The other three choices are not correct because each level deals with specific requirements.
145. Which of the following is not a direct method to conduct data leakage attacks?
a. Trojan horse
b. Asynchronous attacks
c. Logic bombs
d. Scavenging methods
145. b. Data leakage is removal of data from a system by covert means, and it might be conducted directly through the use of Trojan horse, logic bomb, or scavenging methods. Asynchronous attacks are indirect attacks on a computer program that act by altering legitimate data or codes at a time when the program is idle and then causing the changes to be added to the target program at later execution.
146. Which of the following infects both boot-sectors and file-infectors?
a. Worm
b. Link virus
c. Multi-partite
d. Macro
146. c. Multi-partite viruses are a combination of both sector- and file-infector viruses, which can be spread by both methods. A worm is a self-replicating, self-contained program and does not require a host program. Link viruses manipulate the directory structure of the media on which they are stored, pointing the operating system to virus code instead of legitimate code. Macro viruses are stored in a spreadsheet or word processing document.
147. Countermeasures against hidden code attacks include which of the following?
1. Use war dialing software.
2. Use firewalls.
3. Use layered protections.
4. Disable active-content code.
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1 and 4
147. c. Hidden code attacks are based on data and information. Using layered protections and disabling active-content code (for example, ActiveX and JavaScript) from the Web browser are effective controls against such attacks. War dialing software is good at detecting trapdoors (backdoor modems) and not good against trapdoor attacks. Firewalls are effective against spoofing attacks.
