Читаем CISSP Practice полностью

d. Assessing the effectiveness of reducing security incidents

146. a. The auditor’s objective is to determine the effectiveness of security-related controls. The auditor reviews documentation and tests security controls. The other three choices are the sole responsibilities of information systems security officers.

147. Which of the following security control techniques assists system administrators in protecting physical access of computer systems by intruders?

a. Access control lists

b. Host-based authentication

c. Centralized security administration

d. Keystroke monitoring

147. d. Keystroke monitoring is the process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. It is usually considered a special case of audit trails. Keystroke monitoring is conducted in an effort to protect systems and data from intruders who access the systems without authority or in excess of their assigned authority. Monitoring keystrokes typed by intruders can help administrators assess and repair any damage they may cause.

Access control lists refer to a register of users who have been given permission to use a particular system resource and the types of access they have been permitted. Host-based authentication grants access based upon the identity of the host originating the request, instead of the identity of the user making the request. Centralized security administration allows control over information because the ability to make changes resides with few individuals, as opposed to many in a decentralized environment. The other three choices do not protect computer systems from intruders, as does the keystroke monitoring.

148. Which of the following is not essential to ensure operational assurance of a computer system?

a. System audits

b. System changes

c. Policies and procedures

d. System monitoring

148. b. Security is not perfect when a system is implemented. Changes in the system or the environment can create new vulnerabilities. Strict adherence to procedures is rare over time, and procedures become outdated. Thinking risk is minimal, users may tend to bypass security measures and procedures. Operational assurance is the process of reviewing an operational system to see that security controls, both automated and manual, are functioning correctly and effectively.

To maintain operational assurance, organizations use three basic methods: system audits, policies and procedures, and system monitoring. A system audit is a one-time or periodic event to evaluate security. Monitoring refers to an ongoing activity that examines either the system or the users. In general, the more real time an activity is, the more it falls into the category of monitoring. Policies and procedures are the backbone for both auditing and monitoring.

System changes drive new requirements for changes. In response to various events such as user complaints, availability of new features and services, or the discovery of new threats and vulnerabilities, system managers and users modify the system and incorporate new features, new procedures, and software updates. System changes by themselves do not assure that controls are working properly.

149. What is an example of a security policy that can be legally monitored?

a. Keystroke monitoring

b. Electronic mail monitoring

c. Web browser monitoring

d. Password monitoring

149. d. Keystroke monitoring, e-mail monitoring, and Web browser monitoring are controversial and intrusive. These kinds of efforts could waste time and other resources due to their legal problems. On the other hand, examples of effective security policy statements include (i) passwords shall not be shared under any circumstances and (ii) password usage and composition will be monitored.

150. What is a common security problem?

a. Discarded storage media

b. Telephone wiretapping

c. Intelligence consultants

d. Electronic bugs

150. a. Here, the keyword is common, and it is relative. Discarded storage media, such as CDs/DVDs, paper documents, and reports, is a major and common problem in every organization. Telephone wiretapping and electronic bugs require expertise. Intelligent consultants gather a company’s proprietary data and business information and government trade strategies.

151. When controlling access to information, an audit log provides which of the following?

a. Review of security policy

b. Marking files for reporting

c. Identification of jobs run

d. Accountability for actions