CISSP Practice полностью

14. Effective means to incident prevention do not include which of the following?

a. Awareness

b. Logs and alerts

c. Compliance

d. Common sense

14. b. Effective means to incident prevention include awareness, compliance, and common sense. Logs and alerts are detective in nature.

15. Which of the following is used to distribute illegal content such as copies of copyrighted songs and movies?

a. Quarantine server

b. Remote access server

c. Warez server

d. E-mail server

15. c. A Warez server is a file server that is used to distribute illegal content such as copies of copyrighted songs and movies as well as pirated software.

16. Log monitoring cannot assist efforts in which of the following?

a. Incident handling

b. Policy violations

c. Auditing

d. Data sources

16. d. Various forensic tools and techniques can assist in log monitoring, such as analyzing log entries and correlating log entries across multiple systems. This can assist in incident handling, identifying policy violations, auditing, and other efforts. Data sources include desktops, laptops, servers, removable hard drives, and backup media. Data sources cannot assist in log monitoring.

17. Which of the following requires accountability of a data controller?

a. Organization for Economic Co-Operation and Development (OECD)

b. International organization for standards (ISO)

c. The Common Criteria (CC)

d. The Internet Engineering Task Force (IETF)

17. a. The Organization for Economic Co-Operation and Development (OECD) guidelines cover data collection limitations, quality of data, limitations on data use, information system security safeguards, and accountability of the data controller. The ISO, CC, and IETF do not require a data controller.

18. Regarding the United States import and export laws about using encryption in products exporting to trading partners in the world, which of the following is required to monitor internal communications or computer systems and to prepare for disaster recovery?

a. Key renewal

b. Key escrow

c. Key retrieval

d. Key transport

18. b. A key escrow system entrusts the two components (encryption and decryption) comprising a cryptographic key to two key component holders such as escrow agents. A key component is the two values from which a key can be derived. Key escrow is a recovery control to protect privacy and commerce in a way that preserves the U.S. law enforcement’s ability to monitor internal communications using computer systems in order to protect public safety and national security and to prepare for disaster recovery. Data cannot be recovered if either the encryption key or the decryption key is lost, damaged, or destroyed.

The other three choices are incorrect because they cannot help in key recovery. Key renewal is the process used to extend the validity period of a cryptographic key so that it can be used for an additional time period. Key retrieval helps to obtain a cryptographic key from active or archived electronic storage or from a backup facility. Key transport is the secure movement of cryptographic keys from one cryptographic module to another module.

19. Which of the following minimizes the potential for incident encroachment?

1. Firewalls

2. Laws

3. Separation of duties

4. Regulations

a. 1 and 2

b. 2 and 4

c. 1 and 3

d. 3 and 4

19. c. Firewalls and separation of duties minimize the potential for incident encroachment. A firewall is a technical safeguard that provides separation between activities, systems, or system components so that a security failure or weakness in one is contained and has no impact on other activities or systems (e.g., enforcing separation of the Internet from a local-area network).

The objective of separation of duties is to ensure that no single individual (acting alone) can compromise an application. In both cases, procedural and technical safeguards are used to enforce a basic security policy in that high risk activities should be segregated from low-risk activities and that one person should not be able to compromise a system. These two controls when combined provide a strong barrier for incidents to occur, which minimize the potential for incident encroachment.

Laws and regulations guide the security objectives and form the foundation for developing basic security policies and controls.