Читаем CISSP Practice полностью

131. a. Hierarchical storage management follows a policy-driven strategy in that the data is migrated from one storage medium to another, based on a set of rules, including how frequently the file is accessed. On the other hand, the management of tapes, direct access storage devices, and optical disks is based on schedules, which is an operational strategy.

132. In which of the following types of denial-of-service attacks does a host send many requests with a spoofed source address to a service on an intermediate host?

a. Reflector attack

b. Amplifier attack

c. Distributed attack

d. SYNflood attack

132. a. Because the intermediate host unwittingly performs the attack, that host is known as reflector. During a reflector attack, a denial-of-service (DoS) could occur to the host at the spoofed address, the reflector itself, or both hosts. The amplifier attack does not use a single intermediate host, like the reflector attack, but uses a whole network of intermediate hosts. The distributed attack coordinates attacks among several computers. A synchronous (SYN) flood attack is a stealth attack because the attacker spoofs the source address of the SYN packet, thus making it difficult to identify the perpetrator.

133. Sometimes a combination of controls works better than a single category of control, such as preventive, detective, or corrective. Which of the following is an example of a combination of controls?

a. Edit and limit checks, digital signatures, and access controls

b. Error reversals, automated error correction, and file recovery

c. Edit and limit checks, file recovery, and access controls

d. Edit and limit checks, reconciliation, and exception reports

133. c. Edit and limit checks are an example of preventive or detective control, file recovery is an example of corrective control, and access controls are an example of preventive control. A combination of controls is stronger than a single type of control.

Edit and limit checks, digital signatures, and access controls are incorrect because they are an example of a preventive control. Preventive controls keep undesirable events from occurring. In a computing environment, preventive controls are accomplished by implementing automated procedures to prohibit unauthorized system access and to force appropriate and consistent action by users.

Error reversals, automated error correction, and file recovery are incorrect because they are an example of a corrective control. Corrective controls cause or encourage a desirable event or corrective action to occur after an undesirable event has been detected. This type of control takes effect after the undesirable event has occurred and attempts to reverse the error or correct the mistake.

Edit and limit checks, reconciliation, and exception reports are incorrect because they are an example of a detective control. Detective controls identify errors or events that were not prevented and identify undesirable events after they have occurred. Detective controls should identify expected error types, as well as those that are not expected to occur.

134. What is an attack in which someone compels system users or administrators into revealing information that can be used to gain access to the system for personal gain called?

a. Social engineering

b. Electronic trashing

c. Electronic piggybacking

d. Electronic harassment

134. a. Social engineering involves getting system users or administrators to divulge information about computer systems, including passwords, or to reveal weaknesses in systems. Personal gain involves stealing data and subverting computer systems. Social engineering involves trickery or coercion.

Electronic trashing is incorrect because it involves accessing residual data after a file has been deleted. When a file is deleted, it does not actually delete the data but simply rewrites a header record. The data is still there for a skilled person to retrieve and benefit from.

Electronic piggybacking is incorrect because it involves gaining unauthorized access to a computer system via another user’s legitimate connection. Electronic harassment is incorrect because it involves sending threatening electronic-mail messages and slandering people on bulletin boards, news groups, and on the Internet. The other three choices do not involve trickery or coercion.