Читаем CISSP Practice полностью

91. The structured query language (SQL) server enables many users to access the same database simultaneously. Which of the following locks is held until the end of the transaction?

a. Exclusive lock

b. Page lock

c. Table lock

d. Read lock

91. a. It is critical to isolate transactions being done by various users to ensure that one user does not read another user’s uncommitted transactions. Exclusive locks are held until the end of the transaction and used only for data modification operations.

The SQL server locks either pages or entire tables, depending on the query plan for the transactions. Read locks are usually held only long enough to read the page and then are released. These are ways to prevent deadlocks when several users simultaneously request the same resource.

92. Which of the following is an example of the last line-of-defense?

a. Perimeter barriers

b. Property insurance

c. Separation of duties

d. Integrity verification software

92. b. Property insurance against natural or manmade disasters is an example of the last line-of-defense, whereas the other three choices are examples of the first line-of-defense mechanisms. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

93. Which of the following is an example of second line-of-defense?

a. System isolation techniques

b. Minimum security controls

c. Penetration testing

d. Split knowledge procedures

93. c. Penetration testing (e.g., blue team or red team testing) against circumventing the security features of a computer system is an example of the second line-of-defense.

The other three choices are examples of the first line-of-defense mechanisms. Penetration testing follows vulnerability scanning and network scanning, where the latter are first line-of-defenses. Penetration testing either proves or disproves the vulnerabilities identified in vulnerability/network scanning.

The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

94. Which of the following is an example of last line-of-defense?

a. Quality assurance

b. System administrators

c. Physical security controls

d. Employee bond coverage

94. d. Employee bond coverage is a form of insurance against dishonest behavior and actions and is an example of the last line-of-defense. The other three choices are examples of the first line-of-defense mechanisms. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems.

95. In a public cloud computing environment, which of the following provides server-side protection?

a. Encrypted network exchanges

b. Plug-ins and add-ons

c. Keystroke loggers

d. Virtual firewalls

95. d. Virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as the production system from the development system or the development system from other cloud-resident systems. Hardening of the operating system and applications should occur to produce virtual machine images for deployment. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities.

Plug-ins, add-ons, backdoor Trojan viruses, and keystroke loggers are examples of client-side risks or threats to be protected from. Encrypted network exchanges provide client-side protection.

96. Which of the following is not a core part of defense-in-depth strategy?

a. Least functionality

b. Layered protections

c. System partitioning

d. Line-of-defenses