a. Disabling
b. Auditing
c. Notifying
d. Terminating
52. b. All the accounts mentioned in the question can be disabled, notified, or terminated, but it is not effective. Auditing of account creation, modification, notification, disabling, and termination (i.e., the entire account cycle) is effective because it can identify anomalies in the account cycle process.
53. Regarding access enforcement, which of the following mechanisms should not be employed when an immediate response is necessary to ensure public and environmental safety?
a. Dual cable
b. Dual authorization
c. Dual use certificate
d. Dual backbone
53. b. Dual authorization mechanisms require two forms of approval to execute. The organization should not employ a dual authorization mechanism when an immediate response is necessary to ensure public and environmental safety because it could slow down the needed response. The other three choices are appropriate when an immediate response is necessary.
54. Which of the following is not an example of nondiscretionary access control?
a. Identity-based access control
b. Mandatory access control
c. Role-based access control
d. Temporal constraints
54. a. Nondiscretionary access control policies have rules that are not established at the discretion of the user. These controls can be changed only through administrative action and not by users. An identity-based access control (IBAC) decision grants or denies a request based on the presence of an entity on an access control list (ACL). IBAC and discretionary access control are considered equivalent and are not examples of nondiscretionary access controls.
The other three choices are examples of nondiscretionary access controls. Mandatory access control deals with rules, role-based access control deals with job titles and functions, and temporal constraints deal with time-based restrictions and control time-sensitive activities.
55. Encryption is used to reduce the probability of unauthorized disclosure and changes to information when a system is in which of the following secure, non-operable system states?
a. Troubleshooting
b. Offline for maintenance
c. Boot-up
d. Shutdown
55. b. Secure, non-operable system states are states in which the information system is not performing business-related processing. These states include offline for maintenance, troubleshooting, bootup, and shutdown. Offline data should be stored with encryption in a secure location. Removing information from online storage to offline storage eliminates the possibility of individuals gaining unauthorized access to that information via a network.
56. Bitmap objects and textual objects are part of which of the following security policy filters?
a. File type checking filters
b. Metadata content filters
c. Unstructured data filters
d. Hidden content filters
56. c. Unstructured data consists of two basic categories: bitmap objects (e.g., image, audio, and video files) and textual objects (e.g., e-mails and spreadsheets). Security policy filters include file type checking filters, dirty word filters, structured and unstructured data filters, metadata content filters, and hidden content filters.
57. Information flow control enforcement employing rulesets to restrict information system services provides:
1. Structured data filters
2. Metadata content filters
3. Packet filters
4. Message filters
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
57. c. Packet filters are based on header information whereas message filters are based on content using keyword searches. Both packet filters and message filters use rulesets. Structured data filters and metadata content filters do not use rulesets.
58. For information flow enforcement, what are explicit security attributes used to control?
a. Release of sensitive data
b. Data content
c. Data structure
d. Source objects
58. a. Information flow enforcement using explicit security attributes are used to control the release of certain types of information such as sensitive data. Data content, data structure, and source and destination objects are examples of implicit security attributes.
59. What do policy enforcement mechanisms, used to transfer information between different security domains prior to transfer, include?
1. Embedding rules
2. Release rules
3. Filtering rules
4. Sanitization rules
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
59. c. Policy enforcement mechanisms include the filtering and/or sanitization rules that are applied to information prior to transfer to a different security domain. Embedding rules and release rules do not handle information transfer.
60. Which of the following is not an example of policy rules for cross domain transfers?
a. Prohibiting more than two-levels of embedding
b. Facilitating policy decisions on source and destination
c. Prohibiting the transfer of archived information
d. Limiting embedded components within other components
60. b. Parsing transfer files facilitates policy decisions on source, destination, certificates, classification subject, or attachments. The other three choices are examples of policy rules for cross domain transfers.
61. Which of the following are the ways to reduce the range of potential malicious content when transferring information between different security domains?
1. Constrain file lengths
2. Constrain character sets
3. Constrain schemas
4. Constrain data structures
a. 1 and 3
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
61. d. The information system, when transferring information between different security domains, implements security policy filters that constrain file lengths, character sets, schemas, data structures, and allowed enumerations to reduce the range of potential malicious and/or unsanctioned content.
62. Which of the following cannot detect unsanctioned information and prohibit the transfer of such information between different security domains (i.e., domain-type enforcement)?
a. Implementing one-way flows
b. Checking information for malware
c. Implementing dirty word list searches