Читаем CISSP Practice полностью

a. Memory mapping

b. Multistate hardware

c. Multistate software

d. Multistate compiler

44. a. Memory mapping, which is manipulating memory-mapping registers, alone is not sufficient to meet the domain separation requirement but may be used to enhance hardware isolation. The other three choices are examples of good design considerations.

45. Enforcement of a system’s security policy does not imply which of the following?

a. Consistency

b. Efficiency

c. Reliability

d. Effectiveness

45. b. Assurance of trust requires enforcement of the system’s security policy. Enforcement implies consistency, reliability, and effectiveness. It does not imply efficiency because effectiveness is better than efficiency.

46. For a trusted computing base (TCB) to enforce the security policy, it must contain which of the following?

a. Single-layer and separate domain

b. Privileged user and privileged process

c. Tamperproof and uncompromisable

d. Trusted rule-base and trusted program

46. c. For a trusted computing base (TCB) to enforce the security policy, the TCB must be both tamperproof and uncompromisable. The other three choices are not strong.

47. In the trusted computing base (TCB) environment, resource isolation does not mean which of the following?

a. Containment of subjects and objects

b. Protection controls of the operating system

c. Imposition of mandatory access control

d. Auditing of subjects and objects

47. c. The trusted computing base (TCB) imposes discretionary access controls (DACs) and not mandatory access controls (MACs). The other three choices, along with discretionary access controls, provide resource isolation.

48. Which of the following can lead to a single point-of-failure?

a. Decentralized identity management

b. Universal description, discovery, and integration registry

c. Application programming interface

d. Web services description language

48. b. The universal description, discovery, and integration (UDDI) registry in Web services supports listing of multiple uniform resource identifiers (URIs) for each Web service. When one instance of a Web service has failed, requesters can use an alternative URI. Using UDDI to support failover causes the UDDI registry to become a single point-of-failure.

Centralized identity management, not decentralized identity management, is vulnerable to a single point-of-failure. Application programming interface (API) and Web services description language (WSDL) are not vulnerable to a single point-of-failure because API is defined as a subroutine library, and WSDL complements the UDDI standard.

49. Which of the following is most susceptible to a single point-of-failure?

a. Quarantine server

b. Proxy server

c. Centralized authentication server

d. Database server

49. c. A single sign-on (SSO) solution usually includes one or more centralized authentication servers containing authentication credentials for many users. Such a server becomes a single point-of-failure for authentication to many resources, so the availability of the server affects the availability of all the resources that they rely on the server for authentication services. Also, any compromise of the server can compromise authentication credentials for many resources. The servers in the other three choices do not contain authentication credentials.

50. Which of the following provides a centralized approach to enforcing identity and security management aspects of service-oriented architecture (SOA) implementation using Web services?

a. Unified modeling language (UML)

b. Extensible markup language (XML) gateways

c. Extended hypertext markup language (XHTML)

d. Extensible access control markup language (XACML)

50. b. Extensible markup language (XML) gateways are hardware- or software-based solutions for enforcing identity and security for SOA. An XML gateway is a dedicated application that enables a more centralized approach at the network perimeter.

The other three choices do not provide identity and security management features. UML simplifies the complex process of software design. XHTML is a unifying standard that brings the benefits of XML to those of HTML. XACML is a general-purpose language for specifying access control policies.