Virtual machine (VM) is software that allows a single host computer to run one or more guest operating systems. Because each VM is identical to the true hardware, each one can run any operating system that will run directly on the hardware. In fact, different VMs can run different operating systems.
VMs can be used to prevent potentially malicious software from using the operating system for illicit actions. They typically lie between the operating system and the physical hardware. This mediation layer between the software and hardware is a powerful feature that prevents potentially malicious software from interfacing directly with real hardware.
VMs normally provide virtual resources to the operating system. Worms that attempt to run in such an environment can damage only the virtual resources and not the true operating system or hardware. VMs can also help a user recover their system, after an attack has been detected. They often have the capability to restore the system to a previous, uninfected state. Virtual computing and virtualized networking are a part of virtualization techniques or technologies.
187. Which of the following is an example of risk on the client side of a network?
a. Software development tools
b. Scripts
c. Document formats
d. Active-X controls
187. d. On the browser (client) side, unnecessary plug-ins, add-ons, or Active-X controls should be removed. It is also recommended to substitute programs with lesser functionality in lieu of fully capable helper applications or plug-ins.
The other three choices are risks from the server side. On the server side, any unnecessary software not needed in providing Web services should be removed as well, particularly any software development tools that could be used to further an attack if an intruder should gain an initial foothold. Ideally, server-side scripts should constrain users to a small set of well-defined functionality and validate the size and values of input parameters so that an attacker cannot overrun memory boundaries or piggyback arbitrary commands for execution. Scripts should be run only with minimal privileges (i.e., nonadministrator) to avoid compromising the entire website in case the scripts have security flaws. Potential security weaknesses can be exploited even when Web applications run with low privilege settings. For example, a subverted script could have enough privileges to mail out the system password file, examine the network information maps, or launch a login to a high numbered port.
Whenever possible, content providers and site operators should provide material encoded in less harmful document formats. For example, if document distillers are not available to convert textual documents into portable document format (PDF), an alternative is to make available a version in .rtf (rich text format), rather than a proprietary word processing format.
188. Which of the following is an issue when dealing with information cross-domains?
a. Authentication policy
b. Level of trust
c. Common infrastructure
d. Shared infrastructure
188. b. An information domain is a set of active entities (e.g., person, process, or devices) and their data objects. The level of trust is always an issue when dealing with cross-domain interactions due to untrusted sources.
Authentication policy and the use of a common and shared infrastructure with appropriate protections at the operating system, application system, and workstation levels are some of solutions for ensuring effective cross-domain interactions.
189. Which of the following approaches isolates public-access systems from mission-critical resources?
1. Physical isolation
2. Demilitarized zones
3. Screened subnets
4. Security policies and procedures
a. 1 and 2
b. 2 and 3
c. 1 and 4
d. 1, 2, 3, and 4
189. d. Mission-critical resources include data, systems, and processes, which should be protected from public-access systems either physically or logically. Physical isolation may include ensuring that no physical connection exists between an organization’s public information resources and an organization’s critical information. When implementing a logical isolation solution, layers of security services and mechanisms should be established between public systems and secure private systems responsible for protecting mission-critical resources. Security layers may include using network architecture designs such as demilitarized zones (DMZ) and screened subnets. Finally, system designers and administrators should enforce organizational security policies and procedures regarding use of public-access systems.
190. Enclave boundary for information assurance is defined as which of the following?
1. The point at which information enters an organization
2. The point at which information leaves an enclave
3. The physical location is relevant to an organization
4. The logical location is relevant to an enclave
a. 1 and 3
b. 2 and 4
c. 3 and 4
d. 1, 2, 3, and 4
190. d. The enclave boundary is the point at which information enters or leaves the enclave or organization. Due to multiple entry and exit points, a layer of protection is needed to ensure that the information entering does not affect the organization’s operation or resources, and that the information leaving is authorized. Information assets exist in physical and logical locations and boundaries exist between these locations.
191. Operations, one of the principal aspects of the defense-in-depth strategy does not include which of the following?
a. Readiness assessments
b. Security management
c. Cryptographic key management
d. Physical security
191. d. Physical security is a part of the people principal, whereas all the other three choices are part of the operations principal.
192. Border routers, firewalls, and software/hardware guards provide which of the following?
a. First line-of-defense
b. Second line-of-defense
c. Last-of-defense
d. Multiple lines-of-defense
192. a. Border routers, firewalls, and software/hardware guards provide a first line-of-defense against network compromises (e.g., attacks by outsiders). The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems.
193. How is a Common Gateway Interface (CGI) script vulnerable?
a. Because it is interpreted.
b. Because it gives root access.
c. Because it accepts checked input.