Читаем CISSP Practice полностью

Administrative controls include personnel practices, assignment of responsibilities, and supervision and are part of management controls. Operational controls are the day-to-day procedures and mechanisms used to protect operational systems and applications. Operational controls affect the system and application environment. Technical controls are hardware and software controls used to provide automated protection for the IT system or application. Technical controls operate within the technical system and applications.

126. A successful incident handling capability should serve which of the following?

a. Internal users only

b. All computer platforms

c. All business units

d. Both internal and external users

126. d. The focus of a computer security incident handling capability may be external as well as internal. An incident that affects an organization may also affect its trading partners, contractors, or clients. In addition, an organization’s computer security incident handling capability may help other organizations and, therefore, help protect the industry as a whole.

127. Which of the following encourages compliance with IT security policies?

a. Use

b. Results

c. Monitoring

d. Reporting

127. c. Monitoring encourages compliance with IT security policies. Results can be used to hold managers accountable for their information security responsibilities. Use for its own sake does not help here. Reporting comes after monitoring.

128. Who should measure the effectiveness of security-related controls in an organization?

a. Local security specialist

b. Business manager

c. Systems auditor

d. Central security manager

128. c. The effectiveness of security-related controls should be measured by a person fully independent of the information systems department. The systems auditor located within an internal audit department of an organization is the right party to perform such measurement.

129. Which of the following corrects faults and returns a system to operation in the event a system component fails?

a. Preventive maintenance

b. Remedial maintenance

c. Hardware maintenance

d. Software maintenance

129. b. Remedial maintenance corrects faults and returns the system to operation in the event of hardware or software component fails. Preventive maintenance is incorrect because it is done to keep hardware in good operating condition. Both hardware and software maintenance are included in the remedial maintenance.

130. Which of the following statements is not true about audit trails from a computer security viewpoint?

a. There is interdependency between audit trails and security policy.

b. If a user is impersonated, the audit trail establishes events and the identity of the user.

c. Audit trails can assist in contingency planning.

d. Audit trails can be used to identify breakdowns in logical access controls.

130. b. Audit trails have several benefits. They are tools often used to help hold users accountable for their actions. To be held accountable, the users must be known to the system (usually accomplished through the identification and authentication process). However, audit trails collect events and associate them with the perceived user (i.e., the user ID provided). If a user is impersonated, the audit trail establishes events but not the identity of the user.

It is true that there is interdependency between audit trails and security policy. Policy dictates who has authorized access to particular system resources. Therefore it specifies, directly or indirectly, what violations of policy should be identified through audit trails.

It is true that audit trails can assist in contingency planning by leaving a record of activities performed on the system or within a specific application. In the event of a technical malfunction, this log can be used to help reconstruct the state of the system (or specific files).

It is true that audit trails can be used to identify breakdowns in logical access controls. Logical access controls restrict the use of system resources to authorized users. Audit trails complement this activity by identifying breakdowns in logical access controls or verifying that access control restrictions are behaving as expected.

131. Which of the following is a policy-driven storage media?

a. Hierarchical storage management

b. Tape management

c. Direct access storage device

d. Optical disk platters