Читаем CISSP Practice полностью

51. An extensible markup language (XML) gateway-based service-oriented architecture’s (SOA’s) security features do not contain which of the following?

a. Firewall

b. Public key infrastructure

c. Digital signature

d. Encryption

51. a. An XML gateway-based SOA’s security features include public key infrastructure (PKI), digital signatures, encryption, XML schema validation, antivirus, and pattern recognition. It does not contain a firewall feature; although, it operates like a firewall at the network perimeter.

52. The accountability security objective does not need which of the following security services?

a. Audit

b. Nonrepudiation

c. Access control enforcement

d. Transaction privacy

52. d. Transaction privacy is a security service that fulfills the confidentiality security objective. The other three choices fulfill the accountability security objective.

53. Which of the following security services is not common between the availability security objective and the assurance security objective?

a. Audit

b. Authorization

c. Access control enforcement

d. Proof-of-wholeness

53. a. Audit security service is needed for the assurance security objective but not to the availability security objective. The other three choices are common to availability and the assurance security objective.

54. Restricting the use of dynamic port allocation routines is a part of which of the following to secure multi-user and multiplatform environments?

a. Management controls

b. Technical controls

c. Physical controls

d. Procedural controls

54. b. Controlling the multi-user and multiplatforms requires technical controls such as restricting the use of dynamic port allocation routines. Technical controls are implemented through security mechanisms contained in the hardware, software, or firmware components of a system. Management controls deal with risk management, policies, directives, rules of behavior, accountability, and personnel security decisions. Physical controls and procedural controls are part of operational controls, which are day-to-day procedures, where they are implemented and executed by people, not by systems.

55. Which of the following refers to logical system isolation solutions to prevent security breaches?

1. Demilitarized zones

2. Screened subnet firewalls

3. Electronic mail gateways

4. Proxy servers

a. 1 and 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

55. a. System isolation means separating system modules or components from each other so that damage is eliminated or reduced. Layers of security services and mechanisms include demilitarized zones (DMZs) and screened subnet firewalls. E-mail gateways and proxy servers are examples of logical access perimeter security controls.

56. In which of the following security operating models is the minimum user clearance not cleared and the maximum data sensitivity not classified?

a. Dedicated security mode

b. Limited access mode

c. System high-security mode

d. Partitioned mode

56. b. Security policies define security modes. A security mode is a mode of operation in which management accredits a computer system to operate. One such mode is the limited access mode, in which the minimum user clearance is not cleared and the maximum data sensitivity is not classified but sensitive.

Dedicated security mode is incorrect. It is the mode of operation in which the system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.