CISSP Practice полностью

160. b. Software patching, being one of reactive (detective) countermeasures, is mostly done after vulnerability or programming/design error is discovered. These reactive methods have no hope of preventing fast-spreading worms or worms that use zero-day exploits to carry out their attacks.

The other three choices are examples of proactive (preventive) countermeasures. Integrity checkers keep cryptographic hashes of known good instances of files so that integrity comparisons can be made at any time. Host firewalls enforce rules that define the manner in which specific applications may use the network. Stateful firewalls keep track of network connections and monitor their state.

161. Which of the following is an effective means of preventing and detecting computer viruses coming from outside into a network?

a. Install an antivirus program on the network.

b. Install an antivirus program on each personal computer.

c. Certify all removable media disks prior to their use.

d. Train all employees about potential risks.

161. c. It is a common practice for some organizations to certify all removable media disks coming into the organization from outside prior to their use. This is done by a centralized group for the entire location and requires testing the disk for possible inclusion of viruses. The other three choices are effective as internal protection mechanisms against viruses.

162. All the following are examples of measures to defend against computer viruses except:

a. Access controls

b. Audit trails

c. Passwords

d. Least privilege principle

162. c. Passwords are administrative controls; although, access controls are technical controls. Access controls include discretionary access controls and mandatory access controls. An audit trail is the collection of data that provides a trace of user actions, so security events can be traced to the actions of a specific individual. To fully implement an audit trails program, audit reduction and analysis tools are also required. Least privilege is a concept that deals with limiting damage through the enforcement of separation of duties. It refers to the principle that users and processes should operate with no more privileges than those needed to perform the duties of the role they are currently assuming.

163. Which of the following security principle balances various variables such as cost, benefit, effort, value, time, tools, techniques, gain, loss, risks, and opportunities involved in a successful compromise of security features?

a. Compromise recording

b. Work factor

c. Psychological acceptability

d. Least common mechanism

163. b. The goal of work factor principle is to increase an attacker’s work factor in breaking an information system or a network’s security features. The amount of work required for an attacker to break the system or network (work factor) should exceed the value that the attacker would gain from a successful compromise. Various variables such as cost and benefit; effort; value (negative and positive); time; tools and techniques; gains and losses; knowledge, skills, and abilities (KSAs); and risks and opportunities involved in a successful compromise of security features must be balanced.

The principle of compromise recording means computer or manual records and logs should be maintained so that if a compromise does occur, evidence of the attack is available. The recorded information can be used to better secure the host or network in the future and can assist in identifying and prosecuting attackers.

The principle of psychological acceptability encourages the routine and correct use of protection mechanisms by making them easy to use, thus giving users no reason to attempt to circumvent them. The security mechanisms must match the user’s own image of protection goals.

The principle of least common mechanism requires the minimal sharing of mechanisms either common to multiple users or depended upon by all users. Sharing represents possible communications paths between subjects used to circumvent security policy.

164. Certification and accreditation needs must be considered in all the following phases of system development life cycle except:

a. Initiation

b. Development/acquisition

c. Implementation

d. Operation/maintenance