1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 206
Выбрать главу

c. Using faster network connection

d. Using RAID technology

48. b. Backing up at the file server is effective for a local-area network due to its greater storage capacity. Backing up at the workstation lacks storage capacity, and redundant array of independent disks (RAID) technology is mostly used for the mainframe. Using faster network connection increases the speed but not backup.

49. Network reliability is increased most with which of the following?

a. Alternative cable

b. Alternative network carrier

c. Alternative supplies

d. Alternative controllers

49. b. An alternative network carrier as a backup provides the highest reliability. If the primary carrier goes down, the backup can still work. The other three choices do provide some reliability, but not the ultimate reliability as with the alternative network carrier.

50. In a local-area network environment, which of the following requires the least redundancy planning?

a. Cables

b. Servers

c. Power supplies

d. Hubs

50. d. Many physical problems in local-area networks (LANs) are related to cables because they can be broken or twisted. Servers can be physically damaged due to disk head crash or power irregularities such as over or under voltage conditions. An uninterruptible power supply provides power redundancy and protection to servers and workstations. Servers can be disk duplexed for redundancy. Redundant topologies such as star, mesh, or ring can provide a duplicate path should a main cable link fail. Hubs require physical controls such as lock and key because they are stored in wiring closets; although, they can also benefit from redundancy, which can be expensive. Given the choices, it is preferable to have redundant facilities for cables, servers, and power supplies.

51. System reliability controls for hardware include which of the following?

a. Mechanisms to decrease mean time to repair and to increase mean time between failures

b. Redundant computer hardware

c. Backup computer facilities

d. Contingency plans

51. a. Mean time to repair (MTTR) is the amount of time it takes to resume normal operation. It is expressed in minutes or hours taken to repair computer equipment. The smaller the MTTR for hardware, the more reliable it is. Mean time between failures (MTBF) is the average length of time the hardware is functional. MTBF is expressed as the average number of hours or days between failures. The larger the MTBF for hardware, the more reliable it is.

Redundant computer hardware and backup computer facilities are incorrect because they are examples of system availability controls. They also address contingencies in case of a computer disaster.

52. Fail-soft control is an example of which of the following?

a. Continuity controls

b. Accuracy controls

c. Completeness controls

d. Consistency controls

52. a. As a part of the preventive control category, fail-soft is a continuity control. It is the selective termination of affected nonessential processing when a hardware or software failure is detected in a computer system. A computer system continues to function because of its resilience.

Accuracy controls are incorrect because they include data editing and validation routines. Completeness controls are incorrect because they look for the presence of all the required values or elements. Consistency controls are incorrect because they ensure repeatability of certain transactions with the same attributes.

53. Information availability controls do not include which of the following?

a. Backup and recovery

b. Storage media

c. Physical and logical security

d. Alternative computer equipment and facilities

53. b. Storage media has nothing to do with information availability. Data will be stored somewhere on some media. It is not a decision criterion. Management’s goal is to gather useful information and to make it available to authorized users. System backup and recovery procedures and alternative computer equipment and facilities help ensure that the recovery is as timely as possible. Both physical and logical access controls become important. System failures and other interruptions are common.

54. From an operations viewpoint, the first step in contingency planning is to perform a(n):

a. Operating systems software backup

b. Applications software backup

c. Documentation backup

d. Hardware backup

54. d. Hardware backup is the first step in contingency planning. All computer installations must include formal arrangements for alternative processing capability in the event their data center or any portion of the work environment becomes disabled. These plans can take several forms and involve the use of another data center. In addition, hardware manufacturers and software vendors can be helpful in locating an alternative processing site and in some cases provide backup equipment under emergency conditions. The more common plans are service bureaus, reciprocal arrangements, and hot sites.

After hardware is backed up, operating systems software is backed up next, followed by applications software backup and documentation.

55. The primary contingency strategy for application systems and data is regular backup and secure offsite storage. From an operations viewpoint, which of the following decisions is least important to address?

a. How often is the backup performed?

b. How often is the backup stored offsite?

c. How often is the backup used?

d. How often is the backup transported?

55. c. Normally, the primary contingency strategy for applications and data is regular backup and secure offsite storage. Important decisions to be addressed include how often the backup is performed, how often it is stored offsite, and how it is transported to storage, to an alternative processing site, or to support the resumption of normal operations. How often the backup is used is not relevant because it is hoped that it may never have to be used.

56. Which of the following is not totally possible from a security control viewpoint?

a. Detection

b. Prevention

c. Correction

d. Recovery

56. b. Prevention is totally impossible because of its high cost and technical limitations. Under these conditions, detection becomes more important, which could be cheaper than prevention; although, not all attacks can be detected in time. Both correction and recovery come after prevention or detection.

57. The return on investment on quality is highest in which of the following software defect prevention activities?

a. Code inspection

b. Reviews with users

~ 206 ~