Читаем CISSP Practice полностью

Network monitors can protect against spoofing. Quality assurance programs can improve quality in products and processes through upfront planning.

27. From a security viewpoint, which of the following acts like a first line-of-defense?

a. Remote server

b. Web server

c. Firewall

d. Secure shell program

27. c. A firewall can serve as a first line-of-defense but by no means can it offer a complete security solution. A combination of controls is needed to supplement the firewall’s protection mechanism.

The other three choices cannot act like a first line-of-defense. Both remote server and Web server are often the targets for an attacker. A secure shell program replaces the unsecure programs such as rlogin, rsh, rcp, Telnet, and rdist commands with a more secure version that adds authentication and encryption mechanisms to provide for greater security.

28. Normal information can be reliably sent through all the following ways except:

a. Increasing the bandwidth for a covert channel

b. Using error correcting code

c. Using a hamming code

d. Introducing page faults at random

28. a. Increasing the bandwidth can make a covert channel noisy as one of the goals is to reduce its bandwidth. Covert channels are not only difficult to find, but also difficult to block. Normal information cannot be reliably sent through covert channels.

The other three choices can send normal information reliably because they use an error correcting code (e.g., hamming code) or introducing page faults at random (i.e., modulating paging rates between 0 and 1).

29. Covert channel analysis is not meaningful for which of the following?

a. Cross-domain systems

b. Multilevel secure systems

c. Multilayer systems

d. Multiple security level systems

29. c. Multilayer systems are distributed systems requiring cooperating elements distributed physically and logically across the network layers. Covert channel analysis is not meaningful for distributed systems because they are not the usual targets for covert storage and timing channels.

The other three choices are good candidates for covert channel analysis and should be tested on all vendor-identified covert channel targets.

30. All the following are factors favoring acceptability of a covert channel except:

a. Floating label

b. Low bandwidth

c. Fixed label

d. Absence of application software

30. c. A fixed label contains a subject’s maximum security label, which dominates that of the floating label. Hence, a fixed label does not favor acceptability of a covert channel. The other three choices favor a covert channel.

31. From an information security viewpoint, a Security-in-Depth strategy means which of the following?

a. User training and awareness

b. Policies and procedures

c. Layered protections

d. Redundant equipment

31. c. By using multiple, overlapping protection approaches, the failure or circumvention of any individual protection approach does not leave the system unprotected. Through user training and awareness, well-crafted policies and procedures, and redundancy of protection mechanisms, layered protections enable effective security of IT assets to achieve an organization’s security objectives. The other three choices are part of the layered protections.

32. Time-to-exploitation metric can be used to determine the presence of which of the following?

a. Memory channel

b. Communications channel

c. Covert channel

d. Exploitable channel

32. c. Time-to-exploitation metric is measured as the elapsed time between when the vulnerability is discovered and the time it is exploited. Covert channels are usually exploitable. The other three choices are a part of the covert channel.

33. All the following are outside the scope of the Common Criteria (CC) except:

a. Evaluation scheme

b. Evaluation methodology

c. Evaluation base

d. Certification processes

33. c. The evaluation base, consisting of an assessment of a protection profile (PP), a security target (ST), or a target of evaluation (TOE) against defined criteria, is within the scope of the Common Criteria (CC).