1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 181
Выбрать главу

72. d. Software cages or quarantine mechanisms (technical safeguards) can constrain a program’s code behavior during its execution by dynamically intercepting and thwarting attempts by the subject code to take unacceptable actions that violate security policy. The other three choices are examples of management and operational safeguards.

73. To mitigate the risks of using active content, which of the following is an example of a technical safeguard?

a. Version control

b. Digital signatures

c. Patch management

d. System isolation

73. b. Digital signatures can prevent a program code execution unless it is digitally signed by a trusted source (a technical safeguard). The other three choices are examples of management and operational safeguards.

74. To mitigate the risks of using active content, which of the following is an example of a technical safeguard?

a. Virtualization

b. Isolate proprietary program components

c. Proof carrying code

d. Isolate tightly bounded programs

74. c. Proof carrying code (a technical safeguard) contains the safety properties of the program code. The code and the proof are sent together to the code consumer (user) where the safety properties can be verified before the code is executed. The other three choices are examples of management and operational safeguards.

75. Which of the following statements are true about the operation of a trusted platform module (TPM) chip?

1. TPM chip is circumvented when it is shut off with physical access.

2. TPM chip has an owner password to protect data confidentiality.

3. TPM data is not cleared when the TPM chip is reset after the password is lost.

4. TPM data or owner password should be backed up to an alternative secure location.

a. 1 and 3

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

75. b. Each trusted platform module (TPM) chip requires an owner password to protect data confidentiality. Hence, the selected passwords should be strong. Either the owner password or the data on the TPM should be backed up to an alternative secure location. The TPM chip cannot be circumvented even after it is shut off by someone with physical access to the system because the chip is residing on the computer motherboard. If the owner password is lost, stolen, or forgotten, the chip can be reset by clearing the TPM, but this action also clears all data stored on the TPM.

76. A trusted platform module (TPM) chip can protect which of the following?

1. Digital signatures

2. Digital certificates

3. Passwords

4. Cryptographic keys

a. 1 and 2

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

76. c. A trusted platform module (TPM) chip is a tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys.

The TPM chip cannot protect the digital signatures and certificates because they require complex cryptographic algorithms for digital signature generation and verification and for validating the digital certificates.

77. Which of the following security controls are needed to protect digital and nondigital media at rest on selected secondary storage devices?

1. Cryptography

2. Physical security controls

3. Locked storage container

4. Procedural security controls

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

77. a. Both digital and nondigital media should be protected with cryptography (encryption) and physical security controls when they are at rest on selected secondary storage devices. Locked storage containers and procedural security controls are not appropriate for media at rest.

78. Polyinstantiation approaches are designed to solve which of the following problems in databases?

a. Lack of tranquility

b. Lack of reflexivity

c. Lack of transitivity

d. Lack of duality

78. a. Lack of tranquility exposes what has been called the “multiple update conflict” problem. Polyinstantiation approaches are the best solution to this problem. Tranquility is a property applied to a set of controlled entities saying that their security level may not change. The principle behind tranquility is that changes to an object’s access control attributes are prohibited as long as any subject has access to the object. Reflexivity and transitivity are two basic information flow properties. Duality is a relationship between nondisclosure and integrity.

79. Which of the following strategies is used to protect against risks and vulnerabilities at every stage of system, network, and product life cycles?

a. Defense-in-breadth

b. Defense-in-depth

c. Defense-in-technology

d. Defense-in-time

79. a. A defense-in-breadth strategy is used to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or product life cycle. This is accomplished through the use of complementary, mutually reinforcing security strategies to mitigate threats, vulnerabilities, and risks.

Defense-in-depth uses layers of security, defense-in technology uses compatible technology platforms, and defense-in-time considers different time zones in the world to operate global information systems.

80. Which of the following is a true statement about Active-X content?

1. It is language-dependent.

2. It is platform-specific.

3. It is language-independent.

4. It is not platform-specific.

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1 and 4

80. b. Because Active-X is a framework for Microsoft’s software component technology, it is platform-specific in that Active-X contents can be executed on a 32-bit or 64-bit Windows platform. It is language-independent because Active-X contents can be written in several different languages, including C, C++, Visual Basic, and Java. Note that Java, Active-X, and plug-ins can be malicious or hostile.

81. What does implementing security functions in an information system using a layered structure mean?

1. Using multilevel secure systems

2. Using multiple security level systems

3. Avoiding any dependence by lower layers on the functionality of higher layers

4. Minimizing interactions between layers of the design

a. 1 and 3

b. 2 and 4

c. 3 and 4

d. 1, 2, 3, and 4

81. c. Security functions in an information system should be implemented by using a layered structure that minimizes interactions between layers of the design and that avoids any dependence by lower layers on the functionality or correctness of higher layers.

~ 181 ~