CISSP Practice полностью

177. Ping-of-death is an example of which of the following?

a. Keyboard attack

b. Stream attack

c. Piggyback attack

d. Buffer overflow attack

177. d. The ping-of-death is an example of buffer overflow attack, a part of a denial-of-service attack, where large packets are sent to overfill the system buffers, causing the system to reboot or crash.

A keyboard attack is a resource starvation attack in that it consumes system resources (for example, CPU utilization and memory), depriving legitimate users. A stream attack sends TCP packets to a series of ports with random sequence numbers and random source IP addresses, resulting in high CPU usage. In a piggybacking attack, an intruder can gain unauthorized access to a system by using a valid user’s connection.

178. Denial-of-service attacks compromise which one of the following properties of information systems?

a. Integrity

b. Availability

c. Confidentiality

d. Reliability

178. b. A denial-of-service (DoS) is an attack in which one user takes up so much of the shared resource that none of the resource is left for other users. It compromises the availability of system resources (for example, disk space, CPU, print paper, and modems), resulting in degradation or loss of service.

A DoS attack does not affect integrity because the latter is a property that an object is changed only in a specified and authorized manner. A DoS attack does not affect confidentiality because the latter is a property ensuring that data is disclosed only to authorized subjects or users. A DoS attack does not affect reliability because the latter is a property defined as the probability that a given system is performing its mission adequately for a specified period of time under the expected operating conditions.

179. Which of the following is the most complex phase of incident response process for malware incidents?

a. Preparation

b. Detection

c. Recovery

d. Remediation

179. c. Of all the malware incident-response life-cycle phases, recovery phase is the most complex. Recovery involves containment, restore, and eradication. Containment addresses how to control an incident before it spreads to avoid consuming excessive resources and increasing damage caused by the incident. Restore addresses bringing systems to normal operations and hardening systems to prevent similar incidents. Eradication addresses eliminating the affected components of the incident from the overall system to minimize further damage to it.

More tools and technologies are relevant to the recovery phase than to any other phase; more technologies mean more complexity. The technologies involved and the speed of malware spreading make it more difficult to recover.

The other three phases such as preparation, detection, and remediation are less complex. The scope of preparation and prevention phase covers establishing plans, policies, and procedures. The scope of detection phase covers identifying classes of incidents and defining appropriate actions to take. The scope of remediation phase covers tracking and documenting security incidents on an ongoing basis to help in forensics analysis and in establishing trends.

180. Which of the following determines the system availability rate for a computer-based application system?

a. (Available time / scheduled time) x 100

b. [(1 + available time) / (scheduled time)] x 100

c. [(Available time)/(1 – scheduled time)] x 100

d. [(Available time – scheduled time) / (scheduled time)] x 100

180. a. System availability is expressed as a rate between the number of hours the system is available to the users during a given period and the scheduled hours of operation. Overall hours of operation also include sufficient time for scheduled maintenance activities. Scheduled time is the hours of operation, and available time is the time during which the computer system is available to the users.

181. A computer security incident was detected. Which of the following is the best reaction strategy for management to adopt?

a. Protect and preserve

b. Protect and recover

c. Trap and prosecute

d. Pursue and proceed