Читаем CISSP Practice полностью

168. A fault-tolerant design feature for large distributed systems considers all the following except:

a. Using multiple components to duplicate functionality

b. Using duplicated systems in separate locations

c. Using modular components

d. Providing backup power supplies

168. d. A fault tolerant design should make a system resistant to failure and able to operate continuously. Many ways exist to develop fault tolerance in a system, including using two or more components to duplicate functionality, duplicating systems in separate locations, or using modular components in which failed components can be replaced with new ones. It does not include providing backup power supplies because it is a part of preventive maintenance, which should be used with fault tolerant design. Preventive maintenance measures reduce the likelihood of significant impairment to components.

169. The process of degaussing involves which of the following?

a. Retrieving all stored information

b. Storing all recorded information

c. Removing all recorded information

d. Archiving all recorded information

169. c. The purpose of degaussing is to remove all recorded information from a computer-recorded magnetic tape. It does this by demagnetizing (removing) the recording media, the tape, or the hard drive. After degaussing is done, the magnetic media is in a fully demagnetized state. However, degaussing cannot retrieve, store, or archive information.

170. An audit trail record should include sufficient information to trace a user’s actions and events. Which of the following information in the audit trail record helps the most to determine if the user was a masquerader or the actual person specified?

a. The user identification associated with the event

b. The date and time associated with the event

c. The program used to initiate the event

d. The command used to initiate the event

170. b. An audit trail should include sufficient information to establish what events occurred and who (or what) caused them. Date and timestamps can help determine if the user was a masquerader or the actual person specified. With date and time, one can determine whether a specific user worked on that day and at that time.

The other three choices are incorrect because the masquerader could be using a fake user identification (ID) number or calling for invalid and inappropriate programs and commands.

In general, an event record should specify when the event occurred, the user ID associated with the event, the program or command used to initiate the event, and the result.

171. Automated tools help in analyzing audit trail data. Which one of the following tools looks for anomalies in user or system behavior?

a. Trend analysis tools

b. Audit data reduction tools

c. Attack signature detection tools

d. Audit data-collection tools

171. a. Many types of tools have been developed to help reduce the amount of information contained in audit records, as well as to distill useful information from the raw data. Especially on larger systems, audit trail software can create large files, which can be extremely difficult to analyze manually. The use of automated tools is likely to be the difference between unused audit trail data and a robust program. Trend analysis and variance detection tools look for anomalies in user or system behavior.

Audit data reduction tools are preprocessors designed to reduce the volume of audit records to facilitate manual review. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups.

Attack signature detection tools look for an attack signature, which is a specific sequence of events indicative of an unauthorized access attempt. A simple example is repeated failed log-in attempts. Audit data-collection tools simply gather data for analysis later.

172. Regarding a patch management program, which of the following helps system administrators most in terms of monitoring and remediating IT resources?

1. Supported equipment

2. Supported applications software

3. Unsupported hardware

4. Unsupported operating systems

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4