CISSP Practice полностью

Controlled interfaces are incorrect because they include devices such as proxies, gateways, routers, firewalls, and encrypted tunnels provide controlled interfaces to the Internet or external networks.

184. From a security policy viewpoint, a survivable system should be built based on a specific:

a. Hardware

b. Software

c. Architecture

d. Vendor

184. c. An architecture-based approach should be taken to achieve survivability. That is, one should take an approach where design issues, rather than specific hardware or software products or vendors, are key to creating such a system.

185. Which of the following memory protection mechanisms can eliminate the possibility of malicious code insertion?

a. System partitioning

b. Nonmodifiable executable programs

c. Resource isolation

d. Domain separation

185. b. A nonmodifiable executable program is the one that loads and executes the operating environment and application system from hardware-enforced and read-only media (e.g., CD-R/DVD-R disk drives). The term operating environment is defined as the code upon which application systems are hosted (e.g., a monitor, executive, operating system, or application system running directly on the hardware platform). Use of nonmodifiable storage ensures the integrity of the software program from the point of creation of the read-only image. It can eliminate the possibility of malicious code insertion via persistent, writeable storage.

System partitioning means breaking the system into components to reside in separate physical domains or environments as deemed necessary. Resource isolation is the containment of subjects and objects in a system in such a way that they are separated from one another. Domain separation relates to the mechanisms that protect objects in the system.

186. Which of the following provides organizations with the ability to disguise information systems and to reduce the likelihood of successful attacks without the cost of having multiple platforms?

a. Virtual computing

b. Virtual machine software

c. Virtualization technologies

d. Virtualized networking

186. c. Virtualization technologies provide organizations with the ability to disguise information systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. Although frequent changes to operating systems and application systems pose configuration management challenges, the changes result in an increased work factor for adversaries to carry out successful attacks. Changing the apparent operating system or application system, as opposed to the actual operating system or application system, results in virtual changes that still impede attacker success while helping to reduce the configuration management effort. To achieve this goal, organizations should employ randomness in the implementation of the virtualization technologies.

Many virtualization solutions allow more than one operating system to run on a single computer simultaneously, each appearing as if it were a real computer. This has become popular recently because it allows organizations to make more effective use of computer hardware. Most of these types virtualization systems include virtualized networking, which allows the multiple operating systems to communicate as if they were on standard Ethernet, even though there is no actual networking hardware.

Virtual machine (VM) is software that allows a single host computer to run one or more guest operating systems. Because each VM is identical to the true hardware, each one can run any operating system that will run directly on the hardware. In fact, different VMs can run different operating systems.

VMs can be used to prevent potentially malicious software from using the operating system for illicit actions. They typically lie between the operating system and the physical hardware. This mediation layer between the software and hardware is a powerful feature that prevents potentially malicious software from interfacing directly with real hardware.

VMs normally provide virtual resources to the operating system. Worms that attempt to run in such an environment can damage only the virtual resources and not the true operating system or hardware. VMs can also help a user recover their system, after an attack has been detected. They often have the capability to restore the system to a previous, uninfected state. Virtual computing and virtualized networking are a part of virtualization techniques or technologies.