1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 213
Выбрать главу

The other three choices are incorrect because they are part of technical documents. The subject matter for formal technical reviews includes requirements specifications, detailed design, and code and test specifications. The objectives of reviewing the technical documents are to verify that (i) the work reviewed is traceable to the requirements set forth by the predecessor’s tasks, (ii) the work is complete, (iii) the work has been completed to standards, and (iv) the work is correct.

101. Patch management is a part of which of the following?

a. Directive controls

b. Preventive controls

c. Detective controls

d. Corrective controls

101. d. Patch management is a part of corrective controls, as it fixes software problems and errors. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Preventive controls deter security incidents from happening in the first place. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented.

102. Locking-based attacks result in which of the following?

1. Denial-of-service

2. Degradation-of-service

3. Destruction-of-service

4. Distribution-of-service

a. 1 and 2

b. 1 and 3

c. 2 and 3

d. 3 and 4

102. a. Locking-based attack is used to hold a critical system locked most of the time, releasing it only briefly and occasionally. The result would be a slow running browser without stopping it: degradation-of-service. The degradation-of-service is a mild form of denial-of-service. Destruction of service and distribution of service are not relevant here.

103. Which of the following protects the information confidentiality against a robust keyboard attack?

a. Disposal

b. Clearing

c. Purging

d. Destroying

103. b. A keyboard attack is a data scavenging method using resources available to normal system users with the help of advanced software diagnostic tools. Clearing information is the level of media sanitization that protects the confidentiality of information against a robust keyboard attack. Clearing must be resistant to keystroke recovery attempts executed from standard input devices and from data scavenging tools.

The other three choices are incorrect. Disposal is the act of discarding media by giving up control in a manner short of destruction. Purging is removing obsolete data by erasure, by overwriting of storage, or by resetting registers. Destroying is ensuring that media cannot be reused as originally intended.

104. Which of the following is the correct sequence of activities involved in media sanitization?

1. Assess the risk to confidentiality.

2. Determine the future plans for the media.

3. Categorize the information to be disposed of.

4. Assess the nature of the medium on which it is recorded.

a. 1, 2, 3, and 4

b. 2, 3, 4, and 1

c. 3, 4, 1, and 2

d. 4, 3, 2, and 1

104. c. An information system user must first categorize the information to be disposed of, assess the nature of the medium on which it is recorded, assess the risk to confidentiality, and determine the future plans for the media.

105. All the following are examples of normal backup strategies except:

a. Ad hoc backup

b. Full backup

c. Incremental backup

d. Differential backup

105. a. Ad hoc means when needed and irregular. Ad hoc backup is not a well-thought-out strategy because there is no systematic way of backing up required data and programs. Full (normal) backup archives all selected files and marks each as having been backed up. Incremental backup archives only those files created or changed since the last normal backup and marks each file. Differential backup archives only those files that have been created or changed since the last normal backup. It does not mark the files as backed up. The backups mentioned in other three choices have a systematic procedure.

106. Regarding a patch management program, which of the following is not a method of patch remediation?

a. Developing a remediation plan

b. Installing software patches

c. Adjusting configuration settings

d. Removing affected software

106. a. Remediation is the act of correcting vulnerability or eliminating a threat. A remediation plan includes remediation of one or more threats or vulnerabilities facing an organization’s systems. The plan typically covers options to remove threats and vulnerabilities and priorities for performing the remediation.

Three types of remediation methods include installing a software patch, adjusting a configuration setting, and removing affected software. Removing affected software requires uninstalling a software application. The fact that a remediation plan is developed does not itself provide actual remediation work because actions provide remediation work not just plans on a paper.

107. For media sanitization, overwriting cannot be used for which of the following?

1. Damaged media

2. Nondamaged media

3. Rewriteable media

4. Nonrewriteable media

a. 1 only

b. 4 only

c. 1 or 4

d. 2 or 3

107. c. Overwriting cannot be used for media that are damaged or not rewriteable. The media type and size may also influence whether overwriting is a suitable sanitization method.

108. Regarding media sanitization, which of the following is the correct sequence of fully and physically destroying magnetic disks, such as hard drives?

1. Incinerate

2. Disintegrate

3. Pulverize

4. Shred

a. 4, 1, 2, and 3

b. 3, 4, 2, and 1

c. 1, 4, 3, and 2

d. 2, 4, 3, and 1

108. d. The correct sequence of fully and physically destroying magnetic disks such as hard drives (for example, advanced technology attachment (ATA) and serial ATA (SATA) hard drives), is disintegrate, shred, pulverize, and incinerate. This is the best recommended practice for both public and private sector organizations.

Disintegration is a method of sanitizing media and is the act of separating the equipment into component parts. Here, the disintegration step comes first to make the hard drive inoperable quickly. Shredding is a method of sanitizing media and is the act of cutting or tearing into small particles. Shredding cannot be the first step because it is not practical to do for many companies. Pulverization is a method of sanitizing media and is the act of grinding to a powder or dust. Incineration is a method of sanitizing media and is the act of burning completely to ashes done in a licensed incinerator.

~ 213 ~