109. a. Functional users have the utmost responsibility in initiating audit trails in their computer systems for tracing and accountability purposes. Systems and security administrators help in designing and developing these audit trails. System auditors review the adequacy and completeness of audit trails and issue an opinion whether they are effectively working. Auditors do not initiate, design, or develop audit trails due to their independence in attitude and appearance as dictated by their Professional Standards.
110. The automatic termination and protection of programs when a failure is detected in a computer system are called a:
a. Fail-safe
b. Fail-soft
c. Fail-over
d. Fail-open
110. a. The automatic termination and protection of programs when a failure is detected in a computer system is called fail-safe. The selective termination of affected nonessential processing when a failure is detected in a computer system is called a fail-soft. Fail-over means switching to a backup mechanism. Fail-open means that a program has failed to open due to errors or failures.
111. An inexpensive security measure is which of the following?
a. Firewalls
b. Intrusion detection
c. Audit trails
d. Access controls
111. c. Audit trails provide one of the best and most inexpensive means for tracking possible hacker attacks, not only after attack, but also during the attack. You can learn what the attacker did to enter a computer system, and what he did after entering the system. Audit trails also detect unauthorized but abusive user activity. Firewalls, intrusion detection systems, and access controls are expensive when compared to audit trails.
112. What is the residual physical representation of data that has been in some way erased called?
a. Clearing
b. Purging
c. Data remanence
d. Destruction
112. c. Data remanence is the residual physical representation of data that has been in some way erased. After storage media is erased, there may be some physical characteristics that allow the data to be reconstructed, which represents a security threat. Clearing, purging, and destruction are all risks involved in storage media. In clearing and purging, data is removed, but the media can be reused. The need for destruction arises when the media reaches the end of its useful life.
113. Which of the following methods used to safeguard against disclosure of sensitive information is effective?
a. Degaussing
b. Overwriting
c. Encryption
d. Destruction
113. c. Encryption makes the data unreadable without the proper decryption key. Degaussing is a process whereby the magnetic media is erased, i.e., returned to its initial virgin state. Overwriting is a process whereby unclassified data are written to storage locations that previously held sensitive data. The need for destruction arises when the media reaches the end of its useful life.
114. Magnetic storage media sanitization is important to protect sensitive information. Which of the following is not a general method of purging magnetic storage media?
a. Overwriting
b. Clearing
c. Degaussing
d. Destruction
114. b. The removal of information from a storage medium such as a hard disk or tape is called sanitization. Different kinds of sanitization provide different levels of protection. Clearing information means rendering it unrecoverable by keyboard attack, with the data remaining on the storage media. There are three general methods of purging magnetic storage media: overwriting, degaussing, and destruction. Overwriting means obliterating recorded data by writing different data on the same storage surface. Degaussing means applying a variable, alternating current fields for the purpose of demagnetizing magnetic recording media, usually tapes. Destruction means damaging the contents of magnetic media through shredding, burning, or applying chemicals.
115. Which of the following redundant array of independent disks (RAID) technology classifications increases disk overhead?
a. RAID-1
b. RAID-2
c. RAID-3
d. RAID-4
