CISSP Practice полностью

172. d. Here, supported and unsupported means whether a company management has approved the acquisition, installation, and operation of hardware and software; approved in the former case and not approved in the latter case. System administrators should be taught how to independently monitor and remediate unsupported hardware, operating systems, and applications software because unsupported resources are vulnerable to exploitation. This is because non-compliant employees could have purchased and installed the unsupported hardware and software on their personal computers, which is riskier than the supported ones. A potential risk is that the unsupported systems could be incompatible with the supported systems and may not have the required security controls.

A list of supported resources is needed to analyze the inventory and identify those resources that are used within the organization. This allows the system administrators to know which hardware, operating systems, and applications will be checking for new patches, vulnerabilities, and threats. Note that not patching the unsupported systems can negatively impact the patching of the supported systems as they both coexist and operate on the same computer or network.

173. Which of the following is the best action to take when an information system media cannot be sanitized?

a. Clearing

b. Purging

c. Destroying

d. Disposal

173. c. An information system media that cannot be sanitized should be destroyed. Destroying is ensuring that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive to do.

Sanitization techniques include disposal, clearing, purging, and destruction. Disposal is the act of discarding media by giving up control in a manner short of destruction and is not a strong protection. Clearing is the overwriting of classified information such that that the media may be reused. Purging is the removal of obsolete data by erasure, by overwriting of storage, or by resetting registers. Clearing media would not suffice for purging.

174. Regarding a patch management program, which of the following benefits confirm that the remediations have been conducted appropriately?

1. Avoiding an unstable website

2. Avoiding an unusable website

3. Avoiding a security incident

4. Avoiding unplanned downtime

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4

174. d. There are understandable benefits in confirming that the remediations have been conducted appropriately, possibly avoiding a security incident or unplanned downtime. Central system administrators can send remediation information on a disk to local administrators as a safe alternative to an e-mail list if the network or the website is unstable or unusable.

175. Regarding a patch management program, which of the following should be used when comparing the effectiveness of the security programs of multiple systems?

1. Number of patches needed

2. Number of vulnerabilities found

3. Number of vulnerabilities per computer

4. Number of unapplied patches per computer

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4

175. d. Ratios, not absolute numbers, should be used when comparing the effectiveness of the security programs of multiple systems. Ratios reveal better information than absolute numbers. In addition, ratios allow effective comparison between systems. Number of patches needed and number of vulnerabilities found are incorrect because they deal with absolute numbers.

176. All the following are examples of denial-of-service attacks except:

a. IP address spoofing

b. Smurf attack

c. SYNflood attack

d. Sendmail attack

176. a. IP address spoofing is falsifying the identity of a computer system on a network. It capitalizes on the packet address the Internet Protocol (IP) uses for transmission. It is not an example of a denial-of-service attack because it does not flood the host computer.

Smurf, synchronized flood (SYNflood), and sendmail attacks are examples of denial-of-service attacks. Smurf attacks use a network that accepts broadcast ping packets to flood the target computer with ping reply packets. SYN flood attack is a method of overwhelming a host computer on the Internet by sending the host a high volume of SYN packets requesting a connection, but never responding to the acknowledgment packets returned by the host. Recent attacks against sendmail include remote penetration, local penetration, and remote denial of service.