1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 256
Выбрать главу

117. Which of the following is used by major software vendors to update software for their customers?

a. Pull technology

b. Push technology

c. Pull-push technology

d. Push-pull technology

117. b. For convenience, major vendors are offering software updates via secure channels using “push” technology. This technology automatically installs the update files at a scheduled time or upon user request. There is a trade-off here between convenience and security. An attacker can “spoof” a customer into accepting a Trojan horse masquerading as an update. Security technical staff should always review update files and patches before installing them. It is safe to download the update files and patches directly from the vendor’s website via a secure connection. The pull technology is used by customers to receive information from websites.

118. Changing firewall rulesets is a part of which of the following recovery actions for a computer security incident?

a. Restoring systems from clean backups

b. Replacing compromised files with clean versions

c. Employing higher levels of network monitoring

d. Tightening network perimeter security

118. d. In recovery from incidents, administrators restore systems to normal operation and harden systems to prevent similar incidents. Changing firewall rule sets is done to tighten network perimeter security. The other three choices are part of the recovery process.

119. Which of the following security techniques allow time for response by investigative authorities?

a. Deter

b. Detect

c. Delay

d. Deny

119. c. If a system perpetrator can be delayed longer while he is attacking a computer system, investigative authorities can trace his origins and location. The other three choices would not allow such a trap.

120. What is most of the evidence submitted in a computer crime case?

a. Corroborative evidence

b. Documentary evidence

c. Secondary evidence

d. Admissible evidence

120. b. Documentary evidence is created information such as letters, contracts, accounting records, invoices, and management information reports on performance and production.

The other three choices are incorrect. Corroborative evidence is additional evidence of a different character concerning the same point (e.g., interviews can be corroborated with gathering objective data). Secondary evidence is any evidence offered to prove the writing other than the writing itself (i.e., a copy of a writing or oral evidence of the writing), and is inferior to primary evidence (best evidence) and cannot be relied upon. Admissible evidence is evidence that is revealed to the triers of fact (judges and/or jurors) with express or implied permission to use it in deciding disputed issues of fact.

121. Which of the following is not a criminal activity in most jurisdictions?

a. Writing a computer virus program

b. Using a computer virus program

c. Releasing a computer virus program

d. Spreading a computer virus program

121. a. It is the intentions of the developer of a computer virus program that matters the most in deciding what constitutes a criminal activity. Simply writing a virus program is not a criminal activity. However, using, releasing, and spreading a virus with bad intentions of destroying computer resources are the basis for criminal activity.

122. After evidence is seized, a law enforcement officer should follow which of the following?

a. Chain of command

b. Chain of control

c. Chain of custody

d. Chain of communications

122. c. The chain of custody or the chain of evidence is a method of authenticating an object by the testimony of witnesses who can trace possession of the object from hand to hand and from the beginning to the end. Chain of custody is required when evidence is collected and handled so that there is no dispute about it.

The chain of command refers to relationships between a superior and a subordinate in a workplace setting. Both the chain of control and the chain of communications refer to all the participants involved in the control and communications hierarchy.

123. The concept of admissibility of evidence does not include which of the following?

a. Relevance

b. Competence

c. Materiality

d. Sufficiency

123. d. Laying a proper foundation for evidence is the practice or requirement of introducing evidence of things necessary to make further evidence relevant, material, or competent. Sufficiency in terms of supporting a finding is not part of the concept of admissibility of evidence.

Relevant evidence is evidence that had some logical tendency to prove or disprove a disputed consequential fact. Competent (reliable) evidence is evidence that satisfied all the rules of evidence except those dealing with relevance. Materiality (significant and substantive) evidence is the notion that evidence must be relevant to a fact that is in dispute between the parties.

124. When large volumes of writing are presented in court, which type of evidence is inapplicable?

a. Best evidence

b. Flowchart evidence

c. Magnetic tapes evidence

d. Demonstrative evidence

124. a. Best evidence is primary evidence, which is the most natural evidence. Best evidence gives the most satisfactory proof of the fact under investigation. It is confined to normal, small size (low volume) documents, records, and papers. Hence, the best evidence is inapplicable to large volumes of writing.

The other three choices are applicable to large volumes of writing. A recommendation for court cases with a large volume of evidence is to assemble a single exhibit book containing all documents, send copies to the defense and to the judge, and introduce it as a single exhibit in court. This saves time in court. Also, preparing a record of exhibits, the counts each is connected with, and the names of the witnesses who are to testify as to each item are part of the evidence. For example, submitting a system flowchart and magnetic tapes evidence is proper to the court. Demonstrative evidence or visual aids can be real things (such as charts and tables) or representation of real things (such as a photograph or blueprint).

125. Evidence is needed to do which of the following?

a. Charge a case

b. Classify a case

c. Make a case

d. Prove a case

125. d. Proper elements of proof and correct types of evidence are needed to prove a case. The other three choices come before proving a case.

126. What determines whether a computer crime has been committed?

a. When the crime is reported.

b. When a computer expert has completed his work.

c. When the allegation has been substantiated.

d. When the investigation is completed.

~ 256 ~