Читаем CISSP Practice полностью

110. d. Ensuring the security of Web services involves augmenting traditional security mechanisms with security frameworks based on use of authentication, authorization, confidentiality, and integrity mechanisms. This augmentation includes the use of XML encryption, XML gateways, and XML signature, which are countermeasures. It is always beneficial to implement defense-in-depth using XML gateways at the perimeter along with WS-Security or HTTPS for all internal Web services.

XML parsers are often the target attacks because they are the first portion of a Web service that processes input from other Web services. Poorly designed or configured XML parsers can be used to compromise the parser regardless of how secure the Web service is.

111. Which of the following are used to perform data inferences?

a. Memory and CPU channels

b. Exploitable and detectable channels

c. Storage and timing channels

d. Buffer and overt channels

111. c. Sensitive information can be inferred by correlating data on storage media or observing timing effects of certain operations. Storage and timing channels are part of covert channels, where an unauthorized communications path is used to transfer information in a manner that violates a security policy. An exploitable channel is usable or detectable by subjects external to the Trusted Computing Base (TCB). An overt channel is a path within a network designed for the authorized transfer of data. Memory, CPU, and buffer channels are distracters.

112. The Web service processing model securing simple object access control protocol (SOAP) messages and extensible markup language (XML) documents does not deal with which of the following?

a. Chain of auctioneers

b. Chain of providers

c. Chain of intermediaries

d. Chain of consumers

112. a. An electronic auction (e-auction) market taking place on the Internet deals with a chain of auctioneers, not in Web services.

The other three choices deal with the Web services. The Web service processing model requires the ability to secure simple object access protocol (SOAP) messages and extensible markup language (XML) documents as they are forwarded along potentially long and complex chains of consumer, provider, and intermediary services. The nature of Web services processing makes those services subject to unique attacks, as well as variations on familiar attacks targeting Web servers.

113. Which of the following is not a single point-of-failure?

a. Mesh topology

b. Star topology

c. Bus topology

d. Tree topology

113. a. A mesh topology is a network in which there are at least two nodes with two or more paths between them. If one path fails, the network reroutes traffic over an alternative path thus providing a high degree of fault tolerance mechanism. Thus, mesh topology is not vulnerable to a single point-of-failure.

The other three choices are subjected to a single point-of-failure. The single central hub in star and tree topology and the single cable in bus topology are vulnerable to a single point-of-failure.

114. Which of the following describes one process signaling information to another by modulating its own use of system resources in such a way that this manipulation affects the real response time observed by the second process?

a. A communication channel

b. A covert storage channel

c. A covert timing channel

d. An exploitable channel

114. c. The statement fits the description of a covert timing channel. A communication channel is the physical media and device that provides the means for transmitting information from one component of a network to other components. An exploitable channel is any channel usable or detectable by subjects external to the Trusted Computing Base (TCB).

115. Which of the following is not vulnerable to a single point-of-failure?

a. Internet

b. Converged network

c. Password synchronization

d. Domain name system server