Читаем CISSP Practice полностью

194. For major functions of intrusion detection and prevention system technologies, which of the following statements are true?

1. It is not possible to eliminate all false positives and false negatives.

2. Reducing false positives increases false negatives and vice versa.

3. Decreasing false negatives is always preferred.

4. More analysis is needed to differentiate false positives from false negatives.

a. 1 only

b. 2 only

c. 3 only

d. 1, 2, 3, and 4

194. d. Intrusion detection and prevention system (IDPS) technologies cannot provide completely accurate detection at all times. All four items are true statements. When an IDPS incorrectly identifies benign activity as being malicious, a false positive has occurred. When an IDPS fails to identify malicious activity, a false negative has occurred.

195. Which of the following authentication techniques is impossible to forge?

a. What the user knows

b. What the user has

c. What the user is

d. Where the user is

195. d. Passwords and PINs are often vulnerable to guessing, interception, or brute force attack. Devices such as access tokens and crypto-cards can be stolen. Biometrics can be vulnerable to interception and replay attacks. A location cannot be different than what it is. The techniques used in the other three choices are not foolproof. However, “where the user is” based on a geodetic location is foolproof because it cannot be spoofed or hijacked.

Geodetic location, as calculated from a location signature, adds a fourth and new dimension to user authentication and access control mechanisms. The signature is derived from the user’s location. It can be used to determine whether a user is attempting to log in from an approved location. If unauthorized activity is detected from an authorized location, it can facilitate finding the user responsible for that activity.

196. How does a rule-based access control mechanism work?

a. It is based on filtering rules.

b. It is based on identity rules.

c. It is based on access rules.

d. It is based on business rules.

196. c. A rule-based access control mechanism is based on specific rules relating to the nature of the subject and object. These specific rules are embedded in access rules. Filtering rules are specified in firewalls. Both identity and business rules are inapplicable here.

197. Which of the following is an example of a system integrity tool used in the technical security control category?

a. Auditing

b. Restore to secure state

c. Proof-of-wholeness

d. Intrusion detection tool

197. c. The proof-of-wholeness control is a system integrity tool that analyzes system integrity and irregularities and identifies exposures and potential threats. The proof-of-wholeness principle detects violations of security policies.

Auditing is a detective control, which enables monitoring and tracking of system abnormalities. “Restore to secure state” is a recovery control that enables a system to return to a state that is known to be secure, after a security breach occurs. Intrusion detection tools detect security breaches.

198. Individual accountability does not include which of the following?

a. Unique identifiers

b. Access rules

c. Audit trails

d. Policies and procedures

198. d. A basic tenet of IT security is that individuals must be accountable for their actions. If this is not followed and enforced, it is not possible to successfully prosecute those who intentionally damage or disrupt systems or to train those whose actions have unintended adverse effects.

The concept of individual accountability drives the need for many security safeguards, such as unique (user) identifiers, audit trails, and access authorization rules. Policies and procedures indicate what to accomplish and how to accomplish objectives. By themselves, they do not exact individual accountability.

199. From an access control viewpoint, which of the following is computed from a passphrase?

a. Access password

b. Personal password

c. Valid password

d. Virtual password

199.d. A virtual password is a password computed from a passphrase that meets the requirements of password storage (e.g., 56 bits for DES). A passphrase is a sequence of characters, longer than the acceptable length of a regular password, which is transformed by a password system into a virtual password of acceptable length.