1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 225
Выбрать главу

b. Incident response procedures

c. Incident response standards

d. Incident response guidelines

199. a. The incident response policies are the foundation of the incident response program. They define which events are considered as incidents, establish the organizational structure for the incident response program, define roles and responsibilities, and list the requirements for reporting incidents.

200. All the following can increase an information system’s resilience except:

a. A system achieves a secure initial state.

b. A system reaches a secure failure state after failure.

c. A system’s recovery procedures take the system to a known secure state after failure.

d. All of a system’s identified vulnerabilities are fixed.

200. d. There are vulnerabilities in a system that cannot be fixed, those that have not yet been fixed, those that are not known, and those that are not practical to fix due to operational constraints. Therefore, a statement that “all of a system’s identified vulnerabilities are fixed” is not correct. The other three choices can increase a system’s resilience.

201. Media sanitization ensures which of the following?

a. Data integrity

b. Data confidentiality

c. Data availability

d. Data accountability

201. b. Media sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed. The other three choices are not relevant here.

202. Regarding media sanitization, degaussing is the same as:

a. Incinerating

b. Melting

c. Demagnetizing

d. Smelting

202. c. Degaussing reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. It is also called demagnetizing.

203. Regarding media sanitization, what is residual information remaining on storage media after clearing called?

a. Residue

b. Remanence

c. Leftover data

d. Leftover information

203. b. Remanence is residual information remaining on storage media after clearing. Choice (a) is incorrect because residue is data left in storage after information-processing operations are complete but before degaussing or overwriting (clearing) has taken place. Leftover data and leftover information are too general as terms to be of any use here.

204. What is the security goal of the media sanitization requiring an overwriting process?

a. To replace random data with written data.

b. To replace test data with written data.

c. To replace written data with random data.

d. To replace written data with statistical data.

204. c. The security goal of the overwriting process is to replace written data with random data. The process may include overwriting not only the logical storage of a file (for example, file allocation table) but also may include all addressable locations.

205. Which of the following protects the confidentiality of information against a laboratory attack?

a. Disposal

b. Clearing

c. Purging

d. Disinfecting

205. c. A laboratory attack is a data scavenging method through the aid of what could be precise or elaborate and powerful equipment. This attack involves using signal-processing equipment and specially trained personnel. Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack and renders the sanitized data unrecoverable. This is accomplished through the removal of obsolete data by erasure, by overwriting of storage, or by resetting registers.

The other three choices are incorrect. Disposal is the act of discarding media by giving up control in a manner short of destruction, and is not a strong protection. Clearing is the overwriting of classified information such that the media may be reused. Clearing media would not suffice for purging. Disinfecting is a process of removing malware within a file.

206. Computer fraud is increased when:

a. Employees are not trained.

b. Documentation is not available.

c. Audit trails are not available.

d. Employee performance appraisals are not given.

206. c. Audit trails indicate what actions are taken by the system. Because the system has adequate and clear audit trails deters fraud perpetrators due to fear of getting caught. For example, the fact that employees are trained, documentation is available, and employee performance appraisals are given (preventive measures) does not necessarily mean that employees act with due diligence at all times. Hence, the need for the availability of audit trails (detection measures) is very important because they provide a concrete evidence of actions and inactions.

207. Which of the following is not a prerequisite for system monitoring?

a. System logs and audit trails

b. Software patches and fixes

c. Exception reports

d. Security policies and procedures

207. c. Exception reports are the result of a system monitoring activity. Deviations from standards or policies will be shown in exception reports. The other three choices are needed before the monitoring process starts.

208. What is the selective termination of affected nonessential processing when a failure is detected in a computer system called?

a. Fail-safe

b. Fail-soft

c. Fail-over

d. Fail-under

208. b. The selective termination of affected nonessential processing when a failure is detected in a computer system is called fail-soft. The automatic termination and protection of programs when a failure is detected in a computer system is called a fail-safe. Fail-over means switching to a backup mechanism. Fail-under is a meaningless phrase.

209. What is an audit trail is an example of?

a. Recovery control

b. Corrective control

c. Preventive control

d. Detective control

209. d. Audit trails show an attacker’s actions after detection; hence they are an example of detective controls. Recovery controls facilitate the recovery of lost or damaged files. Corrective controls fix a problem or an error. Preventive controls do not detect or correct an error; they simply stop it if possible.

210. From a best security practices viewpoint, which of the following falls under the ounce-of-prevention category?

a. Patch and vulnerability management

b. Incident response

c. Symmetric cryptography

d. Key rollover

210. a. It has been said that “An ounce of prevention equals a pound of cure.” Patch and vulnerability management is the “ounce of prevention” compared to the “pound of cure” in the incident response, in that timely patches to software reduce the chances of computer incidents.

~ 225 ~