Читаем CISSP Practice полностью

96. a. Least functionality or minimal functionality means configuring an information system to provide only essential capabilities and specifically prohibiting or restricting the use of risky (by default) and unnecessary functions, ports, protocols, and/or services. However, it is sometimes convenient to provide multiple services from a single component of an information system, but doing so increases risk over limiting the services provided by any one component. Where feasible, IT organizations limit component functionality to a single function per device (e.g., e-mail server or Web server, not both). Because least functionality deals with system usability, it cannot support the defense-in-depth strategy (i.e., protecting from security breaches).

The concepts of layered protections, system partitioning, and line-of-defenses form a core part of security-in-depth or defense-in-depth strategy. By using multiple, overlapping protection mechanisms, the failure or circumvention of any individual protection approach will not leave the system unprotected. Through user training and awareness, well-crafted policies and procedures, and redundancy of protection mechanisms, layered protections enable effective protection of IT assets for the purpose of achieving its objectives. System partitioning means system components reside in separate physical domains. Managed interfaces restrict network access and information flow among partitioned system components. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems.

97. Most spyware detection and removal utility software specifically looks for which of the following?

a. Encrypted cookies

b. Session cookies

c. Persistent cookies

d. Tracking cookies

97. d. Information collected by tracking cookies is often sold to other parties and used to target advertisements and other directed content at the user. Most spyware detection and removal utility software specifically looks for tracking cookies on systems.

Encrypted cookies are incorrect because they protect the data from unauthorized access. Session cookies are incorrect because they are temporary cookies that are valid only for a single website session. Persistent cookies are incorrect because they are stored on a computer indefinitely so that a website can identify the user during subsequent visits.

98. A system is in a failure state when it is not in a:

1. Protection-state

2. Reachable-state

3. System-state

4. Initial-state

a. 1 or 2

b. 1 and 3

c. 3 and 4

d. 1, 2, 3, and 4

98. d. A system must be either in a protection-state or reachable-state. If not, the system is in a failure state. The protection state is a part of system-state, whereas the reachable-state is obtained from an initial-state.

99. A buffer overflow attack is an example of which of the following threat category that applies to systems on the Internet?

a. Browser-oriented

b. User-oriented

c. Server-oriented

d. Network-oriented

99. c. A buffer overflow attack is a (i) method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory, and (ii) condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit these methods and conditions through servers to crash a system or to insert specially crafted code that allows them to gain control of the system. Subtle changes introduced into the Web server can radically change the server’s behavior (for example, turning a trusted entity into a malicious one), the accuracy of the computation (for example, changing computational algorithms to yield incorrect results), or the confidentiality of the information (for example, disclosing collected information).

The other three choices are incorrect because they do not involve buffer overflow attacks. Web browser-oriented threats can launch attacks against Web browser components and technologies. Web-based applications often use tricks, such as hidden fields within a form, to provide continuity between transactions, which may provide an avenue of attack. Examples of user-oriented threats include social engineering. Examples of network-oriented threats include spoofing, masquerading, and eavesdropping attacks.

100. In general, which of the following is legal under reverse-engineering practices?